From rforno at infowarrior.org Sat Mar 1 03:50:10 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Feb 2008 22:50:10 -0500 Subject: [Infowarrior] - Bush Nominates Three to Empty Privacy Board Message-ID: Bush Nominates Three to Empty Privacy Board By Ryan Singel EmailFebruary 29, 2008 | 8:21:30 PMCategories: Privacy http://blog.wired.com/27bstroke6/2008/02/bush-nominates.html A newly independent Privacy and Civil Liberties Oversight Board may soon actually have members again, after sitting empty for nearly a full month. On Thursday, President Bush took the first step to fill vacancies on the Board as he nominated 3 people, including a chairman, to fill some of the five seats. Bush allowed the board to be emptied on January 30, even as he pushed Congress to grant him wide powers to install blanket wiretap orders inside the United States. Bush nominated Daniel Sutherland, the current civil liberties officer at the Department of Homeland Security, to head the commission for the next six years. Ronald Rotunda, a George Mason University law professor known for his bow ties and for work on the Senate Watergate Commission, was nominated to join the board for an initial four-year term, while Francis X. Taylor, who previously served on the board, was re-nominated for a two-year term. Sutherland's main work at DHS involved convincing Muslims and minorities that DHS does not racially profile. Privacy issues with programs are handled by the chief privacy officer Hugo Teufel. The nominations will need to get through the Senate Homeland Security committee and confirmed by the full Senate. In a 2007 measure implementing 9/11 Commission recommendations, Congress reconfigured the oversight committee, known as the Privacy and Civil Liberty Oversight Board. The intent was to make the board more independent of the White House, require it to be bipartisan and make it more accountable to the public. Those changes came after civil-liberties groups blasted the board for a lack of independence and relevance. Former Board chairwoman Carol Dinkins formerly served as a campaign treasurer for President Bush and was a partner at the same law firm as former Attorney General Alberto Gonzales. Also appointed to the board was formidable lawyer Ted Olson, who was named solicitor general after winning the Bush v. Gore case that settled the 2000 election dispute, and whose wife died in the 9/11 attacks. Lanny Davis -- the board's sole Democrat -- resigned in May 2007 to protest edits the White House made to the board's 2007 annual report to Congress. From rforno at infowarrior.org Sat Mar 1 04:04:42 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Feb 2008 23:04:42 -0500 Subject: [Infowarrior] - Lawmakers voice concerns over cybersecurity plan Message-ID: Law makers voice concerns over cybersecurity plan Robert Lemos, SecurityFocus 2008-02-29 http://www.securityfocus.com/news/11507?ref=rss Members of the House of Representative sought details, on Thursday, of a $30 billion plan to secure federal government systems and upgrade network defenses to ward off attacks from foreign nations and online criminals. Known as the Cyber Initiative, the Bush Administration project would dramatically reduce the number of interconnections between federal government networks and the Internet and put more advanced network security in place to monitor data traffic for signs of malicious attacks. While the 5- to 7-year project could dramatically improve the network defenses of government agencies, law makers questioned whether the initiative will be too little, too late, and whether the resulting network monitoring could undermine privacy. "It's hard to believe that this Administration now believes it has the answers to secure our federal networks and critical infrastructure," Representative Bennie Thompson (D-MS), chairman of the House Committee on Homeland Security, said in prepared remarks at the opening of the hearing on Thursday. "I believe cybersecurity is a serious problem -- maybe the most complicated national security issue in terms of threat and jurisdiction. This problem will be with us for decades to come." The U.S. government gave short shrift to cybersecurity issues at the beginning of the decade. While the Bush Administration released its National Strategy to Secure Cyberspace in 2003, the final document significantly softened the government's stance on securing critical infrastructure, which is primarily maintained by private companies. The Administration also collected most of the cybersecurity capabilities into the Department of Homeland Security and then failed to fund the efforts. While Congress established the position of Assistant Secretary for Cybersecurity within the DHS in 2005, the Bush Administration failed to fill the leadership role for more than a year, finally appointing Greg Garcia, a former information-technology lobbyist, to the post. In the last two years, however, the Bush Administration has focused more intently on securing government networks. The U.S. computer emergency readiness team (US-CERT) has deployed a network-traffic analysis system, EINSTEIN, to monitor 15 agencies for possible computer intrusions. The National Institute of Standards and Technology has created the National Vulnerability Database and worked with other agencies to create important standards for configuration management and vulnerability detection. The Office of Management and Budget, along with NIST, is spearheading an effort to get all desktop computer systems within federal agencies to use the Federal Desktop Core Configuration> -- a standard, secure configuration for Windows XP and Windows Vista. The latest effort by the Bush Administration is the so-called "Cyber Initiative" -- a plan to minimize the number of trusted Internet connections, or TICs, and improve EINSTEIN's monitoring on those connection to prevent attacks in real time. The Bush Administration has budgeted $30 billion over the next five to seven years for the program, according to statements by Committee members. The 2009 budget has requested $294 million for US-CERT to hire more analysts and fund the additional deployment of the system. During Thursday's hearing, officials from the Office of Management and Budget and the Department of Homeland Security answered the Committee's questions on the non-classified components of the initiative. As part of the Cyber Initiative, a major effort is under way to reduce the number of interconnections between federal agencies and the public Internet. Currently, more than 4,000 trusted Internet connections (TICs) link the federal government to the Internet, according to Robert Jamison, Under Secretary for the DHS's National Protection and Programs Directorate. Under the Cyber Initiative, that will be reduced to 50. The DHS and the Office of Management and Budget (OMB) share responsibility for consolidating the network connections, said Karen Evans, the administrator for OMB's Electronic Government and Information Technology division. The initiative applies to all connections, no matter the agency, she said. "Any external connection to an entity causes a risk," Evans said. "All agencies have to report to the OMB all external connections, and that means all of them." Agencies already have submitted plans to reduce the number of access points to Evans' office. The initial deadline for complying with the OMB's mandate is June 2008. The second part of the Cyber Initiative calls for improvement to the EINSTEIN intrusion detection system and the deployment of the system to monitor all 50 Internet access points. Currently, EINSTEIN conducts flow analysis -- tracking the source, destination, port and size of packets on the networks of 15 federal agencies. "We only monitor a very small percentage of federal network traffic," Jamison told the committee members. "We want, through this initiative, to increase that to 100 percent of all federal network traffic." The information is analyzed on a daily basis, and so cannot detect threats in real time, DHS's Jamison said. The system would be enhanced to do more real-time analysis, he said. "We are currently not looking at any content," Jamison said. "We are proposing that we are going to do that. The threats are real. Our adversaries are really adept at hiding their attacks in normal everyday traffic. The only way to really protect your networks is to have intrusion detection capabilities." Attacks on federal agencies have become a focus of the Committee on Homeland Security. A year ago, the House Subcommittee on Emerging Threats, Cybersecurity, and Science and Technology heard testimony from representatives of the Departments of State and Commerce regarding attacks on those agencies' systems the previous year. The Department of State acknowledged in June 2006 that attackers had installed remote access software on systems in the agency and abroad, stolen passwords and targeted information on China and North Korea. In October 2006, the Department of Commerce took hundreds of computers offline following a series of attacks aimed at federal employees' computer accounts by online thieves that appear to be based in China. Germany, the United Kingdom and the U.S. have all accused Chinese funded hackers of breaching their government networks. A few committee members questioned whether the network monitoring system could cause privacy problems, if the government increased its capabilities. ? "My constituents are asking about this," said Rep. Jane Harman (D-CA), a member of the Committee on Homeland Security. "'Government sets up spy network,' that is how they are going to perceive this hearing." Yet, the Bush Administration officials assured the committee members that the privacy impact of the evolved system is currently being investigated. "Privacy and civil rights have been a top priority of this effort," the DHS's Jamison said. "EINSTEIN has a privacy impact assessment that is public. We are working on a new one." The original assessment, completed in September 2004, found that the EINSTEIN system did not need to have Privacy Act System of Records "because the program is not intended to collect information that will be retrieved by name or personal identifier." The committee also took issue with the DHS Secretary Michael Chertoff's decision to appoint Scott Charbo, the former CIO for the department, to the position of Deputy Under Secretary in charge of implementing the program. Charbo had told the committee previously that he had not been briefed on incidents involving infiltration of government systems by foreign attackers. His reply -- "You don't know what you don't know." -- has become a symbol of the Bush Administration's lack of focus on cybersecurity issues. "Your decision to promote Mr. Charbo to Deputy Under Secretary of National Programs and Plans effectively places him in charge of the cyber initiative at the Department," Rep. Thompson stated in a February letter to DHS Secretary Michael Chertoff. "Given his previous failings as Chief Information Officer, I find it unfathomable that you would invest him with this authority." In a response to the letter, Secretary Chertoff defended Charbo, highlighting the changes that have happened under his watch. From rforno at infowarrior.org Sat Mar 1 04:09:08 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Feb 2008 23:09:08 -0500 Subject: [Infowarrior] - Wikileaks back on the air Message-ID: US judge reverses ruling in Julius Baer leak case Fri Feb 29, 2008 5:00pm EST http://www.reuters.com/article/rbssFinancialServicesAndRealEstateNews/idUSN2 924014120080229 SAN FRANCISCO, Feb 29 (Reuters) - A U.S. judge on Friday reversed his earlier ruling that barred to a Web site with private bank account data from Switzerland's Julius Baer Holding AG. The judge reversed himself after hearing arguments by free-speech advocates that his decision amounted to unconstitutional prior restraint. "There are serious questions of prior restraint and possible violations of the First Amendment," U.S. District Judge Jeffrey White ruled from the bench in his San Francisco courtroom. "The court has serious questions whether those concerns raised before the court make the granting of the relief requested by the plaintiffs constitutionally appropriate," he added. (Reporting by Philipp Gollner, editing by Leslie Gevirtz) ? Reuters 2008 All rights reserved From rforno at infowarrior.org Sun Mar 2 01:01:06 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 01 Mar 2008 20:01:06 -0500 Subject: [Infowarrior] - PGP complaint Message-ID: Tonight I went online to order the latest version of PGP by upgrading my current license. Three hours after placing my order, I hadn't yet received a download information. Going online, I discover this choice piece of their FAQ: http://www.pgp.com/support/faqs/storefaqs.html > I placed my order online. How and when will I receive my product(s)? > > Upon completion of transaction and credit authorization, you will receive an > email confirmation from PGP Corporation's e-commerce provider confirming your > purchase. Within 48 hours, you will receive an email from PGP Corporation, > which will include a link to download your purchased product(s). Please make > sure the email address on your order form is valid. FORTY-EIGHT hours to get a license key and download link emailed? Is this a technology company or 1980s-era mail-order catalog company here? I get faster order processing from Mac shareware authors! These guys must take lessons from the e-mail marketing firms who "need" 10-14 days to remove you from their mailing lists. Unbelievable. I appreciate PGP, and have used it for nearly 15 years through its many iterations.....but seriously: get with the times, PGP. -rick From rforno at infowarrior.org Tue Mar 4 03:45:33 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 03 Mar 2008 22:45:33 -0500 Subject: [Infowarrior] - Wiretap Compromise in Works Message-ID: Wiretap Compromise in Works FISA Update May Hinge On Two Separate Votes By Ellen Nakashima and Paul Kane Washington Post Staff Writers Tuesday, March 4, 2008; A03 http://www.washingtonpost.com/wp-dyn/content/article/2008/03/03/AR2008030302 814_pf.html House and Senate Democratic leaders are headed into talks today that they say could lead to a breakthrough on legislation to revamp domestic surveillance powers and grant phone companies some form of immunity for their role in the administration's warrantless wiretapping program after the Sept. 11, 2001, terrorist attacks. A senior House Democratic aide said a bill could be sent to President Bush as early as next week. But significant issues remain, including those surrounding immunity, said Wyndee R. Parker, general counsel of the House Permanent Select Committee on Intelligence. Parker, who said she hopes the House can take up the compromise legislation as early as this week, said a resolution has been delayed partly by the need for all members of the House Judiciary Committee to gain access to the letters and other relevant documents sent to the phone companies by the administration requesting their assistance. The House Democratic leadership demanded such access before they would contemplate immunity, and the administration granted full access last week. Parker spoke at a breakfast meeting sponsored by the American Bar Association yesterday. Assistant Attorney General for National Security Kenneth Wainstein, speaking at the same meeting, said that key issues surrounding the legislation had been hashed out in a "long and tedious" but "healthy" process, aimed at updating the Foreign Intelligence Surveillance Act (FISA). Aides said House Majority Leader Steny H. Hoyer (D-Md.) has been polling his party's divided caucus the past few days about the immunity issue, with the liberal camp pushing to do nothing and the moderate wing supporting a provision in Senate-passed legislation granting immunity for the telecommunications industry. Highlighting the party's struggle to heal its internal fractures, today's meetings will involve Democratic staff from the House and Senate Intelligence and Judiciary committees, the House Democratic leadership, and then the House Democratic caucus. The dilemma faced by Democrats is that Republicans and the administration oppose any bill other than the measure passed by the Senate that includes full retroactive immunity for the telecommunications companies. "This is not amnesty," Wainstein said at the meeting. "This is targeted immunity" for companies who meet requirements specified in the Senate bill that include having received an attorney general's certification that their assistance was determined to be lawful. A group of several dozen moderate to conservative House Democrats, known as "Blue Dogs," have pushed Hoyer and House Speaker Nancy Pelosi (D-Calif.) to approve the Senate bill. Some aides on Capitol Hill were discussing the potential for the House passing the Senate version but breaking it into two separate votes: one on the portion of the bill that deals with revising FISA provisions and a second on the immunity measure. This procedural move would allow many Democrats to vote against immunity but still make its approval all but certain since almost every Republican and some centrist Democrats would vote in favor. At the breakfast yesterday, Wainstein highlighted a different problem with the current FISA law than other administration officials have emphasized. Director of National Intelligence Mike McConnell, for example, has repeatedly said FISA should be changed so no warrant is needed to tap a communication that took place entirely outside the United States but happened to pass through the United States. But in response to a question at the meeting by David Kris, a former federal prosecutor and a FISA expert, Wainstein said FISA's current strictures did not cover strictly foreign wire and radio communications, even if acquired in the United States. The real concern, he said, is primarily e-mail, because "essentially you don't know where the recipient is going to be" and so you would not know in advance whether the communication is entirely outside the United States. Privacy advocates have raised concerns that the Senate bill contains a provision that would allow the attorney general to erect a new barrier to future privacy cases brought under the nation's foreign intelligence surveillance law. Contrary to current practice, the Senate bill would halt such lawsuits if the attorney general certified that the assistance provided by the telecom carrier was lawful. The only check on that certification would be a court review as to whether the attorney general "abused" his discretion, which experts said yesterday was the lowest possible standard of judicial review. "This provision is yet another example of the executive branch 'just trust us' mentality when it comes to intelligence matters," said Kevin Bankston, senior staff attorney at the Electronic Frontier Foundation. A key congressional aide said that the issue is one that must be reviewed carefully, and a balance must be struck between appropriate court review and avoiding "protracted litigation." From rforno at infowarrior.org Tue Mar 4 04:32:30 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 03 Mar 2008 23:32:30 -0500 Subject: [Infowarrior] - USG forces military secrets on Brit webmaster Message-ID: The Register ? Management ? Public Sector ? Original URL: http://www.theregister.co.uk/2008/03/03/mildenhall_website/ US government forces military secrets on Brit webmaster By Dan Goodin in San Francisco Published Monday 3rd March 2008 20:38 GMT A website promoting the town of Mildenhall has been shut down after it unintentionally became the recipient of hundreds of classified emails, including messages detailing the planned flight path of President Bush. Over more than a decade, www.mildenhall.com (http://www.mildenhall.com/) received emails detailing all kinds of secret military information that were intended for official Air Force personnel. One detailed where Air Force One could be found in the air during a planned visit to the region by President Bush. Others included battlefield strategy and passwords. "I was being sent everything from banal chat and jokes, to videos up to 15mb in size," Gary Sinnott, owner of mildenhall.com, said in this article (http://new.edp24.co.uk/content/news/story.aspx?brand=EDPOnline&category=New s&tBrand=edponline&tCategory=news&itemid=NOED29%20Feb%202008%2017%3A55%3A25% 3A897) in EDP 24. "Some were classified, some were personal. A lot had some really sensitive information in them." As owner of mildenhall.com, Sinnott received every email that had that domain name included in the address field. The site was set up to provide information about the town of Mildenhall, which is about a half-hour's drive north east of Cambridge. Sinnott says he brought the SNAFU to the attention of Air Force officials but was never able to get the problem fixed. At first, they didn't seem to take the matter seriously, but eventually, they "went mental," he said. Officials advised Sinnott to block unrecognizable addresses from his domain and set up an auto-reply reminding people of the address for the official air force base. But still, the official emails continued to flow in to Sinnott's site. And to make matters worse, some people got angry after Sinnott told them they were sending email to the wrong address and gave his address to spammers. Sinnott was receiving 30,000 pieces of email per day, most of which was junk mail. So Sinnott pulled the plug on the website. Though he remains the owner of mildenhall.com, it may only be a matter of time before all those emails incorrectly addressed to Air Force personnel at mildenhall.com automatically begin to bounce. And that ought to make security conscious people everywhere breath a little easier. Alas, according whois records, mildenhall.net and mildenhall.org are in the hands of non-military individuals and mildenhall.us is available to anyone with $35 (http://www.register.com/product/domain/searchresults.rcmx;jsessionid=4DAE4F 92BD8DE0D9AB0C4F40E728FFC2.euapp04?action=searchresults&formName=box&searchS tring=mildenhall&selectedTLDs=.com&x=79&y=7). Given what we now know about the boobs who send confidential information, that ought to give us pause. ? From rforno at infowarrior.org Tue Mar 4 13:00:49 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Mar 2008 08:00:49 -0500 Subject: [Infowarrior] - DOD China Military Report (30MB) download In-Reply-To: Message-ID: ANNUAL REPORT TO CONGRESS Military Power of the People?s Republic of China 2008 http://www.defenselink.mil/pubs/pdfs/China_Military_Report_08.pdf From rforno at infowarrior.org Wed Mar 5 03:05:36 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 04 Mar 2008 22:05:36 -0500 Subject: [Infowarrior] - Spying Fight about Emails, Not Phone Calls, DOJ Reveals Message-ID: Spying Fight about Emails, Not Phone Calls, DOJ Reveals By Ryan Singel EmailMarch 04, 2008 | 4:47:36 PMCategories: NSA http://blog.wired.com/27bstroke6/2008/03/spying-fight-ab.html nsa_blgIn the end, it turns out it's all about the emails. The fight in Congress and the big push for expanded wiretapping powers has nothing to do with intercepting foreign-to-foreign phone calls inside the United States without a court order. In fact, it turns out that the nation's secret wiretapping court is fine with that. That extraordinary admission came from Assistant Attorney General for National Security Kenneth Wainstein at a breakfast on Monday, according to the Washington Post. At the breakfast yesterday, Wainstein highlighted a different problem with the current FISA law than other administration officials have emphasized. Director of National Intelligence Mike McConnell, for example, has repeatedly said FISA should be changed so no warrant is needed to tap a communication that took place entirely outside the United States but happened to pass through the United States. But in response to a question at the meeting by David Kris, a former federal prosecutor and a FISA expert, Wainstein said FISA's current strictures did not cover strictly foreign wire and radio communications, even if acquired in the United States. The real concern, he said, is primarily e-mail, because "essentially you don't know where the recipient is going to be" and so you would not know in advance whether the communication is entirely outside the United States. That would make sense since email doesn't go directly to a device in most cases, it goes to a server that holds the email until the recipient(s) come to pick up the email -- which could be and often is from different parts of the world -- think of any business traveler. But that also means all the hysterical screaming and the dire scenarios constructed by right-wing spying proponents based on very thin evidence of what the secret court actually ruled -- all of it is just wrong. And more to the point, the Justice Department and the Office of the Director of National Intelligence allowed them to be wrong for months. They allowed and facilitated their supporters to scare freedom loving people with phantoms of lost wiretaps. DNI Michael McConnell, the serial exaggerator who claims to be a non-political straight shooter, himself kept saying the NSA lost 70 percent of its capabilities after the ruling. If that's the case, that means that 70 percent of what the NSA does is collect emails inside United States telecom infrastructure and service providers. Really? If that's what tens of billions of dollars are going to the NSA for annually, we don't need to give them more power to read emails, we need to get them to learn to do real intelligence collection. It's no wonder the nation's intelligence services decided that Iraq had weapons of mass destruction. The EFF's Kurt Opsahl has more. And finally THREAT LEVEL is pretty sure this means it won the $1000 bet about what the court ruled -- too bad no one took me up on the offer. I'd hate to say that means that every one who spouted the "all wiretapping has to go through the court now" rhetoric knew that was false, but one does wonder... From rforno at infowarrior.org Wed Mar 5 06:56:01 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 01:56:01 -0500 Subject: [Infowarrior] - China's computer hacking worries Pentagon In-Reply-To: Message-ID: China's computer hacking worries Pentagon A report says the country now has the ability to get into networks around the world. By Julian E. Barnes Los Angeles Times Staff Writer March 4, 2008 WASHINGTON - China in the last year has developed ways to infiltrate and manipulate computer networks around the world in what U.S. defense officials conclude is a new and potentially dangerous military capability, according to a Pentagon report issued Monday. Computer network intrusions at the Pentagon and other U.S. agencies, think tanks and government contractors last year "appeared to originate" in China, according to the report. In addition, computer intrusions in Germany, apparently by Chinese hackers, occur daily, along with infiltrations in France and Britain, the Pentagon said. Last year, British intelligence officials alerted financial institutions across the country that they were targets of "state-sponsored computer network exploitation" from China. The Pentagon report does not directly accuse the Chinese military or government of the attacks but says the incidents are consistent with recent military thinking in that country. David Sedney, deputy assistant secretary of Defense for East Asia, said cyber-warfare was an area of growing concern and he called on the Chinese to clarify their intentions. "The techniques that are used, the way these intrusions are conducted, are certainly very consistent with what you would need if you were going to actually carry out cyber-warfare, and the kinds of activities that are carried out are consistent with a lot of writings we see from Chinese military and Chinese military theorists," Sedney said. U.S. military officials believe that Chinese cyber-warfare advances, coupled with China's increasing skill at neutralizing information-transmitting satellites and other capabilities, is part of a military objective of crippling potential foes, even those that may be militarily superior such as the United States, in the event of an international crisis or confrontation. The report, an annual assessment of China, also says Beijing has continued to develop a sophisticated missile program and appears focused on warding off any U.S. intrusion in the area around Taiwan. China considers Taiwan part of its territory and has threatened to take it by force if it declares independence. "We are fully prepared to repulse any adventurous activities toward Taiwan independence," Jiang Enzhu, spokesman for China's parliament, told a news conference today. Pentagon officials admit that they lack a clear understanding of China, despite its status as America's second-largest trading partner. During nearly every U.S. official visit to China, military officials press Beijing to disclose details of its spending plans and explain why it is building up its military capabilities. "The lack of transparency in China's military and security affairs poses risks to stability by increasing the potential for misunderstanding and miscalculation," the report says. "This situation will naturally and understandably lead to hedging against the unknown." Beijing announced plans