From rforno at infowarrior.org Mon Dec 1 04:28:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Nov 2008 23:28:54 -0500 Subject: [Infowarrior] - Airbrushing History, American Style Message-ID: <73FA96BD-BD79-46FC-BB7D-30F8BA06D17B@infowarrior.org> Airbrushing History, American Style Scott Althaus and Kalev Leetaru University of Illinois Urbana-Champaign FOR IMMEDIATE RELEASE NOVEMBER 25, 2008 http://www.clinecenter.uiuc.edu/airbrushing_history/ Update: November 26, 2008: See UI News Bureau Press Release. KEY FINDINGS * There are at least five documents taking the form of White House press releases that detail the number and names of countries in the "Coalition of the Willing" that publicly supported the 2003 invasion of Iraq. At one time, all five of these documents were archived on the White House web site. * Today, only three of these five documents can still be accessed in the White House archives. One of the missing lists was removed from the White House web site at some point in late 2004, and the other was removed between late 2005 and early 2006. These two "missing" lists represent earlier and smaller lists of coalition members. * The text of three of these five documents was altered at some point after their initial release, even though in most cases the documents still retained their original release dates and were presented as unaltered originals. These alterations to the public record changed the apparent number of countries making up the coalition, as well as the names of countries in the coalition. Some of these alterations appear to have been made as long as two years after the document's purported release date. * Of the five documents, only two appear to have remained unaltered after the date of their initial release. These are the only two of the five that could be authentic originals. However, we find no evidence that either of these press releases was distributed broadly to the media through normal electronic channels. * Two versions of the coalition list dated March 27, 2003 can be currently accessed on the White House web site. Both claim that there were 49 countries in the coalition, but one lists only 48 by name, omitting Costa Rica. The revision history of this document shows that Costa Rica's name was removed retroactively at some point in late 2004, after the Costa Rican Supreme Court ruled that continued use of its name on the list was a violation of Costa Rica's constitution. * Taken together, these findings suggest a pattern of revision and removal from the public record that spans several years, from 2003 through at least 2005. Instead of issuing a series of revised lists with new dates, or maintaining an updated master list while preserving copies of the old ones, the White House removed original documents, altered them, and replaced them with backdated modifications that only appear to be originals. http://www.clinecenter.uiuc.edu/airbrushing_history/ From rforno at infowarrior.org Mon Dec 1 04:44:50 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Nov 2008 23:44:50 -0500 Subject: [Infowarrior] - =?windows-1252?q?You=92re_Leaving_a_Digital_Trail?= =?windows-1252?q?=2E_What_About_Privacy=3F?= Message-ID: <2C44DD4F-3C7B-4A02-AB1D-B89F273BBBCA@infowarrior.org> November 30, 2008 You?re Leaving a Digital Trail. What About Privacy? By JOHN MARKOFF http://www.nytimes.com/2008/11/30/business/30privacy.html?pagewanted=print HARRISON BROWN, an 18-year-old freshman majoring in mathematics at M.I.T., didn?t need to do complex calculations to figure out he liked this deal: in exchange for letting researchers track his every move, he receives a free smartphone. Now, when he dials another student, researchers know. When he sends an e-mail or text message, they also know. When he listens to music, they know the song. Every moment he has his Windows Mobile smartphone with him, they know where he is, and who?s nearby. Mr. Brown and about 100 other students living in Random Hall at M.I.T. have agreed to swap their privacy for smartphones that generate digital trails to be beamed to a central computer. Beyond individual actions, the devices capture a moving picture of the dorm?s social network. The students? data is but a bubble in a vast sea of digital information being recorded by an ever thicker web of sensors, from phones to GPS units to the tags in office ID badges, that capture our movements and interactions. Coupled with information already gathered from sources like Web surfing and credit cards, the data is the basis for an emerging field called collective intelligence. Propelled by new technologies and the Internet?s steady incursion into every nook and cranny of life, collective intelligence offers powerful capabilities, from improving the efficiency of advertising to giving community groups new ways to organize. But even its practitioners acknowledge that, if misused, collective intelligence tools could create an Orwellian future on a level Big Brother could only dream of. Collective intelligence could make it possible for insurance companies, for example, to use behavioral data to covertly identify people suffering from a particular disease and deny them insurance coverage. Similarly, the government or law enforcement agencies could identify members of a protest group by tracking social networks revealed by the new technology. ?There are so many uses for this technology ? from marketing to war fighting ? that I can?t imagine it not pervading our lives in just the next few years,? says Steve Steinberg, a computer scientist who works for an investment firm in New York. In a widely read Web posting, he argued that there were significant chances that it would be misused, ?This is one of the most significant technology trends I have seen in years; it may also be one of the most pernicious.? For the last 50 years, Americans have worried about the privacy of the individual in the computer age. But new technologies have become so powerful that protecting individual privacy may no longer be the only issue. Now, with the Internet, wireless sensors, and the capability to analyze an avalanche of data, a person?s profile can be drawn without monitoring him or her directly. ?Some have argued that with new technology there is a diminished expectation of privacy,? said Marc Rotenberg, executive director of the Electronic Privacy Information Center, a privacy rights group in Washington. ?But the opposite may also be true. New techniques may require us to expand our understanding of privacy and to address the impact that data collection has on groups of individuals and not simply a single person.? Mr. Brown, for one, isn?t concerned about losing his privacy. The M.I.T researchers have convinced him that they have gone to great lengths to protect any information generated by the experiment that would reveal his identity. Besides, he says, ?the way I see it, we all have Facebook pages, we all have e-mail and Web sites and blogs.? ?This is a drop in the bucket in terms of privacy,? he adds. GOOGLE and its vast farm of more than a million search engine servers spread around the globe remain the best example of the power and wealth-building potential of collective intelligence. Google?s fabled PageRank algorithm, which was originally responsible for the quality of Google?s search results, drew its precision from the inherent wisdom in the billions of individual Web links that people create. The company introduced a speech-recognition service in early November, initially for the Apple iPhone, that gains its accuracy in large part from a statistical model built from several trillion search terms that its users have entered in the last decade. In the future, Google will take advantage of spoken queries to predict even more accurately the questions its users will ask. And, a few weeks ago, Google deployed an early-warning service for spotting flu trends, based on search queries for flu-related symptoms. The success of Google, along with the rapid spread of the wireless Internet and sensors ? like location trackers in cellphones and GPS units in cars ? has touched off a race to cash in on collective intelligence technologies. In 2006, Sense Networks, based in New York, proved that there was a wealth of useful information hidden in a digital archive of GPS data generated by tens of thousands of taxi rides in San Francisco. It could see, for example, that people who worked in the city?s financial district would tend to go to work early when the market was booming, but later when it was down. It also noticed that middle-income people ? as determined by ZIP code data ? tended to order cabs more often just before market downturns. Sense has developed two applications, one for consumers to use on smartphones like the BlackBerry and the iPhone, and the other for companies interested in forecasting social trends and financial behavior. The consumer application, Citysense, identifies entertainment hot spots in a city. It connects information from Yelp and Google about nightclubs and music clubs with data generated by tracking locations of anonymous cellphone users. The second application, Macrosense, is intended to give businesses insight into human activities. It uses a vast database that merges GPS, Wi-Fi positioning, cell-tower triangulation, radio frequency identification chips and other sensors. ?There is a whole new set of metrics that no one has ever measured,? said Greg Skibiski, chief executive of Sense. ?We were able to look at people moving around stores? and other locations. Such travel patterns, coupled with data on incomes, can give retailers early insights into sales levels and who is shopping at competitors? stores. Alex Pentland, a professor at the Media Lab at the Massachusetts Institute of Technology who is leading the dormitory research project, was a co-founder of Sense Networks. He is part of a new generation of researchers who have relatively effortless access to data that in the past was either painstakingly assembled by hand or acquired from questionnaires or interviews that relied on the memories and honesty of the subjects. The Media Lab researchers have worked with Hitachi Data Systems, the Japanese technology company, to use some of the lab?s technologies to improve businesses? efficiency. For example, by equipping employees with sensor badges that generate the same kinds of data provided by the students? smartphones, the researchers determined that face-to- face communication was far more important to an organization?s work than was generally believed. Productivity improved 30 percent with an incremental increase in face- to-face communication, Dr. Pentland said. The results were so promising that Hitachi has established a consulting business that overhauls organizations via the researchers? techniques. Dr. Pentland calls his research ?reality mining? to differentiate it from an earlier generation of data mining conducted through more traditional methods. Dr. Pentland ?is the emperor of networked sensor research,? said Michael Macy, a sociologist at Cornell who studies communications networks and their role as social networks. People and organizations, he said, are increasingly choosing to interact with one another through digital means that record traces of those interactions. ?This allows scientists to study those interactions in ways that five years ago we never would have thought we could do,? he said. ONCE based on networked personal computers, collective intelligence systems are increasingly being created to leverage wireless networks of digital sensors and smartphones. In one application, groups of scientists and political and environmental activists are developing ?participatory sensing? networks. At the Center for Embedded Networked Sensing at the University of California, Los Angeles, for example, researchers are developing a Web service they call a Personal Environmental Impact Report to build a community map of air quality in Los Angeles. It is intended to let people assess how their activities affect the environment and to make decisions about their health. Users may decide to change their jogging route, or run at a different time of day, depending on air quality at the time. ?Our mantra is to make it possible to observe what was previously unobservable,? said Deborah Estrin, director of the center and a computer scientist at U.C.L.A. But Dr. Estrin said the project still faced a host of challenges, both with the accuracy of tiny sensors and with the researchers? ability to be certain that personal information remains private. She is skeptical about technical efforts to obscure the identity of individual contributors to databases of information collected by network sensors. Attempts to blur the identity of individuals have only a limited capability, she said. The researchers encrypt the data to protect against identifying particular people, but that has limits. ?Even though we are protecting the information, it is still subject to subpoena and subject to bullying bosses or spouses,? she said. She says that there may still be ways to protect privacy. ?I can imagine a system where the data will disappear,? she said. Already, activist groups have seized on the technology to improve the effectiveness of their organizing. A service called MobileActive helps nonprofit organizations around the world use mobile phones to harness the expertise and the energy of their participants, by sending out action alerts, for instance. Pachube (pronounced ?PATCH-bay?) is a Web service that lets people share real-time sensor data from anywhere in the world. With Pachube, one can combine and display sensor data, from the cost of energy in one location, to temperature and pollution monitoring, to data flowing from a buoy off the coast of Charleston, S.C., all creating an information-laden snapshot of the world. Such a complete and constantly updated picture will undoubtedly redefine traditional notions of privacy. DR. PENTLAND says there are ways to avoid surveillance-society pitfalls that lurk in the technology. For the commercial use of such information, he has proposed a set of principles derived from English common law to guarantee that people have ownership rights to data about their behavior. The idea revolves around three principles: that you have a right to possess your own data, that you control the data that is collected about you, and that you can destroy, remove or redeploy your data as you wish. At the same time, he argued that individual privacy rights must also be weighed against the public good. Citing the epidemic involving severe acute respiratory syndrome, or SARS, in recent years, he said technology would have helped health officials watch the movement of infected people as it happened, providing an opportunity to limit the spread of the disease. ?If I could have looked at the cellphone records, it could have been stopped that morning rather than a couple of weeks later,? he said. ?I?m sorry, that trumps minute concerns about privacy.? Indeed, some collective-intelligence researchers argue that strong concerns about privacy rights are a relatively recent phenomenon in human history. ?The new information tools symbolized by the Internet are radically changing the possibility of how we can organize large-scale human efforts,? said Thomas W. Malone, director of the M.I.T. Center for Collective Intelligence. ?For most of human history, people have lived in small tribes where everything they did was known by everyone they knew,? Dr. Malone said. ?In some sense we?re becoming a global village. Privacy may turn out to have become an anomaly.? From rforno at infowarrior.org Mon Dec 1 14:26:13 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Dec 2008 09:26:13 -0500 Subject: [Infowarrior] - Wired on Kaminsky DNS fix Message-ID: (big article) Secret Geek A-Team Hacks Back, Defends Worldwide Web http://www.wired.com/techbiz/people/magazine/16-12/ff_kaminsky?currentPage=all From rforno at infowarrior.org Mon Dec 1 14:38:01 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Dec 2008 09:38:01 -0500 Subject: [Infowarrior] - (Stupid) security advice from Apple Message-ID: <36CAC94F-4836-4034-A5B8-E00EF29B6003@infowarrior.org> While running multiple AVs across an enterprise (ie, one brand for servers, another for desktops) is a nice, though not fail-safe layered defense, the last time I checked, running multiple AV products on the same desktop system was considered "bad" given how they can false- positive each other and how much extra load that scanning places on the CPU. In my case, aside from a test lab for AV research, I never ran multiple AVs on Windows machines, and here's Apple's recommending it.[1] One could parse the vague Apple comment as advice to run "one of several" AV products - with the hopes if you're compromised by undetected malware on your current AV product, just buy a different product and maybe it'll detect it. Or, they're saying "go forth, buy, and install multiple AV products on the same system" and then sit back to hope one of 'em detects bad things. Either way it's goofy advice. --rf [1] Intego, moreso than Symantec, IMHO, is a first-rate FUD factory on Mac security and I view much of their breathlessly-sensational security-threat press statements with great scepticism. http://support.apple.com/kb/HT2550?viewlocale=en_US Mac OS: Antivirus utilities * Last Modified: November 21, 2008 * Article: HT2550 "Apple encourages the widespread use of multiple antivirus utilities so that virus programmers have more than one application to circumvent, thus making the whole virus writing process more difficult." http://support.apple.com/kb/HT2550?viewlocale=en_US From rforno at infowarrior.org Mon Dec 1 15:13:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Dec 2008 10:13:54 -0500 Subject: [Infowarrior] - Geek Humor: "Flay him with your earbuds!" Message-ID: <6E2756B9-CCA5-4F83-9354-37595C10364C@infowarrior.org> This is from last night's Simpsons episode parodying Apple Computer.....the first video is hysterical. The second one isn't *as* funny, but still amusing when Lisa meets Steve Mobs. http://murdeltas.wordpress.com/2008/12/01/the-simpsons-visit-the-mapple-store/ Enjoy it while it's still up on YouTube. :) -rf From rforno at infowarrior.org Mon Dec 1 15:18:23 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Dec 2008 10:18:23 -0500 Subject: [Infowarrior] - DOD wants to build ethical Terminators? Message-ID: <22814994-0A6A-4F6B-B3C3-F97C6C476FEA@infowarrior.org> Pentagon hires British scientist to help build robot soldiers that 'won't commit war crimes' The American military is planning to build robot soldiers that will not be able to commit war crimes like their human comrades in arms. By Tim Shipman in Washington Last Updated: 7:36AM GMT 01 Dec 2008 http://www.telegraph.co.uk/news/worldnews/northamerica/usa/3536943/Pentagon-hires-British-scientist-to-help-build-robot-soldiers-that-wont-commit-war-crimes.html American military is planning to build robot soldiers that will not be able to commit war crimes The US Army and Navy have both hired experts in the ethics of building machines to prevent the creation of an amoral Terminator-style killing machine that murders indiscriminately. By 2010 the US will have invested $4 billion in a research programme into "autonomous systems", the military jargon for robots, on the basis that they would not succumb to fear or the desire for vengeance that afflicts frontline soldiers. A British robotics expert has been recruited by the US Navy to advise them on building robots that do not violate the Geneva Conventions. Colin Allen, a scientific philosopher at Indiana University's has just published a book summarising his views entitled Moral Machines: Teaching Robots Right From Wrong. He told The Daily Telegraph: "The question they want answered is whether we can build automated weapons that would conform to the laws of war. Can we use ethical theory to help design these machines?" Pentagon chiefs are concerned by studies of combat stress in Iraq that show high proportions of frontline troops supporting torture and retribution against enemy combatants. Ronald Arkin, a computer scientist at Georgia Tech university, who is working on software for the US Army has written a report which concludes robots, while not "perfectly ethical in the battlefield" can "perform more ethically than human soldiers." He says that robots "do not need to protect themselves" and "they can be designed without emotions that cloud their judgment or result in anger and frustration with ongoing battlefield events". Airborne drones are already used in Iraq and Afghanistan to launch air strikes against militant targets and robotic vehicles are used to disable roadside bombs and other improvised explosive devices. Last month the US Army took delivery of a new robot built by an American subsidiary of the British defence company QinetiQ, which can fire everything from bean bags and pepper spray to high-explosive grenades and a 7.62mm machine gun. But this generation of robots are all remotely operated by humans. Researchers are now working on "soldier bots" which would be able to identify targets, weapons and distinguish between enemy forces like tanks or armed men and soft targets like ambulances or civilians. Their software would be embedded with rules of engagement conforming with the Geneva Conventions to tell the robot when to open fire. Dr Allen applauded the decision to tackle the ethical dilemmas at an early stage. "It's time we started thinking about the issues of how to take ethical theory and build it into the software that will ensure robots act correctly rather than wait until it's too late," he said. "We already have computers out there that are making decisions that affect people's lives but they do it in an ethically blind way. Computers decide on credit card approvals without any human involvement and we're seeing it in some situations regarding medical care for the elderly," a reference to hospitals in the US that use computer programmes to help decide which patients should not be resuscitated if they fall unconscious. Dr Allen said the US military wants fully autonomous robots because they currently use highly trained manpower to operate them. "The really expensive robots are under the most human control because they can't afford to lose them," he said. "It takes six people to operate a Predator drone round the clock. I know the Air Force has developed software, which they claim is to train Predator operators. But if the computer can train the human it could also ultimately fly the drone itself." Some are concerned that it will be impossible to devise robots that avoid mistakes, conjuring up visions of machines killing indiscriminately when they malfunction, like the robot in the film Robocop. Noel Sharkey, a computer scientist at Sheffield University, best known for his involvement with the cult television show Robot Wars, is the leading critic of the US plans. He says: "It sends a cold shiver down my spine. I have worked in artificial intelligence for decades, and the idea of a robot making decisions about human termination is terrifying." From rforno at infowarrior.org Mon Dec 1 17:09:02 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Dec 2008 12:09:02 -0500 Subject: [Infowarrior] - Pentagon Troops to Bolster Domestic Security Message-ID: <849E44FC-8DD1-41AC-99D6-EF13F35A95CD@infowarrior.org> Pentagon to Detail Troops to Bolster Domestic Security By Spencer S. Hsu and Ann Scott Tyson Washington Post Staff Writers Monday, December 1, 2008; A01 http://www.washingtonpost.com/wp-dyn/content/article/2008/11/30/AR2008113002217.html?hpid=moreheadlines The U.S. military expects to have 20,000 uniformed troops inside the United States by 2011 trained to help state and local officials respond to a nuclear terrorist attack or other domestic catastrophe, according to Pentagon officials. The long-planned shift in the Defense Department's role in homeland security was recently backed with funding and troop commitments after years of prodding by Congress and outside experts, defense analysts said. There are critics of the change, in the military and among civil liberties groups and libertarians who express concern that the new homeland emphasis threatens to strain the military and possibly undermine the Posse Comitatus Act, a 130-year-old federal law restricting the military's role in domestic law enforcement. < - > The Pentagon's plan calls for three rapid-reaction forces to be ready for emergency response by September 2011. The first 4,700-person unit, built around an active-duty combat brigade based at Fort Stewart, Ga., was available as of Oct. 1, said Gen. Victor E. Renuart Jr., commander of the U.S. Northern Command. If funding continues, two additional teams will join nearly 80 smaller National Guard and reserve units made up of about 6,000 troops in supporting local and state officials nationwide. All would be trained to respond to a domestic chemical, biological, radiological, nuclear, or high-yield explosive attack, or CBRNE event, as the military calls it. Military preparations for a domestic weapon-of-mass-destruction attack have been underway since at least 1996, when the Marine Corps activated a 350-member chemical and biological incident response force and later based it in Indian Head, Md., a Washington suburb. Such efforts accelerated after the Sept. 11 attacks, and at the time Iraq was invaded in 2003, a Pentagon joint task force drew on 3,000 civil support personnel across the United States. In 2005, a new Pentagon homeland defense strategy emphasized "preparing for multiple, simultaneous mass casualty incidents." National security threats were not limited to adversaries who seek to grind down U.S. combat forces abroad, McHale said, but also include those who "want to inflict such brutality on our society that we give up the fight," such as by detonating a nuclear bomb in a U.S. city. < - > http://www.washingtonpost.com/wp-dyn/content/article/2008/11/30/AR2008113002217.html?hpid=moreheadlines From rforno at infowarrior.org Mon Dec 1 17:18:51 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Dec 2008 12:18:51 -0500 Subject: [Infowarrior] - CNN Pitches a Cheaper Wire Service to Newspapers Message-ID: <019FA400-1F68-454E-BDF1-980472F7C94B@infowarrior.org> December 1, 2008 CNN Pitches a Cheaper Wire Service to Newspapers By TIM ARANGO and RICHARD P?REZ-PE?A http://www.nytimes.com/2008/12/01/business/media/01cnn.html?8dpc=&_r=1&pagewanted=print CNN, in the afterglow of an election season of record ratings for cable news, is elbowing in on a new line of business: catering to financially strained newspapers looking for an alternative to The Associated Press. For nearly a month, a trial version of CNN?s wire service has been on display in some newspapers. But this week editors from about 30 papers will visit Atlanta to hear CNN?s plans to broaden a service to provide coverage of big national and international events ? and maybe local ones ? on a smaller scale and at a lower cost than The A.P. ?The reality is we don?t have a lot of relationships with newspapers,? said Jim Walton, president of CNN Worldwide. ?We have relationships with TV stations around the world.? Mr. Walton said the meeting this week, which CNN has billed the ?CNN Newspaper Summit,? is ?kind of a get-to-know-you.? With its CNN Wire, the company is going up against the largest news- gathering operation in the world in The A.P., and it must convince editors that it can offer something that is well outside its broadcast expertise ? which may not be a tough task given the dire circumstances newspapers face. In addition, a number of newspapers are unhappy with the cost of The A.P., a nonprofit corporation that is owned by the 1,400 papers that are its members. Some newspapers have even given notice that they intend to leave The A.P. ?I?m very interested in hearing what they have to present,? said Benjamin J. Marrison, the editor of The Columbus Dispatch in Ohio, which is among the papers that have said they will drop The A.P. because of its cost. ?It has a lot of potential. We just need to understand it better.? ?Mainly, we?re going to listen to what it is they have to offer, and what their plans are for expanding their news-gathering operation,? Mr. Marrison added. ?They say they have more than 3,000 journalists worldwide, and that?s a formidable group, and we want to see how they intend to deploy those resources, how in tune they are with the needs of newspapers and their Web sites, and what kind of cooperative they intend to build.? The project has several implications for the news business. For CNN it amounts to another expansion of its operations at a time of severe cutbacks across the media industry, especially at newspapers, which are facing the wrenching circumstances of both a faltering economy and the continuing flight of advertising dollars out of print and onto the Internet. And for The Associated Press, it represents a competitive threat, while some client newspapers already are leaving the service because of financial pressure. (CNN Wire would also compete with other services, like Bloomberg News and Thomson Reuters.) On Nov. 20, Tom Curley, the president and chief executive of The A.P., spoke to employees in New York City and by Webcast to groups around the world ? a recording of which was heard by The New York Times ? about the state of its business. He outlined three main challenges: the economic downturn, the financial problems of newspapers, and what he described as customers becoming competitors, specifically CNN. Of those three challenges, he said he was most worried about the last one. ?On the competitive side, CNN volunteered to be the first, but any number of people could have pulled the trigger,? Mr. Curley told employees. ?They?re coming off a very strong election cycle, they have extra money and they?re going to do it because they can.? Mr. Walton, of CNN, says that the network already runs an internal wire service for its bureaus and CNN.com, and that taking it outside is a logical step. The breadth of the service that CNN will ultimately offer is unclear, and partly depends on the demands of newspapers. CNN Wire could offer columns written by some of its high-profile personalities, like Anderson Cooper. It also plans to offer text versions of its major investigative pieces for television. ?The CNN system is set up so we use content across all our networks and platforms,? Mr. Walton said. ?It?s not unusual for Anderson Cooper to appear online or on CNN International.? And local coverage could be in the offing. In August, CNN said it was dispatching journalists to 10 cities in the United States, but in a bare-bones fashion: the correspondents will be laptop- and camera- toting one-person bands, rather than workers in expensive bureaus. ?This is obviously a national wire service,? said Susan Goldberg, the editor of The Plain Dealer in Cleveland, which has already published some stories from CNN?s wire service. ?They?re not opening up shop here in Ohio necessarily. We would like to see them put out accurate, informative, entertaining news and information. We would also love to see them produce content that works really well on the Web. Shorter stories, because all of us are dealing with shrinking space in our print edition.? (An editor from The Plain Dealer will attend the CNN meetings.) A number of newspaper editors say the component of A.P. service that would be hardest to replace is still photography. CNN said it did not plan to offer photography but would offer streaming Web video for newspapers? sites. Mr. Walton declined to say how many journalists CNN was looking to hire, but job ads have been appearing online. One recent posting sought journalists to staff bureaus in Atlanta, Washington and Los Angeles. The help-wanted ad described the service like this: ?The CNN Wire is on CNN?s editorial front line, editing and vetting the work of correspondents and producers worldwide and doing original reporting for use across CNN?s networks and Web pages.? In an interview, Mr. Curley of The A.P. said that given the state of the news industry, ?we should rejoice that someone has millions of dollars to spend on breaking news.? ?Breaking news is very, very expensive and if they have the resources to spend on it, we welcome them to the game,? he added. But in his conference with employees, Mr. Curley suggested that the CNN wire service needed major improvement before it could play at The A.P.?s level. ?You really don?t want to put quotes up there that could end up on locker room walls,? Mr. Curley said, before doing just that. ?The current CNN wire, if you look at it truly is still, and remarkably, abysmally written,? he said. ?However, they?re interviewing A.P. people, we know, and that can be transformed. And if you have enough money and you have enough ego and enough desire, you can fix that in a hurry.? Last year CNN said it was dropping Reuters? wire service. The move saved the network more than $3 million annually, but it was not a cost- cutting decision, executives said. Instead, it was part of CNN?s strategy of relying less on outside media outlets for news coverage. In that vein, CNN plans to drop The A.P. for CNN.com in January. (CNN the television network will continue to use The A.P.) ?Look at the history of CNN,? Mr. Walton said. ?We launched as one network in 1980. Today CNN is more than just one network. We have a huge radio business. A huge online business. We?re about content.? ?We want to own more of our own content and reporting. We felt we had to look at our business as more than television,? he added. The Associated Press is more than 150 years old and is the world?s largest news-gathering operation, with more than 3,000 journalists in over 100 countries. ?I think the crucial question is whether CNN is going to try to really go head-to-head with The A.P., or offer something that?s a lot more selective,? said Jack Driscoll, the former editor of The Boston Globe and editor in residence at the M.I.T. Media Laboratory. ?Newspapers are hurting so much that they could be willing to get less for less.? In that case, Mr. Driscoll said, there is probably room for a new competitor. ?But if CNN is going to try to do something close to the range and quality of The Associated Press, that?s awfully hard to do, and it?s a huge financial undertaking.? Some newspapers that have long relied on The A.P. have said they would drop the service because of its cost, which varies ? The Columbus Dispatch, for example, paid more than $800,000 a year. Others, including The Star Tribune of Minneapolis and the Tribune Company, one of the largest newspaper chains, have also given notice that they plan to drop out of the service. The A.P., in response, announced in October that it would reduce prices, which will result in a cumulative savings of $30 million annually for its member newspapers. This stands in contrast to the current financial fortunes of CNN. In October, CNN said it was hiring nearly 30 people to staff a news hub in Abu Dhabi, and has made other international expansion moves. And Mr. Walton said the network was on track for its fifth consecutive year of double-digit profit growth, a first for CNN. ?One of the good things is that when you are profitable, you can reinvest,? Mr. Walton said. From rforno at infowarrior.org Mon Dec 1 17:40:14 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Dec 2008 12:40:14 -0500 Subject: [Infowarrior] - EU cybercrime alert system (+ backdoors?) Message-ID: <942B6583-DEDD-4C56-BD0F-16E8998C14B9@infowarrior.org> Note para 3 -- sounds very pie-in-the-sky to me, and certainly not very "doable" with a good degree of certainty and security. --rf Europe to get cybercrime alert system Posted by Nick Heath http://news.cnet.com/8301-1009_3-10110133-83.html?part=rss&subj=news&tag=2547-1_3-0-20 Europe is getting a cybercrime alert system as part of a European Union drive to fight online criminals. According to plans, European law enforcement body Europol will receive 300,000 euros ($386,430) to build an alert system that pools reports of cybercrime, such as online identification and financial theft, from across the 27 member states. Police will launch more remote searches of suspects' hard drives over the Internet, as well as cyberpatrols to spot and track illegal activity, under the strategy adopted by the European Union's council of ministers Thursday. The strategy, a blueprint for fighting cybercrime in the EU over the next five years, also introduces measures to encourage businesses and police to share information on investigations and cybercrime trends. "The strategy encourages the much-needed operational cooperation and information exchange between the member states," said Jacques Barrot, vice president of the European Commission. "If the strategy is to make the fight against cybercrime more efficient, all stakeholders have to be fully committed to its implementation. We are ready to support them, also financially, in their efforts." Plans for the EU alert system follow the recent establishments of the Police Central E-crime Unit and National Fraud Strategic Authority, which aim to fight cybercrime in the United Kingdom. Nick Heath of Silicon.com reported from London. From rforno at infowarrior.org Mon Dec 1 19:19:37 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 1 Dec 2008 14:19:37 -0500 Subject: [Infowarrior] - It's 'official' -- NBER says we're in a recession Message-ID: (this is the group of economists that declares "official" recessions for the history books.....--rf) Panel says US has been in recession since Dec. '07 Dec 1 02:32 PM US/Eastern By MARTIN CRUTSINGER AP Economics Writer http://www.breitbart.com/print.php?id=D94Q2TJO0&show_article=1 WASHINGTON (AP) - The U.S. economy has been in a recession since December 2007, the National Bureau of Economic Research said Monday. The NBER?a private, nonprofit research organization?said its group of academic economists who determine business cycles met and decided that the U.S. recession began last December. By one benchmark, a recession occurs whenever the gross domestic product, the total output of goods and services, declines for two consecutive quarters. The GDP turned negative in the July-September quarter of this year, and many economists believe it is falling in the current quarter at an even sharper rate. But the NBER's dating committee uses broader and more precise measures, including employment data. In a news release, the group said its cycle dating committee held a telephone conference call on Friday and made the determination on when the recession began. The White House commented on the news that a second downturn has officially begun on President George W. Bush's watch without ever actually using the word "recession," a term the president and his aides have repeatedly avoided. Instead, spokesman Tony Fratto remarked upon the fact that NBER "determines the start and end dates of business cycles." "What's important is what is being done about it," Fratto said. "The most important things we can do for the economy right now are to return the financial and credit markets to normal, and to continue to make progress in housing, and that's where we'll continue to focus." Many economists believe the current downturn will last well into 2009, and will be the most severe slump since the 1981-82 recession. The country is being battered by the most severe financial crisis since the 1930s as banks struggle to deal with billions of dollars in loan losses. The Bush administration won approval from Congress on Oct. 3 for a $700 billion rescue package for the financial system. Bush said in an interview with ABC's "World News" to be aired Monday that he would support additional intervention if necessary to end the recession. "I'm sorry it's happening, of course," Bush said, referring to a global financial crisis that has eliminated millions of jobs and damaged retirement accounts. Both Federal Reserve Chairman Ben Bernanke and Treasury Secretary Henry Paulson were scheduled to give speeches Monday providing an update on how the government's rescue efforts are working to deal with the economic distress. Two new reports on the economy provided a grim snapshot of how steep the slump is becoming. The Commerce Department reported Monday that construction spending fell by a larger-than-expected 1.2 percent in October, while the Institute for Supply Management said its gauge of manufacturing activity dropped to a 26-year low in November. The GDP contracted by 0.2 percent at an annual rate in the fourth quarter of 2007, but that that drop was followed growth in the first two quarters of this year, partially boosted by the distribution of millions of economic stimulus payments. However, employment, one of the measurements tracked by the NBER, has been falling since January. The NBER decision means that the economic expansion lasted from November 2001 until December 2007. Economic expansions peak and recessions begin in the same month, according to the NBER's dating methods. Founded in 1920, the NBER has more than 1,000 university professors and researchers who act as bureau associates, studying how the economy works. The decision on the recession means that during the eight years that Bush has been in office, the country has seen two recessions. The first downturn lasted from March 2001 until November of that year. Copyright 2008 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Tue Dec 2 13:29:36 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 2 Dec 2008 08:29:36 -0500 Subject: [Infowarrior] - Satellite Imagery and the Spectacle of Secret Spaces Message-ID: Satellite Imagery and the Spectacle of Secret Spaces Chris Perkins and Martin Dodge Geography, School of Environment and Development University of Manchester Abstract This paper documents and assesses emerging efforts to resist and subvert deep-seated and long-held governmental secrecy over geographical spaces of military/security activities and other sites deemed sensitive by the state. It explores tensions in new web-served mapping and high-resolution imagery of these sites, which view them though ?pin holes? of publicly available data. These ?counter- mappings? focus attention on the significance of sites that are either buried unnoticed in seamless global image coverage, or else censored on official mapping. Some reveal a strongly anti-hegemonic and oppositional discourse, others a more playful set of cultural practices. We situate these newly witnessed secret sites in contemporary visual culture, exploring the spectacular and Debordian possibilities of resistance that they offer, and evaluate the significance and ironies of these diverse imaging practices. http://personalpages.manchester.ac.uk/staff/m.dodge/spectacle_of_secret_spaces.pdf From rforno at infowarrior.org Wed Dec 3 03:50:19 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 2 Dec 2008 22:50:19 -0500 Subject: [Infowarrior] - Now crime gadget can annoy us all Message-ID: <82825797-7A6D-45CA-ADD3-A86FD911C709@infowarrior.org> Now crime gadget can annoy us all By Sarah Campbell BBC Education and Social Policy Correspondent A device designed to move on would-be criminals has been updated so as not to discriminate against the young. But it is still being criticised by civil liberty campaigners. The Mosquito emits a high-pitched sound and has been designed for use in potential crime hotspots such as subways and underground car parks. The idea is that the noise it produces is so annoying that criminals will not want to hang around. The Mosquito Mark 4 is a new version of the original Mosquito launched in 2005 - which was criticised for targeting only young people. 'Unwanted youths' That version emitted a noise at such a high frequency that it was usually only audible to those under the age of 25. Over 3,000 have been sold for use in the UK. Many have been placed outside shops, fast-food outlets and transport hubs - places where owners feel groups of unwanted youths are gathering. However, their use has led to a national campaign - backed by the Children's Commissioner, the National Youth Agency and Liberty - calling for them to be banned. They argue that even if the devices cause no damage to hearing they are an unfair attack on young people's human rights. The makers, Compound Security Systems, have come up with a solution - a Mosquito which is annoying whatever people's age. The new Mark 4 has an additional setting which allows the user to lower the frequency enabling the sound to be heard by people of any age. The sound is emitted at 100 decibels - according to its inventor Howard Stapleton, it does not have to be loud to move people on. He said: "It is quieter than a child playing the violin. What makes it appear loud is the fact that it is going on and off four times a second. That's what makes it very annoying." 'Buzz off' campaign The new Mosquito, which went on sale last month, has already been selling well abroad. According to the company, a major chain of hotels in Canada sees them as a way to keep homeless people out of their car parks. In the UK, it is understood that one police force is about to start testing its Mosquito in an underpass favoured by muggers. A national car park chain is also said to be interested in trying the device out. The "Buzz Off" campaign targeting the "anti-teen" device continues, with several councils in the UK banning its use. There are now calls for the authorities to look at regulating against the new version. Shami Chakrabati, Director of human rights group Liberty, said: "I think we need urgent research and regulation by the authorities. It's not going to stop determined criminals. "It could cause damage to the rest of us and certainly make our lives a bit of a misery." There is currently no specific legislation against the Mosquito. According to the Local Government Association there are a number of ways currently being used to disperse potentially anti-social groups including talking CCTV and playing music. A spokesman told the BBC: "So called 'Mosquito' deterrents could break the law but only if they're deemed to be causing a nuisance. "If a council thinks there is a nuisance, either because they've received a complaint, or have detected it themselves, they have a duty under nuisance laws to investigate it." On sale for less than ?500, the sound of the new Mosquito has the potential to become annoyingly familiar - whatever your age. