From rforno at infowarrior.org Tue Jul 1 12:33:49 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Jul 2008 08:33:49 -0400 Subject: [Infowarrior] - Inside NSA Red Team Secret Ops With Government's Top Hackers Message-ID: Inside NSA Red Team Secret Ops With Government's Top Hackers By Glenn Derene Published on: June 30, 2008 http://www.popularmechanics.com/technology/military_law/4270420.html?page=2A When it comes to the U.S. government?s computer security, we in the tech press have a habit of reporting only the bad news?for instance, last year?s hacks into Oak Ridge and Los Alamos National Labs, a break- in to an e-mail server used by Defense Secretary Robert Gates ... the list goes on and on. Frankly that?s because the good news is usually a bunch of nonevents: ?Hackers deterred by diligent software patching at the Army Corps of Engineers.? Not too exciting. So, in the world of IT security, it must seem that the villains outnumber the heroes?but there are some good-guy celebrities in the world of cyber security. In my years of reporting on the subject, I?ve often heard the National Security Agency?s red team referred to with a sense of breathless awe by security pros. These guys are purported to be just about the stealthiest, most skilled firewall-crackers in the game. Recently, I called up the secretive government agency and asked if it could offer up a top red teamer for an interview, and, surprisingly, the answer came back, ?Yes.? What are red teams, you ask? They?re sort of like the special forces units of the security industry?highly skilled teams that clients pay to break into the clients? own networks. These guys find the security flaws so they can be patched before someone with more nefarious plans sneaks in. The NSA has made plenty of news in the past few years for warrantless wiretapping and massive data-mining enterprises of questionable legality, but one of the agency?s primary functions is the protection of the military?s secure computer networks, and that?s where the red team comes in. In exchange for the interview, I agreed not to publish my source?s name. When I asked what I should call him, the best option I was offered was: ?An official within the National Security Agency?s Vulnerability Analysis and Operations Group.? So I?m just going to call him OWNSAVAOG for short. And I?ll try not to reveal any identifying details about the man whom I interviewed, except to say that his disciplined, military demeanor shares little in common with the popular conception of the flippant geek-for-hire familiar to all too many movie fans (Dr. McKittrick in WarGames) and code geeks (n00b script-kiddie h4x0r in leetspeak). So what exactly does the NSA?s red team actually do? They provide ?adversarial network services to the rest of the DOD,? says OWNSAVAOG. That means that ?customers? from the many branches of the Pentagon invite OWNSAVAOG and his crew to act like our country?s shadowy enemies (from the living-in-his-mother?s-basement code tinkerer to a ?well-funded hacker who has time and money to invest in the effort?), attempting to slip in unannounced and gain unauthorized access. These guys must conduct their work without doing damage to or otherwise compromising the security of the networks they are tasked to analyze?that means no denial-of-service attacks, malicious Trojans or viruses. ?The first rule,? says OWNSAVAOG, ?is ?do no harm.??? So the majority of their work consists of probing their customers? networks, gaining user-level access and demonstrating just how compromised the network can be. Sometimes, the red team will leave an innocuous file on a secure part of a customer?s network as a calling card, as if to say, ?This is your friendly NSA red team. We danced past the comical precautionary measures you call security hours ago. This file isn?t doing anything, but if we were anywhere near as evil as the hackers we?re simulating, it might just be deleting the very government secrets you were supposed to be protecting. Have a nice day!? I?d heard from one of the Department of Defense clients who had previously worked with the NSA red team that OWNSAVAOG and his team had a success rate of close to 100 percent. ?We don?t keep statistics on that,? OWNSAVAOG insisted when I pressed him on an internal measuring stick. ?We do get into most of the networks we target. That?s because every network has some residual vulnerability. It is up to us, given the time and the resources, to find the vulnerability that allows us to access it.? Continued: Why the Pentagon Needs Hackers >>> RELATED STORIES ? SPECIAL REPORT: Fake Chips Reveal Pentagon Network Vulnerabilities ? PM NEWS: Hack on Tibet Groups Could Hint at China's Anti-U.S. Tactic ? BUZZWORD: Inside New Workplace Surveillance Technology ? GLENN DERENE: Archive of PM Tech Editor?s Online-Only Column hacking (Illustration by Headcase Design) MORE NEW DIGITAL SECURITY NEWS ? TECH WATCH: FBI?s Next-Gen ID Databank to Store Face Scans It may seem unsettling to you?it did at first to me?to think that the digital locks protecting our government?s most sensitive information are picked so constantly and seemingly with such ease. But I?ve been assured that these guys are only making it look easy because they?re the best, and that we all should take comfort, because they?re on our side. The fact that they catch security flaws early means that, hopefully, we can patch up the holes before the black hats get to them. And like any good geek at a desk talking to a guy with a really cool job, I wondered just where the NSA finds the members of its superhacker squad. ?The bulk is military personnel, civilian government employees and a small cadre of contractors,? OWNSAVAOG says. The military guys mainly conduct the ops (the actual breaking and entering stuff), while the civilians and contractors mainly write code to support their endeavors. For those of you looking for a gig in the ultrasecret world of red teaming, this top hacker says the ideal profile is someone with ?technical skills, an adversarial mind-set, perseverance and imagination.? Speaking of high-level, top-secret security jobs, this much I now know: The world?s most difficult IT department to work for is most certainly lodged within the Pentagon. Network admins at the Defense Department have to constantly fend off foreign governments, criminals and wannabes trying to crack their security wall?and worry about a bunch of ace hackers with the same DOD stamp on their paychecks. Security is an all-important issue for the corporate world, too, but in that environment there is an acceptable level of risk that can be built into the business model. And while banks build in fraud as part of the cost of doing business, there?s no such thing as an acceptable loss when it comes to national security. I spoke about this topic recently with Mark Morrison, chief information assurance officer of the Defense Intelligence Agency. ?We meet with the financial community because there are a lot of parallels between what the intelligence community needs to protect and what the financial community needs,? Morrison said. ?They, surprisingly, have staggeringly high acceptance levels for how much money they?re willing to lose. We can?t afford to have acceptable loss. So our risk profiles tend to be different, but in the long run, we end up accepting similar levels of risk because we have to be able to provide actionable intelligence to the war fighter.? OWNSAVAOG agrees that military networks should be held to higher standards of security, but perfectly secure computers are perfectly unusable. ?There is a perfectly secure network,? he said. ?It?s one that?s shut off. We used to keep our information in safes. We knew that those safes were good, but they were not impenetrable, and they were rated on the number of hours it took for people to break into them. This is a similar equation.? From rforno at infowarrior.org Tue Jul 1 12:36:21 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Jul 2008 08:36:21 -0400 Subject: [Infowarrior] - TSA Says X-Rayable Laptop Bags are Go Message-ID: <1305FA42-12CE-4D8D-8D12-4E73A16430ED@infowarrior.org> TSA Says X-Rayable Laptop Bags are Go http://gizmodo.com/5020980/tsa-says-x+rayable-laptop-bags-are-go The director of the TSA, Kip Hawley, has spoken to the New York Times and confirmed that x-ray friendly laptop cases will be accepted by the agency as soon as they hit the shelves, potentially bringing an end to the panic that your laptop will go astray in all the fuss at airport checkpoints. We brought you first hints of this back in May, but it looks like the process of getting the bags approved is well underway. And both Targus and Pathfinder Luggage are hoping to have products on sale as soon as September or October. Pathfinder is currently developing two "checkpoint friendly" models: one wheeled trolley with a removable laptop case, one a briefcase that reveals the laptop when it's unzipped. These new foam and nylon cases will set you back between $100 and $200. Targus's x-rayable cases vary from a $39 backpack and a $100 business traveller version. And there are at least four or five other manufacturers also submitting prototypes to the agency for checking. But there's still a catch, of sorts: the TSA is not certifying these bags, and asks that manufacturers use terms like "checkpoint friendly" instead, and avoid buckles pockets or zips in the design. Does that mean your impractical bag won't seal securely and some officious security guard may still make you fish out your laptop anyway, as he doesn't believe it to be "friendly" to the x-ray machine? Time will tell. [] From rforno at infowarrior.org Wed Jul 2 10:38:37 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Jul 2008 06:38:37 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?China_Inspired_Interrogations_at_G?= =?iso-8859-1?q?uant=E1namo?= Message-ID: <60AF6D4B-BD89-4C12-9B9D-E07207E9336B@infowarrior.org> July 2, 2008 China Inspired Interrogations at Guant?namo By SCOTT SHANE http://www.nytimes.com/2008/07/02/us/02detain.html?_r=1&hp=&oref=slogin&pagewanted=print WASHINGTON ? The military trainers who came to Guant?namo Bay in December 2002 based an entire interrogation class on a chart showing the effects of ?coercive management techniques? for possible use on prisoners, including ?sleep deprivation,? ?prolonged constraint,? and ?exposure.? What the trainers did not say, and may not have known, was that their chart had been copied verbatim from a 1957 Air Force study of Chinese Communist techniques used during the Korean War to obtain confessions, many of them false, from American prisoners. The recycled chart is the latest and most vivid evidence of the way Communist interrogation methods that the United States long described as torture became the basis for interrogations both by the military at the base at Guant?namo Bay, Cuba, and by the Central Intelligence Agency. Some methods were used against a small number of prisoners at Guant?namo before 2005, when Congress banned the use of coercion by the military. The C.I.A. is still authorized by President Bush to use a number of secret ?alternative? interrogation methods. Several Guant?namo documents, including the chart outlining coercive methods, were made public at a Senate Armed Services Committee hearing June 17 that examined how such tactics came to be employed. But committee investigators were not aware of the chart?s source in the half-century-old journal article, a connection pointed out to The New York Times by an independent expert on interrogation who spoke on condition of anonymity. The 1957 article from which the chart was copied was entitled ?Communist Attempts to Elicit False Confessions From Air Force Prisoners of War? and written by Alfred D. Biderman, a sociologist then working for the Air Force, who died in 2003. Mr. Biderman had interviewed American prisoners returning from North Korea, some of whom had been filmed by their Chinese interrogators confessing to germ warfare and other atrocities. Those orchestrated confessions led to allegations that the American prisoners had been ?brainwashed,? and provoked the military to revamp its training to give some military personnel a taste of the enemies? harsh methods to inoculate them against quick capitulation if captured. In 2002, the training program, known as SERE, for Survival, Evasion, Resistance, Escape, became a source of interrogation methods both for the C.I.A. and the military. In what critics describe as a remarkable case of historical amnesia, officials who drew on the SERE program appear to have been unaware that it had been created as a result of concern about false confessions by American prisoners. Senator Carl Levin, Democrat of Michigan and chairman of the Senate Armed Services Committee, said after reviewing the 1957 article that ?every American would be shocked? by the origin of the training document. ?What makes this document doubly stunning is that these were techniques to get false confessions,? Mr. Levin said. ?People say we need intelligence, and we do. But we don?t need false intelligence.? A Defense Department spokesman, Lt. Col Patrick Ryder, said he could not comment on the Guant?namo training chart. ?I can?t speculate on previous decisions that may have been made prior to current D.O.D. policy on interrogations,? Colonel Ryder said. ?I can tell you that current D.O.D. policy is clear ? we treat all detainees humanely.? Mr. Biderman?s 1957 article described ?one form of torture? used by the Chinese as forcing American prisoners to stand ?for exceedingly long periods,? sometimes in conditions of ?extreme cold.? Such passive methods, he wrote, were more common than outright physical violence. Prolonged standing and exposure to cold have both been used by American military and C.I.A. interrogators against terrorist suspects. The chart also listed other techniques used by the Chinese, including ?Semi-Starvation,? ?Exploitation of Wounds,? and ?Filthy, Infested Surroundings,? and with their effects: ?Makes Victim Dependent on Interrogator,? ?Weakens Mental and Physical Ability to Resist,? and ?Reduces Prisoner to ?Animal Level? Concerns.? The only change made in the chart presented at Guant?namo was to drop its original title: ?Communist Coercive Methods for Eliciting Individual Compliance.? The documents released last month include an e-mail message from two SERE trainers reporting on a trip to Guant?namo from Dec. 29, 2002, to Jan. 4, 2003. Their purpose, the message said, was to present to interrogators ?the theory and application of the physical pressures utilized during our training.? The sessions included ?an in-depth class on Biderman?s Principles,? the message said, referring to the chart from Mr. Biderman?s 1957 article. Versions of the same chart, often identified as ?Biderman?s Chart of Coercion,? have circulated on anti-cult sites on the Web, where the methods are used to describe how cults control their members. Dr. Robert Jay Lifton, a psychiatrist who also studied the returning prisoners of war and wrote an accompanying article in the same 1957 issue of The Bulletin of the New York Academy of Medicine, said in an interview that he was disturbed to learn that the Chinese methods had been recycled and taught at Guant?namo. ?It saddens me,? said Dr. Lifton, who wrote a 1961 book on what the Chinese called ?thought reform? and became known in popular American parlance as brainwashing. He called the use of the Chinese techniques by American interrogators at Guant?namo a ?180-degree turn.? The harshest known interrogation at Guant?namo was that of Mohammed al- Qahtani, a member of Al Qaeda suspected of being the intended 20th hijacker in the Sept. 11 attacks. Mr. Qahtani?s interrogation involved sleep deprivation, stress positions, exposure to cold and other methods also used by the Chinese. Terror charges against Mr. Qahtani were dropped unexpectedly in May. Officials said the charges could be reinstated later and declined to say whether the decision was influenced by concern about Mr. Qahtani?s treatment. Mr. Bush has defended the use the interrogation methods, saying they helped provide critical intelligence and prevented new terrorist attacks. But the issue continues to complicate the long-delayed prosecutions now proceeding at Guant?namo. Abd al-Rahim al-Nashiri, a Qaeda member accused of playing a major role in the bombing of the American destroyer Cole in Yemen in 2000, was charged with murder and other crimes on Monday. In previous hearings, Mr. Nashiri, who was subjected to waterboarding, has said he confessed to participating in the bombing falsely only because he was tortured. From rforno at infowarrior.org Wed Jul 2 11:01:43 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Jul 2008 07:01:43 -0400 Subject: [Infowarrior] - Article: 1957 China Coercive Interrogation Methods Message-ID: <6E45D540-4BC8-4500-8D97-81499D1C502C@infowarrior.org> (as cited in today's NYT article on Gitmo) ?Communist Coercive Methods for Eliciting Individual Compliance.? Alfred D. Biderman http://www.pubmedcentral.nih.gov/picrender.fcgi?artid=1806204&blobtype=pdf From rforno at infowarrior.org Wed Jul 2 12:55:42 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Jul 2008 08:55:42 -0400 Subject: [Infowarrior] - Fake speed bumps...accidents waiting to happen Message-ID: <4F5882EF-B03B-4F2F-BCA2-FB41CAC333E1@infowarrior.org> Optical illusion helps create fake speed bumps http://www.cnn.com/2008/TECH/06/30/fake.speed.bumps.ap/index.html?eref=rss_tech PHILADELPHIA, Pennsylvania (AP) -- Cathy Campbell did a double-take and tapped the brakes when she spotted what appeared to be a pointy- edged box lying in the road just ahead. A three-dimensional image gives the illusion of speed bumps on a road in Philadelphia. A three-dimensional image gives the illusion of speed bumps on a road in Philadelphia. She got fooled. It was a fake speed bump, a flat piece of blue, white and orange plastic that is designed to look like a 3-D pyramid from afar when applied to the pavement. The optical illusion is one of the latest innovations being tested around the country to discourage speeding. "It cautions you to slow down because you don't know what you are facing," Campbell said. A smaller experiment two years ago in the Phoenix area found the faux speed bumps slowed traffic, at least temporarily. Now, in a much bigger test that began earlier this month, the National Highway Traffic Safety Administration wants to find out if the markers can also reduce pedestrian accidents. The fake bumps are being tested on a section of road in a business and residential area in Philadelphia's northeastern corner. But soon they will also be popping up -- or looking that way -- on 60 to 90 more streets where speeding is a problem. The 3-D markings are appealing because, at $60 to $80 each, they cost a fraction of real speed bumps (which can run $1,000 to $1,500) and require little maintenance, said Richard Simon, deputy regional administrator for the highway safety administration. On one of three streets tested in the Phoenix trial, the percentage of drivers who obeyed the 25 mph speed limit nearly doubled. But the effect wore off after a few months. "Initially they were great," said the Phoenix Police traffic coordinator, Officer Terry Sills. "Until people found out what they were." Learning from the experience in Arizona, authorities are adding a publicity campaign in Philadelphia to let drivers know that the phony speed bumps will be followed by very real police officers, said Richard Blomberg, a contractor in charge of the study. Even after motorists adjust, the fake bumps will act like flashing lights in a school zone, reminding drivers they are in an area where they should not be speeding, he said. "After awhile the novelty wears off, but not the conspicuous effect," Blomberg said. For increased nighttime visibility, the markers, made by Japan's Sekisui Jushi Corp., contain reflective glass beads. They are the latest in a long list of traffic calming devices in use across the country, including various types of real bumps, dips, traffic circles and roundabouts. Proponents say fake bumps require little engineering or planning and can work in places where real humps or dips in the road may not be acceptable -- such as near a firehouse. Philadelphia officials said they at least want to give them a shot. The Associated Press interviewed about two dozen people who have driven over the fake bumps, and only a few said they braked for them. Al Stevens and his 17-year-old son Andrew live nearby and said they both encountered the illusions but with different results. Al Stevens saw them and kept going. His son, who has had a license for just two weeks, braked for them. "I thought it was art," Andrew Stevens said. "I noticed they slow you down." Michael Serendus said his 80-year-old father has recently found it much easier to get out of his condominium complex because traffic has slowed down. But he attributed the change to the real speed bumps nearby, not the fake ones that drivers see first. "It gives an extra warning that the speed hump is coming," Serendus said. From rforno at infowarrior.org Thu Jul 3 00:27:26 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Jul 2008 20:27:26 -0400 Subject: [Infowarrior] - Terror watch uses local eyes Message-ID: Terror watch uses local eyes Privacy advocates worry that officers' snooping will entangle innocent people. By Bruce Finley The Denver Post Article Last Updated: 06/29/2008 09:10:42 AM MDT http://www.denverpost.com/commented/ci_9732641?source=commented-news Hundreds of police, firefighters, paramedics and even utility workers have been trained and recently dispatched as "Terrorism Liaison Officers" in Colorado and a handful of other states to hunt for "suspicious activity" ? and are reporting their findings into secret government databases. It's a tactic intended to feed better data into terrorism early- warning systems and uncover intelligence that could help fight anti- U.S. forces. But the vague nature of the TLOs' mission, and their focus on reporting both legal and illegal activity, has generated objections from privacy advocates and civil libertarians. "Suspicious activity" is broadly defined in TLO training as behavior that could lead to terrorism: taking photos of no apparent aesthetic value, making measurements or notes, espousing extremist beliefs or conversing in code, according to a draft Department of Justice/Major Cities Chiefs Association document. All this is anathema to opponents of domestic surveillance. Yet U.S. intelligence and homeland security officials say they support the widening use of TLOs ? state-run under federal agreements ? as part of a necessary integrated network for preventing attacks. "We're simply providing information on crime-related issues or suspicious circumstances," said Denver police Lt. Tony Lopez, commander of Denver's intelligence unit and one of 181 individual TLOs deployed across Colorado. "We don't snoop into private citizens' lives. We aren't living in a communist state." Local watchdogs Among recent activities the Colorado contingent detailed: ? Thefts of copper that could be used in bomb-making. ? Civilians impersonating police officers and stopping vehicles ? of particular concern with the pending Democratic National Convention in Denver. ? Graffiti showing a man holding an AK-47 rifle. ? Men filming the Dillon dam that holds Denver's water. ? Overheard threats. ? Widespread thefts of up to 20 propane gas tanks. Future terrorism "is going to be noticed earliest at the most local level," said Robert Riegle, director of state and local programs for the U.S. Department of Homeland Security in Washington. Civil liberties watchdogs warn of unprecedented new threats to privacy. "The problem is, you're drafting individuals whose job isn't law enforcement to spy on ordinary Americans and report their activities to the government," said John Verdi, director of the open-government project at the Electronic Privacy Information Center. In Colorado, TLOs report not only illegal but legal activity, such as bulk purchases along Colorado's Front Range of up to 150 disposable cellphones. TLO supervisors said these bulk buys were suspicious because similar phones are used as remote detonators for bombs overseas and can be re-sold to fund terrorism. Taking photos or videos can be deemed suspicious because "surveillance is a precursor to terrorist activity," said Colorado State Patrol Sgt. Steve Garcia, an analyst in Colorado's intelligence fusion center south of Denver, which handles TLO-supplied information. Colorado, California and Arizona are among the first to deploy TLOs after establishing robust state-run fusion centers, which initially relied on tips from private citizens. Federal security agents now sit in 25 of those centers, including Colorado's. Florida, Illinois, Tennessee, Wisconsin and Washington, D.C., also have deployed TLOs, and authorities in dozens of states are preparing to do so, said Norm Beasley, a retired Arizona trooper who has popularized the practice. 