today to increase its military budget this year by 17.6% to $59 billion. This follows a record 17.8% hike last year. But Western observers suspect that China's actual military budget is much larger. Chinese authorities are careful to downplay their military might, saying their spending is still a fraction of the American defense budget and most of the money will go toward peaceful purposes such as pay raises and equipment upgrades. The infiltration of Pentagon computer networks has allowed hackers to tap into unclassified computer systems, Sedney said. But even though the hackers did not penetrate classified systems, the infiltration was still considered serious, Sedney said. "There's a whole range of scientific and technological material that is available through people in the contracting world and elsewhere that just isn't classified that can be the subject of these intrusions," he said. Sedney said the computer break-ins did not amount to attacks, but he said the techniques used to penetrate Defense Department computers also could be used to attack them. He compared the intrusions to someone breaking into a house but leaving the valuables in place and instead taking pictures of the interior. The U.S. continues to believe that China's ongoing military modernization is primarily driven by preparations for a potential future dispute involving Taiwan. But as the scope of the modernization increases and China's strategic thinking evolves, U.S. officials believe that China is preparing its military for other contingencies, such as conflicts over oil reserves or disputed territories. The report takes particular note of China's expanding missile inventory, including long-range missiles, cruise missiles designed to strike naval vessels and growing numbers of shorter-range missiles. The primary focus of China's missiles, Sedney said, is Taiwan. David Helvey, one of Sedney's deputies, said China also has purchased highly accurate cruise missiles from Russia that have been installed on Chinese submarines and could be used against U.S. Navy vessels. But Helvey said the ability to strike ships will depend on China's intelligence and surveillance abilities. "This is still a new capability for China; we are going to be watching how they integrate that anti-ship capability into their submarine force," he said. In response to the Pentagon report, Rep. Ike Skelton (D-Mo.), chairman of the House Armed Services Committee, said he was concerned about China's continuing modernization and rapid growth. But he said there were signs that China was taking some steps toward increasing transparency, including an agreement to submit a report to the United Nations on its military spending and an agreement to create a defense hotline between Washington and Beijing. julian.barnes at latimes.com Times staff writer Ching-Ching Ni in Beijing contributed to this report. From rforno at infowarrior.org Wed Mar 5 22:49:18 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 17:49:18 -0500 Subject: [Infowarrior] - The Future of Antivirus Message-ID: >From CSOonline.com Antivirus The Future of Antivirus http://www.csoonline.com/read/020108/fea_antivirus_pf.html As signatures proliferate, antivirus vendors must ramp up other techniques for spotting and squashing malware Antivirus software makes Greg Shipley so mad he has to laugh. ?The relationship between signature-based antivirus companies and the virus writers is almost comical?one releases something and then the other reacts, and they go back and forth. It?s a silly little arms race that has no end.? Shipley, CTO at Neohapsis, a security consultancy in Chicago, says the worst part is that the arms race isn?t helpful either to him or his clients. ?I want to get off of signature-based antivirus as rapidly as possible. I think it?s a broken model and I think it?s an incredible CPU hog.? The question is, where should he go? Antivirus as an industry has modeled itself on the human immune system, which slaps a label on things like viruses so it knows to attack them when it sees that same label, or signature, again. Signature-based antivirus has moved well beyond that simple type of signature usage (though at the beginning, it did look for specific lines of code). In its current, more sophisticated form, it dominates the market for security software, despite some obvious limitations: You don?t use it to stop data leakage, for instance, though many kinds of malware are designed to siphon data out of companies. The number of malware signatures tracked by security software company F-Secure doubled in 2007, and while you might cynically expect such a company to say there?s more malware out there, 2007?s total doubled the number of signatures F-Secure had built up over the previous 20 years. Even before 2007, there were plenty of people besides Shipley arguing that antivirus was an industry in trouble. In fact, in 2006, Robin Bloor, an analyst at Hurwitz & Associates, penned a report titled ?Anti-virus is dead.? He argued that malware exists only because antivirus software exists, and said that antivirus software was doomed to be replaced by new forms of software, which he calls application control, or software authentication tools. Such tools whitelist the software we use and won?t run anything else without the user?s explicit permission. Antivirus firms think their death is greatly exaggerated, thank you very much?even those that aren?t overly reliant on signatures, like BitDefender, which says that signature-based techniques account for only 20 percent of the malware it catches. ?Signatures aren?t dead?you need them,? says Bogdan Dumitru, chief technology officer of the Romanian firm, which uses behavioral targeting techniques to stop the remainder of attacks. Its main research focus is to develop an ?undo? feature that will let users hit by malware reverse its effects. BitDefender hopes to release this feature in 2008. Meanwhile, Bit9, the application white?listing company highlighted in Bloor?s report, uses antivirus software to help build its database?22 kinds of antivirus software, in fact. In November 2007, it announced a deal to give access to this database to security software maker Kaspersky Labs. Bit9 officials said that the database will help Kaspersky check new signatures to limit false positives. It?s also true that antivirus makers continue to sell billions of dollars worth of software, despite Bloor?s proclamation. Bloor, though, says that ?the technique of protecting PCs using virus signatures is now on the wane,? and rattles off a list of whitelisting companies offering software authentication tools?not just Bit9, but also companies such as Lumension (formerly SecureWave), Savant Protection, Computer Associates and AppSense. And he noted the Kaspersky deal and Apple?s use of whitelisting to protect the iPhone. Not Just Whitelisting Antivirus software has its uses. If a system is actually infected by malware, it ?may be the least painful way of removing it,? says David Harley, administrator of Avien, the antivirus information exchange network, adding, ?Whitelisting does seem to be advocated currently as the panacea du jour. I think this relentless search for The Answer, discarding one partially successful solution set for something else in the hope that it will eliminate the problem, is actually unprofessional.? Harley makes that argument because he doubts that any single technology approach will be a 100 percent solution when it comes to security. He wrote that whitelisting thus is likely a supplemental technology for fighting malware, making it one of a host of newer technologies that have been adopted, including heuristics, sandboxing and behavior monitoring. Corporate CISOs certainly don?t expect to find one answer to their problems. ?If you rely on signatures for security, you?re pretty much dead in the water,? says Ken Pfeil, head of information security for the Americas Region of WestLB, a German bank. Pfeil thinks signatures are useful and his firm uses them. But when new malware appears, he often finds it faster to try to break it down himself to understand its potential effects, rather than to wait for his vendor to give him an update. His firm has also adopted tools that use heuristics techniques and anomaly testing, to add oomph to its antivirus approach. That kind of layered approach to software fits with where Natalie Lambert, an analyst at Forrester Research, thinks the market is going. She says that signature-based antivirus is ?table stakes? for security software, and techniques like heuristic information processing systems, or HIPS, which looks for suspicious actions by software, like an application opening itself from the Temp folder. Lambert says McAfee is probably furthest along in using HIPS among the big antivirus makers, having had more time than its rivals to new features added via corporate acquisitions. The downside to these technologies is that none are as simple and alluring as the old signature-based antivirus, which she called a ?set it and forget it? technology. She notes that HIPS technologies are difficult to manage and will never be as simple as the old model, though she expects they will get easier over time. Neohapsis?s Shipley says none of these techniques are really new?he notes that it?s been more than four years since McAfee purchased Entercept, for instance. But ?what role does it play and what percentage of things does it stop? I have no visibility into that.? Shipley says he plans to bring in Bit9 to look at whether it could really replace his current antivirus software. Antivirus firms agree that they are becoming something different. Sophos, for instance, uses several additions to signature-based AV. Sophos examines program behavior?the modifications a program makes to things like system configuration and files as the program runs. The company has also built in a preexecution algorithm, a kind of crystal ball to simulate what unfamiliar code looks likely to do. Richard Wang, manager of Sophos Labs in the U.S., says that while signatures are easy to create, things like preexecution code are harder and thus take more time. But the payoff is that it can work against multiple strains of malicious software. He said that for the Storm worm, Sophos generated only one signature but has been able to recognize all the variants. Wang describes this type of technique as ?almost like a broad-spectrum antibiotic.? Child?s Play? Interestingly, the OLPC XO (from the One Laptop Per Child Foundation) is another place to look at new AV techniques. The XO uses the Bitfrost specification, developed expressly for this simple computer. OLPC claims that the system ?is both drastically more secure and provides drastically more usable security than any mainstream system currently on the market.? The OLPC XO ships in a default mode that is basically locked down but simple for the user to open up. The Bitfrost specification uses a series of built-in protections, including sandboxes or program jails for applications and system-level protections that prevent alterations from code that could do something harmful. Whether Bitfrost would work in a corporate environment or will be commercialized outside the OLPC project is unclear. But Avien?s Harley, for one, thinks that there are psychological reasons why antivirus software is unlikely to go away. ?The idea of a solution that stops real threats and doesn?t hamper nonmalicious objects and processes is very attractive. People (at any rate, those who aren?t security specialists) like the idea of threat-specific software as long it catches all incoming malware and doesn?t generate any false positives, because then they can just install it and forget about it. Unfortunately, that?s an unattainable ideal.? Note to Greg Shipley: Don?t hold your breath on getting rid of your antivirus software. Michael Fitzgerald is a freelance writer based outside of Boston. Send feedback to Editor Derek Slater at dslater at cxo.com. Dated: February 01, 2008 From rforno at infowarrior.org Wed Mar 5 22:53:33 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 17:53:33 -0500 Subject: [Infowarrior] - Swiss Bank Drops WikiLeaks Case Message-ID: Swiss Bank Drops WikiLeaks Case By David Kravets EmailMarch 05, 2008 | 3:49:43 PMCategories: Censorship http://blog.wired.com/27bstroke6/2008/03/swiss-bank-drop.html Julius Baer Bank and Trust dropped its case Wednesday against WikiLeaks, days after a federal judge allowed the renegade, whistle-blowing site to resume operations. Two weeks ago, U.S. District Judge Jeffrey White signed an order that effectively took down the WikiLeaks site in the United States and also locked the WikiLeaks.org domain name to prevent transfer of the domain name to a different domain registrar. On Friday, after intense media scrutiny, the judge did an about-face, saying he went too far. WikiLeaks, a whistle-blower site publishing thousands of leaked documents, was taken offline in the United States after posting allegedly stolen documents: individuals' banking records that suggest a Cayman Islands branch of a Swiss bank was helping customers practice money laundering and tax evasion across the globe. Dynadot -- WikiLeaks' U.S. hosting company and domain registrar based in San Mateo, California -- agreed to take down and lock the site at the behest of Julius Baer Bank and Trust. Judge White, appointed by the second President Bush, had originally signed off on the deal. The bank, in a brief filing to Judge White, did not indicate a reason for "voluntarily" dismissing the case, but said it reserved the right to refile the lawsuit. From rforno at infowarrior.org Thu Mar 6 00:20:01 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 19:20:01 -0500 Subject: [Infowarrior] - What piracy crisis? MPAA touts record box office for 2007 Message-ID: What piracy crisis? MPAA touts record box office for 2007 By Nate Anderson | Published: March 05, 2008 - 03:29PM CT http://arstechnica.com/news.ars/post/20080305-for-movie-biz-tales-of-piracy- and-record-profits.html After learning how a bill becomes a law, your kids might also learn about the wonders of copyright, thanks to the MPAA. The motion picture trade group has signed an agreement with the popular Weekly Reader publication for kids that will highlight "canine crime-fighting ambassadors Lucky and Flo." That's right: DVD-sniffing dogs will educate children about the value of copyrights in a "fun and exciting way." Sounds like a blast. But this sort of thing has become crucial to the MPAA. Take a look at the group's homepage; nearly everything is about copyrights and piracy. The MPAA routinely asserts that the movie business is being decimated by piracy, but the press release announcing the Weekly Reader deal sits just below a far more interesting piece of news (PDF): data that shows the US box office doing its biggest year of business ever in 2007, growing 5.4 percent over 2006 and bringing in $9.63 billion. Piracy is so bad, according to the MPAA, that we need special legislation to target the dastardly college pirates who are destroying the business. It's so bad that Weekly Reader subscribers will learn about the $7 billion a year "lost" to Internet piracy. It's so bad that the MPAA wants ISPs to ignore years of common carrier law and the promises of "safe harbor" and start filtering their traffic, looking for copyright violations. The real world isn't quite this simple, of course. It turns out that the MPAA's college numbers were off by a factor of three, a revelation that came after years of hiding the study's methodology but continuing to lobby Congress with its numbers. There's no possible way that the MPAA can truly know what it "lost" to piracy, either, as it has no real idea what percentage of downloads would have resulted in sales. And, with the notable exception of AT&T, no other major US ISP has publicly entertained the idea of filtering traffic. Certainly the MPAA has the right to fight illegal downloads of its material, and it certainly has the right to go after those making a profit by ripping off its DVDs. But the rhetoric around "piracy" (a term used far too broadly) simply doesn't fit with reality. If piracy is killing the movie business, it's doing so in exactly the same way that home taping killed the music business in the 1980s. Swapping movies over the Internet was more of a niche practice back in 2001 as bandwidth constraints made it impractical for many. Certainly it's much simpler now, and advanced P2P protocols like BitTorrent (combined with free trackers like The Pirate Bay) make it relatively simple. But the movie business did $9.63 billion at theaters alone in 2007, a substantial increase over 2001's $8.13 billion. US box office has also risen for the last two years, and international growth rates have been much higher and more constant. DVD piracy and file-swapping pose problems for the industry, no doubt about it, but the entire issue deserves to have the rhetoric scaled back a bit. As Dan Glickman, the MPAA boss, admitted, "Ultimately, we got our Hollywood ending. Once again, diverse, quality films and the timeless allure of the movie house proved a winning combination with consumers around the world." So break out the champagne (for the MPAA execs) and the dog biscuits (for Lucky & Flo); home taping didn't kill the music business, and file-swapping isn't destroying theatrical revenue. From rforno at infowarrior.org Thu Mar 6 00:20:37 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 19:20:37 -0500 Subject: [Infowarrior] - AOL Opens Up the AIM Instant Messaging Network Message-ID: AOL Opens Up the AIM Instant Messaging Network By Scott Gilbertson EmailMarch 05, 2008 | 10:37:37 AMCategories: Instant Messaging http://blog.wired.com/monkeybites/2008/03/aol-opens-up-th.html aim.jpgAOL has done an about-face regarding third-party access to the company's AIM chat network. AOL's recently launched OpenAIM 2.0 provides open, uninhibited access to services like Meebo, or all-in-one IM clients like Pidgin, allowing them to freely and easily use the AIM instant messaging network. That's quite a change from AOL's previous stance toward such competitors, which seemed to be somewhere between sticking its head in the sand and unleashing a pack of angry lawyers. At the moment, multi-platform IM desktop clients like Pidgin or Adium (the popular Mac client) generally rely on hacking and reverse engineering access to chat networks run by AOL, Yahoo, Microsoft and others. Not only is that bad for developers since it means more work, it also means that such clients often can't use all the features of a particular network. The new OpenAIM 2.0 changes that and joins GTalk (Google's chat network) in offering unfettered access to all of the network's features to third-party applications and services. AOL is going even further, offering such services the option to run AOL-served advertisements as part of a revenue sharing plan. So far, AOL hasn't given too many details on the advertising tie-in, but more details will be released next month. Kudos to AOL for recognizing that the value is in the network, not the client. Hopefully Yahoo IM and Windows Live Messaging (formerly known as MSN) will take note and perhaps do the same. From rforno at infowarrior.org Thu Mar 6 00:21:15 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 19:21:15 -0500 Subject: [Infowarrior] - Wiretapping focus shifts to e-mail communications Message-ID: Wiretapping focus shifts to e-mail communications Posted by Chris Soghoian Post a comment http://www.cnet.com/8301-13739_1-9886766-46.html The FISA fight is all about the e-mails, according to public comments made on Tuesday by a Department of Justice official. For months, the debate has centered around immunity for telecom companies including AT&T, Verizon, and Sprint. The primary focus has been on the warrantless wiretapping of the phone calls made by millions of Americans. In comments made at a public meeting on Tuesday, Assistant Attorney General for National Security Kenneth Wainstein made clear that the FISA fight is not about foreign-to-foreign calls, but actually about Internet data. The Washington Post reports: At the breakfast yesterday, Wainstein highlighted a different problem with the current FISA law than other administration officials have emphasized. Director of National Intelligence Mike McConnell, for example, has repeatedly said FISA should be changed so no warrant is needed to tap a communication that took place entirely outside the United States but happened to pass through the United States. But in response to a question at the meeting by David Kris, a former federal prosecutor and a FISA expert, Wainstein said FISA's current strictures did not cover strictly foreign wire and radio communications, even if acquired in the United States. The real concern, he said, is primarily e-mail, because "essentially you don't know where the recipient is going to be" and so you would not know in advance whether the communication is entirely outside the United States. What this means, of course, is that while the public outcry has been focused on AT&T, it should have included a few other firms, including perhaps Microsoft, Yahoo and Google. If the NSA is interested in getting email messages, it can do so in one of two ways. First, it can tap the Internet backbone, through which almost all communications flow. Second, it can go directly to the major email providers. The Backbone Providers According to the relevant Wikipedia page, the Internet backbone (commonly understood to mean the collection of Tier 1 internet Service Providers) is made up of: AOL Transit Data Network, AT&T, Global Crossing, Verizon Business (formerly UUNET), NTT Communications, Qwest, SAVVIS, and Sprint. >From numerous press reports, we already know that AT&T, Verizon, and Sprint are involved in the shady NSA wiretapping program. Furthermore, we also know that Qwest refused to participate as the government would not provide a FISA warrant. That leaves AOL, Global Crossing, NTT Communications, and SAVVIS as other potential participants in any NSA effort to sniff email communications. The Email Providers With www.alqaeda.com, www.alqaeda.net and www.alqaeda.org owned by domain squatters, where should a would-be terrorist go for email? Microsoft's Hotmail of course. In all seriousness, no terrorist worth his or her salt would advertise themselves by using a domain name related to their cause, and so it is far more likely that they would want to blend into the crowd of the hundreds of millions of other users the major free email providers -- Yahoo, Microsoft Hotmail, and Google Mail. The Protect America Act of 2007 permitted intelligence agencies to force Google, Yahoo and Microsoft to hand over a copy of every email passing through their systems which lists one non-US recipient. While the law expired in February, any orders initiated under the act can continue until August of this year. It is unclear what the major email providers could have been forced to do before the Protect America Act. However, if email communications are the most important issue in the telecom immunity debate, we should certainly be looking carefully at these and other email providers. As other bloggers have previously discussed, the proposed legislation would provide immunity for all companies that assisted the administration in its illegal spying, not just AT&T and the other 2 telcos. Public Comment and Denial I made an effort to get a comment from a few of the major free email provider. However, I didn't bother with the backbone providers -- as I assumed I'd get the same "we respect privacy and will respond to lawful requests" line that is common in the industry. Microsoft's PR people were nice enough to let me know that the company has over 300 million active email accounts. When asked how many of those accounts the company had turned over to US intelligence agencies, the company declined to comment. Google was a bit more verbose. Its spokeperson told me that: "As our privacy policy states, we comply with law enforcement requests made with proper service. We do not discuss specific law enforcement requests and generally do not share aggregate information about them. There are also some legal restrictions on what information we can share about law enforcement requests. As Wired's Ryan Singel has often noted, Google could easily tell us how many divorce lawyers, copyright holders and law enforcement agencies are probing people's search histories and emails. The company chooses not to, primarily because doing so would shed light on how much information the company has, and how often it is forced to share it with third parties. One thing is clear: With the proposed immunity bill looking like it will pass this week, members of the media and the privacy community should pay close attention to Google, Microsoft, Yahoo, and the major operators of the Internet backbone. The immunity provisions will just as equally apply to them -- and up until now, they've received almost no scrutiny at all. From rforno at infowarrior.org Thu Mar 6 00:21:53 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 19:21:53 -0500 Subject: [Infowarrior] - FBI chief: Lack of legal shield won't halt telecom spy partnerships Message-ID: FBI chief: Lack of legal shield won't halt telecom spy partnerships Posted by Anne Broache | 4 comments http://www.news.com/8301-10784_3-9886461-7.html? WASHINGTON--As Congress debates whether to wipe out lawsuits accusing telephone companies of allegedly illegal wiretaps, the Bush administration has argued such cooperation is key to keeping Americans safe from terrorists. FBI Director Robert Mueller continued that push on Wednesday, but he wouldn't go so far as to say those "private partners" would stop installing requested wiretaps unless certain legal protection is granted. To some extent, Mueller is stating the obvious: Federal law requires telephone and Internet companies to comply with lawful wiretap court orders or lawful certifications from the attorney general, with stiff penalties for noncompliance. But Mueller said in various ways that he was concerned that lack of retroactive liability protection would harm the government's "relationships" with telephone companies -- which seems to leave in doubt whether all of the administration's requests were legal. The seemingly reluctant admission came during pointed questioning by Sen. Arlen Specter (R-Penn.) at a Senate Judiciary Committee hearing. Specter, the committee's ranking member, has proposed an amendment--which has so far been unsuccessful--to a controversial spy law update that would allow lawsuits alleging illegal spying by telephone companies to continue, except with government lawyers substituted in the companies' place. FBI Director Robert Mueller said he disagreed with that approach, arguing it would provide a "disincentive" for communications companies to team up with federal terrorism investigations. Then the following exchange ensued: Specter: A disincentive, OK, but do you think they would stop? Mueller: I think it is a disincentive... Specter: But do you think they would stop? Mueller: I think it would hamper our relationships, yes.... I do think it would hinder our relationships. Specter: Disincentive, hamper, hinder, but I don't hear you say it would stop.... Mueller: I'm not going to say it's going to stop, but I do believe delay is detrimental to the safety of the country. Delay and lack of clarity, lack of simplicity guiding our relationships inhibits our ability to get the information we need on a daily basis. The Senate has already passed a bill that would provide so-called retroactive immunity to telephone companies that have been the subject of lawsuits filed between the September 11 attacks and a January 2007 date when the attorney general submitted a once-secret National Security Agency surveillance program for court review. The bill would also provide such immunity going forward and wipe out state-level investigations of possible improprieties. The House of Representatives refused to take up that bill before a temporary spy law expansion expired February 16 but is reportedly working on a compromise that it originally hoped to bring to a vote this week. At issue is broader modernization of a 1978 law called the Foreign Intelligence Surveillance Act, or FISA, which requires government agents to obtain a court order before gathering intelligence information from conversations that may include U.S. persons. Later on Wednesday, however, House Majority Leader Steny Hoyer (D-Md.) said a bill won't be on the floor Thursday as predicted, according to a transcript of a briefing for reporters. He said further decisions about how to proceed won't likely be made until late this week or early next week. "We have said all along, and we continue to believe, that the existing FISA statute authorizes the intelligence community to seek such authority as it needs to act to intercept such communications as it believes are relevant and gives to the telecommunications company the appropriate protections that it needs, so that we believe that the existing law will allow the administration to accomplish what it needs to do," Hoyer said. "However, we do believe that the existing law ought to be modernized, and we are working on that." Mueller urged passage of the Senate bill with the immunity provisions. By way of defending that suggestion, he said he's not aware of any instance when telecommunications companies have "acted irresponsibly" and that, furthermore, "they are most knowledgeable about the information kept in their databases and how to utilize the software they have developed themselves in order to be responsive." "We need the active participation of telecommunications carriers more than we have in the past because of the advent of various means of communicating, whether it be cell phones or e-mails, in addition to the advent of regular telephones," the FBI director went on. Sen. Patrick Leahy (D-Vt.), the Judiciary Committee's chairman, argued that the only time that federal authorities have found wiretaps cut off was owed to their own negligence. He said he was "astonished" by a Justice Department report issued earlier this year that revealed that telephone companies had shut off bureau-initiated wiretaps--including at least one related to suspected terrorists--because the agency had failed to pay $66,000 in bills. "This is yet another example of the kind of incompetence that plagued the administration's actions in the aftermath of Katrina," Leahy said. "It is unacceptable." Mueller said the bureau has since put in place "mechanisms to make sure all the bills are paid on time" and downplayed the effect of the wiretap lapses, which he said occurred in only two instances and lasted just a few days. The effect on those investigations, he said, was "minimal at best." From rforno at infowarrior.org Thu Mar 6 00:23:15 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 19:23:15 -0500 Subject: [Infowarrior] - USAF seeking 300 PS3s for "technology assessment" Message-ID: US Air Force seeking 300 PS3s for "technology assessment" http://www.engadget.com/2008/03/05/us-air-force-seeking-300-ps3s-for-technol ogy-assessment/ We've already seen the PlayStation 3 put to use for some non-gaming tasks (other than playing Blu-ray movies), and it now looks like the U.S. Air Force is aiming to get in on the act as well, with it recently putting out a so-called Request for Proposal that is seeking 300 PS3s for a "technology assessment." Needless to say, their primary interest is in the console's powerful Cell processor, which they say is the "only brand on the market that utilizes the specific cell processor characteristics needed for this program at an acceptable cost." Exactly what that program entails is unsurprisingly being kept under wraps, with the RFP only going so far to state that the Air Force Research Laboratory is "conducting a technology assessment of certain cell processors." Whatever it is, the Air Force certainly seems to be trying to keep costs as low as possible, with them apparently only interested in the 40GB model. From rforno at infowarrior.org Thu Mar 6 00:26:14 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 19:26:14 -0500 Subject: [Infowarrior] - TSA launches search for the perfect laptop bag Message-ID: TSA launches search for the perfect laptop bag By Jacob Goodwin, Editor-in-Chief Published March 4th, 2008 http://gsnmagazine.com/cms/features/news-analysis/542.html Relief may be on the way for the one-quarter of the flying public who routinely carry laptop computers through airport security checkpoints and currently are required to remove their laptops from their protective carrying bags. The Transportation Security Administration is interested in evaluating -- and eventually approving ?