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/uk_news/7759818.stm Published: 2008/12/02 08:00:40 GMT ? BBC MMVIII From rforno at infowarrior.org Wed Dec 3 14:02:14 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Dec 2008 09:02:14 -0500 Subject: [Infowarrior] - Empire State Building "stolen" Message-ID: (Excellent reminder of what passes as 'legitimate' document controls these days.......rf) It took 90 minutes for Daily News to 'steal' the Empire State Building BY WILLIAM SHERMAN DAILY NEWS STAFF WRITER Tuesday, December 2nd 2008, 10:46 PM http://www.nydailynews.com/money/2008/12/02/2008-12-02_it_took_90_minutes_for_daily_news_to_ste.html?print=1&page=all In one of the biggest heists in American history, the Daily News "stole" the $2 billion Empire State Building. And it wasn't that hard. The News swiped the 102-story Art Deco skyscraper by drawing up a batch of bogus documents, making a fake notary stamp and filing paperwork with the city to transfer the deed to the property. Some of the information was laughable: Original "King Kong" star Fay Wray is listed as a witness and the notary shared a name with bank robber Willie Sutton. The massive ripoff illustrates a gaping loophole in the city's system for recording deeds, mortgages and other transactions. The loophole: The system - run by the office of the city register - doesn't require clerks to verify the information. Less than 90 minutes after the bogus documents were submitted on Monday, the agency rubber-stamped the transfer from Empire State Land Associates to Nelots Properties LLC. Nelots is "stolen" spelled backward. (The News returned the property Tuesday.) "Crooks go where the money is. That's why Willie Sutton robbed banks, and this is the new bank robbery," said Brooklyn Assistant District Attorney Richard Farrell, who is prosecuting several deed fraud cases. Of course, stealing the Empire State Building wouldn't go unnoticed for long, but it shows how easy it is for con artists to swipe more modest buildings right out from under their owners. Armed with a fraudulent deed, they can take out big mortgages and disappear, leaving a mess for property owners, banks and bureaucrats. "Once you have the deed, it's easy to obtain a mortgage," Farrell said. Many crooks have done just that: - Asia Smith stole her 88-year-old grandmother's house in Springfield Gardens, Queens, pocketing $445,000 in mortgages she took out. "Her grandmother raised her," said Queens Assistant District Attorney Kristen Kane. Smith, 22, was arrested last December and is serving a one-year jail term for fraud. - A man posing as someone who had been dead for 19 years deeded the dead man's property to himself. He then sold it to the scheme's mastermind, who took out a $533,000 mortgage and vanished with the cash. - Toma Dushevic managed to steal seven dilapidated city-owned buildings in Brooklyn 10 years ago. He got renovation permits, fixed up one of the buildings, and rented out apartments. He sold another building for $250,000 and ran his scam for nearly two years until he was caught. Dushevic returned the buildings and did 18 months behind bars. The FBI says financial institutions filed 31% more Suspicious Activity Reports involving mortgage fraud last year than in 2006. Nationwide, lenders' losses totaled $813 million, and New York was one of the top 10 mortgage fraud states. In the city, deeds accepted by the register's office are recorded on that agency's Web site, where they are easily viewed and are the basis for mortgage transactions. The News investigation disclosed that mortgage brokers, representatives of title companies, lending banks, lawyers and others in the mortgage process often failed to verify identification and other information provided by the thieves. Unlike the city employees, the brokers and others should check mortgagors' information, their professional trade associations say. In one Queens deed fraud case, a mortgage broker and title company representative are accused of taking part in the scam. They are charged with helping obtain $1.4 million in mortgages from two of the biggest banks in the city on behalf of the scammer, who has vanished. In all cases The News reviewed, the city register's office accepted and recorded the fraudulent mortgages. Unlike the thieves, The News did not obtain a mortgage on the Empire State Building. Instead, The News returned the property to its rightful owners Tuesday - less than 24 hours after the fake deed was filed. The News also is withholding key details of how the scam works. Real thieves get the mortgage cash, ripping off banks and leaving the properties' owners with mortgage debt and ruined credit. "Mortgages stay with properties," Farrell explained. When the victims don't pay the mortgages they didn't take out, lending banks foreclose on the properties. A major tool thieves use is the notary stamp on documents, one item city employees check. "They don't check to see if it's real, but they do check to see if it's there," said a lawyer familiar with the system. The stamps are easy to get and cost about $30. National mortgage broker and title company trade associations said their members try to verify identification but can be fooled by clever hustlers. "We know you can forge driver's licenses," said Marc Savitt, president of the National Association of Mortgage Brokers. "Every time the industry finds out measures to stop fraud, the thieves always get one up on us." Anne Anastasi, a member of the board of governors of the American Land Title Association, said, "There are people who are very good at this and it's hard to stop." wsherman at nydailynews.com From rforno at infowarrior.org Wed Dec 3 15:30:26 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Dec 2008 10:30:26 -0500 Subject: [Infowarrior] - Apple: We're Not Lying, but Don't Believe Our Ads Message-ID: <7C6E924E-79E5-4D3B-8CB7-963714E7CC25@infowarrior.org> Apple: Our Ads Don't Lie, But You're a Fool if You Believe Them By Brian X. Chen EmailDecember 02, 2008 | 3:25:46 PMCategories: Apple, iPhone http://blog.wired.com/gadgets/2008/12/apple-says-cust.html Apple doesn't want you to believe what it says, even though the company claims it's not lying. That's the gist of the Cupertino company's legal response to a lawsuit regarding allegedly misleading advertising for the iPhone 3G. The corporation's nine-page legal document [.pdf] is an answer to a complaint filed by William Gillis, a 70-year-old San Diego resident who alleges that Apple falsely advertised the iPhone 3G by calling it "twice as fast for half the price" compared with the original handset. Some parts of Apple's 32-point rebuttal say that the company was being truthful. But one paragraph says, in effect, that anyone who believes what the company says in its ads is a fool. "Plaintiff's claims, and those of the purported class, are barred by the fact that the alleged deceptive statements were such that no reasonable person in Plaintiff's position could have reasonably relied on or misunderstood Apple's statements as claims of fact," Apple said in its answer. Gillis was one of several dissatisfied iPhone 3G customers who recently filed lawsuits alleging Apple falsely advertised the handset's performance. The lawsuits stem from widespread frustration over the popular smartphone; the complaints vary from frequently dropped calls to sluggish broadband speeds and the inability to stay on 3G before it switches to the slower EDGE network. Apple has already moved to dismiss some of the iPhone 3G lawsuits filed, but Gillis's remains alive and kicking. Michael Ian Rott, Gillis's attorney, said that out of the five iPhone 3G lawsuits filed, he thinks his client's is the most likely to succeed. "Ours has the most teeth and the most legs to it," Rott said. "If there was any way that Apple could get out of it, they would have filed a motion to dismiss here, too. Their M.O. has been, 'File motion to dismiss and let's get out of here,' but they haven't done that with ours." In the past, Apple acknowledged the iPhone 3G's network issues and promised the problems would be addressed with future software updates. Consumers are reporting that the most recent firmware version -- iPhone 2.2 -- appears to be mitigating the issue of frequent dropped calls. However, many still complain about reception problems. "I keep waiting and hoping for a fix," wrote iPhone customer "BarJohnG," in Apple's support forums. "So far the reception is still lousy. I can't believe that Apple is not fixing this issue but merely trying to mask it and keep the customer confused by showing more bars than there is signal. When you look at the logs it is shocking the number of crashes and problems with the phone and OS." Though Apple is continuing to hold its ground in U.S. courts, the corporation hasn't been so lucky in the U.K. The U.K. Advertising Standards Authority banned two iPhone 3G advertisements, deeming them misleading for exaggerating the speeds and internet capabilities of the handset. From rforno at infowarrior.org Wed Dec 3 20:28:08 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Dec 2008 15:28:08 -0500 Subject: [Infowarrior] - Coalition Drawing Up Nationwide Broadband Access Strategy Message-ID: <18FD908B-4ACF-4714-A7C5-E612D34DB342@infowarrior.org> New Coalition Drawing Up Nationwide Broadband Access Strategy By Cecilia Kang Washington Post Staff Writer Wednesday, December 3, 2008; D03 http://www.washingtonpost.com/wp-dyn/content/article/2008/12/02/AR2008120203164_pf.html President-elect Barack Obama has said getting affordable high-speed Internet service to every American home would create jobs, fuel economic growth and spark innovation. Yesterday, representatives from technology and telecommunications companies, labor unions and public interest groups frequently at odds with one another agreed to provide the next president with a roadmap for how to accomplish those goals. That map could include tax breaks, low-interest loans, subsidies and public-private partnerships to encourage more investments in upgrading and building out high-speed networks, representatives from Google, AT&T and public interest group Free Press said during a panel discussion on broadband policy that also served as a coming-out party for their newly formed coalition. The details of how to meet those goals still must be worked out by the group, whose aim is to bring more affordable high-speed Internet access to every consumer. Many of the group members have been at odds with each other on whether the government should set limits on how much spectrum a company can hold, the use of unlicensed devices on fallow broadcast airwaves and net neutrality -- the notion that network operators should be prevented from blocking or slowing Internet traffic. The formation of the group is an effort to move beyond their differences. "The coalition is a positive in that it demonstrates we agree that we have a broadband problem, which not everyone was willing to admit to two years ago," said Ben Scott, policy director at Free Press and a member of the group. "The key is whether we'll see this group produce policy solutions that will require difficult choices." At stake is the nation's ability to compete technologically and economically, the group said. The United States has dropped from the top 10 nations for broadband access, speeds and price in the last several years. The coalition is pushing for a federal plan that would provide access to high-speed Internet service, much as the government did with electricity, roads and phone service. Obama famously used the Internet for outreach during his campaign and received 370,000 donations online. He's proposed using blogs, social networking tools and community Web pages known as wikis to connect citizens to government agencies. And Obama has argued for massive upgrades to technology infrastructure such as high-speed, or broadband, Internet. So far the coalition's plans to increase broadband usage mirrors Obama's plan, but there could be disagreement over deployment, analysts said. Communications Workers of America President Larry Cohen said the union supports a proposal by Sen. John D. Rockefeller IV (D-W.Va.) to increase definitions for broadband to 10 megabits per second for downloads by 2010. The current definition for broadband speed in the United States is 768 kilobits per second downstream, which is far below standards in many other nations. Achieving that goal at prices acceptable to consumers, however, would be expensive for telecom and cable network operators. Some in the coalition could push for laws that would achieve lower prices and higher speeds through more wireless and telecom competitors, but that could cause further disagreement among members, Scott said. Some have already suggested requesting funds from the federal economic stimulus plan for broadband deployment. Yesterday, an aide to House Speaker Nancy Pelosi (D-Calif.) said Pelosi was in favor of that idea. AT&T chief lobbyist Jim Cicconi said the company has moved closer to the view of public interest groups and Google that the Web should be open for all users without discrimination of technology and content on their network. But unlike Free Press and consumer groups, AT&T opposes new laws or rules on net neutrality, saying Federal Communications Commission rules are sufficient, and any violation should be handled on a case-by-case basis. "There will be significant outstanding debates that will be very tough and there will still be daylight between the groups on many, many issues," said Rebecca Arbogast, an analyst at investment firm Stifel Nicolaus. "But both sides are in a phase right now where they are emphasizing how much they share in terms of their views on what is an appropriate framework for looking at this issue." From rforno at infowarrior.org Wed Dec 3 21:08:56 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 3 Dec 2008 16:08:56 -0500 Subject: [Infowarrior] - The Day The Web Went Dead Message-ID: The Day The Web Went Dead Scott Woolley , 12.02.08, 6:00 AM ET http://www.forbes.com/2008/12/01/cogent-sprint-regulation-tech-enter-cz_sw_1202cogent_print.html LOS ANGELES--Imagine life without the Internet. Hard? Just ask state officials in Maine to tell you about the ugly surprise they had on Halloween. On Oct. 30, Sprint Nextel severed its last connection to Cogent Communications, disconnecting two of the Internet's five largest backbones. Instantly, major American and Canadian universities lost contact with each other. Officials in Maine's state government found they couldn't link up with many town governments. Millions of Sprint's wireless broadband customers found themselves cut off from thousands of Web sites. Yet neither the Federal Communications Commission nor the Canadian Radio-Television and Telecommunications Commission took any action to restore global connectivity and the Web stayed broken for three days. The recent disruption marked the final blowup in a year-long game of chicken played by Sprint Nextel and Cogent and brought to light an uncomfortable reality: The Internet is held together by collection of secret contracts struck between private companies, free from government oversight and regulation. Financial pundits are having a field day blaming lax government oversight for much of the current financial woes. But the disruption of the Internet early in November raises an intriguing parallel question: Is the Web dangerously unregulated? Most of the time, the unregulated heart of the global Internet is a mysterious place, governed by rules laid out in those confidential contracts between private parties. This time, though, Sprint took the unusual step of a filing lawsuit in Virginia state court, alleging that Cogent breached the terms of a previously secret contract that spelled out how the two companies would trade traffic between their networks. Cogent quickly counter-sued, laying out a very different version of events. The Cogent-Sprint feud traces its roots back to 2002, when Cogent asked Sprint to exchange Internet traffic at no charge to either party, a common arrangement between similarly sized networks. At the time, Web traffic traveling between Cogent and Sprint was being sent through a third network, which Cogent found silly. A direct connection would be far more efficient. Sprint said it would agree to a direct link--but only if Cogent paid for the privilege. No chance, retorted Cogent. A swap would benefit them both equally, Cogent argued, why should one side pay? Finally, in 2006, the two companies broke the deadlock--or so it seemed. Sprint agreed to connect its network to Cogent's for a 90-day paid trial. If Internet traffic flowed back and forth between Sprint customers and Cogent customers in large volumes and in roughly equal proportions, then Sprint would agree to a permanent no-cost traffic swap. The companies signed a contract on Sept. 19, 2006, laying out the terms of the deal. By June 2007, Cogent and Sprint had established high-capacity links in six cities in the U.S. and in four more around the globe. With the connections open, traffic that had been forced to use a third network to travel between Cogent and Sprint now flowed directly. It is just these sorts of connections that let the global Internet grow ever faster and more reliable. A few days after the trial period ended in late September 2007, Sprint told Cogent it had failed the test. David Schaeffer, Cogent's pugnacious chief executive, says he was stunned. The two networks had transferred equal amounts of traffic back and forth, a standard precondition for no-cost traffic swapping. This time, however, Sprint's objection was that the direct links between the two giant networks hadn't carried enough traffic under the terms of the contract. Schaeffer, who is no stranger to fights with other backbone companies, says he felt scammed. To get the deal done, Cogent had paid Sprint $478,000 for the connection during the 90-day trial. Now Sprint said that since test was a failure, Cogent would have to keep paying. Schaeffer refused, arguing that Sprint's objection about too-low volumes was bogus. (Was it? That gets technical.) Schaeffer quickly concluded Sprint never intended to establish a no-cost link to Cogent. (Sprint denies that charge.) The two companies entered a cold war. Rather than disconnect its direct link to Cogent, Sprint instead began sending it bills: typically around $100,000 per month. Every month, Cogent refused to pay, saying it had earned a free connection under the contract. By the end of July 2008, a total of $1.2 million in unpaid bills had piled up. That's when Sprint decided to sue. Sprint's lawyers alleged that Cogent had failed the trial and thus should be paying for the connection under the contract's terms. Cogent's counter-suit claimed that it had actually passed the trial and besides, if Sprint no longer felt it was getting value out of connecting to Cogent directly, it was free to do what any utility would do to a non-paying customer: disconnect them. That's exactly what Sprint began to do. It started severing the 10 links between the two networks, hoping that Schaeffer would back down. He didn't. At 4 p.m. ET on Oct. 30, Sprint cut the last connection. In an instant, customers who relied solely on Sprint (like the U.S. federal court system) for Web access could no longer communicate with customers who relied solely of Cogent for their Web connections (like many large law firms), and vice versa. Angry calls from customers began to flood both companies, and it quickly became clear that Sprint had made a grave strategic error. In the unlikely event that Cogent caved completely, Sprint stood to gain $1.5 million or so in annual revenue, which would add .004% to the company's $40 billion in annual revenue. The downside was vastly higher. Sprint is first and foremost a wireless company, deriving only 6% of its revenues from its Internet division. Sprint's future relies on attracting high-paying broadband wireless customers--and it was those customers who were all cut off from part of the Internet as a result of its fight with Cogent. That reality appears to have percolated up the ranks at Sprint quickly. It cut off Cogent completely late on a Thursday afternoon, Oct. 30. By Sunday, Nov. 2, the company had changed its mind and reconnected. In the end, the Sprint versus Cogent showdown provided both an unusual glimpse into how the Internet works--and at how resilient and flexible the unregulated Internet is. The current laissez-faire system has a remarkable ability to encourage privately run networks to voluntarily strike deals that benefit everyone, expanding capacity of the larger Internet while allowing everyone to connect to everyone else. In the rare instances where part of the Net does break down, as in the recent fight between Cogent and Sprint, the market provides overwhelming incentives to repair the breach quickly. A permanent solution to this feud seems likely. A few weeks after the three-day shutdown, Cogent's Schaeffer ran into Sprint Chief Executive Dan Hesse at the Quadrangle Group's Media Conference. While the legal battle continues for now, the two men talked on the phone just before Thanksgiving. Both sides say they hope to reach an amicable solution. Odds are, they will. In the end, fighting between big backbones benefits neither side. From rforno at infowarrior.org Thu Dec 4 13:31:07 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 4 Dec 2008 08:31:07 -0500 Subject: [Infowarrior] - OT: Dances With Penguins Message-ID: <47B46096-36F5-4BEB-8085-D19DC60CEF38@infowarrior.org> Interesting, if not beautiful, article on fandom and the social nature of the Internet. As a good friend wrote when passing the link to me, "fandom's about not being alone anymore - it's about Abby, in the beginning, but really it's about all of us, and this weird, wonderful, amazing, inspiring thing we've got going between us." Dances With Penguins http://firefox.org/news/articles/2296/1/Dances-With-Penguins/Page1.html From rforno at infowarrior.org Thu Dec 4 16:08:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 4 Dec 2008 11:08:54 -0500 Subject: [Infowarrior] - Comcast To Offer Bandwidth Use Tracker In January Message-ID: <8F0A0296-8E13-4FE8-9BDD-22E3EB9BDB1C@infowarrior.org> Comcast To Offer Bandwidth Use Tracker In January Online tool to be available January 5 for all users... 06:19PM Tuesday Dec 02 2008 by Karl Bode tags: business ? bandwidth ? cable ? Comcast http://www.dslreports.com/shownews/Comcast-To-Offer-Bandwidth-Use-Tracker-In-January-99427 When Comcast recently started capping all users at 250GB per month, they annoyed some by failing to provide a tool to track usage, though they did tell us they were working on it. An anonymous Comcast tipster informs us that Comcast will soon implement a viewable online usage meter starting January 5. According to the source, the tool won't update users in real time, but will have a three hour delay. It will also retain three months of bandwidth usage records, and will come with the option of monitoring multiple MAC addresses. At the moment, the Comcast FAQ tells users to do a web search for bandwidth meters or use the meter included in the McAfee Security Suite the company gives out free to subscribers. Given the Comcast cap is so high, the vast majority of Comcast users will never run into it, and those who will probably use a software client or router firmware to track their usage. But after their tangle with the FCC for forging packets and throttling P2P traffic, Comcast's all about transparency. According to Comcast, less than 1% of all users will ever brush against the current cap. Still, should the cable operator ever use lower caps or implement overages, they'd need to be sure that customers understand how much bandwidth they're using. A recent survey indicated that 83% of Americans don't know how much bandwidth they consume, or even what a gigabyte is. AT&T, who recently starting testing caps ranging from 20-150GB caps with $1 overages, offers customers in Nevada and Texas test markets an online web usage tool. So does Time Warner Cable, who is testing caps ranging from 5-40GB with $1-$1.50 overages in Beaumont, Texas. From rforno at infowarrior.org Thu Dec 4 16:13:01 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 4 Dec 2008 11:13:01 -0500 Subject: [Infowarrior] - Hackers Hijacked Large E-Bill Payment Site Message-ID: <0C7A3A5D-9DEE-4112-BB48-E71854F56CD4@infowarrior.org> Hackers Hijacked Large E-Bill Payment Site http://voices.washingtonpost.com/securityfix/2008/12/hackers_hijacked_large_e-bill.html?hpid=sec-tech Hackers on Tuesday hijacked the Web site CheckFree.com, one of the largest online bill payment companies, redirecting an unknown number of visitors to a Web address that tried to install malicious software on visitors' computers, the company said today. The attack, first reported by The Register, a security news Web site, began in the early morning hours of Dec. 2, when Checkfree's home page and the customer login page were redirected to a server in the Ukraine. CheckFree spokeswoman Melanie Tolley said users who visited the sites during the attack would have been redirected to a blank page that tried to install malware. Tolley added that CheckFree regained control over its site by 5 a.m. on Dec. 2. The company said it was still having the malware analyzed by experts. "The degree of exposure to users is dependent on how current their anti-virus software is and what browser they used to connect with," Tolley said, adding that the company will release more information about the attack as it becomes available. But Paul Ferguson, a threat researcher with anti-virus firm Trend Micro, said Trend's analysis of the malware indicates that it is a new strain of Trojan horse program designed to steal user names and passwords. It appears hackers were able to hijack the company's Web sites by stealing the user name and password needed to make account changes at the Web site of Network Solutions, CheckFree's domain registrar. Susan Wade, a spokeswoman for the Herndon, Va., based registrar, said that at around 12:30 a.m. Dec. 2, someone logged in using the company's credentials and changed the address of CheckFree's authoritative domain name system (DNS) servers to point CheckFree site visitors to the Internet address in the Ukraine. DNS servers serve as a kind of phone book for Internet traffic, translating human-friendly Web site names into numeric Internet addresses that are easier for computers to handle. "Someone got access to [CheckFree's] account credentials and was able to log in," Wade said. "There was no breach in our system." Among the 330 kinds of bills you can pay through CheckFree are military credit accounts, utility bills, insurance payments, mortgage and loan payments. Browsing through the first few letters of the company's alphabetized customer list reveals some big names, including Allegheny Power, Allstate Insurance AT&T, Bank of America, and Chrysler Financial. See the full list of companies here. CheckFree's Tolley stressed that the attack occurred during off-peak hours when customer traffic to its Web site is typically low. Still, CheckFree has a huge customer base: The company claims that some 24.7 million consumers initiate payments through its services. CheckFree declined to say how many of its customers and companies it handles payments for may have been affected by the attack. But this thread over at an Ubuntu Linux mailing list suggests that U.S. Bank may also have been affected by this attack. U.S. Bank did not return calls seeking comment. From rforno at infowarrior.org Thu Dec 4 19:44:31 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 4 Dec 2008 14:44:31 -0500 Subject: [Infowarrior] - DOD realigns cyberwarfare shops Message-ID: (This is a very good thing, IMHO.....--rf) GATES DIRECTS REALIGNMENT OF MILITARY CYBERWARFARE SHOPS Inside the Pentagon December 4, 2008 http://www.insidedefense.com/secure/display.asp?docnum=11252008_nov25d&f= Defense Secretary Robert Gates has placed operational control over the entire range of military cyberspace activities in the hands of the Pentagon?s premiere offensive cyberwarfare unit, according to a Nov. 12 memo obtained by InsideDefense.com. The move, effective immediately, puts the Ft. Meade, MD-based Joint Functional Component Command-Network Warfare in charge of the Joint Task Force-Global Network Operations. The Arlington, VA-based JTF-GNO is tasked with defending the military?s networks. Both organizations are part of U.S. Strategic Command. National Security Agency Director Army Lt. Gen. Keith Alexander is also the JFCC-NW commander. Similarly, the JTF-GNO chief serves as the director of the Defense Information Systems Agency. That job will be filled soon by Army Maj. Gen. Carroll Pollett, who previously served as STRATCOM chief of staff. Senators confirmed his nomination for the job, which comes with a promotion to lieutenant general, on Oct. 2. ?There is a pressing need to ensure a single command structure is empowered to plan, execute, and integrate the full range of military cyberspace missions,? Gates says in the memo, sent to senior defense leaders. The DISA director will ?remain responsible for providing the JTF-GNO network and information assurance technical assistance as required,? the memo states. All DISA components and the JTF-GNO unit are slated for relocation to Ft. Meade beginning in October 2010 as a result of the 2005 round of base closures and realignments. Daniel Kuehl, a cyberwarfare scholar and professor at the National Defense University, called Gates? move a ?logical? step in the Pentagon?s efforts to prepare for future conflicts in cyberspace. He said the move signals a realization that offensive and defensive measures in cyberwarfare should be addressed as a whole. ?You can?t hermetically separate the two,? he told InsideDefense.com. ?I think what we?re seeing is a normalization of cyberspace as a warfighting domain,? Kuehl added. -- Sebastian Sprenger From rforno at infowarrior.org Fri Dec 5 04:13:08 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 4 Dec 2008 23:13:08 -0500 Subject: [Infowarrior] - UK Court: UK DNA database violates human rights Message-ID: One million innocent people could have their profiles wiped from Britain's 'Orwellian' DNA database after court ruling By Ian Drury Last updated at 1:50 AM on 05th December 2008 Nearly a million innocent citizens could see their profiles deleted from the DNA database following a landmark court ruling. European judges said it was unlawful for police to store swabs and fingerprints from suspects later cleared of wrongdoing. In a damning verdict, the 17-strong panel said keeping the records 'could not be regarded as necessary in a democracy'. Home Secretary Jacqui Smith said she was disappointed by the decision. But some campaigners said the future of other Government databases, including the national ID register, was in doubt. Before 2001, the police had to destroy DNA samples of individuals acquitted or not charged. But a rule change has allowed them to keep profiles of everyone arrested for a recordable offence in England, Wales and Northern Ireland. The details of about 4.5million people are held on the database yet one in five - including 40,000 children - has never been charged with an offence. The Home Office says the register has proved a key intelligence tool in solving 3,500 cases - including high-profile rapes and murders. Yesterday however the European Court of Human Rights ruled against police in a case brought by two British men. Their profiles were stored by South Yorkshire Police despite neither being convicted of an offence. The Strasbourg court found the force had violated article 8 of the European Convention on Human Rights - the right to respect for private and family life. In a strongly-worded attack, it condemned the 'blanket and indiscriminate nature' of the powers. < - > http://www.dailymail.co.uk/news/article-1091880/One-million-innocent-people-profiles-wiped-Britains-DNA-database-court-ruling.html# From rforno at infowarrior.org Fri Dec 5 14:01:07 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 5 Dec 2008 09:01:07 -0500 Subject: [Infowarrior] - Book: Googling Security Message-ID: <921F3B72-EF1F-4F6A-9EAF-573C5528C900@infowarrior.org> Googling Security: How Much Does Google Know About You? (Paperback) by Greg Conti (Author) http://www.amazon.com/exec/obidos/ASIN/0321518667/downandoutint-20 About the Author Greg Conti is an assistant professor of computer science at the U.S. Military Academy in West Point, New York. His research includes security data visualization, usable security, information warfare, and web-based information disclosure. He is the author of Security Data Visualization (No Starch Press, 2007) and has been featured in IEEE Security & Privacy magazine, Communications of the ACM, and IEEE Computer Graphics and Applications magazine. He has spoken at a wide range of academic and hacker conferences, including Black Hat, DEFCON, and the Workshop on Visualization for Computer Security (VizSEC). Conti runs the open source security visualization project RUMINT. His work can be found at www.gregconti.com/ and www.rumint.org/. < - > When you use Google?s ?free? services, you pay, big time?with personal information about yourself. Google is making a fortune on what it knows about you?and you may be shocked by just how much Google does know. Googling Security is the first book to reveal how Google?s vast information stockpiles could be used against you or your business?and what you can do to protect yourself. Unlike other books on Google hacking, this book covers information you disclose when using all of Google?s top applications, not just what savvy users can retrieve via Google?s search results. West Point computer science professor Greg Conti reveals the privacy implications of Gmail, Google Maps, Google Talk, Google Groups, Google Alerts, Google?s new mobile applications, and more. Drawing on his own advanced security research, Conti shows how Google?s databases can be used by others with bad intent, even if Google succeeds in its pledge of ?don?t be evil.? Chapter 1: Googling 1 Chapter 2: Information Flows and Leakage 31 Chapter 3: Footprints, Fingerprints, and Connections 59 Chapter 4: Search 97 Chapter 5: Communications 139 Chapter 6: Mapping, Directions, and Imagery 177 Chapter 7: Advertising and Embedded Content 205 Chapter 8: Googlebot 239 Chapter 9: Countermeasures 259 Chapter 10: Conclusions and a Look to the Future 299 From rforno at infowarrior.org Sun Dec 7 14:32:44 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 7 Dec 2008 09:32:44 -0500 Subject: [Infowarrior] - UK filtering Wikipedia access Message-ID: <0EB77E2F-94EB-48A0-8F0D-FB1E7DD59F91@infowarrior.org> British ISPs restrict access to Wikipedia amid child pornography allegations Sunday, December 7, 2008 Wikinews has learned that at least six of the United Kingdom's main Internet Service Providers (ISPs) have implemented monitoring and filtering mechanisms that are causing major problems for UK contributors on websites operated by the Wikimedia Foundation, amongst up to 1200 other websites. Wikinews has also learned that some ISPs have blocked customers from accessing some Wikimedia websites including the free, online encyclopedia, Wikipedia, altogether. The filters appear to be applied because Wikimedia sites are hosting a Scorpions album cover which some call child pornography. Scorpions are a German rock band who have used several controversial album covers and are perhaps best known for their song, "Rock You Like a Hurricane". The measures applied redirect traffic for a significant portion of the UK's Internet population through six servers which can log and filter the content that is available to the end user. A serious side-effect of this is the inability of administrators on Wikimedia sites to block vandals and other troublemakers without potentially impacting hundreds of thousands of innocent contributors who are working on the sites in good faith. < - > http://en.wikinews.org/wiki/UK_ISPs_erect_%27Great_Firewall_of_Britain%27_to_censor_Wikipedia From rforno at infowarrior.org Sun Dec 7 20:08:08 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 7 Dec 2008 15:08:08 -0500 Subject: [Infowarrior] - The Most Important Tech Policy Books of 2008 Message-ID: <7F26B0D5-4463-47A7-9665-A6ED80318278@infowarrior.org> The Most Important Tech Policy Books of 2008 It?s been a big year for tech policy books. Several important titles were released in 2008 that offer interesting perspectives about the future of the Internet and the impact digital technologies are having on our lives, culture, and economy. Back in September, I compared some of the most popular technology policy books of the past five years and tried to group them into two camps: ?Internet optimists? vs. ?Internet pessimists.? That post generated a great deal of discussion and I plan on expanding it into a longer article soon. In this post, however, I will merely list what I regard as the most important technology policy books of the past year. < - > http://techliberation.com/2008/12/07/the-most-important-tech-policy-books-of-2008/ From rforno at infowarrior.org Mon Dec 8 02:32:11 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 7 Dec 2008 21:32:11 -0500 Subject: [Infowarrior] - Wikileaks stymies Apple iPod Sync Ban Message-ID: <9D208B81-5076-4099-A99A-548C3C2C5126@infowarrior.org> Apple's Ban On iPod Sync Software Stymied By Wikileaks http://www.wikileaks.org/wiki/Apple%27s_Ban_On_iPod_Sync_Software_Stymied_By_Wikileaks The iPodHash project is an effort to open the iPod and iPhone to third- party media software other than Apple's iTunes. BY THOMAS CLABURN (InformationWeek) Apple's legal effort to remove the source code and related Web pages that could create iTunes-like software from the Internet appears to have failed. The company succeeded last month in removing information about the project from the public BluWiki.com site by claiming that the posted code violated the Digital Millennium Copyright Act (DMCA). But last week, the offending Web pages were published on WikiLeaks, a site accustomed to resisting takedown demands. The project, named iPodHash, is an effort to open the iPod and iPhone to third-party media software other than Apple's iTunes. "Apple added a hashing mechanism to its iTunesDB file from 6th generation iPods," one of the WikiLeaks documents explains. "This hashing mechanism was soon reverse engineered, and hence third-party applications were able to write to iPod classic and iPod nano 3G. With iPhone firmware upgrade 2.0, (or iPod touch 2.0 or iPhone 3G), Apple changed the hashing scheme. And here we are to reverse it yet again." To do so, the project participants are seeking "someone with knowledge of x86 ASM, to convert small piece of ASM code to C [programming language]." They aim to use this information to allow third-party media software to synchronize media files on iPods and iPhones with copies of those files stored on a PC. Apple last month sent a cease-and-desist letter to Sam Odio, who operates BluWiki, demanding that he remove the pages related to iPodHash. An attorney representing the company claimed that BluWiki "is disseminating information designed to circumvent Apple's FairPlay digital rights management system." The Electronic Frontier Foundation disagrees with Apple's position. Last week, the cyberliberties advocacy group said that Apple's DMCA claim doesn't have a leg to stand on. EFF attorney Fred von Lohmann claimed that the iPodHash project has not yet succeeded, which means Apple is trying to ban technical speech rather than functional code that enables the circumvention of a digital lock. He also claimed that the iTunesDB file is authored by the iPod owner rather than by Apple, just as Microsoft doesn't own the copyright to documents authored in Word. That gives the iPod owner the right to access the file, he argued. And von Lohmann pointed out that Apple's lawyers have overlooked the DMCA exemption for efforts that circumvent technological protections "for the purpose of enabling interoperability of an independently created computer program with other programs." From rforno at infowarrior.org Mon Dec 8 19:13:29 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Dec 2008 14:13:29 -0500 Subject: [Infowarrior] - Report: Securing Cyberspace for the 44th Presidency Message-ID: CSIS Report Securing Cyberspace for the 44th Presidency http://www.csis.org/component/option,com_csis_pubs/task,view/id,5157/type,1/ December 8, 2008 From rforno at infowarrior.org Tue Dec 9 00:00:16 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Dec 2008 19:00:16 -0500 Subject: [Infowarrior] - Report: National Security Reform and Classification Policy Message-ID: <836BB939-AACE-4C40-8695-E563A07FF896@infowarrior.org> ational Security Reform and Classification Policy http://pnsr.org/web/module/press/pressid/136/interior.asp The Project on National Security Reform Releases Recommendations Urging Sweeping Changes to Improve U.S. National Security System WASHINGTON-- The national security system must be massively reorganized if federal agencies are to cooperate and collaborate more effectively to combat the multitude of threats facing the U.S. in the 21st century, according to recommendations released today by the Project on National Security Reform (PNSR). The PNSR recommendations outlined in Forging A New Shield would replace a national security system created 60 years ago, that despite many marginal attempts to reform, often discourages agencies from working together on joint assignments and policy implementation to respond to crises and effectively manage national security affairs. The recommendations comprise a broad set of mandates to improve the national security system by streamlining integrated strategy and policy among agencies and programs, improving coordination with a newly established network for sharing information, providing better job training for employees and consolidating Congressional oversight, the report says. Among the PNSR?s key recommendations are: ? Establishing a President?s Security Council to replace the National Security Council and Homeland Security. ? Creating an empowered Director for National Security in the Executive Office of the President. ? Initiating the process of shifting highly collaborative, mission-focused interagency teams for priority issues. ? Mandating annual National Security Planning Guidance and an integrated national security budget. ? Building an interagency personnel system, including a National Security Professional Corps. ? Establishing a Chief Knowledge Officer in the PSC Executive Secretariat to ensure that the national security system as a whole can develop, store,retrieve and share knowledge. ? Forming Select Committees on National Security in the Senate and House of Representatives. ?To respond effectively and efficiently to the complex, rapidly changing threats and challenges of the 21st century security environment requires tight integration of the expertise and capabilities of many diverse departments and agencies,? says PNSR Executive Director James R. Locher III. ?Current organizational arrangements provide only weak mechanism for such integration.? PNSR?s Locher presented the recommendations today during a press conference at the National Press Club in Washington, D.C. The 800-page report culminates two years of study in which more than 300 national security experts identified the problems within the system, and produced more than 100 case studies to document the research and analysis. Since the passage of the National Security Act in 1947, the world has changed dramatically from the single Cold War threat to a multitude of diverse challenges ? ranging from rogue regimes to terrorists to transnational criminals. The terrorist attacks of 9/11, troubled stability operations in Iraq and Afghanistan, and inadequate response to Hurricane Katrina provide compelling evidence of the inadequacy of the current system. Twenty-two members of the PNSR Guiding Coalition, which includes former senior federal officials with extensive national security experience, unanimously agreed that the U.S. national security system needs reform. Joining Locher at the conference were Guiding Coalition members former U.S. Pacific Commander-in-Chief Dennis G. Blair, former Deputy Secretary of Homeland Security Admiral James M. Loy, former Deputy Director of the Central Intelligence Agency John McLaughlin and former Permanent Representative to the United Nations Ambassador Thomas Pickering. ?The focus must shift to national missions and outcomes,? says Admiral James M. Loy, former deputy secretary of Homeland Security. ?This will require strategic direction to produce unity of purpose and more collaboration to achieve unity of effort.? Through its research and analysis, PNSR has determined the following problems with the current system: ? The system is grossly imbalanced, favoring strong departmental capabilities at the expense of integrating mechanism. ? Executive Branch department and agencies are shaped by their narrowly defined core mandates rather than by the requisites of broader national missions. ? The need for presidential integration to compensate for the systematic inability to integrate or resource missions overly centralizes issues management and overburdens the White House. ? A burdened White House cannot manage the national security system as a whole to be agile and collaborative at any time, but it is particularly vulnerable to breakdown during protracted transition periods between administrations. ? Congress provides resources and conducts oversight in ways that reinforce all these problems and make improving performance extremely difficult. CONTACT media at pnsr.org Judith Evans (703) 387-7610 (o) (202) 679-6668 (c) http://pnsr.org/web/module/press/pressid/136/interior.asp From rforno at infowarrior.org Tue Dec 9 00:53:27 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Dec 2008 19:53:27 -0500 Subject: [Infowarrior] - End, don't mend, the Transportation Security Administration Message-ID: <003AF8EA-F03A-4B1B-BD34-CFDE6F982319@infowarrior.org> End, don't mend, the Transportation Security Administration Passenger pat-downs haven't dug up a single terrorist. By Becky Akers http://www.csmonitor.com/2008/1208/p09s02-coop.html from the December 8, 2008 edition (Christian Science Monitor) New York - Sometime in 2010, the Transportation Security Administration (TSA) will stop swiping airline passengers' bottled water and cups of coffee at security checkpoints. Instead, the agency will once again permit us to carry liquids and gels aboard planes. It's not that the TSA has finally realized mouthwash and moisturizer really can't explode, not even at 30,000 feet. Rather, it claims it has a combination of new contraptions to prove that. Advanced Technology X-ray machines, bottle scanners, and spectrometers will confirm that your unopened, factory-sealed Listerine is, well, Listerine. The ban on liquids and gels has plagued passengers for over two years now, ever since British police insisted they had foiled a plot for bombing jetliners en route from London to the US and Canada. Supposedly, terrorists planned to smuggle the ingredients of an explosive elixir aboard their flights in soft-drink containers, then combine them to blow the planes sky-high. Horrific, murderous ? and virtually impossible. The TSA makes it sound as though anyone with a year of high-school chemistry and some hydrogen peroxide can whip up explosives in an airplane's restroom. But mixing a truly explosive bomb is a delicate operation. It requires exact temperatures, precise measurements and methods, and specialized equipment ? all more commonly found in laboratories than lavatories. The procedure takes a while, too. And the fumes are likely to alert the passengers shifting from foot to foot in the aisle as they await their turn in the washroom. In fact, chemists worldwide doubt that even the most accomplished terrorist can concoct such a combustive cocktail high above the Atlantic. A British jury this summer didn't buy the allegations, either. Due to lack of evidence, only eight of the plot's original 25 suspects finally made it to trial. As it turns out, police should have freed all the defendants: jurors refused to convict anyone of terrorism. They exonerated one man, returned no verdict on four others, and settled on lesser charges for the remaining three. But none of these facts seem to matter to the TSA. It needs something to justify its existence: Despite six years of patting down passengers, it hasn't reported uncovering a single terrorist. No wonder it latched onto the nonsense about liquid bombs. Ferreting out and confiscating everyday substances not only makes work for 43,000 screeners, it also fools us into thinking this protects us. The TSA has always been a political, not practical, response to 9/11. It hassles us at checkpoints not because of penetrating insights on security or some brilliant breakthrough, but because politicians handed it power. Specialists in security didn't invent the TSA; the Bush administration imposed it on us. So we might hope the incoming president would abolish this absurd agency. Unfortunately, Barack Obama wants to improve the TSA rather than send it packing. His suggestions for that improvement? Passengers still aren't screened against a comprehensive terrorist watch list, his website proclaims. Such a list must be developed. Why? The watch list has already kept Rep. John Lewis (D) of Georgia and Sen. Ted Kennedy (D) of Massachusetts off planes: Will a comprehensive list bar Republican congressmen, too? That'll protect us about as well as unionizing screeners will ? another change the campaigning Obama said he favors. An administration serious about preserving passengers' lives rather than screeners' jobs would dismantle the TSA. Experts in the field, not the government, should design security. And it's senseless to fear that without the TSA airlines won't protect us. Businesses never willingly risk their inventory or customers; the aviation industry is no exception. Eliminating the TSA allows airlines to protect their customers and multimillion-dollar jets with real security, tailored to each company's needs. AirTran, for instance, confronts different challenges from Air Jamaica, just as banks in midtown Manhattan deal with different dangers than do those in suburban Sioux City. In a world free of the TSA, an airline might arm its pilots or hire private security firms. More likely, ideas and options we nonexperts can't imagine would render aviation's security as unobtrusive and effective as it is in other industries. There's no limit to human ingenuity and innovation ? until the government stifles them with one-size-fits-all regulation. Unfortunately, we can expect the airlines to fight as hard as the TSA for its survival: requiring security and establishing a bureaucracy to run it sticks taxpayers, rather than airlines, with the bill. We've paid aviation's operating costs long enough. It's time to bring down the curtain on the TSA's security theater. From rforno at infowarrior.org Tue Dec 9 03:26:24 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Dec 2008 22:26:24 -0500 Subject: [Infowarrior] - "Hollywood Stock Exchange" is back (real money) Message-ID: <95485DE8-38A1-475E-9CF4-4993EC1B42DD@infowarrior.org> Well.....more like "Hollywood Futures Trading Exchange" but you get the idea. I remember the HSX back in the mid-90s and futzed around with it during lunch hours to waste time. Not sure how this will go over with the "average" or "novice" investor, though....... --rf 08 December 2008 - 14:31 Cantor speculates on box office entertainment http://www.finextra.com/fullstory.asp?id=19405 Cantor Fitzgerald has filed an application with regulators to launch an exchange that will allow users to hedge and speculate on the financial performance of movies. Cantor says that subject to approval from the Commodity Futures Trading Commission (CFTC), its exchange's first traded product will be "Domestic Box Office Receipt" contracts. The contracts - expected to be listed in the first quarter of 2009 - will offer film finance professionals and traders an opportunity to hedge and speculate on the ticket sales of major film titles. Howard Lutnick, chairman and CEO, Cantor Fitzgerald, says: "The Cantor Exchange and our intention to list Domestic Box Office Receipt contracts reflect our continuing commitment to innovation in the finance and entertainment sectors." Cantor Fitzgerald already owns and operates the Hollywood Stock Exchange virtual entertainment stock market. Separately, WeSeed, a new online community Web site for stock market investors dubbed "Facebook-meets-Amazon", has been launched in the US. The site lets users get information and ideas on buying stocks through a propriety search tool as well as from "celebrity experts" and fellow members. In addition, users can practice investing in a virtual environment. Jennifer Openshaw, president and co-founder, WeSeed, says: "By leveraging the power of community, the 100 million Americans who don't currently invest can learn the basic fundamentals of stock investing and become smarter, more confident, better informed and even more competitive in their jobs." From rforno at infowarrior.org Tue Dec 9 03:53:16 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 8 Dec 2008 22:53:16 -0500 Subject: [Infowarrior] - The New Generation of "Non-Lethal" Weapons Message-ID: <01BDDB96-D06B-4FDE-B42C-BBF72FDEAC06@infowarrior.org> With Shot or Shell or Modular Crowd Control Munitions.... The New Generation of "Non-Lethal" Weapons By MIKE FERNER http://www.counterpunch.org/ferner12082008.html "Violence is the first refuge of the incompetent." -- Isaac Asimov The Army Times reported on September 30 that a combat brigade, about 4,000 troops, which could be called on for ?civil unrest and crowd control,? had been assigned inside the United States for the first time since Reconstruction. Civil libertarians reacted immediately, noting the Posse Comitatus Act prohibits federal military personnel from acting in a law enforcement capacity within the United States. Peace activists condemned the decision as well. ?It is a sad day for America when our government is preparing to protect itself by using the military on its own citizens,? Michael McPhearson, Director of Veterans For Peace, said in response to the news. Now, in a December 1 story, the Washington Post reports that the Pentagon plans to have not just that 4,000, but 20,000 uniformed troops inside the U. S. by 2011. Dedicating 20,000 troops to domestic response ?would have been extraordinary to the point of unbelievable,? Paul McHale, assistant defense secretary for homeland defense, said, but the realization that civilian authorities may be overwhelmed in a catastrophe prompted ?a fundamental change in military culture.? The report in the Post made no mention of ?civil unrest and crowd control,? focusing instead on the troops? ability to help state and local officials respond to a nuclear terrorist attack or other domestic catastrophe. However, the Army Times report of September notes that the First Brigade Combat Team?s commander, Col. Roger Cloutier, said his soldiers will learn how to use the first ever package of so-called ?nonlethal? weapons the Army has fielded, referring to crowd and traffic control equipment and weapons designed to subdue individuals without killing them. ?It?s a new modular package of nonlethal capabilities?they?ve been using pieces of it in Iraq, but this is the first time that these modules were consolidated and this package fielded, and because of this mission we?re undertaking we were the first to get it,? Cloutier added.? Where are these unruly American crowds and who are the dangerous individuals these ?nonlethal? weapons will be used on? Exactly what is in the Pentagon and local police department arsenals? The answers are hidden in plain sight on the internet. Go on down the rabbit hole and find out. Here is a small sampling of what the Mad Hatter has in mind. * Raytheon Corp.'s Active Denial System, designed for crowd control in combat zones, uses an energy beam to induce an intolerable heating sensation, like a hot iron placed on the skin. It is effective beyond the range of small arms, in excess of 400 meters. Company officials have been advised they could expand the market by selling a smaller, tripod-mounted version for police forces. * The FN 303, from FN Herstal Corp., fires a .68 caliber, plastic shell loaded with optional orange dye and Oleoresin Capsicum (red pepper) that has ?inflammatory properties that force the eyes to shut, while causing an intense stinging sensation to the skin, throat, and nose. The result is total incapacitance (sic) lasting for up to 45 minutes.? Range 50 meters. * M5 Modular Crowd Control Munition, with a range of 30 meters ?is similar in operation to a claymore mine, but it delivers?a strong, nonpenetrating blow to the body with multiple sub-munitions (600 rubber balls).? * Long Range Acoustic Device or ?The Scream,? is a powerful megaphone the size of a satellite dish that can emit sound ?50 times greater than the human threshold for pain? at close range, causing permanent hearing damage. The L.A. Times wrote U.S. Marines in Iraq used it in 2004. It can deliver recorded warnings in Arabic and, on command, emit a piercing tone??