181 in Colorado In Colorado, TLO training began last year, with FBI assistance. A three-day seminar presented material on how to recognize and stop suicide bombers and included discussion of civil liberties. State officials declined to release the course syllabus or say specifically how far TLOs are allowed to go in search of information without a warrant. The 181 TLOs in Colorado were deployed without any announcement over the past year and are posted widely from Durango in the mountains to metro Denver to La Junta on the eastern prairie. "The thing that's surprising is how much stuff is out there," said Denver West Metro Fire Capt. Mike Kirkpatrick, who declined to specify observations he has submitted, saying some led to investigations. National intelligence chiefs who coordinate the CIA and 15 other agencies launched an initiative this month to define "suspicious activity" for TLOs and develop a process for handling TLO information so that basic freedoms and privacy are protected, said John Cohen, information-sharing spokesman in the Office of the Director of National Intelligence. Training is crucial "because what we don't want is just people documenting innocent activities. We don't want police officers focusing on people because of their ethnicity and religion," Cohen said. "What we're advocating for is developing a standardized process that can be put in place across the country so that frontline police officers (and others) are trained to recognize behaviors associated with certain activities related to terrorism," he said. Major city police chiefs are participating. "You can't profile. So you have to have behavior-based indicators of criminal activity where it's terrorism or activity that supports terrorism," said Tom Frazier, executive director of the Major Cities Chiefs Association. Civil libertarians questioned why firefighters, paramedics and corporate employees ? such as Xcel Energy and railroad officials in Colorado ? are drafted into the effort. They say public trust in emergency responders will suffer. The emerging TLO system "empowers the police officer to poke his nose into your business when you're doing absolutely nothing wrong. It moves the police officer away from his core function, to enforce the law, into being an intelligence officer gathering information about people," said Mike German, a 16-year FBI agent now advising the American Civil Liberties Union. "Where are we going to draw the line?" Bruce Finley: 303-954-1700 or bfinley at denverpost.com "Suspicious Activity" and Terrorism Federal authorities currently define suspicious activity as: "Observed behavior that may be indicative of intelligence-gathering or pre- operational planning related to terrorism, criminal, or other illicit intention." The authorities are considering a broadened definition: "Reported or observed activity and/or behavior that, based on an officer's training and experience, is believed to be indicative of criminal activity associated with terrorism." Here are examples of specific behaviors that terrorism liaison officers deployed in Colorado and a handful of other states are told to watch for and report. ? Engages in suspected pre-operational surveillance (uses binoculars or cameras, takes measurements, draws diagrams, etc.) ? Appears to engage in counter-surveillance efforts (doubles back, changes appearance, drives evasively, etc.) ? Engages security personnel in questions focusing on sensitive subjects (security information, hours of operation, shift changes, what security cameras film, etc.) ? Takes pictures or video footage (with no apparent aesthetic value, for example, camera angles, security equipment, security personnel, traffic lights, building entrances, etc.) ? Draws diagrams or takes notes (building plans, location of security cameras or security personnel, security shift changes, notes of weak security points, etc.) ? Abandons a vehicle (in a secured or restricted location, such as the front of a government building, airport, sports venue, etc.) ? Makes or attempts to make suspicious purchases, such as large amounts of otherwise legal materials (for example, pool chemicals, fuel, fertilizer, potential explosive-device components, etc.) ? Acquires or attempts to acquire uniforms without a legitimate cause (service personnel, government uniforms, etc.) ? Acquires or attempts to acquire an official or official-appearing vehicle without a legitimate cause (such as an emergency or government vehicle, etc.) Source: U.S. Department of Justice, Major Cities Chiefs Association and Department of Homeland Security final draft of the Suspicious Activity Report Support and Implementation Project From rforno at infowarrior.org Sat Jul 5 14:07:10 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 5 Jul 2008 10:07:10 -0400 Subject: [Infowarrior] - More on the Shock-Bracelet for passengers Message-ID: <49274893-20BF-42DF-ACCC-54D62E9F5592@infowarrior.org> This is the story that refuses to die, it seems. The promo video is from 2002-03 and has a distinct "immediate post-9/11" feel to it. Though if this idea is being taken seriously for DHS as the article suggests, than we as a country, let alone a travelling public, have much to worry, if not fear about DHS and our country's direction as a whole. But in the name of homeland hysteria, nothing's too good to pitch, promote, and profit from, right? (What happens if the next Big Attack comes via subway or bus? Do we outfit all passengers with shock- em-safe devices? Again, we continue to fight the last war.) If this comes to pass (I doubt it, but you never know with the security idiocy in post-9/11 Washington), I predict a) a sudden demise of the business and tourism travel industries, b) the rapid consolidation of the American airline industry, and c) a sharp increase in the use of videoconference technology by both business and families alike. And a stronger d)istrust of the federal government and more outspoken questions about "what our country turning into" by the ordinarily ignorant general public. So having said that, Happy Independence Day weekend, dear readers. -rf http://www.washingtontimes.com/weblogs/aviation-security/2008/Jul/01/want-some-torture-with-your-peanuts/ Want some torture with your peanuts? Aviation Security POSTED 2:18 PM BY P. JEFFREY BLACK & JEFFREY DENNING By Jeffrey Denning Just when you thought you've heard it all... A senior government official with the U.S. Department of Homeland Security (DHS) has expressed great interest in a so-called safety bracelet that would serve as a stun device, similar to that of a police TaserR. According to this promotional video found at the Lamperd Less Lethal website, the bracelet would be worn by all airline passengers. (Video link: http://www.lamperdlesslethal.com/video_gallery.asp?video=http://www.lamperdlesslethal.com/video/EMDsafetybracelet.flv&title=) This bracelet would: . take the place of an airline boarding pass . contain personal information about the traveler . be able to monitor the whereabouts of each passenger and his/her luggage . shock the wearer on command, completely immobilizing him/her for several minutes The Electronic ID Bracelet, as it's referred to as, would be worn by every traveler "until they disembark the flight at their destination." Yes, you read that correctly. Every airline passenger would be tracked by a government-funded GPS, containing personal, private and confidential information, and that it would shock the customer worse than an electronic dog collar if he/she got out of line? Clearly the Electronic ID Bracelet is an euphuism for the EMD Safety Bracelet, or at least it has a nefarious hidden ability, thus the term ID Bracelet is ambiguous at best. EMD stands for Electro-Musclar Disruption. Again, according to the promotional video the bracelet can completely immobilize the wearer for several minutes. So is the government really that interested in this bracelet? Yes! According to a letter from DHS official, Paul S. Ruwaldt of the Science and Technology Directorate, office of Research and Development, to the inventor whom he had previously met with, he wrote, "To make it clear, we [the federal government] are interested in.the immobilizing security bracelet, and look forward to receiving a written proposal." The letterhead, in case you were wondering, came from the DHS office at the William J. Hughes Technical Center at the Atlantic City International Airport, or the Federal Aviation Administration headquarters. In another part of the letter, Mr. Ruwaldt confirmed, "It is conceivable to envision a use to improve air security, on passenger planes." Would every paying airline passenger flying on a commercial airplane be mandated to wear one of these devices? I cringe at the thought. Not only could it be used as a physical restraining device, but also as a method of interrogation, according to the same aforementioned letter from Mr. Ruwaldt. Would you let them put one of those on your wrist? Would you allow the airline employees, which would be mandated by the government, to place such a bracelet on any member of your family? Why are tax dollars being spent on something like this? Is this a police state or is it America? As we approach July 4th, Independence Day, I can't help but think of the blessing we have of living in America and being free from hostile government forces. It calls to mind on of my favorite speeches given by an American Founding Forefather, Patrick Henry, who said, "Is life so dear, or peace so sweet, as to be purchased at the price of chains and slavery? Forbid it, Almighty God! I know not what course others may take; but as for me, give me liberty or give me death!" From rforno at infowarrior.org Tue Jul 8 20:51:42 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Jul 2008 16:51:42 -0400 Subject: [Infowarrior] - Major DNS vulnerability announced Message-ID: http://www.kb.cert.org/vuls/id/800113 Vulnerability Note VU#800113 Multiple DNS implementations vulnerable to cache poisoning Overview Deficiencies in the DNS protocol and common DNS implementations facilitate DNS cache poisoning attacks. I. Description The Domain Name System (DNS) is responsible for translating host names to IP addresses (and vice versa) and is critical for the normal operation of internet-connected systems. DNS cache poisoning (sometimes referred to as cache pollution) is an attack technique that allows an attacker to introduce forged DNS information into the cache of a caching nameserver. DNS cache poisoning is not a new concept; in fact, there are published articles that describe a number of inherent deficiencies in the DNS protocol and defects in common DNS implementations that facilitate DNS cache poisoning. The following are examples of these deficiencies and defects: < - > II. Impact An attacker with the ability to conduct a successful cache poisoning attack can cause a nameserver's clients to contact the incorrect, and possibly malicious, hosts for particular services. Consequently, web traffic, email, and other important network data can be redirected to systems under the attacker's control. < - > http://www.kb.cert.org/vuls/id/800113 From rforno at infowarrior.org Tue Jul 8 20:51:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Jul 2008 16:51:54 -0400 Subject: [Infowarrior] - One Subpoena Is All It Takes to Reveal Your Online Life Message-ID: One Subpoena Is All It Takes to Reveal Your Online Life By Saul Hansell http://bits.blogs.nytimes.com/2008/07/07/the-privacy-risk-from-the-courts/index.html Whenever questions are raised about privacy, big online companies talk about how benign their plans are for using data about their customers: Much data is anonymous, they say, and even the information that is linked to individuals is only meant to offer users a more personal experience tailored to their interests. They never talk about subpoenas. Yet in the United States, one of the biggest privacy issues is what information about people can be revealed through a court process, either as part of a criminal investigation or in some sort of civil dispute. This article I wrote in 2006 gives some examples. The issue came up again last week when Google was ordered by a court to turn over records of activity on YouTube, including the user names and Internet Protocol (IP) addresses of people who watched videos. A judge agreed with Viacom that the records could assist its case arguing that YouTube has infringed on its copyrights. There is nothing special about the way the law treats the Internet here. All sorts of records, from your health club dues to your auto repair history, can be drawn into all manner of legal proceedings, and the records of Internet companies are generally no different. There is a higher standard for the disclosure of the content of e-mail messages under the Electronic Communications Privacy Act, but there are many ways for investigators to get access to e-mail as well, particularly if the user has already read it. (The law has traditionally given greater protection to a sealed envelope in a post office than to an opened letter sitting on a person?s desk.) But Internet companies are different from other businesses that keep records about their customers. A person?s activity online represents an unusually broad picture of his or her interests, transactions and social relationships. Moreover, it is the nature of computers to keep records of all of the bits of data they process. Much of this data is spread among various different companies and their servers. But these puzzle pieces can be put together. This is the key fact that so much of the discussion about I.P. addresses skips past. The way the Internet is set up now, an I.P. address, by itself, doesn?t identify an individual user. But an I.P. address can be traced to a specific Internet service provider, and with a subpoena, the Internet provider can be forced to identify which of their customers was assigned a particular I.P. address at a particular time. That is how the recording industry has been identifying and suing people who use file sharing programs. Viacom says that it isn?t going to use the information from Google to sue individual YouTube users for copyright infringement, but there is nothing under the law to stop it from doing so. It?s easy to skip past this part of the privacy debate. After all, the overwhelming majority of log files at Internet companies are boring and meaningless. But every now and then there is a tidbit that has meaning to someone: It could be a clue to solve a horrible crime. It could be a fact that could tip the balance in a dispute over, say, child custody or an employment contract. Or it could be a salacious detail that could embarrass ? rightly or wrongly ? a public figure. All this raises questions that I think Internet companies, privacy regulators and Congress would be wise to take stock of: * How much data should be retained by Internet companies and for how long? * What should Internet users be told about what sort of information could be disclosed about them in response to a legal action or government request? * Should there be new laws that define more clearly what the standards are for disclosing online surfing and searching activity? There is certainly a history of laws that create special privacy regimes for various domains, such as financial and medical records. Congress even protected records about what movies you rent and television channels you watch. Aren?t the records of where you surf, and for that matter, the videos you choose to upload to YouTube, worth at least as much protection? From rforno at infowarrior.org Wed Jul 9 22:44:31 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Jul 2008 18:44:31 -0400 Subject: [Infowarrior] - Senate Backs Wiretap Bill to Shield Phone Companies Message-ID: <8998F6A7-4CAE-41F4-B079-5259271E0F7E@infowarrior.org> July 10, 2008 Senate Backs Wiretap Bill to Shield Phone Companies By ERIC LICHTBLAU http://www.nytimes.com/2008/07/10/washington/10fisa.html?_r=1&hp=&oref=slogin&pagewanted=print WASHINGTON ? More than two and a half years after the disclosure of President?s Bush?s domestic eavesdropping program set off a furious national debate, the Senate gave final approval on Wednesday afternoon to broadening the government?s spy powers and providing legal immunity for the phone companies that took part in the wiretapping program. The plan, approved by a vote of 69 to 28, marked one of Mr. Bush?s most hard-won legislative victories in a Democratic-led Congress where he has had little success of late. Both houses, controlled by Democrats, approved what amounted to the biggest restructuring of federal surveillance law in 30 years, giving the government more latitude to eavesdrop on targets abroad and at home who are suspected of links to terrorism. The issue put Senator Barack Obama of Illinois, the presumptive Democratic nominee, in a particularly precarious spot. After long opposing the idea of immunity for the phone companies in the wiretapping operation, he voted for the plan on Wednesday. His reversal last month angered many of his most ardent supporters, who organized an unsuccessful drive to get him to reverse his position once again. And it came to symbolize what civil liberties advocates saw as ?capitulation? by Democratic leaders to political pressure from the White House in an election year. Senator Hillary Rodham Clinton of New York, who was Mr. Obama?s rival for the Democratic presidential nomination, voted against the bill. The outcome was a stinging defeat for opponents who had urged Democratic leaders to stand firm against the White House after a months-long impasse. ?I urge my colleagues to stand up for the rule of law and defeat this bill,? Senator Russell D. Feingold, Democrat of Wisconsin, said in closing arguments. But Senator Christopher S. Bond, the Missouri Republican who is vice chairman of the Senate Intelligence Committee, said there was nothing to fear in the bill ?unless you have Al Qaeda on your speed dial.? Supporters of the plan, which revised the Foreign Intelligence Surveillance Act, said that the final vote reflected both political reality and legal practicality. Wiretapping orders approved by a secret court under the previous version of the surveillance law were set to begin expiring in August unless Congress acted, and many Democrats were wary of going into their political convention in Denver next month with the issue hanging over them?handing the Republicans a potent political weapon. Voting for the bill were 47 Republicans, 21 Democrats and an independent, Senator Joseph I. Lieberman of Connecticut. Twenty-seven Democrats and Senator Bernard Sanders, independent of Vermont, voted against it. Not voting were Senators; John McCain of Arizona, campaigning for the Republican presidential nomination, and Jeff Sessions, Republican of Alabama, both of whom would have been expected to voted ?yes? Senator Edward M. Kennedy, Democrat of Massachusetts, who was a sharp critic of the bill, was not present for the vote, but later returned to the floor to applause after being sidelined with cancer. The surveillance plan, which Mr. Bush is expected to sign into law quickly, was the product of months of negotiations between the White House and Democratic and Republican leaders, earning the grudging support of some leading Democrats. Senator John D. Rockefeller IV, the West Virginia Democrat who leads the intelligence committee and helped broker the deal, said modernizing the 1978 Foreign Intelligence Surveillance Act was essential to protecting national security and giving intelligence officials the technology tools they need to deter another terrorist strike. But he said the plan ?was made even more complicated by the president?s decision, in the aftermath of September 11, 2001, to go outside of F.I.S.A. rather than work with Congress to fix it.? He was referring to the secret program approved by Mr. Bush weeks after the Sept. 11 that allowed the National Security Agency, in a sharp legal and operational shift, to wiretap the international communications of Americans suspected of links to Al Qaeda without first getting court orders. Disclosure of the program in December 2005 by The New York Times led to lawsuits and condemnation from critics, including one federal judge who ruled that the program was illegal, only to be overruled on appeal. It also set off many rounds of abortive attempts in Congress to find a legislative solution. The key stumbling block in the congressional negotiations was the insistence by the White House that any legislation include legal immunity for the phone companies that took part in the wiretapping program. The program itself ended in January 2007, when the White House agreed to bring it under the auspices of the special court set up by the earlier surveillance law, known as the F.I.S.A. court. Still, more than 40 lawsuits continued churning through federal courts, charging AT&T, Verizon and other major carriers with breaking the law and violating their customers? privacy by agreeing to the White House?s requests to conduct wiretaps without a valid court order. The deal approved on Wednesday, which passed the House on June 20, effectively ends those lawsuits. It includes a narrow review by a district court to determine whether in fact the companies being sued received formal requests or directives from the administration to take part in the program. The administration has already acknowledged that those directives exist. Once such a finding is made, the lawsuits ?shall be promptly dismissed,? the bill says. Republican leaders say they regard the process as a formality in ensuring that the phone carriers are protected from any legal liability over their participation. Liberal Democrats in the Senate, led by Senators Feingold and Christopher J. Dodd of Connecticut, sought in vain to pare down the proposal. An amendment sponsored by Mr. Dodd to strip the immunity provision from the bill was defeated, 66 to 32. Two other amendments were also rejected. One, offered by Senator Arlen Specter, Republican of Pennsylvania, would have required that a district court judge assess the legality of warrantless wiretapping before granting immunity. It lost by 61 to 37. The other, which would have postponed immunity for a year pending a federal investigation, was offered by Senator Jeff Bingaman, Democrat of New Mexico. It was defeated by 56 to 42. Lawyers involved in the lawsuits against the phone companies promised to challenge the immunity provision in federal court, although their prospects appeared dim. ?The law itself is a massive intrusion into the due process rights of all of the phone subscribers who would be a part of the suit,? said Bruce Afran, a New Jersey lawyer who represents several hundred plaintiffs in one lawsuit against Verizon and other companies. ?It is a violation of the separation of powers. It?s presidential election- year cowardice. The Democrats are afraid of looking weak on national security.? The legislation also expands the government?s power to invoke emergency wiretapping procedures. While the National Security Agency would be allowed to seek court orders for broad groups of foreign targets, the law creates a new, 7-day period for targeting foreigners without a court order in ?exigent? circumstances if government officials assert that important national security information would be lost otherwise. The law also expands from three to seven days the period in which the government can conduct emergency wiretaps without a court on Americans if the attorney general certifies that there is probable cause to believe the target is linked to terrorism. Democrats pointed to some concessions they had won from the White House in the lengthy negotiations. The final bill includes a reaffirmation that the surveillance law is the ?exclusive? means of conducting intelligence wiretaps ? a provision that House Speaker Nancy Pelosi and other Democrats insisted would prevent Mr. Bush or any future president from evading court scrutiny in the way that the N.S.A. program did. The measure will also require reviews by the inspectors general from several agencies to determine how the program was operated. Democrats said that the reviews should provide accountability that had been missing from the debate over the wiretaps. David Stout contributed reporting. From rforno at infowarrior.org Wed Jul 9 22:53:19 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Jul 2008 18:53:19 -0400 Subject: [Infowarrior] - Repression in Austria over PGP keys Message-ID: <9B8AB4DF-9E02-4156-A3CC-E7DB8127D146@infowarrior.org> Repression in Austria over PGP keys Tuesday, July 08 2008 @ 09:38 PM CDT In the early hours of May 21st a police raid against over 20 animal protectionists took place throughout Austria. Ten people were arrested. Over twenty homes and offices, including the office of the VGT (Association against Animal Factories) were searched, mostly by special police squads, which in some cases entered premises by breaking down the door and threatening inhabitants at gun point. Computers, complete with donator data bases, papers, including the book keeping and other items of property were seized and apart from a few exceptions, nothing has yet been returned. < - > It has been inferred by the prosecution that because some of the detainees use PGP to protect their data from unauthorised misuse that they belong to a criminal organization. It is as if one should be regarded as suspicious for locking one's door. < - > http://news.infoshop.org/article.php?story=20080708213849837 From rforno at infowarrior.org Thu Jul 10 18:11:52 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Jul 2008 14:11:52 -0400 Subject: [Infowarrior] - Clarification & Correction Message-ID: <669C8285-0E74-4897-8FA5-A0B040080609@infowarrior.org> In reference to the article "Repression in Austria over PGP keys" posted to infowarrior-l and other email lists yesterday, some misguided soul thinks I penned that article and unloaded a public rant blaming me for the article's contents. As such, the following note was sent to that list (Dave's IP list) and is being reposted here as well: "A clarification to you and your readers is called for regarding Steven Manning's comment about an item I posted to the IP list yesterday. Steven apparently does not realize that I did NOT write the article --- I made no judgment call about the content of the article, but merely passed it along to IP as a possible item of interest to your readers. I resent the accusation by Steven that those are my words. As you and others know, were I to pen an article, it would be published under my own name and posted on my own website -- and not through the veneer of bloggish anonymity. If he has problems with the article's content, may I suggest he contact 'Anonymous' on the site cited in the article link to voice his concerns and not blame the messenger. Indeed, as Steven says, homework is indispensable. Thanks for making this known to your readers." Cheers -rick infowarrior.org From rforno at infowarrior.org Thu Jul 10 20:27:05 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Jul 2008 16:27:05 -0400 Subject: [Infowarrior] - The Problems with the FISA Bill Message-ID: A Threat to the Privacy Rights of All Americans The Problems with the FISA Bill By Sen. RUSS FEINGOLD http://www.counterpunch.org/feingold07092008.html A number of Senators came to the floor prior to the Fourth of July recess to debate the FISA legislation, and more debate has occurred this week. We have heard arguments for and against the legislation, and Senators have cited a variety of reasons for their positions. Several have defended the bill by arguing that the legislation includes improvements compared to the Senate bill we passed earlier this year. I was not surprised to hear that line of argument. I agree that there are some improvements to the Senate bill contained in the legislation that we are now considering. But those changes are not nearly enough to justify supporting the bill, as I will explain in a few moments. I was surprised to hear, however, several Senators still defending the legality of the President?s warrantless wiretapping program, and still arguing that Congress had somehow signed off on this program years ago because the Gang of Eight was notified. Mr. President, I thought we were well past these arguments. Two and a half years after this illegal program became public, I cannot believe that we are still debating the legality of this program on the Senate floor, and that anyone seriously believes that merely notifying the Gang of Eight ? while keeping the full intelligence committees in the dark -- somehow represents congressional approval. Mr. President, it could not be clearer that this program broke the law, and this President broke the law. Not only that, but this administration affirmatively misled Congress and the American people about it for years before it finally became public. So if we are going to go back and discuss these issues that I thought had long since been put to rest, let?s cover the full history. Here is the part of the story that some seem to have forgotten. In January 2005, eleven months before the New York Times broke the story of the illegal wiretapping program, I asked then-White House Counsel Alberto Gonzales at his confirmation