- the design of certain laptop bags, so travelers would be permitted to pass through security checkpoints without having to remove their laptops. "If TSA was able to eliminate this requirement, it could lower passenger stress levels, increase checkpoint throughput, and reduce the number of claims TSA receives for laptops that have been damaged during screening," said a TSA request for information (RFI) published March 3. The key is for TSA screeners to be able to view the laptop in a single X-ray image, so the laptop would not need to be placed in a separate TSA bin. To accomplish this, the TSA RFI pointed out that the laptop bag would need to meet the following requirements: ? The carrying bag cannot exceed any one of the proposed dimensions ? 16 inches in height, 24 inches wide and 36 inches long. ? The materials that make up the bag cannot degrade the quality of the X-ray image of the laptop. ? No straps, pockets, zippers, handles or closures of the bag can interfere with the image of the laptop. ? No electronics, chargers, batteries, wires, paper products, pens or other contents of the bag can shield the image of the laptop. TSA is inviting bag designers and manufacturers to come up with creative ways to meet these design requirements, but it has also suggested three concepts of its own: ? A bag that would open completely, and lie horizontally on the X-ray belt, such that one side with hold only the laptop. ? A bag that would open completely, leaving the laptop standing vertically, supported by clips. ? A bag that would pull apart in separate compartments, with one compartment containing only the laptop. Interested vendors have until April 17 to submit white papers describing their best concepts. Those companies selected by TSA will have until the end of May to submit prototype laptop cases based on as many as three different concepts. TSA will subject these prototypes to single-view, multi-view and computed tomography X-ray screening equipment to see if the images have sufficient resolution and clarity and are not shielded by other contents of the bag. "TSA will use the results of the tests to evaluate whether it can eliminate the requirement to remove laptops from bags for certain types of bags," said the RFI. Vendors can contact Melissa Conley, a contract specialist in TSA?s office of acquisitions, at 571-227-2036. From rforno at infowarrior.org Thu Mar 6 00:30:08 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 19:30:08 -0500 Subject: [Infowarrior] - Truth or Terrorism? The Real Story Behind Five Years of High Alerts Message-ID: http://www.rollingstone.com/politics/story/18056504/truth_or_terrorism_the_r eal_story_behind_five_years_of_high_alerts Rollingstone.com Back to Truth or Terrorism? The Real Story Behind Five Years of High Alerts Truth or Terrorism? The Real Story Behind Five Years of High Alerts A history of the Bush administration's most dubious terror scares ? and the headlines they buried TIM DICKINSON Posted Feb 07, 2008 7:55 AM "Sometimes we disagreed with the intelligence assessment. There were times when some people in the administration were really aggressive about raising the threat level, and we said, 'For that?!'" ? Former Homeland Security Secretary Tom Ridge, May 2005 The Bush administration has never shied from playing the fear card to distract the American public from scandal or goad them into supporting a deeply flawed foreign policy. Here a history of the administration's most-dubious terror alerts ? including three consecutive Memorial Day scare-a-thons ? all of which proved far less terrifying than the screamer headlines they inspired. February 12, 2002 The Threat: Yemenite terrorist set to attack U.S. ? today! "I want, to encourage... all Americans everywhere to be on the highest state of alert," warns Attorney General John Ashcroft. The Reality: The threat hadn't been corroborated by U.S. intelligence agencies ? and the evidence actually pointed to an attack not in the U.S., but in Yemen. The Real News: Announced the same day that Enron CEO Ken Lay appeared before Congress, and a week after the White House was instructed not to destroy its Enron-related documents. May 19-27, 2002 The Threat: Dick Cheney kicks off Memorial Day weekend by calling a new Al Qaeda strike "almost a certainty ? it could happen tomorrow." FBI Director Robert Mueller adds, "There will be another terrorist attack." The FBI warns of strikes on the Brooklyn Bridge and the Statue of Liberty. The Reality: The administration "made a political decision" to make public all threats ? even those from "hoaxers," says a retired CIA counterterrorism expert. "The amount of chatter hasn't changed in volume," adds a defense official. As for the New York threats, "There really isn't any hard information," declares the former head of the FBI bureau in New York. The Real News: The administration's failures in preventing 9/11 were under the microscope: Bush acknowledged receiving a briefing titled "Bin Laden Determined to Strike in U.S." a month before the attacks; the FAA said it had failed to alert airlines of the arrest of would-be hijacker Zacarias Moussaoui; the FBI admitted it had ignored a pre-9/11 warning that Al Qaeda had infiltrated American flight schools. June 10, 2002 The Threat: U.S.-born Al Qaeda agent captured. John Ashcroft interrupts a trip to Russia to brag on live TV of bagging "a known terrorist who was exploring a plan to build and explode a 'dirty bomb' in the United States." The Reality: The suspect, Jose Padilla, had actually been in custody for a month. The "dirty bomb" allegations were so flimsy that they were dropped after the administration agreed to try the case in federal court rather than in a military tribunal. The Real News: The threat was announced four days after FBI whistle-blower Coleen Rowley testified before Congress that 9/11 might have been prevented if the FBI flight-school warning had reached federal agents investigating Moussaoui. September 10, 2002 The Threat: Bush personally announces the first nationwide Orange Alert. Cheney flees to a "secure location" as Ashcroft warns that Al Qaeda appears to be targeting "transportation and energy sectors." The Reality: There was no specific threat against any American target. The Real News: The heightened terror alert went into effect just in time for the president's address to the nation from Ellis Island on the first anniversary of 9/11. February 7, 2003 The Threat: Orange Alert. CIA Director George Tenet calls the threat "the most specific we have seen" since 9/11; says Al Qaeda may use a "radiological dispersal device, as well as poisons and chemicals." The Reality: The alert, accompanied by a warning to stock up on plastic sheets and duct tape, was debunked within days; the main source failed an FBI polygraph. Threat level remained stuck on orange for two more weeks. The Real News: The alert followed less than forty-eight hours after Colin Powell's speech to the United Nations in which he falsely accused Saddam Hussein of harboring Al Qaeda and training terrorists in the use of chemical weapons. March 17, 2003 The Threat: Orange Alert. FBI warns of terror strikes by Saddam or "allied or sympathetic terrorist organizations, most notably the Al Qaeda network." The Reality: Claim debunked by future CIA director Porter Goss, then chair of House intelligence committee: No intel suggests new attack. The Real News: Nation's third Orange Alert came three days before Bush invaded Iraq, opening what he called the "central front of the War on Terror." May 20, 2003 The Threat: For a second Memorial Day in a row, country is placed on Orange Alert following warning that "Al Qaeda has entered an operational period worldwide." The Reality: No specific threat ever cited; alert issued because of what the Department of Homeland Security calls "the heightened vulnerability associated with the Memorial Day holiday." The Real News: Two weeks after Bush declared "Mission Accomplished" in Iraq, administration's plan to implement Iraq, self-rule was postponed "indefinitely" due to looting and lawlessness. July 29, 2003 The Threat: Homeland Security warns that new, 9/11-like strikes are in the works: "At least one of these attacks could be executed by the end of the summer." The Reality: Not one of the alleged attacks ever materialized. The Real News: Days earlier, the Bush administration revealed that the CIA forewarned the president about the lack of evidence for his claim that Saddam was seeking uranium from Africa. December 21, 2003 The Threat: Orange Alert for the holidays. Ridge warns that threat of attack is "perhaps greater now than at any point since 9/11." Six flights are canceled; several passengers match terror watch list. The Reality: The supposed "terrorists" included a Welsh insurance salesman, an elderly Chinese woman and a kindergartner. The Real News: The alert came after 9/11 Commission chair Tom Kean suggested the 9/11 attacks could have been thwarted. Bush is also under fire for failing to find weapons of mass destruction. May 26, 2004 The Threat: Memorial Day again: "They are going to attack and hit us hard," warns a senior intelligence official. Ashcroft relays an Al Qaeda threat that "ninety percent of the arrangements for an attack in the United States were complete." The Reality: The threat Ashcroft attributed to Al Qaeda was actually made by a discredited group that falsely claimed credit for the Madrid train bombings. This group "is not really taken seriously by Western intelligence," says one expert. The Real News: The Abu Ghraib torture scandal has come to a full boil. June 14, 2004 The Threat: A shopping mall in Columbus, Ohio, is threatened by Al Qaeda bomber. "The American heartland was targeted for death and destruction," Ashcroft declares. The Reality: The Somali suspect whose indictment Ashcroft trumpeted had been in custody for seven months. The charges against him made no mention of a shopping mall. The Real News: John Kerry leads Bush by seven points in early Ohio polling. July 8, 2004 The Threat: Tom Ridge warns that "Al Qaeda is moving forward with its plans to carry out a large-scale attack in the United States in an effort to disrupt our democratic process." The Reality: The plot did not exist: Says a top European spy, "I am aware of no intelligence, nothing that shows there will be an attack before the U.S. presidential election." Real News: Two days earlier, John Kerry tapped John Edwards as his running mate. August 1, 2004 The Threat: Orange Alert. Citing "new and unusually specific" intelligence, Ridge details a threat to the Citigroup building and the New York Stock Exchange. Adds Bush, "We wouldn't be, you know, contacting authorities at the local level unless something was real." The Reality: The president allowed his own daughters to do a photo-op at one of the targeted buildings. Perhaps that's because the "new" intelligence was actually three years old. "There is nothing right now that we're hearing that is new," says a senior law-enforcement official. Real News: Alert came three days after Kerry took the Democratic nomination at the party's convention in Boston. October 6, 2005 The Threat: FBI warns of Al Qaeda subway bombing "on or about October 9th, 2005." Bush claims to have foiled ten terror plots since 9/11. The Reality: A counter-terrorism official calls the warning unfounded: "There was no there there." None of the plots cited by Bush were operational. The Real News: Bush's nomination of Harriet Miers to the Supreme Court is failing. June 23, 2006 The Threat: Miami-based terrorists plotting to topple the Sears Tower. "These homegrown terrorists may prove to be as dangerous as groups like Al Qaida," says Alberto Gonzales. The Reality: FBI Deputy Director John Pistole terms plot ?more aspirational than operational.? Suspects armed to the teeth ? with paintball guns ? attempted to secure Al Qaeda funds at local 7-11. The Real News: Abu Musab Al Zarqawi had been killed days earlier ? removing the villain who was then America's poster boy of terror. Advertisement July 7, 2006 The Threat: New York Daily News breaks news of plot to bomb Holland Tunnel, flood Wall Street. FBI Assistant Director Mark Mershon calls threat "the real deal." The Reality: Suspect had been arrested three months earlier, after bragging about his planned exploits in an Internet chat room. Said one CIA officer, "The plot, if that is what we would call it, was not well conceived, and there was no possibility of flooding Wall Street. There was no connection to a cell in the US. Finally, professional terrorists generally do not discuss targeting on open channels." The Real News: News of plot leaked to coincide with the first anniversary of the July 7, 2005 London bombings. July 10, 2007 The Threat: Homeland Security chief Michael Chertoff warns of his "gut feeling" that the U.S. is entering "a period of increased vulnerability" of attack from terrorists: ?Summertime seems to be appealing to them.? The Reality: Chertoff subsequently confessed, "We don't have specific intelligence about an attack, that is, a particular attack against the homeland, that is imminent or scheduled for the summer." The Real News: Two days later, the intelligence community revealed Al Qaeda's strength was "undiminished" in spite of six years of the "War on Terror." From rforno at infowarrior.org Thu Mar 6 00:31:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 19:31:54 -0500 Subject: [Infowarrior] - FBI JTTFs: The Fear Factory Message-ID: Rollingstone.com The Fear Factory The FBI now has more than 100 task forces devoted exclusively to fighting terrorism. But is the government manufacturing ghosts? < - > http://www.rollingstone.com/politics/story/18137343/the_fear_factory From rforno at infowarrior.org Thu Mar 6 03:42:51 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 22:42:51 -0500 Subject: [Infowarrior] - US Air Force: Looking for a few good cyber warriors Message-ID: US Air Force: Looking for a few good cyber warriors Military wants to fortify cyberspace against China By Dan Goodin in San Francisco ? More by this author Published Wednesday 5th March 2008 22:11 GMT http://www.theregister.co.uk/2008/03/05/air_force_cyber_command/ Uncle Sam wants you ... to become a cyberspace warrior. In a document released this week, the US Air Force is laying out plans for a new cyber command, which is scheduled to become operational in October. It tries to make the case that the ability to wage war and parry attacks over electronic networks is crucial to maintaining national security. "Controlling cyberspace is the prerequisite to effective operations across all strategic and operational domains - securing freedom from attack and freedom to attack," the document, titled Air Force Cyber Command Strategic Vision, states. "We will develop and implement plans for maturing and expanding cyberspace operations as an Air Force core competency." Its definition of cyberspace is considerably broader than that of many in the security field, encompassing electronic communications that take place over the internet, but also those in the air and space. That includes conducting operations in the electromagnetic spectrum, presumably to fight against electromagnetic pulse attacks, which could disrupt the nation's electronic devices by setting off a high-altitude nuclear blast. "Cyberspace attacks can be conducted on an adversary's terrestrial, airborne and space-based communication infrastructure as well as his forces, equipment and logistics," the document (PDF here) says. Other areas of expertise include sensor disruption, data manipulation, decision support degradation, command and control disruption and weapon system degradation. The document is the latest push by US military leaders for more authority and funding for cyberspace. The campaign has been ramping up amid a growing number of intelligence disclosures that finger the People's Republic of China as a threat to the US communications infrastructure. Earlier this week, the Pentagon released an assessment of China's military might that included cautionary statements about attacks to numerous computer networks, including some belonging to the US government. While it remained unclear if the intrusions were conducted by the People's Liberation Army, "developing capabilities for cyberwarfare is consistent with authoritative PLA writings on this subject," the report warned. Additionally, Defense Department officials speaking on Capitol Hill last week said enemies are keenly aware of the government's dependence on the internet and continue to look for ways to exploit it. And according to Federal Computer Week, President Bush issued a classified directive in January designed to fortify government networks, including possible offensive tactical maneuvers. While some may see the military push as little more than a power grab, Alan Paller, director of research at the SANS Institute, is not among them. He says the US military leadership was slow to act on intelligence reports in 1990s that the Russian KGB had founded a school for cyber hacking. He says it's important leaders don't make similar mistakes in response to intelligence reports concerning China. "The reason that we're willing to spend so much money right now is that the Chinese in particular had visible and massive success in not only penetrating our systems and stealing highly sensitive military information but also taking over our systems so they can control them in the future," he says. "It's essential that we do this." ? From rforno at infowarrior.org Thu Mar 6 03:44:16 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 22:44:16 -0500 Subject: [Infowarrior] - USAF Cyber Command Vision Document Message-ID: A slickly-produced document outlining USAF CC's Grand Vision http://www.afcyber.af.mil/shared/media/document/AFD-080303-054.pdf From rforno at infowarrior.org Thu Mar 6 04:00:29 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 23:00:29 -0500 Subject: [Infowarrior] - New FBI Privacy Violations Confirmed Message-ID: New FBI Privacy Violations Confirmed http://apnews.myway.com/article/20080305/D8V7C6T06.html Mar 5, 10:56 AM (ET) By LARA JAKES JORDAN WASHINGTON (AP) - FBI Director Robert Mueller says an upcoming Justice Department report will show the bureau improperly used national security letters to obtain personal data on Americans during terror and spy investigations. Mueller says the report focuses on national security letters issued only in 2006 - a year before the FBI enacted sweeping new reforms to prevent future lapses. Mueller's comments Wednesday morning in front of the Senate Judiciary Committee came just days before the Justice Department's inspector general is scheduled to release the follow-up to a similar audit in 2007. Last year's report found that over a three-year period, the FBI had demanded personal data on people from banks, telephone and Internet providers and credit bureaus without official authorization and in non-emergency circumstances. From rforno at infowarrior.org Thu Mar 6 04:08:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 05 Mar 2008 23:08:54 -0500 Subject: [Infowarrior] - Ziff Davis files for Bankruptcy Message-ID: Ziff Davis Media Files for Bankruptcy to Cut Debt (Update3) By Christopher Scinta http://www.bloomberg.com/apps/news?pid=20601087 March 5 (Bloomberg) -- Ziff Davis Media Inc., the publisher of PC Magazine and the video-game magazine EGM, filed for bankruptcy protection with a plan to swap debt for new equity. Ziff Davis Media plans to swap $225 million of existing senior debt for a new $57.5 million senior secured note and at least 88.8 percent of the common stock in the reorganized company. The New York-based company has a debt-restructuring agreement with senior noteholders, it said today in a statement. Subordinated noteholders haven't agreed to the restructuring. ``Today's restructuring agreement goes a long way towards resolving the burdens of a debt load and capital structure established seven years ago, during a leveraged buyout of the company,'' Ziff Davis Media Chief Executive Officer Jason Young said in the statement. Holders representing more than 80 percent of Ziff Davis Media's outstanding senior floating-rate notes have agreed to the company's restructuring plan and will provide $24.5 million to fund operations during the Chapter 11 reorganization and after the company emerges from bankruptcy, according to the statement. The restructuring provides for 11.2 percent of the reorganized company's common stock to be distributed to holders of its subordinated unsecured notes if holders of those notes vote to accept the restructuring. Equity Cancellation Current equity in the company would be canceled under the plan, said company spokesman Andy Brimmer of the public relations firm Joele Frank Wilkinson Brimmer Katcher. Willis Stein & Partners LP and affiliated funds, based in Chicago, own 85.6 percent of the current common stock in the parent company Ziff Davis Holdings Inc. DLJ Diversified Partners LP and its affiliates hold the remaining 14.4 percent, Ziff Davis Media said in court papers. The company said in papers filed with the U.S. Bankruptcy Court in Manhattan that it had assets of $100 million to $500 million and debt of $500 million to $1 billion. Ziff Davis Media filed for bankruptcy with six affiliates and said Deutsche Bank Trust Co. Americas was its largest unsecured creditor. Deutsche Bank is the trustee for $152.5 million in compounding notes due 2009 and $12.3 million in 12 percent subordinated notes due 2010, Ziff Davis said in court documents. Ziff Davis Holdings also filed for Chapter 11 reorganization. Ziff Davis Media said it plans to emerge from bankruptcy protection this summer. Young said in an interview that advertising pages at the company's technology magazines have decreased dramatically since a leveraged buyout by Willis Stein in April 2000. Debt Load ``What stayed constant was the debt load that reflected a very different time for our company,'' Young said. Most of Ziff Davis Media's revenue now comes from digital products including its 1UP Network video-game information sites, he said. Subordinated noteholders didn't approve the restructuring plan because of a disagreement ``about who should get what part of the equity,'' Young said. Ziff Davis Media is represented by law firm Winston & Strawn. Its financial and restructuring adviser is Alvarez & Marsal. The case is In re Ziff Davis Holdings Inc, 08-10771, U.S. Bankruptcy Court, Southern District New York (Manhattan). To contact the reporter on this story: Christopher Scinta in New York at cscinta at bloomberg.net. From rforno at infowarrior.org Thu Mar 6 12:51:27 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Mar 2008 07:51:27 -0500 Subject: [Infowarrior] - National Dragnet Is a Click Away Message-ID: National Dragnet Is a Click Away Authorities to Gain Fast and Expansive Access to Records By Robert O'Harrow Jr. and Ellen Nakashima Washington Post Staff Writers Thursday, March 6, 2008; A01 http://www.washingtonpost.com/wp-dyn/content/article/2008/03/05/AR2008030503 656_pf.html Several thousand law enforcement agencies are creating the foundation of a domestic intelligence system through computer networks that analyze vast amounts of police information to fight crime and root out terror plots. As federal authorities struggled to meet information-sharing mandates after the Sept. 11, 2001, terrorist attacks, police agencies from Alaska and California to the Washington region poured millions of criminal and investigative records into shared digital repositories called data warehouses, giving investigators and analysts new power to discern links among people, patterns of behavior and other hidden clues. Those network efforts will begin expanding further this month, as some local and state agencies connect to a fledgling Justice Department system called the National Data Exchange, or N-DEx. Federal authorities hope N-DEx will become what one called a "one-stop shop" enabling federal law enforcement, counterterrorism and intelligence analysts to automatically examine the enormous caches of local and state records for the first time. Although Americans have become accustomed to seeing dazzling examples of fictional crime-busting gear on television and in movies, law enforcement's search for clues has in reality involved a mundane mix of disjointed computers, legwork and luck. These new systems are transforming that process. "It's going from the horse-and-buggy days to the space age, that's what it's like," said Sgt. Chuck Violette of the Tucson police department, one of almost 1,600 law enforcement agencies that uses a commercial data-mining system called Coplink. With Coplink, police investigators can pinpoint suspects by searching on scraps of information such as nicknames, height, weight, color of hair and the placement of a tattoo. They can find hidden relationships among suspects and instantly map links among people, places and events. Searches that might have taken weeks or months -- or which might not have been attempted, because of the amount of paper and analysis involved -- are now done in seconds. On one recent day, Tucson detective Cynthia Butierez demonstrated that power in an office littered with paper and boxes of equipment. Using a regular desktop computer and Web browser, she logged onto Coplink to search for clues about a fraud suspect. She entered a name the suspect used on a bogus check. A second later, a list of real names came up, along with five incident reports. She told the system to also search data warehouses built by Coplink in San Diego and Orange County, Calif. -- which have agreements to share with Tucson -- and came up with the name of a particular suspect, his age and a possible address. She asked the software to find the suspect's links to other people and incidents, and then to create a visual chart displaying the findings. Up popped a display with the suspect at the center and cartoon-like