[For] most people, even if they plug their ears, [the device] will produce the equivalent of an instant migraine,? says Woody Norris, chairman of American Technology Corp., the San Diego firm that produces the weapon. ?It will knock [some people] on their knees.? CBS News reported in 2005 that the Israeli Army first used the device in the field to break up a protest against Israel?s separation wall. ?Protesters covered their ears and grabbed their heads, overcome by dizziness and nausea, after the vehicle- mounted device began sending out bursts of audible, but not loud, sound at intervals of about 10 seconds?A military official said the device emits a special frequency that targets the inner ear.? * In ?Non-lethal Technologies: An Overview,? Lewer and Davison describe a lengthy catalog of new weaponry including the ?Directed Stick Radiator,? a hand-held system based on the same technology as The Scream. ?It fires high intensity ?sonic bullets? or pulses of sound between 125?150db for a second or two. Such a weapon could, when fully developed, have the capacity to knock people off their feet.? * The Institute for Non-Lethal Defense Technologies at Penn State University is testing a ?Distributed Sound and Light Array Debilitator? a.k.a. the ?puke ray.? The colors and rhythm of light are absorbed by the retina and disorient the brain, blinding the victim for several seconds. In conjunction with disturbing sounds it can make the person stumble or feel nauseated. Foreign Policy in Focus reports that the Department of Homeland Security, with $1 million invested for testing the device, hopes to see it ?in the hands of thousands of policemen, border agents and National Guardsmen" by 2010. * New Scientist reports that the (I?m not making this up) Inertial Capacitive Incapacitator (ICI), developed by the Physical Optics Corporation of Torrance, California, uses a thin-film storage device charged during manufacture that only discharges when it strikes the target. It can be incorporated into a ring-shaped aerofoil and fired from a standard grenade launcher at low velocity, while still maintaining a flat trajectory for maximum accuracy. * Aiming beyond Tasers, the Homeland Security Advanced Research Projects Agency, (FY 2009 budget: $1B) the domestic equivalent of the Defense Advanced Research Projects Agency (DARPA), plans to develop wireless weapons effective over greater distances, such as in an auditorium or sports stadium, or on a city street. One such device, the Piezer, uses piezoelectric crystals that produce voltage when they are compressed. A 12-gauge shotgun fires the crystals, stunning the target with an electric shock on impact. Lynntech of College Station, Texas, is developing a projectile Taser that can be fired from a shotgun or 40-mm grenade launcher to increase greatly the weapon?s current range of seven meters. * ?Off the Rocker and On the Floor: Continued Development of Biochemical Incapacitating Weapons,? a report by the Bradford Disarmament Research Centre revealed that in 1992, the National Institute of Justice contracted with Lawrence Livermore National Lab to review clinical anaesthetics for use by special ops military forces and police. LLNL concluded the best option was an opioid, like fentanyl, effective at very low doses compared to morphine. Combined with a patch soaked in DMSO (dimethylsufoxide, a solvent) and fired from an air rifle, fentanyl could be delivered to the skin even through light clothing. Another recommended application for the drug was mixed with fine powder and dispersed as smoke. * After upgrades, the infamous ?Puff the Magic Dragon? gunship from the Vietnam War is now the AC-130. ?Non-Lethal Weaponry: Applications to AC-130 Gunships,? observes that ?With the increasing involvement of US military in operations other than war?? the AC-130 ?would provide commanders a full range of non-lethal weaponry from an airborne platform which was not previously available to them.? The paper concludes in part that ?As the use of non-lethal weapons increases and it becomes valid and acceptable, more options will become available.? * Prozac and Zoloft are two of over 100 pharmaceuticals identified by the Penn State College of Medicine and the university?s Applied Research Lab for further study as ?non-lethal calmatives.? These Selective Serotonin Reuptake Inhibitors (SSRIs), noted the Penn State study, ??are found to be highly effective for numerous behavioral disturbances encountered in situations where a deployment of a non-lethal technique must be considered. This class of pharmaceutical agents also continues to be under intense development by the pharmaceutical industry?New compounds under development (WO 09500194) are being designed with a faster onset of action. Drug development is continuing at a rapid rate in this area due to the large market for the treatment of depression (15 million individuals in North America)?It is likely that an SSRI agent can be identified in the near future that will feature a rapid rate of onset.? Not surprisingly, the Air University, Maxwell AFB publishes an extensive bibliography on these weapons, but since 2001 it?s been civilian academia?s turn to belly up to Uncle Sam?s rapidly growing trough. In addition to Penn State?s Applied Research Lab, run as part of its Homeland Security Initiative, the University of New Hampshire established the so-called Non-lethal Technology Innovation Center with a grant from the so-called Joint Non-Lethal Weapons Directory, and John Hopkins University and MIT are just two of many other colleges chasing federal grants for this work. All of which seems to prove the old saw that, even if you?ve got 120 kinds of hammers, ?When all you?ve got is a hammer, every problem looks like a nail.? With shot and shell or ?The Scream? and ?Puke Ray,? we must bend to Empire?s will or suffer the consequences. Mike Ferner is author of ?Inside the Red Zone: A Veteran For Peace Reports from Iraq.? From rforno at infowarrior.org Wed Dec 10 23:38:27 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 10 Dec 2008 18:38:27 -0500 Subject: [Infowarrior] - DHS Cyber-Security Too Blase About Citizen Info, Panel Says Message-ID: <65023A23-D9A5-4EA5-A41E-24197EAF8970@infowarrior.org> DHS Cyber-Security Too Blase About Citizen Info, Panel Says By Ryan Singel EmailDecember 10, 2008 | 4:54:35 PMCategories: Cybersecurity http://blog.wired.com/27bstroke6/2008/12/dhs-cyber-secur.html The government's latest cyber-security efforts are too wrapped in secrecy and its privacy assessments downplay citizens' interest in the privacy of their IP addresses, a government commission reported Monday. At issue is a Homeland Security anti-hacking system known as EINSTEIN, software which monitors traffic into and out of government networks in order to detect abnormal use. The intrusion detection system is considered a key part of the government's multi-billion dollar, highly secretive computer security program known as the Comprehensive National Cyber-Security Initiative. EINSTEIN2, the newest iteration of the detection system, is intended to watch over the gateways to all of the government websites in real time, in order to spot intrusions or attacks quickly. But to do that, software controlled by DHS will need to peer into citizens online interactions with the government, including emails. But sharing traffic data from government websites such as the IRS's with the Department of Homeland Security raises privacy concerns, according to the Information Security and Privacy Advisory Board, though DHS's own assessment dismisses them outright. "Internet users have no expectation of privacy in the to/from address of their messages or the IP addresses of the sites they visit," the program's recent Privacy Impact Assessment (.pdf) concluded. But the NIST group of advisors disagree and all but call that notion dangerous. "Written this broadly, the statement is a change from previous government policy that has suggested that there is an expectation of privacy based on the use of Internet header information," the group told the Office of Management and Budget in a letter (.pdf) sent Monday but not yet posted to the NIST.gov website. They note that the government has turned down government sunshine requests for web traffic logs on the grounds that citizens who visited a .gov website had a privacy interest in their IP address. Government regulators -- particularly in Europe -- are pushing search engines to forget IP addresses more quickly, since they can be used to reconstruct a person's search history. The panel, comprised of private sector techies and employees from agencies ranging from the National Security Agency to Housing And Urban Development, want Homeland Security to make it clear that citizens do have privacy rights in the information their browsers have to tell government sites. "We urge OMB to recommend that DHS clarify [...] that any privacy interest in IP address and other header information is being adequately addressed by DHS through fair information practices, considering the significant law enforcement and national security interest in use of this information by EINSTEIN2," the group wrote. While TO: and FROM: lines in messages and IP addresses need to be semi- public in order to let information travel across the net, IP addresses can easily be used by law enforcement and intelligence agencies as a starting point to reconstruct a person's internet usage. Google, for one, has had its own issues with whether users have a privacy interest in the IP addresses it services store. They argued to the government that they were in order to keep from having to turn over user logs, but then told European regulators that IP addresses weren't really personal, when those officials were seeking limits on how long search engines could store data. That argument whipsawed on the company in a Viacom lawsuit over YouTube, when a judge ordered Google to turn over all its YouTube user logs, citing Google's own arguments about IP addresses. The group also suggested that the Bush Administration's fledgling Comprehensive National Cyber-Security Initiative needed to be forthcoming, since many of the privacy assessments created for the program aren't public. That's not unsurprising since the Executive Order laying out guidelines for the project -- issued in January by President Bush -- remains a secret. Cyber-security finally became a priority for the government last fall. Homeland Secretary Michael Chertoff wants EINSTEIN to eventually have the capability to strike back at attackers, while NSA head Michael McConnell has said the NSA will need to sit on the public internet, monitoring searches and traffic, to keep the internet running. From rforno at infowarrior.org Thu Dec 11 13:29:43 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Dec 2008 08:29:43 -0500 Subject: [Infowarrior] - Fwd: (via BoingBoing): Austin teacher threatens to sic cops on Linux group because "No software is free" References: <20081211121233.GA10396@gsp.org> Message-ID: Begin forwarded message: > From: Rich Kulawiec > Date: December 11, 2008 7:12:33 AM EST > > (Yes, it's Texas, *again*.) > > Austin teacher threatens to sic cops on Linux group because "No > software is free" > http://www.boingboing.net/2008/12/10/austin-teacher-threa.html > > Excerpt: > > A teacher in Austin sent an angry, accusatory email to a local > Linux collective ("HeliOS Project, which builds and provides > Linux computers to disadvantaged or 'exceptionally promising' > students") accusing them of piracy for distributing the free > operating system and excoriating them for encouraging her > students to do the same. She threatened to have the group's > organizer investigated by the police, too. > > See also: > > http://austinist.com/2008/12/10/aisd_teacher_throws_fit_over_studen.php > > and > > http://linuxlock.blogspot.com/2008/12/linux-stop-holding-our-kids-back.html > > ---Rsk From rforno at infowarrior.org Thu Dec 11 23:53:07 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Dec 2008 18:53:07 -0500 Subject: [Infowarrior] - Mexico increases domestic surveillance Message-ID: <75F4523F-4E72-40F2-99DF-E40D7FC32EB8@infowarrior.org> Mexican congress approves widening police powers By MARK STEVENSON ? 1 day ago http://www.google.com/hostednews/ap/article/ALeqM5hbIC6ZYe2A2fSIe1q-1dnh4TphiwD94VK6K81 MEXICO CITY (AP) ? Mexico's Congress on Tuesday voted to broaden police powers, allowing law enforcement agencies to use undercover agents and taped conversations as evidence in a bid to help them fight increasingly bloody drug cartels. The reforms, which were approved earlier by the Senate, are backed by President Felipe Calderon and come as Mexico is shaken by organized- crime violence that has claimed almost 5,400 lives so far this year, more than double the death toll from the same period of 2007. They allow taped conversations to be used in court if submitted as evidence by one of the parties in the conversation, and let police request search warrants by e-mail or by telephone calls to judges rather than exclusively in writing, according to a Congressional statement. The changes also permit undercover agents. Many Mexican detectives currently operate in plain clothes, but the new measure would let them keep their identities secret in legal proceedings and be identified by a numerical code known only to superiors. Drug gangs have increasingly targeted police officials for assassination in recent years. The reforms include some safeguards meant to prevent police from abusing their powers, including one requiring that officers quickly register all detentions. Under current law, they have up to two days to present a suspect before a judge. In the past, some police have been accused of using that period to threaten, pressure or torture suspects into confessing. The bill also tightens the definition of catching a suspect "in the act," to mean just a few moments from the commission of a crime. Previously, police could detain suspects hours or even days after a crime and claim they had been caught in the act. Also Tuesday, the Senate voted to create a registry of cell phone owners to combat kidnappings and extortions in which gangs often use untraceable mobile phones to make ransom demands. Telecoms would be required to ask purchasers of cell phones or phone memory chips for their names, addresses and fingerprints, and to turn that information over to investigators if requested. At present, unregulated vendors sell phones and chips for cash from streetside stands. It is unclear how such vendors would be made to comply with the new law. The Senate also approved a bill previously passed by the lower house to standardize police training, vetting and operational procedures. The law would create a national security council headed by the president and the governors of Mexico's 31 states to improve coordination among a disparate array of state, local and federal police. The bill will return to the lower house for final approval after senators detected errors in its wording. From rforno at infowarrior.org Fri Dec 12 00:01:33 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Dec 2008 19:01:33 -0500 Subject: [Infowarrior] - Aussie ISPs refuse to join government's filtering test Message-ID: Aussie ISPs refuse to join government's filtering test By Joel Hruska | Published: December 11, 2008 - 01:58PM CT http://arstechnica.com/news.ars/post/20081211-aussie-isps-refuse-to-join-governments-filtering-test.html The Australian government's plan to censor the entire Internet hit another major snag this week after two of the country's largest ISPs, Telstra and InterNode, announced they would not participate in the government's proposed filtering tests. Many of the ISPs in Australia, in fact, are either refusing to join the test, joining it only to prove it won't work (iiNet), or only testing a scaled-down version of what's intended to be the final model (Optus). We've covered the numerous flaws in Australia's plan in some detail, and the ISPs are citing some of the same issues as reasons for why the plan won't work. At present, the government is planning a two-tier system. The first tier (compulsory for all Australians) would block all "illegal" material (as deemed such by the Australian Communications and Media Authority (ACMA). The content blacklist is not to exceed 10,000 URLs, but when the ISP Optus begins actually testing the first tier next year, it will be working with a cut-down list of 1,300 rather than the expanded list of 10,000. The second tier of censorship filtering is meant to be an opt-out system that will block both the illegal content and "content deemed inappropriate for children." Said content will again be deemed appropriate or inappropriate by ACMA. The government seems to be completely out of touch with the technological requirements and logistical flaws of its own plan. Filtering for just the first tier of this plan is problematic enough? clearly the ISPs think so?but filtering all Internet traffic for those on the second tier of the plan will consume a disproportionate amount of ISP resources for a small group of customers. Deep packet inspection (DPI for short) doesn't just require additional processing resources and expensive equipment, it creates latency problems that aren't easy to address. Adding more bandwidth to the the network, in this case, does nothing to increase performance and might actually retard it; more incoming packets means still more data that must be inspected and properly routed. Faster DPI equipment can theoretically speed the process, but the window in which such inspection can take place without impacting the end user's experience is small. According to The Age, Communication Minister Stephen Conroy's office is long on rhetoric but a bit dicey on the actual facts. The minister himself has apparently written to critics and told them that the upcoming tests would be "live trials over a closed network test that will not involve actual customers," but has neglected to explain how one performs a live test without deploying the service to a group of customers. The government's plans are opposed by a coalition of non- majority Australian parties, the aforementioned ISPs, and anti- censorship protesters. The recent flurry of negative publicity surrounding the Internet Watch Foundation's decision to block Wikipedia based on a single image (since retracted) won't do anything to help the government's plan, either. To date, Senator Conroy maintains that the government's filtering system will use the same IWF blacklist as Britain, opening the country to the same sorts of filtration issues. From rforno at infowarrior.org Fri Dec 12 02:32:08 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 11 Dec 2008 21:32:08 -0500 Subject: [Infowarrior] - Book: Internet Governance Forum (IGF) - The First Two Years Message-ID: Internet Governance Forum (IGF) - The First Two Years Edited by Avri Doria and Wolfgang Kleinw?chter in coorperation with the IGF Secretariat. A UNESCO Publications for the World Summit of the Information Society - Special issue co-produced with the ITU and UNDESA (2.34MB) Download Full-text Book: http://www.intgovforum.org/cms/hydera/IGFBook_the_first_two_years.pdf From rforno at infowarrior.org Fri Dec 12 14:08:37 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Dec 2008 09:08:37 -0500 Subject: [Infowarrior] - FCC Commissioner: WoW a Leading Cause of College Dropouts Message-ID: <2A561762-EBA8-42DB-967F-71AB6634F893@infowarrior.org> FCC Commissioner Terms WoW a Leading Cause of College Dropouts December 10, 2008 Yesterday GamePolitics reported on concerns by University of Minnesota Duluth officials that compulsive World of Warcraft play was causing some students to flunk out. Those concerns have been echoed by Federal Communications Commissioner Deborah Taylor Tate (left). The FCC commissioner commented on WoW during a speech on telecom policy and regulation delivered to the Practicing Law Institute on December 5th: With the explosion of educational resources available online, one might think parents would be 100% pleased with the internet?s role in their children?s lives. But surveys show just the opposite: a late 2006 survey that showed 59% of parents think the internet has been a totally positive influence in their children?s lives-- down from 67% in 2004. You might find it alarming that one of the top reasons for college drop-outs in the U.S. is online gaming addiction - such as World of Warcraft - which is played by 11 million individuals worldwide. Document Dump: Read Tate's (most non-game-related) speech here. http://www.gamepolitics.com/2008/12/10/fcc-commissioner-terms-wow-leading-cause-college-dropouts From rforno at infowarrior.org Fri Dec 12 14:09:48 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Dec 2008 09:09:48 -0500 Subject: [Infowarrior] - MPAA begs Obama for help Message-ID: http://www.eff.org/deeplinks/2008/12/mpaa-obama December 11th, 2008 MPAA Asks Obama for More Copyright Surveillance of the Internet Legislative Analysis by Tim Jones As part of their commitment to transparent and open government, the Obama Transition Team is posting the lobbying agendas of the groups it meets with for public review and comment. One of the more interesting documents to be found there is the Motion Picture Association of America's "international trade" agenda. Some of the MPAA's agenda is reasonable, such as cracking down on commercial optical disc piracy. But much of it, if adopted, would result in a substantially less free and safe internet, at little or no actual benefit to the artists and workers the MPAA claims to represent. Of course, this may not be immediately clear when reading the document, since it's all couched in DC lobbyist-speak. Here, then, is a guide to understanding what's really being talked about. First: "Achieving inter-industry cooperation in the fight against online piracy, including through automated detection and removal of infringing content is imperative to curb the theft of online content... This kind of automated-detection technology has long been a favorite fantasy of the MPAA and affiliates. They've pushed for it on US campuses, in US states, in US trade law [PDF], and in Europe, so it's hardly surprising to see them pushing for country-wide requirements at the federal level. The MPAA's faith in "filtering" is pure magical thinking. It presupposes invading the privacy of innocents and pirates alike by monitoring every packet on the Internet (which is bad enough when the NSA does it). And it ignores the reality of strong encryption, which will utterly defeat network filtering techniques (thus necessitating more intrusive alternatives ? how about a copyright surveillance rootkit on every PC?). Sacrificing our privacy for the pipe-dreams of one industry is a bad idea. These reasons and more were outlined by EFF in a 2005 white paper, and again last January in a memo to European lawmakers [PDF]. Next up: "MPAA views recent efforts by the Governments of France and the United Kingdom to protect content on-line and facilitate inter- industry cooperation as useful models. Here, the MPAA is advocating for a number of things, the most problematic of which is a "three strikes" internet termination policy. This would require ISPs to terminate customers' internet accounts upon a rights-holder's repeat allegation of copyright ingfringement. This could be done potentially without any due process or judicial review. A three-strikes policy was recently adopted by legislation in France, where all ISPs are now banned from providing blacklisted citizens with internet access for up to one year. Because three-strikes policies do not guarantee due process or judicial oversight of whether the accusations of copyright infringement are valid, they effectively grant the content industry the ability to exile any individual they want from the internet. Lest we forget, there is a history of innocents getting caught up in these anti-piracy dragnets. (Copyfighter Cory Doctorow has wondered what would happen if the MPAA's erroneous notices were subject to a similar three-strikes law.) Thankfully, members of the European Parliament vehemently rejected these measures, resolving that "The cut of Internet access is a disproportionate measure regarding the objectives. It is a sanction with powerful effects, which could have profound repercussions in a society where access to the Internet is an imperative right for social inclusion." Let's hope the US government's decisions on this are as wise. EFF outlined these concerns and more in our September 2008 comments to the US Trade Representative [PDF]. And, finally: "MPAA has identified the following countries for priority trade policy attention in 2009: Canada, China, India, Mexico, Russia and Spain. Translation: Not satisfied with wrecking the internet for US citizens alone, the MPAA would like the US government to pressure foreign governments to adopt the same harmful measures. This is made explicit by a look at, for instance, the International Intellectual Property Association's 2008 one-sheets on Canada [PDF] and Spain [PDF]: The MPAA wants these governments to institute mandatory internet filtering and three-strikes laws. Canada is being singled out by the MPAA because of its sensible rejection of the Canadian version of the US's deeply flawed Digital Millenium Copyright Act. In Spain, the MPAA is frustrated with rulings in 2006 that failed to punish Spanish citizens sufficiently harshly for file-sharing. This week in the San Jose Mercury News, Ed Black, CEO of the Computer & Communications Industry Association, described how adoption of the MPAA's international trade demands would deeply set back US innovation and foreign policy. How the Obama administration will react to these demands remains to be seen. The adoption of a Creative Commons license for Change.gov content indicates that there just might at long last be a seat at the table in the White House for smart thinking on copyright issues. Hopefully the Obama Administration will prove strong enough to stand up to the MPAA's lobbying, and instead institute positive reforms of US copyright law. If you'd like to share your thoughts on this matter with the Obama Transition Team, the MPAA's agenda is open to public review and comment on Change.gov. From rforno at infowarrior.org Fri Dec 12 14:15:37 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Dec 2008 09:15:37 -0500 Subject: [Infowarrior] - Fed Refuses to Disclose Recipients of $2 Trillion in Lending Message-ID: <18737DAE-5774-41DA-A6A4-8E26373CF608@infowarrior.org> Fed Refuses to Disclose Recipients of $2 Trillion in Lending http://www.bloomberg.com/apps/news?pid=20601109&sid=apx7XNLnZZlc&refer=home# By Mark Pittman Dec. 12 (Bloomberg) -- The Federal Reserve refused a request by Bloomberg News to disclose the recipients of more than $2 trillion of emergency loans from U.S. taxpayers and the assets the central bank is accepting as collateral. Bloomberg filed suit Nov. 7 under the U.S. Freedom of Information Act requesting details about the terms of 11 Fed lending programs, most created during the deepest financial crisis since the Great Depression. The Fed responded Dec. 8, saying it?s allowed to withhold internal memos as well as information about trade secrets and commercial information. The institution confirmed that a records search found 231 pages of documents pertaining to some of the requests. ?If they told us what they held, we would know the potential losses that the government may take and that?s what they don?t want us to know,? said Carlos Mendez, who oversees about $14 billion at New York- based ICP Capital LLC. Bloomberg News is a unit of New York-based Bloomberg LP. The Fed stepped into a rescue role that was the original purpose of the Treasury?s $700 billion Troubled Asset Relief Program. The central bank loans don?t have the oversight safeguards that Congress imposed upon the TARP. Total Fed lending exceeded $2 trillion for the first time Nov. 6. It rose by 138 percent, or $1.23 trillion, in the 12 weeks since Sept. 14, when central bank governors relaxed collateral standards to accept securities that weren?t rated AAA. ?Been Bamboozled? Congress is demanding more transparency from the Fed and Treasury on the bailout efforts, most recently during Dec. 10 hearings by the House Financial Services committee when Representative David Scott, a Georgia Democrat, said Americans had ?been bamboozled.? In its response to Bloomberg?s request, the Fed said the U.S. is facing ?an unprecedented crisis? when the ?loss in confidence in and between financial institutions can occur with lightning speed and devastating effects.? The Fed supplied copies of three e-mails in response to a request that it disclose the identities of those supplying data on collateral as well as their contracts. While the senders and recipients of the messages were revealed, the contents were erased except for two phrases identifying a vendor as ?IDC.? One of the e-mails? subject lines refers to ?Interactive Data -- Auction Rate Security Advisory May 1, 2008.? ?Multiple Harms? Brian Willinsky, a spokesman for Bedford, Massachusetts- based Interactive Data Corp., a seller of fixed-income securities information, declined to comment. ?Notwithstanding calls for enhanced transparency, the Board must protect against the substantial, multiple harms that might result from disclosure,? Jennifer J. Johnson, the secretary for the Fed?s Board of Governors, said in a letter e-mailed to Bloomberg News. ?In its considered judgment and in view of current circumstances, it would be a dangerous step to release this otherwise confidential information,? she wrote. New York-based Citigroup Inc., which is shrinking its global workforce of 352,000 through asset sales and job cuts, is among the nine biggest banks receiving $125 billion in capital from the TARP since it was signed into law Oct. 3. More than 170 regional lenders are seeking an additional $74 billion. Fed Chairman Ben S. Bernanke and Treasury Secretary Henry Paulson said in September they would comply with congressional demands for transparency in a $700 billion bailout of the banking system. ?Right to Know? The Freedom of Information Act requires federal agencies to make government documents available to the press and the public. The suit, filed in New York, doesn?t seek money damages. ?There has to be something they can tell the public because we have a right to know what they are doing,? said Lucy Dalglish, executive director of the Arlington, Virginia-based Reporters Committee for Freedom of the Press. ?It would really be a shame if we have to find this out 10 years from now after some really nasty class-action suit and our financial system has completely collapsed.? The Fed lent cash and government bonds to banks that handed over collateral including stocks and subprime and structured securities such as collateralized debt obligations, according to the Fed Web site. Borrowers include the now-bankrupt Lehman Brothers Holdings Inc., Citigroup and New York-based JPMorgan Chase & Co., the country?s biggest bank by assets. Banks oppose any release of information because that might signal weakness and spur short-selling or a run by depositors, Scott Talbott, senior vice president of government affairs for the Financial Services Roundtable, a Washington trade group, said in an interview last month. ?Complete Truth? ?Americans don?t want to get blindsided anymore,? Mendez said in an interview. ?They don?t want it sugarcoated or whitewashed. They want the complete truth. The truth is we can?t take all the pain right now.? The Bloomberg lawsuit said that the collateral lists ?are central to understanding and assessing the government?s response to the most cataclysmic financial crisis in America since the Great Depression.? In response, the Fed argued that the trade-secret exemption could be expanded to include potential harm to any of the central bank?s customers, said Bruce Johnson, a lawyer at Davis Wright Tremaine LLP in Seattle. That expansion is not contained in the freedom-of- information law, Johnson said. ?I understand where they are coming from bureaucratically, but that means it?s all the more necessary for taxpayers to know what exactly is going on because of all the money that is being hurled at the banking system,? Johnson said. The Bloomberg lawsuit is Bloomberg LP v. Board of Governors of the Federal Reserve System, 08-CV-9595, U.S. District Court, Southern District of New York (Manhattan). To contact the reporters on this story: Mark Pittman in New York at mpittman at bloomberg.net ; Last Updated: December 12, 2008 00:01 EST From rforno at infowarrior.org Fri Dec 12 17:27:30 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 12 Dec 2008 12:27:30 -0500 Subject: [Infowarrior] - McCain Campaign Sells Info-Loaded Blackberry to FOX 5 Reporter Message-ID: <0B857A9A-8CBF-4760-A029-E63DB4B8D6B6@infowarrior.org> McCain Campaign Sells Info-Loaded Blackberry to FOX 5 Reporter Exclusive FOX 5 Investigation Last Edited: Thursday, 11 Dec 2008, 11:02 PM EST Created: Thursday, 11 Dec 2008, 11:02 PM EST http://www.myfoxdc.com/myfox/pages/News/Detail?contentId=8055902&version=1&locale=EN-US&layoutCode=TSTY&pageId=3.2.1 ARLINGTON, Va. - Private information at bargain prices. It was a high- tech flub at the McCain-Palin campaign headquarters in Arlington when Fox 5?s Investigative Reporter Tisha Thompson bought a Blackberry device containing confidential campaign information. It started with a snippet we read on page A23 in Thursday?s Washington Post. The McCain-Palin campaign was going to sell its used office inventory at low prices. But when we got there, it didn?t look like we were going to get much. It was lunchtime and most of the good stuff was gone, picked over by early birds looking for deals on file cabinets, white boards, sofas-- anything headquarters could sell to get back some of their campaign dough. We saw laptops ranging between $400 and $600 with logins like ?WARROOM08.? We couldn?t log on without a password, but staffers assured us the hard drive would be zapped before it was sold, and the computer would probably work. The hottest item? Blackberry phones at $20 a piece. There were only 10 left. All of the batteries had died. There were no chargers for sale. But people were snatching them up. So, we bought a couple. And ended up with a lot more than we bargained for. When we charged them up in the newsroom, we found one of the $20 Blackberry phones contained more than 50 phone numbers for people connected with the McCain-Palin campaign, as well as hundreds of emails from early September until a few days after election night. We traced the Blackberry back to a staffer who worked for ?Citizens for McCain,? a group of democrats who threw their support behind the Republican nominee. The emails contain an insider?s look at how grassroots operations work, full of scheduling questions and rallying cries for support. But most of the numbers were private cell phones for campaign leaders, politicians, lobbyists and journalists. We called some of the numbers. ?Somebody made a mistake,? one owner told us. ?People?s numbers and addresses were supposed to be erased.? ?They should have wiped that stuff out,? another said. But he added, ?Given the way the campaign was run, this is not a surprise.? We called the McCain-Palin campaign, who says, ?it was an unfortunate staff error and procedures are being put in place to ensure all information is secure.? But we wonder-- Did we get the only Blackberry with personal campaign information in it? Or did you get one too? Let us know by dropping an email to fox5tips at wttg.com or calling our Fox 5 News Desk at (202) 895-3280. From rforno at infowarrior.org Sat Dec 13 15:11:21 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 13 Dec 2008 10:11:21 -0500 Subject: [Infowarrior] - Car key blocks mobile phone use while driving Message-ID: Forget trusting your kids, letting them be responsible for their actions, and (gasp!) good parenting. In tech we trust to make their conduct 'acceptable.' I can think of several scenarios where this 'tool' stumbles -- not the least is to switch phones with someone else in the car so the driver is using the phone not registered with the system.....and how does the 'system' know what is and is not an 'emergency' situation to allow the phone to be used? ---rf Car key blocks mobile phone use while driving Dec 12 07:46 PM US/Eastern New Device Prevents Teens From Texting While Driving A pair of US inventors are bringing to market a computerized car key that prevents people from chatting on mobile telephones or sending text messages while driving. Key2SafeDriving adds to a trend of using technology to thwart speeding, drunken driving, and other risky behavior proven to ramp-up the odds of crashing. Once slipped into a car's ignition, the key created by US university researcher Xuesong Zhou and Dr. Wallace Curry sends a wireless signal to a driver's mobile phone blocking calls or texting. "If you're in driving mode, you can't talk or text -- period," a character tells a friend trying in vain to send a text message while driving a car in a YouTube video demonstrating how the keys work. The keys are being pitched as a way for parents to stop teenage children from focusing attention on beloved mobile telephones instead of traffic. A growing number US states are enacting laws against teenagers using mobile telephones while driving. Traffic statistics support arguments that mobile telephones are on par with alcohol use when it comes to hurting judgment and reaction times of drivers. In October, Ford Motor Co. unveiled a "MyKey" device which allows parents to control how fast their teenagers drive, limits the volume on the car radio and makes sure their seat belts are fastened. Ford said that it will be a standard feature starting next year on the 2010 Ford Focus and other Ford, Lincoln and Mercury models. Global Positioning System devices have been on the market for some time which allow parents to monitor the every move of their teenage driver. Technology used to thwart drunken driving includes preventing car engines from starting until aspiring motorists have passed dashboard breath-alcohol tests or reaction-time tests on mobile phones. Copyright AFP 2008, AFP stories and photos shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium From rforno at infowarrior.org Sat Dec 13 15:12:43 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 13 Dec 2008 10:12:43 -0500 Subject: [Infowarrior] - URL: Car key blocks mobile phone use while driving Message-ID: <7E092E0E-9C2F-46CE-80B5-E38E2A35EFAA@infowarrior.org> Ooops - here's the link. Car key blocks mobile phone use while driving http://www.breitbart.com/article.php?id=081212234616.amcm37lv&show_article=1 Forget trusting your kids, letting them be responsible for their actions, and (gasp!) good parenting. In tech we trust to make their conduct 'acceptable.' I can think of several scenarios where this 'tool' stumbles -- not the least is to switch phones with someone else in the car so the driver is using the phone not registered with the system.....and how does the 'system' know what is and is not an 'emergency' situation to allow the phone to be used? ---rf From rforno at infowarrior.org Sun Dec 14 03:51:17 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 13 Dec 2008 22:51:17 -0500 Subject: [Infowarrior] - tor2web: Tor-based webhosting Message-ID: <4F676A6B-14E9-4432-B4A7-DAF6EA723F6D@infowarrior.org> http://tor2web.com/ Not only a network that lets you browse the Internet anonymously, Tor contains anonymously published webpages identified by a '.onion' URL. Tor2web enables regular Internet users to access pages anonymously published within Tor. What tor2web does for you 1. Tells the world that you can put all of your unruly, spicy content online with impunity by hosting on a Tor hidden service. It's free too! 2. Allows the world to read and spread your disruptive content as easily as browsing the web. No installation required. (It also lets you surf-around for interesting stuff in .onion) WARNING: tor2web does NOT protect readers, only publishers. Readers using tor2web do not have the level of anonymity, confidentiality, and authentication that they have when using a Tor client. Tor2web trades security for convenience. If you're a reader and want the extra security, install Tor. From rforno at infowarrior.org Sun Dec 14 15:03:23 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 14 Dec 2008 10:03:23 -0500 Subject: [Infowarrior] - Google cranks up the Consensus Engine Message-ID: <71031D6C-A678-4A68-B3AF-8A633CDD04B3@infowarrior.org> Original URL: http://www.theregister.co.uk/2008/12/12/googlewashing_revisited/ Google cranks up the Consensus Engine Manufacturing isn't dead - it just went to Mountain View By Andrew Orlowski (andrew.orlowski at theregister.co.uk) Posted in Music and Media, 12th December 2008 19:38 GMT Google this week admitted that its staff will pick and choose what appears in its search results. It's a historic statement - and nobody has yet grasped its significance. Not so very long ago, Google disclaimed responsibility for its search results by explaining that these were chosen by a computer algorithm. The disclaimer lives on at Google News, where we are assured that: The selection and placement of stories on this page were determined automatically by a computer program. A few years ago, Google's apparently unimpeachable objectivity got some people very excited (http://www.internetisshit.org/2.php), and technology utopians began to herald Google as the conduit for a new form of democracy. Google was only too pleased to encourage this view. It explained that its algorithm "relies on the uniquely democratic nature of the web by using its vast link structure as an indicator of an individual page's value. " That Google was impartial was one of the articles of faith. For if Google was ever to be found to be applying subjective human judgment directly on the process, it would be akin to the voting machines being rigged. For these soothsayers of the Hive Mind, the years ahead looked prosperous. As blog-aware marketing and media consultants, they saw a lucrative future in explaining the New Emergent World Order to the uninitiated. (That part has come true - Web 2.0 "gurus" now advise large media companies). It wasn't surprising, then, that when five years ago I described how a small, self-selected number of people could rig Google's search results (http://www.theregister.co.uk/2003/04/03/antiwar_slogan_coined_repurposed/ ), the reaction from the people doing the rigging was violently antagonistic. Who lifted that rock? they cried. But what was once Googlewashing by a select few now has Google's active participation. This week Marissa Meyer explained that editorial judgments will play a key role in Google searches. It was reported by Tech Crunch proprietor Michael Arrington - who Nick Carr called the "Madam of the Web 2.0 Brothel" - but its significance wasn't noted. The irony flew safely over his head at 30,000 feet. Arrington observed: Mayer also talked about Google?s use of user data created by actions on Wiki search to improve search results on Google in general. For now that data is not being used to change overall search results, she said. But in the future it?s likely Google will use the data to at least make obvious changes. An example is if ?thousands of people? were to knock a search result off a search page, they?d be likely to make a change. Now what, you may be thinking, is an "obvious change"? Is it one that is frivolous? (Thereby introducing a Google Frivolitimeter? [Beta]). Or is it one that goes against the grain of the consensus? If so, then who decides what the consensus must be? Make no mistake, Google is moving into new territory: not only making arbitrary, editorial choices - really no different to Fox News, say, or any other media organization. It's now in the business of validating and manufacturing consent: not only reporting what people say, but how you should think. Who's hand is upon the wheel, here? None of this would matter, if it wasn't for one other trend: a paralysing loss of confidence in media companies. Old media is hooked on the drug that kills it Today, the media organisations look to Google to explain what is really happening in the world. Convinced that they can't lead, the only option left is to follow. So they reflect ourselves - or more accurately, they reflect the unstinting efforts of small self- selecting pockets of activists - back at us. In the absence of editorial confidence, Google - the Monster that threatens to Eat The Media - now defines the purpose of the media. All media companies need do is "tap into the zeitgeist" - Google Zeitgeist?! Take this example from a quality British broadsheet. One journalist on the paper lamented that: ...it's becoming all too clear at The Telegraph, whose online business plan seems to be centred on chasing hits through Google by rehashing and rewriting stories that people are already interested in. The digital director of the Telegraph recently suggested the newspaper could work even closer with Google... by subsuming its identity into the Ad Giant. Why couldn't The Telegraph run off a telegraph.google.com domain and allow Google to take care of all the technology? he mused (http://www.guardian.co.uk/media/greenslade/2008/sep/18/uk ). Not all companies have the same suicidal lack of foresight as The Telegraph's resident guru - but many share the same apocalyptic conclusion. Today, Google's cute little explanation of being "uniquely democratic" is no longer present on that page. A subtly different explanation has taken its place - one which acknowledges that in the new democracy of Web 2.0, some votes are more equal than others. PageRank also considers the importance of each page that casts a vote, as votes from some pages are considered to have greater value, thus giving the linked page greater value. We have always taken a pragmatic approach to help improve search quality and create useful products, and our technology uses the collective intelligence of the web to determine a page's importance. Google's New Age motto Picture culled from Google's 2006 analyst presentation So you see, it's not rigged! How could Google "rig" a system that only reflects our finest and most noble sentiments back at us - mediated by a technocratic priesthood of unquestionable moral authority? Google has taken Googlewashing in house. ? From rforno at infowarrior.org Mon Dec 15 02:45:02 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 14 Dec 2008 21:45:02 -0500 Subject: [Infowarrior] - NSA Wiretapping: The Fed Who Blew the Whistle Message-ID: <6E397FE7-7CD6-45BE-8F15-BE2643DD851E@infowarrior.org> The Fed Who Blew the Whistle Is he a hero or a criminal? Michael Isikoff NEWSWEEK From the magazine issue dated Dec 22, 2008 http://www.newsweek.com/id/174601/output/print Thomas M. Tamm was entrusted with some of the government's most important secrets. He had a Sensitive Compartmented Information security clearance, a level above Top Secret. Government agents had probed Tamm's background, his friends and associates, and determined him trustworthy. It's easy to see why: he comes from a family of high-ranking FBI officials. During his childhood, he played under the desk of J. Edgar Hoover, and as an adult, he enjoyed a long and successful career as a prosecutor. Now gray-haired, 56 and fighting a paunch, Tamm prides himself on his personal rectitude. He has what his 23-year-old son, Terry, calls a "passion for justice." For that reason, there was one secret he says he felt duty-bound to reveal. In the spring of 2004, Tamm had just finished a yearlong stint at a Justice Department unit handling wiretaps of suspected terrorists and spies?a unit so sensitive that employees are required to put their hands through a biometric scanner to check their fingerprints upon entering. While there, Tamm stumbled upon the existence of a highly classified National Security Agency program that seemed