hearing to be Attorney General whether the President had the power to authorize warrantless wiretaps in violation of the criminal law. Neither I nor the vast majority of my colleagues knew it then, but the President had authorized the NSA program three years before, and Mr. Gonzales was directly involved in that issue as White House Counsel. At his confirmation hearing, he first tried to dismiss my question as ?hypothetical.? He then testified that ?it?s not the policy or the agenda of this President to authorize actions that would be in contravention of our criminal statutes.? Well, Mr. President, the President?s wiretapping program was in direct contravention of our criminal statutes. Mr. Gonzales knew that, but he wanted the Senate and the American people to think that the President had not acted on the extreme legal theory that the President has the power as Commander in Chief to disobey the criminal laws of this country. The President, too, misled Congress and the American public. In 2004 and 2005, when Congress was considering the reauthorization of the USA Patriot Act, the President went out of his way to assure us that his administration was getting court orders for wiretaps, all the while knowing full well that his warrantless wiretapping program was ongoing. Here?s what the President said on April 20, 2004: ?Now, by the way, any time you hear the United States government talking about wiretap, it requires ? a wiretap requires a court order. Nothing has changed, by the way. When we?re talking about chasing down terrorists, we?re talking about getting a court order before we do so.? And again, on July 14, 2004: ?The government can?t move on wiretaps or roving wiretaps without getting a court order.? And listen to what the President said on June 9, 2005: ?Law enforcement officers need a federal judge?s permission to wiretap a foreign terrorist?s phone, a federal judge?s permission to track his calls, or a federal judge?s permission to search his property. Officers must meet strict standards to use any of these tools. And these standards are fully consistent with the Constitution of the U.S.? So please, let?s not pretend that the highly classified notification to the Gang of Eight, delivered while the President himself was repeatedly presenting a completely different picture to the public, suggests that Congress somehow acquiesced to this program. As the members of this body well know, several members of the Gang of Eight at the time raised concerns when they were told about this, and several have since said they were not told the full story. And of course all of them were instructed not to share what they had learned with a single other person. Mr. President, I also cannot leave unanswered the arguments mounted in defense of the legality of the NSA program. I will not spend much time on the argument that the Authorization for Use of Military Force that Congress passed on September 18, 2001, authorized this program. That argument has been thoroughly discredited. In the AUMF, Congress authorized the President to use military force against those who attacked us on 9/11, a necessary and justified response to the attacks. We did not authorize him to wiretap American citizens on American soil without going through the judicial process that was set up nearly three decades ago precisely to facilitate the domestic surveillance of spies and terrorists. Senators have also dragged out the same old tired arguments about the President?s supposed inherent executive authority to violate FISA. They argue that a law passed by Congress can?t trump the President?s power under the Constitution. That argument may sound good, but it assumes what it is trying to prove ? that the Constitution gives the President the power to authorize warrantless wiretaps in certain cases. You can?t simply say that any claim of executive power prevails over a statute ? at least, not if you are serious about the rule of law, and about how to interpret the Constitution. The real question is, when a claim of executive power and a statute arguably conflict, how do you resolve that conflict? Fortunately, the Supreme Court has told us how to answer that question. We are talking here about the President acting in direct violation of a criminal statute. That means his power was, as Justice Jackson said in his famous and influential concurrence in the Steel Seizure cases half a century ago, ?at its lowest ebb.? In other words, when a President argues that he has the power to violate a specific law, he is on shaky ground. That?s not just my opinion ? it?s what the Supreme Court has made clear. No less an authority than the current Chief Justice of the United States, John Roberts, repeatedly recognized in his confirmation hearings that Justice Jackson?s three- part test is the appropriate framework for analyzing questions of executive power. In early 2006, a distinguished group of law professors and former executive branch officials wrote a letter pointing out that ?every time the Supreme Court has confronted a statute limiting the Commander-in-Chief?s authority, it has upheld the statute.? The Senate reports issued when FISA was enacted confirm the understanding that FISA overrode any pre-existing inherent authority of the President. The 1978 Senate Judiciary Committee report stated that FISA ?recognizes no inherent power of the president in this area.? And ?Congress has declared that this statute, not any claimed presidential power, controls.? And contrary to what has been said on this floor, no court has ever approved warrantless surveillance in violation of FISA based on some theory of Article II authority. The Truong case that so often gets hauled out to make this argument was a Vietnam-era case based on surveillance that occurred before FISA was enacted, so it could not have decided this issue. And the issue before the FISA Court of Review in 2002 had nothing to do with inherent presidential authorities. Yet these cases are repeatedly cited by supporters of the President, complete with large charts of the supposedly relevant quotations. The fact is that not a single court ? not the Supreme Court or any other court ? has considered whether, after FISA was enacted, the President nonetheless had the authority to bypass it and authorize warrantless wiretaps. In fact, Mr. President, as the Senator from Pennsylvania and I discussed on the floor yesterday, just last week a federal district court strongly indicated that were it to reach that issue, it would find that the President must in fact follow FISA. The court was considering whether the state secrets privilege applies to claims brought under the FISA civil liability provisions, and found that it does not. Its reasoning was based on the conclusion that Congress had spoken clearly that it intended FISA and the criminal wiretap laws to be the exclusive means by which electronic surveillance is conducted, and had fully occupied the field in this area, replacing any otherwise applicable common law. Here is what the court said: ?Congress appears clearly to have intended to ? and did ? establish the exclusive means for foreign intelligence surveillance activities to be conducted. Whatever power the executive may otherwise have had in this regard, FISA limits the power of the executive branch to conduct such activities...? And a district court in Michigan also has held that the President?s wiretapping program was unconstitutional, although that decision was reversed on procedural grounds by the Sixth Circuit. So to the extent there is any case law that actually addresses this issue, it undercuts the administration?s arguments. It certainly does not support those arguments. Mr. President, we also have heard that past American presidents have cited executive authority to order warrantless surveillance. But of course those past presidents ? Presidents Wilson and Roosevelt are often cited ? were acting before the Supreme Court decided in 1967 that our communications are protected by the Fourth Amendment, and before Congress decided in 1978 that the executive branch can no longer unilaterally decide which Americans to wiretap. So those examples are simply not relevant. In sum, the arguments that the President has inherent executive authority to violate the law are baseless. It?s not even a close case. And the repeated efforts here in the Senate to pretend otherwise are very discouraging. Mr. President, it may seem that I am going over ancient history because this program is no longer operating outside the law. But this is directly relevant to the current debate. The bill the Senate is considering would grant retroactive immunity to any companies that cooperated with a blatantly illegal program that went on for more than five years ? and that the administration repeatedly misled Congress about. If Congress short-circuits these lawsuits, we will have lost a prime opportunity to finally achieve accountability for these years of law- breaking. That?s why the administration has been fighting so hard for this immunity. It knows that the cases that have been brought directly against the government face much more difficult procedural barriers, and are unlikely to result in rulings on the merits. These lawsuits may be the last chance to obtain a judicial ruling on the lawfulness of the warrantless wiretapping program. It?s bad enough that Congress abdicated its responsibility to hold the President accountable for breaking the law. Now it is trying to absolve those who allegedly participated in his lawlessness. Mr. President, this body should be condemning this administration for its law-breaking ? not letting the companies that allegedly cooperated off the hook. And this body certainly should not grant the government new, over- expansive surveillance authorities, which brings me to the part of the bill that in some ways concerns me even more than the immunity provision. Let me explain why I am so concerned about the new surveillance powers granted in this bill, and why the modest improvements made to this part of the bill don?t go nearly far enough. First, the FISA Amendments Act would authorize the government to collect all communications between the U.S. and the rest of the world. That could mean millions upon millions of communications between innocent Americans and their friends, families, or business associates overseas could legally be collected. Parents calling their kids studying abroad, emails to friends serving in Iraq ? all of these communications could be collected, with absolutely no suspicion of any wrongdoing, under this legislation. Second, like the earlier Senate version, this bill fails to effectively prohibit the practice of reverse targeting ? namely, wiretapping a person overseas when what the government is really interested in is listening to an American here at home with whom the foreigner is communicating. The bill does have a provision that purports to address this issue. It prohibits intentionally targeting a person outside the U.S. without an individualized court order if, quote, ?the purpose? is to target someone reasonably believed to be in the U.S. At best, this prevents the government from targeting a person overseas as a complete pretext for getting information on someone in the U.S. But this language would permit intentional and possibly unconstitutional warrantless surveillance of an American so long as the government has any interest, no matter how small, in the person overseas with whom the American is communicating. The bill does not include language that had the support of the House and the vast majority of the Senate?s Democratic caucus, to require the government to obtain a court order whenever a significant purpose of the surveillance is to acquire the communications of an American in the U.S. The administration?s refusal to accept that reasonable restriction on its power is telling. Third, the bill before us imposes no meaningful consequences if the government initiates surveillance using procedures that have not been approved by the FISA Court, and the FISA Court later finds that those procedures were unlawful. Say, for example, the FISA Court determines that the procedures were not even reasonably designed to wiretap foreigners outside the U.S., rather than Americans here at home. Under the bill, all that illegally obtained information on Americans can be retained and used. Once again, there are no consequences for illegal behavior. Now, unlike the Senate bill, this new bill does generally provide for FISA Court review of surveillance procedures before surveillance begins, and that is one of the changes that has been touted by supporters of the bill. But the bill also says that if the Attorney General and Director of National Intelligence certify that they don?t have time to get a court order and that intelligence important to national security may be lost or not timely acquired, then they can go forward without judicial approval. This is a far cry from allowing an exception to FISA Court review in a true emergency, because arguably all intelligence is important to national security and any delay at all might cause some intelligence to be lost. So I am concerned that this ?exigency? exception could very well swallow the rule and undermine any presumption of prior judicial approval. Fourth, this bill doesn?t protect the privacy of Americans whose communications will be collected in vast new quantities. The Administration?s mantra has been: ?don?t worry, we have minimization procedures.? But, Mr. President, minimization procedures are nothing more than unchecked executive branch decisions about what information on Americans constitutes ?foreign intelligence.? That is why on the Senate floor, I joined with Senator Webb and Senator Tester earlier this year to offer an amendment to provide real protections for the privacy of Americans, while also giving the government the flexibility it needs to wiretap terrorists overseas. This bill relies solely on inadequate minimization procedures to protect innocent Americans. They are simply not enough. Mr. President, as I said at the outset, some supporters of the bill have pointed to improvements made since the Senate passed its bill earlier this year. I appreciate that changes have been made. But those changes are either inadequate, or they do not go to the core privacy issues raised by this bill. In fact, as the Vice Chairman of the Senate Intelligence Committee said just yesterday, the bill before us is ?basically the Senate bill all over again? with only ?cosmetic fixes.? For example, I am pleased that the bill provides for FISA Court review of targeting and minimization procedures. But as I mentioned, there is a potentially gaping loophole allowing the executive branch to go forward with surveillance without court review ? an exception that could swallow the rule. The bill also now explicitly directs the FISA Court to consider whether the government?s procedures comply with the Fourth Amendment ? but that is an authority it should have had anyway. The bill includes an Inspector General review of the illegal program, which is a positive change, but it does not make up for the lawsuits that are going to be dismissed as a result of this legislation. And I strongly support the strengthened exclusivity language, which may deter a future administration from engaging in lawless behavior. But let?s not lose sight of the fact that FISA as originally enacted clearly stated that it and the criminal wiretap laws were the exclusive means for conducting electronic surveillance. This was confirmed in the strongest terms possible by a federal district court just last week. Only under the unprecedented legal theories of this administration could that clear language be ignored, requiring Congress to pass language that effectively says ? No, we really meant it. And, if this bill is enacted, I am by no means reassured that this Administration, which repeatedly broke the law and misled the public over the past seven years, will now respect the exclusivity of FISA. Now, the bill does contain a key protection for Americans traveling overseas. It says that if the government wants to intentionally target Americans while they are outside the country, it has to get an individualized FISA court order based on probable cause. That is a great victory, and one we should be proud of. But it does not override the greatly expanded authorities in this bill to collect other types of communications involving Americans. In sum, these improvements are not enough. They are nowhere close. And so, Mr. President, I must strongly oppose this bill. When you consider how we got here, this legislation is particularly discouraging. We discovered in late 2005 that the President had authorized an illegal program in blatant violation of a statute, and that Congress and the public had been misled in a variety of ways leading up to this public revelation. Congress, to its credit, held hearings on the program, but was largely stonewalled by the administration for many months until the administration grudgingly agreed to brief the intelligence committees, and more recently the judiciary committees. Nonetheless, the vast majority of the House and Senate have never been told what happened. In 2006, when the Republicans tried to push through legislation to grant massive new surveillance authorities to the executive branch, we stopped it. But now, in a Democratic-controlled Congress, not only did we pass the Protect America Act, but we are now about to extend for more than four years these expansive surveillance powers ? and we are about to grant immunity to companies that are alleged to have participated in the administration?s lawlessness. Mr. President, I sit on the Intelligence and Judiciary Committees, and I am one of the few members of this body who has been fully briefed on the warrantless wiretapping program. And, based on what I know, I can promise that if more information is declassified about the program in the future, as is likely to happen either due to the Inspector General report, the election of a new President, or simply the passage of time, members of this body will regret that we passed this legislation. I am also familiar with the collection activities that have been conducted under the Protect America Act and will continue under this bill. I invite any of my colleagues who wish to know more about those activities to come speak to me in a classified setting. Publicly, all I can say is that I have serious concerns about how those activities may have impacted the civil liberties of Americans. If we grant these new powers to the government and the effects become known to the American people, we will realize what a mistake it was, of that I am sure. So I hope my colleagues will think long and hard about their votes on this bill, and consider how they, and their constituents, will feel about this vote five, ten or twenty years from now. I am confident that history will not judge this Senate kindly if it endorses this tragic retreat from the principles that have governed government conduct in this sensitive area for 30 years. I urge my colleagues to stand up for the rule of law and defeat this bill. Russ Feingold represents Wisconsin in the US senate. From rforno at infowarrior.org Thu Jul 10 23:55:32 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Jul 2008 19:55:32 -0400 Subject: [Infowarrior] - U.S. defends laptop searches at the border Message-ID: <6D66549D-CB11-47B6-B239-9B0B78D01015@infowarrior.org> U.S. defends laptop searches at the border http://features.csmonitor.com/innovation/2008/07/10/us-defends-laptop-searches-at-the-border/ Courts have upheld routine checks of Americans? hard drives at the border. Critics say they?re anything but routine. By Alexandra Marks | Staff Writer for The Christian Science Monitor / July 10, 2008 edition Is a laptop searchable in the same way as a piece of luggage? The Department of Homeland Security believes it is. For the past 18 months, immigration officials at border entries have been searching and seizing some citizens? laptops, cellphones, and BlackBerry devices when they return from international trips. In some cases, the officers go through the files while the traveler is standing there. In others, they take the device for several hours and download the hard drive?s content. After that, it?s unclear what happens to the data. The Department of Homeland Security contends these searches and seizures of electronic files are vital to detecting terrorists and child pornographers. It also says it has the constitutional authority to do them without a warrant or probable cause. But many people in the business community disagree, saying DHS is overstepping the Fourth Amendment bounds of permissible routine searches. Some are fighting for Congress to put limits on what can be searched and seized and what happens to the information that?s taken. The civil rights community says the laptop seizures are simply unconstitutional. They want DHS to stop the practice unless there?s at least reasonable suspicion. Legal scholars say the issue raises the compelling and sometimes clashing interests of privacy rights and the need to protect the US from terrorists and child pornographers. The courts have long held that routine searches at the border are permissible, simply because they take place at the border. Opponents of the current policy say a laptop search is far from ?routine.? ?A laptop can hold [the equivalent of] a major university?s library: It can contain your full life,? says Peter Swire, a professor of law at Ohio State University in Columbus. ?The government?s never gotten to search your entire life, so this is unprecedented in scale what the government can get.? In recent court challenges, lower courts have ruled that laptop searches at the border are reasonable, just like searches of a person?s baggage or other physical property. But the courts have drawn the line at personal, invasive searches, ruling that things like ?strip searches, body-cavity searches, and involuntary X-ray searches? are nonroutine, according to Nathan Sales, a professor of law at George Mason University in Arlington, Va., who recently testified before Congress. Thus, they require reasonable suspicion, probable cause, or a warrant. Advocates of the current practice say that the contents of a laptop are like the contents of a suitcase, and as such, customs officials have every right to go through them. They also argue that requiring probable cause for laptop searches would create huge delays at the border and give criminals and terrorists an easy way to bring dangerous things into the country. ?The idea that we would create some kind of sanctuary for criminals and terrorists to carry things across the border to me is absolutely ludicrous,? says James Jay Carafano, a senior research fellow at the Heritage Foundation in Washington. ?It?s also unrealistic to require probable cause when you think about the millions of people a day who come in and go out of the country.? People who?ve had their laptops and other electronic devices searched and seized believe that it?s reasonable and constitutional to expect a higher level of suspicion before customs officials take their laptop. Amir Khan, an information technology consultant from the San Francisco area, has had his laptop searched twice on returning to the US from business abroad. Once, a customs official took it away for more than two hours. ?I don?t know what he did with it. He could have planted malicious software or copied files,? Mr. Khan says. ?It was very intrusive and I think unreasonable. The Fourth Amendment makes it clear you can?t just stop anybody in the street and start searching them and their things.? Many people, particularly in the business community, also say that a laptop is more like a virtual office than a piece of baggage. In addition, they believe the government should be required to tell people what it does with the information it copies. ?Right now, [DHS] seems to believe that it can hold anything it wants from your laptop, BlackBerry, or cellphone indefinitely,? says Susan Gurley, executive director of the Association of Corporate Travel Executives in Alexandria, Va. ?There are no limits on what they can do with it or whether they can share it with any third party.? Ms. Gurley and others in the business community would like DHS to be required to come up with a set of rules that determine what can be done with the information and how long it can be held. Civil rights advocates would like to see Congress go even further and determine that a search of an electronic device is invasive and requires probable cause. ?We treat our laptops, BlackBerrys, and cellphones as an extension of our brains. They can contain our most intimate thoughts,? says Tim Sparapani, senior legislative counsel of the American Civil Liberties Union. As for creating a ?sanctuary? for terrorists to bring in lethal plans, Mr. Sparapani counters: ?Any terrorist worth his or her salt would send that stuff in an encrypted file from a remote location to a remote server somewhere in the United States.? In an e-mail, DHS says its officers ?have the responsibility to check items such as laptops and other personal electronic devices to ensure that any item brought into the country complies with applicable law and is not a threat to the American public.? From rforno at infowarrior.org Fri Jul 11 03:15:30 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Jul 2008 23:15:30 -0400 Subject: [Infowarrior] - Dell Colludes with RIAA, Disables Stereo Mix without Forewarning Message-ID: Dell Colludes with RIAA, Disables Stereo Mix without Forewarning Posted 07/09/08 at 06:57:38 PM | by Pulkit Chandna http://www.maximumpc.com/article/news/dell_colludes_with_riaa_disables_stereo_mix_without_forewarning Dell disables hardware functionality to appease RIAA Details of Dell?s surreptitious collusion with RIAA (Record Industry Association of America) have emerged. Apparently, the computer manufacturer disabled the Stereo Mix/Mono Mix/Wave Out sound recording function in certain computers to assuage the RIAA. The hardware functionality is being disabled without any prior notice and one blogger even alleges that he was asked by Dell?s customer support staff to shell out $99 if he desired the stereo mix option. Gateway and Pac Bell are the other two manufacturers to have bowed to the RIAA at the expense of their customers? satisfaction and disabled the stereo mix feature without warning. The trade group, which comprises leading record labels, has a very controversial past. Although RIAA doesn?t favor home audio recording and file sharing in an effort to prevent piracy, this same, ostensibly prudish organization was all for depriving several musicians of their own musical works by supporting a controversial ?work made for hire? clause in 1999 legislation, which unfairly transferred copyrights of musical works to record labels. From rforno at infowarrior.org Fri Jul 11 03:43:02 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Jul 2008 23:43:02 -0400 Subject: [Infowarrior] - Ask The Pilot: A GOOD commentary on TSA Message-ID: <4883F5F9-451F-4C65-98EC-E8FF1FCFC82A@infowarrior.org> This