images of houses, buildings and people arrayed around him. A final click on one of the houses brought up the address of an apartment and several new names, leads she could follow. "The power behind what we have discovered, what we can do with Coplink, is immense," Tucson police Chief Richard Miranda said. "The kinds of things you saw in the movies then, we're actually doing now." Intelligence-Led Policing The expanding police systems illustrate the prominent roles that private companies play in homeland security and counterterrorism efforts. They also underscore how the use of new data -- and data surveillance -- technology to fight crime and terrorism is evolving faster than the public's understanding or the laws intended to check government power and protect civil liberties, authorities said. Three decades ago, Congress imposed limits on domestic intelligence activity after revelations that the FBI, Army, local police and others had misused their authority for years to build troves of personal dossiers and monitor political activists and other law-abiding Americans. Since those reforms, police and federal authorities have observed a wall between law enforcement information-gathering, relating to crimes and prosecutions, and more open-ended intelligence that relates to national security and counterterrorism. That wall is fast eroding following the passage of laws expanding surveillance authorities, the push for information-sharing networks, and the expectation that local and state police will play larger roles as national security sentinels. Law enforcement and federal security authorities said these developments, along with a new willingness by police to share information, hold out the promise of fulfilling post-Sept. 11, 2001, mandates to connect the dots and root out signs of threats before attacks can occur. "A guy that's got a flat tire outside a nuclear facility in one location means nothing," said Thomas E. Bush III, the FBI's assistant director of the criminal justice information services division. "Run the guy and he's had a flat tire outside of five nuclear facilities and you have a clue." In a paper called "Intelligence-Led Policing: The New Intelligence Architecture," law enforcement authorities working with the Justice Department said officers " 'on the beat' are an excellent resource for gathering information on all kinds of potential threats and vulnerabilities." "Despite the many definitions of 'intelligence' that have been promulgated over the years, the simplest and clearest of these is 'information plus analysis equals intelligence,' " the paper said. Efforts by federal authorities to create national networks have had mixed success. The federal government has long successfully operated programs such as the Regional Information Sharing System, which enables law enforcement agencies to communicate, and the National Crime Information Center, an index of criminal justice information that police across the country can access. Though successful, those systems offer a relatively limited look at existing records. A Department of Homeland Security project to expand sharing substantially, called the Information Network, has been bedeviled by cost overruns, poor planning and ambivalence on the part of local and state authorities, according to the Government Accountability Office. Almost every state has established organizations known as intelligence fusion centers to collect, analyze and share information about possible leads. But many of those centers are underfunded and undermanned, and some of the analysts are not properly trained, the GAO said last year. Federal authorities have high hopes for the N-DEx system, which is to begin phasing in as early as this month. They envision a time when N-DEx, developed by Raytheon for $85 million, will enable 200,000 state and local investigators, as well as federal counterterrorism investigators, to search across millions of police reports, in some 15,000 state and local agencies, with a few clicks of a computer mouse. Those reports will include names of suspects, associates, victims, persons of interest, witnesses and any other person named in an incident, arrest, booking, parole or probation report. The system will be accessible to federal law-enforcement agencies, such as the FBI, and state fusion centers. Intelligence analysts at the National Counterterrorism Center and FBI's Foreign Terrorist Tracking Center likely will have access to the system as well. "The goal is to create a one-stop shop for criminal justice information," the FBI's Bush said. In the meantime, local and state authorities have charged ahead with their own networks, sometimes called "nodes," and begun stitching them together through legal agreements and electronic links. At least 1,550 jurisdictions across the country use Coplink systems, through some three dozen nodes. That's a huge increase from 2002, when Coplink was first available commercially. At least 400 other agencies are sharing information and doing link analysis through the Law Enforcement Information Exchange, or Linx, a Navy Criminal Investigative Service project built by Northrop Grumman using commercial technology. Linx users include more than 100 police forces in the District, Virginia and Maryland. Hundreds of other police agencies across the country are using different information-sharing systems with varying capabilities. Officials in Ohio have created a data warehouse containing the police records of nearly 800 jurisdictions, while leaving it to local departments to provide analytical tools. Same Data, New Results Authorities are aware that all of this is unsettling to people worried about privacy and civil liberties. Mark D. Rasch, a former federal prosecutor who is now a security consultant for FTI Consulting, said that the mining of police information by intelligence agencies could lead to improper targeting of U.S. citizens even when they've done nothing wrong. Some officials avoid using the term intelligence because of those sensitivities. Others are open about their aim to use information and technology in new ways. One widely used Coplink product is called Intel Lead. It enables agencies to enter new information, tips or observations into the data warehouses, which can then be accessed by people with proper authority. Another service under development, called "predictor," would use data and software to make educated guesses about what could happen. "Intel Lead is particularly applicable to the needs of statewide criminal intelligence and antiterrorism fusion centers as well as federal agencies who need to bridge the intelligence gap," said a news release by Knowledge Computing, the company that makes Coplink. Robert Griffin, the chief executive of Knowledge Computing, said Coplink yields clues and patterns they otherwise would not see. "It's de facto intelligence that's actionable," Griffin said. Managers of Linx are eager to distinguish their system from the commercial Coplink and its more extensive capabilities. They acknowledge their system includes data-analysis capabilities, and it will feed information to counterterrorism and intelligence authorities. In fact, the system is designed to serve as a bridge between law enforcement and intelligence. But they said Linx is not an intelligence system under federal laws, because it relies on records police have always kept. "It does not create intelligence," said Michael Dorsey, the Naval Criminal Investigative Service special agent in charge. "It creates knowledge." To allay the public's fears, many police agencies segregate information collected in the process of enforcing the law from intelligence gathered on gangs, drug dealers and the like. Projects receiving federal funding must do so. Nearly every state and local jurisdiction has its own guides for these new systems, rules that include restrictions intended to protect against police intrusiveness, authorities said. The systems also automatically keep track of how police use them. N-DEx, too, will have restrictions aimed at preventing the abuse of the data it gathers. FBI officials said that agencies seeking access to N-DEx would be vetted, and that only authorized individuals would have access. Audit trails on whoever touches a piece of data would be kept. And no investigator would be allowed to take action -- make an arrest, for instance -- based on another agency's data without first checking with that agency. But even some advocates of information-sharing technology worry that without proper oversight and enforceable restrictions the new networks pose a threat to basic American values by giving police too much power over information. Timothy Sample, a former intelligence official who runs the Intelligence and National Security Alliance, is among those who think computerized information-sharing is critical to national security but fraught with risks. "As a nation, our laws have not kept up," said Sample, whose group serves as a professional association of intelligence officials in the government and intelligence contracting executives in the private sector. Thomas McNamara, chief of the federal Information Sharing Environment office, said a top goal of federal officials is persuading regional systems to adopt most of the federal rules, both for privacy and to build a sense of confidence among law enforcement authorities who might be reluctant to share widely because of security concerns. "Part of the challenge is to leverage these cutting-edge tools so we can securely and appropriately share that information which supports efforts to protect our communities from future terrorist attacks," McNamara said. "Equally important is that we do so in a manner that fully protects the information privacy and legal rights of all Americans." Miranda, the Tucson police chief, said there's no overstating the utility of Coplink for his force. But he too acknowledges that such power raises new questions about how to keep it in check and ensure that the trust people place in law enforcement is not misplaced. "I don't want the people in my community to feel we're behind every little tree and surveilling them," he said. "If there's any kind of inkling that we're misusing our power and our technology, that trust will be destroyed." From rforno at infowarrior.org Fri Mar 7 02:09:14 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 06 Mar 2008 21:09:14 -0500 Subject: [Infowarrior] - House panel deletes part of music industry-backed copyright bill Message-ID: House panel deletes part of music industry-backed copyright bill Posted by Anne Broache | 7 comments http://www.news.com/8301-10784_3-9887568-7.html? WASHINGTON--To avoid having a copyright bill favored by the music industry become mired in controversy, a U.S. House of Representatives panel has agreed to remove a section that would have dramatically increased fines in copyright infringement lawsuits. Under the original Prioritizing Resources and Organization for Intellectual Property Act (the PRO IP Act), a defendant accused of unlawfully downloading each track from, say, the best-selling 22-track Janet Jackson album Discipline could be forced to pay $30,000 in damages per song. That's $660,000--far above the $30,000 maximum damages-per-compilation that current law allows. Now the current $30,000-per-compilation limit will stay intact. An outcry from digital rights groups like the Electronic Frontier Foundation and Public Knowledge prompted a House Judiciary subcommittee that presides over intellectual property law to remove that provision from the version of the PRO IP Act that was approved Thursday. With no debate, the subcommittee approved a manager's amendment and then, by a unanimous voice vote, the full bill. The bipartisan copyright law overhaul, which is strongly supported by major copyright holders like the Recording Industry Association of America, Motion Picture Association of America, and NBC Universal, was proposed in December. Thursday's vote seems designed not to repeat the fate of what has happened before--in recent years, other entertainment industry-backed copyright bills have attracted significant controversy and not become law. They include a Senate proposal to allow federal prosecutors to sue alleged copyright infringers (that proposal recently re-emerged), an effort to lock down features on satellite radio players, and a House proposal to lock up people who "attempt" piracy. Despite the amendment passed Thursday, Democratic committee leaders warned the heightened damages section is not dead and said they'd continue to fight to up the penalties. "Whether it is still prudent to limit statutory damages when multiple works on a compilation have been infringed is a topic of ongoing conversations and subject matter for another day," said House Judiciary Committee Chairman John Conyers (D-Mich.). That action nevertheless leaves a bill that numbers more than 60 pages and proposes a number of sweeping changes to copyright law aimed at beefing up penalties for pirates and counterfeiters. Most notably, it would allow federal officials to seize property, including computer equipment used to commit intellectual property crimes or obtained as a result of those proceeds. An amendment adopted Thursday, however, attempts to narrow that enforcement power, saying the government would have to establish that "there was a substantial connection between the property and the offense." That's designed to address concerns that the forfeiture sections "could ensnare materials and devices that would have only a fleeting connection to the offense," said Rep. Howard Berman (D-Calif.), chairman of the intellectual property subcommittee. Rep. Zoe Lofgren (D-Calif.) said she was concerned that the change wouldn't address the possibility that innocent people could find their property seized if a convicted pirate used it to commit crimes without their knowledge. (At least one defendant in a peer-to-peer lawsuit brought by the RIAA was sued because someone else was using their Wi-Fi access point.) "There should be at least a knowledge component or a willfulness component connected with that," she said. "I don't think there's a deterrent effect if we punish an innocent individual or entity." Bill would create new IP enforcement agency The bill would also create a new federal bureaucracy called the White House Intellectual Property Enforcement Representative, or WHIPER, that seems in some ways to be modeled after the U.S. Trade Representative. It's designed to help coordinate the efforts of the eight government agencies that have jurisdiction over intellectual property cases, Berman said. The head of WHIPER, a presidential appointee subject to Senate confirmation, would be tasked with being the president's principal adviser and spokesman for intellectual property matters and with identifying countries that don't adequately protect intellectual property rights. WHIPER would also be responsible for drawing up a "Joint Strategic Plan" that addresses how to disrupt piracy and counterfeit supply chains. The bill as proposed would have also required WHIPER to set about "identifying individuals" involved in the "trafficking" of "pirated goods," but because of concerns raised by consumer groups about that approach, that requirement was wiped out by the amendment adopted Thursday. WHIPER would also have to provide annual reports to Congress on its activities. The bill would also offer state and local governments $25 million in grant money to help them combat intellectual property crimes, and it would dispatch 10 "intellectual property attaches" to embassies around the world. Michael Petricone, a senior vice president with the Consumer Electronics Association, told CNET News.com after the vote that he thought the revised bill was "balanced" and "responsive to the tech industry's concerns." The Copyright Alliance, a Washington-based lobby group that represents major entertainment industry groups, applauded the bill's passage, saying it "will provide much-needed resources and organization to enforcement efforts on foreign and domestic fronts." (The alliance's 44 members include the RIAA, MPAA, Association of American Publishers, and companies like Microsoft, Viacom, and Walt Disney.) The bill's next step is a vote in the full House Judiciary Committee, which is expected to happen soon. Berman, the IP subcommittee's chairman and one of the bill's chief sponsors, said he hoped to get the bill to the House floor by April. (No Senate counterpart currently exists.) From rforno at infowarrior.org Fri Mar 7 13:14:13 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 07 Mar 2008 08:14:13 -0500 Subject: [Infowarrior] - USCG Hates the Internet, Maybe Message-ID: Coast Guard Hates the Internet, Maybe By David Axe EmailMarch 07, 2008 | 9:15:00 http://blog.wired.com/defense/2008/03/coast-guard-hat.html The Army cracked down on soldier-bloggers and Youtube. The Air Force blocked blog-access on official networks. All this despite the military paying lip service to New Media, the open-source phenomenon and information warfare. Now the Coast Guard, America's smallest military branch, is finally checking out this whole internet thing -- and last week it totally panicked, maybe. Here's what went down. Periodically the Coast Guard brass, including Commandant Thad Allen, will pen messages addressed to the whole Coast Guard. These messages cover a wide range of topics: I quoted one this week that admonished Coasties for being rude to civilian sailors. Since the postings were unclassified but inside a secure network, a couple of unofficial Coast Guard blogs had made it their responsibility to re-post the messages for the general public. The brass said stop: THE COAST GUARD HEADQUARTERS COMMUNICATION CENTER (HQ COMMCEN) IS DESIGNATED AS THE ONLY AUTHORIZED CG ORGANIZATION TO POST MESSAGES TO THE INTERNET. INDIVIDUALS ARE NOT AUTHORIZED TO DO SO VIA ANY MEANS. So what does this mean? It might mean that the public has lost some of its best sources for up-to-date info on the 50,000 people it counts on to keep it safe at sea. It definitely means confusion for Coastie bloggers, who largely had applauded the commandant's stated support of greater openness and who have read this as a step back. Does this signal a coming crackdown on Coast Guard bloggers? "Not yet," says Peter Stinson from the Unofficial Coast Guard Blog: But the scuttle is that something is in the works. We'll just have to see. I believe that Admiral Allen is smart enough to realize that if he places any limits on free speech made outside of work hours without government resources, we'll just feed the hog. What hog? The 1st Amendment hog, dude. But wait just a sec! Coastie spokesman Jim McPherson says we've got it all wrong. He says that Coast Guard headquarters only wants to clear information through a single, centralized location before making it public on the Coast Guard official website: The problem before was these messages were informally shared and sometimes they were inaccurate. They were not updated and when they where superseded, it was overlooked. The goal now is to have the uscg.mil site the PRIMARY official source on these important issues ... NOT the only place to see it. When you see it posted on uscg.mil it is official ... not a draft, not superseded policy, etc. The responsibility is ours to make sure superseded policies are removed and the information is current and official. We want the information shared from this site. Problem is that Coast Guard bloggers such as Stinson are reading this increased centralization as an attack on freedom of information. Who's right? Depends on whether you'd rather info come from an single, official, vetted source -- or from multiple, but perhaps contradictory, unofficial sources. McPherson says have a little faith: We do not "own" the information. The public does and with obvious security and privacy concerns, the Coast Guard moves a great deal of information out to the public -- mostly good but sometimes bad. ... Admiral Allen is completely supportive of these efforts and this is what the term "transparency" means in action. From rforno at infowarrior.org Sat Mar 8 21:34:41 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 08 Mar 2008 16:34:41 -0500 Subject: [Infowarrior] - OpEd: Thwarted Terror Attacks Since Sept. 11 Message-ID: http://informationparadox.blogspot.com/2008/03/bullshit.html < - > Two things on this article: How many of these were real, and valid "terror threats"? And if these were valid, at what price were they averted, what did we forfeit to feel protected? (This is from FOX News so you can count on GOP propaganda being contained.) List of Thwarted Terror Attacks Since Sept. 11 Thursday , March 06, 2008 By Joseph Abrams The following is a list of known terror plots thwarted by the U.S. government since Sept. 11, 2001. ? December 2001, Richard Reid: British citizen attempted to ignite shoe bomb on flight from Paris to Miami. ? May 2002, Jose Padilla: American citizen accused of seeking "dirty bomb," convicted of conspiracy. ? September 2002, Lackawanna Six: American citizens of Yemeni origin convicted of supporting Al Qaeda. Five of six were from Lackawanna, N.Y. ? May 2003, Iyman Faris: American citizen charged with trying to topple the Brooklyn Bridge. ? June 2003, Virginia Jihad Network: Eleven men from Alexandria, Va., trained for jihad against American soldiers, convicted of violating the Neutrality Act, conspiracy. ? August 2004, Dhiren Barot: Indian-born leader of terror cell plotted bombings on financial centers (see additional images). ? August 2004, James Elshafay and Shahawar Matin Siraj: Sought to plant bomb at New York's Penn Station during the Republican National Convention. ? August 2004, Yassin Aref and Mohammed Hossain: Plotted to assassinate a Pakistani diplomat on American soil. ? June 2005, Father and son Umer Hayat and Hamid Hayat: Son convicted of attending terrorist training camp in Pakistan; father convicted of customs violation. ? August 2005, Kevin James, Levar Haley Washington, Gregory Vernon Patterson and Hammad Riaz Samana: Los Angeles homegrown terrorists who plotted to attack National Guard, LAX, two synagogues and Israeli consulate. ? December 2005, Michael Reynolds: Plotted to blow up refinery in Wyoming, convicted of providing material support to terrorists. ? February 2006, Mohammad Zaki Amawi, Marwan Othman El-Hindi and Zand Wassim Mazloum: Accused of providing material support to terrorists, making bombs for use in Iraq. ? April 2006, Syed Haris Ahmed and Ehsanul Islam Sadequee: Cased and videotaped the Capitol and World Bank for a terrorist organization. ? June 2006, Narseal Batiste, Patrick Abraham, Stanley Grant Phanor, Naudimar Herrera, Burson Augustin, Lyglenson Lemorin, and Rotschild Augstine: Accused of plotting to blow up the Sears Tower. ? July 2006, Assem Hammoud: Accused of plotting to hit New York City train tunnels. ? August 2006, Liquid Explosives Plot: Thwarted plot to explode ten airliners over the United States. ? May 2007, Fort Dix Plot: Six men accused of plotting to attack Fort Dix Army base in New Jersey. ? June 2007, JFK Plot: Four men accused of plotting to blow up fuel arteries underneath JFK Airport in New York. ? March 2007, Khalid Sheikh Mohammed: Mastermind of Sept. 11 and author of numerous plots confessed in court in March 2007 to planning to destroy skyscrapers in New York, Los Angeles and Chicago. From rforno at infowarrior.org Sun Mar 9 05:22:38 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Mar 2008 00:22:38 -0500 Subject: [Infowarrior] - =?iso-8859-1?q?Bush_=B9_s_Veto_of_Bill_on_C=2EI?= =?iso-8859-1?q?=2EA=2E_Tactics_Affirms_His_Legacy?= Message-ID: Bush?s Veto of Bill on C.I.A. Tactics Affirms His Legacy By STEVEN LEE MYERS Published: March 9, 2008 http://www.nytimes.com/2008/03/09/washington/09policy.html?_r=1&hp&oref=slog in WASHINGTON ? President Bush on Saturday further cemented his legacy of fighting for strong executive powers, using his veto to shut down a Congressional effort to limit the Central Intelligence Agency?s latitude to subject terrorism suspects to harsh interrogation techniques. Mr. Bush vetoed a bill that would have explicitly prohibited the agency from using interrogation methods like waterboarding, a technique in which restrained prisoners are threatened with drowning and that has been the subject of intense criticism at home and abroad. Many such techniques are prohibited by the military and law enforcement agencies. The veto deepens his battle with increasingly assertive Democrats in Congress over issues at the heart of his legacy. As his presidency winds down, he has made it clear he does not intend to bend in this or other confrontations on issues from the war in Iraq to contempt charges against his chief of staff, Joshua B. Bolten, and former counsel, Harriet E. Miers. Mr. Bush announced the veto in the usual format of his weekly radio address, which is distributed to stations across the country each Saturday. He unflinchingly defended an interrogation program that has prompted critics to accuse him not only of authorizing torture previously but also of refusing to ban it in the future. ?Because the danger remains, we need to ensure our intelligence officials have all the tools they need to stop the terrorists,? he said. Mr. Bush?s veto ? the ninth of his presidency, but the eighth in the past 10 months with Democrats in control of Congress ? underscored his determination to preserve many of the executive prerogatives his administration has claimed in the name of fighting terrorism, and to enshrine them into law. Mr. Bush is fighting with Congress over the expansion of powers under the Foreign Intelligence Surveillance Act and over the depth of the American security commitments to Iraq once the United Nations mandate for international forces there expires at the end of the year. The administration has also moved ahead with the first military tribunals of those detained at Guant?namo Bay, including Khalid Shaikh Mohammed, a mastermind of the Sept. 11, 2001, attacks, despite calls to try them in civilian courts. All are issues that turn on presidential powers. And as he has through most of his presidency, he built his case on the threat of terrorism. ?The fact that we have not been attacked over the past six and a half years is not a matter of chance,? Mr. Bush said in his radio remarks, echoing comments he made Thursday at a ceremony marking the fifth anniversary of the creation of the Department of Homeland Security. ?We have no higher responsibility than stopping terrorist attacks,? he added. ?And this is no time for Congress to abandon practices that have a proven track record of keeping America safe.? The bill Mr. Bush vetoed would have limited all American interrogators to techniques allowed in the Army field manual on interrogation, which prohibits physical force against prisoners. The debate has left the C.I.A. at odds with the Federal Bureau of Investigation and other agencies, whose officials have testified that harsh interrogation methods are either unnecessary or counterproductive. The agency?s director, Gen. Michael V. Hayden, issued a statement to employees after Mr. Bush?s veto defending the program as legal, saying that the Army field manual did not ?exhaust the universe of lawful interrogation techniques.? Democrats, who supported the legislation as part of a larger bill that authorized a vast array of intelligence programs, criticized the veto sharply, but they do not have the votes to override it. ?This president had the chance to end the torture debate for good,? one of its sponsors, Senator Dianne Feinstein of California, said in a statement on Friday when it became clear that Mr. Bush intended to carry out his veto threat. ?Yet, he chose instead to leave the door open to use torture in the future. The United States is not well served by this.? The Senate?s majority leader, Harry Reid of Nevada, said Mr. Bush disregarded the advice of military commanders, including Gen. David H. Petraeus, who argued that the military?s interrogation techniques were effective and that the use of any others could create risks for any future American prisoners of war. ?He has rejected the Army field manual?s recognition that such horrific tactics elicit unreliable information, put U.S. troops at risk and undermine our counterinsurgency efforts,? Mr. Reid said in a statement. Democrats vowed to raise the matter again. Senator John McCain, the presumptive Republican presidential nominee, has been an outspoken opponent of torture, often referring to his own experience as a prisoner of war in Vietnam. In this case he supported the administration?s position, arguing as Mr. Bush did Saturday that the legislation would have limited the C.I.A.?s ability to gather intelligence. Mr. Bush said the agency should not be bound by rules written for soldiers in combat, as opposed to highly trained experts dealing with hardened terrorists. The bill?s supporters countered that it would have banned only a handful of techniques whose effectiveness was in dispute in any case. The administration has also said that waterboarding is no longer in use, though officials acknowledged last month that it had been used in three instances before the middle of 2003, including against Mr. Mohammed. Officials have left vague the question of whether it could be authorized again. Mr. Bush said, as