to be eavesdropping on U.S. citizens. The unit had special rules that appeared to be hiding the NSA activities from a panel of federal judges who are required to approve such surveillance. When Tamm started asking questions, his supervisors told him to drop the subject. He says one volunteered that "the program" (as it was commonly called within the office) was "probably illegal." Tamm agonized over what to do. He tried to raise the issue with a former colleague working for the Senate Judiciary Committee. But the friend, wary of discussing what sounded like government secrets, shut down their conversation. For weeks, Tamm couldn't sleep. The idea of lawlessness at the Justice Department angered him. Finally, one day during his lunch hour, Tamm ducked into a subway station near the U.S. District Courthouse on Pennsylvania Avenue. He headed for a pair of adjoining pay phones partially concealed by large, illuminated Metro maps. Tamm had been eyeing the phone booths on his way to work in the morning. Now, as he slipped through the parade of midday subway riders, his heart was pounding, his body trembling. Tamm felt like a spy. After looking around to make sure nobody was watching, he picked up a phone and called The New York Times. That one call began a series of events that would engulf Washington? and upend Tamm's life. Eighteen months after he first disclosed what he knew, the Times reported that President George W. Bush had secretly authorized the NSA to intercept phone calls and e-mails of individuals inside the United States without judicial warrants. The drama followed a quiet, separate rebellion within the highest ranks of the Justice Department concerning the same program. (James Comey, then the deputy attorney general, together with FBI head Robert Mueller and several other senior Justice officials, threatened to resign.) President Bush condemned the leak to the Times as a "shameful act." Federal agents launched a criminal investigation to determine the identity of the culprit. The story of Tamm's phone call is an untold chapter in the history of the secret wars inside the Bush administration. The New York Times won a Pulitzer Prize for its story. The two reporters who worked on it each published books. Congress, after extensive debate, last summer passed a major new law to govern the way such surveillance is conducted. But Tamm?who was not the Times's only source, but played the key role in tipping off the paper?has not fared so well. The FBI has pursued him relentlessly for the past two and a half years. Agents have raided his house, hauled away personal possessions and grilled his wife, a teenage daughter and a grown son. More recently, they've been questioning Tamm's friends and associates about nearly every aspect of his life. Tamm has resisted pressure to plead to a felony for divulging classified information. But he is living under a pall, never sure if or when federal agents might arrest him. Exhausted by the uncertainty clouding his life, Tamm now is telling his story publicly for the first time. "I thought this [secret program] was something the other branches of the government?and the public?ought to know about. So they could decide: do they want this massive spying program to be taking place?" Tamm told NEWSWEEK, in one of a series of recent interviews that he granted against the advice of his lawyers. "If somebody were to say, who am I to do that? I would say, 'I had taken an oath to uphold the Constitution.' It's stunning that somebody higher up the chain of command didn't speak up." Tamm concedes he was also motivated in part by his anger at other Bush- administration policies at the Justice Department, including its aggressive pursuit of death-penalty cases and the legal justifications for "enhanced" interrogation techniques that many believe are tantamount to torture. But, he insists, he divulged no "sources and methods" that might compromise national security when he spoke to the Times. He told reporters Eric Lichtblau and James Risen nothing about the operational details of the NSA program because he didn't know them, he says. He had never been "read into," or briefed, on the details of the program. All he knew was that a domestic surveillance program existed, and it "didn't smell right." (Justice spokesman Dean Boyd said the department had no comment on any aspect of this story. Lichtblau said, "I don't discuss the identities of confidential sources ? Nearly a dozen people whom we interviewed agreed to speak with us on the condition of anonymity because of serious concerns about the legality and oversight of the secret program." Risen had no comment.) Still, Tamm is haunted by the consequences of what he did?and what could yet happen to him. He is no longer employed at Justice and has been struggling to make a living practicing law. He does occasional work for a local public defender's office, handles a few wills and estates?and is more than $30,000 in debt. (To cover legal costs, he recently set up a defense fund.) He says he has suffered from depression. He also realizes he made what he calls "stupid" mistakes along the way, including sending out a seemingly innocuous but fateful e-mail from his Justice Department computer that may have first put the FBI on his scent. Soft-spoken and self-effacing, Tamm has an impish smile and a wry sense of humor. "I guess I'm not a very good criminal," he jokes. At times during his interviews with NEWSWEEK, Tamm would stare into space for minutes, silently wrestling with how to answer questions. One of the most difficult concerned the personal ramifications of his choice. "I didn't think through what this could do to my family," he says. Tamm's story is in part a cautionary tale about the perils that can face all whistleblowers, especially those involved in national- security programs. Some Americans will view him as a hero who (like Daniel Ellsberg and perhaps Mark Felt, the FBI official since identified as Deep Throat) risked his career and livelihood to expose wrongdoing at the highest levels of government. Others?including some of his former colleagues?will deride Tamm as a renegade who took the law into his own hands and violated solemn obligations to protect the nation's secrets. "You can't have runoffs deciding they're going to be the white knight and running to the press," says Frances Fragos Townsend, who once headed the unit where Tamm worked and later served as President Bush's chief counterterrorism adviser. Townsend made clear that she had no knowledge of Tamm's particular case, but added: "There are legal processes in place [for whistle-blowers' complaints]. This is one where I'm a hawk. It offends me, and I find it incredibly dangerous." Tamm understands that some will see his conduct as "treasonous." But still, he says he has few regrets. If he hadn't made his phone call to the Times, he believes, it's possible the public would never have learned about the Bush administration's secret wiretapping program. "I don't really need anybody to feel sorry for me," he wrote in a recent e-mail to NEWSWEEK. "I chose what I did. I believed in what I did." If the government were drawing up a profile of a national-security leaker, Tamm would seem one of the least likely suspects. He grew up in the shadow of J. Edgar Hoover's FBI. Tamm's uncle, Edward Tamm, was an important figure in the bureau's history. He was once a top aide to Hoover and regularly briefed President Franklin Roosevelt on domestic intelligence matters. He's credited in some bureau histories with inventing (in 1935) not only the bureau's name, but its official motto: Fidelity, Bravery, Integrity. Tamm's father, Quinn Tamm, was also a high-ranking bureau official. He too was an assistant FBI director under Hoover, and at one time he headed up the bureau's crime lab. Tamm's mother, Ora Belle Tamm, was a secretary at the FBI's identification division. When Thomas Tamm was a toddler, he crawled around Hoover's desk during FBI ceremonies. (He still remembers his mother fretting that his father might get in trouble for it.) As an 8-year-old, Tamm and his family watched John F. Kennedy's Inaugural parade down Pennsylvania Avenue from the balcony of Hoover's office, then located at the Justice Department. Tamm's brother also served for years as an FBI agent and later worked as an investigator for the 9/11 Commission. (He now works for a private consulting firm.) Tamm himself, after graduating from Brown University in 1974 and Georgetown Law three years later, chose a different path in law enforcement. He joined the state's attorney's office in Montgomery County, Md. (He was also, for a while, the chairman of the county chapter of the Young Republicans.) Tamm eventually became a senior trial attorney responsible for prosecuting murder, kidnapping and sexual-assault cases. Andrew Sonner, the Democratic state's attorney at the time, says that Tamm was an unusually gifted prosecutor who knew how to connect with juries, in part by "telling tales" that explained his case in a way that ordinary people could understand. "He was about as good before a jury as anybody that ever worked for me," says Sonner, who later served as an appellate judge in Maryland. In 1998, Tamm landed a job at the Justice Department's Capital Case Unit, a new outfit within the criminal division that handled prosecutions that could bring the federal death penalty. A big part of his job was to review cases forwarded by local U.S. Attorneys' Offices and make recommendations about whether the government should seek execution. Tamm would regularly attend meetings with Attorney General Janet Reno, who was known for asking tough questions about the evidence in such cases?a rigorous approach that Tamm admired. In July 2000, at a gala Justice Department ceremony, Reno awarded Tamm and seven colleagues in his unit the John Marshall Award, one of the department's highest honors. After John Ashcroft took over as President Bush's attorney general the next year, Tamm became disaffected. The Justice Department began to encourage U.S. attorneys to seek the death penalty in as many cases as possible. Instead of Reno's skepticism about recommendations to seek death, the capital-case committee under Ashcroft approved them with little, if any, challenge. "It became a rubber stamp," Tamm says. This bothered him, though there was nothing underhanded about it. Bush had campaigned as a champion of the death penalty. Ashcroft and the new Republican leadership of the Justice Department advocated its use as a matter of policy. Tamm's alienation grew in 2002 when he was assigned to assist on one especially high-profile capital case?the prosecution of Zacarias Moussaoui, a Qaeda terrorist arrested in Minnesota who officials initially (and wrongly) believed might have been the "20th hijacker" in the September 11 plot. Tamm's role was to review classified CIA cables about the 9/11 plot to see if there was any exculpatory information that needed to be relinquished to Moussaoui's lawyers. While reviewing the cables, Tamm says, he first spotted reports that referred to the rendition of terror suspects to countries like Egypt and Morocco, where aggressive interrogation practices banned by American law were used. It appeared to Tamm that CIA officers knew "what was going to happen to [the suspects]"?that the government was indirectly participating in abusive interrogations that would be banned under U.S. law. But still, Tamm says he was fully committed to the prosecution of the war on terror and wanted to play a bigger role in it. So in early 2003, he applied and was accepted for transfer to the Office of Intelligence Policy and Review (OIPR), probably the most sensitive unit within the Justice Department. It is the job of OIPR lawyers to request permission for national-security wiretaps. These requests are made at secret hearings of the Foreign Intelligence Surveillance Court, a body composed of 11 rotating federal judges. Congress created the FISA court in 1978 because of well-publicized abuses by the intelligence community. It was designed to protect the civil liberties of Americans who might come under suspicion. The court's role was to review domestic national-security wiretaps to make sure there was "probable cause" that the targets were "agents of a foreign power"?either spies or operatives of a foreign terrorist organization. The law creating the court, called the Foreign Intelligence Surveillance Act, made it a federal crime?punishable by up to five years in prison?for any official to engage in such surveillance without following strict rules, including court approval. But after arriving at OIPR, Tamm learned about an unusual arrangement by which some wiretap requests were handled under special procedures. These requests, which could be signed only by the attorney general, went directly to the chief judge and none other. It was unclear to Tamm what was being hidden from the other 10 judges on the court (as well as the deputy attorney general, who could sign all other FISA warrants). All that Tamm knew was that the "A.G.-only" wiretap requests involved intelligence gleaned from something that was obliquely referred to within OIPR as "the program." The program was in fact a wide range of covert surveillance activities authorized by President Bush in the aftermath of 9/11. At that time, White House officials, led by Vice President Dick Cheney, had become convinced that FISA court procedures were too cumbersome and time- consuming to permit U.S. intelligence and law-enforcement agencies to quickly identify possible Qaeda terrorists inside the country. (Cheney's chief counsel, David Addington, referred to the FISA court in one meeting as that "obnoxious court," according to former assistant attorney general Jack Goldsmith.) Under a series of secret orders, Bush authorized the NSA for the first time to eavesdrop on phone calls and e-mails between the United States and a foreign country without any court review. The code name for the NSA collection activities?unknown to all but a tiny number of officials at the White House and in the U.S. intelligence community?was "Stellar Wind." The NSA identified domestic targets based on leads that were often derived from the seizure of Qaeda computers and cell phones overseas. If, for example, a Qaeda cell phone seized in Pakistan had dialed a phone number in the United States, the NSA would target the U.S. phone number?which would then lead agents to look at other numbers in the United States and abroad called by the targeted phone. Other parts of the program were far more sweeping. The NSA, with the secret cooperation of U.S. telecommunications companies, had begun collecting vast amounts of information about the phone and e-mail records of American citizens. Separately, the NSA was also able to access, for the first time, massive volumes of personal financial records?such as credit-card transactions, wire transfers and bank withdrawals?that were being reported to the Treasury Department by financial institutions. These included millions of "suspicious-activity reports," or SARS, according to two former Treasury officials who declined to be identified talking about sensitive programs. (It was one such report that tipped FBI agents to former New York governor Eliot Spitzer's use of prostitutes.) These records were fed into NSA supercomputers for the purpose of "data mining"?looking for links or patterns that might (or might not) suggest terrorist activity. But all this created a huge legal quandary. Intelligence gathered by the extralegal phone eavesdropping could never be used in a criminal court. So after the NSA would identify potential targets inside the United States, counterterrorism officials would in some instances try to figure out ways to use that information to get legitimate FISA warrants?giving the cases a judicial stamp of approval. It's unclear to what extent Tamm's office was aware of the origins of some of the information it was getting. But Tamm was puzzled by the unusual procedures?which sidestepped the normal FISA process?for requesting wiretaps on cases that involved program intelligence. He began pushing his supervisors to explain what was going on. Tamm says he found the whole thing especially curious since there was nothing in the special "program" wiretap requests that seemed any different from all the others. They looked and read the same. It seemed to Tamm there was a reason for this: the intelligence that came from the program was being disguised. He didn't understand why. But whenever Tamm would ask questions about this within OIPR, "nobody wanted to talk about it." At one point, Tamm says, he approached Lisa Farabee, a senior counsel in OIPR who reviewed his work, and asked her directly, "Do you know what the program is?" According to Tamm, she replied: "Don't even go there," and then added, "I assume what they are doing is illegal." Tamm says his immediate thought was, "I'm a law-enforcement officer and I'm participating in something that is illegal?" A few weeks later Tamm bumped into Mark Bradley, the deputy OIPR counsel, who told him the office had run into trouble with Colleen Kollar-Kotelly, the chief judge on the FISA court. Bradley seemed nervous, Tamm says. Kollar- Kotelly had raised objections to the special program wiretaps, and "the A.G.-only cases are being shut down," Bradley told Tamm. He then added, "This may be [a time] the attorney general gets indicted," according to Tamm. (Told of Tamm's account, Justice spokesman Boyd said that Farabee and Bradley "have no comment for your story.") One official who was aware of Kollar-Kotelly's objections was U.S. Judge Royce C. Lamberth, a former chief of the FISA court. Lamberth tells NEWSWEEK that when the NSA program began in October 2001, he was not informed. But the then chief of OIPR, James Baker, discovered later that year that program intelligence was being used in FISA warrants?and he raised concerns. At that point, Lamberth was called in for a briefing by Ashcroft and Gen. Michael Hayden, the NSA chief at the time. Lamberth made clear to Ashcroft that NSA program intelligence should no longer be allowed in any FISA warrant applications without his knowledge. If it did appear, Lamberth warned, he would be forced to rule on the legality of what the administration was doing, potentially setting off a constitutional clash about the secret program. Lamberth stepped down as chief FISA judge when his term ended in May 2002, but Kollar-Kotelly asked him to continue as an adviser about matters relating to the program. In early 2004, Kollar-Kotelly thought something was amiss. According to Lamberth, she had concerns that the intelligence community, after collecting information on U.S. citizens without warrants, was again attempting to launder that intelligence through her court?without her knowledge. She "had begun to suspect that they were back-dooring information from the program into" FISA applications, Lamberth tells NEWSWEEK. Kollar-Kotelly drew the line and wouldn't permit it. "She was as tough as I was," says Lamberth, who had once barred a top FBI agent from his court when he concluded the bureau hadn't been honest about FISA applications. "She was going to know what she was signing off on before she signed off ? I was proud of her." (Kollar-Kotelly declined to speak with NEWSWEEK.) Unbeknownst to Tamm, something else was going on at the Justice Department during this period. A new assistant attorney general, a law professor named Jack Goldsmith, had challenged secret legal opinions justifying the NSA surveillance program. (The controversial opinions, written by a young and very conservative legal scholar named John Yoo, had concluded that President Bush had broad executive authority during wartime to override laws passed by Congress and order the surveillance of U.S. citizens.) James Comey, the deputy attorney general, had agreed with Goldsmith and refused to sign off on a renewal of the domestic NSA program in March 2004. Attorney General Ashcroft was in the hospital at the time. The White House first tried to get an extremely ill Ashcroft, drugged and woozy, to overrule Comey, and then, after he refused, President Bush ordered the program to continue anyway. Comey, in turn, drafted a resignation letter. He described the situation he was confronting as "apocalyptic" and then added, "I and the Justice Department have been asked to be part of something that is fundamentally wrong," according to a copy of the letter quoted in "Angler," a book by Washington Post reporter Barton Gellman. Tamm?who had no knowledge of the separate rebellion within the ranks of the Justice Department?decided independently to get in touch with Sandra Wilkinson, a former colleague of his on the Capital Case Unit who had been detailed to work on the Senate Judiciary Committee. He met with Wilkinson for coffee in the Senate cafeteria, where he laid out his concerns about the program and the unusual procedures within OIPR. "Look, the government is doing something weird here," he recalls saying. "Can you talk to somebody on the intelligence committee and see if they know about this?" Some weeks passed, and Tamm didn't hear back. So he e-mailed Wilkinson from his OIPR computer (not a smart move, he would later concede) and asked if they could get together again for coffee. This time, when they got together, Wilkinson was cool, Tamm says. What had she learned about the program? "I can't say," she replied and urged him to drop the subject. "Well, you know, then," he says he replied, "I think my only option is to go to the press." (Wilkinson would not respond to phone calls from NEWSWEEK, and her lawyer says she has nothing to say about the matter.) The next few weeks were excruciating. Tamm says he consulted with an old law-school friend, Gene Karpinski, then the executive director of a public-interest lobbying group. He asked about reporters who might be willing to pursue a story that involved wrongdoing in a national- security program, but didn't tell him any details. (Karpinski, who has been questioned by the FBI and has hired a lawyer, declined to comment.) Tamm says he initially considered contacting Seymour Hersh, the investigative reporter for The New Yorker, but didn't know where to reach him. He'd also noticed some strong stories by Eric Lichtblau, the New York Times reporter who covered the Justice Department?and with a few Google searches tracked down his phone number. Tamm at this point had transferred out of OIPR at his own initiative, and moved into a new job at the U.S. Attorney's Office. He says he "hated" the desk work at OIPR and was eager to get back into the courtroom prosecuting cases. His new offices were just above Washington's Judiciary Square Metro stop. When he went to make the call to the Times, Tamm said, "My whole body was shaking." Tamm described himself to Lichtblau as a "former" Justice employee and called himself "Mark," his middle name. He said he had some information that was best discussed in person. He and Lichtblau arranged to meet for coffee at Olsson's, a now shuttered bookstore near the Justice Department. After Tamm hung up the phone, he was struck by the consequences of what he had just done. "Oh, my God," he thought. "I can't talk to anybody about this." An even more terrifying question ran through his mind. He thought back to his days at the capital-case squad and wondered if disclosing information about a classified program could earn him the death penalty. In his book, "Bush's Law: The Remaking of American Justice," Lichtblau writes that he first got a whiff of the NSA surveillance program during the spring of 2004 when he got a cold call from a "walk-in" source who was "agitated about something going on in the intelligence community." Lichtblau wrote that his source was wary at first. The source did not know precisely what was going on?he was, in fact, maddeningly vague, the reporter wrote. But after they got together for a few meetings ("usually at a bookstore or coffee shops in the shadows of Washington's power corridors") his source's "credibility and his bona fides became clear and his angst appeared sincere." The source told him of turmoil within the Justice Department concerning counterterrorism operations and the FISA court. "Whatever is going on, there's even talk Ashcroft could be indicted," the source told Lichtblau, according to his book. Tamm grew frustrated when the story did not immediately appear. He was hoping, he says, that Lichtblau and his partner Risen (with whom he also met) would figure out on their own what the program was really all about and break it before the 2004 election. He was, by this time, "pissed off" at the Bush administration, he says. He contributed $300 to the Democratic National Committee in September 2004, according to campaign finance records. It wasn't until more than a year later that the paper's executive editor, Bill Keller, rejecting a personal appeal and warning by President Bush, gave the story a green light. (Bush had warned "there'll be blood on your hands" if another attack were to occur.) BUSH LETS U.S. SPY ON CALLERS WITHOUT COURTS, read the headline in the paper's Dec. 16, 2005, edition. The story?which the Times said relied on "nearly a dozen current and former officials"?had immediate repercussions. Democrats, including the then Sen. Barack Obama, denounced the Bush administration for violating the FISA law and demanded hearings. James Robertson, one of the judges on the FISA court, resigned. And on Dec. 30, the Justice Department announced that it was launching a criminal investigation to determine who had leaked to the Times. Not long afterward, Tamm says, he started getting phone calls at his office from Jason Lawless, the hard-charging FBI agent in charge of the case. The calls at first seemed routine. Lawless was simply calling everybody who had worked at OIPR to find out what they knew. But Tamm ducked the calls; he knew that the surest way to get in trouble in such situations was to lie to an FBI agent. Still, he grew increasingly nervous. The calls continued. Finally, one day, Lawless got him on the phone. "This will just take a few minutes," Lawless said, according to Tamm's account. But Tamm told the agent that he didn't want to be interviewed?and he later hired a lawyer. (The FBI said that Lawless would have no comment.) In the months that followed, Tamm learned he was in even more trouble. He suspected the FBI had accessed his former computer at OIPR and recovered the e-mail he had sent to Wilkinson. The agents tracked her down and questioned her about her conversations with Tamm. By this time, Tamm was in the depths of depression. He says he had trouble concentrating on his work at the U.S. Attorney's Office and ignored some e-mails from one of his supervisors. He was accused of botching a drug case. By mutual agreement, he resigned in late 2006. He was out of a job and squarely in the sights of the FBI. Nevertheless, he began blogging about the Justice Department for liberal Web sites. Early on the morning of Aug. 1, 2007, 18 FBI agents?some of them wearing black flak jackets and carrying guns?showed up unannounced at Tamm's redbrick colonial home in Potomac, Md., with a search warrant. While his wife, wearing her pajamas, watched in horror, the agents marched into the house, seized Tamm's desktop computer, his children's laptops, his private papers, some of his books (including one about Deep Throat) and his family Christmas-card list. Terry Tamm, the lawyer's college-age son, was asleep at the time and awoke to find FBI agents entering his bedroom. He was escorted downstairs, where, he says, the agents arranged him, his younger sister and his mother around the kitchen table and questioned them about their father. (Thomas Tamm had left earlier that morning to drive his younger son to summer school and to see a doctor about a shoulder problem.) "They asked me questions like 'Are there any secret rooms or compartments in the house'?" recalls Terry. "Or did we have a safe? They asked us if any New York Times reporters had been to the house. We had no idea why any of this was happening." Tamm says he had never told his wife and family about what he had done. After the raid, Justice Department prosecutors encouraged Tamm to plead guilty to a felony for disclosing classified information?an offer he refused. More recently, Agent Lawless, a former prosecutor from Tennessee, has been methodically tracking down Tamm's friends and former colleagues. The agent and a partner have asked questions about Tamm's associates and political meetings he might have attended, apparently looking for clues about his motivations for going to the press, according to three of those interviewed. In the meantime, Tamm lives in a perpetual state of limbo, uncertain whether he's going to be arrested at any moment. He could be charged with violating two laws, one concerning the disclosure of information harmful to "the national defense," the other involving "communications intelligence." Both carry penalties of up to 10 years in prison. "This has been devastating to him," says Jeffrey Taylor, an old law-school friend of Tamm's. "It's just been hanging over his head for such a long time ? Sometimes Tom will just zone out. It's like he goes off in a special place. He's sort of consumed with this because he doesn't know where it's going." Taylor got a few clues into what the case was about last September when Agent Lawless and a partner visited him. The FBI agents sat in his office for more than an hour, asking what he knew about Tamm. The agents even asked about Tamm's participation in a political lunch group headed by his former boss, Andrew Sonner, that takes place once a month at a Rockville, Md., restaurant. "What does that have to do with anything?" Taylor asked. Agent Lawless explained. "This kind of activity"?leaking to the news media?"can be motivated by somebody who is a do-gooder who thinks that something wrong occurred," Lawless said, according to Taylor. "Or it could be politically motivated by somebody who wants to cause harm." If it was the former?if Tamm was a "do-gooder"?the government could face a problem if it tried to bring a case to trial. The jurors might sympathize with Tamm and "you'd face jury nullification," said Lawless, according to Taylor, referring to a situation in which a jury refuses to convict a defendant regardless of the law. Just this month, Lawless and another agent questioned Sonner, the retired judge who had served as a mentor to Tamm. The agents wanted to know if Tamm had ever confided in Sonner about leaking to the Times. Sonner said he hadn't, but he told the agents what he thought of their probe. "I told them I thought operating outside of the FISA law was one of the biggest injustices of the Bush administration," says Sonner. If Tamm helped blow the whistle, "I'd be proud of him for doing that." Paul Kemp, one of Tamm's lawyers, says he was recently told by the Justice Department prosecutor in charge of Tamm's case that there will be no decision about whether to prosecute until next year?after the Obama administration takes office. The case could present a dilemma for the new leadership at Justice. During the presidential campaign, Obama condemned the warrantless-wiretapping program. So did Eric Holder, Obama's choice to become attorney general. In a tough speech last June, Holder said that Bush had acted "in direct defiance of federal law" by authorizing the NSA program. Tamm's lawyers say his case should be judged in that light. "When I looked at this, I was convinced that the action he took was based on his view of a higher responsibility," says Asa Hutchinson, the former U.S. attorney in Little Rock and under secretary of the Department of Homeland Security who is assisting in Tamm's defense. "It reflected a lawyer's responsibility to protect the rule of law." Hutchinson also challenged the idea?argued forcefully by other Bush administration officials at the time?that The New York Times story undermined the war on terror by tipping off Qaeda terrorists to surveillance. "Anybody who looks at the overall result of what happened wouldn't conclude there was any harm to the United States," he says. After reviewing all the circumstances, Hutchinson says he hopes the Justice Department would use its "discretion" and drop the investigation. In judging Tamm's actions?his decision to reveal what little he knew about a secret domestic spying program that still isn't completely known?it can be hard to decipher right from wrong. Sometimes the thinnest of lines separates the criminal from the hero. URL: http://www.newsweek.com/id/174601 From rforno at infowarrior.org Mon Dec 15 05:23:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Dec 2008 00:23:34 -0500 Subject: [Infowarrior] - Pew Report: PII Future of the Internet 3 Message-ID: The Future of the Internet III A survey of experts shows they expect major tech advances as the phone becomes a primary device for online access, voice-recognition improves, and the structure of the Internet itself improves. They disagree about whether this will lead to more social tolerance, more forgiving human relations, or better home lives. December 14, 2008 Janna Quitney Anderson, Elon University Lee Rainie, Director, Pew Internet & American Life Project PDF Report @ http://www.pewinternet.org/pdfs/PIP_FutureInternet3.pdf From rforno at infowarrior.org Mon Dec 15 05:25:17 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Dec 2008 00:25:17 -0500 Subject: [Infowarrior] - Google Wants Its Own Fast Track on the Web Message-ID: Google Wants Its Own Fast Track on the Web By VISHESH KUMAR and CHRISTOPHER RHOADS http://online.wsj.com/article/SB122929270127905065.html The celebrated openness of the Internet -- network providers are not supposed to give preferential treatment to any traffic -- is quietly losing powerful defenders. Google Inc. has approached major cable and phone companies that carry Internet traffic with a proposal to create a fast lane for its own content, according to documents reviewed by The Wall Street Journal. Google has traditionally been one of the loudest advocates of equal network access for all content providers. At risk is a principle known as network neutrality: Cable and phone companies that operate the data pipelines are supposed to treat all traffic the same -- nobody is supposed to jump the line. But phone and cable companies argue that Internet content providers should share in their network costs, particularly with Internet traffic growing by more than 50% annually, according to estimates. Carriers say that to keep up with surging traffic, driven mainly by the proliferation of online video, they need to boost revenue to upgrade their networks. Charging companies for fast lanes is one option. One major cable operator in talks with Google says it has been reluctant so far to strike a deal because of concern it might violate Federal Communications Commission guidelines on network neutrality. "If we did this, Washington would be on fire," says one executive at the cable company who is familiar with the talks, referring to the likely reaction of regulators and lawmakers. Separately, Microsoft Corp. and Yahoo Inc. have withdrawn quietly from a coalition formed two years ago to protect network neutrality. Each company has forged partnerships with the phone and cable companies. In addition, prominent Internet scholars, some of whom have advised President-elect Barack Obama on technology issues, have softened their views on the subject. The contentious issue has wide ramifications for the Internet as a platform for new businesses. If companies like Google succeed in negotiating preferential treatment, the Internet could become a place where wealthy companies get faster and easier access to the Web than less affluent ones, according to advocates of network neutrality. That could choke off competition, they say. For computer users, it could mean that Web sites by companies not able to strike fast-lane deals will respond more slowly than those by companies able to pay. In the worst-case scenario, the Internet could become a medium where large companies, such as Comcast Corp. in cable television, would control both distribution and content -- and much of what users can access, according to neutrality advocates. The developments could test Mr. Obama's professed commitment to network neutrality. "The Internet is perhaps the most open network in history, and we have to keep it that way," he told Google employees a year ago at the company's Mountain View, Calif., campus. "I will take a back seat to no one in my commitment to network neutrality." [Barack Obama] Barack Obama But Lawrence Lessig, an Internet law professor at Stanford University and an influential proponent of network neutrality, recently shifted gears by saying at a conference that content providers should be able to pay for faster service. Mr. Lessig, who has known President-elect Barack Obama since their days teaching law at the University of Chicago, has been mentioned as a candidate to head the Federal Communications Commission, which regulates the telecommunications industry. The shifting positions concern some purists. "What they're talking about is selling you the right to skip ahead in the line," says Ben Scott, policy director of Free Press, a Washington-based advocacy group. "It would mean the first part of your business plan would be a deal with AT&T to get into their super-tier -- that is anathema to a culture of innovation." Advocates of network neutrality believe it has helped the Internet drive the technology revolution of the past two decades, creating hundreds of thousands of jobs. The concept of network neutrality originated with the phone business. The nation's longtime telephone monopoly, nicknamed Ma Bell, and its regional successors were prohibited from giving any public phone call preference in how quickly it was connected. When the Internet first boomed in the 1990s, content largely traveled via telephone line, and the rule survived by default. 'Dumbpipes' The carriers picked up the unflattering nickname "dumbpipes," underscoring their strict noninterference in the Internet traffic surging over their networks. The name heightened resentment among the carriers toward the soaring wealth of the content providers, such as Amazon.com Inc., that couldn't exist without the networks of the telecom and cable companies. In August 2005, amid a deregulatory environment, the FCC weakened network neutrality to a set of four "guiding principles." The step had the effect of making the FCC's power to enforce network neutrality subject to interpretation, emboldening those looking for ways around it. Stirring the waters further, major phone companies including AT&T and Verizon announced they intended to create new fast lanes on the Internet -- and would charge content companies a toll to use it. They claimed Internet companies had been getting a free ride. [heavy traffic] That unleashed a firestorm of criticism. A diverse group including Internet companies Google, Microsoft and Amazon joined the likes of the Christian Coalition, the National Rifle Association and the pop singer Moby in what they characterized as a fight to "save the Internet." The coalition claimed such steps could endanger freedom of speech. Advocates of network neutrality also claimed that dismantling the rule would be the first step toward distributors gaining control over content, since they could dictate traffic according to fees charged to content providers. The fortunes of a certain Web site, in other words, might depend on how much it could pay network providers, rather than on its popularity. That concern would grow if the carriers themselves offer content, which some have tried, with mixed success. AT&T, the country's largest broadband provider, recently launched its own online video service, called VideoCrawler, to compete with YouTube and others. "One way AT&T can win that competition is to give their own video service preferential treatment on their network," says Robert Topolski, a networking engineer based in Portland, Ore. An AT&T spokesman says the company has no plans to give VideoCrawler preferential treatment on its network. Mr. Topolski discovered that Comcast was slowing a video file-sharing service called BitTorrent. That discovery eventually led to sanctions against Comcast by the FCC. Comcast has appealed the decision, arguing the FCC did not have the authority to make such a ruling. In 2006, Microsoft felt strongly enough about the issue that it wrote Congress to declare that saving network neutrality "could dictate whether the U.S. will continue to lead the world in Internet-related technologies." The debate eventually reached a stalemate. Legislation to codify network neutrality failed to pass, and carriers backed off their plans for a tiered Internet. During his presidential campaign, Mr. Obama spoke frequently about the Internet, which was a critical tool in his grass-roots effort to reach new voters, and the importance of network neutrality. "Once providers start to give privilege to some Web sites and applications over others, then the smaller voices get squeezed out," he told Google employees a year ago when he campaigned at the company. "And then we all lose." Obama Advisers But some of those who advise the new president on technology have changed their view on network neutrality. Stanford's Mr. Lessig, for one, has softened his opposition to variable service tiers. At a conference, he argued that carriers won't become kingmakers so long as the faster service at a higher price is available to anyone willing to pay it. "There are good reasons to be able to prioritize traffic," Mr. Lessig said later in an interview. "If everyone had to pay the same rates for postal service, than you wouldn't be able to differentiate between sending a greeting card to your grandma versus sending an overnight letter to your lawyer." Some telecom experts say that broadband is the most profitable service offered by phone and cable companies, and they are simply trying to offset declining revenue from their traditional phone business. In the two years since Google, Microsoft, Amazon and other Internet companies lined up in favor of network neutrality, the landscape has changed. The Internet companies have formed partnerships with phone and cable companies, making them more dependent on one another. Microsoft, which appealed to Congress to save network neutrality just two years ago, has changed its position completely. "Network neutrality is a policy avenue the company is no longer pursuing," Microsoft said in a statement. The Redmond, Wash., software giant now favors legislation to allow network operators to offer different tiers of service to content companies. Microsoft has a deal to provide software for AT&T's Internet television service. A Microsoft spokesman declined to comment whether this arrangement affected the company's position on network neutrality. Amazon's popular digital-reading device, called the Kindle, offers a dedicated, faster download service, an arrangement Amazon has with Sprint. That has prompted questions in the blogosphere about whether the service violates network neutrality. "Amazon continues to support adoption of net neutrality rules to protect the longstanding, fundamental openness of the Internet," Amazon said in a statement. It declined to elaborate on its Kindle arrangement. Amazon had withdrawn from the coalition of companies supporting net neutrality, but it recently was listed once again on the group's Web site. It declined to comment on whether carriers should be allowed to prioritize traffic. Yahoo now has a digital subscriber-line partnership with AT&T. Some have speculated that the deal has caused Yahoo to go silent on the network-neutrality issue. An AT&T spokesman said the company should be able to strike any deal it sees fit with content companies. Yahoo said in a statement that carriers and content companies "should find a consensus on how best to ensure that Americans have access to a world-class Internet." Google Connections Google, with its dominant market position and its perceived ties to the Obama team, may hold the most sway. One of President-elect Obama's most visible supporters during the campaign was Eric Schmidt, Google's chief executive officer. Mr. Schmidt remains an adviser during the transition. [Eric Schmidt] Eric Schmidt Google's proposed arrangement with network providers, internally called OpenEdge, would place Google servers directly within the network of the service providers, according to documents reviewed by the Journal. The setup would accelerate Google's service for users. Google has asked the providers it has approached not to talk about the idea, according to people familiar with the plans. Asked about OpenEdge, Google said only that other companies such as Yahoo and Microsoft could strike similar deals if they desired. But Google's move, if successful, would give it an advantage available to very few. The matter could come to a head quickly. In approving AT&T's 2006 acquisition of Bell South, the FCC made AT&T agree to shelve plans for a fast lane for 30 months. That moratorium expires in the middle of next year. A Democratic lawmaker has already promised new network- neutrality legislation early in 2009. And a new chairman of the FCC could take a stricter position on forcing companies to comply with network neutrality. Richard Whitt, Google's head of public affairs, denies the company's proposal would violate network neutrality. Nevertheless, he says he's unsure how committed President-elect Obama will remain to the principle. "If you look at his plans," says Mr. Whitt, "they are much less specific than they were before." Write to Vishesh Kumar at vishesh.kumar at wsj.com and Christopher Rhoads at christopher.rhoads at wsj.com From rforno at infowarrior.org Mon Dec 15 13:45:19 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Dec 2008 08:45:19 -0500 Subject: [Infowarrior] - UK: 'We need crime breathalysers for PCs' Message-ID: <92AA2372-FE46-42AC-9FE7-758AFE38D702@infowarrior.org> UK police: 'We need crime breathalysers for PCs' By Nick Heath Published: 11 December 2008 15:55 GMT http://www.silicon.com/publicsector/0,3800010403,39363836,00.htm?r=2 UK police are hoping to one day develop a breathalyser-style tool for computers that could instantly flag up illegal activity on any PC it's attached to. Detective superintendent Charlie McMurdie, architect of the UK's Police Central E-crime Unit (PCeU), said frontline police ideally need a digital forensic tool as easy to use as the breathalyser, to help them deal with growing numbers of computers being seized during raids on suspects' homes. McMurdie said such a tool could run on suspects' machines, identify illegal activity - such as credit card fraud or selling stolen goods online - and retrieve relevant evidence. She told silicon.com: "Do we need to seize five computers in a suspect's house or could we use a simple tool to preview on site and identify there's that one email we are looking for and we can then use that and interview the person now, rather then waiting six to 12 months for the evidence to come back to us? "For example, look at breathalysers - I am not a scientist, I could not do a chemical test on somebody when they are arrested for drink driving but I have a tool that tells me when to bring somebody in." The eventual development of such a tool could help ease a backlog of digital forensic work that has officers waiting up to a year for evidence to be recovered from seized machines. The tool is part of a package of measures envisaged by McMurdie as one day coming out of the ?7m PCeU, which from spring next year will co- ordinate law enforcement of all online offences and lead national investigations into the most serious e-crime cases. McMurdie also discussed the possibility of setting up a "central forensic server", where digital forensic experts from across the UK could log in and analyse whatever systems were plugged into it. She described how it could help tackle corporate e-crime, saying: "Say one of the banks is attacked and we need to have a look at one of their hard drives: that bank would have something that they can plug their system in to and that connects to this central forensic server. "Say there is a copper who is a forensic expert in Devon and Cornwall, he could hook into the central server and deal with it from Devon and Cornwall, rather than travelling up to London." McMurdie said UK police have also been talking to the FBI and US Computer Emergency Readiness Team units about their use of remote searches of hard drives over the net. PCeU leaders are also in talks with the Association of Chief Police Officers about setting up regional centres for e-crime training. From rforno at infowarrior.org Mon Dec 15 21:55:33 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Dec 2008 16:55:33 -0500 Subject: [Infowarrior] - Appeals Court Narrows National Security Secrecy, Limits Oversight Message-ID: <3A315CA1-EAD7-42B7-8FCE-8CAD7739EF53@infowarrior.org> Court Narrows National Security Secrecy, Limits Oversight By David Kravets EmailDecember 15, 2008 | 4:05:34 PM http://blog.wired.com/27bstroke6/2008/12/court-narrowing.html A unanimous federal appeals court on Monday narrowed the scope of when telecommunications companies must keep secret so-called self-issued search warrants requested of them by the Federal Bureau of Investigation. But the court limited when it was necessary for judges to review a secrecy order. The appeal concerned various counter-terrorism statutes and the 2006 USA Patriot Act, which allows the FBI to demand, among other things, information concerning telephone and e-mail communications without a warrant under what is known as a national security letter, or NSL. The law forbids the companies to disclose to the target that the bureau has sought information concerning their telephone and e-mail traffic. Ruling on American Civil Liberties Union challenge to the gag order provision, the 2nd U.S. Circuit Court of Appeals concluded 3-0 that secrecy is required on a carrier if the FBI certifies that disclosure of the NSL "may result in an enumerated harm that is related to an authorized investigation to protect against international terrorism or clandestine intelligence activities." That phrasing dramatically limited the parameters of when a gag order was automatically required. Until the court's ruling Monday, the standard for secrecy was required when the FBI asserts that disclosure of a NSL may result in "a danger to the national security of the United States, interference