Salon article is penned by a current commercial pilot flying for a major airline. It explains much of what is wrong with the notion of 'passenger screening' at the circus known as airport security checkpoints. While the article is too long to repost in its entirety, it's certainly worth reading. However, I encourage you to resist the urge to break something over your computer monitor afterward. (You have been warned.) Coming from someone "on the inside" as a commercial pilot, he presents a unique view and echoes what many competent security folks have beein saying and advising for years. Article at: http://www.salon.com/tech/col/smith/2008/07/11/askthepilot283/print.html Toward the end of this article was this gem, which I think deserves special mention, as I think it truly reflects the attitude taken by the USG in pursuing the impossible goal of ensuring "zero risks" to the "homeland -- namely, that a) appearance and *perceived* effectiveness of the state security apparatus is a paramount goal of homeland security (as opposed to truly effective results) and b) "shut up and do what you're told" (ie, the creation of a compliant and docile citizenry) has become an acceptable part of the New Normal in America. I, for one, neither am reassured nor comforted by these realities. --rick / infowarrior.org < - > To scare away complainers, TSA is also deploying signs at airports around the country. "Interfering with security personnel or procedures in any manner," the signs read, "is prohibited." That "in any manner" bit is an eyebrow raiser. Does that include questioning or challenging TSA's methods? Are guards not answerable to those they're supposedly protecting, and who are paying their salaries? How about a sign that cuts to the chase: "Don't question us, just do as you're told." And what does "prohibited" mean, exactly? What sort of a threat is that? We ask because although it does not have law enforcement powers, TSA has begun issuing navy-blue uniforms and silver, cop-style badges. Not by accident, the badges look exactly like the kind worn by actual police officers. They say "U.S. Officer" at the top, with an eagle emblem in the center and "Transportation Security Administration" across the bottom. Not all law enforcement officials are happy. The agency will tell you this is a way of enhancing the TSA's image, but in reality it's a method of coercion. Speaking in a USA Today article, TSA spokeswoman Ellen Howe said, "Some of our officers aren't respected." It's not often that I laugh out loud while reading the newspaper, but that one had me going. You don't say. In the same article, a screener at Boston's Logan International said of the new badges and shirts, "It'll go a long way to enhance the respect of this workforce." No, sorry, that's not it. You don't bully and fool people into respecting you. If TSA wants respect, it can start with a radical overhaul of its policies, replacing the rules we have with ones that are sensible and effective. From rforno at infowarrior.org Fri Jul 11 13:49:50 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Jul 2008 09:49:50 -0400 Subject: [Infowarrior] - FCC chief says Comcast violated Internet rules Message-ID: <7D5A9710-7073-4068-B91B-7E3809FAC703@infowarrior.org> FCC chief says Comcast violated Internet rules Friday July 11, 7:31 am ET By John Dunbar, Associated Press Writer http://biz.yahoo.com/ap/080711/internet_regulation.html?.v=5 APNewsBreak: FCC chairman to recommend sanctions against Comcast for blocking Internet traffic WASHINGTON (AP) -- The head of the Federal Communications Commission said Thursday he will recommend that the nation's largest cable company be punished for violating agency principles that guarantee customers open access to the Internet. The potentially precedent-setting move stems from a complaint against Comcast Corp. that the company had blocked Internet traffic among users of a certain type of "file sharing" software that allows them to exchange large amounts of data. "The commission has adopted a set of principles that protects consumers access to the Internet," FCC Chairman Kevin Martin told The Associated Press late Thursday. "We found that Comcast's actions in this instance violated our principles." Martin said Comcast has "arbitrarily" blocked Internet access, regardless of the level of traffic, and failed to disclose to consumers that it was doing so. Company spokeswoman Sena Fitzmaurice on Thursday denied that Comcast blocks Internet content or services and that the "carefully limited measures that Comcast takes to manage traffic on its broadband network are a reasonable part" of the company's strategy to ensure all customers receive quality service. Martin will circulate an order recommending enforcement action against the company on Friday among his fellow commissioners, who will vote on the measure at an open meeting on Aug. 1. The action was in response to a complaint filed by Free Press and Public Knowledge, nonprofit groups that advocate for "network neutrality," the idea that all Internet content should be treated equally. Martin's order would require Comcast to stop its practice of blocking; provide details to the commission on the extent and manner in which the practice has been used; and to disclose to consumers details on future plans for managing its network going forward. The FCC approved a policy statement in September 2005 that outlined a set of principles meant to ensure that broadband networks are "widely deployed, open, affordable and accessible to all consumers." The principles, however, are "subject to reasonable network management." Comcast argues that the agency's policy statement is not enforceable and that the commission has "never before provided any guidance on what it means by 'reasonable network management.'" If a majority of commissioners side with Martin, it will be the first test of the agency's network neutrality principles. Members of both the House and Senate have sponsored network neutrality bills, but they have never come close to becoming law. Large Internet service providers have fought against such regulation, arguing that it is a solution in search of a problem and that companies that spend billions on their networks must be free to manage traffic. Ben Scott, federal policy chief for Free Press said Thursday night the FCC's action may have consequences for other Internet providers going forward. "This is going to be a bellwether," he said. Martin, a Republican, will likely get support from the two Democrats on the commission, who are both proponents of the network neutrality concept. Those three votes would be enough for a majority on the five- member commission. From rforno at infowarrior.org Mon Jul 14 02:18:11 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Jul 2008 22:18:11 -0400 Subject: [Infowarrior] - Overstating Our Fears Message-ID: <73D53489-5A3F-48F0-B142-9AE6E6B6B28B@infowarrior.org> http://www.washingtonpost.com/wp-dyn/content/article/2008/07/11/AR2008071102710_pf.html Overstating Our Fears By Glenn L. Carle Sunday, July 13, 2008; B07 (The writer was a member of the CIA's Clandestine Service for 23 years and retired in March 2007 as deputy national intelligence officer for transnational threats.) Sen. John McCain has repeatedly characterized the threat of "radical Islamic extremism" as "the absolute gravest threat . . . that we're in against." Before we simply accept this, we need to examine the nature of the terrorist threat facing our country. If we do so, we will see how we have allowed the specter of that threat to distort our lives and take our treasure. The "Global War on Terror" has conjured the image of terrorists behind every bush, the bushes themselves burning and an angry god inciting its faithful to religious war. We have been called to arms, built fences, and compromised our laws and the practices that define us as a nation. The administration has focused on pursuing terrorists and countering an imminent and terrifying threat. Thousands of Americans have died as a result, as have tens of thousands of foreigners. The inclination to trust our leaders when they warn of danger is compelling, particularly when the specters of mushroom clouds and jihadists haunt every debate. McCain, accepting this view of the threats, pledges to continue the Bush administration's policy of few distinctions but ruthless actions. I spent 23 years in the CIA. I drafted or was involved in many of the government's most senior assessments of the threats facing our country. I have devoted years to understanding and combating the jihadist threat. We rightly honor as heroes those who serve our nation and offer their lives to protect ours. We all "support the troops." Yet the first step for any commander is to understand the enemy. The next commander in chief should base his counterterrorism policies on the following realities: We do not face a global jihadist "movement" but a series of disparate ethnic and religious conflicts involving Muslim populations, each of which remains fundamentally regional in nature and almost all of which long predate the existence of al-Qaeda. Osama bin Laden and his disciples are small men and secondary threats whose shadows are made large by our fears. Al-Qaeda is the only global jihadist organization and is the only Islamic terrorist organization that targets the U.S. homeland. Al-Qaeda remains capable of striking here and is plotting from its redoubt in Waziristan, Pakistan. The organization, however, has only a handful of individuals capable of planning, organizing and leading a terrorist operation. Al-Qaeda threatens to use chemical, biological, radiological or nuclear weapons, but its capabilities are far inferior to its desires. Even the "loose nuke" threat, whose consequences would be horrific, has a very low probability. For the medium term, any attack is overwhelmingly likely to consist of creative uses of conventional explosives. No other Islamic-based terrorist organization, from Mindanao to the Bekaa Valley to the Sahel, targets the U.S. homeland, is part of a "global jihadist movement" or has more than passing contact with al- Qaeda. These groups do and will, however, identify themselves with global jihadist rhetoric and may bandy the bogey-phrase of "al-Qaeda." They are motivated by hostility toward the West and fear of the irresistible changes that education, trade, and economic and social development are causing in their cultures. These regional terrorist organizations may target U.S. interests or persons in the groups' historic areas of interest and operations. None of these groups is likely to succeed in seizing power or in destabilizing the societies they attack, though they may succeed in killing numerous people through sporadic attacks such as the Madrid train bombings. There are and will continue to be small numbers of Muslims in certain Western countries -- in the dozens, perhaps -- who seek to commit terrorist acts, along the lines of the British citizens behind the 2005 London bus bombings. Some may have irregular contact with al- Qaeda central in Waziristan; more will act as free agents for their imagined cause. They represent an Islamic-tinged version of the anarchists of the late 19th century: dupes of "true belief," the flotsam of revolutionary cultural change and destruction in Islam, and of personal anomie. We need to catch and neutralize these people. But they do not represent a global movement or a global threat. The threat from Islamic terrorism is no larger now than it was before Sept. 11, 2001. Islamic societies the world over are in turmoil and will continue for years to produce small numbers of dedicated killers, whom we must stop. U.S. and allied intelligence do a good job at that; these efforts, however, will never succeed in neutralizing every terrorist, everywhere. Why are these views so starkly at odds with what the Bush administration has said since the beginning of the "Global War on Terror"? This administration has heard what it has wished to hear, pressured the intelligence community to verify preconceptions, undermined or sidetracked opposing voices, and both instituted and been victim of procedures that guaranteed that the slightest terrorist threat reporting would receive disproportionate weight -- thereby comforting the administration's preconceptions and policy inclinations. We must not delude ourselves about the nature of the terrorist threat to our country. We must not take fright at the specter our leaders have exaggerated. In fact, we must see jihadists for the small, lethal, disjointed and miserable opponents that they are. The writer was a member of the CIA's Clandestine Service for 23 years and retired in March 2007 as deputy national intelligence officer for transnational threats. From rforno at infowarrior.org Mon Jul 14 02:19:31 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Jul 2008 22:19:31 -0400 Subject: [Infowarrior] - Obama Is From Google, McCain Is From AT&T on Digital-Age Rules Message-ID: http://www.bloomberg.com/apps/news?pid=20601087&sid=alsJ22j5BQS0&refer=home Obama Is From Google, McCain Is From AT&T on Digital-Age Rules By Christopher Stern July 14 (Bloomberg) -- A Barack Obama presidency would bode well for Google Inc. A John McCain victory would be good for AT&T Inc. That's because the two senators approach regulation in the information age from fundamentally different perspectives. Obama, who clinched the Democratic nomination with an Internet-savvy campaign, wants the government to take an active role in wielding the Web as a weapon against poverty and rural isolation, an approach that could benefit Google. McCain sees the Internet mainly as a business and trusts market forces to foster innovation for society's benefit. It's the same tack he has taken in Congress, advocating a hands-off approach to telephone- industry mergers that created the new AT&T. ``McCain is a traditional, market-oriented conservative, and Obama is more comfortable with government intervention in the marketplace to promote competition,'' says Andrew Jay Schwartzman, president of the Media Access Project, a public- interest law firm in Washington. That same philosophical divide -- Obama favoring rules aimed at curing society's ills, McCain seeing government as more hindrance than help -- is borne out on other Information Age fronts, ranging from media mergers to the digitization of medical records. Their differences also are reflected in their personal use of technology: Obama, 46, is often seen pecking away at his Blackberry. McCain, 71, jokingly describes himself as computer ``illiterate.'' Blacks, Hispanics Obama last year criticized the Federal Communications Commission for smoothing the process for media companies to combine. He said the FCC's ruling would make it harder for blacks and Hispanics to become owners and co-sponsored Senate legislation seeking to block the decision. McCain often has complained that the commission slows down proposed mergers. In 2003, he voted against a similar bill that would have tightened media-ownership rules. He also introduced a measure to limit the commission's authority to review telecommunications takeovers. Before he was a presidential candidate, Obama co-sponsored legislation that would bar cable and telephone companies, including San Antonio- based AT&T, from using ownership of Internet connections to sell owners of sites such as Yahoo! Inc. premium service on their network. Without such ``network-neutrality rules'' -- which ensure that networks can't be used to give preferential treatment to one company over another -- Obama says the free flow of information on the Internet is threatened. Micromanagement The companies argue that they should be able to charge different customers differently to justify their investments to build and maintain their networks. McCain has criticized government intervention as premature and potential micromanagement. Obama has proposed a new position of chief technology officer for the federal government. The Illinois Democrat outlined other items on what he called his ``Innovation Agenda'' during a talk with Google employees in November. They include a plan to use about $5 billion in subsidies to provide rural and low-income households with high-speed Internet access. He says the money would come from a decades-old program that now pays for regular voice service for those same homes. Every American should have broadband access, ``no matter where you live or how much money you have,'' Obama said at Google's Mountain View, California, headquarters. Such a shift in subsidies would directly boost Google and other Internet-service companies by increasing their potential pool of customers. `Grossly Inefficient' McCain is a longtime critic of the telephone subsidy, which he has called a ``breeding ground for waste, corruption and grossly inefficient spending.'' The Arizona Republican told a Kentucky audience in April that the government should identify areas where ``the market truly is not working'' and provide companies with incentives such as tax breaks to serve them. The candidates' different views are a reflection of the people who surround them. McCain's campaign manager, Rick Davis, is a former lobbyist whose clients included BellSouth Corp. and SBC Communications Inc. before they became part of AT&T, as well as Verizon Communications Inc. Charlie Black, a senior McCain adviser, is another former lobbyist and had AT&T as a client. McCain also is being counseled on policy issues by Michael Powell, a former FCC chairman who led the agency's efforts to deregulate local telephone companies. Philosophically Opposed Powell says that even though McCain is philosophically opposed to government intervention in the market, he has often taken stands against corporate interests. ``He is by no means easily labeled pro-corporate, having taken strong positions in favor of protecting consumers,'' Powell says. He points to McCain's support of the ``Do Not Call'' registry, which allows consumers to block telemarketing calls, and tax incentives that help minorities and women buy TV and radio stations. One of Obama's advisers is Andrew McLaughlin, Google's director of public policy and government affairs. In 2007, McLaughlin was a registered lobbyist for Google. Obama also gets advice from two former FCC chairmen, Reed Hundt and William Kennard, who served during President Bill Clinton's administration. Kennard is now a managing director of the Carlyle Group and works on the Washington-based private-equity company's telecom and media-buyout fund. He says Obama's technology policy picks up on the Clinton administration's goal of using the Internet to expand educational and economic opportunities. `Vexing' Problems Obama ``fundamentally believes that you can't craft a policy about technology and innovation without linking it to how we are going to solve other vexing social problems,'' Kennard said last month at a forum in Washington on media and technology issues facing the next president. He points to Obama's proposal that the federal government digitize hundreds of millions of individual medical records. Kennard says the project ultimately would save taxpayers billions of dollars in health- care costs by reducing paperwork and increasing safety. McCain wants private industry, not the federal government, to cover the cost of converting medical records to digital form. John Kneuer, a former Bush administration official who now advises McCain on technology issues, says the senator wants the government to leave private industry alone so the marketplace can solve problems. `Disincentives' ``Be careful where you tread, so you don't do anything that is going to create disincentives or barriers to the kind of investment and innovation and expansion of these technologies,'' Kneuer said at the same forum. Kennard says there may be some short-term pain for large telecommunications companies under an Obama administration. In the long term, they'll benefit because unfettered consolidation ``is probably not good for anyone.'' After almost eight years of a generally favorable regulatory environment, the telecom industry would face significant change with an Obama administration, says the Media Access Project's Schwartzman. ``They are right to be anxious,'' he says. To contact the reporter on this story: Christopher Stern in Washington at cstern3 at bloomberg.net. From rforno at infowarrior.org Tue Jul 15 11:27:16 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Jul 2008 07:27:16 -0400 Subject: [Infowarrior] - OSF To Maintain Attrition.org's Data Loss Database Message-ID: Open Security Foundation To Maintain Attrition.org's Data Loss Database - Open Source Mon Jul 14 23:20:11 EST 2008 http://attrition.org/news/content/08-07-15.001.html RICHMOND, VA, July 14, 2008 - The Open Security Foundation (OSF) is pleased to announce that the DataLossDB (also known as the Data Loss Database - Open Source (DLDOS) currently run by Attrition.org) will be formally maintained as an ongoing project under the OSF umbrella organization as of July 15, 2008. Attrition.org's Data Loss project, which was originally conceptualized in 2001 and has been maintained since July 2005, introduced DLDOS to the public in September of 2006. The project's core mission is to track the loss or theft of personally identifying information not just from the United States, but across the world. As of June 4, 2008, DataLossDB contains information on over 1,000 breaches of personal identifying information covering over 330 million records. DataLossDB has become a recognized leader in the categorization of dataloss incidents over the past several years. In an effort to build off the current success and further enhance the project, the new relationship with OSF provides opportunities for growth, an improved data set, and expanded community involvement. "We've worked hard to research, gather, and make this data open to the public," says Kelly Todd, one of the project leaders for DataLossDB. "Hopefully, the migration to OSF will lead to more community participation, public awareness, and consumer advocacy by providing an open forum for submitting information." The Open Security Foundation's DataLossDB will be free for download and use in non-profit work and research. The new website launch (http://www.datalossdb.org/ ) builds off of the current data set and provides an extensive list of new features. DataLossDB has attained rapid success due to a core group of volunteers who have populated and maintained the database. However, the new system will provide an open framework that allows the community to get involved and enhance the project. "For a data set as dynamic as this, it made sense to build it into a more user-driven format.", states David Shettler, the lead developer for the Open Security Foundation. "With the release of this new site, the project can now be fed by anyone, from data loss victims to researchers". The DataLossDB's mail list will continue to be available to over 1,500 current subscribers and will accept new subscriptions under the Attrition.org banner until a migration to OSF has been completed. RSS feeds will also be available under the OSF banner for timely alerts about new and updated data loss events. We expect this transition to be completed in the coming months without impact to current subscribers. Open Security Foundation's DataLossDB is an open source community project that strives to provide a clear understanding of data loss issues and needs your support. Assistance can be provided through database updates, project leadership, word-of-mouth promotion, financial donations, and sponsorship to assist with the ongoing maintenance of the project. "The DataLossDB project provides a critical service that enables detailed analysis on the true impact of data loss.", says Jake Kouns. "The Open Security Foundation is in a perfect position to support the expansion of the DataLossDB project." Any entities interested in licensing the database for commercial ventures are encouraged to contact OSF. Open Security Foundation's DataLossDB can be found at http://www.datalossdb.org/ Press Contacts: Kelly Todd Email: kelly at opensecurityfoundation.org David Shettler Email: dave at opensecurityfoundation.org Jake Kouns Email: jkouns at opensecurityfoundation.org Brian Martin Email: bmartin at opensecurityfoundation.org Open Security Foundation: (804) 306-8412 From rforno at infowarrior.org Wed Jul 16 12:19:47 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Jul 2008 08:19:47 -0400 Subject: [Infowarrior] - Terrorist Watch List Hits One Million Names Message-ID: Terrorist Watch List Hits One Million Names (7/14/2008) http://www.aclu.org/privacy/35968prs20080714.html ACLU launches online watch list complaint form FOR IMMEDIATE RELEASE CONTACT: (202) 675-2312 or media at dcaclu.org WASHINGTON, DC - The nation's terrorist watch list has hit one million names, according to a tally maintained by the American Civil Liberties Union based upon the government's own reported numbers for the size of the list. "Members of Congress, nuns, war heroes and other 'suspicious characters,' with names like Robert Johnson and Gary Smith, have become trapped in the Kafkaesque clutches of this list, with little hope of escape," said Caroline Fredrickson, director of the ACLU Washington Legislative Office. "Congress needs to fix it, the Terrorist Screening Center needs to fix it, or the next president needs to fix it, but it has to be done soon." Fredrickson and Barry Steinhardt, director of the ACLU's Technology and Liberty Program, spoke today along with two victims of the watch list: Jim Robinson, former assistant attorney general for the Criminal Division who flies frequently and is often delayed for hours despite possessing a governmental security clearance and Akif Rahman, an American citizen who has been detained and interrogated extensively at the U.S.