he had previously, that information from the C.I.A.?s interrogations had averted terrorist attacks, including plots to attack a Marine camp in Djibouti; the American Consulate in Karachi, Pakistan; Library Tower in Los Angeles; and passenger planes from Britain. He maintained that the techniques involved ? the exact nature of which remained classified ? were ?safe and lawful.? ?Were it not for this program, our intelligence community believes that Al Qaeda and its allies would have succeeded in launching another attack against the American homeland,? he said. Senator John D. Rockefeller IV of West Virginia, the chairman of the Intelligence Committee, disputed that assertion on Saturday. ?As chairman of the Senate Intelligence Committee, I have heard nothing to suggest that information obtained from enhanced interrogation techniques has prevented an imminent terrorist attack,? he said in a statement. The handling of detainees since 2001 has dogged the administration politically, but Mr. Bush and his aides have barely conceded any ground to critics, even in the face of legal challenges, as happened with the prisoners at Guant?namo Bay or with federal wiretapping conducted without warrants. At the core of the administration?s position is a conviction that the executive branch must have unfettered freedom when it comes to prosecuting war. Stephen Hess, a presidential scholar at the Brookings Institution, said Mr. Bush?s actions were consistent with his efforts to expand executive power and to protect the results of those efforts. Some, he said, could easily be undone ? with a Democratic president signing a bill like the one he vetoed Saturday, for example ? but the more Mr. Bush accomplished now, the more difficult that would be. ?Every administration is concerned with protecting the power of the presidency,? he said. ?This president has done that with a lot more vigor.? Representative Bill Delahunt, a Democrat from Massachusetts, has been holding hearings on the administration?s negotiations with Iraq over the legal status of American troops in Iraq beyond Mr. Bush?s presidency. He said the administration had rebuffed demands to bring any agreement to Congress for approval, and had largely succeeded. ?They?re excellent at manipulating the arguments so that if Congress should assert itself, members expose themselves to charges of being soft, not tough enough on terrorism,? he said. ?My view is history is going to judge us all.? Mark Mazzetti contributed reporting. From rforno at infowarrior.org Sun Mar 9 05:23:57 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Mar 2008 00:23:57 -0500 Subject: [Infowarrior] - They Criticized Vista. And They Should Know Message-ID: March 9, 2008 Digital Domain They Criticized Vista. And They Should Know. By RANDALL STROSS http://www.nytimes.com/2008/03/09/business/09digi.html?pagewanted=print ONE year after the birth of Windows Vista, why do so many Windows XP users still decline to ?upgrade?? Microsoft says high prices have been the deterrent. Last month, the company trimmed prices on retail packages of Vista, trying to entice consumers to overcome their reluctance. In the United States, an XP user can now buy Vista Home Premium for $129.95, instead of $159.95. An alternative theory, however, is that Vista?s reputation precedes it. XP users have heard too many chilling stories from relatives and friends about Vista upgrades that have gone badly. The graphics chip that couldn?t handle Vista?s whizzy special effects. The long delays as it loaded. The applications that ran at slower speeds. The printers, scanners and other hardware peripherals, which work dandily with XP, that lacked the necessary software, the drivers, to work well with Vista. Can someone tell me again, why is switching XP for Vista an ?upgrade?? Here?s one story of a Vista upgrade early last year that did not go well. Jon, let?s call him, (bear with me ? I?ll reveal his full identity later) upgrades two XP machines to Vista. Then he discovers that his printer, regular scanner and film scanner lack Vista drivers. He has to stick with XP on one machine just so he can continue to use the peripherals. Did Jon simply have bad luck? Apparently not. When another person, Steven, hears about Jon?s woes, he says drivers are missing in every category ? ?this is the same across the whole ecosystem.? Then there?s Mike, who buys a laptop that has a reassuring ?Windows Vista Capable? logo affixed. He thinks that he will be able to run Vista in all of its glory, as well as favorite Microsoft programs like Movie Maker. His report: ?I personally got burned.? His new laptop ? logo or no logo ? lacks the necessary graphics chip and can run neither his favorite video-editing software nor anything but a hobbled version of Vista. ?I now have a $2,100 e-mail machine,? he says. It turns out that Mike is clearly not a na?f. He?s Mike Nash, a Microsoft vice president who oversees Windows product management. And Jon, who is dismayed to learn that the drivers he needs don?t exist? That?s Jon A. Shirley, a Microsoft board member and former president and chief operating officer. And Steven, who reports that missing drivers are anything but exceptional, is in a good position to know: he?s Steven Sinofsky, the company?s senior vice president responsible for Windows. Their remarks come from a stream of internal communications at Microsoft in February 2007, after Vista had been released as a supposedly finished product and customers were paying full retail price. Between the nonexistent drivers and PCs mislabeled as being ready for Vista when they really were not, Vista instantly acquired a reputation at birth: Does Not Play Well With Others. We usually do not have the opportunity to overhear Microsoft?s most senior executives vent their personal frustrations with Windows. But a lawsuit filed against Microsoft in March 2007 in United States District Court in Seattle has pried loose a packet of internal company documents. The plaintiffs, Dianne Kelley and Kenneth Hansen, bought PCs in late 2006, before Vista?s release, and contend that Microsoft?s ?Windows Vista Capable? stickers were misleading when affixed to machines that turned out to be incapable of running the versions of Vista that offered the features Microsoft was marketing as distinctive Vista benefits. Last month, Judge Marsha A. Pechman granted class-action status to the suit, which is scheduled to go to trial in October. (Microsoft last week appealed the certification decision.) Anyone who bought a PC that Microsoft labeled ?Windows Vista Capable? without also declaring ?Premium Capable? is now a party in the suit. The judge also unsealed a cache of 200 e-mail messages and internal reports, covering Microsoft?s discussions of how best to market Vista, beginning in 2005 and extending beyond its introduction in January 2007. The documents incidentally include those accounts of frustrated Vista users in Microsoft?s executive suites. Today, Microsoft boasts that there are twice as many drivers available for Vista as there were at its introduction, but performance and graphics problems remain. (When I tried last week to contact Mr. Shirley and the others about their most recent experiences with Vista, David Bowermaster, a Microsoft spokesman, said that no one named in the e-mail messages could be made available for comment because of the continuing lawsuit.) The messages were released in a jumble, but when rearranged into chronological order, they show a tragedy in three acts. Act 1: In 2005, Microsoft plans to say that only PCs that are properly equipped to handle the heavy graphics demands of Vista are ?Vista Ready.? Act 2: In early 2006, Microsoft decides to drop the graphics-related hardware requirement in order to avoid hurting Windows XP sales on low-end machines while Vista is readied. (A customer could reasonably conclude that Microsoft is saying, Buy Now, Upgrade Later.) A semantic adjustment is made: Instead of saying that a PC is ?Vista Ready,? which might convey the idea that, well, it is ready to run Vista, a PC will be described as ?Vista Capable,? which supposedly signals that no promises are made about which version of Vista will actually work. The decision to drop the original hardware requirements is accompanied by considerable internal protest. The minimum hardware configuration was set so low that ?even a piece of junk will qualify,? Anantha Kancherla, a Microsoft program manager, said in an internal e-mail message among those recently unsealed, adding, ?It will be a complete tragedy if we allowed it.? Act 3: In 2007, Vista is released in multiple versions, including ?Home Basic,? which lacks Vista?s distinctive graphics. This placed Microsoft?s partners in an embarrassing position. Dell, which gave Microsoft a postmortem report that was also included among court documents, dryly remarked: ?Customers did not understand what ?Capable? meant and expected more than could/would be delivered.? All was foretold. In February 2006, after Microsoft abandoned its plan to reserve the Vista Capable label for only the more powerful PCs, its own staff tried to avert the coming deluge of customer complaints about underpowered machines. ?It would be a lot less costly to do the right thing for the customer now,? said Robin Leonard, a Microsoft sales manager, in an e-mail message sent to her superiors, ?than to spend dollars on the back end trying to fix the problem.? Now that Microsoft faces a certified class action, a judge may be the one who oversees the fix. In the meantime, where does Microsoft go to buy back its lost credibility? Randall Stross is an author based in Silicon Valley and a professor of business at San Jose State University. E-mail: stross at nytimes.com. From rforno at infowarrior.org Sun Mar 9 23:15:07 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Mar 2008 19:15:07 -0400 Subject: [Infowarrior] - USAF Cyber Command sending DMCA notices Message-ID: Link to the AFCC video: http://www.youtube.com/watch?v=dkskj7cHiRE -or- www.infowarrior.org/users/rforno/USAF-CC-Promo.flv Air Force Cyber Command's New Weapon: DMCA Notices By Kevin Poulsen EmailMarch 07, 2008 | 2:13:37 PMCategories: Cover-Ups, Cybarmageddon! http://blog.wired.com/27bstroke6/2008/03/air-force-cyber.html It's cyber war! Lawyers representing the Air Force's elite electronic warriors have sent YouTube a DMCA takedown notice demanding the removal of the 30-second spot the Air Force created to promote its nascent Cyber Command. We'd uploaded the video to share with THREAT LEVEL readers. How quickly alliances shift in the murky new world of Cyberarmageddon. It was just last month that the Air Force sent us the ad, and thanked THREAT LEVEL for agreeing to run it. The spot shows earnest airmen deftly thwarting a hacker attack on the Pentagon using Minority Report-type touch-and-drag screens. I'm certain hundreds, if not thousands, of geeks have already enlisted as a result of our patriotic shilling for the Air Force. Now, though, it seems we're just another cyber enemy to be squashed like so many Chinese DDoSers or unsanctioned blogs. Was it something I said? But Air Force marketing chief Keith Lebling, who sent us the spot in the first place, says any intellectual property claim should have gone through his office, and none did. U.S. Government works aren't even copyrightable. YouTube doesn't know that -- presumably because it has no lawyers -- and it's taken down the video. A spokeswoman said in an e-mail that the Google-owned service has no choice but to comply with DMCA notices. That's not quite right, though. YouTube has no legal obligation to remove non-infringing content. Fortunately, we have our own servers. You can see the restored Cyber Command ad below. Catch it before someone drops an EMP bomb down our chimney. Update: YouTube has sent along the DMCA notice (.pdf). It's signed by Meredith Pikser, an attorney with international law firm Reed Smith LLP, on behalf of the Air Force. Kurt Opsahl at EFF notes that, notwithstanding Pikster's sworn statement, the Air Force website promoting the video contains this language in its privacy policy: "Information presented on the Air Force Recruiting website is considered public information and may be distributed or copied." From rforno at infowarrior.org Sun Mar 9 23:17:19 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Mar 2008 19:17:19 -0400 Subject: [Infowarrior] - More on - OpEd: Thwarted Terror Attacks Since Sept. 11 In-Reply-To: <20080309225130.GA32218@gsp.org> Message-ID: This person's analysis is spot-on, as always. --rf ------ Forwarded Message From: - anonymous - First, let's note that missing from this list are the terror attacks of September 11 itself, which the US government failed to avert or even respond to in a minimally competent manner. For example, our top military commanders failed to defend *their own headquarters* and the nation's capitol from attack by a single, lumbering, slow, un-stealthy, un-armed civilian airliner flown by barely-trained amateurs, clearly visible on radar, with obvious intent, and plenty of warning. They couldn't even manage to get a single fighter aircraft up to engage it, even though Langley, Andrews, etc. are all mere minutes away for an aircraft travelling at supersonic speeds. The only competent -- and courageous -- response that day that "thwarted" anything came from those onboard Flight 93. You know: citizens. Second, let's also note that this list conveniently begins on the faux patriots' watershed date, 9/11/2001. It thus omits all mention of any attacks averted prior to that date -- as if the narrative began that day and prior history simply doesn't exist. This is hardly surprising given that this comes from the neocon propaganda network, but it is instructive. Third, we can completely discount any "confessions" involved in any of these plots since we now know that the US government fully sanctions and actively uses torture. Therefore, all such "confessions" are null and void, and must be immediately dismissed as pure fiction. Fourth, in cases where trials have been taken place, they've been for show, conducted by kangaroo courts and using frequent bogus references to "national security" to deprive defendants of their rights under law -- including access to counsel, right to confront their accusers, etc. -- the things that civilized nations provide. Now let's look at some of the items on this list. (This same analysis could be used on all of them, it's just that this response is pretty long already.) > ? December 2001, Richard Reid: British citizen attempted to ignite shoe > bomb on flight from Paris to Miami. Wrong. The US government did not thwart that attack. Airline passengers and crew thwarted that attack. > ? May 2002, Jose Padilla: American citizen accused of seeking "dirty > bomb," convicted of conspiracy. Wrong. Padilla was never charged with anything involving possession of any materials that could be used to make a "dirty bomb". The conspiracy charge was a consolation prize, and was based on a law that was not in force at the time he allegedly violated it. He was not allowed to introduce evidence on his behalf, was not allowed to call witnesses, was not allowed to cross-examine, and was held without access to counsel in a military based in Florida for three years, where he was almost certainly tortured. > ? September 2002, Lackawanna Six: American citizens of Yemeni origin > convicted of supporting Al Qaeda. Five of six were from Lackawanna, N.Y. Wrong. This group had no cohesion, no plan, no objective until an FBI informant came on board as part of a sting operation. That informant offered money, help, equipment, and motivation to spur the "plot" forward. All actual planning was done by the informant. > ? May 2003, Iyman Faris: American citizen charged with trying to topple > the Brooklyn Bridge. Wrong. This mentally ill guy was going to take out the Brooklyn Bridge...with a blowtorch. And my wacky Uncle Jerry is going to destroy Mount Rushmore with a pickaxe. > ? August 2004, Dhiren Barot: Indian-born leader of terror cell plotted > bombings on financial centers (see additional images). Wrong. His scary scary videos consisted of scenes from "Die Hard" et.al. and other movie-enhanced explosions that have no basis in reality. Implicated by a single Pakistani citizen -- who it's strongly suspected, was tortured (in Pakistan) to produce that result. Oh, and he's British. They tried him, not the US. > ? August 2004, James Elshafay and Shahawar Matin Siraj: Sought to plant > bomb at New York's Penn Station during the Republican National Convention. Wrong. "Caught" like many of the others thanks to an informant planted in the group and spurring them on. They had - no bomb-making experience - no materials - no contacts to acquire materials - no money And El Shafey is mentally ill. > ? August 2004, Yassin Aref and Mohammed Hossain: Plotted to assassinate > a Pakistani diplomat on American soil. Wrong. Yet another case where primary impetus came from the US government: they were both struggling financially when an informant -- an FBI informant with a history of bribery, fraud, money laundering, and extortion -- set up a sting operation. This entire case is a confused mess (complicated by obvious lies on the part of the informant about which languages the supposed conspirators spoke). Neither of them had any money and so could not possibly afford the missile which the informant produced and said could be used (to kill a Pakistani diplomat). Defense attorneys were denied access to almost all of the supposed "evidence". > ? June 2006, Narseal Batiste, Patrick Abraham, Stanley Grant Phanor, > Naudimar Herrera, Burson Augustin, Lyglenson Lemorin, and Rotschild > Augstine: Accused of plotting to blow up the Sears Tower. Wrong. At trial, it came out that: - the plot was the invention of two paid FBI informants - the plot was hatched while they were all high - they had no operational ability - the plotters got what little equipment they had (e.g. cameras) courtesy of the Joint Terrorism Task Force > ? May 2007, Fort Dix Plot: Six men accused of plotting to attack Fort > Dix Army base in New Jersey. Wrong. This "terror cell" included a taxi driver, a pizza delivery boy and three roofers. It turned out that: - they had almost no money - they had no connections to actual terrorists - they spent their weekends playing paintball - they planned an attack using RPGs and AK47s...which they didn't have, had no way to get, and couldn't afford - primary guidance was provided by two informants for the Joint Terrorism Task Force - even though this was supposedly a "sophisticated" plan, they were "caught" when they handed over a video of themselves to a Circuit City store clerk - they were planning to attack an entire military base chock-full of armed, trained, and presumably hostile soldiers > ? June 2007, JFK Plot: Four men accused of plotting to blow up fuel > arteries underneath JFK Airport in New York. Wrong. Basic physics as well as the construction of the pipeline makes this impossible. The "terrorists" -- per the federal government -- had: - no money - no experience - no explosives - no support - no inside information Their best "intelligence source" was Google Earth and their only connection to the target was that one of them worked as a cargo handler there more than a decade earlier. Oh, and once again, the primary instigator of this was a federal informant -- this time, a convicted drug dealer trying to get his sentence reduced. From rforno at infowarrior.org Sun Mar 9 23:49:46 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Mar 2008 19:49:46 -0400 Subject: [Infowarrior] - Britain makes camera that "sees" under clothes Message-ID: Britain makes camera that "sees" under clothes Sun Mar 9, 7:21 AM ET http://news.yahoo.com/s/nm/20080309/tc_nm/security_britain_technology_dc LONDON (Reuters) - A British company has developed a camera that can detect weapons, drugs or explosives hidden under people's clothes from up to 25 meters away in what could be a breakthrough for the security industry. The T5000 camera, created by a company called ThruVision, uses what it calls "passive imaging technology" to identify objects by the natural electromagnetic rays -- known as Terahertz or T-rays -- that they emit. The high-powered camera can detect hidden objects from up to 80 feet away and is effective even when people are moving. It does not reveal physical body details and the screening is harmless, the company says. The technology, which has military and civilian applications and could be used in crowded airports, shopping malls or sporting events, will be unveiled at a scientific development exhibition sponsored by Britain's Home Office on March 12-13. "Acts of terrorism have shaken the world in recent years and security precautions have been tightened globally," said Clive Beattie, the chief executive of ThruVision. "The ability to see both metallic and non-metallic items on people out to 25 meters is certainly a key capability that will enhance any comprehensive security system." While the technology may enhance detection, it may also increase concerns that Britain is becoming a surveillance society, with hundreds of thousands of closed-circuit television cameras already monitoring people countrywide every day. ThruVision came up with the technology for the T5000 in collaboration with the European Space Agency and from studying research by astronomers into dying stars. The technology works on the basis that all people and objects emit low levels of electromagnetic radiation. Terahertz rays lie somewhere between infrared and microwaves on the electromagnetic spectrum and travel through clouds and walls. Depending on the material, the signature of the wave is different, so that explosives can be distinguished from a block of clay and cocaine is different from a bag of flour. (Reporting by Luke Baker) From rforno at infowarrior.org Sun Mar 9 23:54:11 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Mar 2008 19:54:11 -0400 Subject: [Infowarrior] - Heathrow to fingerprint all domestic passengers Message-ID: Heathrow airport first to fingerprint By David Millward and Gordon Rayner Last Updated: 6:22pm GMT 08/03/2008 http://www.telegraph.co.uk/news/main.jhtml?xml=/news/2008/03/07/nheathrow107 .xml Millions of British airline passengers face mandatory fingerprinting before being allowed to board flights when Heathrow?s Terminal 5 opens later this month. For the first time at any airport, the biometric checks will apply to all domestic passengers leaving the terminal, which will handle all British Airways flights to and from Heathrow. The controversial security measure is also set to be introduced at Gatwick, Manchester and Heathrow?s Terminal 1, and many airline industry insiders believe fingerprinting could become universal at all UK airports within a few years. All four million domestic passengers who will pass through Terminal 5 annually after it opens on March 27 will have four fingerprints taken, as well as being photographed, when they check in. To ensure the passenger boarding the aircraft is the same person, the fingerprinting process will be repeated just before they board the aircraft and the photograph will be compared with their face. BAA, the company which owns Heathrow, insists the biometric information will be destroyed after 24 hours and will not be passed on to the police. It says the move is necessary to prevent criminals, terrorists and illegal immigrants trying to bypass border controls. The company said the move had been necessitated by the design of Terminal 5, where international and domestic passengers share the same lounges and public areas after they have checked in. Without the biometric checks, the company says, potential criminals and illegal immigrants arriving on international flights or in transit to another country could bypass border controls by swapping boarding passes with a domestic passenger who has already checked in. They could then board the domestic flight, where proof of identity is not currently required, fly on to another UK airport and leave without having to go through passport control. Most other airports avoid the problem by keeping international and domestic passengers separate at all times, but the mixed lounges exist at Gatwick, Manchester and Heathrow?s Terminal 1. Gatwick and Manchester currently deal with the problem by photographing all passengers as they pass through security, and checking the picture against their face at the departure gate. Terminal 1 will soon introduce fingerprinting. Civil liberties campaigners have raised concerns about the possibility of security agencies trying to access the treasure trove of personal data in the future, adding that fingerprinting "will make innocent people feel like criminals". There are also fears that fingerprinting will add to the infamous "Heathrow hassle" which has led to some business travellers holding meetings in other countries because they want to avoid the sprawling, scruffy airport at any cost. Although fingerprinting is carried out at some foreign airports - most notably in the US - as part of immigration checks for international arrivals, Heathrow will be the first to fingerprint domestic passengers before they board their flights. Even if domestic passengers have a passport with them, they will still have to go through the biometric checks. Dr Gus Hosein, of the London School of Economics, an expert on the impact on technology on civil liberties, is one of the scheme?s strongest critics. He said: "There is no other country in the world that requires passengers travelling on internal flights to be fingerprinted. BAA says the fingerprint data will be destroyed, but the records of who has travelled within the country will not be, and it will provide a rich source of data for the police and intelligence agencies. "I grew up in a society where you only fingerprinted people if you suspected them of being criminals. By doing this they will make innocent people feel like criminals. "There will also be a suspicion that this is the thin end of the wedge, that we are being softened up by making fingerprinting seem normal in the run-up to things like ID cards." Mr Hosein claimed automatic fingerprint technology is only 90 per cent accurate at best, and clear fingerprints can be difficult to obtain. Simon Davies, of campaign group Privacy International, suggested a photograph alone would be a perfectly adequate - and much cheaper - way of identifying passengers. "If they are photographing people anyway, why can?t that be used as a means of identifying them, rather than taking biometric data?" he said. "It would probably be 50 times more reliable at a 50th of the cost. "Fingerprint recognition technology is far from perfect, and the experience in the US has shown that the information can only be used retrospectively, not in real time, as it takes so long to match a fingerprint to the one held on the database. "I think once again we are seeing the introduction of technology whose benefits are illusory." A spokesman for British Airways said: "We are supportive of the use of fingerprinting at Terminal 5. We need to make sure the right people get on the right flights and this will definitely help us to ease check-in and boarding procedures." BAA said the fingerprinting scheme was decided upon after consultation with the Home Office, and the company is keen to reassure passengers that their fingerprints will not be made available to any outside agency. A spokesman said: "The data will be destroyed after 24 hours. It will not be made available to the police or anyone else. This is purely for border and immigration control." International passengers will not be fingerprinted, as they must show a passport when they check in and before they board their flight. However, the fingerprinting of domestic passengers is expected to be the first step in the increasing use of the technology for people coming to and from Britain. Within the next few weeks BAA will announce plans for voluntary fingerprinting under a so-called "trusted traveller" scheme. Those willing to have their fingerprints and passport information stored would be able to bypass immigration queues by placing their finger on a scanner instead of waiting to have their passport checked. The move follows a trial of the technology, known as "miSense", at Heathrow last year. In the long term, fingerprinting could become even more widespread when the Government introduces tighter embarkation controls next year, which have not yet been specified but could range from having to show passports more often before boarding or using biometric checks. Officials began talks with the aviation industry within months of an alleged plot to blow up transatlantic airlines in August 2006. At the time, the Home Office refused to rule out the use of fingerprint and biometric checks as part of routine embarkation controls, and some industry insiders believe universal fingerprinting may be brought in when biometric passports are introduced in 2012. One option could be to routinely check fingerprints against the criminal record database - a step which is currently only taken when immigration officers have a reason to be suspicious. From rforno at infowarrior.org Sun Mar 9 23:56:58 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Mar 2008 19:56:58 -0400 Subject: [Infowarrior] - Washington Prepares for Cyber War Games Message-ID: Washington Prepares for Cyber War Games Week-Long Simulation Tests Agencies', Companies' Response to Online Attacks http://www.washingtonpost.com/wp-dyn/content/article/2008/03/07/AR2008030701 157_pf.html By Brian Krebs washingtonpost.com Staff Writer Friday, March 7, 2008; 7:44 AM The U.S. government will conduct a series of cyber war games throughout next week to test its ability to recover from and respond to digital attacks. Code-named 'Cyber Storm II,' this is the largest-ever exercise designed to evaluate the mettle of information technology experts and incident response teams from 18 federal agencies, including the CIA, Department of Defense, FBI, and NSA, as well as officials from nine states, including Delaware, Pennsylvania and Virginia. In addition, more than 40 companies will be playing, including Cisco Systems, Dow Chemical, McAfee, and Microsoft. In the inaugural Cyber Storm two years ago, planners simulated attacks against the communications and information technology sector, as well as the energy and airline industries. This year's exercise will feature mock attacks by nation states, terrorists and saboteurs against the IT and communications sector and the chemical, pipeline and rail transportation industries. Jerry Dixon, a former director of the National Cyber Security Division at the Department of Homeland Security who helped to plan both exercises, said Cyber Storm is designed to be a situational pressure-cooker for players: Those who adopt the proper stance or response to a given incident are quickly rewarded by having to respond to even more complex and potentially disastrous scenarios. Players will receive information about the latest threats in part from a simulated news outlet, and at least a portion of the feeds they receive will be intentionally misleading, Dixon said. 