with a criminal, counterterrorism, or counterintelligence investigation, interference with diplomatic relations, or danger to the life or physical safety of any person." The ACLU -- which sought to limit the rule in a bid to allow targets the ability to challenge the NSLs -- maintained the secrecy rule violated the First Amendment rights of the telecommunication companies. "The nondisclosure requirement," Judge Jon O. Newman wrote (.pdf) for the appeals court, "is not a typical prior restraint or a typical content-based restriction warranting the most rigorous First Amendment scrutiny." Judge Newman's 55-page opinion was joined by judges Guido Calabrese and Sonia Sotomayor. In 2005, there were 40,000 national security letters, or NSLs, sent to carriers, the court noted. The letters often demand phone numbers dialed or received and outgoing and incoming e-mail addresses of selected individuals. The contents of such communications usually are not authorized under a National Security Letter. In the case decided Monday, the appeals court greatly diverged from the lower courts when it comes to how much judicial oversight is required, if any. A New York federal judge had ruled that the law's lack of language requiring judicial oversight of the secrecy provisions accorded the FBI too much power. The lower court declared the secrecy provision unconstitutional, and demanded a judge review every gag order. That decision was stayed pending appeal. But on Monday, the New York-based appellate court agreed with the government that it should not be required to "initiate litigation" and obtain judicial approval of every secrecy order, which number in the tens of thousands. Instead, the court noted that judges must review the validity of a secrecy order, in private if necessary, only when a telecommunications company challenges the gag order under what the court termed a "reciprocal notice procedure." Yet the "reciprocal notice procedure" may have little value in the real world -- meaning tens of thousands of customers may never know personal information, including banking records, were disclosed to the FBI. As the appeals court noted, telecommunication companies have only challenged secrecy orders three times. The court wrote: The government could inform each NSL recipient that it should give the government prompt notice, perhaps within 10 days, in the event that the recipient wished to contest the nondisclosure requirement. Upon receipt of such notice, the government could be accorded a limited time, perhaps 30 says, to initiate a judicial review to maintain the nondisclosure requirement, and the proceeding would have to be concluded within a prescribed time, perhaps 60 days. ? The NSL could also inform the recipient that the nondisclosure requirement would remain in effect if the recipient declines to give the government notice of an intent to challenge the requirement or, upon a challenge, if the government prevails. If the government is correct that very few NSL recipients have any interest in challenging the nondisclosure requirement (perhaps no more than three have done so thus far), this 'reciprocal notice procedure' would nearly eliminate the government's burden to initiate litigation. From rforno at infowarrior.org Tue Dec 16 00:55:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Dec 2008 19:55:54 -0500 Subject: [Infowarrior] - OSX latest update breaks PGP Message-ID: FYI -- if you're runnning PGP Desktop 9.8 under OSX Leopard and do today's big OSX update to 10.5.6 be advised it will crash Apple Mail whenever you try to open a message to read it. (I am running PGP 9.8.3) To get Mail to work again, you need to remove the PGPmailLeopard.mailbundle from /Library/Mail/Bundles and Apple Mail works just fine again.....but of course, that means plug-in capability for PGP is gone from Mail. :( Just a FYI. If anyone here from PGP is reading this, kindly issue a supported fix. Thanks. -rick From rforno at infowarrior.org Tue Dec 16 02:28:48 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Dec 2008 21:28:48 -0500 Subject: [Infowarrior] - Cheney admits authorizing detainee's torture Message-ID: <51B2C3E0-E660-469E-9AA1-4B8D6078A613@infowarrior.org> Cheney admits authorizing detainee's torture David Edwards and Stephen C. Webster Published: Monday December 15, 2008 http://rawstory.com/news/2008/Cheney_admits_authorizing_detainees_torture_1215.html Outgoing VP says Guantanamo prison should stay open until end of terror war, but has no idea when that might be. Monday, outgoing Vice President Dick Cheney made a startling statement on a nation-wide, televised broadcast. When asked by ABC News reporter Jonathan Karl whether he approved of interrogation tactics used against a so-called "high value prisoner" at the controversial Guantanamo Bay prison, Mr. Cheney, in a break from his history of being press-shy, admitted to giving official sanctioning of torture. "I supported it," he said regarding the practice known as "water- boarding," a form of simulated drowning. After World War II, Japanese soldiers were tried and convicted of war crimes in US courts for water- boarding, a practice which the outgoing Bush administration attempted to enshrine in policy. "I was aware of the program, certainly, and involved in helping get the process cleared, as the agency in effect came in and wanted to know what they could and couldn't do," Cheney said. "And they talked to me, as well as others, to explain what they wanted to do. And I supported it." He added: "It's been a remarkably successful effort, and I think the results speak for themselves." ABC asked him if in hindsight he thought the tactics went too far. "I don't," he said. The prisoner in question, Khalid Sheikh Mohammed, who the Bush administration alleges to have planned the attacks of Sept. 11, 2001, is one of Guantanamo's "high value targets" thus far charged with war crimes. Former military interrogator Travis Hall disagrees. "Proponents of Guantanamo underestimate what a powerful a propaganda tool Guantanamo has become for terrorist groups such as Al Qaeda, despite several Department of Defense studies documenting the propaganda value of detention centers," he said in a column for Opposing Views. "For example, West Point?s Combating Terrorism Center has monitored numerous Al Qaeda references to Guantanamo in its recruitment propaganda materials," continued Hall. "Improvements to Guantanamo?s administration of judicial mechanisms will not make its way into Al Qaeda propaganda. Nothing short of closing Guantanamo will remove this arrow from its quiver." President-elect Barack Obama has promised to close the prison and pull US forces out of Iraq. Cheney, however, has a different timeline for when Guantanamo Bay prison may be "responsibly" retired. "Well, I think that that would come with the end of the war on terror," he told ABC. Problematic to his assertion: Mr. Bush's "war on terror" is undefinable and unending by it's very nature, and Cheney seems to recognize this as fact. Asked when his administration's terror war will end, he jostled, "Well, nobody knows. Nobody can specify that." This video is from ABC's World News, broadcast Dec. 15, 2008. http://rawstory.com/news/2008/Cheney_admits_authorizing_detainees_torture_1215.html From rforno at infowarrior.org Tue Dec 16 02:30:28 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Dec 2008 21:30:28 -0500 Subject: [Infowarrior] - Confirmed: Air Force Falls Short in Third Nuke Test Message-ID: <3AB3929E-517E-4345-B0EA-8B12DA023799@infowarrior.org> Confirmed: Air Force Falls Short in Third Nuke Test By Noah Shachtman EmailDecember 15, 2008 | 7:21:08 PMCategories: Nukes http://blog.wired.com/defense/2008/12/confirmed-air-f.html Now, it's confirmed. The Air Force has indeed blown a third test of its nuclear handling capabilities, as Danger Room first reported over the weekend. In a memo, the Air Force confirmed that the 90th Missile Wing at F.E. Warren Air Force Base "rated unsatisfactory" on its nuclear surety inspection. Testers found fault with the missile unit's "management and administration," as well as "tools, tests, tie-down and handling equipment." As the Project on Government Oversight notes, "this is the third Air Force nuclear unit to fail an inspection this year, and moreover, it now means that all three missile bases with deployed land-based Minuteman III intercontinental ballistic missiles (ICBM) -- Minot, Malstrom, and now Warren -- have failed their security tests." Let's review: the 5th missile wing at Minot Air Force Base failed a security test in May; officers removed classified nuclear missile components from the base in August; the 341st missile wing at the Malstrom Air Force Base failed a security test last month, and in August 2006, the Air Force accidentally sent a shipment of classified ballistic missile components to Taiwan. "Handling nuclear weapons ?- the most powerful and destructive instruments in the arsenal of freedom ? is a tremendous responsibility," told the missileers at Minot earlier this month. "There is simply no room for error." From rforno at infowarrior.org Tue Dec 16 02:34:24 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Dec 2008 21:34:24 -0500 Subject: [Infowarrior] - FBI taps cell phone mic as eavesdropping tool Message-ID: <5C9D528F-B50D-41F1-BD3D-DBCE597C8041@infowarrior.org> FBI taps cell phone mic as eavesdropping tool By Declan McCullagh and Anne Broache Staff Writers, CNET News Last modified: December 1, 2006 6:35 PM PST http://news.cnet.com/2100-1029_3-6140191.html The FBI appears to have begun using a novel form of electronic surveillance in criminal investigations: remotely activating a mobile phone's microphone and using it to eavesdrop on nearby conversations. The technique is called a "roving bug," and was approved by top U.S. Department of Justice officials for use against members of a New York organized crime family who were wary of conventional surveillance techniques such as tailing a suspect or wiretapping him. Nextel cell phones owned by two alleged mobsters, John Ardito and his attorney Peter Peluso, were used by the FBI to listen in on nearby conversations. The FBI views Ardito as one of the most powerful men in the Genovese family, a major part of the national Mafia. The surveillance technique came to light in an opinion published this week by U.S. District Judge Lewis Kaplan. He ruled that the "roving bug" was legal because federal wiretapping law is broad enough to permit eavesdropping even of conversations that take place near a suspect's cell phone. Kaplan's opinion said that the eavesdropping technique "functioned whether the phone was powered on or off." Some handsets can't be fully powered down without removing the battery; for instance, some Nokia models will wake up when turned off if an alarm is set. While the Genovese crime family prosecution appears to be the first time a remote-eavesdropping mechanism has been used in a criminal case, the technique has been discussed in security circles for years. The U.S. Commerce Department's security office warns that "a cellular telephone can be turned into a microphone and transmitter for the purpose of listening to conversations in the vicinity of the phone." An article in the Financial Times last year said mobile providers can "remotely install a piece of software on to any handset, without the owner's knowledge, which will activate the microphone even when its owner is not making a call." Nextel and Samsung handsets and the Motorola Razr are especially vulnerable to software downloads that activate their microphones, said James Atkinson, a counter-surveillance consultant who has worked closely with government agencies. "They can be remotely accessed and made to transmit room audio all the time," he said. "You can do that without having physical access to the phone." Because modern handsets are miniature computers, downloaded software could modify the usual interface that always displays when a call is in progress. The spyware could then place a call to the FBI and activate the microphone--all without the owner knowing it happened. (The FBI declined to comment on Friday.) "If a phone has in fact been modified to act as a bug, the only way to counteract that is to either have a bugsweeper follow you around 24-7, which is not practical, or to peel the battery off the phone," Atkinson said. Security-conscious corporate executives routinely remove the batteries from their cell phones, he added. FBI's physical bugs discovered The FBI's Joint Organized Crime Task Force, which includes members of the New York police department, had little luck with conventional surveillance of the Genovese family. They did have a confidential source who reported the suspects met at restaurants including Brunello Trattoria in New Rochelle, N.Y., which the FBI then bugged. But in July 2003, Ardito and his crew discovered bugs in three restaurants, and the FBI quietly removed the rest. Conversations recounted in FBI affidavits show the men were also highly suspicious of being tailed by police and avoided conversations on cell phones whenever possible. That led the FBI to resort to "roving bugs," first of Ardito's Nextel handset and then of Peluso's. U.S. District Judge Barbara Jones approved them in a series of orders in 2003 and 2004, and said she expected to "be advised of the locations" of the suspects when their conversations were recorded. Details of how the Nextel bugs worked are sketchy. Court documents, including an affidavit (p1) and (p2) prepared by Assistant U.S. Attorney Jonathan Kolodner in September 2003, refer to them as a "listening device placed in the cellular telephone." That phrase could refer to software or hardware. One private investigator interviewed by CNET News.com, Skipp Porteous of Sherlock Investigations in New York, said he believed the FBI planted a physical bug somewhere in the Nextel handset and did not remotely activate the microphone. "They had to have physical possession of the phone to do it," Porteous said. "There are several ways that they could have gotten physical possession. Then they monitored the bug from fairly near by." But other experts thought microphone activation is the more likely scenario, mostly because the battery in a tiny bug would not have lasted a year and because court documents say the bug works anywhere "within the United States"--in other words, outside the range of a nearby FBI agent armed with a radio receiver. In addition, a paranoid Mafioso likely would be suspicious of any ploy to get him to hand over a cell phone so a bug could be planted. And Kolodner's affidavit seeking a court order lists Ardito's phone number, his 15-digit International Mobile Subscriber Identifier, and lists Nextel Communications as the service provider, all of which would be unnecessary if a physical bug were being planted. A BBC article from 2004 reported that intelligence agencies routinely employ the remote-activiation method. "A mobile sitting on the desk of a politician or businessman can act as a powerful, undetectable bug," the article said, "enabling them to be activated at a later date to pick up sounds even when the receiver is down." For its part, Nextel said through spokesman Travis Sowders: "We're not aware of this investigation, and we weren't asked to participate." Other mobile providers were reluctant to talk about this kind of surveillance. Verizon Wireless said only that it "works closely with law enforcement and public safety officials. When presented with legally authorized orders, we assist law enforcement in every way possible." A Motorola representative said that "your best source in this case would be the FBI itself." Cingular, T-Mobile, and the CTIA trade association did not immediately respond to requests for comment. Mobsters: The surveillance vanguard This isn't the first time the federal government has pushed at the limits of electronic surveillance when investigating reputed mobsters. In one case involving Nicodemo S. Scarfo, the alleged mastermind of a loan shark operation in New Jersey, the FBI found itself thwarted when Scarfo used Pretty Good Privacy software (PGP) to encode confidential business data. So with a judge's approval, FBI agents repeatedly snuck into Scarfo's business to plant a keystroke logger and monitor its output. Like Ardito's lawyers, Scarfo's defense attorneys argued that the then- novel technique was not legal and that the information gleaned through it could not be used. Also like Ardito, Scarfo's lawyers lost when a judge ruled in January 2002 that the evidence was admissible. This week, Judge Kaplan in the southern district of New York concluded that the "roving bugs" were legally permitted to capture hundreds of hours of conversations because the FBI had obtained a court order and alternatives probably wouldn't work. The FBI's "applications made a sufficient case for electronic surveillance," Kaplan wrote. "They indicated that alternative methods of investigation either had failed or were unlikely to produce results, in part because the subjects deliberately avoided government surveillance." Bill Stollhans, president of the Private Investigators Association of Virginia, said such a technique would be legally reserved for police armed with court orders, not private investigators. There is "no law that would allow me as a private investigator to use that type of technique," he said. "That is exclusively for law enforcement. It is not allowable or not legal in the private sector. No client of mine can ask me to overhear telephone or strictly oral conversations." Surreptitious activation of built-in microphones by the FBI has been done before. A 2003 lawsuit revealed that the FBI was able to surreptitiously turn on the built-in microphones in automotive systems like General Motors' OnStar to snoop on passengers' conversations. When FBI agents remotely activated the system and were listening in, passengers in the vehicle could not tell that their conversations were being monitored. Malicious hackers have followed suit. A report last year said Spanish authorities had detained a man who write a Trojan horse that secretly activated a computer's video camera and forwarded him the recordings. From rforno at infowarrior.org Tue Dec 16 02:46:50 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 15 Dec 2008 21:46:50 -0500 Subject: [Infowarrior] - FBI taps cell phone mic as eavesdropping tool Message-ID: <61ED091C-50E4-4F96-9F15-68D2AAD3801E@infowarrior.org> Sorry, thought the date on the article was from 2008, not 2006. H/T to Kim for pointing that out to me. :( -rf From rforno at infowarrior.org Tue Dec 16 13:52:33 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 Dec 2008 08:52:33 -0500 Subject: [Infowarrior] - Appeals Court strikes down Patriot Act gag provision Message-ID: <4C202FE0-58C3-43F3-8DE8-FF334254932A@infowarrior.org> ACLU Hails Victory In Challenge To Government's Power To Silence NSL Recipients FOR IMMEDIATE RELEASE CONTACT: (212) 549-2666; media at aclu.org http://www.aclu.org/safefree/nsaspying/38113prs20081215.html NEW YORK ? A federal appeals court today upheld, in part, a decision striking down provisions of the Patriot Act that prevent national security letter (NSL) recipients from speaking out about the secret records demands. The decision comes in an American Civil Liberties Union and New York Civil Liberties Union lawsuit challenging the FBI's authority to use NSLs to demand sensitive and private customer records from Internet Service Providers and then forbid them from discussing the requests. Siding with the ACLU, the U.S. Court of Appeals for the Second Circuit found that the statute's gag provisions violate the First Amendment. "We are gratified that the appeals court found that the FBI cannot silence people with complete disregard for the First Amendment simply by saying the words 'national security,'" said Melissa Goodman, staff attorney with the ACLU National Security Project. "This is a major victory for the rule of law. The court recognized the need for judicial oversight of the government's dangerous gag power and rejected the Bush administration's position that the courts should just rubber-stamp these gag orders. By upholding the critical check of judicial review, the FBI can no longer use this incredible power to hide abuse of its intrusive Patriot Act surveillance powers and silence critics." The appeals court invalidated parts of the statute that wrongly placed the burden on NSL recipients to initiate judicial review of gag orders, holding that the government has the burden to go to court and justify silencing NSL recipients. The appeals court also invalidated parts of the statute that narrowly limited judicial review of the gag orders ? provisions that required the courts to treat the government's claims about the need for secrecy as conclusive and required the courts to defer entirely to the executive branch. "The appellate panel correctly observed that the imposition of such a conclusive presumption ignored well-settled First Amendment standards and deprived the judiciary of its important function as a protector of fundamental rights," said Arthur Eisenberg, Legal Director for the New York Civil Liberties Union. In this regard, the opinion stated: "The fiat of a governmental official, though senior in rank and doubtless honorable in the execution of official duties, cannot displace the judicial obligation to enforce constitutional requirements." The court, therefore, also ruled that the government must now justify the gag on the John Doe NSL recipient in the case, a gag that has been in place for more than four years. The ACLU and New York Civil Liberties Union filed this lawsuit in April 2004 on behalf of an Internet Service Provider (ISP) that received an NSL. Because the FBI imposed a gag order on the ISP, the lawsuit was filed under seal, and even today the ACLU is prohibited from disclosing its client's identity. The FBI continues to maintain the gag order even though the underlying investigation is more than four years old (and may well have ended), and even though the FBI abandoned its demand for records from the ISP over a year and a half ago. In September 2004, Judge Victor Marrero of the U.S. District Court for the Southern District of New York struck down the NSL statute, ruling that the FBI could not constitutionally demand sensitive records without judicial review and that permanent gag orders violated the First Amendment guarantee of free speech. The government appealed the ruling, but Congress amended the NSL provision before the court issued a decision. The ACLU brought a new challenge to the amended provision, and in September 2007, Judge Marrero again found the statute unconstitutional. Bills aimed at bringing the NSL authority back in line with the Constitution were introduced last year in both the House and Senate after reports had confirmed and detailed the widespread abuse of the authority by federal law enforcement. Since the Patriot Act was passed in 2001, relaxing restrictions on the FBI's use of the power, the number of NSLs issued has seen an astronomical increase, to nearly 200,000 between 2003 and 2006. A March 2008 Office of Inspector General (OIG) report revealed that, among other abuses, the FBI misused NSLs to sidestep the authority of the Foreign Intelligence Surveillance Court (FISC). In one instance, the FBI issued NSLs to obtain information after the FISC twice refused its requests on First Amendment grounds. The OIG also found that the FBI continues to impose gag orders on about 97 percent of NSL recipients and that, in some cases, the FBI failed to sufficiently justify why the gag orders were imposed in the first place. In addition to this case, the ACLU has challenged this Patriot Act statute multiple times. One case was brought on behalf of a group of Connecticut librarians and another case, called Internet Archive v. Mukasey, involved an NSL served on a digital library in California. In the latter case, the FBI withdrew the NSL and the gag as part of the settlement of a legal challenge brought by the ACLU and the Electronic Frontier Foundation. Attorneys in Doe v. Mukasey are Jameel Jaffer, Goodman and L. Danielle Tully of the ACLU National Security Project and Eisenberg of the NYCLU. Today's decision can be found online at: www.aclu.org/safefree/nsaspying/38110lgl20081215.html More information on Doe v. Mukasey and NSLs is available online at: www.aclu.org/nsl From rforno at infowarrior.org Tue Dec 16 14:12:49 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 Dec 2008 09:12:49 -0500 Subject: [Infowarrior] - When Financial Alchemy Fails Message-ID: <3A1D910B-3D84-451E-91B3-942A4B9CD418@infowarrior.org> (Really good, though long, article on the financial crisis. Worth reading. --rf) When Financial Alchemy Fails By Jill Drew Washington Post Staff Writer Tuesday, December 16, 2008; A1 It was Wall Street's version of an inside joke: Take a motley collection of largely unwanted assets, repackage them into a new set of bonds, and name it after the pristine white-sand beaches of an exclusive New Jersey town where Katharine Hepburn once summered. No one is laughing now. The Merrill Lynch bond deal known as Mantoloking has ended up with a different punch line: proof of the frenzied, foolhardy drive for upfront fees that helped bring down the world's financial markets and trigger the largest federal bailout in history. Wall Street firms thought they had a surefire way to profit from the booming real estate market without much risk to their companies. They engaged in a kind of financial alchemy, creating a trillion-dollar chain of securities on the back of subprime mortgages and other loans, which were sold to investors in private offerings that no government regulator scrutinized. With these deals, known as collateralized debt obligations, the world glimpsed the raw power of unchecked financial markets operating full- throttle to the point of self-destruction. The cascading losses on CDO bonds have undermined the solvency of several large banks and obliterated the trust that is the bedrock of all functioning markets. The debacle also has called into question the competence of Wall Street, the independence of bond-rating firms, the prudence of insurers and the foresight of regulators. Deals like Mantoloking were "the height of lunacy," says Joshua Rosner, a bond market expert who issued multiple warnings about lax lending standards during the past seven years, earning him status as an early prophet of the credit crisis. < - > http://www.washingtonpost.com/wp-dyn/content/article/2008/12/15/AR2008121503561.html?hpid=topnews From rforno at infowarrior.org Tue Dec 16 18:37:52 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 Dec 2008 13:37:52 -0500 Subject: [Infowarrior] - Serious security flaw found in IE Message-ID: Serious security flaw found in IE http://news.bbc.co.uk/2/hi/technology/7784908.stm Users of Microsoft's Internet Explorer are being urged by experts to switch to a rival until a serious security flaw has been fixed. The flaw in Microsoft's Internet Explorer could allow criminals to take control of people's computers and steal their passwords, internet experts say. Microsoft urged people to be vigilant while it investigated and prepared an emergency patch to resolve it. Internet Explorer is used by the vast majority of the world's computer users. "Microsoft is continuing its investigation of public reports of attacks against a new vulnerability in Internet Explorer," said the firm in a security advisory alert about the flaw. Microsoft says it has detected attacks against IE 7.0 but said the "underlying vulnerability" was present in all versions of the browser. Other browsers, such as Firefox, Opera, Chrome, Safari, are not vulnerable to the flaw Microsoft has identified. Browser bait "In this case, hackers found the hole before Microsoft did," said Rick Ferguson, senior security advisor at Trend Micro. "This is never a good thing." As many as 10,000 websites have been compromised since the vulnerability was discovered, he said. "What we've seen from the exploit so far is it stealing game passwords, but it's inevitable that it will be adapted by criminals," he said. "It's just a question of modifying the payload the trojan installs." Said Mr Ferguson: "If users can find an alternative browser, then that's good mitigation against the threat." But Microsoft counselled against taking such action. "I cannot recommend people switch due to this one flaw," said John Curran, head of Microsoft UK's Windows group. He added: "We're trying to get this resolved as soon as possible. "At present, this exploit only seems to affect 0.02% of internet sites," said Mr Curran. "In terms of vulnerability, it only seems to be affecting IE7 users at the moment, but could well encompass other versions in time." Richard Cox, chief information officer of anti-spam body The Spamhaus Project and an expert on privacy and cyber security, echoed Trend Micro's warning. "It won't be long before someone reverse engineers this exploit for more fraudulent purposes. Trend Mico's advice [of switching to an alternative web browser] is very sensible," he said. PC Pro magazine's security editor, Darien Graham-Smith, said that there was a virtual arms race going on, with hackers always on the look out for new vulnerabilities. "The message needs to get out that this malicious code can be planted on any web site, so simple careful browsing isn't enough." "It's a shame Microsoft have not been able to fix this more quickly, but letting people know about this flaw was the right thing to do. If you keep flaws like this quiet, people are put at risk without knowing it." "Every browser is susceptible to vulnerabilities from time to time. It's fine to say 'don't use Internet Explorer' for now, but other browsers may well find themselves in a similar situation," he added. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/technology/7784908.stm Published: 2008/12/16 09:20:39 GMT From rforno at infowarrior.org Tue Dec 16 20:52:35 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 16 Dec 2008 15:52:35 -0500 Subject: [Infowarrior] - Oz couple served with legal documents via Facebook Message-ID: Australian couple served with legal documents via Facebook An Australian couple who defaulted on their mortgage have been served legally binding court documents via social networking site Facebook. By Bonnie Malkin in Sydney Last Updated: 4:16PM GMT 16 Dec 2008 http://www.telegraph.co.uk/news/newstopics/howaboutthat/3793491/Australian-couple-served-with-legal-documents-via-Facebook.html In what may be a world first, lawyers from Canberra law firm Meyer Vandenberg persuaded a judge in the Australian Capital Territory's Supreme Court to allow them to serve the documents over the internet after repeatedly failing to serve the papers in person. Lawyer Mark McCormack came up with the Facebook plan after it became clear that the couple did not want to be found. Carmel Rita Corbo and Gordon Poyser had failed to keep up repayments on a $150,000 (?44,000) loan they had borrowed from MKM Capital, a mortgage provider. The pair had ignored emails from the law firm and did not attend a court appearance on Oct 3. Mr McCormack said the pair had "vanished". So he looked to Facebook, better known for its tendency to break up marriages and ruin careers, for inspiration. "It's somewhat novel, however we do see it as a valid method of bringing the matter to the attention of the defendant," McCormack said. "It's one of those occasions where you feel most at home with what you know and I myself have a Facebook account." "We don't know of any other lawyer who has used Facebook in this way," he told News Ltd. "We got the idea ourselves in the course of looking at alternative methods of bringing the matter to the defendants' attention." Mr McCormack insisted there was no other way to find the pair. "They weren't available at their residence. They no longer worked at the place given in some documents as the last place of their employment," he said. "The Facebook profiles showed the defendants' dates of birth, email addresses and friend lists ? and the co-defendants were friends with one another. "This information was enough to satisfy the court that Facebook was a sufficient method of communicating with the defendants." The court decided Facebook was a legally viable way to communicate. But, in granting permission to use the social networking site, the judge stipulated that the papers be sent via a private email so that other people visiting the page could not read their contents. Courts have previously allowed judgements to be delivered by email, but it is not known if Facebook or other social networking sites have been used in the same way. Facebook has more than 140m users worldwide. From rforno at infowarrior.org Wed Dec 17 05:26:17 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Dec 2008 00:26:17 -0500 Subject: [Infowarrior] - Transcript: Roundtable with Chertoff Message-ID: Transcript @ http://docs.google.com/View?docid=dgdfgwqj_19hf57mhdp From rforno at infowarrior.org Wed Dec 17 23:40:06 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Dec 2008 18:40:06 -0500 Subject: [Infowarrior] - Yahoo Limits Retention of Personal Data Message-ID: December 18, 2008 Yahoo Limits Retention of Personal Data By MIGUEL HELFT http://www.nytimes.com/2008/12/18/technology/internet/18yahoo.html?_r=1&pagewanted=print SAN FRANCISCO ? Yahoo, the Internet search company, said Wednesday that it would limit the time it holds identifiable personal information related to searches to 90 days to address the growing concerns of privacy advocates and government regulators. Yahoo?s new data retention policy is the most restrictive among major search engines in the United States and is certain to put pressure on rivals like Google and Microsoft to shorten the time they keep information about their users. Previously, Yahoo kept search logs for 13 months. In September, Google began to strip out portions of the personally identifiable information related to searches after nine months. Microsoft keeps the information for 18 months. European regulators had been asking major American Internet search engines to reduce the time they hold identifiable personal information to six months. Microsoft said recently that it would agree to such a standard if its rivals also went along. Anne Toth, vice president for policy at Yahoo, said that the company chose an even shorter time period to ?take the issue of the table.? Ms. Toth said she hoped that the new policy would make Yahoo more attractive to users who were concerned about privacy. ?We certainly hope that taking a leadership position in this will differentiate us even further,? Ms. Toth said. But it is not clear that stronger privacy protections are enough of a selling point with consumers to make then switch search engines. Last year, Ask.com introduced a new feature called AskEraser, which allows users to search anonymously, and which the company said would help it increase its audience. However, Ask.com?s share of the search market has remained relatively stagnant. Google is the dominant search engine. Under the new policy, Yahoo will delete the last eight digits of the numeric Internet Protocol address associated with a search query after 90 days. It will also alter so-called cookie data related to each search log and strip out any personal information, like a name, phone number, address or Social Security number, from the query. Yahoo also said that its new policy would extend to other types of data it collects, like page views, page clicks, ad views and ad clicks. Major search engines have said they need to retain personal data, in part, to provide better services, like more customized ads and more personalized searches. Ms. Toth said Yahoo determined it could begin deleting certain data after 90 days without affecting the quality of services is provides to users, advertisers and publishers. Privacy advocates said that the new policy was a step in the right direction and credited the change to pressure from European regulators. ?As much as the U.S. search firms talk about how they are improving their practices, I think they are really afraid that the Europeans are going to bring an enforcement action under European privacy laws,? said Marc Rotenberg, executive director of the Electronic Privacy and Information Center. ?That?s where the push is really coming from.? Mr. Rotenberg also said that stripping out eight digits from the I.P. address would not guarantee that queries would be anonymous. He compared it with stripping out the last two digits of a telephone number. Under pressure from advocates and regulators, American search companies over the last 18 months have been gradually shortening the time they retain personal data. Still, they remain behind others. In the Netherlands, a small search engine called IXQuick has promised to delete I.P. addresses after 48 hours and was commended for doing so by European regulators. Microsoft and Google could not immediately be reached for comment. From rforno at infowarrior.org Wed Dec 17 23:46:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Dec 2008 18:46:34 -0500 Subject: [Infowarrior] - Microsoft Issues Emergency Patch for IE Message-ID: <712D9F05-83F5-4DC7-B4EA-7ED56CB00286@infowarrior.org> Microsoft Issues Emergency Patch to Curb Password-Stealing Hackers http://voices.washingtonpost.com/securityfix/?hpid=news-col-blog Microsoft today issued an emergency update to plug a critical security hole present in all versions of its Internet Explorer Web browser, a flaw that hackers have been leveraging to steal data from millions of Windows users. The patch, which Microsoft dubbed MS08-078, fixes a security vulnerability that Microsoft says already has been used to attack more than 2 million Windows users. As Security Fix and other members of the tech community have chronicled, attackers have been busy compromising thousands of Web sites by seeding them with code that installs password-stealing software on computer systems of Web site visitors who use Internet Explorer. Microsoft estimated Monday that one in every 500 Windows users had been exposed to sites that try to exploit the flaw. Additionally, it said the number of victims was increasing at a rate of 50 percent daily. Vulnerability management company nCircle said Microsoft's decision to issue the patch outside of its normal Patch Tuesday (second Tuesday of each month) cycle is wise, given the current exploitation of the flaw and because instructions for exploiting the flaw are now available online. "Given the ongoing attacks for this bug and because the technical details have been available to the public for over a week, this is clearly a high risk client side vulnerability that everyone should patch now," said Andrew Storms, director of security for nCircle. This is an urgent update. If you use Windows, apply this patch now. Windows users can download the fix at Windows Update, or by enabling Automatic Updates. From rforno at infowarrior.org Wed Dec 17 23:49:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 17 Dec 2008 18:49:54 -0500 Subject: [Infowarrior] - The Ecofont Message-ID: Ecofont The prints we make for our 'daily use' not only use paper, but also ink. According to SPRANQ creative communications (Utrecht, The Netherlands) your ink cartridges could last longer. SPRANQ has therefore developed a new font: the Ecofont. The Ecofont is developed by SPRANQ, based on a hunch of Colin Willems. We tried lots of possible ink-saving-options. From extra thin letters to letters with outlines only. We have ommited various shapes: dashes, squares, triangles and even asterisks. In the end the circle was choosen as the best candidate for the job. With the Ecofont SPRANQ hopes to increase environmental awareness too. Increasing customer awareness about printing behavior: is printing really necessary or (partly) a waste of ink and paper? We also hope to inspire software giants and printer manufacturers to innovate in an environmentally conscious manner. http://www.ecofont.eu/behind_ecofont_en.html From rforno at infowarrior.org Thu Dec 18 13:26:09 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 Dec 2008 08:26:09 -0500 Subject: [Infowarrior] - US Navy's robot stealth carrier plane unveiled Message-ID: (But unless it's flown by Jessica Biel, this can never be as sexy an aircraft as EDI. --rf) :) US Navy's robot stealth carrier plane unveiled By Lewis Page ? Posted in Science, 18th December 2008 10:37 GMT http://www.theregister.co.uk/2008/12/18/x47b_rollout_ceremony/ Northrop Grumman yesterday took the wraps off one of the most advanced robot aircraft in the world, the X-47B Unmanned Combat Air System (UCAS). The X-47B is intended to operate from the flight deck of US Navy aircraft carriers, carrying out entire missions including air-to- air refuelling without pilot input. The X-47B Unmanned Combat Air System at its rollout ceremony Bow down before your Stealth Robot Overlord, puny fleshlings! "The X-47B will demonstrate how unmanned combat aircraft can operate from aircraft carriers ... extending the carrier's reach and power projection from anywhere in the world," said Captain Martin Deppe, of the US Navy. The X-47B project will provide just two demonstrator aircraft, mainly intended to prove that unmanned planes can successfully take off from and land onto US carriers. Catapult launch - and even more so, arrested landings - have traditionally been considered one of the most difficult and stressful piloting feats. Apart from proving the concept of unmanned carrier aircraft, however, the X-47B will also be able to conduct air-to-air refuelling - giving it almost unlimited endurance. The US Navy hasn't asked for more, but in fact the aircraft would have little difficulty carrying weapons and flying autonomous strike missions, as it is derived from a previous joint programme between the navy and air force intended to produce a plane which could do just that. The X-47B, in fact, will be one of the first true killer robots, able to conduct a mission using live weapons without needing to communicate with pilots or even supervisors on its mother ship or back in the USA. Current roboplanes are typically handled in combat over satcomms channels from bases in America, and take off and land under the control of pilots in ground stations near the runway. Apart from its robot brain and controls, the X-47B also boasts much longer range than a normal carrier jet - and features Stealth technology. Some in the US Navy hope that it will allow carriers to stand much further off from threatening enemy coasts of the future, which might harbour dangerous ship-killing missiles able to punch through the fleet's defences. Others are hostile, however. Pilots are one of the US navy's dominant subcultures, and they count themselves better than lowly airforce pukes because they do arrested landings - "traps". The Top Guns won't be looking forward to telling their children that there's no longer any way to win one's glorious wings of gold and the respect of the nation by jockeying a tailhook jet down to a wet deck on a stormy night far out at sea. According to Northrop, the X-47B, having now been completed, will now enter ground tests in preparation for a first runway flight next autumn. Carrier trials are to begin in 2011. http://www.theregister.co.uk/2008/12/18/x47b_rollout_ceremony/ From rforno at infowarrior.org Thu Dec 18 16:58:22 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 Dec 2008 11:58:22 -0500 Subject: [Infowarrior] - Personalized spam rising sharply, study finds Message-ID: <877F1479-A553-40D1-877F-185677E188C3@infowarrior.org> Personalized spam rising sharply, study finds By JORDAN ROBERTSON Posted 17 December 2008 @ 05:00 pm EST Yes, guys, those spam e-mails for Viagra or baldness cream just might be directed to you personally. So, too, are many of the other crafty come-ons clogging inboxes, trying to lure us to fake Web sites so criminals can steal our personal information. A new study by Cisco Systems Inc. found an alarming increase in the amount of personalized spam, which online identity thieves create using stolen lists of e-mail addresses or other poached data about their victims, such as where they went to school or which bank they use. Unlike traditional spam, most of which is blocked by e-mail filters, personalized spam, known as "spear phishing" messages, often sail through unmolested. They're sent in smaller chunks, and often come from accounts the criminals have set up at reputable Web-based e-mail services. Some of the messages are expertly crafted, linking to beautifully designed Web sites that are bogus or immediately install malicious programs. Cisco's annual security study found that spam is growing quickly-- nearly 200 billion spam messages are now sent each day, double the volume in 2007--and that targeted attacks are also rising sharply. More than 0.4 percent of all spam sent in September were targeted attacks, Cisco found. That might sound low, but since 90 percent of all e-mails sent worldwide are spam, this means 800 million messages a day are attempts are spear phishing. A year ago, targeted attacks with personalized messages were less than 0.1 percent of all spam. The latest attacks include text-message spam, e-mails trying to trick business owners into coughing up credentials for their Google advertising accounts, or personalized "whaling" e-mails to executives claiming that their businesses are under investigation by the FBI or that there's a problem with their personal bank account. As the world's largest maker of networking gear, Cisco is in a unique position to study the traffic flowing through its customers' networks, which include the biggest Internet providers and corporations. The latest study was based in part on the company's ability to monitor 30 percent of all Web and e-mail traffic through its hardware and software and a network of companies that contribute data. Read the full article of: http://www.ibtimes.com/articles/20081217/personalized-spam-rising-sharply-study-finds.htm From rforno at infowarrior.org Thu Dec 18 17:01:47 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 Dec 2008 12:01:47 -0500 Subject: [Infowarrior] - =?windows-1252?q?UK_completes_Windows_for_Submari?= =?windows-1252?q?nes=99_rollout?= Message-ID: Royal Navy completes Windows for Submarines? rollout By Lewis Page http://www.theregister.co.uk/2008/12/16/windows_for_submarines_rollout/ 16th December 2008 12:25 GMT The Royal Navy and BAE Systems plc were pleased as punch yesterday to announce that their implementation of Windows for Submarines? is complete ahead of schedule. Windows boxes on Ethernet LANs are now in control of the UK's nuclear-propelled and nuclear-armed warship fleet. The programme is called Submarine Command System Next Generation (SMCS NG), and uses varying numbers of standard multifunction consoles with two LCD screens, hooked up on an internal Ethernet network installed on each sub. Initial reports as the programme developed suggested that the OS in question would be Windows 2000, but those who have worked on it have since informed the Reg that in fact it is mostly based on XP. BAE and the Navy say the project has completed early, as many of the systems were installed extremely fast. The entire command system of HMS Vigilant, a Trident nuclear-missile submarine, was apparently replaced with the SMCS-NG Windows LAN in just 18 days, according to BAE. The use of commercial-off-the-shelf technology is expected to save the taxpayer as much as ?22m in support costs over the next ten years - a bit more than ?2m a year, or about a thousandth off Trident's running costs. ?This is a fantastic achievement," said Captain Pat O'Neill. "From speaking to operators and maintainers, I know how much they like SMCS NG. BAE Systems' work is proof that we can get commercial off the shelf technology to sea quickly and support it affordably." Many in the software community have viewed the Royal Navy's wholesale move to Windows-based command systems with concern, feeling that the savings are not such as to justify possible losses in security, reliability and assurance. In addition to the existing nuclear submarine fleet, the RN will use similar equipment to handle its new Type 45 destroyers in combat, and versions of SMCS-NG will also lie at the core of the upcoming Astute-class subs. Here on the Reg naval desk, we'd go relatively easy on submarine worries - even the Trident boats - as sub command LANs are by their nature very isolated and physically secure, and submarines almost never need to give their command systems autonomous firing authority. By contrast, however, an air-defence destroyer like the Type 45 - if it is to be much use - will fairly often have to give its collection of Windows boxes the ability to loose off a sheaf of Aster missiles without human authorisation. Shooting down the possible supersonic sea- skimmers of tomorrow will be even more impossible with the delays of having humans in the loop. Just to add to the slight feeling of nerves, a destroyer LAN will need to be connected to other networks off the ship as a matter of routine, and physical access to a destroyer is hugely easier than to a sub as well. So we aren't really looking at Windows boxes triggering nuclear armageddon if something goes wrong here. But we just might, if things go wrong, be looking at a computer snag causing another USS Vincennes airliner shootdown disaster in coming years. Or, of course, at British sailors of the future staring helplessly at what would shortly be literally a blue screen of death, as the shipkillers bored in without response. ? From rforno at infowarrior.org Thu Dec 18 21:50:32 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 Dec 2008 16:50:32 -0500 Subject: [Infowarrior] - Government Cracks Down on Unfair Credit Card Practices Message-ID: <238C53CA-3B3B-441D-AB67-87CE3133966F@infowarrior.org> Government Cracks Down on Unfair Credit Card Practices By Nancy Trejos and Binyamin Appelbaum Washington Post Staff Writers Thursday, December 18, 2008; 4:31 PM The federal government today approved new rules that would ban certain financial institutions from engaging in unfair credit card practices. The steps taken by the Federal Reserve, the Office of Thrift Supervision and the National Credit Union Administration represent the most significant reform of the credit card industry in decades. The government today banned banks, credit unions and savings associations from a number of practices. Among the practices that would be prohibited are: Raising interest rates on existing balances unless a payment was received more than 30 days late; charging a late fee if a borrower was given less than 21 days to pay; and applying payments in a way that would result in debts with higher interest rates getting repaid last. In the subprime credit card market, which caters to borrowers with poor or mediocre credit histories, fees that reduce the credit available to them would be restricted. Financial institutions would have to comply with the new regulations by July 1, 2010. With the approval of new rules banning "unfair and deceptive" practices today, the federal government is handing a victory to consumer groups who have long complained of lax oversight of the $970 billion industry. Even with all its lobbying power, the credit card industry was not able to beat back the most sweeping overhaul in decades. Financial companies and trade groups argue that regulators are overreacting to problems in ways that will limit the availability of credit to customers. < - > http://www.washingtonpost.com/wp-dyn/content/article/2008/12/18/AR2008121801883_pf.html From rforno at infowarrior.org Fri Dec 19 01:31:55 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 18 Dec 2008 20:31:55 -0500 Subject: [Infowarrior] - DHS getting reality TV show Message-ID: <93385E73-CF5F-4864-BB06-8D84B88F0BA1@infowarrior.org> Homeland Security Goes Hollywood http://voices.washingtonpost.com/federal-eye/2008/12/homeland_security_gets_primeti.html A new reality television show focused on the agencies and employees of the Department of Homeland Security is sure to find fans among bureaucrats and department observers, and also is likely to draw some criticism from those who wonder if a primetime television show is the best use of the agency's time. Homeland Security USA "Homeland Security USA" debuts Jan. 6 on ABC. The show's producer, Arnold Shapiro (creator of the CBS reality hit "Big Brother") recently told the Hollywood Reporter, ?I love investigative journalism, but that?s not what we?re doing. This show is heartening. It makes you feel good about these people who are doing their best to protect us.? So while the show will highlight the main missions of the department's 218,000 employees, it likely will not focus on less flattering incidents, like the DHS official arrested for hiring illegal immigrants, the department's challenges with government contracting, or the inability of airport screeners to unionize. The department's office of public affairs was approached by ABC about the project, according to DHS spokeswoman Laura Keehner. ?We worked with this outlet as we work with many others," Keehner said, but she could not discuss specifics, because "it's ABC's project." Keehner was "not aware of any financial benefit" to either the department or the employees profiled on the show. ABC is likely to share more information when it begins its PR roll out closer to the show's launch, a standard practice for primetime debuts. We do know that the show will mostly feature the work of Customs and Border Protection, with some focus on the Secret Service, Immigration and Customs Enforcement, Transportation Security Administration, the U.S. Coast Guard and United States Citizenship and Immigration Services. (No word on the Federal Air Marshals -- an agency probably difficult to tape.) All of the agencies have cooperated fully with the show's producers, which is not surprising considering the positive portrayals they've been promised. The first episode, called "This Is Your Car on Drugs," will highlight the work of Borders and Custom Enforcement officers at Los Angeles International Airport, a Blaine, Wash. U.S.