-Canada border when traveling for business. "America's new million record watch list is a perfect symbol for what's wrong with this administration's approach to security: it's unfair, out-of-control, a waste of resources, treats the rights of the innocent as an afterthought, and is a very real impediment in the lives of millions of travelers in this country," said Barry Steinhardt, director of the ACLU Technology and Liberty Program. "It must be fixed without delay." "Putting a million names on a watch list is a guarantee that the list will do more harm than good by interfering with the travel of innocent people and wasting huge amounts of our limited security resources on bureaucratic wheel-spinning," said Steinhardt. "I doubt this thing would even be effective at catching a real terrorist." Controls on the watch lists called for by the ACLU included: * due process * a right to access and challenge data upon which listing is based * tight criteria for adding names to the lists * rigorous procedures for updating and cleansing names from the lists. The ACLU also called for the president - if not this one then the next - to issue an executive order requiring the lists to be reviewed and limited to only those for whom there is credible evidence of terrorist ties or activities. The review should be concluded within 3 months. In February, the ACLU unveiled an online "watch list counter," which has tracked the size of the watch list based on a September 2007 report by the inspector general of the Justice Department, which reported that it was growing by 20,000 names per month. The ACLU is also announcing today the creation of an online form where victims of the watch list can tell us their stories. We will collect those stories and use them (with permission) in various ways to advance our advocacy. A link to the form is available online at www.aclu.org/watchlist or directly at www.aclu.org/watchlistform. The watch list counter and other materials are available at: www.aclu.org/watchlist From rforno at infowarrior.org Wed Jul 16 12:54:23 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Jul 2008 08:54:23 -0400 Subject: [Infowarrior] - FISA Changes: With Flowcharts Message-ID: <53F7CB5E-20EF-41A5-B785-A60F6CA6E1FC@infowarrior.org> (c/o BBoing) Well-done bit of information here http://www.ketchupandcaviar.com/politics/understanding-recent-changes-to-fisa-a-visual-guide-flowchart/ From rforno at infowarrior.org Wed Jul 16 17:58:59 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Jul 2008 13:58:59 -0400 Subject: [Infowarrior] - Cost-Benefit Analysis of US Aviation Security Message-ID: <93077E64-CB37-447A-B776-ABD0E873AB1C@infowarrior.org> A risk and cost-benefit assessment of United States aviation security measures Mark G. Stewart & John Mueller 29 April 2008 Abstract This paper seeks to discover whether aviation security measures are cost-effective by considering their effectiveness, their cost and expected lives saved as a result of such expenditure. An assessment of the Federal Air Marshal Service suggests that the annual cost is $180 million per life saved. This is greatly in excess of the regulatory safety goal (societal willingness to pay to save a life) of $1?$10 million per life saved. As such, the air marshal program fails a cost-benefit analysis. In addition, the opportunity cost of these expenditures is considerable, and it is highly likely that far more lives would have been saved if the money had been invested instead in a wide range of more cost-effective risk mitigation programs. On the other hand, hardening of cockpit doors has an annual cost of only $800,000 per life saved, showing that this is a cost-effective security measure. http://cryptome.org/avsec-assess.pdf (17pp, 288KB) From rforno at infowarrior.org Fri Jul 18 12:24:48 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Jul 2008 08:24:48 -0400 Subject: [Infowarrior] - Terrorism Funds May Let Brass Fly in Style Message-ID: <41CBCFCD-700E-416B-9A3C-A1EDF1B7BF63@infowarrior.org> Terrorism Funds May Let Brass Fly in Style Luxury Pods for Air Force Debated http://www.washingtonpost.com/wp-dyn/content/article/2008/07/17/AR2008071703161_pf.html By R. Jeffrey Smith Washington Post Staff Writer Friday, July 18, 2008; A01 The Air Force's top leadership sought for three years to spend counterterrorism funds on "comfort capsules" to be installed on military planes that ferry senior officers and civilian leaders around the world, with at least four top generals involved in design details such as the color of the capsules' carpet and leather chairs, according to internal e-mails and budget documents. Production of the first capsule -- consisting of two sealed rooms that can fit into the fuselage of a large military aircraft -- has already begun. Air Force officials say the government needs the new capsules to ensure that leaders can talk, work and rest comfortably in the air. But the top brass's preoccupation with creating new luxury in wartime has alienated lower-ranking Air Force officers familiar with the effort, as well as congressional staff members and a nonprofit group that calls the program a waste of money. Air Force documents spell out how each of the capsules is to be "aesthetically pleasing and furnished to reflect the rank of the senior leaders using the capsule," with beds, a couch, a table, a 37- inch flat-screen monitor with stereo speakers, and a full-length mirror. The effort has been slowed, however, by congressional resistance to using counterterrorism funds for the project and by lengthy internal deliberations about a series of demands for modifications by Air Force generals. One request was that the color of the leather for the seats and seat belts in the mobile pallets be changed from brown to Air Force blue and that seat pockets be added; another was that the color of the table's wood be darkened. Changing the seat color and pockets alone was estimated in a March 12 internal document to cost at least $68,240. In all, for the past three years the service has asked to divert $16.2 million to the effort from what the military calls the GWOT, or global war on terrorism. Congress has twice told the service that it cannot, including an August 2007 letter from Rep. John P. Murtha (D-Pa.) to the Pentagon ordering that the money be spent on a "higher priority" need. Officials say the Air Force nonetheless decided last year to take $331,000 from counterterrorism funds to cover a cost overrun, partly stemming from the design changes, although a senior officer said yesterday in response to inquiries that it will reverse that decision. The internal Air Force e-mails, provided to The Washington Post by the Project on Government Oversight (POGO), a nonprofit Washington group, and independently authenticated, make it clear that lower-ranking officers involved in the project have been pressured to create what one described as "world class" accommodations exceeding the standards of a regular business-class flight. "I was asked by Gen. [Robert H.] McMahon what it would take to make the [capsule] . . . a 'world class' piece of equipment," an officer at the service's Air Mobility Command said in a March 2007 e-mail to a colleague, referring to the mobility command's top officer then. "He said he wanted an assurance . . . that we would be getting a world class item this week." Air Force officials say the program dates from a 2006 decision by Air Force Gen. Duncan J. McNabb that existing seats on transport planes, including some that match those on commercial airliners, may be fine for airmen and troops but inadequate for the top brass. McNabb was then the Air Mobility commander; he is now the Air Force's vice chief of staff, and Defense Secretary Robert M. Gates nominated him in June to become head of the military's Transportation Command. In a letter of complaint sent yesterday to Gates, POGO asserted that the new capsules will provide no special communications or work capabilities beyond those already available for top officials on Air Force transport aircraft. It is "a gross misuse of millions of taxpayer dollars that could otherwise be used to train and equip soldiers," wrote Danielle Brian, the group's executive director. She added that "in a time of war, it is critical for senior officials to visibly prioritize the needs of the men and women on the frontline." The Air Force program, she said, represents an "egregious failure of leadership." A military officer familiar with the program, speaking on the condition of anonymity because he was not authorized to speak about it, likewise said that its extravagance has provoked widespread contempt among lower-ranking Air Force personnel. "This whole program is an embarrassment," the officer said, particularly because transport seating for troops en route to the battlefield is in his view generally shoddy. The criticism is the latest in a series of volleys to hit the Air Force over the past year, stemming from an inadvertent flight of nuclear warheads over the continental United States, the mistaken transfer of secret nuclear-related materials to Taiwan, and a corrupt $50 million contract for a Thunderbirds air show. Gates fired the top two Air Force military and civilian leaders last month, citing defects in their stewardship of nuclear arms. The Air Force already has two trailers, known as Silver Bullets, that can be loaded aboard large transports for use by top military and civilian officers, plus a fleet of about 100 planes specifically meant for VIP travel. But McMahon, who is now the Air Force's deputy chief of staff for logistics, installations and mission support, said the new program was started because the service ferried more "senior travelers" to distant regions after the attacks of Sept. 11, 2001, and identified a "gap" in its capability. It initially planned to build 10 of the capsules, he said, for use by four-star generals, fleet admirals and federal officials at the level of assistant secretary and above. "It is not opulent and it is not a box," McMahon said, but meant to match the comfort level of the VIP fleet. Explaining his instructions to subordinates, McMahon said he used the term world class "in just about everything I discuss. . . . That represents an attitude." He said he wanted to "create an environment that whoever was riding in that would be proud of," the government would be proud of and "the people of the United States" would be proud of. Construction of what the Air Force initially termed the new Senior Leader Intransit Comfort Capsules, or SLICC, has already begun, under a contract paid from general Air Force funds. One of the 18-by-9-foot capsules has been partly completed. But McMahon said the program has recently been downsized from 10 capsules to three, plus the four pallets fitted with swiveling leather chairs, known as Senior Leader Intransit Pallets, or SLIP. The reason, he said, is that the Air Force has upgraded the VIP fleet by adding new air defenses to the planes, reducing its need for new capsules. All four pallets will be finished this year, McMahon said, but he added that building them is much more complicated than "going down to your neighborhood store and buying a recliner and slapping it" onto a platform. Because of the cutback in the number of capsules and pallets, the program is currently estimated to cost $7.6 million. Air Force documents about the SLICC, dated June 8, 2006, emphasize the need to install "aesthetically pleasing wall treatments/coverings" -- in addition to the monitor, footrests and a DVD player. The beds, according to one document, must be able to support a man with "no more than 50% compression of the mattress material." The seats are to swivel such that "the longitudinal axis of the seat is parallel to the longitudinal axis of the aircraft" regardless of where the capsules are facing, the document specified. In a draft document dated Nov. 15, 2006, that spelled out the requirements for the SLICC, the word "Comfort" was repeatedly crossed out with a horizontal line and replaced by a less cushy-sounding alternative, "Conference." McMahon said he thinks the term "comfort" was dropped from the name to distinguish it from pallets of latrines that could be loaded aboard military aircraft. Although the program's estimated $20 million cost is nearly equivalent to what the Pentagon spends in about 20 minutes, the e-mails show that small details have so far received the attention of many high-ranking officers, including McMahon; Gen. Arthur J. Lichte, the current Air Mobility commander; and Brig. Gen. Kenneth D. Merchant, the mobility command's logistics director. The leather and carpet color choices were made by McNabb, according to several of the e-mails exchanged by lower-ranking officers, although a spokesman for the general said those selections were McMahon's responsibility. The e-mails state that McMahon ordered that the seats be re-covered, and one e-mail complains that the contractor "would not swap out the brown seat belts for replacement blue seat belts." The changes delayed the project by months and added to its cost. McMahon said he does not recall intervening on the leather color change, but said he was sure it was unrelated to the Air Force's color. He said that it was probably because blue would not show dirt as much as tan or brown would. From rforno at infowarrior.org Sat Jul 19 16:38:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Jul 2008 12:38:34 -0400 Subject: [Infowarrior] - Airport Gestapo Message-ID: <79D59186-3912-474C-8C69-044EA45AEAC9@infowarrior.org> (the last paragraph is particularly relevant.....-rf) Airport Gestapo By PAUL CRAIG ROBERTS http://www.counterpunch.org/roberts07172008.html The Bush Regime?s ?terrorist? protection schemes have reached the height of total incompetence and utter absurdity. According to the American Civil Liberties Union, a private organization that defends the US Constitution that inattentive Americans neglect, there are now one million names on the ?terrorist? watch list. One of them is that of former Assistant US Attorney General Jim Robinson, whose top security clearances are current. Every time Mr.Robinson flies away on business, he is delayed by a totally incompetent ?terrorist? protection racket that cannot tell a person named Jim Robinson, who served in the highest echelons of the US government, from a Muslim terrorist. What confidence can we have in a regime that is incapable of differentiating an Assistant US Attorney General from a terrorist? Mr. Robinson said: ?If I were convinced that America is a safer place because I get hassled at the airport, I might put up with it, but I doubt it. I expect my story is similar to hundreds of thousands of people who are on this list and find themselves inconvenienced.? ?Hundreds of thousands of people? on a watch list that they have no business being on? Yes. ?Members of Congress, nuns, war heroes and other ?suspicious characters,? with names like Robert Johnson and Gary Smith, have become trapped in the Kafkaesque clutches of this list, with little hope of escape,? said Caroline Fredrickson, director of the ACLU Washington Legislative Office. And this is America, not Nazi Germany? How can Airport ?Security? possibly protect anyone when the idiots cannot differentiate a high level American government official from a terrorist? Do you really believe there are one million terrorists and nothing has blown up in the US since September 11, 2001 (assuming you believe the government?s account of that episode)? How can there possibly be 1,000,000 terrorists and America still be in one piece? If there were 1,000,000 terrorists, America would be in ruins. According to the Bush Regime?s line, it only took a handful of terrorists to destroy America?s tallest skyscrapers and a section of the Pentagon and to send the President of the United States scurrying to a hiding place. One million terrorists could bring America to its knees, and they wouldn?t need to fly on airplanes to accomplish this. What we are witnessing with the one million person ?watch list? is bureaucracy run amok. One Million Terrorists makes the danger seem overwhelming. Such overwhelming danger rationalizes the aggressive behavior of the bullies and thugs attracted by the power of confiscating your toothpaste and bottled water and riffling your belongings in your luggage. Show your ID. Take off your shoes. Take off your belt. Take off your jacket. Empty your pockets. Don?t complain about being searched without a warrant or you will miss your flight. You might be arrested, handcuffed, kicked and otherwise abused--the fate of many American citizens. The morons who comprise the US government call the ?watch list? one of the government?s ?most effective tools in the fight against terrorism.? What an effective tool it is! It cannot tell the difference between Jim Robinson and a Muslim terrorist. The ?watch list? has not apprehended a single terrorist, but thousands of American citizens have been inconvenienced and arrested. The ACLU says that ?putting a million names on a watch list is a guarantee that the list will do more harm than good by interfering with the travel of innocent people and wasting huge amounts of our limited security resources on bureaucratic wheel-spinning.? It is worse than that. What the ?watch list? or ?no-fly list? is doing is training Americans to submit to warrantless searches, to abandon their constitutional rights, and to submit to humiliation by thugs and bullies. A Gestapo is being trained to have no qualms about searching and intimidating fellow citizens, using any excuse to delay or arrest them. Americans are being taught to use arbitrary power and to submit to arbitrary power. In the false name of ?safety from terrorists,? Americans are being made the least safe people on earth. ======= Paul Craig Roberts was Assistant Secretary of the Treasury in the Reagan administration. He was Associate Editor of the Wall Street Journal editorial page and Contributing Editor of National Review. He is coauthor of The Tyranny of Good Intentions.He can be reached at: paulcraigroberts at yahoo.com From rforno at infowarrior.org Sun Jul 20 14:43:13 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Jul 2008 10:43:13 -0400 Subject: [Infowarrior] - Library of Congress on DMCA, Copyright Law Troubles Message-ID: <426B872E-2510-4205-B636-DBFD9E4DAA9F@infowarrior.org> http://www.eff.org/deeplinks/2008/07/library-congress-dmca-copyright-law-troubles July 17th, 2008 Library of Congress on DMCA, Copyright Law Troubles Posted by Hugh D'Andrade The chorus of voices criticizing the Digital Millenium Copyright Act (DMCA) has just gotten a bit louder with the addition of a new and authoritative voice: The Library of Congress. In a new report, jointly released with the U.K.'s Joint Information Systems Committee, Australia's Open Access to Knowledge (OAK) Law Project, and the Netherlands' SURFfoundation, the Library of Congress' National Digital Information Infrastructure and Preservation Program points out that the work of preserving, documenting and archiving the nation's intellectual output is made unnecessarily difficult by antiquated copyright law exceptions and limitations, and TPM (technological protection measure) laws designed to restrict the making of digital copies. ArsTechnica has a review of the report, citing the many absurd paradoxes of trying to make archival copies in a legal environment that views copying as a suspicious and possibly illegal act. The DMCA, for example, bans not just the act of circumventing DRM copy restrictions, but also the sale or trafficking in the software or tools that enable circumvention. And while the Librarian of Congress is authorized to craft exemptions under appropriate circumstances to the DMCA's ban on circumvention, there wouldn't be much of a market for tools to accomplish that circumvention, since only those who fall within an exemption could use them. So even if libraries were granted an exemption from the ban on circumvention for the purposes of digital archiving, they might well be unable to obtain the tools to do so ? because they would still generally be illegal. The report was released the day before a WIPO seminar on Digital Preservation and Copyright issues. In the international context, it is worth noting that some countries have adopted a more forward-looking approach to laws regulating technological protection measures than the inflexible DMCA. One example is New Zealand's recently revised Copyright Law (PDF), which permits libraries and archives to access circumvention tools to circumvent TPMs on behalf of end users if the TPMs interfere with non-copyright infringing uses. ArsTechnica cites these other examples: ...One big issue is the exemption for published works in a library's collection; these can also be copied three times, but only to "replace a work in their collections that is damaged, deteriorating, lost or stolen or whose format has become obsolete." In other words, librarians can't backup or archive such works until destruction is well under way. In addition, "obsolete" doesn't mean what you or I might mean by the term; the Library notes that LPs still can't be copied into digital archives because record players remain available on the open market and are therefore not "obsolete." Check out the ArsTechnica article, and the new report is here (PDF). http://www.digitalpreservation.gov/partners/resources/pubs/wipo_digital_preservation_final_report2008.pdf From rforno at infowarrior.org Sun Jul 20 15:37:08 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Jul 2008 11:37:08 -0400 Subject: [Infowarrior] - Cold Boot Encryption Attack - code release Message-ID: <65AAE4FB-5717-40FC-8FF8-591C3D7F7307@infowarrior.org> Source Code Released: http://citp.princeton.edu/memory/code/ More: http://citp.princeton.edu/memory/ Lest We Remember: Cold Boot Attacks on Encryption Keys J. Alex Halderman, Seth D. Schoen, Nadia Heninger, William Clarkson, William Paul, Joseph A. Calandrino, Ariel J. Feldman, Jacob Appelbaum, and Edward W. Felten Abstract Contrary to popular assumption, DRAMs used in most modern computers retain their contents for seconds to minutes after power is lost, even at operating temperatures and even if removed from a motherboard. Although DRAMs become less reliable when they are not refreshed, they are not immediately erased, and their contents persist sufficiently for malicious (or forensic) acquisition of usable full- system memory images. We show that this phenomenon limits the ability of an operating system to protect cryptographic key material from an attacker with physical access. We use cold reboots to mount attacks on popular disk encryption systems ? BitLocker, FileVault, dm-crypt, and TrueCrypt ? using no special devices or materials. We experimentally characterize the extent and predictability of memory remanence and report that remanence times can be increased dramatically with simple techniques. We offer new algorithms for finding cryptographic keys in memory images and for correcting errors caused by bit decay. Though we discuss several strategies for partially mitigating these risks, we know of no simple remedy that would eliminate them. From rforno at infowarrior.org Sun Jul 20 22:57:25 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Jul 2008 18:57:25 -0400 Subject: [Infowarrior] - How The BSA Misleads With Piracy Stats Message-ID: <331B1C65-D82C-458B-91CD-BBA342C1B0E5@infowarrior.org> A Detailed Explanation Of How The BSA Misleads With Piracy Stats from the and-on-and-on-it-goes dept http://techdirt.com/articles/20080718/1226541724.shtml A couple months ago, when the Business Software Alliance (BSA) released its latest stats on "piracy," it's VP of anti-piracy, Neil MacBride, gave me a call to discuss my earlier complaints about the organizations methodology. Needless to say, we did not see eye-to-eye, and the phone call did little to resolve our differences. I'm still hopeful that eventually the BSA will recognize that it's doing more damage to its own position by publishing obviously bogus numbers. So, with the organization releasing another bogus stat today, it's time to explain why it's wrong and misleading. Today's report is an attempt to get the government involved in protecting BSA member companies' business model, by claiming that the US is losing out on $1.7 billion in tax revenue due to "pirated" software. And, of course, it comes with a lovely quote from Mr. MacBride: "The most tragic aspect is that the lost revenues to tech companies and local governments could be supporting thousands of good jobs and much-needed social services in our communities." And the BSA is even so kind as to quantify what that (not really) lost tax revenue could do: "For example, the lost tax revenues to state and local governments -- an estimated $1.7 billion -- would have been enough to build 100 middle schools or 10,831 affordable housing units; hire 24,395 experienced police officers; or purchase 6,335 propane-powered transit buses to reduce greenhouse gas emissions." Except that this is almost entirely incorrect and it's relatively easy to show why: 1. The report counts every unauthorized piece of software as a lost sale. You have to dig through separate PDFs to find this info, but when you finally get to the methodology it states: The software losses are based on the piracy rate and equal the value of software installed not paid for. That's a huge, and obviously incorrect assumption. Many of the folks using the software likely would not have paid for it otherwise, or would have used cheaper or open source options instead. 2. The report makes no effort to count the positive impact of unauthorized use of software in leading to future software sales. This is something that even Microsoft has admitted has helped the company grow over time. But according to the BSA's report, this doesn't matter. 3. The report also proudly notes: "Software piracy also has ripple effects in local communities." However, "ripple effects" are easily disproved as double or triple counting the same dollar. Using ripple effects like that inflates the final number by two or three times. In the link here, Tim Lee explains this (in reference to an MPAA study done by IPI, but it applies here to the BSA study done by IDC as well): If a foreigner gives me $1, and I turn around and buy an apple from you for a dollar, and then you turn around and buy an orange from another friend for a dollar, we haven't thereby increased our national wealth by $3. At the beginning of the sequence, we have an apple and an orange. At the end, we have an apple, an orange, and a dollar. Difference: one dollar. No matter how many times that dollar changes hands, there's still only one dollar that wasn't there before. Yet in IPI-land, when a movie studio makes $10 selling a DVD to a Canadian, and then gives $7 to the company that manufactured the DVD and $2 to the guy who shipped it to Canada, society has benefited by $10+$7+$2=$19. Yet some simple math shows that this is nonsense: the studio is $1 richer, the trucker is $2, and the manufacturer is $7. Shockingly enough, that adds up to $10. What each participant cares about is his profits, not his revenues. This is a huge fallacy that the BSA an IDC refuse to acknowledge. When I discussed it with them in May, they insisted that they only wanted to talk about piracy rates, not the loss number. I wonder why... 4. Next, if they're going to count ripple effects in one direction, it's only fair to also count them in the other direction. That is, they complain that: Lost revenue to technology companies also puts a strain on their ability to invest in new jobs and new technologies. For example, the $11.4 billion in piracy losses to software vendors and service providers in the eight states would have been enough to fund more than 54,000 tech industry jobs. But what they don't acknowledge is the ripple effects in the other direction. That is, if (going by their assumption, remember) every company that uses an unauthorized copy of software had to pay for it, that would represent $11.4 billion in money that all of those other companies could not use to fund jobs at those companies. What about all of those jobs? 5. The BSA/IDC stat on lost tax revenue also miscounts on the point above, since it includes the lost income tax revenue from those 54,000 lost jobs, but does not count the equivalent income tax revenue from those other jobs. In fact, in the fine print, the report notes: "Employment losses are calculated from revenue losses, and only apply to employment in the IT industry, not IT professionals in end-user organizations. Tax revenue losses are calculated from revenue losses (VAT and corporate income tax) and employment losses (income and social taxes)." In other words, the income tax losses only count one side of the equation and totally ignore the lost income tax revenue from the lost jobs on the other side of the equation. Oops. 6. It seems likely that the eventual tax benefits of the unauthorized use of software is most likely to greatly outweigh the lost tax revenue elsewhere. That's because the use of software within industries is a productivity tool that increases overall productivity and output, which would increase taxes beyond just the income taxes of the employees. The study, of course, ignores this point. 