'They'll inject some red herring attacks and information to throw intelligence analysts and companies off the trail of the real attackers,' Dixon said. 'The whole time, the clock keeps ticking, and things keep getting worse.' At a cost of roughly $6.2 million, Cyber Storm II has been nearly 18 months in the planning, with representatives from across the government and technology industry devising attack scenarios aimed at testing specific areas of weakness in their respective disaster recovery and response plans. 'The exercises really are designed to push the envelope and take your failover and backup plans and shred them to pieces,' said Carl Banzhof, chief technology evangelist at McAfee and a cyber warrior in the 2006 exercise. Cyber Storm planners say they intend to throw a simulated Internet outage into this year's exercise, but beyond that they are holding their war game playbooks close to the vest. Individuals who helped plan the scenarios all have signed non-disclosure agreements about the details of the planned attacks. They will act as puppeteers apart from the participants, injecting events into the game from a command center at U.S. Secret Service headquarters in Washington, D.C. Meanwhile, players will participate via secure online connections from around the world. At its most basic, organizers say, the exercise tests the strength of relationships and trust between government officials and the private sector companies that control more than 80 percent of the nation's critical physical and cyber infrastructure. In Cyber Storm I, the Department of Homeland Security and the participating companies largely kept the exercise a secret until it was virtually completed. In fact, most of the companies that participated in Cyber Storm I did so anonymously, so that that private sector players only knew each other's respective companies by fictitious business names. The fact that so many companies have chosen to trumpet their participation in this year's exercise is a testament to how those trust relationships have grown in the intervening years, said Reneaue Railton, manager of critical infrastructure response for Cisco Systems, a company whose hardware devices help direct a large portion of the traffic on the Internet. 'All the companies that played did so anonymously,' Railton said. 'We didn't always know who we were contacting.' Railton, who helped plan the attack scenarios in this year's exercise, said Cyber Storm II promises to keep all participants on their toes, like an episode of the television show '24,' only for an entire work week at a time. Dozens of companies and government agencies from Australia, Canada, New Zealand and the United Kingdom will also participate in the war games and will keep the game in flux around the clock, she said. The war games will be far more realistic and inclusive for Australia, whose participation in the first Cyber Storm amounted to what a spokesperson for the Australian Attorney General's department called "a desktop exercise" that did not include any private sector companies. "This year, we're setting up an exercise control room and will be sending out injects to the players in both the private sector and the government," said Daniel Gleeson of the Australia's Attorney General's office. "So we'll be involved in this as it unfolds in real time, rather than just talking about what we'd do in those situations." From rforno at infowarrior.org Mon Mar 10 02:42:36 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 09 Mar 2008 22:42:36 -0400 Subject: [Infowarrior] - 9/11 and drinking water 'security' Message-ID: The following paragraph is taken from a large AP article on the levels of drugs found in US drinking water (Full article: http://tinyurl.com/ytegrw) "The drinking water in Dallas has been tested, but officials are awaiting results. Arlington, Texas, acknowledged that traces of a pharmaceutical were detected in its drinking water but cited post-9/11 security concerns in refusing to identify the drug." ....here's yet another case of "security" being invoked that likely does more harm than good. Does telling the local population WHAT IS IN THEIR DRINKING WATER constitute a security danger? I think not. Call me a risk-taker if you like, but I, and I bet a good deal of this country's populace, is more concerned about being "victimized" by poor drinking water in their homes, offices, and communities than the remote possibility of an attack by al-Qaeda or any number of nefarious Hollywood terror plots. I continue to believe that the outcome of "9/11" has not improved the acceptable definition of "public safety" in America, but rather changed it for the worse. Our various corporate and government entities are building a new definition of "public safety" based on the perpetuance of unfounded fear, civic ignorance and the avoidance of any objective notion of reality (or accountability) in conducting risk analysis or consequence management. Not only are we no more safer from terrorists now than we were 8 years ago, but as a result of how we responded to "9/11" we've become more vulnerable to other, perhaps more sinister and dangerous vulnerabilities - intentional or otherwise - within our national infrastructure. Indeed, we remain our own worst enemy. :( -rick Infowarrior.org From rforno at infowarrior.org Mon Mar 10 22:07:40 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Mar 2008 18:07:40 -0400 Subject: [Infowarrior] - NSA Ressurects TIA Message-ID: To quote Monty Python and his parrot...."it's not dead, it's resting!" NSA's Domestic Spying Grows As Agency Sweeps Up Data Terror Fight Blurs Line Over Domain; Tracking Email By SIOBHAN GORMAN March 10, 2008; Page A1 WASHINGTON, D.C. -- Five years ago, Congress killed an experimental Pentagon antiterrorism program meant to vacuum up electronic data about people in the U.S. to search for suspicious patterns. Opponents called it too broad an intrusion on Americans' privacy, even after the Sept. 11 terrorist attacks. But the data-sifting effort didn't disappear. The National Security Agency, once confined to foreign surveillance, has been building essentially the same system. < - > http://online.wsj.com/public/article_print/SB120511973377523845.html From rforno at infowarrior.org Tue Mar 11 03:20:08 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 10 Mar 2008 23:20:08 -0400 Subject: [Infowarrior] - KY Lawmaker Wants to Make Anonymous Internet Posting Illegal Message-ID: ....yeah, riiiiight! --rf Kentucky Lawmaker Wants to Make Anonymous Internet Posting Illegal Wednesday, Mar 05, 2008 - 11:11 PM Updated: 12:40 PM http://www.wtvq.com/content/midatlantic/tvq/video.PrintView.-content-article s-TVQ-2008-03-05-0011.html By Kellie Wilson E-mail | Biography Kentucky Representative Tim Couch filed a bill this week to make anonymous posting online illegal. The bill would require anyone who contributes to a website to register their real name, address and e-mail address with that site. Their full name would be used anytime a comment is posted. If the bill becomes law, the website operator would have to pay if someone was allowed to post anonymously on their site. The fine would be five-hundred dollars for a first offense and one-thousand dollars for each offense after that. Representative Couch says he filed the bill in hopes of cutting down on online bullying. He says that has especially been a problem in his Eastern Kentucky district. Action News 36 asked people what they thought about the bill. Some said they felt it was a violation of First Amendment rights. Others say it is a good tool toward eliminating online harassment. Represntative Couch says enforcing this bill if it became law would be a challenge. From rforno at infowarrior.org Tue Mar 11 11:56:50 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Mar 2008 07:56:50 -0400 Subject: [Infowarrior] - More on.... They Criticized Vista. And They Should Know In-Reply-To: Message-ID: ------ Forwarded Message From: security curmudgeon : Digital Domain : They Criticized Vista. And They Should Know. : By RANDALL STROSS : : http://www.nytimes.com/2008/03/09/business/09digi.html?pagewanted=print : : ONE year after the birth of Windows Vista, why do so many Windows XP users : still decline to ?upgrade?? http://windowssecrets.com/2008/03/06/02-Get-yourself-an-XP-system-while-you- still-can From rforno at infowarrior.org Tue Mar 11 15:20:11 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Mar 2008 11:20:11 -0400 Subject: [Infowarrior] - F-117 Stealth Fighter to Be Retired Message-ID: F-117 Stealth Fighter to Be Retired Tuesday March 11, 9:17 am ET By James Hannah, Associated Press Writer http://biz.yahoo.com/ap/080311/stealth_fighter.html?.v=1 US to Bid Farewell to Radar-Evading F-117 Stealth Fighter After 27 Years in Air Force Arsenal DAYTON, Ohio (AP) -- The world's first attack aircraft to employ stealth technology is slipping quietly into history. The inky black, angular, radar-evading F-117, which spent 27 years in the Air Force arsenal secretly patrolling hostile skies from Serbia to Iraq, will be put in mothballs next month in Nevada. ADVERTISEMENT Wright-Patterson Air Force Base in Dayton, which manages the F-117 program, will have an informal, private retirement ceremony Tuesday with military leaders, base employees and representatives from Holloman Air Force Base in New Mexico. The last of Lockheed Martin's F-117s scheduled to fly will leave Holloman on April 21, stop in Palmdale, Calif., for another retirement ceremony, then arrive on April 22 at their final destination: Tonopah Test Range Airfield in Nevada, where the jet made its first flight in 1981. The government has no plans to bring the fighter out of retirement, but could do so if necessary. "I'm happy to hear they are putting it in a place where they could bring it back if they ever needed it," said Brig. Gen. Gregory Feest, the first person to fly an F-117 in combat, during the 1989 invasion of Panama that led to the capture of dictator Manuel Noriega. The Air Force decided to accelerate the retirement of the F-117s to free up funding to modernize the rest of the fleet. The F-117 is being replaced by the F-22 Raptor, which also has stealth technology. The F-22s are being built by Lockheed Martin, Boeing and United Technologies Corp.'s Pratt & Whitney unit. Fifty-nine F-117s were made; 10 were retired in December 2006 and 27 since then, the Air Force said. Seven of the planes have crashed, one in Serbia in 1999. Stealth technology used on the F-117 was developed in the 1970s to help evade enemy radar. While not invisible to radar, the F-117's shape and coating greatly reduced its detection. The F-117, a single-seat aircraft, was designed to fly into heavily defended areas undetected and drop its payloads with surgical precision. A total of 558 pilots have flown the F-117 since it went operational. They dub themselves "bandits," with each given a "bandit number" after their first flight. Feest, who is Bandit 261, also led the first stealth fighter mission into Iraq during Desert Storm in 1991. He said the fire from surface-to-air missiles and anti-aircraft guns was so intense that he stopped looking at it to try to ease his fears. "We knew stealth worked and it would take a lucky shot to hit us, but we knew a lucky shot could hit us at any time," he said. Incredibly, not one stealth was hit during those missions, he said. From rforno at infowarrior.org Tue Mar 11 19:39:56 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Mar 2008 15:39:56 -0400 Subject: [Infowarrior] - Admiral Fallon Resigns as Head of Centcom In-Reply-To: Message-ID: Hrmmm. --rf http://www.foxnews.com/story/0,2933,336849,00.html Admiral Fallon Resigns as Head of Centcom Tuesday , March 11, 2008 WASHINGTON ? Admiral William Fallon, the head of U.S. Central Command, which leads U.S. operations in Iraq and Afghanistan is stepping down, Defense Secretary Robert Gates announced Tuesday. Gates said Fallon said misperceptions about differences between his ideas and U.S. policy are making it too difficult for him to operate. Gates said their differences are not extreme, but the misperception has become too great. I don't know whether he was misinterpreted or whether people attributed views to him that were not his views, but clearly there was a concern," Gates said. Copyright 2008 FOX News Network, LLC. All rights reserved. All market data delayed 20 minutes. From rforno at infowarrior.org Tue Mar 11 20:31:15 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Mar 2008 16:31:15 -0400 Subject: [Infowarrior] - Time to fight security superstition Message-ID: Time to fight security superstition * Cory Doctorow * guardian.co.uk, * Tuesday March 11 2008 This article was first published on guardian.co.uk on Tuesday March 11 2008. It was last updated at 11:21 on March 11 2008. http://www.guardian.co.uk/technology/2008/mar/11/politics.hitechcrime The Met's latest poster campaign urges Londoners who spot "unusual" activity to ring the police and let them know. Examples include someone taking pictures of CCTV cameras or acting out of the ordinary. After all, these are dangerous times, and we all must be vigilant. Contrast this for a moment with an earlier dangerous time: the Blitz. Bombs rained down upon London on a near-daily basis, killing, maiming and laying waste to whole neighbourhoods (one American friend recently described a trip around east London where his hosts pointed to every car park and said, "Of course, that was bombed in the Blitz" ? and came away with the impression that Hitler had dropped car parks on Hackney). Back then, the government's message to the people wasn't "Take your shoes off" or "place your liquids in this bag". Instead, King George's printer stuck up millions of royal red posters bearing the legend "KEEP CALM AND CARRY ON." The approaches are markedly different - eternal (even fearful) vigilance, versus a reassured, Zen-like calm. Which one makes us more secure? There's the rub. Verifying the security of a system is a tricky business. Even during the second world war, when secrecy over codes was paramount, Alan Turing's team at Bletchley Park broke the German cipher and began listening to practically every Nazi communiqu?. How did they outsmart the German mathematicians who designed Enigma? Bletchley spotted a mistake and used it to crack the system wide open. Mistakes happen all the time in mathematical ventures, which is why science relies on peer review. As Bruce Schneier says, "Anyone can design a security system so smart that he can't outsmart it". Until security is subjected to peer review, you can't know whether it's proof against the whole world, or just the people who are dumber than you are. Even though our lives increasingly defined by security measures, we can't know whether they are working without public peer review. Unfortunately, today's security cheerleaders have regressed to a more superstitious era, a time from before Bletchley Park's wizards won the second world war. The public isn't supposed to take photographs of CCTV cameras in case this knowledge can be used against them (despite the fact that surely terrorists can memorise their locations). We can't mention terrorist attacks at the airport while we're being subjected to systematic anti-dignity depredations; your bank won't let you open an account with a passport ? you need to supply a laser-printed utility bill as well ("to prevent money laundering" ? you can just hear Osama's chief forgers gnashing their teeth for lack of a piece of A4). The superstitions that grip airport checkpoints and banks are themselves a threat to security, because the security that does not admit of examination and discussion is no security at all. If terrorists are a danger to London, then the only way to be safe is to talk about real threats and real countermeasures, to question the security around us and shut down the systems that don't work. If you're worried about money-laundering, your bank should have real anti-laundering systems in place. If you're worried about bombings, you need a security system that works even when the locations of the CCTV cameras are public. If you're worried about identity theft, then the government had better have a bloody good plan for "revoking" your fingerprints and retinas should a bad guy figure out how to copy them. If you want your plane to be safe in the sky, you'd better know what new security you gain by removing your shoes and shedding your liquids while still taking to the sky with your highly explosive laptop battery and a huge bottle of duty free whiskey. We live in a world of threats that transcend our instincts and intuitions. Staying safe in the face of phishing attacks, viruses, identity theft, RFID skimming, and yes, even terrorists, requires that the public itself be security conscious. We can't rely on the authorities to defend us against attacks that outstrip their capacity to adapt to them. Remember, the same police force that's plastering London with signs exhorting us to "let experienced officers decide what action to take" is the same police force that gunned down a Brazilian for wearing an overcoat, and shut down Soho when a Thai restaurant burned its chilli sauce, releasing spicy smoke. Security literacy can only be acquired through continuous practice and evaluation. The more our society punishes those who question security, the less secure we all become. From rforno at infowarrior.org Wed Mar 12 03:01:29 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Mar 2008 23:01:29 -0400 Subject: [Infowarrior] - Wikileaks: Scientology's "Black Operations" Message-ID: scientology-frank-oliver-osa.pdf (click to view full file) Summary 208 scanned pages relating to the Church of Scientology's former "Office of Special Affairs" employee and subsequent apostate Frank Oliver. The documents are dated between 1986 and 1992 (inclusive), when, according to the file, Frank Oliver was declared a "suppressive person" and ex-communicated. Fank Oliver should be able to verify the material and has appeared in the media before on subjects relating to the church. Starting on page 107, the document shows that at the time of writing the Church of Scientology was actively engaged in black propaganda (especially concerning psychiatry), "fair game" and infiltration. < - > Slashdotted (er, probably Scientotted) link at the moment: http://wikileaks.org/wiki/Church_of_Scientology_Office_of_Special_Affairs_an d_Frank_Oliver ....but of course Bittorrent is your friend. http://thepiratebay.org/tor/4059049/New_scientology_dox__The_Computer_Frank_ Oliver_Dox From rforno at infowarrior.org Wed Mar 12 03:07:23 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 11 Mar 2008 23:07:23 -0400 Subject: [Infowarrior] - Telco Surveillance: Relief for Phone Firms Proposed Message-ID: Relief for Phone Firms Proposed But Wiretap Bill Doesn't Offer the Immunity Sought by Bush By Ellen Nakashima Washington Post Staff Writer Wednesday, March 12, 2008; A04 http://www.washingtonpost.com/wp-dyn/content/article/2008/03/11/AR2008031102 801_pf.html House Democratic leaders announced yesterday their support for providing some relief to phone companies that have been sued for assisting the Bush administration's warrantless surveillance program but reaffirmed their opposition to the legal immunity sought by the administration. The proposal would allow the companies, which face nearly 40 civil lawsuits in a federal court in San Francisco, to defend themselves in secret, in front of the judge but without the plaintiffs. Leaders intend to organize a floor vote on it tomorrow. Allowing such "ex parte" review of classified evidence is meant to defuse the administration's argument that the companies cannot respond to the lawsuits now without disclosing classified information that would harm national security, and that the companies should, therefore, be immunized. The decision not to budge on the immunity issue reflects an apparent calculation by the Democrats that they can continue to defy the White House on a security concern in an election year. "The Democrats always risk getting beaten up," said House Majority Leader Steny H. Hoyer (D-Md.) at a press briefing yesterday. "But . . . our citizens expect us to protect their private records while at the same time expecting us to facilitate the work of the intelligence community. I think that's what we've done." "We are not going to cave in to a retroactive immunity situation," Judiciary Committee Chairman John Conyers Jr. (D-Mich.) said. Democratic leaders said that they think they could pass the bill with support from the moderate-to-conservative Blue Dog Democrats. "I'm feeling very confident," Majority Whip James E. Clyburn (D-S.C.) said. The measure is part of a revised House bill that would update the 1978 Foreign Intelligence Surveillance Act, which the administration contends has been overtaken by technological advances and, especially in the case of e-mails, requires new provisions to allow intelligence agents to eavesdrop on communications involving foreign targets. White House press secretary Dana Perino said the House Democrats' bill is "dead on arrival" for several reasons, including its failure to provide the liability protection that is in the Senate bill. "It is clear that House Democratic leaders have once again bowed to the demands of class-action trial lawyers, MoveOn.org, and Code Pink and put their ideological interests ahead of the national interest," Perino said in a statement. She criticized the provision calling for the creation of a bipartisan commission to examine the administration's warrantless surveillance activities. "We can only draw one conclusion from this -- House leaders are more interested in playing politics with past efforts to protect the country than they are in preventing terrorist attacks in the future." The House yesterday defeated a Republican motion to approve the Senate-passed alternative, which the White House supports, making the existence of a standoff clear. Privacy advocate Kevin Bankston, a senior staff lawyer at the Electronic Frontier Foundation, said that having a secret court review is the only true compromise. "It allows the plaintiffs to have their day in court," he said. "It allows phone companies to put up their defense. It allows the process to proceed fairly and securely." But lawyer Michael Sussmann, a partner at Perkins Coie in Washington who represents communications providers, said the proposal "still exposes carriers to huge losses" and does not address their concerns about protracted litigation. Conyers said the bill is not a product of a conference committee but an effort "to try to push this difficult ball down the road a little further." A Democratic aide described it as a move to take "the state-secrets handcuff" off the companies. Senate Majority Leader Harry M. Reid yesterday called the House Democrats' proposal "a tremendous step forward," but an aide said the Nevada Democrat is not planning to take it to the floor soon. "Since Republicans have refused to participate in the negotiations that led to this bill, it seems unlikely to achieve 60 votes in the Senate," Reid spokesman Jim Manley said. "Republicans should stop playing games on this important issue." From rforno at infowarrior.org Wed Mar 12 13:11:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Mar 2008 09:11:34 -0400 Subject: [Infowarrior] - GoDaddy Silences Police-Watchdog Site RateMyCop.com Message-ID: GoDaddy Silences Police-Watchdog Site RateMyCop.com By Kevin Poulsen EmailMarch 11, 2008 | 8:42:42 PMCategories: Censorship, Cover-Ups http://blog.wired.com/27bstroke6/2008/03/godaddy-silence.html Ratemycop_2 A new web service that lets users rate and comment on the uniformed police officers in their community is scrambling to restore service Tuesday, after hosting company GoDaddy unceremonious pulled-the-plug on the site in the wake of outrage from criticism-leery cops. Visitors to RateMyCop.com on Tuesday were redirected to a GoDaddy page reading, "Oops!!!", which urged the site owner to contact GoDaddy to find out why the company pulled the plug. RateMyCop founder Gino Sesto says he was given no notice of the suspension. When he called GoDaddy, the company told him that he'd been shut down for "suspicious activity." When Sesto got a supervisor on the phone, the company changed its story and claimed the site had surpassed its 3 terabyte bandwidth limit, a claim that Sesto says is nonsense. "How can it be overloaded when it only had 80,00 page views today, and 400,000 yesterday?" Police departments became uneasy about RateMyCop's plans to watch the watchers in January, when the Culver City, California, startup began issuing public information requests for lists of uniformed officers. Then the site went live on February 28th. It stores the names and, in some cases, badge numbers of over 140,000 cops in as many as 500 police departments, and allows users to post comments about police they've interacted with, and rate them. The site garnered media interest this week as cops around the country complained that they'd be put at risk if their names were on the internet. "Having a website like that puts a lot of law enforcement, in my eyes, in danger because it exposes us out there," Officer Hector Basurto, vice president of the Latino Police Officers Association, told ABC television affiliate KGO. Since undercover officers aren't in the database, and the site has no personal information like home addresses, that fear seems unfounded. Chief Jerry Dyer, president of the California Police Chiefs Association, voices what sounds like a more honest concern: that officers will face "unfair maligning" by the citizens they serve. Sesto says police can post comments as well, and a future version of the site will allow them to authenticate themselves to post rebuttals more prominently. Chief Dyer wants to get legislation passed that would make RateMyCop.com illegal, which, of course, wouldn't pass constitutional muster in any court in America. Unfortunately for the startup, the company it chose for hosting is known to be quick to censor its customers. In January of last year, GoDaddy took down entire computer security website -- delisting it from DNS -- to get a single, archived mailing list post off the web. On that occasion, at least, it gave the site's owner 60 seconds notice. GoDaddy notified Seto by posting its "Oops!" message to his public website. "You put on my website for me to call you, when you have my phone number?," says Sesto. A GoDaddy spokeswoman says the company can't comment on the RateMyCop takedown due to its privacy policy. Sesto says he's already arranged hosting elsewhere, and hopes to have the site online Tuesday night. From rforno at infowarrior.org Wed Mar 12 18:45:30 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Mar 2008 14:45:30 -0400 Subject: [Infowarrior] - USAF Cyber Commander Q&A Message-ID: Here are the answers to your questions for Major General William T. Lord, who runs the just-getting-off-the ground Air Force Cyber Command. Before you ask: yes, his answers were checked by both PR and security people. Also, please note that this interview is a "first," in that Generals don't typically take questions from random people on forums like Slashdot, and that it is being watched all the way up the chain of command into the Pentagon. Many big-wigs will read what you post here -- and a lot of them are interested in what you say and may even use your suggestions to help set future recruiting and operational