-Canada border crossing, a stretch of the U.S.-Mexico border near Tucson, Ariz. and another border crossing at San Ysidro, Calif. It also will highlight an incident involving barbecued bats at the International Mail Center in Carson, Calif. No, really. "It?s kind of a combination of the two most popular shows on TV, 'Cops' and '24,'" said David Heyman, director and senior fellow of the Homeland Security program at the Center for Strategic and International Studies. "Public officials need to find ways of communicating, educating and engaging the public to take part in their own preparedness and security. This has the possibility of doing that," Heyman added. Still, "You obviously don?t want the filming of these activities to affect the decisions of those that are being filmed. In other words, you don?t want them playing to the camera." ABC has ordered 13 episodes and has scheduled the show to air Tuesdays at 8 p.m. ET, meaning it will compete against the popular "American Idol." Will federal law enforcement and anti-terrorism professionals draw a large enough audience to compete with musical amateurs? "The job of homeland security one is a sober one, it?s a serious one, and one that should not be modified for ratings wars," Heyman said, noting he has not seen the show and does not expect the department to alter its missions in exchange for ratings success. But shows and movies about government agencies have succeeded with mixed success. NBC's "The West Wing" started well, but gradually faded over its seven seasons. The Showtime production "The Inspectors" about U.S. postal inspectors failed back in 1998. Plus, most of today's successful procedural crime dramas focus on local law enforcement. Still, The Eye plans to tune in for the duration of the program to see how Hollywood handles the department's numerous agencies and missions. Will you? The comments section awaits your thoughts. From rforno at infowarrior.org Fri Dec 19 14:06:24 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Dec 2008 09:06:24 -0500 Subject: [Infowarrior] - Today's WTF? Message-ID: <781A4811-74E6-489E-AE42-6E36D32F28AD@infowarrior.org> Burger King launches beef-scented body spray Where's the beef? A new meat-scented body spray makes men the answer, courtesy of Burger King Thursday December 18, 2008, 7:27 pm EST http://finance.yahoo.com/news/Burger-King-launches-apf-13874133.html/print NEW YORK (AP) -- Looking to beef up your mojo this holiday season? Burger King Corp. may have just the thing. The home of the Whopper has launched a new men's body spray called "Flame." The company describes the spray as "the scent of seduction with a hint of flame-broiled meat." The fragrance is on sale at New York City retailer Ricky's NYC in stores and online for a limited time for $3.99. Burger King is marketing the product through a Web site featuring a photo of its King character reclining fireside and naked but for an animal fur strategically placed to not offend. The marketing ploy is the latest in a string of viral ad campaigns by the company. Burger King is also in the midst of its Whopper Virgins campaign that features an taste test with fast-food "virgins" pitting the Whopper against McDonald's Corp.'s Big Mac. Burger King Holdings Inc. shares rose 15 cents to close at $20.53. From rforno at infowarrior.org Fri Dec 19 14:12:15 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Dec 2008 09:12:15 -0500 Subject: [Infowarrior] - RIAA stopping individual lawsuits Message-ID: <80B25C7B-5A58-40FC-927E-2C90C17CE090@infowarrior.org> Wanna bet they think they can convince a pro-regulation Obama administration to see things their way?? I quietly cheer this decision but have a great deal of suspicion. ---rf Music Industry to Abandon Mass Suits By SARAH MCBRIDE and ETHAN SMITH http://online.wsj.com/article/SB122966038836021137.html?mod=rss_whats_news_technology After years of suing thousands of people for allegedly stealing music via the Internet, the recording industry is set to drop its legal assault as it searches for more effective ways to combat online music piracy. The decision represents an abrupt shift of strategy for the industry, which has opened legal proceedings against about 35,000 people since 2003. Critics say the legal offensive ultimately did little to stem the tide of illegally downloaded music. And it created a public- relations disaster for the industry, whose lawsuits targeted, among others, several single mothers, a dead person and a 13-year-old girl. [us album sales] Instead, the Recording Industry Association of America said it plans to try an approach that relies on the cooperation of Internet-service providers. The trade group said it has hashed out preliminary agreements with major ISPs under which it will send an email to the provider when it finds a provider's customers making music available online for others to take. Depending on the agreement, the ISP will either forward the note to customers, or alert customers that they appear to be uploading music illegally, and ask them to stop. If the customers continue the file- sharing, they will get one or two more emails, perhaps accompanied by slower service from the provider. Finally, the ISP may cut off their access altogether. The RIAA said it has agreements in principle with some ISPs, but declined to say which ones. But ISPs, which are increasingly cutting content deals of their own with entertainment companies, may have more incentive to work with the music labels now than in previous years. The new approach dispenses with one of the most contentious parts of the lawsuit strategy, which involved filing lawsuits requiring ISPs to disclose the identities of file sharers. Under the new strategy, the RIAA would forward its emails to the ISPs without demanding to know the customers' identity. Though the industry group is reserving the right to sue people who are particularly heavy file sharers, or who ignore repeated warnings, it expects its lawsuits to decline to a trickle. The group stopped filing mass lawsuits early this fall. It isn't clear that the new strategy will work or how effective the collaboration with the ISPs will be. "There isn't any silver-bullet anti-piracy solution," said Eric Garland, president of BigChampagne LLC, a piracy consulting company. Mr. Garland said he likes the idea of a solution that works more with consumers. In the years since the RIAA began its mass legal action, "It has become abundantly clear that the carrot is far more important than the stick." Indeed, many in the music industry felt the lawsuits had outlived their usefulness. "I'd give them credit for stopping what they've already been doing because it's been so destructive," said Brian Toder, who represents a Minnesota mother involved in a high-profile file-sharing case. But his client isn't off the hook. The RIAA said it plans to continue with outstanding lawsuits. Over the summer, New York State Attorney General Andrew Cuomo began brokering an agreement between the recording industry and the ISPs that would address both sides' piracy concerns. "We wanted to end the litigation," said Steven Cohen, Mr. Cuomo's chief of staff. "It's not helpful." As the RIAA worked to cut deals with individual ISPs, Mr. Cuomo's office started working on a broader plan under which major ISPs would agree to work to prevent illegal file-sharing. The RIAA believes the new strategy will reach more people, which itself is a deterrent. "Part of the issue with infringement is for people to be aware that their actions are not anonymous," said Mitch Bainwol, the group's chairman. Mr. Bainwol said that while he thought the litigation had been effective in some regards, new methods were now available to the industry. "Over the course of five years, the marketplace has changed," he said in an interview. Litigation, he said, was successful in raising the public's awareness that file-sharing is illegal, but now he wants to try a strategy he thinks could prove more successful. The RIAA says piracy would have been even worse without the lawsuits. Citing data from consulting firm NPD Group Inc., the industry says the percentage of Internet users who download music over the Internet has remained fairly constant, hovering around 19% over the past few years. However, the volume of music files shared over the Internet has grown steadily. Meanwhile, music sales continue to fall. In 2003, the industry sold 656 million albums. In 2007, the number fell to 500 million CDs and digital albums, plus 844 million paid individual song downloads -- hardly enough to make up the decline in album sales. ?Amol Sharma contributed to this article. Write to Sarah McBride at sarah.mcbride at wsj.com and Ethan Smith at ethan.smith at wsj.com From rforno at infowarrior.org Fri Dec 19 17:12:59 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Dec 2008 12:12:59 -0500 Subject: [Infowarrior] - Cheney claims power to decide his own case Message-ID: <6903D367-921A-44D9-BE43-C8C1C928AD8E@infowarrior.org> (We saw this coming a mile away.....-rf) Cheney claims power to decide his own case John Byrne Published: Friday December 19, 2008 http://rawstory.com/news/2008/Cheney_I_am_law_1219.html I am the law. That's the message Vice President Dick Cheney appeared to send in a little-noticed court filing last week, in which his lawyers asserted that the vice president alone has the authority to determine which records are turned over to the National Archives after he leaves office. But the law exempts "personal and partisan" records, which Cheney's lawyers said he will be the sole decider upon. "The vice president alone may determine what constitutes vice presidential records or personal records, how his records will be created, maintained, managed and disposed, and are all actions that are committed to his discretion by law," according to a filing by Cheney's office with the court hearing the case Dec. 8, noted by the AP's Pamela Hess. "National Archives officials have said records of Cheney's dealings with the Republican National Committee would not require preservation under the law," Hess notes. "As of November, it had not made a final determination on the status of Cheney's records produced when he acts as president of the Senate, which he says are exempt." Steven Aftergood, government secrecy expert and editor of the blog, Secrecy News, told Hess the law is unclear as to who is supposed to determine what records can be kept as private property. "Decisions that are made in the next couple of weeks may prove irrevocable," he said. "If records are held from the archivist now they may never be recovered." Cheney was ordered to preserve all records in September while the case progressed. Citizens for Ethics has tangled with the White House for years. Last year, they took issue with the White House's announcement that they'd lost more than five million emails generated between March 2003 and October 2005. "It?s clear that the White House has been willfully violating the law, the only question now is to what extent?" CREW executive director Melanie Sloan wrote. "The ever changing excuses offered by the administration ? that they didn?t want to violate the Hatch Act, that staff wasn?t clear on the law ? are patently ridiculous. Very convenient that embarrassing ? and potentially incriminating ? emails have gone missing. It?s the Nixon White House all over again." From rforno at infowarrior.org Fri Dec 19 17:15:38 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Dec 2008 12:15:38 -0500 Subject: [Infowarrior] - Congressional Hypocracy Message-ID: Funny how they never vote on an across-the-board pay raise for us. I'd like an extra $4700 for my salary, please. And in this economy? Talk about chutzpah. Unbelievable. --rf Disclosure: I used to work for the US House in the mid-90s. With economy in shambles, Congress gets a raise By Jordy Yager Posted: 12/17/08 05:41 PM [ET] http://thehill.com/leading-the-news/with-economy-in-shambles-congress-gets-a-raise-2008-12-17.html A crumbling economy, more than 2 million constituents who have lost their jobs this year, and congressional demands of CEOs to work for free did not convince lawmakers to freeze their own pay. Instead, they will get a $4,700 pay increase, amounting to an additional $2.5 million that taxpayers will spend on congressional salaries, and watchdog groups are not happy about it. ?As lawmakers make a big show of forcing auto executives to accept just $1 a year in salary, they are quietly raiding the vault for their own personal gain,? said Daniel O?Connell, chairman of The Senior Citizens League (TSCL), a non-partisan group. ?This money would be much better spent helping the millions of seniors who are living below the poverty line and struggling to keep their heat on this winter.? However, at 2.8 percent, the automatic raise that lawmakers receive is only half as large as the 2009 cost of living adjustment of Social Security recipients. Still, Steve Ellis, vice president of the budget watchdog Taxpayers for Common Sense, said Congress should have taken the rare step of freezing its pay, as lawmakers did in 2000. ?Look at the way the economy is and how most people aren?t counting on a holiday bonus or a pay raise ? they?re just happy to have gainful employment,? said Ellis. ?But you have the lawmakers who are set up and ready to get their next installment of a pay raise and go happily along their way.? Member raises are often characterized as examples of wasteful spending, especially when many constituents and businesses in members? districts are in financial despair. Rep. Harry Mitchell, a first-term Democrat from Arizona, sponsored legislation earlier this year that would have prevented the automatic pay adjustments from kicking in for members next year. But the bill, which attracted 34 cosponsors, failed to make it out of committee. ?They don?t even go through the front door. They have it set up so that it?s wired so that you actually have to undo the pay raise rather than vote for a pay raise,? Ellis said. Freezing congressional salaries is hardly a new idea on Capitol Hill. Lawmakers have floated similar proposals in every year dating back to 1995, and long before that. Though the concept of forgoing a raise has attracted some support from more senior members, it is most popular with freshman lawmakers, who are often most vulnerable. In 2006, after the Republican-led Senate rejected an increase to the minimum wage, Democrats, who had just come to power in the House with a slew of freshmen, vowed to block their own pay raise until the wage increase was passed. The minimum wage was eventually increased and lawmakers received their automatic pay hike. In the beginning days of 1789, Congress was paid only $6 a day, which would be about $75 daily by modern standards. But by 1965 members were receiving $30,000 a year, which is the modern equivalent of about $195,000. Currently the average lawmaker makes $169,300 a year, with leadership making slightly more. House Speaker Nancy Pelosi (D-Calif.) makes $217,400, while the minority and majority leaders in the House and Senate make $188,100. Ellis said that while freezing the pay increase would be a step in the right direction, it would be better to have it set up so that members would have to take action, and vote, for a pay raise and deal with the consequences, rather than get one automatically. ?It is probably never going to be politically popular to raise Congress?s salary,? he said. ?I don?t think you?re going to find taxpayers saying, ?Yeah I think I should pay my congressman more?.? From rforno at infowarrior.org Fri Dec 19 17:18:02 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Dec 2008 12:18:02 -0500 Subject: [Infowarrior] - OT: "Voice of The Enterprise" dies at 76 Message-ID: <78CE5073-0620-4E78-B500-3054A37BE250@infowarrior.org> "Program Complete. You May Enter When Ready." ---rf Majel B. Roddenberry dies at 76; wife of 'Star Trek' creator was voice of the Enterprise By Dennis McLellan December 19, 2008 http://www.latimes.com/news/obituaries/la-me-roddenberry19-2008dec19,0,1017655.story Majel Barrett Roddenberry, the widow of "Star Trek" creator Gene Roddenberry and an actress whose longtime association with the "Star Trek" franchise included playing Nurse Christine Chapel in the original series, died early Thursday morning. She was 76. Roddenberry died at her home in Bel-Air after a battle with leukemia, said family spokesman Sean Rossall. "She was a valiant lady," Leonard Nimoy, who played Mr. Spock on "Star Trek," told The Times. "She worked hard, she was straightforward, she was dedicated to 'Star Trek' and Gene, and a lot of people thought very highly of her." Once dubbed "The First Lady of 'Trek' " by the Chicago Tribune, Majel (sounds like Mabel) Barrett Roddenberry was associated with "Star Trek" from the beginning. In the first TV pilot, she played a leading role as Number One, the first officer who was second in command. But at the request of various executives, changes were made, and she did not reprise her role in the second TV pilot. Instead, she played the minor role of Nurse Chapel when the series began airing on NBC in September 1966. Roddenberry had another distinction: Beginning with the original series, she supplied the coolly detached voice of the USS Enterprise's computer -- something she did on the various "Star Trek" series. She also was the voice of the Starship Enterprise for six of the 10 "Star Trek" movies that have been released, as well as the 11th, which is due out next year. Roddenberry also played Dr. Christina Chapel in two of the "Star Trek" movies, "Star Trek: The Motion Picture" and "Star Trek: The Voyage Home." And she played the recurring role of the flamboyant Lwaxana Troi on "Star Trek: The Next Generation" and "Star Trek: Deep Space Nine." Roddenberry, whose pre-"Star Trek" acting career included guest appearances on series such as "The Untouchables" and "The Lucy Show," had no idea she was establishing a career path in science fiction when she took her first "Star Trek" role. "Not at all," she said in a 2002 interview with the Tulsa World. "I certainly didn't have any idea that I'd be doing it this long, for so many different shows and films -- especially as a product of a series that was a flop. The original was only on for three years. It wasn't considered a success by anyone's standards." The show took off as a pop-culture phenomenon after it went into syndication, however, and Roddenberry, who was married to Gene Roddenberry from 1969 until his death in 1991, attended her first "Star Trek" convention in 1972. "You know, when the conventions started out, I'd attend four or five a month," she said in the 2002 interview. "But after a while, it got where there was no time for anything else. You'd just travel from city to city, making the same speech, answering the same questions." Rossall said both Gene and Majel Roddenberry maintained warm relationships with "Star Trek" fans. And as late as August, he said, Majel Roddenberry attended a "Star Trek" convention in Las Vegas. As she told the Buffalo City News in 1998, "It's been a hell of a ride." Born Majel Hudec in Columbus, Ohio, on Feb. 23, 1932, she attended the University of Miami and acted in regional theater before heading to Hollywood in the late '50s. Several years after her husband's death, Roddenberry discovered a pilot script and notes he had written for a series in the '70s. And in 1997, with Majel Barrett Roddenberry as an executive producer and playing a recurring role, "Gene Roddenberry's Earth: Final Conflict" began airing in syndication. She later was an executive producer of the syndicated "Gene Roddenberry's Andromeda." She is survived by her son, Eugene "Rod" Roddenberry Jr. Roddenberry had a love of animals and was dedicated to animal rescue. Instead of flowers, the family suggests donations in her name to Precious Paws, www.preciouspaws.org, or CARE (Cat & Canine Assistance, Referral and Education), www.care4pets.org. Funeral and memorial service details are pending. dennis.mclellan at latimes.com From rforno at infowarrior.org Fri Dec 19 17:27:11 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Dec 2008 12:27:11 -0500 Subject: [Infowarrior] - Mass Internet outages in Egypt after cables cut Message-ID: <05A6CDBE-F919-458E-8687-BC6C138FAA67@infowarrior.org> Mass Internet outages in Egypt after cables cut 1 hour ago http://www.google.com/hostednews/ap/article/ALeqM5gmea01PjMKwYuU8amN4_n7W0ycEgD955S40G4 CAIRO, Egypt (AP) ? Egypt's communications ministry says Internet cables in the Mediterranean Sea have been cut, causing massive Internet outages. The ministry says three Internet cables running through the Mediterranean were cut Friday morning. Throughout the country the Internet is almost completely down or working sporadically. The ministry says it will take "several days" for cables to be repaired and is trying to switch Egypt's Internet to an alternative route. It is the second large-scale Internet outage in Egypt this year. Undersea cables were also damaged in January, causing outages in the Mideast and India. Yemen and Sudan were also having phone and Internet difficulties Friday, but it was unclear if it was connected to the outage. From rforno at infowarrior.org Fri Dec 19 17:50:30 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Dec 2008 12:50:30 -0500 Subject: [Infowarrior] - Copy of RIAA's new enforcement notice to ISPs Message-ID: December 19, 2008 8:55 AM PST Copy of RIAA's new enforcement notice to ISPs Posted by Greg Sandoval http://news.cnet.com/8301-1023_3-10127050-93.html The recording industry dropped some big news Friday, announcing that it will no longer take a broad approach to litigating against alleged filed sharers. The Recording Industry Association of America has enlisted the help of internet service providers to act as a sentry and help discourage customers from pirating music. Below is a copy of the form letter the RIAA will send to ISPs to inform them one of their customers is accused of file sharing. The notification is similar to those the group has sent to college campuses for years and shows very clearly that the group retains the right to sue people for copyright violations. VIA EMAIL *ISP* *Date* Sir or Madam: I am contacting you on behalf of the Recording Industry Association of America, Inc. (RIAA) and its member music companies. The RIAA is a trade association whose member companies create, manufacture, and distribute approximately ninety (90) percent of all legitimate music sold in the United States. We believe a user on your network is offering an infringing sound recording for download through a peer to peer application. We have attached below the details of the infringing activity. We have a good faith belief that this activity is not authorized by the copyright owner, its agent, or the law. We are asking for your immediate assistance in stopping this illegal activity. Specifically, we respectfully request that you remove or disable access to the unauthorized music. We believe it is in everyone's interest for music consumers to be better educated about the copyright law and ways to legally enjoy music online. The major record companies have actively licensed their music to dozens of innovative services where fans can go to listen to and/or purchase their favorite songs. A list of many of these services is available at www.musicunited.org. It should be made clear by this letter that downloading and distributing copyrighted songs via peer to peer networks is not an anonymous activity. Not only is distributing copyrighted works on a peer to peer network a public activity visible by other users on that network, an historic 2005 U.S. Supreme Court decision affirmed the unmistakable unlawfulness of uploading and downloading copyrighted works. The website www.musicunited.org contains valuable information about what is legal and what is not when it comes to copying music. In addition to taking steps to notify the network user at issue about the illegal nature of his/her activity, we strongly encourage you to refer him/her to this helpful site. Please bear in mind that this letter serves as an official notice to you that this network user may be liable for the illegal activity occurring on your network. This letter does not constitute a waiver of our members' rights to recover or claim relief for damages incurred by this illegal activity, nor does it waive the right to bring legal action against the user at issue for engaging in music theft. We assert that the information in this notice is accurate, based upon the data available to us. Under penalty of perjury, we submit that the RIAA is authorized to act on behalf of its member companies in matters involving the infringement of their sound recordings, including enforcing their copyrights and common law rights on the Internet. Thank you in advance for your prompt assistance in this matter. If you have any questions, please feel free to contact me via e-mail at antipiracy2 at riaa.com, via telephone at *Phone Number*, or via mail at RIAA, 1025 F Street, NW, 10th Floor, Washington, D.C., 20004. Please reference *Case ID* in any response or communication regarding this matter. Sincerely, RIAA List of infringing content ------------------------------ *Infringing Content* ------------------------- INFRINGEMENT DETAIL ------------------- Infringing Work : XXXXXX Filename : XXXXXX First found (UTC): XXXXXX Last found (UTC): XXXXXX Filesize : XXXXXX IP Address: XXX.XXX.XXX.XXX IP Port: XXXXX Network: XXXXXX Protocol: XXXXXX From rforno at infowarrior.org Sat Dec 20 01:56:35 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Dec 2008 20:56:35 -0500 Subject: [Infowarrior] - Hacking The Hill Message-ID: <201FAAA2-995B-425B-9B9F-55F3EFBB37C3@infowarrior.org> (Fond memories - I was part of the group that stood up the first Infosec Office for the House in the mid-90s. My, how time flies.....even if the culture remains the same! --rick) http://www.nationaljournal.com/njmagazine/cs_20081220_6787.php Hacking The Hill How the Chinese -- or someone -- hacked into House of Representatives computers in 2006, and what it will take to keep out the next electronic invader. by Shane Harris Saturday, Dec. 20, 2008 On October 26, 2006, computer security personnel from across the legislative branch were informed that the Congressional Budget Office had been hit with a computer virus. The news might not have seemed extraordinary. Hackers had been trying for years to break into government computers in Congress and the executive branch, and some had succeeded, making off with loads of sensitive information ranging from codes for military aircraft schedules to design specifications for the space shuttle. Employees in the House of Representatives' Information Systems Security Office, which monitors the computers of all members, staffers, and committee offices, had learned to keep their guard up. Every year of late, they have fended off more than a million hacking attempts against the House and removed any computer viruses that made it through their safeguards. House computers relay sensitive information about members and constituents, and committee office machines are especially loaded with files pertaining to foreign policy, national security, and intelligence. The security office took the information from the CBO attack and scanned the House network to determine whether any machines had been compromised in a similar fashion. They found one. A computer in one member's office matched the profile of the CBO incident. The virus seemed to be contacting Internet addresses outside the House, probably other infected computers or servers, to download malicious files into the House system. According to a confidential briefing on the investigation prepared by the security office and obtained by National Journal, security employees contacted the member's office and directed staffers to disconnect the computer from the network. The briefing does not identify the member of Congress. Apparently worried that the virus could have already infected other machines, security personnel met with aides from the member's office and examined the computer. They confirmed that a virus had been placed on the machine. The member's office then called the FBI, which employs a team of cyber-forensic specialists to investigate hackings. The House security office made a copy of the hard drive and gave it to the bureau. "Somebody with a wireless device in China should expect it to be compromised while he's there." -- Joel Brenner Upon further analysis, the security office found more details about the nature and possible intent of the hack. The machine was infected with a file that sought out computers outside the House system to retrieve "malware," malicious or destructive programs designed to spy on the infected computer's user or to clandestinely remove files from the machine. This virus was designed to download programs that tracked what the computer user typed in e-mail and instant messages, and to remove documents from both the hard drive and a network drive shared by other House computers. As an example of the virus's damage, the security office briefing cited one House machine on which "multiple compressed files on multiple days were created and exported." An unknown source was stealing information from the computer, and the user never knew it. Armed with this information about how the virus worked, the security officers scanned the House network again. This time, they found more machines that seemed to match the profile -- they, too, were infected. Investigators found at least one infected computer in a member's district office, indicating that the virus had traveled through the House network and may have breached machines far away from Washington. Eventually, the security office determined that eight members' offices were affected; in most of the offices, the virus had invaded only one machine, but in some offices, it hit multiple computers. It also struck seven committee offices, including Commerce; Transportation and Infrastructure; Homeland Security; and Ways and Means; plus the Commission on China, which monitors human rights and laws in China. Most of the committee offices had one or two infected computers. In the International Relations Committee (now the Foreign Affairs Committee) office, however, the virus had compromised 25 computers and one server. The House security office contacted the committees' employees and all of the members' offices, and removed the infected computers and servers. The House's technical-support center sent an advisory to all systems administrators, reminding them of safe computing practices, such as not opening links in e-mails from unknown sources. The House security office determined that whoever infected the machines had probably tricked users into visiting a website or clicking on a link in an e-mail or instant message that downloaded an infectious file; the virus then exploited as many of the computer's vulnerabilities that it could detect. A diagram in the security briefing shows how the virus, once it penetrated the computer, made multiple attempts to download different kinds of malicious software. The hacker or hackers -- it's unclear whether more than one was involved -- attempted to evade detection by using an array of attack methods and downloading malicious files from various Internet addresses. The hacker was likely using many other infected machines as launching pads, making it essentially impossible to stop the attacks completely and exceptionally difficult to know where the hacker was located. It's relatively easy for an attacker to mask his or her location by communicating through layers of infected computers and servers around the world. The confidential briefing does not say where the hacker was, nor does it attribute the attack to a particular group or country. Such information is notoriously difficult for investigators to ascertain. But according to some members of Congress whose machines were infected, the attack described in the briefing emanated from China and was probably designed to steal sensitive information from lawmakers' and committee offices. Chinese Traces That allegation and others about Chinese cyber-espionage lie at the heart of a simmering controversy over Chinese or China-supported hacking of U.S. government computer systems. As National Journal reported earlier this year, computer hackers, who several investigators and senior government officials believe are based in China and sometimes work on the Chinese government's behalf, have penetrated deeply into the information systems of U.S. corporations and government agencies. The hackers have reportedly stolen proprietary information from executives and even one Cabinet secretary in advance of business meetings in China. Some sources contend, moreover, that Chinese hackers may have played a role in two major power outages in the United States. Power companies and outside investigators call such allegations demonstrably untrue, but many cyber-security professionals express considerable anxiety about the vulnerability of U.S. networks. Concern about China is so great that, only hours before the opening ceremonies of the Olympic Games in Beijing last summer, the United States' top counterintelligence official, Joel Brenner, warned American visitors to leave their cellular phones and wireless handheld computers at home. "Somebody with a wireless device in China should expect it to be compromised while he's there," Brenner said on CBS News. "The public security services in China can turn your telephone on and activate its microphone when you think it's off." For those who were required or determined to take their electronic equipment, Brenner advised that they remove the batteries when they were not using the device. Chinese sources were at the root of the hack on members of Congress in 2006, according to some lawmakers. In an interview with National Journal last summer, Rep. Mark Kirk, R-Ill., said that the virus described in the House's confidential briefing had infected a machine in his office. House security personnel informed him of the infection, Kirk said, and he called the FBI. Kirk then co-chaired the House U.S.-China Working Group, whose members had met with 11 Chinese business leaders less than a year earlier to discuss bilateral trade issues. The group has held monthly meetings to foster a diplomatic dialogue between Chinese and U.S. officials. Kirk said that his office's infected computer was trying to contact Internet addresses that "eventually resolved themselves in China." He hastened to add, "Obviously, you don't know who is the real owner or operator of the [Internet] address." "On these computers was information about all of the casework I have done on behalf of political dissidents and human-rights activists around the world." -- Frank Wolf The breach could be viewed through one of two lenses, Kirk said. "The bad view" is that Chinese intelligence sources were trying to spy on a member of Congress. The "good view" holds that Chinese citizens, who read about the commission's work in the media, hacked Kirk's computer out of frustration or retribution. But this attack profile, Kirk said, "looked toward the criminal side." "Hacking into a congressional computer is a serious offense," he said. Although Kirk said he didn't know what files, if any, the hacker had pilfered, he assumed that the intruder wasn't looking for information about Kirk's constituents in Illinois. He concluded that the hacker was more interested in his China policy. "At that point," Kirk said, "it seemed what we had was a case of overseas espionage." This past June, Rep. Frank Wolf, a Republican from Northern Virginia, took to the House floor and announced that four of his office's computers "were compromised by an outside source." "On these computers," he said, "was information about all of the casework I have done on behalf of political dissidents and human-rights activists around the world." Wolf is an outspoken critic of China's human-rights policies. "That kind of information, as well as everything else on my office computers -- e-mails, memos, correspondence, and district casework -- was open for outside eyes to see," Wolf said. And then, without naming names, he added, "Several other members were similarly compromised." Wolf said he had met with staff from the House Information Resources office and with FBI officials. "It was revealed," he said, "that the outside sources responsible for this attack came from within the People's Republic of China." A spokesperson for Wolf told NJ that the intrusion he spoke of on the House floor is the same attack described in the confidential briefing obtained by National Journal and prepared by the House information security office. That briefing states that Wolf was one of the eight members affected, and that four of his machines were hit -- the same number that Wolf cited publicly. In his floor remarks, Wolf said that his computers were found to have been compromised in August 2006, two months before the House Information Systems Security Office scanned the network for possible infections. Keeping It Secret The pervasive nature of the 2006 attack begs a question: Why didn't members of Congress publicly disclose these breaches sooner? Wolf offered one answer. "Despite everything we read in the press, our intelligence, law enforcement, national security, and diplomatic corps remain hesitant to speak out about this problem," Wolf said on the House floor. "Perhaps they are afraid that talking about this problem will reveal our vulnerability." He then added, "I have been urged not to speak out about this threat." Wolf didn't say who urged him to remain silent. Kirk, whose office was also hit, said he spoke with Wolf before his remarks. Wolf wanted to publicly raise the issue of cyber-security to bring more attention to the problem, Kirk said. Kirk was more interested in finding the culprits. "My objective was to get even with these guys and nail them. My objective was to tell the FBI as much detail as I can so we can go after them." -- Mark Kirk "My objective was to get even with these guys and nail them," he said. "My objective was to tell the FBI as much detail as I can so we can go after them." In his speech, Wolf urged his colleagues to raise their level of awareness, and he exhorted the executive branch to open up. "I strongly believe that the appropriate officials, including those from the Department of Homeland Security and the FBI, should brief all members of Congress in a closed session regarding threats from China and other countries against the security of House technology, including our computers, BlackBerry devices, and phones," Wolf said. Wolf's outspokenness met resistance, Kirk said. "I think a number of people came to Frank and said, 'Back off. Don't do this,' " Kirk said. He declined to say who had approached Wolf. But he said that "some parts of the government" favor keeping systems open to track attackers, but they aren't inclined to talk about it openly. Both the intelligence community and the military use cyber-monitoring tools that are essentially the same as those directed against U.S. government systems. The Air Force, in particular, considers cyberspace to be a new battleground; the service has reportedly developed a formidable capacity to inflict damage on other nations' computers and electronic infrastructure. Learning Curve Many members of Congress, it seems, may also be uninterested in talking about their cyber-vulnerabilities -- not because they aren't concerned about them but because they don't understand them. Wolf has said that in discussing the threat with colleagues, he has found that members don't realize their computers are tantalizing targets. One cyber-security expert says that Wolf is probably right but that members' ignorance doesn't mean they're indifferent. "As a member of Congress, you have so many issues competing for your attention and, historically, cyber-security hasn't been one that's won out," said Amit Yoran, who was the first director of the National Cyber Security Division in the Homeland Security Department. "It's not an issue that is particularly well tracked by their constituents." Moreover, Yoran said, lawmakers can also fall victim to their own demands. "In Congress, you've got an organization full of a lot of senior executives." Just as in the executive branch or in the private sector, members want to be treated like CEOs. They have "very high support requirements," Yoran said. Put another way, if members of Congress want their computers to access a certain website or run a particular program, they don't ask for technical support -- they demand it. That mind-set makes it exceptionally difficult to protect congressional computers in a uniform fashion. The House and Senate could enact the strictest security policies imaginable, but if members and their aides ignore the policies or ask for exceptions, security degrades. No one understands that better than the office in charge of protecting members' computers -- the House Information Systems Security Office. "I can say, comfortably, that the level and quality of expertise within the security department, the IT department, of the House, is very strong," Yoran said. "The Senate as well." The confidential briefing on the 2006 breach bolsters Yoran's assessment. It is clearly written and demonstrates that the security office understands the dynamic nature of cyber-intrusions. Yoran emphasized, however, that between expertise and adequate security, "there's a lot of ground." Members and their staffers must decide whether to follow security procedures -- and perhaps too often, they don't want to be bothered. Who Should Lead? Congress is more than a tempting and sometimes easy target. Lawmakers also have oversight responsibility for the security of executive branch networks, and they make decisions that affect all U.S. telecommunications systems. Members make the laws that set security policies and standards for government systems. They issue an annual report card and other assessments on how well the government is meeting those standards. Slowly but increasingly, lawmakers are writing statutes aimed at stiffening the penalties for computer intrusion and at defining hacking more clearly as a crime. Yet Congress's repeated run-ins with cyber-thieves and hackers don't appear to have focused lawmakers' oversight efforts. Last week, the Center for Strategic and International Studies, the Washington think tank noted for its defense policy research, released a highly anticipated cyber-security assessment for President-elect Obama. The study group included experts from a range of disciplines and industries, and was co-chaired by two members of Congress: Reps. Jim Langevin, D-R.I., and Michael McCaul, R-Texas. The report, a year in the making, is almost entirely devoted to cyber-security recommendations for the next president. It devotes only one page to Congress's role, perhaps with good reason. The panel essentially concludes that Congress cannot manage cyber-security. The root of the problem, the report said, lies in Congress's inconsistent, almost feudal, approach to oversight. "The fragmentation of oversight complicates efforts to improve homeland security, and cyber-security shares in this problem," the authors wrote. The Homeland Security Department, which is responsible for securing civilian government networks, "has far too many oversight committees -- more than 80 -- exercising jurisdiction." The CSIS study group discussed whether that jurisdiction should be streamlined, a simple enough task on the surface. House and Senate rules don't explicitly give jurisdiction over cyber-issues to any committees, and congressional leaders could limit responsibility to a more manageable number of lawmakers. The study group certainly thought that was a good idea. "Without rules changes that provide clear jurisdiction, responsibility for investigation, oversight, and policy development in cyber-security will depend largely on member interest and the ability of committees to coordinate with each other," the report stated. The study group stopped short of formally recommending that Congress take that step, however. In large measure, that's because the CSIS recommendations were meant for the president-elect, not the speaker of the House and the majority leader of the Senate. But the panel also concluded that cyber-security -- protecting critical networks not only from espionage but also from tampering and potential control by outsiders -- was of such importance and magnitude that only the president could take charge of it. Indeed, the authors titled their report "Securing Cyberspace for the 44th Presidency." "The president could engage [congressional] leaders in a discussion to streamline jurisdiction," the report said, "but jurisdictional consolidation would not produce the immediate improvement in cyber-security that our other recommendations offer." The panel wants Obama to take charge of cyber-security and make the White House its political nerve center. It recommended that he create a new office for cyberspace in the Executive Office of the President that would work closely with the National Security Council, "managing the many aspects of securing our national networks while protecting privacy and civil liberties." Any attempt to broadly secure cyberspace will, by necessity, involve close scrutiny of the information traveling through it, including e-mails, instant messages, and, increasingly, telephone calls. The study group also recommended that Obama appoint an assistant for cyberspace and establish a Cyber-Security Directorate in the NSC. To support that directorate, the experts recommended a National Office for Cyberspace, which would be directed by the president's cyber-assistant. "The new administration has to take rapid action to improve cyber-security, and streamlining congressional jurisdiction isn't one of those actions," said James Lewis, a CSIS senior fellow and the director of its public policy program. He led the study group. "The legislative process is deliberative," Lewis said. "It has to move at its own pace on questions like jurisdiction, but there are things the executive branch can and should do without waiting." From rforno at infowarrior.org Sat Dec 20 03:16:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 19 Dec 2008 22:16:34 -0500 Subject: [Infowarrior] - PGP issues fix for OSX 10.5.6 Mail Message-ID: <58C40198-7E31-4C54-881F-D25E1F56851D@infowarrior.org> This is c/o John Dasher (Director of Product Marketing @ PGP) who responded to my bug report and provided a link to the PGP Mail fix in a MacNN forum. The fix indeed works, even if it remains 'unsupported' by PGP -- for whatever reason -- and I'm glad to have the capability back in Mail. --rf < - > After upgrading to Mac OS X 10.5.6, when you check for new mail or attempt to add or use the PGP Mail plug-in to Mail, the Mail application quits unexpectedly. While this plug-in will retain its "unsupported" status, we recognize that in certain circumstances it serves a need; for information regarding this issue and the updated plug-in, please visit: https://pgp.custhelp.com/cgi-bin/pgp.cfg/php/enduser/std_adp.php?p_faqid=1097 From rforno at infowarrior.org Sun Dec 21 19:55:57 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 21 Dec 2008 14:55:57 -0500 Subject: [Infowarrior] - Pranking (Spoofing) Speed Cameras Message-ID: (Part of me would like to see this widespread around the world as a further method of getting rid of these controversial things.....