7. Worst of all, the report seems to assume that direct software sales are the only business model for the software industry, ignoring plenty of evidence from companies that have adopted business models that embrace free software -- generating billions of dollars for the economy (and in taxes). And that's what this really comes down to. It's a business model issue. If others started adopting these business models as well, there wouldn't be any "losses" at all. Oh, and just for good measure, the report also falsely claims that: "What many don't realize or don't think about is that when you purchase software, you are actually purchasing a license to use it, not the actual software." That's not exactly true and goes directly against a recent court ruling that said the opposite and goes through a detailed explanation for why a piece of sold software is a sale with restrictions, rather than a license, using previous court precedents. Most of these points have been made to the BSA and IDC in the past, and both organizations chose not to address them. The fact that they're continuing to use these obviously false numbers and methodology to now push for the government to prop up an obsolete business model should be seen as troubling not just for the dishonesty of it, but for the negative impact it will have on the software industry and our economy as a whole. From rforno at infowarrior.org Mon Jul 21 11:31:37 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Jul 2008 07:31:37 -0400 Subject: [Infowarrior] - Cybersecurity Will Take A Big Bite of the Budget Message-ID: http://www.washingtonpost.com/wp-dyn/content/article/2008/07/20/AR2008072001641_pf.html Cybersecurity Will Take A Big Bite of the Budget By Walter Pincus Monday, July 21, 2008; A13 President Bush's single largest request for funds and "most important initiative" in the fiscal 2009 intelligence budget is for the Comprehensive National Cybersecurity Initiative, a little publicized but massive program whose details "remain vague and thus open to question," according to the House Permanent Select Committee on Intelligence. A highly classified, multiyear, multibillion-dollar project, CNCI -- or "Cyber Initiative" -- is designed to develop a plan to secure government computer systems against foreign and domestic intruders and prepare for future threats. Any initial plan can later be expanded to cover sensitive civilian systems to protect financial, commercial and other vital infrastructure data. "It is no longer sufficient for the U.S. Government to discover cyber intrusions in its networks, clean up the damage, and take legal or political steps to deter further intrusions," Director of National Intelligence Mike McConnell noted in a February 2008 threat assessment. "We must take proactive measures to detect and prevent intrusions from whatever source, as they happen, and before they can do significant damage." His conclusions echoed those of a 2007 interagency review that led to CNCI's creation. During debate on the intelligence authorization bill last week, Rep. Jim Langevin (D-R.I.), a member of the House intelligence committee and chairman of the Homeland Security subcommittee on emerging threats, described cybersecurity as "a real and growing threat that the federal government has been slow in addressing." Without specifying funding figures, which are classified, Langevin said the panel approved 90 percent of the funds requested for CNCI but warned that the committee "does not intend to write the administration a blank check." The committee's report recognized that as the initiative develops, "it will be imperative that the government also take into account the interests and concerns of private citizens, the U.S. information technology industry, and other elements of the private sector." Such a public-private partnership will be "unlike any model that currently exists," said the committee, which recommended a White House study leading toward establishment of an oversight panel of lawmakers, executive branch officials and private-sector representatives. The panel would review the intelligence community's development of the initiative. The committee said it expects the policy debates over the initiative to extend into the next administration, and major presidential candidates have addressed the issue. On the same day the intelligence bill passed the House, Sen. Barack Obama (D-Ill.) told an audience that, "as president, I'll make cybersecurity the top priority that it should be in the 21st century." He vowed to appoint a national cyber adviser to coordinate policy to secure information -- "from the networks that power the federal government, to the networks that you use in your personal lives." In a July 1 speech, Sen. John McCain (R-Ariz.) addressed cybersecurity, as well. "To protect our energy supply, air and rail transport, banking and financial services, we need to invest far more in the federal task of cyber security," he said. Neither Obama nor McCain mentioned the cybersecurity initiative underway. National security and intelligence reporter Walter Pincus pores over the speeches, reports, transcripts and other documents that flood Washington and every week uncovers the fine print that rarely makes headlines -- but should. If you have any items that fit the bill, please send them to fineprint at washpost.com. From rforno at infowarrior.org Thu Jul 24 20:49:28 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Jul 2008 16:49:28 -0400 Subject: [Infowarrior] - MPAA thinks people are stupid Message-ID: <74E98F8C-F705-4744-8608-3EEE31047B63@infowarrior.org> Apparently the MPAA is quite worried that people watching a movie trailer might not understand that a gun pointed at the screen can't actually shoot through the screen. < - > http://techdirt.com/articles/20080720/1956161738.shtml From rforno at infowarrior.org Thu Jul 24 22:12:40 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Jul 2008 18:12:40 -0400 Subject: [Infowarrior] - Yahoo Music to self-destruct Message-ID: <292F6CA2-BF62-4B03-971B-FCF35A8522D5@infowarrior.org> Yahoo pulls an MSN Music (only faster) http://opinion.latimes.com/bitplayer/2008/07/yahoo-pulls-and.html This afternoon, Yahoo alerted customers of its erstwhile downloadable music store that it would no longer provide support after Sept. 30 (download the cheerful e-mail here). The upshot: starting Oct. 1, said customers won't be able to revive frozen tracks or move working ones onto new hard drives or computers, because Yahoo won't be providing any more keys to the songs' DRM wrappers. But hey, they can always buy MP3 versions from Yahoo's new partner Rhapsody! Yahoo is cutting off support at an unusually speedy pace for a company that's not going out of business. Consumer backlash prompted Microsoft to extend support for tracks bought from the defunct MSN Music store by at least three years. And Sony, which closed its Connect music store in March, will continue to support those tracks until the end of the year. Perhaps Yahoo will feel a similar blast of heat and maintain its DRM servers for a while longer. Or maybe it sold so few tracks that no one will care. I've already said that my outrage needle isn't really moved by decisions such as Yahoo's. Plenty of online music sellers crashed and burned before the major labels stopped demanding that 99-cent downloads be warped wrapped in DRM. Consumers should be used to this routine by now. Beyond that, buyers should have been backing up their purchases onto DRM-free CDs to protect their data. If they hadn't been doing so, the email from Yahoo Music should provide enough incentive to do it now. Yes, they may lose some fidelity in the translation from DRM'ed file to CD to MP3, depending on the bit rates involved. But that's a small price to pay for extended life in an era of accelerated obsolescence. It's also worth saying that Yahoo Music's last two top executives, Dave Goldberg (now a VC) and Ian Rogers (now at Topspin Media) were both strong advocates of a DRM-free approach to music. That's why it would be ironic for consumers to be ticked off at Yahoo, which didn't have either the leverage to change the labels' policy or the patience to wait on the sidelines (a la Amazon.com). Nevertheless, consumers are most likely to direct their ire at the company that sold them the soon-to-be irreparable goods, not at the wholesaler responsible for the defect. From rforno at infowarrior.org Thu Jul 24 22:19:19 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Jul 2008 18:19:19 -0400 Subject: [Infowarrior] - New Systems Keep a Close Eye on Online Students at Home Message-ID: <2FEE1826-958A-4673-AED8-8100E0CE3A3F@infowarrior.org> New Systems Keep a Close Eye on Online Students at Home Richard H. Hersh and Richard P. Keeling: On a 'Liberal Education' http://chronicle.com/free/v54/i46/46a00103.htm By ANDREA L. FOSTER Tucked away in a 1,200-page bill now in Congress is a small paragraph that could lead distance-education institutions to require spy cameras in their students' homes. It sounds Orwellian, but the paragraph ? part of legislation renewing the Higher Education Act ? is all but assured of becoming law by the fall. No one in Congress objects to it. The paragraph is actually about clamping down on cheating. It says that an institution that offers an online program must prove that an enrolled student is the same person who does the work. Already, the language is spurring some colleges to try technologies that authenticate online test takers by reading their fingerprints, watching them via Web cameras, or recording their keystrokes. Some colleges claim there are advantages for students: The devices allow them to take tests anytime, anywhere. Many students must now travel to distant locations so a proctor can watch them take exams on paper. But some college officials are wary of the technologies, noting that they are run by third-party vendors that may not safeguard students' privacy. Among the information the vendors collect are students' fingerprints, and possibly even images from inside their homes. "This is taking a step into a student's private life," said Rhonda M. Epper, co-executive director of Colorado Community Colleges Online. "I don't know if we want to extend our presence that far." The officials also want flexibility to comply with the proposed law. They worry that the government will force them to use a particular method that could be too expensive or that would emphasize exams over other assessments. They also complain that the provision implies that cheating is more of a problem among students online than among students in a classroom. Biometric Solutions Three technologies, which vendors have been promoting at college conferences and which colleges are evaluating, illustrate the promises and pitfalls of this kind of monitoring. Troy University, in Alabama, has been testing a gadget that features a mirrored sphere suspended above a small pedestal. Called Securexam Remote Proctor, it's about the size of a large paperweight and plugs into a standard port on a home computer. The pedestal includes a groove for scanning fingerprints, a tiny microphone, and a camera. The sphere reflects a 360-degree view around the test taker, which the camera picks up. Students are recorded during exams, and anything suspicious ? such as someone else's presence or voice in the room ? is flagged. To use the system, a student sits in front of a computer and places a finger on the pedestal. Securexam checks whether the digital fingerprint and the image of the student match those the student provided at registration. Then the test opens online via a course- management system. The student is prevented from viewing anything else online. The system is not cheap. Students pay $150 for the device. Further, it works only with the Windows operating system and an Internet Explorer browser, creating a problem for students who have Macs, for instance. Software Secure Inc., based in Cambridge, Mass., developed the device with $1.1-million in seed money from Troy. In return, the university gets the first 10,000 Securexams that the company produces. If it sells more than that, the university receives a share of the proceeds. By the end of this fall, the university anticipates that about 800 of its 17,000 eCampus students from across the world will have used Securexam. Thousands more will begin using the device in January. World Campus, the online arm of the Pennsylvania State University system, is testing another system called Webassessor. It uses proctors, Web cameras, and software that recognizes students' typing styles, such as their speed and whether they pause between certain letters. Students purchase the cameras for $50 to $80 apiece. They allow proctors to view a student's face, keyboard, and workspace. The Phoenix-based provider of the system, Kryterion Inc., employs proctors who remotely observe and listen to as many as 50 students at a time. If the keystroke pattern of a student who is taking an exam does not match the one he or she provided at registration, or if the image of a student taking an exam does not match a digital photograph that the student provided at enrollment, then the student cannot start the exam. A proctor can also stop a student who is acting suspiciously from completing an exam. Students must have a broadband connection to use the service. Kryterion charges institutions $20,000 to customize the software and for training. It also charges colleges each time students sit for an exam. World Campus has been trying out Webassessor this summer on undergraduates in two courses. "At the moment, things look promising for a complete rollout," says Rick L. Shearer, interim director of World Campus. Challenging Questions Several other universities are forming partnerships with Acxiom Corporation. The company's system relies on test takers' answering detailed, personal "challenge" questions. Acxiom, based in Little Rock, Ark., gathers information from a variety of databases, including criminal files and property records. The company uses the data to ask students questions, such as streets they lived on, house numbers, and previous employers. If students answer the questions correctly, they proceed to the exams. National American University Online is testing the system on its students, and the Colorado community-college consortium is also considering using it. Jeffrey L. Bailie, dean of online instruction for National, says he anticipates that the system will be used on students when they take final exams or other high-stakes assessments. "We want to take just one added step to make sure that the person on the other end is who they're reporting to be," he says. He declines to reveal how much the system costs. But Michael A. Jortberg, who is leading Acxiom's higher-education efforts, says it costs roughly $10 a student. Unfair Burdens? Despite the lure of these technologies, many college officials have decided to wait to test them on their students, noting the cost. Furthermore, officials say, it's unclear what requirements the Education Department would impose on institutions to comply with the proposed law. "It's going to reduce access," says John F. Ebersole, president of Excelsior College, an online institution based in Albany, N.Y. "It's going to increase costs." Other officials are disturbed that the proposed law singles out online education. "We're feeling a little picked on," says Lori McNabb, assistant director of student and faculty services at the UT TeleCampus, the online arm of the University of Texas system. She says there's no evidence that cheating or fraud happens more often with its students than with students in face-to-face classes. How do professors know that a student enrolled in a large lecture class is the same one handing in an assignment or test, she asks? She and others say online instructors rely more on discussions, writing assignments, quizzes, group work, and "capstone" projects to judge their students' performance, and less on big exams. Tests, when they are administered, are often randomized so students in the same class get different questions, which must be answered quickly, making it difficult for those unfamiliar with the material to take tests for students. Instructors become familiar with students' writing styles so they can spot fraudulent work, officials add. Mr. Ebersole, despite his worries about reduced access for students, does see one upside to the proposed law. If the provision causes online colleges to document that their enrolled students are indeed the same ones completing course work, online education could garner more respect, he says. "If it raises confidence and credibility in the eyes of regulators and traditional educators," says Mr. Ebersole, "it's worth it." http://chronicle.com Section: Information Technology Volume 54, Issue 46, Page A1 From rforno at infowarrior.org Thu Jul 24 22:42:27 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Jul 2008 18:42:27 -0400 Subject: [Infowarrior] - Court rules in favor of Times reporter confidentiality Message-ID: <8D75C5C1-4DF2-4C9E-B95C-2D96F3EA2A91@infowarrior.org> Thursday, July 24, 2008 Court rules in favor of Times reporter Tom Ramstack THE WASHINGTON TIMES http://www.washtimes.com/news/2008/jul/24/court-rules-in-favor-of-times-reporter/ A federal judge in California supported a reporter's right to protect confidential sources on Thursday, ruling in favor of Washington Times national security reporter Bill Gertz on First Amendment grounds. In a ruling that could influence similar cases in future, U.S. District Judge Cormac J. Carney found that Mr. Gertz could not be compelled to answer questions about a May 16, 2006, article about a Chinese espionage case because his First Amendment right to protect his sources outweighed the government's need to identify those sources. Judge Carney, whose court is in Santa Ana, Calif., also refused federal prosecutor Jay Bratt's request for time to appeal the ruling. "It has been some time since we have seen a judge deliver a ruling like this," said Charles Leeper, a lawyer for Mr. Gertz. "The law of course varies from circuit to circuit, but the judge's reasoning was thorough and thoughtful so other courts might give it considerable weight." Mr. Gertz said after the ruling: "Today?s hearing shows that First Amendment press freedoms are under assault. Confidential sources are the lifeblood of a free press, independent of government control. Without them, most government failures and abuses of past decades would have gone unreported and uncorrected. "The identity of these confidential news sources must be protected if our press freedoms, fundamental to the effective functioning of our democratic system, are to endure. Efforts by government to compel reporters to disclose news sources must be resisted." A May 16, 2006, story by Mr. Gertz cited unnamed "senior Justice Department officials" as the sources of information about criminal charges against Chi Mak, a Chinese-born employee of a California defense contractor, who was accused of leaking military information to the Chinese government. Mak was sentended to 24 years in prison in March after being convicted last year of conspiracy to export sensitive defense information and being an unregistered foreign agent. Judge Carney, who presided over the case, had ordered an investigation to determine whether federal officials had leaked information from a grand jury investigation. Unauthorized release of confidential grand jury information by government officials about pending cases is a federal crime. At the outset of Thursday's hearing, Mr. Bratt informed the court that the attorney general had approved the issuance of a grand jury subpoena to Mr. Gertz and requested that the judge stay his hearing in favor of the grand jury investigation the matter. Judge Carney refused to do that. "This fight may not be over," Mr. Leeper said. But if Mr. Gertz is subpoenaed to appear before a grand jury, "we now have a judicial determination that the First Amendment interests here outweigh the need to know who provided the information for Bill's original articles." From rforno at infowarrior.org Thu Jul 24 22:46:06 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Jul 2008 18:46:06 -0400 Subject: [Infowarrior] - Yankee Stadium prohibits, then allows small amounts, of sunscreen Message-ID: <301A4EF3-FBED-4AAE-BE31-E8D4B88FB3C3@infowarrior.org> ...all in the name of security, of course. Who runs their security, TSA? --rf SUNBLOCKHEADS AT THE STADIUM YANKS TAKE HEAT OVER BIZARRE BAN By JEREMY OLSHAN and REBECCA ROSENBERG http://www.nypost.com/seven/07222008/news/regionalnews/sunblockheads__at_the_stadium_120930.htm Ladies and gentlemen, The Bronx is sunburning. Yankee fans are seeing - and turning - red over a ban on sunscreen, which Stadium security guards say was widely expanded in the last few weeks. Security guards collected garbage bags full of sunblock at the entrances to Yankee Stadium over the sweltering weekend, when temps hit 96 degrees and the UV index reached a skin-scorching 9 out of 10 - a move team officials said was to protect the Stadium from terrorism. Have you had bad security experiences at Yankee Stadium? E-mail jolshan at nypost.com . But fans baking in the bleachers and upper deck argued that the sun may be a bigger threat than Osama bin Laden. "I was really pissed because, since I am Irish and I have a bald head, I need my sunblock," said Sean Gavin, 40, who had to toss his SPF 30 at the gate Saturday. "After they saw me dousing myself with it, it should have been obvious to them that it was sunblock and not some explosive." The team contends that sunscreen has long been on the list of stadium contraband, but there is no mention of it on the Yankee Web site. Four weeks ago, Stadium officials decided that sunscreen of all sizes and varieties would not be permitted, a security supervisor told The Post before last night's game. "There have been a lot of complaints," he said. "We tell them to apply once and then throw it out." For fans who bring babies or young children to cheer on the home team, the guard had suggested they "beg" to take the sunblock in. Seeing the giant bag full of confiscated sunscreen Saturday, one steaming Yankee fan asked whether he could take one of the tubes and apply it before heading into the park. "Absolutely not," the guard told him. "What if you get a rash? You might sue the Yankees." Fans said the team seems more concerned with catching the Tampa Bay Rays than ensuring their fans don't catch UV rays. "Five hours in the upper deck with no sunscreen is crazy," season- ticket holder Dan McCourt said. The Stadium does sell 1-ounce bottles of Arizona Sun SPF 15 for $5 - a huge markup that makes its beer seem cheap. Dermatologists said that, security concerns or not, leaving 56,000 fans unprotected from potential skin cancer is "very dangerous." "This is especially bad for children, as their younger skin is particularly sensitive," said Dr. Babar Rao, a specialist at the Skin and Cancer Center of New York. "Sunblock needs to be reapplied every two hours, even if you are not swimming in the ocean or pool." Major League Baseball even has a skin-cancer prevention program called "Play Sun Smart." An hour after being asked about the sunscreen ban, Yankee spokesman Jason Zillo told The Post that the rules would be changed to permit 3- ounce containers. Additional reporting by Amanda Mellilo jeremy.olshan at nypost.com From rforno at infowarrior.org Thu Jul 24 22:47:02 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Jul 2008 18:47:02 -0400 Subject: [Infowarrior] - CNN reporter criticizes TSA, finds self on terror watch list Message-ID: <68023770-3F23-4084-8353-8EED99CE42D1@infowarrior.org> CNN reporter criticizes TSA, finds self on terror watch list David Edwards and Nick Juliano Published: Wednesday July 16, 2008 http://rawstory.com/news/2008/CNN_reporter_wants_off_terror_watch_0716.html The post-9/11 airline watch list that is supposed to keep terrorists off of airplanes has swelled to more than 1 million names, including at least one investigative reporter who had been critical of the Transportation Security Agency, which maintains the watch list. CNN's Drew Griffin reported on the bloating of the watch list, which an ACLU count pegged at 1,001,308 names Wednesday afternoon. Griffin's is one of those names, he says. "Coincidentally, this all began in May, shortly after I began a series of investigative reports critical of the TSA. Eleven flights now since May 19. On different airlines, my name pops up forcing me to go to the counter, show my identification, sometimes the agent has to make a call before I get my ticket," Griffin reported. "What does the TSA say? Nothing, at least nothing on camera. Over the phone a public affairs worker told me again I'm not on the watch list, and don't even think that someone in the TSA or anyone else is trying to get even." The TSA, which is a part of the Department of Homeland Security, said Griffin's name wasn't even on the watch list, and the agency blamed the airlines for the delays the reporter experienced. The airlines, on the other hand, said they were simply following a list provided by TSA. While it wouldn't be much of a stretch for plenty of people to believe the TSA would exercise its revenge via watch-list meddling, an agency spokesman insists that just isn't the case. "So if there's any thought or shadow of a thought that TSA somehow put you on a watch list because of your reporting," spokesman Christopher White said, "it is absolutely fabricated." This video is from CNN's American Morning, broadcast July 16, 2008. From rforno at infowarrior.org Sat Jul 26 00:19:57 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Jul 2008 20:19:57 -0400 Subject: [Infowarrior] - RIP, Randy Pausch Message-ID: Top News July 25, 2008, 1:30PM EST text size: TT Randy Pausch, Known for his "Last Lecture," Dies Randy Pausch's final talk at Carnegie Mellon, in which he celebrates having fulfilled his childhood dreams, was an international sensation http://www.businessweek.com/print/bwdaily/dnflash/content/jul2008/db20080725_243087.htm By RAMIT PLUSHNICK-MASTI Associated Press Writer PITTSBURGH (AP) - Randy Pausch, the Carnegie Mellon University computer scientist whose "last lecture" about facing terminal