policies. A special "thank you" goes to Maj. Gen. Lord for participating in this experiment, along with kudos to the (necessarily anonymous) people who helped us arrange this interview. < - > http://interviews.slashdot.org/article.pl?sid=08/03/12/1427252 From rforno at infowarrior.org Thu Mar 13 03:03:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Mar 2008 23:03:54 -0400 Subject: [Infowarrior] - Pentagon Report on Saddam's Iraq Censored? Message-ID: Pentagon Report on Saddam's Iraq Censored? http://blogs.abcnews.com/rapidreport/2008/03/pentagon-report.html March 12, 2008 1:58 PM ABC News' Jonathan Karl Reports: The Bush Administration apparently does not want a U.S. military study that found no direct connection between Saddam Hussein and al Qaeda to get any attention. This morning, the Pentagon cancelled plans to send out a press release announcing the report's release and will no longer make the report available online. The report was to be posted on the Joint Forces Command website this afternoon, followed by a background briefing with the authors. No more. The report will be made available only to those who ask for it, and it will be sent via U.S. mail from Joint Forces Command in Norfolk, Virginia. It won't be emailed to reporters and it won't be posted online. Asked why the report would not be posted online and could not be emailed, the spokesman for Joint Forces Command said: "We're making the report available to anyone who wishes to have it, and we'll send it out via CD in the mail." Another Pentagon official said initial press reports on the study made it "too politically sensitive." ABC News obtained the comprehensive military study of Saddam Hussein's links to terrorism on Tuesday. Read the report's executive summary HERE. The study, which was due to be released Wednesday, found no "smoking gun" or any evidence of a direct connection between Saddam's Iraq and the al Qaeda terrorist organization. The report is based on the analysis of some 600,000 official Iraqi documents seized by US forces after the invasion. It is also based on thousands of hours of interrogations of former top officials in Saddam's government who are now in U.S. custody. Others have reached the same conclusion, but no previous study has had access to so much information. Further, this is the first official acknowledgement from the U.S. military that there is no evidence Saddam had ties to Al Qaeda. The study does, however, show that Saddam Hussein did much to support terrorism in the Middle East and used terrorism "as a routine tool of state power." Saddam's government, for example, had a program for the "development, construction, certification and training for car bombs and suicide vests in 1999 and 2000." The U.S. military is still dealing with the fall-out from this particular program. The report says Saddam's bureaucrats carefully recorded the regime's connections to Palestinian terrorists groups and its financial support for the families of suicide bombers. The primary target, however, of Saddam's terror activities was not the United States, and not Israel. "The predominant targets of Iraqi state terror operations were Iraqi citizens, both inside and outside of Iraq." Saddam's primary aim was self preservation and the elimination of potential internal threats to his power. Bush administration officials have made numerous attempts to link Saddam Hussein and the Al Qaeda terror group in their justification for waging war against Iraq. "What I want to bring to your attention today is the potentially much more sinister nexus between Iraq and the Al Qaida terrorist network," former U.S. Secretary of State Colin Powell told the United Nations February 5, 2003. On June 18, 2004 the Washington Post quoted President George W. Bush as saying: "The reason I keep insisting that there was a relationship between Iraq and Saddam and al Qaeda: because there was a relationship between Iraq and al Qaeda," Bush said. "This administration never said that the 9/11 attacks were orchestrated between Saddam and al Qaeda," The Washington Post quoted Bush as saying. "We did say there were numerous contacts between Saddam Hussein and al Qaeda." "We know he's out trying once again to produce nuclear weapons and we know that he has a long-standing relationship with various terrorist groups, including the al-Qaeda organization," Vice President Dick Cheney said on NBC's Meet The Press March 16, 2003. "But the cost is far less than it will be if we get hit, for example, with a weapon that Saddam Hussein might provide to al-Qaeda, the cost to the United States of what happened on 9/11 with billions and billions of dollars and 3,000 lives. And the cost will be much greater in a future attack if the terrorists have access to the kinds of capabilities that Saddam Hussein has developed," Cheney said. ''There is no question but that there have been interactions between the Iraqi government, Iraqi officials and Al Qaeda operatives. They have occurred over a span of some 8 or 10 years to our knowledge. There are currently Al Qaeda in Iraq,'' former Defense Secretary Donald Rumsfeld said in a interview with Infinity CBS Radio, Nov. 14, 2002. From rforno at infowarrior.org Thu Mar 13 03:32:58 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Mar 2008 23:32:58 -0400 Subject: [Infowarrior] - 2008 Pew News IQ survey Message-ID: The current Pew News IQ survey provides an updated look at the public's knowledge of political and world affairs. A total of 1,003 adults were interviewed Feb. 28-March 2 and asked to answer a series of 12 multiple choice questions. The margin of error for the poll is plus or minus 3.5 percentage points. < - > http://people-press.org/reports/display.php3?ReportID=401 From rforno at infowarrior.org Thu Mar 13 03:35:16 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 12 Mar 2008 23:35:16 -0400 Subject: [Infowarrior] - Video Road Hogs Stir Fear of Internet Traffic Jam Message-ID: March 13, 2008 Video Road Hogs Stir Fear of Internet Traffic Jam By STEVE LOHR http://www.nytimes.com/2008/03/13/technology/13net.html?_r=1&hp=&oref=slogin &pagewanted=print Caution: Heavy Internet traffic ahead. Delays possible. For months there has been a rising chorus of alarm about the surging growth in the amount of data flying across the Internet. The threat, according to some industry groups, analysts and researchers, stems mainly from the increasing visual richness of online communications and entertainment ? video clips and movies, social networks and multiplayer games. Moving images, far more than words or sounds, are hefty rivers of digital bits as they traverse the Internet?s pipes and gateways, requiring, in industry parlance, more bandwidth. Last year, by one estimate, the video site YouTube, owned by Google, consumed as much bandwidth as the entire Internet did in 2000. In a widely cited report published last November, a research firm projected that user demand for the Internet could outpace network capacity by 2011. The title of a debate scheduled next month at a technology conference in Boston sums up the angst: ?The End of the Internet?? But the Internet traffic surge represents more a looming challenge than an impending catastrophe. Even those most concerned are not predicting a lights-out Internet crash. An individual user, they say, would experience Internet clogging in the form of sluggish download speeds and frustration with data-heavy services that become much less useful or enjoyable. ?The Internet doesn?t collapse, but there would be a growing class of stuff you just can?t do online,? said Johna Till Johnson, president of Nemertes Research, which predicted the bandwidth squeeze by 2011, anticipating that demand will grow by 100 percent or more a year. Others are less worried ? at least in the short term. Andrew M. Odlyzko, a professor at the University of Minnesota, estimates that digital traffic on the global network is growing about 50 percent a year, in line with a recent analysis by Cisco Systems, the big network equipment maker. That sounds like a daunting rate of growth. Yet the technology for handling Internet traffic is advancing at an impressive pace as well. The router computers for relaying data get faster, fiber optic transmission gets better and software for juggling data packets gets smarter. ?The 50 percent growth is high. It?s huge, but it basically corresponds to the improvements that technology is giving us,? said Professor Odlyzko, a former AT&T Labs researcher. Demand is not likely to overwhelm the Internet, he said. The question of the problem?s severity is more than a technical one, since it will affect the shape and cost of the nation?s policy on broadband infrastructure, a matter that is expected to attract political attention after a new administration takes over in Washington. While experts debate the immediacy of the challenge, they agree that it points to a larger issue. In the Internet era, they say, high-speed networks are increasingly the economic and scientific petri dishes of innovation, spawning new businesses, markets and jobs. If American investment lags behind, they warn, the nation risks losing competitiveness to countries that are making the move to higher-speed Internet access a priority. ?The long-term issue is where innovation happens,? Professor Odlyzko said. ?Where will the next Google, YouTube, eBay or Amazon come from?? The Internet, though a global network, is in many ways surprisingly local. It is a vast amalgam of smaller networks, all linked together. The worries about digital traffic congestion are not really about the Internet?s main trunk lines, the equivalent of network superhighways. Instead, the problem is close to home ? the capacity of neighborhood switches, routers and pipes into a house. The cost of stringing high-speed optical fiber to a home, analysts estimate, can be $1,000 or more. That is why Internet access speeds vary so much country by country. They depend on local patterns of corporate investment and government subsidy. Frederick J. Baker, a research fellow at Cisco, was attending a professional conference last month in Taiwan where Internet access is more than twice as fast and costs far less than his premium ?high speed? service in California. ?When I mention my own service, people here shake their heads in disbelief,? said Mr. Baker, who is a board member of the Internet Society, a nonprofit organization that helps guide Internet standards and policy. In the United States, the investment required to cope with rising Internet traffic will need to be made at several levels, not just cable and telecommunications carriers. Tim Pozar, an engineer and a co-owner of the Internet services company UnitedLayer in San Francisco, said a number of forces were combining: the surge in bandwidth-hungry video applications on Web sites, the need to handle traffic from more Internet-enabled devices like cellphones, and shortages of electrical power for data centers in places like San Francisco. ?We?re running out of horsepower to accommodate the demand,? said Mr. Pozar, whose company?s data centers support Web sites for customers ranging from museums to social networks. ?And upgrades needed in data centers are going to be a lot more expensive than in the past, now that all the excess capacity left over after the dot-com bubble burst has been gobbled up.? The pace of future demand is the big uncertainty surrounding the Internet traffic challenge, and how fast people will adopt emerging technologies is notoriously difficult to foresee. In the aftermath of the bursting of the technology bubble in 2000, there was a glut of capacity ? so-called dark fiber, strung around the world and then left dormant. Now demand is catching up with that supply. In its prediction of more than 100 percent annual growth, Nemertes, a telecommunications research firm, assumes brisk use of new innovations like high-end videoconferencing, known as telepresence, which corporations are beginning to embrace as an alternative to costly, time-consuming travel. If this technology becomes a consumer product in the next few years, as some analysts predict, Internet traffic could spike even more sharply. Slick video chats are something that William Bentley, a 13-year-old New Yorker, would like to see. He is fairly representative of the next generation of digital consumer: He has made and posted his own YouTube videos, subscribes to YouTube channels, enjoys multiplayer games like World of Warcraft and Unreal Tournament, and downloads music and videos. Asked what he would want next from the Internet, he replied, ?It would be nice to have everybody always right there ? just click and you could see them clearly and talk to them.? That sort of service is certainly going to require more bandwidth and more investment, with higher costs across the spectrum of the Internet ecosystem that includes cable and telecommunications carriers, Internet companies, media Web sites and even consumers. AT&T, for one, said last week that it would spend $1 billion this year ? double its 2006 expenditures ? to expand its overseas infrastructure. But even if investment lags behind, there will be no Internet blackout. Indeed, the Internet has survived predictions of collapse in the past, most notably by Robert M. Metcalfe, a networking pioneer and entrepreneur, who in a 1995 magazine column warned of a ?catastrophic collapse? of the Internet in 1996. There were service problems, but nothing like Mr. Metcalfe predicted, and on stage at a conference in 1997 he ate his words. ?The Internet has proven to be wonderfully resilient,? said Mr. Metcalfe, who is now a venture capitalist. ?But the Internet is vulnerable today. It?s not that it will collapse, but that opportunities will be lost.? From rforno at infowarrior.org Thu Mar 13 15:18:24 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Mar 2008 11:18:24 -0400 Subject: [Infowarrior] - USF study: Red Light Cameras Ineffective Message-ID: Red Light Cameras Increase Crashes And Insurance Rates - Study Humphrey Cheung March 12, 2008 12:11 http://www.tomshardware.com/2008/03/12/red_light_cameras_increase_crashes_an d_insurance_rates_study/ Miami (FL) - A University Of South Florida College Of Public Health study says red light cameras actually increase the number and severity of crashes. The study examined red light camera accident data from around the United States and Canada and found an up to 40% increase in accident rates at some camera-equipped intersections. Researchers also contend that insurance companies benefit from the cameras by increasing the premiums of offenders. "The rigorous studies clearly show red-light cameras don't work," said lead author Barbara Langland-Orban, a professor at the University of South Florida. Orban's team compiled data from five red-light traffic studies and concluded that accident rates increase between 29 and 50 percent at most red-light camera intersections. One North Carolina study showed injury crashes actually rose between 40 and 50 percent over a five year period. Another Virginia Transportation Research Council study calculated an accident rate increase of 29 percent. The main cause of accidents was people slamming on the brakes to avoid going through a yellow light. Orban claims drivers would normally go through a yellow light at uncontrolled intersections. Red-light camera supporters have often claimed that the cameras reduce the number of more severe side-impact or "T-Bone" crashes, but the USF study found that controlled intersections saw no measurable decrease in severe accident rates. Florida has so far banned cities and counties from using red-light cameras, but Hillsborough County has recently approved the installation of 10 red-light cameras. Red-light ticket revenue has been a windfall for cash-strapped cities. San Diego made $30 million in 18 months from such tickets with $7 million coming from one camera. Hundreds of those tickets were thrown out in August 2001 by Superior Court Judge Ronald Styn after discovering that red-light camera maker Lockheed Martin IMS received $70 per ticket. Orban is advocating giving drivers more time to safely clear the intersection by increasing yellow light times or by making a brief all-red intersection. From rforno at infowarrior.org Thu Mar 13 15:43:58 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Mar 2008 11:43:58 -0400 Subject: [Infowarrior] - Bush Warns House on Surveillance Message-ID: Bush Warns House on Surveillance By BRIAN KNOWLTON Published: March 13, 2008 http://www.nytimes.com/2008/03/13/washington/13cnd-fisa.html?_r=1&hp&oref=sl ogin WASHINGTON ? With the House poised to vote today on electronic surveillance legislation that the White House has said falls far short of its requirements, President Bush warned legislators strongly Thursday morning against passing what he called ?a partisan bill that will undermine American security.? In clear defiance of the White House, the proposal from House Democratic leaders would not give retroactive legal protection to the phone companies that helped in the National Security Agency program of warrantless wiretapping. Mr. Bush also threatened to veto any such measure, should it reach his desk. The Senate last month passed a bill that did provide such protection and also broadened government eavesdropping powers. Using tough language on a subject on which he has been persistent and unswerving, Mr. Bush warned House members that ?they should not leave for Easter recess without getting the Senate bill to my desk.? He argued that failure to pass the Senate language would make it harder to detect emerging terrorist threats. ?Voting for this bill would make our country less safe,? Mr. Bush said. ?Congress should stop playing politics with the past and focus on helping us prevent attacks in the future.? Democrats have accused the president of fear-mongering, saying surveillance can be monitored more carefully without losing its effectiveness. Administration officials say that the Democrats know that the House version would face probable defeat in the Senate. Mr. Bush has threatened, in any case, to veto such language. But House Democratic leaders have shown themselves more ready than in the past for a fight on national security. Mr. Bush also argued again that the House Democrats? approach would unfairly expose the phone companies to lawsuits that could potentially be enormously expensive. ?House leaders simply adopted the position that class-action trial lawyers are taking in the multibillion law suits they have filed? against the phone companies, he said. This ?would undermine the private sector?s willingness to cooperate with the intelligence community, cooperation that is essential to protecting our country from harm.? Instead of giving the companies blanket immunity, as the Senate would do, the House proposal was understood to give the federal courts special authorization to hear classified evidence and decide whether the phone companies should be held liable. But the president said that this approach ?could reopen dangerous intelligence gaps by putting in place a cumbersome court approval process that would make it harder to collect intelligence on foreign terrorists? and could lead, he said, to disclosure of state secrets. ?Their partisan legislation would extend protections we enjoy as Americans to foreign terrorists overseas,? Mr. Bush said. In a statement yesterday, 19 Democratic members of the House Judiciary Committee questioned the administration?s arguments. ?We have concluded that the administration has not established a valid and credible case justifying the extraordinary action of Congress enacting blanket retroactive immunity as set forth in the Senate bill,? they said. Some 40 lawsuits are pending in federal courts, charging that by cooperating with the eavesdropping program put in place after the Sept. 11, 2001, attacks, the phone companies violated their responsibilities to customers and federal privacy laws. From rforno at infowarrior.org Thu Mar 13 18:03:46 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Mar 2008 14:03:46 -0400 Subject: [Infowarrior] - Russia adopts color-coded terror alert scheme In-Reply-To: <2BE5B2D4-0640-47D9-8E49-B32535C658DC@freezemusic.com> Message-ID: Russia Today video of the story, with English translations. http://www.youtube.com/watch?v=kSul3dp68e8&feature=user From rforno at infowarrior.org Thu Mar 13 19:15:11 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Mar 2008 15:15:11 -0400 Subject: [Infowarrior] - Report: FBI Misused Information-Gathering Powers Message-ID: Report: FBI Misused Information-Gathering Powers By Dan Eggen Washington Post Staff Writer Thursday, March 13, 2008; 2:10 PM http://www.washingtonpost.com/wp-dyn/content/article/2008/03/13/AR2008031302 277_pf.html The FBI continued to improperly obtain private telephone, e-mail and financial records five years after it was granted expanded powers under the USA Patriot Act, according to a report issued today. In a review focusing on FBI investigations in 2006, Justice Department Inspector General Glenn A. Fine found numerous privacy breaches by the bureau in its use of national security letters, or NSLs, which allowed the FBI to obtain personal information on tens of thousands of Americans and foreigners without approval from a judge. The findings mirror a report issued by Fine's office last year, which concluded that the FBI had improperly used the letters to obtain telephone logs, banking records and other personal data for three previous years, from 2003 to 2005. The pattern persisted in 2006, Fine concluded in the report issued today, in part because the FBI had not yet halted the shoddy recordkeeping, poor oversight and other practices that contributed to the problems. He also said it was unclear whether reforms enacted by the Justice Department and FBI last year will address all the issues identified by his investigators. "The FBI and Department of Justice have shown a commitment to addressing these problems," Fine said in a statement. "However, several of the FBI's and the Department's corrective measures are not yet fully implemented, and it is too early to determine whether these measures will eliminate the problems with the use of these authorities." The findings reignited criticism today from Democrats and civil liberties groups, who said the FBI's repeated misuse of its information-gathering powers underscores the need for greater oversight by Congress and the courts to protect the constitutional rights of U.S. citizens and legal residents. Rep. John Conyers Jr. (D-Mich.), chairman of the House Judiciary Committee, drew a comparison between the FBI's NSL abuses and the Bush administration's push to enact a new surveillance law that would expand the government's ability to spy on Americans without warrants. President Bush has threatened to veto a bill introduced this week by House Democrats that would place more limits on surveillance capabilities than the administration favors and would not give telecommunication companies immunity from lawsuits for past aid they provided the government. "At the same time the administration is trying to intimidate the Congress into giving it additional spying power, we find out yet again that it has abused its authority to pry into the lives of law abiding Americans," Conyers said in a statement. Justice spokesman Dean Boyd said in a statement that Fine's report "should come as no surprise" because it focused on a period prior to the time a host of procedural changes were introduced at the FBI, including creation of the Office of Integrity and Compliance to oversee the use of security letters and other special powers. "The Inspector General correctly emphasizes the need for sustained oversight of the FBI's use of NSLs and concludes that the senior leadership of the Justice Department and the FBI are committed to addressing these issues and continue to devote significant energy, time, and resources to this effort," Boyd said. According to Fine's report, the FBI continued to rely heavily on national security letters in counterterrorism, counterintelligence and cybercrime investigations, issuing nearly 50,000 of the documents in 2006 alone. Nearly 200,000 were issued from 2003 through 2006, the report said, and were used in a third of all FBI national security probes during that time. Fine said that FBI employees "self-reported" 84 possible violations of laws or guidelines for the use of NSLs in 2006, which "was significantly higher than the number of reported violations in prior years." But Fine noted that his office already had begun its initial probe into NSLs by that time, which might have contributed to the increase. The violations that were reported by the FBI included issuing NSLs without correct authorizations, the "over-collection" of telephone or Internet records and making improper requests in the letters. About a quarter of the incidents were due to mistakes by telephone or Internet providers, but many of those cases should have been caught by the FBI earlier, Fine said. Today's report did not address allegations related to other documents, including "blanket NSLs" and exigency letters, that have been used by the FBI to gather vast amounts of data without court oversight. Fine said he will issue a separate report on those issues in coming weeks. From rforno at infowarrior.org Thu Mar 13 21:09:40 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Mar 2008 17:09:40 -0400 Subject: [Infowarrior] - FISA: House going into closed session Message-ID: House to go into rare closed session http://www.politico.com/blogs/thecrypt/0308/House_to_go_into_rare_closed_ses sion.html The House will go into a rare closed session Thursday night to debate a controversial electronic surveillance measure. It is the first closed session since 1983 and only the fifth in congressional history. House Minority Whip Roy Blunt (R-Mo.) plans to offer a motion on the issue as soon as the House finishes work on the budget. During the session, the chamber will discuss an update to the Foreign Intelligence Surveillance Act that has been gridlocked for months over the issue of granting immunity to telecom companies who aided the government in the wake of the Sept. 11. Privately, House aides were speculating that the closed session will give House Democratic leaders a chance to whip support for the measure, which is not ensured of passage. A large bloc of moderate "blue dog" Democrats have previously expressed their desire for the House to take up the Senate bill. While House Majority Whip James Clyburn (D-S.C.) expressed confidence earlier in the week that the bill would pass, however, a defection by the "Blue Dogs" could threaten the passage of the bill, which would be a major setback for House Democratic leaders who have worked furiously for weeks to craft a compromise. Following the closed session, the House will debate the FISA bill, which does not include immunity. The Senate has already passed their own version with immunity ? a bill President Bush has urged the House to sign. On Thursday morning, Bush issued a statement saying he would veto the bill if it ever reached its desk. House Majority Leader Steny Hoyer (D-Md.) agreed to the session Thursday afternoon. "Mr. Blunt stated that Members in the Minority believe they have information relevant to the debate on FISA that cannot be publicly discussed," Hoyer said. "The majority agreed to Mr. Blunt?s request so that the Members may hear this information in a secret session that will proceed for one hour." A closed session would require at least three hours for security personnel to sweep the chamber for listening devices. "All of our members need to hear and have a chance to think about this information," said Blunt House Judiciary Committee Chairman Rep. John Conyers Jr. (D-Mich.) said he was skeptical the closed session would change any minds on the issue and may end up costing the Republicans support. "As someone who has chaired classified hearings and reviewed classified materials on this subject, I believe the more information Members receive about this Administration's actions in the area of warrantless surveillance, the more likely they are to reject the administration's scare tactics and threats." From rforno at infowarrior.org Fri Mar 14 03:50:47 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 13 Mar 2008 23:50:47 -0400 Subject: [Infowarrior] - Inventor of 'ELIZA' program dead Message-ID: March 13, 2008 Joseph Weizenbaum, Famed Programmer, Is Dead at 85 By JOHN MARKOFF http://www.nytimes.com/2008/03/13/world/europe/13weizenbaum.html?pagewanted= print Joseph Weizenbaum, whose famed conversational computer program, Eliza, foreshadowed the potential of artificial intelligence, but who grew skeptical about the potential for technology to improve the human condition, died on March 5 in Gr?ben, Germany. He was 85. The cause was complications of cancer, said his daughter Sharon Weizenbaum. Eliza, written while Mr. Weizenbaum was a professor at the Massachusetts Institute of Technology in 1964 and 1965 and named after Eliza Doolittle, who learned proper English in ?Pygmalion? and ?My Fair Lady,? was a groundbreaking experiment in the study of human interaction with machines. The program made it possible for a person typing in plain English at a computer terminal to interact with a machine in a semblance of a normal conversation. To dispense with