--rf) WEB EXCLUSIVE -- Local teens claim pranks on county's Speed Cams By Joe Slaninka Special to the Sentinel http://www.thesentinel.com/302730670790449.php As a prank, students from local high schools have been taking advantage of the county's Speed Camera Program in order to exact revenge on people who they believe have wronged them in the past, including other students and even teachers. Students from Richard Montgomery High School dubbed the prank the Speed Camera "Pimping" game, according to a parent of a student enrolled at one of the high schools. Originating from Wootton High School, the parent said, students duplicate the license plates by printing plate numbers on glossy photo paper, using fonts from certain websites that "mimic" those on Maryland license plates. They tape the duplicate plate over the existing plate on the back of their car and purposefully speed through a speed camera, the parent said. The victim then receives a citation in the mail days later. Students are even obtaining vehicles from their friends that are similar or identical to the make and model of the car owned by the targeted victim, according to the parent. "This game is very disturbing," the parent said. "Especially since unsuspecting parents will also be victimized through receipt of unwarranted photo speed tickets. The parent said that "our civil rights are exploited," and the entire premise behind the Speed Camera Program is called into question as a result of the growing this fad among students. The Speed Camera Program was implemented in March of this year and used for the purpose of reducing traffic and pedestrian collisions in the county. Cameras are located in residential areas and school zones where the posted speed limit is 35 miles per hour or lower. A $40 citation is mailed to the owner of the car for violating the speed limit in these areas. The Montgomery County Police said they have not seen or heard of this prank occurring but said they will keep an eye out for people committing the crime. "I hope the public at large will complain loudly enough that local Montgomery County government officials will change their policy of using these cameras for monetary gain," the parent said. "The practice of sending speeding tickets to faceless recipients without any type of verification is unwarranted and an exploitation of our rights." Edward Owusu, Assistant Principal at Wootton High School, said that he heard of local students pulling the prank when the school received a call from a parent informing them of its occurrence. "I have not heard of this happening among students at Wootton," Osuwu said. "It is unfortunate that kids have a lot of time on their hands that they can think of doing such a thing." Montgomery County Council President Phil Andrews said that the issue is troubling in several respects. "I am concerned that someone could get hurt, first of all, because they are speeding in areas where they know speeding is a problem," he said. Andrews also said that this could hurt the integrity of the Speed Camera Program. "It will cause potential problems for the Speed Camera Program in terms of the confidence in it," he said. He said he is glad someone caught it before it becomes more widespread and he said he hopes that the word get out to the people participating in this that there will be consequences. From rforno at infowarrior.org Mon Dec 22 14:35:01 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Dec 2008 09:35:01 -0500 Subject: [Infowarrior] - How Scientists View Law Enforcement Message-ID: http://www.scienceprogress.org/2008/12/science-and-law-enforcement/ How Scientists View Law Enforcement Anecdotal evidence, including several high-profile cases of scientists under criminal investigation, has led to the impression that many in the scientific community hold a negative view of law enforcement [1, 2, 3]. While justified in some cases, this divide is a serious liability to law enforcement, since cooperation and consultation with scientists aids in threat assessment, investigation, intelligence gathering, and the recruitment of personnel with specialized skills. But before the two communities can solve this problem with training for law enforcement personnel and through outreach to the scientific community, it is necessary to get a sense of the types and range of views of law enforcement within the scientific community. Here we present the results of a survey of the scientific community conducted in conjunction with the FBI to evaluate the working relationship between FBI field agents and scientists. The survey was sent to 10,969 members of the American Association for the Advancement of Science between January 23 and February 18 of this year. 1,332 surveys were completed, and the resulting data produced an average margin of error associated with the total data set of +/- 2.7 percent. A complete version of the survey questions is available in the supplemental material (Table 1). The attitudes of scientists toward law enforcement personnel are not vastly different from those of the general public (4) (Figure A, below). However, a larger percentage of scientists indicated cooler feelings towards the FBI than the general public, suggesting that these reservations are particular to the scientific community and require specific solutions with the scientific community in mind < - > http://www.scienceprogress.org/2008/12/science-and-law-enforcement/ From rforno at infowarrior.org Mon Dec 22 15:16:27 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 22 Dec 2008 10:16:27 -0500 Subject: [Infowarrior] - One ISP says RIAA must pay for piracy protection Message-ID: <9E56F50A-BF91-40DC-B080-981232DE71B4@infowarrior.org> One ISP says RIAA must pay for piracy protection Posted by Greg Sandoval http://news.cnet.com/8301-1023_3-10127841-93.html?part=rss&subj=news&tag=2547-1_3-0-20 Jerry Scroggin, owner-operator of Bayou Internet and Communications, wants the music and film industries to know that he's not a cop and he doesn't work for free. Scroggin, who sells Internet access to between 10,000 and 12,000 customers in Louisiana, heard the news on Friday that the Recording Industry Association of America (RIAA) has opted out of suing individuals for pirating music. Instead, the group representing the four largest music labels is forging partnerships with Internet service providers and asking them to crack down on suspected file sharers. According to Scroggin, if RIAA representatives ask the help of his ISP, they had better bring their checkbook--and leave the legal threats at home. (CNET News obtained a copy of the RIAA's new notice to ISPs here). Scroggin said that he receives several notices each month with requests that he remove suspected file sharers from his network. Each time, he gets such a notice from an entertainment company, he sends the same reply. "I ask for their billing address," Scroggin said. "Usually, I never hear back." Scroggin's case underscores a potential obstacle for the RIAA's plan to enlist the help of ISPs. Small companies like his are innocent bystanders in the music industry's war on copyright infringement. Nonetheless, they are asked to help enforce copyright law free of charge. Many of them can't afford it, he said. Significant resources must be devoted to chasing down suspected file sharers and there's a real cost to that. After talking to Scroggin, it sounds as if the entertainment sector might also have taken a heavy-handed approach to dealing with ISPs in the past and there might be some bad blood built up. "They have the right to protect their songs or music or pictures," Scroggin said. "But they don't have the right to tell me I have to be the one protecting it. I don't want anyone doing anything illegal on my network, but we don't work for free." Reached late Sunday night, an RIAA spokesman declined to comment. Scroggin wants to be reasonable. He tells me he doesn't want to come across as a "hard ass." He just wants someone in big media to understand his position as the operator of a small business. Incorporated in 1995, Bayou Internet and Communications, based in Monroe, La., typically sells Internet access to small businesses, residences, and municipal services. His customers include parish court houses, homeowners, district attorneys, and rural hospitals. The company is probably similar to lots of small ISPs around the country that operate on tight budgets and must compete against much larger players, such as Comcast or AT&T. Scroggin is no radical. He respects the law and said he has a long history of cooperating with authorities to protect people from harm. "If it was life threatening, I'm the first to jump," he said. "We've been contacted by police over Denial of Service and bot attacks. We'll have Secret Service and FBI conversations. We help if police are on perv watch." But protecting against copyright violations just doesn't have the same urgency, not enough that that ISPs should be asked to work without compensation, Scroggin said. Here are the realities of being "HBO's free police," he said. First, when a media company demands he kick a customer off the network, there is very little in the way of proof offered that the person in question has committed a crime, according to Scroggin. Yet, entertainment companies want Scroggin to simply wave goodbye to a customer who might have signed up for a three-year plan. At $40 per month, that customer is potentially worth $1,440 to Scroggin over the life of the plan. That, says the ISP owner, is unreasonable. Next, it's expensive and time consuming to ask highly paid technicians to chase down IP logs and customer IDs, Scroggin said, noting that it's especially difficult nowadays because it's extremely easy to spoof IP addresses. And then there are the letters Scroggin receives from Hollywood that demand he act or else. "I'm not doing anything to damage their business," Scroggin said. "But somehow this 99-cent song is my fault." Scroggin warns that the film and music industries must try a new tack if they want cooperation from ISPs. They can start by helping to cover some of the costs for helping to enforce copyright. "There's got to be a better way than HBO sending me threatening e- mail," he said. "What I'm saying is, let's sit at the table and come up with a way that works for everyone, including the customers." Greg Sandoval covers media and digital entertainment for CNET News. He is a former reporter for The Washington Post and the Los Angeles Times. E-mail Greg. From rforno at infowarrior.org Tue Dec 23 21:10:39 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Dec 2008 16:10:39 -0500 Subject: [Infowarrior] - Looking ahead at security trends for 2009 Message-ID: <73C3C505-7E00-4550-A892-7A77FAEE9080@infowarrior.org> Looking ahead at security trends for 2009 Posted by Jon Oltsik http://news.cnet.com/8301-1009_3-10128133-83.html?part=rss&subj=news&tag=2547-1_3-0-20 In spite of the global economic recession, information security will continue to be a dominant IT priority in 2009. Why? There are simply too many threats and vulnerabilities creating a perpetual increase in IT risk. With that, here is my top-10 list (in no particular order) of technologies and trends to watch for in the new year: 1. The evolving definition of endpoint security: Some analysts have declared that, antivirus software is dead. I disagree and submit that endpoint security is simply evolving as a function of the changing threat landscape. This is the primary reason why Sophos (a legacy antivirus company) bought Utimaco (a data security company) in 2008. Look for traditional antivirus, anti-spyware, and firewall software to merge with endpoint operations, data loss prevention, and full-disk encryption in 2009. 2. More emphasis on cybersecurity: This year began with the establishment of the Comprehensive National Cybersecurity Initiative (CNCI), an effort to strengthen government networks. While well- intended, CNCI has received minimal funding and support. In December, a Center for Strategic and International Studies report, further described the sorry state of cybersecurity and called for drastic improvements. Look for President-elect Barack Obama to get behind this effort in a big way with funding, a real public/private partnership, and cooperative intelligence and law enforcement with a growing list of foreign nations. 3. Increasingly stringent privacy legislation: Privacy advocates like the American Civil Liberties Union and the Center for Democracy and Technology are hopeful that the change in administration will finally lead to more comprehensive national privacy legislation in 2009 and beyond. This momentum should persuade the Senate to finally push the Personal and Data Privacy Act of 2007 (S.495), which has been dormant since May. In the meantime, look for states like Michigan and Washington to follow the lead of Massachusetts and Nevada in mandating data encryption. 4. Security in the cloud: While "cloud" has turned into a vague industry security blanket term, I do believe that 2009 will be a strong year for managed security services. Many organizations simply don't have the capital budget dollars or security skills to take on the increasingly sophisticated bad guys themselves--good news for IBM and Symantec. Additionally, companies like Blue Coat, Cisco, and Trend Micro will supplement on-site security equipment with scalable reputation and update services in the cloud. 5. Virtualization security: As server and desktop virtualization continues to proliferate, we will need better security tools for things like role-based access control, virtual server identity management, virtual network security, and reporting/auditing. Citrix, Microsoft, and VMware will lead this effort with partnering support from others like IBM (Project Phantom), McAfee, and Q1 Labs. 6. Secure software development: In 2008, the majority of malicious code attacks targeted applications, not operating systems. This fact combined with growing focus on cybersecurity will force software companies to embrace secure software development efforts such as the Open Web Application Security Project (OWASP) or the SANS Software Security Institute. Ironically, Microsoft and its Pro Network partners like Security Innovation are best positioned to bring secure software development best practices to the masses. 7. Information-centric security: The recent Microsoft/RSA announcement is a sign of things to come. Organizations large and small need to be able to discover and classify sensitive information, apply security policies, and then enforce these policies throughout the network. This will continue to become a reality in 2009 as documents and file systems are integrated with data loss prevention and enterprise rights management systems. Look for further progress like the introduction of PKI in the mix along with discussions about metadata standards for data classification and security rules enforcement. 8. Ubiquitous encryption: Encryption technologies are more often becoming "baked in" rather than "bolted on." Tape drives now contain cryptographic processors as do hard drives from Fujitsu, Hitachi, and Seagate. And Intel will ship a version of its vPro chip set in 2009 that also supports on-board encryption. In 2009, we will start to see multiple layers of encryption technologies running on top of each other. Good for data confidentiality and integrity but this will also highlight the need for enterprise-class encryption key management-- another technology on the 2009 "watch list." 9. Entitlement management: Authentication gets you in the network door, while entitlement management governs what you can and can't do. Entitlement management is currently done on an application-by- application basis but this doesn't scale, is ripe for human error, and is nearly impossible to audit for compliance. Enter centralized entitlement management brought to you by Cisco, IBM/Tivoli, Rohati, and RSA Security. Look for lots of buzz as well as pilot projects by the summer. By the end of 2009, IT professionals should be intimately familiar with XACML (XML Access Control Markup Language). 10. Business process security: Securing all IT assets across the enterprise is a daunting task--too big for risk-averse business managers. Rather than rely on IT reports and security point tools alone, line-of-business executives will want more visibility and oversight into their exclusive domains with detailed and succinct portals, reports, and auditing systems. Ultimately, CEOs will support this effort as it forces individual business units to build security into their P&Ls. This trend favors big services vendors like Accenture, CSC, and HP with vertical industry tools, business process expertise, and executive relationships. I'm generally an optimist, but I do have one additional, more gloomy prediction. Given the alarming state of disarray, look for some type of security breach in 2009 that exceeds the TJX incident. On that cheerful note, happy holidays. From rforno at infowarrior.org Wed Dec 24 03:18:45 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Dec 2008 22:18:45 -0500 Subject: [Infowarrior] - Fwd: Looking ahead at security trends for 2009 References: Message-ID: <12152A66-A2C3-470F-8161-B19941384C6C@infowarrior.org> As always, I agree w/Jericho 100%. If I was not otherwise busy today I'd have probably been saying the same thing. Great evil minds think alike, I guess. --rf Begin forwarded message: > From: security curmudgeon > Date: December 23, 2008 9:13:20 PM EST > To: Richard Forno > Subject: Re: [Infowarrior] - Looking ahead at security trends for 2009 > > > I don't know about you, but we've had years of these IT or Security > trends/prediction mails now, and they are getting old and more > irrelevant. > It's hard to take any of these seriously if they don't reference a > previous years predictions and how they turned out. > > : Looking ahead at security trends for 2009 > : Posted by Jon Oltsik > : > : http://news.cnet.com/8301-1009_3-10128133-83.html?part=rss&subj=news&tag=2547-1_3-0-20 > : > : In spite of the global economic recession, information security will > : continue to be a dominant IT priority in 2009. Why? There are > simply too > : many threats and vulnerabilities creating a perpetual increase in IT > : risk. > > "Continue" to be a dominant IT priority? So all of the articles i've > seen > for years about security making up 5% of an IT budget counts as > 'dominant'? > > : 1. The evolving definition of endpoint security: Some analysts have > : declared that, antivirus software is dead. I disagree and submit > that > : endpoint security is simply evolving as a function of the changing > : threat landscape. This is the primary reason why Sophos (a legacy > : antivirus company) bought Utimaco (a data security company) in 2008. > : Look for traditional antivirus, anti-spyware, and firewall > software to > : merge with endpoint operations, data loss prevention, and full-disk > : encryption in 2009. > > 1. Anti-virus is a completely catch-up market that lives off > subscription > fees more than new sales. As such, signatures (responsive) are > priority, > not heuristics (proactive) development. > > 2. We've heard about this full-disk encryption crap since 1995 and > the PGP > bandwagon was just getting moving. Solid encryption has been around > for a > long time. Software has been around for a long time. Yet, we haven't > seen > this become a reality. Why not, and why will that change this year. > > : 2. More emphasis on cybersecurity: This year began with the > : establishment of the Comprehensive National Cybersecurity Initiative > : (CNCI), an effort to strengthen government networks. While well- > : intended, CNCI has received minimal funding and support. In > December, a > : Center for Strategic and International Studies report, further > described > : the sorry state of cybersecurity and called for drastic > improvements. > : Look for President-elect Barack Obama to get behind this effort in > a big > : way with funding, a real public/private partnership, and cooperative > : intelligence and law enforcement with a growing list of foreign > nations. > > A lot of big pretty words that make up the same prediction we see > every > year, while .gov security continues to be dismal at best. Some new > acronym > initiative isn't enough to make it a reality. We've had our share of > these > groups/bodies/standards, we haven't had our share of .gov security. > > : 4. Security in the cloud: While "cloud" has turned into a vague > industry > : security blanket term, I do believe that 2009 will be a strong > year for > : managed security services. Many organizations simply don't have the > : capital budget dollars or security skills to take on the > increasingly > : sophisticated bad guys themselves--good news for IBM and Symantec. > : Additionally, companies like Blue Coat, Cisco, and Trend Micro will > : supplement on-site security equipment with scalable reputation and > : update services in the cloud. > > Wait, you said that security will be a dominant priorit, and now you > say > organizations simply don't have the budget or skill. Pick one. > > I like your term "Scalable reputation", as it's something I have been > using for a long time. As vulnerabilities in products from IBM, > Symantec > and Cisco are released, my perception of their reputation drops. > > : 5. Virtualization security: As server and desktop virtualization > : continues to proliferate, we will need better security tools for > things > : like role-based access control, virtual server identity management, > : virtual network security, and reporting/auditing. Citrix, > Microsoft, and > : VMware will lead this effort with partnering support from others > like > : IBM (Project Phantom), McAfee, and Q1 Labs. > > Plug all of those names in your favorite vulnerability database, > then ask > why you think they will lead anything in the realm of security. From rforno at infowarrior.org Wed Dec 24 03:38:07 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 23 Dec 2008 22:38:07 -0500 Subject: [Infowarrior] - 9 y/o Indian girl becomes MS Certified Pro Message-ID: <0B49AD84-6E89-4C5C-97BB-11435C2D573C@infowarrior.org> Nine-year old girl is youngest person to become Microsoft Certified Professional by Laura June, posted Dec 23rd 2008 at 8:38PM http://www.engadget.com/2008/12/23/nine-year-old-girl-is-youngest-person-to-become-microsoft-certif/ A nine year-old girl in India named M. Lavinashree has passed the Microsoft Certified Professional Exam, becoming the youngest person to ever pull it off (smashing the record previously held by a 10 year-old Pakistani girl). The youngster has a long history of making records in her short life -- including reciting all 1,300 couplets of a 2,000 year-old Tamil epic at the age of three -- and now she's now cramming for the Microsoft Certified Systems Engineer Exam. We'll be honest, this really takes the zing out of our biggest accomplishment at the age of nine: figuring out where in the world Carmen Sandiego was. From rforno at infowarrior.org Wed Dec 24 14:13:46 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Dec 2008 09:13:46 -0500 Subject: [Infowarrior] - XKCD Kills The Xmas Spirit Message-ID: <5F08C203-18D6-4826-B0FE-7B9F51BC8CF2@infowarrior.org> http://xkcd.com/521/ Today's XKCD quote-du-jour: Her -- "Great. Bill Gates Kills Santa. Him -- "I thought it was Stallman with a dyed beard." I'll never see Santa the same way again. Hee. So Happy Whatever to you readers--- even though it sure as hell doesn't seem/feel like Xmas anywhere I've been this month, I hope you all have a great holiday weekend! -rf From rforno at infowarrior.org Wed Dec 24 16:18:23 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Dec 2008 11:18:23 -0500 Subject: [Infowarrior] - LTG Alexander, Obama's Cyber-Czar? Message-ID: Obama administration to form new cyber war doctrine John Stokes Monday, 22nd December 2008 http://www.spectator.co.uk/americano/3186321/obama-administration-to-form-new-cyber-war-doctrine.thtml The Obama administration is set to appoint General Keith Alexander (pictured), the current Director of the National Security Agency, to be the new Cyber Czar. In a major departure from the past, Alexander, who will receive his fourth general?s star, will have an initial budget of around $8 billion and will control how it is spent within NSA, the Department of Homeland Security and the Pentagon. In effect, this will mean that the new head of NSA will report to him instead of to the Secretary of Defense on a huge area of business. In the past five years, President Bush has had five Cyber Czars, all of whom failed miserably to get to grips with the cyber security challenge, in part because they had no money to dispense. Absent that carrot, no amount of sticks will make the slightest difference in the Washington bureaucracy. The result of the Bush administration?s indolence has been the wholesale pillaging of economic and military secrets by foreign nations such as China, Israel, Iran and Russia and the phenomenal growth of cyber organized crime which is now a multi-billion dollar a year illegal business that involves almost no risk. The raising of the power and influence of the cyber czar along with his huge budget will have a significant global impact. America will be developing and implementing a new doctrine for war in cyberspace which will include clear offensive capabilities and when and how they will be used. For that doctrine to be effective, there will have to be extensive discussions with allies and potential enemies and the Obama administration will be seeking to develop a new Cyber Treaty along the lines of the Nuclear Non-Proliferation Treaty to codify this new realm of warfare. Although exactly who Alexander will report to has not been decided, he will likely sit in the office of the Director of National Intelligence which will be run by Admiral Denny Blair, whose appointment was announced last week. Alexander has a reputation as a hard-charging technology innovator who took over NSA from Mike Hayden, the current head of CIA, in 2005. The handover was a frosty one as Alexander loathes Hayden who he considers to be an incompetent blowhard and the men rarely speak. Alexander is, in some ways, a classic geek as he holds five different degrees, including one in electronic warfare and another in physics. However, he is also amusing and congenial company. He had a rough start at NSA which had a very poor record of innovation under Hayden. Within weeks of starting he embarked on a very ambitious technology program codenamed Turbulence which grew to include other programs such as Traffic Thief and Turmoil at a cost of more than $500m a year. Collectively, these highly classified programs have enabled NSA to collect, process and deliver real time analysis of the millions of communications that are intercepted worldwide by NSA every minute. For now, Turbulence only operates in limited geographical areas such as parts of Asia but it is expected that Alexander will use some of his new budget to ensure the program?s expansion to other regions. It is unlikely that Alexander will face the confirmation challenges that confront many others who served in the national security arena during the Bush years. It was Hayden, not Alexander, who encouraged and implanted the widespread and illegal bugging of Americans in an operation codenamed Stellar Wind. And Alexander?s fingerprints are not on any of the kidnappings, torture or assassinations that have formed part of the Bush foreign policy. From rforno at infowarrior.org Wed Dec 24 16:41:05 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Dec 2008 11:41:05 -0500 Subject: [Infowarrior] - Hollywood wants in on ISP "graduated responses, " too Message-ID: <88C46C62-8D59-4B72-90FC-16AF2B73C144@infowarrior.org> Hollywood wants in on ISP "graduated responses," too By Nate Anderson | Published: December 24, 2008 - 08:50AM CT http://arstechnica.com/news.ars/post/20081224-movie-biz-wants-in-on-graduated-response-too.html "Graduated response" isn't just for music; Ars has learned that the Motion Picture Association of America has been having similar discussions with US ISPs for some time and has already been involved in trial projects. The results of this limited testing have been encouraging to the movie business, as they show that most people do in fact stop sharing files illegally after receiving a simple warning from their Internet provider. The recording industry made waves last week by announcing a set of voluntary agreements with American ISPs to pass warnings (and eventually sanctions) to users accused of sharing files illegally over P2P networks. The scheme is similar in concept to the recent deals in the UK and France, but such graduated response mechanisms are actually under consideration all over the world. Many of the public pronouncements concerning these efforts have focused on music, something that has always led to a bit of curiosity here in the Orbiting HQ. If such a system is implemented, why would it apply only to a certain industry? Everything about the design of such systems suggest that they will actually function like a general copyright compliance engine that can run on the fuel provided by any industry dealing in digital work: movies, music, e-books, stock photos. That impression was confirmed when Ars spoke to the MPAA's John Malcolm, an executive VP who oversees worldwide antipiracy operations for the industry. The movie business has been pursuing graduated response discussions for some time, though separately from the music industry. To the MPAA, graduated response looks like a nonpunitive approach for dealing with P2P?perfect, because the movie industry has no desire to adopt a "sue-'em-all" approach to dealing individual file- sharers. Malcolm goes so far as to call the idea a "win/win/win" situation. Rightsholders win by gaining more control over illegal distribution of their content without lengthy court cases, a confrontational public stance, and the bad PR that comes from suing dead grandmothers and kids in housing projects. ISPs win by clamping down on the heaviest P2P users on their networks. And movie lovers win by... well, by not getting sued. (One can certainly see how a "Hey, knock it off" warning note might compare favorably with a "Hey, pay us $3,000 and we won't sue you" letter.) Users might also be said to benefit by avoiding the implementation of widespread ISP content filtering, which for a while was being pushed quite strongly as a good solution to P2P problems. Malcolm won't rule out such filtering, though he says that "given current technologies" it appears to be a better choice for streaming video (from sites like YouTube, where it operates at the edges of the network) than for P2P. Adopting graduated response and letting the industry do all the identification should also avoid some of the regulatory problems that could crop up if ISPs instead started scanning and blocking content in realtime. Unlike the music business, Hollywood has yet to make any public graduated response announcements, though discussions are well under way around the world. Malcolm insists that the MPAA wants to appeal to people's better natures and give them the benefit of the doubt before pursuing tough sanctions, but this approach depends on people changing behavior with just a warning. One UK study showed that most file-swappers would stop after a simple notification, but such data has been limited. Malcolm admits that his industry doesn't have that much information to go on yet, but says that ISP trials do show people willing to make a change. He has been "very encouraged by the fact that there have not been many repeat infringers." Given all the "three strikes" discussions that have taken place with ISPs around the world, it might be surprising that the movie business has generally been mentioned so little. Malcolm has a theory about that too; when an industry files tens of thousands of lawsuits, it tends to attract attention. But behind the scenes, working with ISPs and governments, the movie business has a clear plan to implement graduated response on its terms. Coupled with the increased use of filtering technology (even sites like DailyMotion have signed on to filter long-form copyrighted clips) on user-generated content sites, lawsuits against sites that purposely host or link to illegal copies of movies, tougher camcording laws, and dogs that sniff for pirate DVDs, the MPAA wants to make its movies (much) harder to copy. It will never succeed completely, but making the speedbump even "bumpier" for casual downloaders would be a tremendous win for the industry. From rforno at infowarrior.org Wed Dec 24 17:28:37 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Dec 2008 12:28:37 -0500 Subject: [Infowarrior] - VHS Rides Off Into The Sunset Message-ID: <243560EE-94EE-4B51-9DF4-D2504C5E19F3@infowarrior.org> VHS Rides Off Into The Sunset December 23, 2008 | by Geoff Duncan http://news.digitaltrends.com/news-article/18730/vhs-rides-off-into-the-sunset The venerable VHS tape is finally vanishing in the rear-view mirror as the last major supplier stop distribution. VHS tape, the format that for better?and worse?brought video into untold millions of households around the world is finally going the way of the dinosaur?at least in the United States. After the 2008 holiday season, Distribution Audio Video?the last major distributor of VHS tapes in the United States?is finally calling it quits, and will stop distributing VHS tapes. Although Hollywood hasn't released a movie in VHS format since 2006, a number of bargain retailers were still stocking the format, and it's also lived on in a number of isolated markets like cruise ships, public libraries, military bases, and care facilities. "It's dead, this is it, this is the last Christmas, without a doubt," said Distribution Video Audio president Ryan J. Kugler, to the L.A. Times. "I was the last one buying VHS and the last one selling it, and I'm done. Anything left in warehouse we'll just give away or throw away." Consumers have long since indicated their preference for DVD over VHS tapes, and Distribution Audio Video is now in the DVD distribution business?although it predicts DVDs are also on their way out, to be replaced by Blu-ray. Nonetheless, the shutdown of the last major VHS distributor in the United States doesn't mean the world has finally embraced digital video. Countless titles and content that have been available on VHS has yet to be released on DVD, whether it be classic films from pre- war Hollywood or simply performances by under-appreciated bands and artists, the amount of material available on DVD has yet to encompass everything that was available on VHS. And, of course, VHS will continue to live for some time in developing markets around the world. From rforno at infowarrior.org Wed Dec 24 21:16:25 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 24 Dec 2008 16:16:25 -0500 Subject: [Infowarrior] - Holiday Wishes Message-ID: This is an appropriate quote (from perhaps one of my all-time favorite TV shows), especially coming from someone inside the DC Beltway...... Sir Humphrey: "I wonder if I might crave your momentary indulgence in order to discharge a, by-no-means disagreeable obligation, which is over the years become more or less an established practice within government circles as we approach the terminal period of the year -- the calendar of course, not the financial. In fact, not to put a too fine a point on it, week 51, and submit to you, with all appropriate deference for your consideration at a convenient juncture, a sincere and sanguine expectation and indeed confidence....indeed one might go so far to say....hope, that the aforementioned period may be, at the end of the day, when all relevant factors have been taken into consideration, susceptible of being deemed to be such, as to merit the final verdict of having been, by no means unsatisfactory in it?s overall outcome, and in the final analysis, to give grounds for being judged, on mature reflection to have been conducive to generating a degree of gratification, which will be seen in retrospect to have been significantly higher than the general average." Jim Hacker: [dourly] "Humphrey, are you saying Happy Christmas?" Sir Humphrey: "Yes Minister!" Translation: Happy Holidays to all!! :) -rick From rforno at infowarrior.org Fri Dec 26 14:55:02 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Dec 2008 09:55:02 -0500 Subject: [Infowarrior] - Comcast sued for not selling set-top boxes, CableCARDs Message-ID: Comcast sued for not selling set-top boxes, CableCARDs By Nate Anderson | Published: December 26, 2008 - 08:05AM CT http://arstechnica.com/news.ars/post/20081226-comcast-sued-for-not-selling-set-top-boxes-cablecards.html Cheryl Corralejo is mad at hell at Comcast, and she isn't going to take it anymore. The object of her righteous crusade? Cable box rentals. Corralejo wants to own her box outright, and she has filed a class action complaint on behalf of all other Californians who desperately want to stop paying monthly fees just for a bit of decryption equipment. The case, filed in federal court in California, began in late November and was recently unearthed by Multichannel News. Comcast has yet to respond. The gist of the case, according to a copy of the complaint seen by Ars Technica, is rental fees. Corralejo argues that Comcast has a monopoly over video service in her area and that it uses that monopoly power to force her to use decryption equipment, which Corralejo cannot purchase outright. After only a few months, alleges the complaint, end users have already paid Comcast more than the box is worth. Reading the complaint through is an odd experience, because the first pages sound like something written when the whole CableCARD debate was pending before the Federal Communications Commission. In the end, the FCC forced the industry to separate out its decryption equipment into a physical CableCARD that could be acquired separately from a cable company box and could be inserted into any third-party video gear that supported it. In other words, renting a cable box has not actually been a requirement of cable operators for years. On page six, the complaint finally gets around to the point, acknowledging it but arguing that CableCARDs aren't the equivalent of set-top boxes. The complaint quotes from Comcast's own website, which points out that "the full range of interactive services" may not be available with a CableCARD, as current host devices generally support only one-way operation. In addition, Corralejo complains that the CableCARD still has to be rented from the company; it cannot be purchased outright. There's simply no way to avoid some form of rental fee. (Comcast's website indicates that the first CableCARD a customer needs is included in the monthly bill, however; only additional CableCARDs cost money, currently "up to $2.05" a month.) These practices are called "unlawful tying" under the Sherman Antitrust Act, as well as a violation of California's business and professions code. From rforno at infowarrior.org Fri Dec 26 14:57:19 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 26 Dec 2008 09:57:19 -0500 Subject: [Infowarrior] - DHS forecasts 5-year terror threats Message-ID: <08212FE1-E96F-4C6E-8F24-F56CA3E99D89@infowarrior.org> DHS forecasts 5-year terror threats Email this Story Dec 25, 6:35 PM (ET) By EILEEN SULLIVAN http://apnews.myway.com/article/20081225/D95A1JLO0.html WASHINGTON (AP) - The terrorism threat to the United States over the next five years will be driven by instability in the Middle East and Africa, persistent challenges to border security and increasing Internet savvy, says a new intelligence assessment obtained by The Associated Press. Chemical, biological, radiological and nuclear attacks are considered the most dangerous threats that could be carried out against the U.S. But those threats are also the most unlikely because it is so difficult for al-Qaida and similar groups to acquire the materials needed to carry out such plots, according to the internal Homeland Security Threat Assessment for the years 2008-2013. The al-Qaida terrorist network continues to focus on U.S. attack targets vulnerable to massive economic losses, casualties and political "turmoil," the assessment said. Earlier this month, Homeland Security Secretary Michael Chertoff said the threat posed by weapons of mass destruction remains "the highest priority at the federal level." Speaking to reporters on Dec. 3, Chertoff explained that more people, such as terrorists, will learn how to make dirty bombs, biological and chemical weapons. "The other side is going to continue to learn more about doing things," he said. Marked "for official use only," the report does not specify its audience, but the assessments typically go to law enforcement, intelligence officials and the private sector. When determining threats, intelligence officials consider loss of life, economic and psychological consequences. Intelligence officials also predict that in the next five years, terrorists will try to conduct a destructive biological attack. Officials are concerned about the possibility of infections to thousands of U.S. citizens, overwhelming regional health care systems. There could also be dire economic impacts caused by workers' illnesses and deaths. Officials are most concerned about biological agents stolen from labs or other storage facilities, such as anthrax. "The threat of terrorism and the threat of extremist ideologies has not abated," Chertoff said in his year-end address on Dec. 18. "This threat has not evaporated, and we can't turn the page on it." These high-consequence threats are not the only kind of challenges that will confront the U.S. over the next five years. Terrorists will continue to try to evade U.S. border security measures and place operatives inside the mainland to carry out attacks, the 38- page assessment said. It also said that they may pose as refugees or asylum seekers or try to exploit foreign travel channels such as the visa waiver program, which allows citizens of 34 countries to enter the U.S. without visas. Long waits for immigration and more restrictive European refugee and asylum programs will cause more foreigners to try to enter the U.S. illegally. Increasing numbers of Iraqis are expected to migrate to the U.S. in the next five years; and refugees from Somalia and Sudan could increase because of conflicts in those countries, the assessment said. Because there is a proposed cap of 12,000 refugees from Africa, officials expect more will try to enter the U.S. illegally as well. Officials predict the same scenario for refugees from Afghanistan, Bangladesh and Pakistan. Intelligence officials predict the pool of radical Islamists within the U.S. will increase over the next five years due partly to the ease of online recruiting means. Officials foresee "a wave of young, self- identified Muslim 'terrorist wannabes' who aspire to carry out violent acts." The U.S. has already seen some examples of these homegrown terrorists. Recently five Muslim immigrants were convicted of plotting to massacre U.S. soldiers at Fort Dix in a case the government said demonstrated its post-Sept. 11 determination to stop terrorist attacks in the planning stages. The Lebanese Shiite group Hezbollah does not have a known history of fomenting attacks inside the U.S., but that could change if there is some kind of "triggering" event, the Homeland assessment cautions. A 2008 Interagency Intelligence Committee on Terrorism assessment said that Hezbollah members based in the U.S. do local fundraising through charity projects and criminal activity, like money laundering, smuggling, drug trafficking, fraud and extortion, according to the homeland security assessment. In addition, the cyber terror threat is expected to increase over the next five years, as hacking tools become more sophisticated and available. "Youthful, Internet-savvy extremists might apply their online acumen to conduct cyber attacks rather than offer themselves up as operatives to conduct physical attacks," according to the assessment. Currently, Islamic terrorists, including al-Qaida, would like to conduct cyber attacks, but they lack the capability to do so, the assessment said. The large-scale attacks that are on al-Qaida's wishlist - such as disrupting a major city's water or power systems - require sophisticated cyber capabilities that the terrorist group does not possess. But al-Qaida has the capability to hire sophisticated hackers to carry out these kinds of attacks, the assessment said. And federal officials believe that in the next three to five years, al-Qaida could direct or inspire cyber attacks that target the U.S. economy. Counterterrorism expert Frank Cilluffo says the typical cyber attack would not achieve al-Qaida's main goal of inflicting mass devastation with its resulting widespread media coverage. However, al-Qaida is likely to continue to rely on the Internet to spread its message, said Cilluffo, who runs the Homeland Security Policy Institute at George Washington University. Officials also predict that domestic terrorists in the forms of radical animal rights and environmental extremists will become more adept with explosives and increase their use of arson attacks. From rforno at infowarrior.org Sat Dec 27 20:37:46 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 27 Dec 2008 15:37:46 -0500 Subject: [Infowarrior] - Motion made to televise RIAA proceedings Message-ID: http://recordingindustryvspeople.blogspot.com/2008_12_01_archive.html#4869726205727420719 Defendant makes motion for proceedings to be televised over the internet in SONY BMG Music Entertainment v. Tenenbaum In SONY BMG Music Entertainment v. Tenenbaum, the defendant has moved for all court proceedings to be televised over the internet through Courtroom View Network. The motion argues: Information is the currency of democracy, sunshine laws open government. The federal court is open not only as a court of justice but a forum of civic education. WE the PEOPLE are the ultimate check in our constitutional system of checks and balances, we the people of the integrated media space opened and connected by the net in a public domain. Net access will allow an intelligent public domain to shape itself by attending and engaging in a public trial of issues conflicting our society. Net access to this litigation will allow an interested and growingly sophisticated public to understand the RIAA?s education campaign. Surely education is the purpose of the Digital Deterrence Act of 1999, the constitutionality of which we are challenging. How can RIAA object? Yet they do, fear of sunlight shone upon them. Net access will allow demonstration by the parties to the jury of the nature and context of the copyright infringement with which Joel Tenenbaum is charged. Net access will allow an intelligent public domain to shape itself by attending and engaging a public trial prosecuted by a dying CD industry against a defendant who did what comes naturally to digital kids. Net access will allow educational and public media institutions to build a digital archive and resource for understanding law akin to Jonathan Harr?s A Civil Action reconceived in execution for legal pedagogy in a digital age, Another Civil Action. The immediacy of net- based access to court opinions already allows lawyers, professors, students, and reporters to better keep abreast of the most recent legal developments, but none with the immediacy the Net allows. If the motion is granted, it will be the first RIAA case of which we are aware to be televised. From rforno at infowarrior.org Mon Dec 29 04:20:17 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 28 Dec 2008 23:20:17 -0500 Subject: [Infowarrior] - Matt Blaze on NSA surveillance Message-ID: <3A369C66-FC11-4210-BA27-7D9C3D5CB5F8@infowarrior.org> The Metadata is the Message Did the NSA's Warrantless Wiretap Program include large-scale domestic surveillance? http://www.crypto.com/blog/metatapping/ Bell System Secrecy of Communications poster Warrantless wiretapping is back in the news, thanks largely to Michael Isikoff's cover piece in the December 22 issue of Newsweek. We now know that the principal source for James Risen and Eric Lichtblau's Pulitzer Prize winning article that broke the story three years ago in the New York Times was a Justice department official named Thomas M. Tamm. Most of the current attention, naturally, has focused on Tamm and on whether, as Newsweek's tagline put it, he's "a hero or a criminal". Having never in my life faced an ethical dilemma on the magnitude of Tamm's -- weighing betrayal of one trust against the service of another -- I can't help but wonder what I'd have done in his shoes. Whistleblowing is inherently difficult, morally ambiguous territory. At best there are murky shades of gray, inevitably viewed through the myopic lenses of individual loyalties, fears, and ambitions, to say nothing of the prospect of life-altering consequences that might accompany exposure. Coupled with the high stakes of national security and civil liberties, it's hard not to think about Tamm in the context of another famously anonymous source, the late Mark Felt (known to a generation only as Watergate's "Deep Throat"). But an even more interesting revelation -- one ultimately far more troubling -- can be found in a regrettably less prominent sidebar to the main Newsweek story, entitled "Now we know what the battle was about", by Daniel Klaidman. Put together with other reports about the program, it lends considerable credence to claims that telephone companies (including my alma matter AT&T) provided the NSA with wholesale access to purely domestic calling records, on a scale beyond what has been previously acknowledged. The sidebar casts new light on one of the more dramatic episodes to leak out of Washington in recent memory; quoting Newsweek: It is one of the darkly iconic scenes of the Bush Administration. In March 2004, two of the president's most senior advisers rushed to a Washington hospital