cancer became an Internet sensation and the basis of a best-selling book, died Friday. He was 47. Pausch died at his home in Chesapeake, Va., said Jeffrey Zaslow, a Wall Street Journal writer who co-wrote Pausch's book. Pausch and his family had moved there last fall to be closer to his wife's relatives. Pausch was diagnosed with incurable pancreatic cancer in September 2006. His popular last lecture at Carnegie Mellon in September 2007 garnered international attention and was viewed by millions on the Internet. In it, Pausch celebrated living the life he had always dreamed of instead of concentrating on his impending death. Instant Best=Seller "The lecture was for my kids, but if others are finding value in it, that is wonderful," Pausch wrote on his Web site. "But rest assured; I'm hardly unique." The book The Last Lecture leaped to the top of the nonfiction best- seller lists after its publication in April and remains there this week. The book deal was reported to be worth more than $6 million. Pausch said he dictated the book to Zaslow by cell phone, and Zaslow recalled Friday that he was "strong and funny" during their collaboration. "It was the most fun 53 days of my life because it was like a performance," Zaslow told the Associated Press. "It was like getting 53 extra lectures." He recalled that Pausch became emotional when they worked on the last chapter, though, because that to him was the "end of the lecture, the book, his life." Flamboyance and Showmanship At Carnegie Mellon, Pausch was a professor of computer science, human- computer interaction, and design, and was recognized as a pioneer of virtual reality research. On campus, he became known for his flamboyance and showmanship as a teacher and mentor. The speech last fall was part of a series Carnegie Mellon called "The Last Lecture," where professors were asked to think about what matters to them most and give a hypothetical final talk. The name of the lecture series was changed to "Journeys" before Pausch spoke, something he joked about in his lecture. "I thought, damn, I finally nailed the venue, and they renamed it," he said. He told the packed auditorium he fulfilled almost all of his childhood dreams: being in zero gravity, writing an article in the World Book Encyclopedia, and working with Walt Disney Co. The one that eluded him? Playing in the National Football League. "If I don't seem as depressed or morose as I should be, sorry to disappoint you," Pausch said. He then joked about his quirky hobby of winning stuffed animals at amusement parks?another of his childhood dreams?and how his mother introduced him to people to keep him humble: "This is my son. He's a doctor, but not the kind that helps people." Pausch said he was embarrassed and flattered by the popularity of his message. Millions viewed the complete or abridged version of the lecture, titled "Really Achieving Your Childhood Dreams," online. "I don't know how to not have fun," he said in the lecture. "I'm dying and I'm having fun. And I'm going to keep having fun every day I have left. Because there's no other way to play it." A Trekkie's Dream Pausch lobbied Congress for more federal funding for pancreatic cancer research and appeared on Oprah and other TV shows. In what he called "a truly magical experience," he even appears as an extra in the upcoming Star Trek movie. He had one line of dialogue, got to keep his costume, and donated his $217.06 paycheck to charity. Pausch blogged regularly about his medical treatment. On Feb. 15, exactly six months after he was told he had three to six months of healthy living left, Pausch posted a photo of himself to show he was "still alive and healthy." In May, Pausch spoke at Carnegie Mellon's commencement ceremonies, telling graduates that what mattered was he could look back and say, "pretty much any time I got a chance to do something cool, I tried to grab for it, and that's where my solace comes from." "We don't beat the reaper by living longer; we beat the reaper by living well and living fully," he said. Entertainment Technology Born in 1960, Pausch received his bachelor's degree in computer science from Brown University and his Ph.D. from Carnegie Mellon. He co-founded Carnegie Mellon's Entertainment Technology Center, a master's program for bringing artists and engineers together. The university named a footbridge in his honor. He also created an animation-based teaching program for high school and college students to have fun while learning computer programming. In February the Academy of Interactive Arts & Sciences in California announced the creation of the Dr. Randy Pausch Scholarship Fund for university students who pursue careers in game design, development, and production. He is survived by his wife, Jai, and their three children, Dylan, Logan, and Chloe; his mother, Virginia Pausch of Columbia, Md.; and a sister, Tamara Mason of Lynchburg, Va. In a statement Friday, his wife thanked those who sent messages of support and said her husband was proud that his lecture and book "inspired parents to revisit their priorities, particularly their relationships with their children." Associated Press writer Ramesh Santanam contributed to this report. From rforno at infowarrior.org Sat Jul 26 19:40:30 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Jul 2008 15:40:30 -0400 Subject: [Infowarrior] - DOD's new protection policy guidance Message-ID: <41F1863B-8311-4D35-AFBA-444ADEFC899A@infowarrior.org> Note para C show below -- perhaps in response to the problems they ran into post-9/11 and its illegal/unwarranted TALON/CIFA surveillance operations of US citizens acting lawfully. Not sure how well such language will protect civil libertiies in today's "everything MIGHT be terror-related" world, but FWIW it's nice to know it's specifically mentioned here. -rf http://cryptome.org/dtm-08-007.pdf DoD Force Protection Threat Information < - > 2. REPORTING SUSPICIOUS ACTIVITY. The DoD Components shall: a. Conduct suspicious activity reporting in accordance with the procedures in Deputy Secretary of Defense Memorandum Reference (c). These procedures shall remain in effect until the Department of Defense approves and implements a permanent force protection threat reporting system. < - > c. NOT report information related to a U.S. person?s ethnicity, race, religion, or lawful exercise of rights guaranteed by the Constitution or Federal law unless reasonable grounds exist that show a direct relationship of such information to a specific criminal act or behavior that may pose a threat to DoD personnel, facilities, and forces in transit. From rforno at infowarrior.org Sat Jul 26 19:43:06 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Jul 2008 15:43:06 -0400 Subject: [Infowarrior] - Defense CI and HUMINT Center Message-ID: <47EEB131-EE2A-471C-9EA5-59EDB1F8E389@infowarrior.org> Defense CI and HUMINT Center Memo http://cryptome.org/dtm-08-032.pdf DoD Force Protection Threat Information http://cryptome.org/dtm-08-007.pdf From rforno at infowarrior.org Sat Jul 26 19:53:16 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Jul 2008 15:53:16 -0400 Subject: [Infowarrior] - Senator fuses controversial IP bills into big, bad package Message-ID: Senator fuses controversial IP bills into big, bad package By Julian Sanchez | Published: July 25, 2008 - 02:40PM CT http://arstechnica.com/news.ars/post/20080725-senator-fuses-controversial-ip-bills-into-big-bad-package.html Intellectual property legislation introduced in the Senate on Thursday would combine elements of two controversial IP enforcement bills: The PRO-IP Act, which passed the House by a wide margin in May, and the PIRATE Act, which has won Senate approval several times since its first introduction in 2004. The law would increase penalties for counterfeiting, empower federal prosecutors to bring civil suits against copyright infringers, create a federal copyright czar to coordinate IP enforcement, and provide for the seizure of property used to violate copyrights and trademarks. Like PRO-IP, the Enforcement of Intellectual Property Rights Act of 2008 would double statutory damages for counterfeiting, with damages as high as $2 million for "willful" trademark violations. It also empowers the president to appoint an Intellectual Property Enforcement Coordinator (or "copyright czar"), who would develop a "joint strategic plan" meant to harmonize the IP enforcement efforts of diverse federal agencies, including the Department of Justice, Patent Office, State Department, and Department of Homeland Security. The Attorney General is directed to deploy five further IPECs as liaisons to foreign countries where piracy is rampant, and to establish a dedicated IP task force within the Federal Bureau of Investigation. The law also appropriates $25 million annually for grants to state and local government agencies working to crack down on IP violations. Some of the strongest criticism of PRO-IP has been directed at a provision, replicated here, that would allow for the seizure of "property used, or intended to be used, in any manner or part to commit or facilitate" a copyright or trademark infringement. While this language is presumably meant to target the equipment used by commercial bootlegging operations, it would also appear to cover, for example, the computer used to BitTorrent a movie or album. The new bill also incorporates the idea at the core of the PIRATE Act, by permitting federal prosecutors to bring civil suits against copyright infringers. (While these suits would not preclude action by the copyright owner, any restitution to the owner under a government suit would be subtracted from the damages that could be obtained by private action.) Since 1997, prosecutors have had the authority to bring criminal copyright charges against large-scale infringers. But that power remains little-used, in part because of the high evidentiary burden prosecutors must meet in criminal cases; civil suits employ a less stringent "preponderance of the evidence" standard. Sen. Patrick Leahy (D-VT), the primary sponsor of the legislation touted the bill at a Thursday press conference as a means "not only to protect jobs, but to protect that very unique American sense of inventiveness and creativity." (No word on whether Leahy has ever watched the YouTube clip of his own face-off with Heath Ledger's Joker in The Dark Knight.) "If hundreds of our cargo ships were being hijacked on the high seas or thousands of our business people were being held up at gunpoint in a foreign land, there would be a great sense of alarm and unshakable government resolve to act," said Sen. Evan Bayh (D-IN), a cosponsor of the bill. "That, in effect, is what is happening today, yet we are not doing nearly enough to stop it.? Big Content greeted the bill with predictable cheers. The Motion Picture Association of America and Business Software Alliance both rapidly issued statements lauding the legislation as a guarantor of job growth. Less sanguine was Gigi Sohn of Public Knowledge, who criticized the bill's broad forfeiture provision and argued that the PIRATE provisions "would turn the Justice Department into an arm of the legal departments of the entertainment companies by authorizing the DoJ to file civil lawsuits for infringement, forcing taxpayers to foot the bill." While the enthusiasm in both houses for similar legislation would appear to favor the bill's passage, most observers doubt that Congress will be able to move on the law before the beginning of summer recess. From rforno at infowarrior.org Sat Jul 26 19:55:32 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Jul 2008 15:55:32 -0400 Subject: [Infowarrior] - BSA Goes to War on Piracy Message-ID: Software Assoc. Goes to War on Piracy Lawsuits planned as industry association looks to sellers on sites other than eBay. http://www.internetnews.com/bus-news/article.php/3761501 July 25, 2008 By Kenneth Corbin: More stories by this author: In the murky online trade of pirated software, eBay may be the biggest marketplace, but it's not the only one. As it moves to more aggressively combat illegal sales of knockoff software, the Software Information and Industry Association (SIIA) plans to begin filing lawsuits against sellers operating on several of the smaller auction sites on the Web, according to Scott Bain, the association's litigation counsel who handles online auctions. Bain told InternetNews.com that the SIIA expects to issue its first lawsuits against non-eBay auction sellers in the coming weeks. Many eBay competitors have software categories on their sites, such as Overstock Auctions, ePier and eBid. Bain declined to name the sites that SIIA has been talking with, but emphasized that they have generally been cooperative. "We've had some very positive discussions and interactions with the competitors to eBay," Bain told InternetNews.com. "So far, we haven't filed any suits against those auction listings, but we're ramping up activity in that area." The SIIA's expansion of its litigation against individual sellers comes as the association is becoming increasingly exasperated with eBay for not doing enough to keep pirated software of its own marketplace. On behalf of its members, which include large software makers such as Oracle, Adobe and Apple, SIIA has filed and won lawsuits against dozens of eBay sellers, but Bain said the group is considering legal action against eBay itself. "We've been trying to work with eBay and offer many different suggestions," Bain said. "Very few if any of those have been adopted." In their annual study of the economic impact, the Business Software Alliance and research firm IDC estimated that piracy cost the global software industry $48 billion in 2007. The SIIA has asked eBay to sell it ad space on the software-listing pages where it would warn about piracy, but Bain said eBay refused. Also denied was the group's request that eBay bar the sale of software through its "Buy It Now" feature. LATEST NEWS More IT Shops Plan to Wait for Windows 7 Big Media Looks to Win the Web Juniper Jump-Starts Tech Stocks Microsoft Expands Open Source Presence The Big Business of Tiny Widgets "The vast majority of the software sold in the Buy It Now feature is pirated," Bain said. "The ones using the Buy It Now feature are the ones trying to fence their goods as quickly as possible." eBay, which did not respond to request for comment for this story, maintains a "fraud engine," an automated tool programmed with more than 13,000 rules to patrol the marketplace in search of fake goods. eBay also gives trademark and copyright owners the chance to report fraudulent merchandise through its Verified Rights Owner (VeRO) program. Bain said that the SIIA uses that feature regularly, and that eBay is generally responsive to its takedown requests, but the merchandise is not removed immediately. Bain said that a large amount of pirated software is sold in the gaps between the issuance of a takedown request and the actual removal of the listing. While his group's dealings with eBay have been "cordial," Bain said that "over time we've been discouraged by the inaction." Still, the suits against sellers on eBay rivals will likely come before any litigation is brought against eBay. "I don't mean it to sound like we're sitting here drafting a case because we're not," he explained. The issue of eBay's responsibility for the authenticity of the goods on its marketplace recently went through a legal test, when a federal judge ruled that the online auctioneer was not required to police its site for counterfeit goods in a case brought by luxury jewelry maker Tiffany. "The court is not unsympathetic to Tiffany and other rights owners who have invested enormous resources in developing their brands, only to see them illicitly and efficiently exploited by others on the Internet," U.S. District Court judge Richard Sullivan wrote in his opinion. "Nevertheless, the law is clear: it is the trademark owner's burder to police its mark, and companies like eBay cannot be held liable for trademark infringement based solely on their generalized knowledge that trademark infringement might be occurring on their Web sites." That verdict followed two similar cases in Europe where the courts both ruled against eBay. Though Bain said that the Tiffany outcome was not a "positive result," it doesn't necessarily short-circuit any litigation the SIIA might pursue. For starters, he pointed out it was only one judge's opinion in a bench trial, and that it would likely be appealed to Circuit Court. Second, Tiffany was going after eBay on trademark infringement, whereas any case that the SIIA might file would be based on copyright law, with the relevant statues found in the Digital Millenium Copyright Act (DMCA). Should the SIIA move ahead with litigation against eBay but fail to convince a judge that it violated the DMCA, Bain said his group's next step would be to appeal to Congress to update the 10-year-old copyright law's Safe Harbor provision to address the role of auction sites in the pirated-software trade. TAGS: software, eBay, piracy, DMCA, SIIA From rforno at infowarrior.org Wed Jul 30 00:23:48 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Jul 2008 20:23:48 -0400 Subject: [Infowarrior] - A Decade of Oracle Security Message-ID: <6D115753-FAA2-40B9-8A48-21850727691A@infowarrior.org> http://attrition.org/security/rant/oracle01/ Mon Jul 28 13:57:15 EDT 2008 Jericho (Security Curmudgeon) Oracle Corporation, one of the largest software companies in the world, has been providing database software for 30 years. What began as a U.S. intelligence agency funded relational database designed on a PDP-11 and never officially released, later turned into perhaps the largest and most prevalent commercial database used around the world. With global companies relying on Oracle databases for information management, the need for database security is critical. Despite that need, Oracle products have been plagued with all manners of security vulnerabilities that demonstrate Oracle products were not designed with security in mind. As new versions and new products are released, each is found vulnerable to critical issues that allow for trivial denial of service and complete database compromise. The last decade of Oracle product security has been dismal. In the midst of CEO Larry Ellison's promises that their database product was 'unbreakable' and CSO Mary Ann Davidson's repeated claims that security is a core facet of their software lifecycle, security researchers continue to find critical remote vulnerabilities in a bulk of their products. The history provided here is to help make Oracle customers aware of just how little security really matters to Oracle Corporation. It is past time for their customers to take the advice of Davidson and demand better from vendors. It is time for Oracle customers to demand the appointment of a Chief Security Officer that will stop the outright lies and spin-doctoring and turn their attention to the security of future products. Read the executive biography of Mary Ann Davidson and determine if she is living up to her job duties. "We are not just a really good commercial database but also a very secure commercial database." -- Mary Ann Davidson, 30th Anniversary soundbyte quote - 2007.16.04 [...] http://attrition.org/security/rant/oracle01/ From rforno at infowarrior.org Wed Jul 30 00:25:14 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Jul 2008 20:25:14 -0400 Subject: [Infowarrior] - ACTA trade agreement brief for July 29-31 Washington DC References: <20080729095417.45619394D1D@mail.wikileaks.org> Message-ID: Begin forwarded message: > From: Wikileaks Press Office > Date: July 29, 2008 5:55:25 AM EDT > > WIKILEAKS URGENT DOCUMENT RELEASE > Tue Jul 29 10:53:25 BST 2008 > > ACTA trade agreement industry negotiating brief on Border Measures > and Civil Enforcement > > The ACTA negotiations are scheduled for 29 to 31 July 2008 in > Washington DC. > > In 2007 a select handful of the wealthiest countries began a treaty- > making process to create a new global standard for copyright, > trademark and patent enforcement, which was called, in a piece of > brilliant marketing, the "Anti-Counterfeiting Trade Agreement". > > ACTA is spearheaded by the United States, and includes the European > Commission, Japan, and Switzerland -- which have large copyright and > patent industries. Other countries invited to participate in ACTA's > negotiation process are Canada, Australia, Korea, Mexico and New > Zealand. Noticeably absent from ACTA's negotiations are leaders from > developing countries who hold national policy priorities that differ > from the international copyright and patent industry. > > This document is the ACTA negotiating brief dated July 29, 2008, > provided by the copyright/patent/trademark industry to negotiating > countries; pages concerning customs enforcement and civil enforcement. > > Under customs enforcement for example it proposes: > > * Increased inspection of goods to detect potential shipments > * Customs to provide rights holders all relevant information for > the purposes of their own private investigations and court action > they are to be given a minimum of 20 working days to commence such > actions. > * Seized counterfeit goods are to be destroyed or disposed at the > rights holders pleasure. Removing a trademark will not cut it. > * Under civil enforcement rights holders will have more say on > the damages involved as well as more compensation to cover their > legal enforcement costs including "reasonable attorney's fees";. > * Rights holders to get the right to obtain information regarding > an infringer, their identities, means of production or distribution > and relevant third parties. > > The exact composition of the business "side" is not known, which > reflects the lack of transparency afflicting the ACTA process. > Whether trade representatives can be forced to reveal the make-up to > the press or policy groups remains to be seen. > > See http://wikileaks.org/wiki/S4 > _________________________________ From rforno at infowarrior.org Wed Jul 30 13:13:20 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Jul 2008 09:13:20 -0400 Subject: [Infowarrior] - RAND: Terror Effort Is Not a 'War' Message-ID: <8B1B1C00-2B43-434E-B67D-44AF969C2FA6@infowarrior.org> Strategy Against Al-Qaeda Faulted Report Says Effort Is Not a 'War' By Joby Warrick Washington Post Staff Writer Wednesday, July 30, 2008; A04 http://www.washingtonpost.com/wp-dyn/content/article/2008/07/29/AR2008072902041_pf.html The Bush administration's terrorism-fighting strategy has not significantly undermined al-Qaeda's capabilities, according to a major new study that argues the struggle against terrorism is better waged by law enforcement agencies than by armies. The study by the nonpartisan Rand Corp. also contends that the administration committed a fundamental error in portraying the conflict with al-Qaeda as a "war on terrorism." The phrase falsely suggests that there can be a battlefield solution to terrorism, and symbolically conveys warrior status on terrorists, it said. "Terrorists should be perceived and described as criminals, not holy warriors," authors Seth Jones and Martin Libicki write in "How Terrorist Groups End: Lessons for Countering al-Qaeda," a 200-page volume released yesterday. But the authors contend that al-Qaeda has sabotaged itself by creating ever greater numbers of enemies while not broadening its base of support. "Al-Qaeda's probability of success in actually overthrowing any government is close to zero," the report states. The study was based in part on an analysis of more than 600 terrorist movements tracked over decades by Rand and the Memorial Institute for the Prevention of Terrorism. Jones and Libicki sought to determine why such movements ultimately die out, and how lessons from recent history can be applied to the current struggle against al-Qaeda. The researchers found that more than 40 percent of terrorist movements fade away when their political objectives are met -- but that this outcome occurs only when groups are secular and have narrow goals. By contrast, al-Qaeda's religious and political agenda calls for nothing less than the overthrow of secular Arab governments and the establishment of an Islamic caliphate. A roughly equal number of terrorist groups die when their key leaders are arrested or killed. In the vast majority of instances, this is accomplished by local law enforcement, the study notes. "In most cases, military force isn't the best instrument," said Jones, a terrorism expert and the report's lead author. Addressing the U.S. campaign against al-Qaeda, the study noted successes in disrupting terrorist financing, but said the group remains a formidable foe. Al-Qaeda is "strong and competent," and has succeeded in carrying out more violent attacks since Sept. 11, 2001, than in all of its previous history. Moreover, its organizational structure has adapted and evolved over time, "making it a more dangerous enemy," Jones and Libicki wrote. The authors call for a strategy that includes a greater reliance on law enforcement and intelligence agencies in disrupting the group's networks and in arresting its leaders. They say that when military forces are needed, the emphasis should be on local troops, which understand the terrain and culture and tend to have greater legitimacy. In Muslim countries in particular, there should be a "light U.S. military footprint or none at all," the report contends. "The U.S. military can play a critical role in building indigenous capacity," it said, "but should generally resist being drawn into combat operations in Muslim societies, since its presence is likely to increase terrorist recruitment." From rforno at infowarrior.org Wed Jul 30 13:24:53 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Jul 2008 09:24:53 -0400 Subject: [Infowarrior] - New Housing Bill: IRS to receive all credit card transaction data Message-ID: ....the best thing the government can do in the name of 'government transparency' is to make sure ONLY items related directly to the bill's title be included in such bills. WTF does credit card transaction data have to do with housing bailouts? Not a damn thing. (But making such items transparent would mean a greater chance of them not getting passed under 'must-pass' legislation....think of how REALID got enacted) --rf http://www.paymentsystemsblog.com/2008/07/24/credit-card-transactions-to-be-reported-to-the-irs-in-foreclose-prevention-act-of-2008/ Credit Card Transactions to be Reported to the IRS - in Foreclose Prevention Act of 2008 Posted (db) in General on July-24-2008 In the House Amendments to the Senate Amendment to H.R. 3221 ? Foreclosure Prevention Act of 2008 See Page 11 and 12 here: Payment Card and Third Party Network Information Reporting. The proposal requires information reporting on payment card and third party network transactions. Payment settlement entities, including merchant acquiring banks and third party settlement organizations, or third party payment facilitators acting on their behalf, will be required to report the annual gross amount of reportable transactions to the IRS and to the participating payee. Reportable transactions include any payment card transaction and any third party network transaction. Participating payees include persons who accept a payment card as payment and third party networks who accept payment from a third party settlement organization in settlement of transactions. A payment card means any card issued pursuant to an agreement or arrangement which provides for standards and mechanisms for settling the transactions. Use of an account number or other indicia associated with a payment card will be treated in the same manner as a payment card. A de minimis exception for transactions of $10,000 or less and 200 transactions or less applies to payments by third party settlement organizations. The proposal applies to returns for calendar years beginning after December 31, 2010. Back-up withholding provisions apply to amounts paid after December 31, 2011. This proposal is estimated to raise $9.802 billion over ten years. From rforno at infowarrior.org Wed Jul 30 14:29:27 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Jul 2008 10:29:27 -0400 Subject: [Infowarrior] - Report: Threat to US of Electromagnetic Pulse Attack Message-ID: <88AACF17-84C6-4D95-B388-0FDB07762050@infowarrior.org> Threat to US of Electromagnetic Pulse Attack (208pages) http://www.empcommission.org/docs/A2473-EMP_Commission-7MB.pdf The EMP Commission was established pursuant to title XIV of the Floyd D. Spence National Defense Authorization Act for Fiscal Year 2001 (as enacted into law by Public Law 106-398; 114 Stat. 1654A-345). Duties of the EMP Commission include assessing: 1. the nature and magnitude of potential high-altitude EMP threats to the United States from all potentially hostile states or non-state actors that have or could acquire nuclear weapons and ballistic missiles enabling them to perform a high-altitude EMP attack against the United States within the next 15 years; 2. the vulnerability of United States military and especially civilian systems to an EMP attack, giving special attention to vulnerability of the civilian infrastructure as a matter of emergency preparedness; 3. the capability of the United States to repair and recover from damage inflicted on United States military and civilian systems by an EMP attack; and 4. the feasibility and cost of hardening select military and civilian systems against EMP attack. The Commission is charged with identifying any steps it believes should be taken by the United States to better protect its military and civilian systems from EMP attack. From rforno at infowarrior.org Thu Jul 31 01:24:07 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Jul 2008 21:24:07 -0400 Subject: [Infowarrior] - IOC agrees to Internet blocking at the Games Message-ID: <1D984768-DFF5-4AFF-AA11-E4E44E6D191F@infowarrior.org> International Herald Tribune IOC agrees to Internet blocking at the Games By Andrew Jacobs Wednesday, July 30, 2008 http://www.iht.com/bin/printfriendly.php?id=14895767 BEIJING: The Chinese government confirmed Wednesday what journalists arriving at the lavishly outfitted media center here had suspected: Contrary to previous assurances by Olympic and government officials, the Internet would be censored during the upcoming games. Since the Olympic Village press center opened Friday, reporters have been unable to access scores of Web pages - politically sensitive ones that discuss Tibetan succession, Taiwanese independence, the violent crackdown of the protests in Tiananmen Square and the sites of Amnesty International, Radio Free Asia and several Hong Kong newspapers known for their freewheeling political discourse. On Wednesday - two weeks after its most recent proclamation of an uncensored Internet during the Summer Games - the International Olympic Committee quietly agreed to some of the limitations, according to Kevan Gosper, chairman of the IOC press commission, Reuters reported. Gosper said that he regretted the limitations but that "IOC officials negotiated with the Chinese that some sensitive sites would be blocked on the basis they were not considered Games related." A government spokesman initially suggested the problems originated with the site hosts, but on Wednesday, he acknowledged that journalists would not have unfettered Internet use during the Games, which begin Aug. 8. "It has been our policy to provide the media with convenient and sufficient access to the Internet," said Sun Weide, the chief spokesman for the Beijing Olympics organizing committee. "I believe our policy will not affect reporters' coverage of the Olympic games." The Chinese government and the IOC had repeatedly suggested up until two weeks ago that the 20,000 journalists covering the games would have full Internet access. Jacques Rogge, the International Olympic committee president, declared that the foreign media would be able to report and publish its work freely in China and that the Internet would be uncensored. The revelation that politically sensitive Web pages will be off limits to foreign reporters comes at a time of growing skepticism about the government's commitment to pledges made when it won the right to stage the games in 2001: that it would improve its record on human rights and provide athletes with clean air. Despite a litany of measures that include restricting private vehicles and shuttering factories, Beijing's skyline in recent days has been shrouded in a thick haze, prompting some hang-wringing over whether the government can deliver on its promise of a "blue skies" Olympics. In recent months, human rights advocates have accused Beijing of stepping up the detention and surveillance of those it fears could disrupt the Games. On Tuesday, President George W. Bush privately met with five Chinese dissidents at the White House to drive home his dissatisfaction with the pace of change. Bush, who leaves for the opening ceremonies in just over a week, also pressed China's foreign minister to ease political repression. Concerns about free access to the Internet in Beijing had intensified Tuesday, when Western journalists working at the main press center in Beijing said they could not get to Amnesty International's Web site to see the group's critical report on China's failure to improve its human rights record ahead of the Olympics. Journalist groups complained last week about treatment from security officials while trying to interview people waiting in line for Olympic tickets, according to Bloomberg News. Jonathan Watts, president of The Foreign Correspondents Club of China, said he was disappointed that Beijing had failed to honor its agreement to temporarily remove the elaborate firewall that prevents ordinary Chinese from fully using the Internet. "Obviously if reporters can't access all the sites they want to see, they can't do their jobs," he said. "Unfortunately, such restrictions are normal for reporters in China, but the Olympics were supposed to be different." Sandrine Tonge, the IOC media relations coordinator, said the organization would press the Chinese authorities to reconsider the limits. How to circumvent censors Reporters Without Borders is encouraging journalists covering the Beijing Olympics to skirt censorship with tips on how to get around firewalls, lock computer files and find safe translators, The Associated Press reported from Paris. In a guide published on the Internet on Wednesday, the organization advised reporters to conduct phone calls and write e-mail messages with the knowledge that they might be monitored. The new guide will probably help only journalists who have not yet left for Beijing: The press freedom group says its Web site, www.rsf.org, remains blocked in China. The country has backed away from a promise to lift all Internet blocks on foreign media. From rforno at infowarrior.org Thu Jul 31 11:26:45 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Jul 2008 07:26:45 -0400 Subject: [Infowarrior] - Yo FCC! Are You Doing Anything About Metered Broadband? Message-ID: <48537F4F-53EF-481D-B530-1D17CA4C1231@infowarrior.org> Yo FCC! Are You Doing Anything About Metered Broadband? Om Malik, Wednesday, July 30, 2008 at 10:15 PM PT Comments (2) In an effort to burnish his public image, Federal Communications Commission Chairman Kevin Martin has take up a populist and politically lucrative crusade against the evil cable company, Comcast and its nefarious efforts to block certain kinds of traffic. Given that we all love to hate our cable companies, especially the big ones, it is a calculated bet by Martin, who is rumored to be contemplating running for US House of Representatives after he leaves FCC. Now wonder, he has been campaigning hard to chastise Comcast, and perhaps censure them for an undeniably lamentable act. My inner cynic believes that this so called punishment is nothing but a smart tactic by Martin to show that he is on the side of network neutrality and champion of open access and the people. He told The New York Times that he was pursuing this because of openness he wants to see in the networks... < - > http://gigaom.com/2008/07/30/fcc-metered-broadban/ From rforno at infowarrior.org Thu Jul 31 11:33:21 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Jul 2008 07:33:21 -0400 Subject: [Infowarrior] - 5GB DSL caps - net neutrality, ha! Message-ID: Talk about a recipe for disaster.....at the very least I hope they offer "bonus bits" for those weeks when vendors release massive updates to their operating systems and you've got 5 PCs in your house requiring updating. Otherwise, you're going to have a hard time emailing Frontier for help since they'll likely have cut your access for over-use. The ONLY reason I see for this is to discourage folks from going elsewhere on the Internet for music/video, and maybe to reduce p2p traffic. But if Frontier suddenly rolls out its own "internal" music/ video service, watch the lawsuits start to fly. (I could use a good laugh......) Bottom line - these guys are idiots. And folks wonder why I prefer business-class Internet connections from "real' (ie, traditional) ISPs at my house and not from telcos or cable companies. -rf Frontier Sets Tiny Broadband Cap Stacey Higginbotham, Wednesday, July 30, 2008 at 12:29 PM PT Comments (6) Frontier Online, an incumbent carrier with service in 23 states, updated its acceptable use policy last week to reflect that it now has a 5 GB data cap for its DSL subscribers (hat tip to DSL Reports). Before we all cry foul, however, Frontier wants us to know that with that cap, we can each send half a million emails and download about 1,250 songs from iTunes. Of course, the picture?s less rosy if you?re like me and love Hulu, since then you?re looking at only 10-15 hours of ?30 Rock.? The efforts are in line with those of other ISPs trying to cut down on bandwidth hogs by offering different tiers of service. Time Warner Cable is testing a 5 GB service tier delivered at 768 kbps in Texas, but Frontier doesn?t seem to have an offering with a larger data cap. Granted, a Comcast spokesman told me earlier this year that the cable company?s average broadband subscriber only uses 2 GB per month, but as more and more content goes online, a 5GB cap seems like a recipe for customer loss. http://gigaom.com/2008/07/30/frontier-sets-tiny-broadband-cap/ From rforno at infowarrior.org Thu Jul 31 11:37:18 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Jul 2008 07:37:18 -0400 Subject: [Infowarrior] - Google To Launch Venture Fund Message-ID: Google To Launch Venture Fund Michael Arrington http://www.techcrunch.com/2008/07/30/google-to-launch-venture-fund/ The WSJ is reporting that Google is set to launch a venture fund to give it the option of investing in startups instead of just flat out buying them. The fund will be led by Google?s SVP Corporate Development David Drummond and Bill Maris, a long time business friend of Anne Wojcicki, Sergey Brin?s wife. Maris is a tech entrepreneur with a degree in neuroscience and worked with Wojcicki at a San Francisco-based for-profit company called Catalytic Health. This hasn?t been confirmed by Google, and it?s clear they?ve been thinking about a fund off and on for years. From the article: The move would make Google the latest technology giant to take on a more-formal role in seeding start-ups. Intel Corp. has had a large venture-capital arm for years, as have Motorola Inc., Comcast Corp. and many others. In the consumer-Internet area, Walt Disney Co.?s Steamboat Ventures has invested in a number of Web start-ups. So has Amazon.com Inc., which has funded a number of young companies without structuring a formal fund. Their track records have been mixed. Corporate venture-capital arms have been hampered by challenges that traditional venture-capital businesses don?t face. Venture capitalists invest in private start-ups at an early stage, usually in hopes of a big payout if the company is sold or if its stock goes public. Many start-ups fear that taking corporate money limits their options and comes with strings that could turn away other potential investors ? such as a right to buy the company at a later date. Some funds with less competitive compensation have struggled to retain managers, and corporate venture funds often don?t allow senior employees to invest personal money in their funds, while other venture funds typically do. This wouldn?t be the first time Google started a fund to invest in other companies. In June 2007 they launched Gadget Ventures, a pilot program that, in part, invests seed money in companies looking to develop for the gadgets platform. They have also previously invested through Indian VCs. From rforno at infowarrior.org Thu Jul 31 22:59:33 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Jul 2008 18:59:33 -0400 Subject: [Infowarrior] - Executive Order 12333 Updated Message-ID: <2AF3265E-3F71-41D7-B263-7C2EC73B2A79@infowarrior.org> Fact Sheet: A Lasting Framework for United States Intelligence Activities http://www.whitehouse.gov/news/releases/2008/07/20080731-4.html Background Briefing by Senior Administration Officials on the Revision of Executive Order 12333 http://www.whitehouse.gov/news/releases/2008/07/20080731-8.html ...and.... http://www.washingtonpost.com/wp-dyn/content/article/2008/07/31/AR2008073101655.html Bush Administration Announces Restructuring of Intelligence Agencies By Joby Warrick Washington Post Staff Writer Thursday, July 31, 2008; 5:15 PM The Bush administration today announced a restructuring of the nation's intelligence-gathering apparatus, approving new guidelines that bolster the authority of the Office of the Director of National Intelligence (DNI) as the leader of the nation's 16 spy agencies. The changes were part of a long-awaited overhaul of Executive Order 12333, a Reagan-era document that establishes the powers and responsibilities of U.S. intelligence services. Most of the revisions were aimed at underscoring the predominant role of the DNI, the office created by Congress three years ago in the aftermath of the Sept. 11, 2001, terrorist attacks. The revamped order specifically places the DNI in charge of setting priorities for the 16 spy agencies as well as issuing guidelines on how intelligence is collected, analyzed and shared--including foreign intelligence, traditionally the domain of the CIA. It also gives the DNI a greater voice in the hiring and firing of senior intelligence officials. The document calls on intelligence agencies to use "all reasonable and lawful means" to safeguard American citizens, and reaffirms the nation's "long-standing commitment to protecting civil liberties," a senior administration official said in a briefing to reporters about the changes. The official, who spoke on the condition that he not be identified by name, called the order a "foundational document" that will clarify responsibilities and improve coordination. "The order was simply out of date, and it needed to be updated to conform with the new intelligence structure," he said. ad_icon Left essentially unchanged is a prohibition against assassinations of foreign leaders, as well as long-standing restrictions on human experimentation, the document states. It asserts that the intelligence agencies would "maintain or strengthen privacy and civil liberty protections." Lawmakers of both major political parties immediately criticized the administration for what they said was needless secrecy in its development of the changes . "We were only shown the document after it was complete and on its way to the president for his signature," said Rep. Silvestre Reyes (D- Tex.), chairman of the House intelligence committee. "After seven years of a go-it-alone presidency, perhaps I should expect nothing more from this White House. But this order will be binding on future administrations as well." Rep. Pete Hoekstra, (R-Mich.), the committee's ranking Republican, said: "Given the impact that this order will have on America's intelligence community, and this committee's responsibility to oversee intelligence activities, this cannot be seen as anything other than an attempt to undercut congressional oversight. The original Executive Order 12333, which was signed by President Ronald Regan in 1981, has been revised numerous times, but the new changes are the most sweeping in more than a decade, administration officials said. Administration officials have been quietly negotiating the overhaul for more than a year, seeking to modernize the law to reflect the DNI's new role. Critics have charged that the authorizing statutes that created the DNI failed to give it the budgetary and policy- setting authorities it need to lead the intelligence agencies. From rforno at infowarrior.org Thu Jul 31 23:07:46 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Jul 2008 19:07:46 -0400 Subject: [Infowarrior] - National Defense Strategy 2008 (PDF) Message-ID: <91990A49-0AD7-48D2-AC36-D1B0AB2818DA@infowarrior.org> National Defense Strategy 2008 http://www.defenselink.mil/news/2008%20National%20Defense%20Strategy.pdf From rforno at infowarrior.org Thu Jul 31 23:10:53 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 31 Jul 2008 19:10:53 -0400 Subject: [Infowarrior] - DOJ Report on National Security Oversight Initiative Message-ID: <4645E145-4D89-4297-A429-3C06BA151DF2@infowarrior.org> Department of Justice SealDepartment of Justice FOR IMMEDIATE RELEASE Thursday, July 31, 2008 WWW.USDOJ.GOV NSD (202) 514-2007 TDD (202) 514-1888 http://www.usdoj.gov/opa/pr/2008/July/08-nsd-678.html One Year Progress Report: the Department?s Comprehensive National Security Oversight Initiative One year ago, the Justice Department?s National Security Division (NSD) announced the launch of a significant new national security oversight initiative to meet its increasing responsibilities in conducting oversight of the intelligence activities of the FBI and, as appropriate, other intelligence agencies. Since the launch of the initiative, the Department has dramatically broadened the scope of its national security oversight role. In the past, the Department?s oversight efforts were primarily focused on overseeing the FBI?s use of authorities under the Foreign Intelligence Surveillance Act (FISA). Now, Justice Department attorneys, in conjunction with FBI attorneys, are examining all aspects of the FBI?s national security investigations for adherence to applicable laws, regulations, and guidelines. This initiative builds on prior Departmental improvements in national security oversight, including the September 2006 creation of the NSD itself. One of the key components of this initiative is a new Oversight Section within the NSD?s Office of Intelligence that is specifically dedicated to ensuring that national security investigations comply with the nation?s laws, regulations and policies, including those designed to protect privacy interests and civil liberties. This section is fully staffed and operational. It is supervised by an experienced leadership team, which reports directly to the Deputy Assistant Attorney General for the Office of Intelligence within NSD. ?The National Security Division plays a vital role in ensuring that national security investigations are conducted properly and with respect for the civil liberties and privacy interests of Americans,? said Matt Olsen, Deputy Assistant Attorney General for the Office of Intelligence. ?Our enhanced oversight efforts over the past year represent a solid foundation from which we will continue to build as we work with the FBI and other intelligence agencies to achieve this goal.? Some of the oversight activities undertaken by the NSD in the past year, as well as those to be undertaken in the future, include: Comprehensive National Security Reviews Last year, the Department for the first time began conducting regular, comprehensive reviews of national security activities at FBI field offices around the country and at FBI Headquarters national security units. These National Security Reviews, which started in April 2007, are staffed by career attorneys from the NSD and the FBI?s Office of General Counsel, and the findings are reviewed by officials from the Department?s Privacy and Civil Liberties Office. These reviews examine, among other things, the FBI?s use of National Security Letters to ensure compliance with applicable laws, guidelines and policies. They also examine FBI national security investigation case files to ensure, among other things, that there is sufficient predication to support the investigations; that the cases are authorized by appropriate personnel; and that notices of the investigations are properly provided to the National Security Division. During 2007, the Department conducted 15 National Security Reviews at FBI offices around the country, as well as at FBI headquarters. Thus far this year, the Department has completed another eight National Security Reviews, and plans to complete a total of 17 reviews by the end of 2008. Earlier this year, the Justice Department?s Office of Inspector General (OIG) concluded that the Justice Department and FBI had made ?significant progress? in improving oversight of the FBI?s use of National Security Letters since problems in the use of these letters were first reported by the OIG in March 2007. Among other oversight actions, the OIG noted the new National Security Reviews undertaken by the Department. Oversight of the New FISA Amendments Act With the recent enactment of the FISA Amendments Act of 2008, NSD?s Oversight Section is now charged with additional oversight responsibilities regarding the use of the new FISA provisions. The FISA Amendments Act provides for oversight both within the Executive Branch, including by Department of Justice and Intelligence Community Inspectors General, and by Congress and the FISA Court. Specifically, the new law provides for targeting non-U.S. persons overseas to acquire foreign intelligence information, subject to specific targeting and minimization procedures that are reviewed by the FISA Court. The law requires the Attorney General and the Director of National Intelligence to assess compliance with those procedures every six months and to submit an assessment to the FISA Court and to Congress. The NSD?s Oversight Section will be responsible for preparing these compliance assessments. The Oversight Section will also have responsibility for satisfying the Department?s new Congressional reporting requirements under the FISA Amendments Act. Those requirements include reporting every six months concerning the implementation of the FISA amendments as well as other FISA-authorized activities and significant judicial decisions regarding FISA. Protect America Act Oversight In August 2007, the President signed the Protect America Act of 2007, which amended FISA, and which ultimately expired in February 2008. The National Security Division shared in the responsibility for overseeing the implementation of the law, and, in so doing, helped to create a strong, internal oversight regime that exceeded the requirements of the statute. For example, within 14 days of initiation of collection under the Protect America Act, the NSD, in conjunction with the Office of the Director of National Intelligence (ODNI), conducted a review of each agency?s use of such authorities. These reviews assessed the agencies? compliance with the requirements of the Protect America Act, including the procedures by which the agencies ensured that surveillance activities were targeting persons reasonably believed to be located outside the United States. The NSD and the ODNI have conducted more than 30 reviews to ensure continued compliance with the Protect America Act. As part of this effort, the NSD worked closely with other representatives from the intelligence community to ensure that Congress was briefed on the first and subsequent compliance reviews, as well as many other aspects involving implementation of the Protect America Act. FISA Minimization and Accuracy Reviews The Oversight Section also regularly conducts reviews in FBI field offices to ensure compliance with minimization requirements ordered by the FISA Court and to ensure the factual accuracy of applications submitted to the FISA Court. Orders issued by the FISA Court direct the government to follow minimization procedures. These procedures are designed to minimize the acquisition, retention, and dissemination of information concerning U.S. persons. Attorneys from the Oversight Section conduct minimization reviews to assess whether the results of FISA surveillance and searches have been minimized in accordance with applicable minimization procedures. The attorneys also conduct line-by-line accuracy reviews of selected applications presented to the FISA Court to ensure that the FBI possesses supporting documentation for the facts asserted in the application. During 2007, the Oversight Section conducted 34 minimization reviews, up from 23 conducted in 2006. The Oversight Section also conducted 54 accuracy reviews in 2007, an increase of more than 30 percent from the prior year. Reviews of Intelligence Oversight Board Referrals As directed by the Attorney General in March 2007, the Oversight Section also reviews all referrals by the FBI to the President?s Intelligence Oversight Board (IOB). An FBI referral to the IOB generally arises from improper utilization of authorities under FISA; failure to adhere to Attorney General Guidelines or implementing FBI authority; or improper utilization of authorities involving national security letters. The Oversight Section reviews these referrals to detect patterns of conduct that may require changes in policy, training, or oversight. Twice a year, the Oversight Section also reports to the Attorney General on such referrals and informs the Department's Chief Privacy and Civil Liberties Officer of any referrals that raise serious civil liberties or privacy issues. Reviews of FBI National Security Undercover Operations The National Security Division also reviews FBI undercover operations in the national security arena. Pursuant to statute, certain FBI undercover activities are subject to review and approval within the Department. The NSD plays an integral role in reviewing these activities prior to approval. ###