room where they confronted a bedridden John Ashcroft. White House chief of staff Andy Card and counsel Alberto Gonzales pressured the attorney general to renew a massive domestic- spying program that would lapse in a matter of days. But others hurried to the hospital room, too. Ashcroft's deputy, James Comey, later joined by FBI Director Robert Mueller, stood over Ashcroft's bed to make sure the White House aides didn't coax their drugged and bleary colleague into signing something unwittingly. The attorney general, sick and pain-racked from a rare pancreatic disease, rose up from his bed, gathering what little strength he had, and firmly told the president's emissaries that he would not sign their papers. White House hard-liners would make one more effort -- getting the president to recertify the program on his own, relying on his powers as commander in chief. But in the end, with an election looming and the entire political leadership of the Justice Department poised to resign rather than carry out orders they thought to be illegal, Bush backed down. The rebels prevailed. Like most people, I had assumed that the incident concerned the NSA's interception (without the benefit of court warrants) of the contents of telephone and Internet traffic between the US and foreign targets. That program is at best a legal gray area, the subject of several lawsuits, and the impetus behind Congress' recent (and I think quite ill-advised) retroactive grant of immunity to telephone companies that provided the government with access without proper legal authority. But that, apparently, wasn't was this was about at all. Instead, again quoting Newsweek: Two knowledgeable sources tell NEWSWEEK that the clash erupted over a part of Bush's espionage program that had nothing to do with the wiretapping of individual suspects. Rather, Comey and others threatened to resign because of the vast and indiscriminate collection of communications data. These sources, who asked not to be named discussing intelligence matters, describe a system in which the National Security Agency, with cooperation from some of the country's largest telecommunications companies, was able to vacuum up the records of calls and e-mails of tens of millions of average Americans between September 2001 and March 2004. The program's classified code name was "Stellar Wind," though when officials needed to refer to it on the phone, they called it "SW." (The NSA says it has "no information or comment"; a Justice Department spokesman also declined to comment.) While it may seem on the surface to involve little more than arcane and legalistic hairsplitting, that the battle was about records rather than content is actually quite surprising. And it raises new -- and rather disturbing -- questions about the nature of the wiretapping program, and especially about the extent of its reach into the domestic communications of innocent Americans. The issue has to do with a peculiarity of US surveillance law. There are generally stricter requirements for wiretaps that intercept call content than for those that record only transactional data (who called whom and when). The legal rationale for this distinction is complex but has its origins in how wireline telephones worked and were used in the last century. There is a theory that while a telephone call's audio is intended only for other party, the numbers dialed have already been given voluntarily to a third party -- the phone company -- and thus are legally less "private". And there is a basic assumption about the kinds of privacy we value most. Being listened in on has been thought to be inherently more invasive than having one's calling records examined. So the government can obtain transactional records relatively easily, under a lower legal standard than what is required for a full content tap. Modern computing and communications technology may make these assumptions less valid than they were when the legal theories of wiretapping were developed. As electronic communication pervades more of our daily lives, transaction records -- metadata -- can reveal quite a bit about us, indeed often much more than a few out-of-context conversations might. Aggregated into databases with other people's records (or perhaps everyone's records) and analyzed by powerful software, metadata by itself can paint a remarkably detailed picture of connections, relationships, and other patterns that could never be recovered simply from listening to the conversations themselves. Metadata can also be analyzed retrospectively, since calling records are now kept by phone companies for every customer, not just the suspects. And the very distinction between content and metadata defies easy translation into the Internet, where whether something is content or not can depend entirely on where in the network the question is being asked. But that's beside the point here. Rightly or wrongly, current law treats metadata differently from content. In particular, it's legally simpler under the Foreign Intelligence Surveillance Act (FISA) for the government to obtain telephone records than it is to intercept actual telephone call audio. All that is required, in general, is an assertion that the specific records involved are likely to be germane to a investigation, a relatively undemanding standard to meet. Content taps, on the other hand, require evidence of probable cause and are subject to more judicial scrutiny. So how could it have been on that night in 2004 that these officials were comfortable with the legality of intercepting trans-border call content without a FISA warrant -- something apparently expressly forbidden under the law -- and yet drew the line when it came to collecting call records? That would seem, based on longstanding principles of surveillance law, to get it backwards. What kind of records could have provoked such a reaction, and did their collection and use violate the privacy of ordinary Americans in ways that go beyond what is already known about the program? The Newsweek sidebar raises more questions than it answers here, but piecing together various details from previous reports about the program suggests likely possibilities. NSA mining of traffic metadata obtained directly from US telephone switches appears to have first been reported by the New York Times in December, 2005 (two weeks after they broke the story of the wiretap program itself). However, that article focused primarily on trans- border traffic on switches at the edge of the US, the very same traffic from which call audio was also being intercepted. So it seems unlikely that collecting call records exclusively from those switches would raise special concerns for officials who believed that they were permitted to collect the content without warrants. Two years later, in 2007, the Times reported that the FBI had been asking US telephone companies for extended "community of interest" data about various terrorism suspects. That is, the FBI obtained not just calling records of their suspects, but also the calling patters of everyone they communicated with, even those not suspected of wrongdoing. However, there are several differences between the kind of large-scale metadata collection suggested by Newsweek and the FBI program described by the Times. In the Times article, the FBI used secret "National Security Letters" to obtain data from telephone companies about the communities of specific targets, which implies a more limited scope, involving far fewer people's records, than an NSA program of the kind described by Newsweek would have had. However, still another Times piece, written by John Markoff in 2006, reported that law enforcement officers with subpoenas were sometimes been given restricted access to data mining software on AT&T's Daytona database of domestic and international call records. And an article by Leslie Cauley in USA Today later that year suggested that the NSA was mining domestic call detail records provided by several carriers. More specifically, the Electronic Frontier Foundation has alleged in a lawsuit that the NSA had been given relatively unrestricted access, without subpoenas, to all or most of the AT&T Daytona database as part of the warrantless wiretap program, Notably, the large-scale domestic metadata collection that made Comey and Mueller so uneasy is strikingly consistent with the 2006 news reports and the EFF lawsuit's claims about NSA access to Daytona, since AT&T's call database captures a substantial fraction of US citizens' domestic, and not just international, traffic. If the NSA made use of unrestricted access to this database (and perhaps of analogous databases maintained by other carriers), this would be cause for precisely the kinds of legal concerns described by Newsweek. While the law puts fewer restrictions on metadata collection than on content tapping, it still requires that records requests be focused on specific targets, and definitely does not allow the NSA to have wholesale access to databases of every telephone user's domestic calls. If this was indeed what was going on -- and the recent Newsweek sidebar seems to corroborate it -- it would represent a much more invasive reach into the private lives of innocent Americans by the NSA than previous reports about the program have been able to confirm. And if AT&T really provided the government with sweeping access to the calling records of all its customers, that would be a huge personal disappointment -- not only a violation of the law, but a betrayal of the fundamental privacy values instilled into me from my very first day at Bell Labs, and that, I had genuinely believed, were embedded in the core of the company's culture. So I hope I'm wrong. But the very least, the Newsweek piece underscores the importance of investigating just what happened. We all deserve to know. From rforno at infowarrior.org Mon Dec 29 14:53:19 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Dec 2008 09:53:19 -0500 Subject: [Infowarrior] - Giant US air travel data suck fails own privacy tests Message-ID: http://www.theregister.co.uk/2008/12/29/dhs_pnr_privacy_report/ Giant US air travel data suck fails own privacy tests By John Lettice ? Posted in Government, 29th December 2008 11:22 GMT A US Department of Homeland Security privacy report published earlier this month reveals that the DHS remains in violation of both US law and the DHS-EU agreement on the handling of Passenger Name Record (PNR) data. The report itself claims that the DHS is in compliance on both counts, but according to the Identity Project, it "contains multiple admissions that support exactly the opposite conclusion." For several years now the DHS has forced airlines carrying passengers to the US to collect and hand over PNR data for screening purposes prior to flights. Data collected within the EU is subject to EU data protection legislation, and its handover is permitted - subject to "safeguards" - under the DHS-EU agreement of 2007. The operation of this is subject to joint reviews of compliance, although none has so far been conducted, while the US end of the deal (covering PNR data in general) is subject to US review, where the US Privacy Act applies. The outcome of this, paradoxically, is that the supposedly tougher EU privacy regime is in this case more relaxed than the US one. The DHS- EU agreement allows the DHS to retain EU passenger data for a period, while the Identity Project doubts that there is any legal basis for US Customs and Border Protection (CBP) to retain the Automated Targeting System Passenger (ATS-P) database which contains the PNR data at all. The Project notes that the DHS report concedes that subject requests for PNR data have typically taken more than a year to answer, far more than required by the Privacy Act and Freedom of Information Act, that responses have been inconsistent or inadequate, and inconsistently censored. Data sourced from the EU, the US and elsewhere is also mixed in the system with no clear way to establish its origins and, therefore, the data protection regime(s) that should apply. According to the DHS, ATS-P aids CBP officers "in frustrating the ability of terrorists to gain entry into the United States, enforcing all import and export laws, and facilitating legitimate trade and travel across our borders." According to the EU's Fundamental Rights Agency, which was asked in September for an opinion on the transfer of PNR data for law enforcement purposes, "data transfers to third countries are only possible if an adequate level of protection of PNR data is ensured and monitored in the recipient country." As of next month, the US is scheduled to escalate its data-sucking activities further, with the introduction of ESTA, Electronic System for Travel Authorization. This obliges would-be travellers to supply data direct to the DHS in order to obtain a 'clear to fly' authorisation prior to take-off, although airlines still appear to be collecting extensive PNR data from them anyway. ? From rforno at infowarrior.org Mon Dec 29 15:43:41 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Dec 2008 10:43:41 -0500 Subject: [Infowarrior] - Microsoft outlines pay-per-use PC vision Message-ID: December 29, 2008 6:00 AM PST Microsoft outlines pay-per-use PC vision Microsoft has applied for a patent on metered, pay-as-you-go computing. U.S. patent application number 20080319910, published on Christmas Day, details Microsoft's vision of a situation where a "standard model" of PC is given away or heavily subsidized by someone in the supply chain. The end user then pays to use the computer, with charges based on both the length of usage time and the performance levels utilized, along with a "one-time charge." Microsoft notes in the application that the end user could end up paying more for the computer, compared with the one-off cost entailed in the existing PC business model, but argues the user would benefit by having a PC with an extended "useful life." "A computer with scalable performance level components and selectable software and service options has a user interface that allows individual performance levels to be selected," reads the patent application's abstract. The patent application was filed June 21, 2007. "The scalable performance level components may include a processor, memory, graphics controller, etc. Software and services may include word processing, email, browsing, database access, etc. To support a pay-per-use business model, each selectable item may have a cost associated with it, allowing a user to pay for the services actually selected and that presumably correspond to the task or tasks being performed," the abstract continues. Integral to Microsoft's vision is a security module, embedded in the PC, that would effectively lock the PC to a certain supplier. "The metering agents and specific elements of the security module...allow an underwriter in the supply chain to confidently supply a computer at little or no upfront cost to a user or business, aware that their investment is protected and that the scalable performance capabilities generate revenue commensurate with actual performance level settings and usage," the application reads. < - > http://news.cnet.com/8301-1001_3-10129438-92.html?part=rss&subj=news&tag=2547-1_3-0-20 From rforno at infowarrior.org Mon Dec 29 17:22:50 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Dec 2008 12:22:50 -0500 Subject: [Infowarrior] - RIAA's Thomas Appeal Denied Message-ID: <4DFB9763-81D6-4AC3-BA10-D1A1A9AA799F@infowarrior.org> RIAA Thomas Appeal Denied; Retrial Likely to Set New Copyright Infringement Course By David Kravets EmailDecember 28, 2008 | 1:36:49 AMCategories: RIAA Litigation http://blog.wired.com/27bstroke6/2008/12/judge-denies-ri.html A federal judge is denying the Recording Industry Association of America's request to appeal his decision granting a retrial in the RIAA's only file sharing case to go to trial. U.S. District Judge Michael Davis of Minnesota declared a mistrial in the Jammie Thomas case months ago and nullified the jury's $222,000 award against the Minnesota woman for sharing 24 songs on the Kazaa network. The judge declared a mistrial a year following the 2007 trial after concluding that making available copyrighted songs for download on a peer-to-peer networks did not amount to copyright infringement, as he erroneously instructed the jury. The RIAA sought permission to appeal, a decision the judge has now rejected (.pdf) for the same reason he declared a mistrial. Davis said "actual" distribution of copyrighted music must be shown -- meaning that the RIAA must prove that others are downloading the music being shared. The RIAA said it was virtually impossible to detect whether people were downloading music from an open peer-to-peer share folder on Kazaa, Limewire or other sharing services. A Thomas retrial is scheduled for March 9. Appeals of mistrials normally require the trial judge's approval. The case may not seem important given the RIAA's announcement two weeks ago that it would refrain from filing new cases. The RIAA announced that, instead, it would partner with internet service providers to shut off internet service to repeat copyright scofflaws the RIAA detects sharing music online. And it announced it would continue with cases still in the "pipeline." But as we pointed out last week, the so-called "making available" argument in the Thomas case is the same legal position the RIAA is taking under its new approach. For the new campaign, internet subscribers who RIAA detectives discover "making available" songs on peer-to-peer networks three times could have their internet access discontinued. The RIAA has sued more than 30,000 people in five years, all on the basis of "making available" copyrighted music on the internet for others to download. During that five-year campaign, judges have issued conflicting opinions on whether "actual" distribution or "making available" was the standard to prove copyright infringement in an online world. Most of the RIAA's cases settled out of court for a few thousand dollars -- meaning the Jammie Thomas retrial is perhaps shaping up to be a test case for the RIAA's new copyright strategy. The test likely won't come at trial, but in an appeal of the second trial's outcome as neither the appellate courts nor the U.S. Supreme Court has squarely ruled on the issue. From rforno at infowarrior.org Mon Dec 29 20:37:39 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Dec 2008 15:37:39 -0500 Subject: [Infowarrior] - Gov Secrecy: Classic and Contemporary Readings Message-ID: http://lu.com/showbook.cfm?isbn=9781591586906 Government Secrecy Classic and Contemporary Readings Maret, Susan L. | Goldman, Jan Price: $65.00 ISBN13: 9781591586906 ISBN10: 1591586909 Book code: LU8690 Libraries Unlimited Paperback | 820 pages DOI: 10.1336/1591586909 Publication Date: 12/30/2008 DESCRIPTION Government Secrecy presents the best that has been thought and written on the subject, including history and philosophy, theory and practice, justification and critique. Through readings, which range from Georg Simmel on secrecy and Max Weber on bureaucracy and secret-keeping, to post-9/11 concerns regarding freedom of information and presidential secrecy, it enables readers to explore the issues and questions that surround the government's right to keep necessary secrets--or not. This collection, and the diverse perspectives it represents, will engage students and other interested parties in a discussion of the benefits--and dangers--of government secrecy. The collection is designed to generate questions regarding historical accuracy of government information, information ethics, professional neutrality, ownership of information, public right to information, national security, and transparency. The essays explore the criteria and conditions for government secret-keeping, as well as contributing to public and academic discussion of the role of secrets in democracies. CONTENTS Foreword by Steven Aftergood, Project on Government Secrecy, Federation of American Scientists Acknowledgments Introduction Chapter 1: Perspectives on Secrecy Chapter 2: A Short History of Government Secrecy Chapter 3: Secrecy as Regulation Chapter 4: Organizational Aspects of Secrecy Chapter 5: Necessary Secrets: Alternative Views on the Need for Secrets and Secret Keeping Chapter 6: The Uncertain Future of Information: Secrecy Post 9-11 Appendix A: Major Reviews of the Secrecy System Appendix B: Laws that Restrict Public Access to Federal Records Sources Glossary Further Reading Index DR. SUSAN L. MARET is a part-time faculty member in the Library and Information Sciences Program at San Jose State University. Before completing her PhD in Critical and Information Studies from The Union Institute and University in 2002, she worked as an academic and government documents librarian. She holds an MLS degree from the University of Arizona and is the author of numerous books, website and database reviews, and On Their Own Terms: A Lexicon with an Emphasis on Information-Related Terms Produced by the U.S. Federal Government, located at the Federation of American Scientists Website (http://www.fas.org/sgp/library/maret.pdf ). DR. JAN GOLDMAN joined the National Defense Intelligence College as a professor where he teaches intelligence courses in strategic warning, threat management and ethics. He has been working in the Intelligence Community for over 25 years. He has written or edited numerous articles and publications including Words of Intelligence: A Dictionary (2006) http://lu.com/showbook.cfm?isbn=9781591586906 From rforno at infowarrior.org Tue Dec 30 02:54:46 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 29 Dec 2008 21:54:46 -0500 Subject: [Infowarrior] - FBI issues code cracking challenge Message-ID: <570FD186-985C-41E6-96D5-F1D4B95CA416@infowarrior.org> FBI issues code cracking challenge By Layer 8 on Mon, 12/29/2008 - 12:35pm. http://www.networkworld.com/community/node/36704 The FBI today challenged anyone in the online community to break a cipher code on its site. The code was created by FBI cryptanalysts. The bureau invited hackers to a similar code-cracking challenge last year and got tens of thousands of responses it said. A number of sites host such cipher challenges, including this one at the University of South Hampton. The FBI offers a few primers on the subject including: A relatively basic form of substitution cipher is the Caesar Cipher, named for its Roman origins. The Caesar Cipher involves writing two alphabets, one above the other. The lower alphabet is shifted by one or more characters to the right or left and is used as the cipher text to represent the plain text letter in the alphabet above it. Plain Text A B C D E F G H I J K L M N O P Q R S T U V W X Y Z Cipher Text B C D E F G H I J K L M N O P Q R S T U V W X Y Z A In this example, the plain text K is enciphered with the cipher text L. The phrase 'Lucky Dog' would be enciphered as follows: Plain Text: L U C K Y D O G Cipher Text: M V D L Z E P H Ciphers can be made more secure by using a keyword to scramble one of the alphabets. Keywords can be placed in the plain text, the cipher text, or both, and any word can be used as a key if repeated letters are dropped. Here the word SECRETLY (minus the second E) is used as the plain text keyword. Plain Text S E C R T L Y A B D F G H I J K M N O P Q U V W X Z Cipher Text A B C D E F G H I J K L M N O P Q R S T U V W X Y Z The FBI of course doesn't always invite folks to break code on its site. In fact last spring a consultant managed to access the bureau's National Crime Information Center database. From rforno at infowarrior.org Tue Dec 30 15:30:47 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Dec 2008 10:30:47 -0500 Subject: [Infowarrior] - .Major break in MD5 signed x.509 certificates Message-ID: <616E42BA-EFC7-4F6C-AC05-FBBC816B838A@infowarrior.org> Major break in MD5 signed x.509 certificates http://www.veracode.com/blog/2008/12/major-break-in-md5-signed-x509-certificates/ by Chris Wysopal December 30, 2008 Jacob Appelbaum and Alexander Sotirov just gave a presentation at the Chaos Communications Congress in Germany. They have implemented a practical MD5 collision attack on x.509 certificates. All major browsers accept MD5 signatures on certs even though it has been shown to have the collision problem for almost 2 years now. If you can generate your own x.509 certificates you can perform perfect MITM attacks on SSL. They went one better and generated an intermediate certificate authority certificate so they could sign their own certificates. This way they only need to do the attack once and can create as many valid certificates as they want. 6 Certificate Authorities are still using MD5 signing: RapidSSL, FreeSSL, TrustCenter, RSA Data Security, Thawte, verisign.co.jp. They are not going to be happy about this new attack. They decided to target RapidSSL because they were able to better predict some of the certificate fields (serial number and time) because of the way RapidSSL issues the certificates. They were able to perform the computations required with 200 Playstation 3s over 1-2 days. Its estimated to be the same as 8000 Intel cores or $20,000 on Amazon EC2. They ask the question, ?Can we trust anything signed with a cert issued by a CA that signed with MD5 signatures in the last couple of years?? The effected CAs have been notified and are going to switch to SHA-1. They also ask the question, ?Why did it take an implemented attack to get the CAs to switch to SHA-1?? After all the attack has been known for almost 2 years now. We used the slogan, ?Making the theoretical practical since 1992? at L0pht Heavy Industries to highlight the need to implement attacks to get some organizations to improve the security of the implement. It is a bit sad to see that in 2008 demonstration is still necessary. The researchers were worried about reprecussions by the CAs that might want to gag them. They had Mozilla and Microsoft sign NDAs that they wouldn?t tell the CAs about the problem until they could give their presentation. They think researchers should consider NDAs with vendors for protection. You can see a demo of their forged cert here: https://i.broke.the.internet.and.all.i.got.was.this.t-shirt.phreedom.org/ They purposely dated the cert to expire on 9/1/2004 so you need to back date your machine for it to be validated properly. From rforno at infowarrior.org Wed Dec 31 01:03:47 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Dec 2008 20:03:47 -0500 Subject: [Infowarrior] - Creating a rogue CA certificate Message-ID: <72C5B7B5-883A-44DC-9F21-ADF66618F7F7@infowarrior.org> http://www.win.tue.nl/hashclash/rogue-ca/ December 30, 2008 MD5 considered harmful today Creating a rogue CA certificate Alexander Sotirov, Marc Stevens, Jacob Appelbaum, Arjen Lenstra, David Molnar, Dag Arne Osvik, Benne de Weger Summary We have identified a vulnerability in the Internet Public Key Infrastructure (PKI) used to issue digital certificates for secure websites. As a proof of concept we executed a practical attack scenario and successfully created a rogue Certification Authority (CA) certificate trusted by all common web browsers. This certificate allows us to impersonate any website on the Internet, including banking and e-commerce sites secured using the HTTPS protocol. Our attack takes advantage of a weakness in the MD5 cryptographic hash function that allows the construction of different messages with the same MD5 hash. This is known as an MD5 "collision". Previous work on MD5 collisions between 2004 and 2007 showed that the use of this hash function in digital signatures can lead to theoretical attack scenarios. Our current work proves that at least one attack scenario can be exploited in practice, thus exposing the security infrastructure of the web to realistic threats. As a result of this successfull attack, we are currently in possession of a rogue Certification Authority certificate. This certificate will be accepted as valid and trusted by all common browsers, because it appears to be signed by one of the root CAs that browsers trust by default. In turn, any website certificate signed by our rogue CA will be trusted as well. If an unsuspecting user is a victim of a man-in- the-middle attack using such a certificate, they will be assured that the connection is secure through all common security indicators: a "https:// " url in the address bar, a closed padlock and messages such as "This certificate is OK" if they chose to inspect the certificate. This successful proof of concept shows that the certificate validation performed by browsers can be subverted and malicious attackers might be able to monitor or tamper with data sent to secure websites. Banking and e-commerce sites are particularly at risk because of the high value of the information secured with HTTPS on those sites. With a rogue CA certificate, attackers would be able to execute practically undetectable phishing attacks against such sites. The infrastructure of Certification Authorities is meant to prevent exactly this type of attack. Our work shows that known weaknesses in the MD5 hash function can be exploited in realistic attack, due to the fact that even after years of warnings about the lack of security of MD5, some root CAs are still using this broken hash function. The vulnerability we expose is not in the SSL protocol or the web servers and browsers that implement it, but in the Public Key Infrastructure. This infrastructure has applications in other areas than the web, but we have not investigated all other possible attack scenarios. So other attack scenarios beyond the web are conceivable, such as in the areas of code signing, e-mail security, and in other areas that use certificates for enabling digital signatures or public key encryption. The rest of this document will explain our work and its implications in a fair amount of detail. In the interest of protecting the Internet against malicious attacks using our technique, we have omitted the critical details of our sophisticated and highly optimized method for computing MD5 collisions. A scientific paper about our method is in preparation and will be released after a few months, so that the affected Certification Authorities have had some time to remedy this vulnerability. < - > http://www.win.tue.nl/hashclash/rogue-ca/ From rforno at infowarrior.org Wed Dec 31 01:51:21 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Dec 2008 20:51:21 -0500 Subject: [Infowarrior] - DARPA Unveils Cyber Warfare Range Message-ID: DARPA Unveils Cyber Warfare Range http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=defense&id=news/DARP12308.xml&headline=DARPA%20Unveils%20Cyber%20Warfare%20Range Dec 30, 2008 By David A. Fulghum/AviationWeek.com Cyber weapon researchers worry that pieces of the digital warfare puzzle are still missing, in particular projection of new threats that foes may throw at the U.S. But U.S. Defense Department researchers may have an answer in the form of a new proving grounds of sorts. "Who's looking at what's coming next?" asks Rance Walleston, director of BAE Systems' Information Operations Initiative. "That's still weak." Already, "we are seeing the threats shifting," says Aaron Penkacik, director of BAE Systems' Collaborative Technology Alliance that works with small companies and universities around the world to create and developed specialized materials and technologies. "As you go into a new theater of operations, you see [advanced communications and new uses for networks] pop-up everywhere. The threat is there, ad-hoc, undefined and asymmetric. So you have to stand up your capability quickly to defend and fight your networks." The BAE executive says the ramifications are already playing out in real ways. "It's changing the way we think about deploying software- defined radios," he says by way of example. "We're using common modules that have software functions that are adaptable in real time as the threat changes." And today, as there are specialized test ranges for all types of radars and weapons, the Defense Advanced Research Projects Agency (DARPA) has funded a new program called the National Cyber Range. So far they've awarded a six-month, paid proposal phase contract to a number of contractors. "They're going to build an environment where we can play around and begin looking at 'anticipated' problems," Walleston says. "What's they're saying is that we need the equivalent of a White Sands [Missile Range] for cyber war. We have bits and pieces of range all over the place, but nothing definitive. This will be [the premier] cyber range where you can bring all your tools and techniques and try them out in an environment that closely resembles the real world." So what are the basic requirements for a cyber warfare range? "We want to change cyber attack from an art to a science," Walleston says. "You need [lots of] real estate, isolation and an infrastructure that can be attacked and that will record precisely the results. Isolation is a big deal because that's the only way you can determine if some software agent you built works. "It's hard to know what you are actually going to get from a test in a laboratory against five computers when the capability you need has to function against five million computers," he continues. "There's nowhere to test that, so DARPA's trying to put together a range with fidelity in many dimensions ? such as the number and types of nodes and how they're connected ? so that you can accurately determine the effectiveness of some tool. The real trick will be how quickly you can upgrade the range to deal with changing threats." Photo: Wikipedia From rforno at infowarrior.org Wed Dec 31 03:22:00 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 30 Dec 2008 22:22:00 -0500 Subject: [Infowarrior] - Who Leaked Windows 7? Message-ID: <6EB5DF3D-76B4-46B4-A166-A94C26858B52@infowarrior.org> December 30, 2008 8:50 PM Who Leaked Windows 7? http://www.microsoft-watch.com/content/windows_7/who_leaked_windows_7.html News Commentary. BitTorrent brought the Christmas present Santa didn't: Leaked build of Windows 7, which official Beta 1 release is perhaps days away. Was this a craftily-timed Microsoft marketing leak? I sure as hell think so. It's certainly what I would do if I worked at Microsoft on Windows evangelism. The timing is perfect, from a marketing perspective. The leaked build hit BitTorrent sometime on Saturday, right after Christmas when the Windows geeks had nothing better to do and bloggers and journalists had nothing better to write about. The leaked build is designated "7000," which strongly suggests that the code is the same as forthcoming Beta 1, or close to it. The slowest news week of the year is going on right now. Everybody and anybody is writing year-end reviews and making stupid predictions about 2009. It's not because they care so much about the past or the future. They don't have much to write about now, because most tech companies are closed or running minimal staffs. Meanwhile, the big announcements are being saved for Macworld Expo (Jan. 5-9) and the Consumer Electronics Show (Jan. 8-11). What perfect timing to create buzz for Seven? Windows beta leaks used to be fairly common, but Microsoft has clamped down on them under the tenure of Steven Sinofsky, senior vice president of the Windows and Windows Live Engineering Group. This leak is surprising because of Steven's record managing Office development: Few leaks. Heck, were there any? Something else: Microsoft doesn't seem all the rattled by the leak. That reaction, or lack of it, is inconsistent with Steven's past no- leak management style. I called Microsoft's PR agency for confirmation and got this statement in response: "It is part of our normal testing process for testers to receive regular builds; however, the Windows 7 public beta is still expected in early 2009." That statement could be construed as meaning the leak came from outside Microsoft. It's unusual for a Microsoft statement to make such a veiled accusation. But it makes sense as deflection from the real source, meaning Microsoft. I'm not being critical here, as some Microsoft Watch commenters will surely claim. It's rather smart marketing. Microsoft fills a big news void with something bloggers and journalists will write about. The suspense of stealth downloads from torrents and races to post the best screenshots first make the Windows 7 leak buzz all the more exciting. For other people, there is delight in seeing Microsoft squirm because Seven leaked early. Not that I see much squirming going on. If Microsoft didn't leak the build, forshame! If this is a real leak, how undeserving is Microsoft of the timing. Because the marketing benefits are immeasurable, given how much buzz there is out there. Google news search shows a couple hundred stories related to Windows 7 Beta 1. If someone on Steven's team didn't leak this Seven build, they should have. The leak lets Microsoft get in front of Apple. In a strange turnabout, Macworld comes before CES this year. Usually CES is earlier. Microsoft knows that Apple is prepping Snow Leopard?and quite possibly for early year release. The economy gives Apple good reason to formerly unveil Snow Leopard next week and set a release date by end of March. Software is a big-margin item in a slow-sales economy. Scenario is set where next version of Mac OS X would grab big headlines and eclipse Windows 7, which I do expect Microsoft to present for public beta during CES. The leak puts Windows 7 news in front of and behind Snow Leopard. In military tactics, a flank maneuver gives an attacker superior position by surrounding an opponent on two or more sides. Marketers use flanking, too. Looked at one way, Snow Leopard could steal all the buzz, because of timing and its presumed development status: Nearly done. By comparison, Windows 7 Build 7000 doesn't visually appear much different from the Pre-Beta software distributed during PDC. If the code is same as Beta 1, then the public testing software wouldn't be feature complete. So Microsoft conceptually would be stacking up its work-in-progress against Apple's masterpiece. If Snow Leopard turns out to be a work incomplete, Apple is super hush- hush about software development. That's good for Microsoft, which could turn its work in progress into marketing gold. There's the leak for bloggers, journalists and enthusiasts writing on forums to chatter about now. Then comes the official public beta and the development process that follows. The leak is opportunity, whether by design or chance, for Microsoft to seize the marketing messaging and push it hard. It has been a long time since Microsoft has had any positive buzz about a new Windows version. Seven made a solid debut at Microsoft's Professional Developer Conference in late October. But Apple and Microsoft are about to enter their fiercest mindshare competition since 2001, when Mac OS X 10.1 and Windows XP shipped in the same year. I expect Mac OS X 10.6 and Windows 7 to ship within a few months of another?at most. The leaked build is for the "Ultimate" version, but 32-bit only; not 64-bit. For Windows Vista betas, Microsoft also distributed the Ultimate version. The 64-bit support will be one area where Apple and Microsoft will compete to create perceptions their OS is better. The leak also helps Microsoft set expectations about Beta 1. People writing about the leaked build are reporting some user interface niceties, modest performance improvements, but no shocking changes from Windows Vista. That said, the leaked software does pack some of the visual eye candy demonstrated at PDC, including new Mac OS X-like taskbar; "Aero Peek" for looking under Windows; and new themes chooser. With New Years coming, enthusiasts will have more time to uncover features, and the slow news cycle will give bloggers and journalists more reason to follow-up early perceptions with more information about the software. For Microsoft, it's all free marketing. Enthusiasts are the best marketers, and they're certainly babbling about Seven. From rforno at infowarrior.org Wed Dec 31 14:29:10 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 31 Dec 2008 09:29:10 -0500 Subject: [Infowarrior] - FCC nixes MPAA bid for selectable output control Message-ID: <3AF6A3C2-7320-476E-853D-D3B78E1AE244@infowarrior.org> FCC chair nixes MPAA bid for selectable output control By Matthew Lasar | Published: December 30, 2008 - 10:49PM CT http://arstechnica.com/news.ars/post/20081230-fccs-martin-nixes-mpaa-bid-on-selectable-output-control.html The holidays have been good for Hollywood, Reuters news reports, with sentimental pooch stories like Marley & Me boosting box office Christmas day receipts up $10 million from last year. But there's a lump of coal in the movie industry's stocking where its advocates had hoped for a gift from the Federal Communications Commission. FCC Chair Kevin Martin says he won't back the Motion Picture Association of America's request for a waiver on the agency's ban on selectively blocking video outputs. "I'm not supportive of moving forward with this MPAA proposal at this time," Martin told reporters at a press conference on Tuesday. When Ars asked if the issue is now tabled for the Obama administration's FCC, the outgoing boss replied in the affirmative. "If another Commission" wants to deal with the question, "they will be able to, obviously, but I'm not supportive of it," he said. We need protection As Ars has reported, in early June the MPAA filed a request for FCC permission to work with cable and satellite video providers in order to hobble analog output of pre-DVD release movies in favor of "secure and protected digital outputs." Current agency policy forbids so- called "selectable output control" use limiting either analog or digital transmission. MPAA argues that analog streams are insecure. They "either lack, or can easily be stripped of, protection measures," in the organization's words, and broadcast over them will "facilitate the illegal copying and redistribution of this high value content, causing untold damage to the DVD and other 'downstream' markets." The MPAA contends that relaxing SOC rules will allow the studios to release movies over cable and satellite prior to their DVD release without fear of copyright infringement. "At least some segment of nearly every demographic would find this option attractive when unable to go to the movie theater," the trade group's Petition for Expedited Special Relief contended. "For example, physically challenged or elderly consumers who have limited mobility would have greater choice in movie viewing options. It would similarly benefit parents who want to see a new movie, but who cannot find or afford a babysitter." MPAA filed the request on behalf of Paramount Pictures, Sony Pictures, Twentieth Century Fox, Universal City Studios, Walt Disney Studios, and Warner Brothers. But critics of the proposal say that consumers have the right to expect that their video-related devices will function as they did when they purchased them. The Consumer Electronics Association (CEA) and the advocacy group Public Knowledge?which seems to have Martin's ear these days?have argued that millions of applications could be affected by changing the FCC's SOC policy. "The MPAA has not demonstrated why it should be permitted to disable the features and functionality of a consumer's lawfully-purchased HDTV set," three CEA Vice Presidents told the FCC in November. Public Knowledge filed around the same time and argued that the disability count could get higher if you include DVRs "and other consumer electronics devices that rely on analog connections." These also will be "effectively turned off, even if the TVs also have digital inputs." Astonishing! MPAA has responded that SOC's detractors are living in the past. "At its core, the position of CEA is that technology should be frozen in time, and any new services that require advanced technology should be banned," the MPAA told Democratic Commissioner Jonathan Adelstein on November 25. "This position is quite astonishing, coming from an organization that in the past has advocated in favor of technological innovation." Martin says that initially he was sympathetic to MPAA's arguments. "I certainly am interested in taking advantage of technologies that would allow for consumers to be able to watch first run movies in their home, earlier," he explained. But in the end it looks like PK won the argument. "One of the issues that I certainly have pushed when I've been here at the Commission is that we should be able to have devices and they should should be able to be portable from network to network," Martin elaborated at today's conference. He cited the open device requirements in the recent 700MHz auction, wireless merger approvals, and set top box rule enforcements. "And I don't want to undermine any progress that we've tried to make on that. I was concerned about that and wasn't ready to move forward with it in light of some of the concerns that were raised by the public interest groups." The rest of today's press event focused on a variety of FCC-related loose ends that await Martin's successor. These include re-auctioning the agency's proposed public safety D Block, reform of the Universal Service Fund and intercarrier compensation rules, dealing with proposed fines against retailers for selling analog-only TVs without full disclosure, and resolving various cable carriage disputes?most notably the carriage fight between Comcast and the NFL Network. The agency could conceivably deal with some of these questions in the next few weeks, but that's not likely given the departure of Republican Commissioner Deborah Taylor Tate, which was announced at a brief Commission meeting held Tuesday morning. From rforno at infowarrior.org Wed Dec 31 14:31:09 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 31 Dec 2008 09:31:09 -0500 Subject: [Infowarrior] - 30GB Zunes failing globally due to software glitch Message-ID: <20E17B5E-215D-44D4-B69E-3B8B17698387@infowarrior.org> 30GB Zunes failing due to software glitch Tom Warren 58 minutes ago ? 28 comments & 618 views http://www.neowin.net/news/main/08/12/31/30gb-zunes-failing-due-to-software-glitch According to hundreds of reports from users worldwide, 30GB Zunes are freezing and locking up due to what appears to be a new years date bug. One poster summarized the issue on Microsoft's support forums, "At exactly 2am CDT (12am PDT), the docked Zune made the "unplugged from USB port" bong-noise and went to the boot-up screen with the 100% loading bar...and froze. At 2:30am CDT, I decided to check the other Zune. Turned it on and...frozen at the 100% loading screen." It appears as though only 30GB Zunes are currently affected and some reports indicate that only Zunes with the latest firmware are affected, but this hasn't yet been confirmed. Microsoft has not yet commented on the matter and is currently unavailable for comment due to time zone differences. From rforno at infowarrior.org Wed Dec 31 14:48:29 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 31 Dec 2008 09:48:29 -0500 Subject: [Infowarrior] - Viacom threatens withdraw from Time Warner Message-ID: <59AF7C2B-04E1-469B-9709-9C56B68B1929@infowarrior.org> http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123003496.html?hpid=sec-business 'Colbert,' 'SpongeBob' may go dark on Time Warner By RYAN NAKASHIMA The Associated Press Wednesday, December 31, 2008; 12:47 AM LOS ANGELES -- "SpongeBob SquarePants" may be getting squeezed off of Time Warner Cable. Media giant Viacom Inc. said its Nickelodeon, MTV, Comedy Central and 16 other channels will go dark on Time Warner Cable Inc. at 12:01 a.m. Thursday if a new carriage fee deal is not agreed upon by then. The impasse over carriage fee hikes would mean "SpongeBob" and other shows like "The Daily Show" will be cut off to 13 million subscribers, said spokesman Alex Dudley, a vice president at Time Warner Cable, the nation's second-largest cable operator. Viacom has asked for fee increases of between 22 percent and 36 percent per channel, an amount that could increase customers' cable bills, Dudley said. Viacom spokeswoman Kelly McAndrew said the requested increase was in the very low double-digit percentage range. "The issue is that they have asked for an exorbitant increase in their carriage fees and their network ratings are sagging," he said. "Basically we're trying to hold the line for our customer." Viacom said the increases would cost an extra 23 cents a month per subscriber _ which works out to $35.9 million more in total. It said that Americans spend a fifth of their TV time watching Viacom shows but its fees make up less than 2.5 percent of the Time Warner cable bill. "We make this request because Time Warner Cable has so greatly undervalued our channels for so long," it said. "Ultimately, however, if Nickelodeon, Comedy Central, MTV and the rest of our programming is discontinued _ over less than a penny per day _ we believe viewers will see this behavior by their cable company as outrageous," it said. Tense negotiations are continuing at the highest level, Dudley said. Viacom accused Time Warner Cable of not negotiating. "It is our sincere hope that they will come to the table and negotiate a deal," said McAndrew. The network operator also intends to tell viewers about the dispute in TV ads in 11 major markets. Part of the disagreement is that most of the popular shows are rerun on Web sites where Viacom collects advertising revenue that it does not share with Time Warner, Dudley said. "We don't think that's fair," he said. "They're trying to have their cake and eat it too online, where anybody can get it for free." Viacom has staked much of its revenue-growth prospects on its ability to extract higher carriage rates out of its cable and satellite affiliates despite an ad slowdown and weak ratings. In the third quarter, media network revenue, which accounts for about two-thirds of the total, grew 6 percent to $2.1 billion, despite global ad revenue falling 2 percent, largely because of double-digit percentage growth in affiliate fees and the success of its "Rock Band" video game. Viacom shares rose 69 cents, or 3.7 percent, to close at $19.26 on Tuesday, while Time Warner Cable shares added $1.56, or 7.7 percent, to $21.76. The channels that would be affected are: Comedy Central, CMT: Pure Country, Logo, Palladia, MTV, MTV 2, MTV Hits, MTV Jams, MTV Tr3s, Nickelodeon, Noggin, Nick 2, Nicktoons, Spike, The N, TV Land, VH1, VH1 Classic, and VH1 Soul. http://www.washingtonpost.com/wp-dyn/content/article/2008/12/30/AR2008123003496.html?hpid=sec-business