the need for a large real-world database of information, the software parodied the part of a Rogerian therapist, frequently reframing a client?s statements as questions. In fact, the responsiveness of the conversation was an illusion, because Eliza was programmed simply to respond to certain key words and phrases. That would lead to wild non sequiturs and bizarre detours, but Mr. Weizenbaum later said that he was stunned to discover that his students and others became deeply engrossed in conversations with the program, occasionally revealing intimate personal details. ?It was amazing the extent that people did not understand they were talking to a computer,? said Robert Fano, emeritus professor of electrical engineering and computer science at M.I.T. In the wake of the creation of Eliza, which was described in a technical paper in January 1966, a group of M.I.T. scientists, including Claude Shannon, a pioneer in the field of cybernetics, met in Concord, Mass., to discuss the social implications of the phenomenon, Mr. Fano said. The seductiveness of the conversations alarmed Mr. Weizenbaum, who came to believe that an obsessive reliance on technology was indicative of a moral failing in society, an observation rooted in his experiences as a child growing up in Nazi Germany. In 1976, he sketched out a humanist critique of computer technology in his book ?Computer Power and Human Reason: From Judgment to Calculation.? The book did not argue against the possibility of artificial intelligence but rather was a passionate criticism of systems that substituted automated decision-making for the human mind. In the book, he argued that computing served as a conservative force in society by propping up bureaucracies as well as by redefining the world in a reductionist sense, by restricting the potential of human relationships. ?He raised questions about what kinds of relationships we want to have with machines very early,? said Sherry Turkle, a professor in the program in science, technology and society at M.I.T. who taught courses with Mr. Weizenbaum on the social implications of technology. Mr. Weizenbaum also believed that there were transcendent qualities in the human experience that could not be duplicated in interactions with machines. He described it in his book as ?the wordless glance that a father and mother share over the bed of their sleeping child,? Ms. Turkle said. The book drove a wedge between Mr. Weizenbaum and other members of the artificial intelligence research community. In his later years he said he came to take pride in his self-described status as a ?heretic,? estranged from the insular community of elite computer researchers. Joseph Weizenbaum was born on Jan. 8, 1923, in Berlin. He was the second son of Jechiel Weizenbaum, a furrier, and his wife, Henrietta. The family was forced to leave Berlin in 1935 when the Nazis enacted anti-Semitic legislation, and they emigrated the next year from Bremen, Germany, to the United States. He began studies in mathematics at Wayne State University in Detroit in 1941, but left the next year to join the Army Air Corps, in which he served as a meteorologist. After the war he returned to complete his studies at the mathematics department, where he worked on the development and programming of the first large computers. In 1952, he went into industry, working on an early General Electric computer development project for the Bank of America. In 1962, he was invited to become a visiting professor at M.I.T. and in 1970 became a professor of computer science at the school. Attracted by his childhood experiences and the German language, Mr. Weizenbaum decided to return to Germany in 1996. His social criticism of computing technology was warmly received by a younger generation there. Much honored in German, he spoke frequently on the political and social consequences of technology. His marriage to Ruth Manes Weizenbaum ended in divorce. Besides his daughter Sharon, of Amherst, Mass., he is survived by three other daughters: Miriam, of Providence, R.I.; Naomi, of Gr?ben; and Pm, of Seattle. From rforno at infowarrior.org Fri Mar 14 18:39:00 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Mar 2008 14:39:00 -0400 Subject: [Infowarrior] - House Passes New Surveillance Bill Message-ID: House Passes New Surveillance Bill By PAMELA HESS The Associated Press Friday, March 14, 2008; 2:21 PM http://www.washingtonpost.com/wp-dyn/content/article/2008/03/14/AR2008031400 803_pf.html WASHINGTON -- The House on Friday narrowly approved a Democratic bill that would set rules for the government's eavesdropping on phone calls and e-mails inside the United States. The bill, approved as lawmakers departed for a two-week break, faces a veto threat from President Bush. The margin of House approval was 213 to 197, largely along party lines. Because of the promised veto, "this vote has no impact at all," said Republican Whip Rep. Roy Blunt of Missouri. The president's main objection is that the bill does not protect from lawsuits the telecommunications companies that allowed the government to eavesdrop on their customers without a court's permission after the Sept. 11, 2001, terrorist attacks. The vote sent the bill to the Senate, which has passed its own version that includes the legal immunity for telecom companies that Bush is insisting on. Without that provision, House Republicans said, the companies won't cooperate with U.S. intelligence. "We cannot conduct foreign surveillance without them. But if we continue to subject them to billion-dollar lawsuits, we risk losing their cooperation in the future," said Rep. Lamar Smith, R-Texas. The government does have the power to compel telecommunications companies to cooperate with wiretaps if it gets warrants from a secret court. The government apparently did not get such warrants before initiating the post-9/11 wiretaps, which are the basis for the lawsuits. House Intelligence Committee Chairman Silvestre Reyes, D-Texas, said the bill is meant to fix that. It would let a judge determine whether lawsuits should be dismissed, rather than having Congress make that decision. "I believe that the nation is deeply concerned about what has gone on for the last seven years, and I want to restore some of the trust in the intelligence community," Reyes said. About 40 lawsuits have been filed against telecommunications companies by people and organizations alleging the companies violated wiretapping and privacy laws. The lawsuits have been combined and are pending before a single federal judge in California. The Democrats' measure would encourage the judge to review in private the secret government documents underpinning the program to decide if the companies acted lawfully. The administration has prevented those documents from being revealed, even to a judge, by invoking the state secrets privilege. That puts the companies in a bind because they are unable to defend themselves. Just a fraction of Congress has been granted access to the records. Democrats argued against quashing the lawsuits without knowing in detail why the immunity is necessary. Rep. Jane Harman, D-Calif., said the government may have as many as five ongoing clandestine surveillance programs. "Congress is not fully informed, and it would be reckless to grant retroactive immunity without knowing the scope of programs out there," Harman said. "All members of Congress should see those documents so they could see the breadth and scope" of the wiretapping program, said Rep. John Tierney, D-Mass. The surveillance law is intended to help the government pursue suspected terrorists by making it easier to eavesdrop on international phone calls and e-mails between foreigners abroad and Americans in the U.S, and remove barriers to collecting purely foreign communications that pass through the United States_ for instance, foreign e-mails stored on a server. A temporary law expired Feb. 16 before Congress was able to produce a replacement bill. Bush opposed an extension of the temporary law as a means to pressure Congress into accepting the Senate version of the surveillance legislation. Bush and most Capitol Hill Republicans say the lawsuits are damaging national security and unfairly punish telecommunications companies for helping the government in a time of war. "There is not one iota of evidence that the companies acted inappropriately whatsoever," said Rep. Dan Lungren, R-Calif. Democrats say the bill protects the privacy rights of Americans by making sure the telecommunications companies _ and the wiretapping program _ did not violate any laws. "We have the opportunity to serve the protection of our country ... and uphold our oath to preserve and protect the Constitution of the United States," said House Majority Leader Steny Hoyer, D-Md. "Let us take that opportunity." The Democratic bill also would initiate a yearlong bipartisan panel modeled after the 9/11 Commission to investigate the administration's so-called warrantless wiretapping program. Friday's vote came after House Republicans forced a rare, late-night secret session of Congress on Thursday to discuss the bill. It was the first such session of the House in a quarter century; the last one was in 1983, on U.S. support for paramilitary operations in Nicaragua. Only five closed sessions have occurred in the House since 1825. Democratic Rep. Sheila Jackson-Lee of Texas said she didn't believe any minds were changed on the bill. "We couldn't have gone more of an extra mile to make sure we're doing the best for national security," she said. ? 2008 The Associated Press From rforno at infowarrior.org Fri Mar 14 19:00:52 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Mar 2008 15:00:52 -0400 Subject: [Infowarrior] - Botnet Operator Pleads Guilty In-Reply-To: Message-ID: (c/o dissent) Botnet Operator Pleads Guilty Fri, 2008-03-14 http://www.technologynewsdaily.com/node/9388 Robert Matthew Bentley, 21, Panama City, Florida, has plead guilty to conspiracy to commit computer fraud and computer fraud. Bentley was indicted by a federal grand jury in Pensacola, Florida in November 2007. The case originated in December 2006 when the London Metropolitan Police (?The Met?) Computer Crime Unit requested assistance from the United States Secret Service after European representatives of the United States-based ?Newell Rubbermaid? Corporation and at least one other European-based company contacted The Met to report a computer intrusion against the companies? European networks. The indictment resulted from a multi-year criminal investigation by the United States Secret Service, primarily involving the London (England) Resident Office, the Paris (France) Field Office, the Philadelphia (Pennsylvania) Field Office, the Seattle (Washington) Field Office, the Jacksonville (Florida) Field Office, the Tallahassee (Florida) Resident Office, the Panama City (Florida) Field Office, the Santa Ana (California) Resident Office, the Los Angeles (California) Field Office, the Wilmington (Delaware) Field Office, and the CERT Coordination Center at Carnegie Mellon (Pittsburgh, Pennsylvania). Secret Service worked the investigation together with the Finland National Bureau of Investigation, the London Metropolitan Police, the Westminster (California) Police Department, and the Federal Bureau of Investigation Philadelphia (Pennsylvania) Field Office. Bentley agreed to a detailed factual summary filed at the time of his guilty plea outlining his role in the computer intrusions. Bentley and other unnamed co-conspirators infected hundreds of computers in Europe with ?adware? that cost tens of thousands of dollars to detect and neutralize. Bentley and others received payment through a Western European-based operation called ?Dollar Revenue? for unauthorized intrusions and placement of the adware. Bentley used computers in the Northern District of Florida to accomplish the intrusions and to receive payment. United States Attorney Miller observed, ?The identification, indictment, and conviction of Bentley constitutes a significant success in a complex international investigation, and resulted from the outstanding cooperation of the many participating law enforcement agencies. The use of ?botnets??a series of computers covertly controlled by Bentley and his co-conspirators to accomplish the intrusion of victim computer systems?is a major focus of computer-related criminal investigations worldwide. Botnets are responsible for much of the malicious activity conducted on the internet. ?Botherders? or ?Botmasters? operate within a group of computer hackers on a global scale, making this computer crime one of the most pervasive forms of organized criminal activity plaguing law enforcers in this country and abroad.? Bentley is scheduled to be sentenced by United States District Judge Richard Smoak on May 28, 2008. He faces a maximum penalty of 10 years imprisonment, a $250,000 fine, and 3 years of supervised release for each charge. He must pay a special monetary assessment of $100 for each charge. From rforno at infowarrior.org Fri Mar 14 20:56:48 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Mar 2008 16:56:48 -0400 Subject: [Infowarrior] - Pentagon Cancels Online Iraq Report -- But Here It Is (PDF Copy) In-Reply-To: Message-ID: (thanks to R. for this link!) Pentagon Cancels Online Iraq Report -- But Here It Is Greetings. The Pentagon abruptly canceled plans to post online a new report (and also canceled a related background briefing) that concludes the lack of a link between Saddam Hussein's Iraq and al Qaeda. DOD is also now refusing to e-mail out copies of the report, and is only making it available in physically mailed CD-ROM form upon request. In an age when any "good news" about the war in Iraq goes online immediately from the Pentagon's PR machine, the word is that DOD decided that this report was too politically sensitive to be made easily and widely available via the Internet. Fascinating. Nevertheless, redacted (obviously scanned) versions of the executive summary and the main body of this report are already circulating, and I've saved copies for your edification if you so desire: http://lauren.vortex.com/archive/000376.html Mirrored at: http://infowarrior.org/users/rforno/pentagon-iraq-report/ From rforno at infowarrior.org Fri Mar 14 23:57:30 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Mar 2008 19:57:30 -0400 Subject: [Infowarrior] - Right now, feds might be looking into your finances Message-ID: Right now, feds might be looking into your finances Banks tip off government to possible money laundering, fraud By Thomas Frank USA TODAY http://www.usatoday.com/printedition/news/20080312/a_financial12.art.htm WASHINGTON ? Each year, federal agents peek at the financial transactions of millions of Americans ? without their knowledge. The same type of information that raised suspicions about New York Gov. Eliot Spitzer is reviewed every day by authorities to find traces of money laundering, check fraud, identity theft or any crime that may involve a financial institution. As concerns about fraud and terrorist financing grow, an increasing number of suspicious deposits, withdrawals and money transfers are being reported by banks and others to the federal government. Banks and credit unions as well as currency dealers and stores that cash checks reported a record 17.6 million transactions to the Financial Crimes Enforcement Network in 2006, according to a report from the network, a bureau of the U.S. Treasury Department. "I don't think Americans understand that their financial transactions are being reported and routinely examined," said Barry Steinhardt of the American Civil Liberties Union. The Treasury Department's database now contains records of more than 100 million financial transactions going back to at least 1996, said network spokesman Steve Hudak. Teams of agents from the FBI, IRS, Drug Enforcement Administration and other agencies regularly review newly filed financial reports and launch investigations. Federal and local authorities search the database to find information about people that can help ongoing probes. Treasury Department analysts study the reports to detect trends in fraud and issue reports alerting financial institutions. "The government has access to untold volumes of records and can draw all sorts of conclusions about us, and many are going to be wrong," Steinhardt said. Bankers disagree. "For the typical bank customer, this means very little because there's nothing they're doing that's likely to be viewed as out of the ordinary," said Richard Riese, head of regulatory compliance for the American Bankers Association. The reporting system dates to the early 1970s when federal agents sought to pinpoint drug dealers by looking for people making large cash deposits. Financial institutions have long been required to report cash transactions over $10,000. Those reports ? simple notices of a deposit or withdrawal ? account for more than 90% of the records the enforcement network gets each year. Far more controversial are secret "suspicious activity reports" filed by financial institutions and reviewed by teams of agents spread around the country. The investigation of Spitzer began when a bank spotted potentially suspicious transfers from several accounts and filed reports with the IRS, according to a federal official who spoke on condition of anonymity. The official did not want his name used because he's not authorized to discuss the case publicly. The number of suspicious activity reports soared from 413,000 in 2003 to 1 million in 2006, according to the enforcement network. Federal law requires the reports to remain secret. They are written by officers at financial institutions who specialize in detecting suspicious activity, such as a series of large transactions. The analysis can protect customers by spotting unusual withdrawals that may indicate fraud, said Robert Rowe, senior regulatory counsel of the Independent Community Bankers of America. Many of the reports are a waste, said Riese of the bankers association. "We're reporting on a lot of things everybody knows law enforcement doesn't have the resources to pursue," he said. Hudak said the "vast majority" of reports "are filed for a good reason. ? There are law enforcement officials and investigators who use these reports and read them every day." From rforno at infowarrior.org Sat Mar 15 01:49:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 14 Mar 2008 21:49:34 -0400 Subject: [Infowarrior] - Music Industry Proposes a Piracy Surcharge on ISPs Message-ID: Music Industry Proposes a Piracy Surcharge on ISPs By Frank Rose Email 03.13.08 | 12:00 AM http://www.wired.com/entertainment/music/news/2008/03/music_levy? Having failed to stop piracy by suing internet users, the music industry is for the first time seriously considering a file sharing surcharge that internet service providers would collect from users. In recent months, some of the major labels have warmed to a pitch by Jim Griffin, one of the idea's chief proponents, to seek an extra fee on broadband connections and to use the money to compensate rights holders for music that's shared online. Griffin, who consults on digital strategy for three of the four majors, will argue his case at what promises to be a heated discussion Friday at South by Southwest. "It's monetizing the anarchy," says Peter Jenner, head of the International Music Manager's Forum, who plans to join Griffin on the panel. Griffin's idea is to collect a fee from internet service providers -- something like $5 per user per month -- and put it into a pool that would be used to compensate songwriters, performers, publishers and music labels. A collecting agency would divvy up the money according to artists' popularity on P2P sites, just as ASCAP and BMI pay songwriters for broadcasts and live performances of their work. The idea is controversial but -- as Griffin and Jenner point out -- hardly without precedent. The concept of collecting a fee for unauthorized use of music was developed in France in 1851 as a way of reimbursing composers whose work was being performed without their permission in cafes and the like. The practice spread to the United States in 1914 and currently applies to radio airplay and webcasts in addition to live performances. In a 2004 white paper, the Electronic Frontier Foundation called for it to be applied to file sharing, but the Recording Industry Association of America immediately dismissed the proposal. Things are different now. "The labels are beginning to like the idea of an access-to-music charge," says Jenner, who once managed Pink Floyd and the Clash, "because they're increasingly aware that their current model is broken." U.S. music sales, which peaked in 1999 at nearly $15 billion, dropped to $11.5 billion in 2006. Last year's figures are still being tallied, but with CD sales cratering and online sales overwhelmingly dominated by singles, the only question is how far they'll fall. Meanwhile, the industry's antipiracy efforts appear more and more futile. Digital rights management, long touted as a solution, has been all but abandoned. And though the RIAA is said to have threatened or taken action against some 20,000 suspected file sharers, the market-research firm NPD Group reports that nearly 20 percent of U.S. internet users downloaded music illegally last year. The score to date: 0.02 million alleged P2P users down, 40.98 million to go. At the music industry trade show MIDEM last year, John Kennedy, the head of IFPI -- the RIAA's international affiliate organization -- offered modest support for the kind of licensing fee Griffin and Jenner propose. "It's a model worth looking at," he said at a press conference. "If the ISPs want to come to us and look for a blanket license for an amount per month, let's engage in that discussion." The tone at the January 2008 MIDEM in Cannes, France, was more combative. Longtime U2 manager Paul McGuinness said in a widely reported speech that it was time to hold ISPs responsible for the file sharing deluge. McGuinness wants network operators to cut off those the industry deems offenders -- an approach France's Sarkozy government is already pushing in that country. "If ISPs do not cooperate voluntarily," McGuinness declared, "there will need to be legislation to force them to cooperate," McGuinness said. Behind closed doors, however, MIDEM attendees discussed the prospect of collecting money from ISPs instead. An invitation-only meeting on the subject drew about 50 people, including representatives of IFPI, Sony BMG, T-Mobile, the giant European ISP and mobile-carrier Orange, and performing-rights organizations like BMI. The response, according to Jenner, "ranged from 'What do we do now?' to 'It sounds good, but can it possibly work?' A lot of people are like rabbits in the headlights: They're terrified they're going to lose their jobs. No one dares to feel that this might be the solution." Even so, notes Shira Perlmutter, IFPI?s head of legal policy, ?none of our members are ruling anything out. These companies are all very open to creative new ideas that would allow customers to do things they want -- including using file sharing technologies.? Not everyone sees the two approaches as an either-or situation. "I love Paul McGuinness' idea," says another scheduled SXSW panelist, Dina LaPolt, a Los Angeles attorney who represents M?tley Cr?e and the estate of Tupac Shakur. "And I love the idea of trying to make ISPs pay artists and make up for all the free crap that's going on. I support both, so long as artists are getting paid for their work." Whether ISPs will be willing to ante up remains far from clear, especially since many users can be expected to protest the extra charge. One option would be to introduce different service tiers and impose the surcharge only on customers who buy enough bandwidth to make file sharing feasible. But for ISPs, other music-industry demands could be far more onerous. In the weeks since MIDEM, antipiracy zealots have been using McGuinness's speech as a rallying cry. Last month the British media reported that a government white paper was about to call for legislation to force ISPs to move against suspected file sharers. As it turned out, the white paper merely included a vague call for "voluntary, preferably commercial solutions" by April 2009. Just Monday, the four majors sued the largest ISP in Ireland in an attempt to force it to block illicit downloads. Attorneys for Eircom retorted that it was not legally obligated to monitor its network traffic. AT&T has been looking into content-sniffing technology that could turn it into a spy agency for music labels and film studios, but most ISPs seem distinctly unenthusiastic about the idea. They have good reason to be. Technology experts say it would be impossible to reliably inspect trillions of packets for pirated material, especially if file sharing networks resort to encryption mechanisms. Legal experts point out that any attempt by an ISP to monitor its traffic in this way would jeopardize its status as a common carrier. It could also leave the ISP open to lawsuits from subscribers who get cut off without good reason. And financial experts say it would cost a bundle to implement. But the bottom line is, it simply won?t work. ?Ultimately there is no real hope of eradicating copyright-infringing technology,? says another SXSW panelist, Eric Garland, CEO of BigChampagne, which tracks the popularity of music online. ?You can push piracy around, discourage people from doing it in this or that venue, but I don?t think in even the most Orwellian scenario you could reduce massive infringement in a comprehensive way.? So, which will it be: A last-gasp assault on piracy, or a truce that would bring in money and benefit everyone except the lawyers? At this point, the music industry seems too dazed to decide -- and several nights in Austin probably won't help. Though Jenner and McGuinness are on opposite sides of the debate, their good cop-bad cop routine could ultimately prove synergistic. Pay up, the music people are telling internet providers, or we'll sic Washington on you -- and London and Paris and anybody else we can find. From rforno at infowarrior.org Sat Mar 15 13:33:01 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Mar 2008 09:33:01 -0400 Subject: [Infowarrior] - Japan's navy to replace all PCs to prevent more high-tech spying In-Reply-To: <000c01c88688$6256d070$0201a8c0@DB0PJ521> Message-ID: ------ Forwarded Message Japan's navy to replace all PCs to prevent more high-tech spying East-Asia-Intel March 13, 2008 http://ibloga.blogspot.com/2008/03/its-little-things-key-aegis-anti.html Embarrassed by a spy scandal, Japan's Maritime Self-Defense Force will replace all of its personal computers with systems that have little memory and no local storage to prevent leakage of classified information, sources said. The move comes after the leak of information about key functions of Aegis-equipped destroyers. The leak triggered criticism of the MSDF's lax information management. A 34-year-old MSDF officer has been arrested for allegedly taking confidential data on the U.S.-designed Aegis defense system from a computer system task force in violation of a bilateral agreement with Washington. The MSDF plans to replace some 30,000 PCs by 2010 with units that have no disk drives and which run applications from central servers, the sources said. Sumitaka Matsuuchi arrives at a police station in Yokosuka, Japan on Dec. 13. Yomiuri.co.jp So-called "thin clients" use a remote display protocol and do not have USB-based wireless adaptors. The leak was discovered early last year after information on the capabilities of the Aegis was found on the home computer of a second-class petty officer in Kanagawa. After a year-long probe, Japanese police arrested Sumitaka Matsuuchi for allegedly leaking secret data on the high-tech Aegis combat system, a top line defense against a possible attack by North Korea. He was the first Japanese arrested on suspicion of violating the Secrets Protection Law, which is based on the Japan-U.S. Mutual Defense Assistance Agreement signed in 1954. The classified information reportedly includes data on performance limits of Aegis destroyers' interception systems. The U.S.-developed Aegis system has cutting-edge radar and can simultaneously track hundreds of targets, such as missiles and enemy aircraft, and can attack dozens at the same time. According to Kyodo News on March 9, the MSDF uncovered defense documents and file-sharing software on Matsuuchi's private computers. They are attempting to determine whether the data include confidential files. Matsuuchi, who was assigned to the MSDF's Maizuru headquarters, began storing data on his computers about 10 years ago and added information from a number of units to which he was assigned, Kyodo said. He also apparently failed to obey recent Defense Ministry directives to delete sensitive data and file-sharing software from private computers, it said. From rforno at infowarrior.org Sat Mar 15 14:06:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Mar 2008 10:06:54 -0400 Subject: [Infowarrior] - Disney does its bit for the police state Message-ID: Fingertip biometrics at Disney turnstiles: the Mouse does its bit for the police state http://www.boingboing.net/2008/03/15/fingertip-biometrics.html Today in my ongoing series of photos from my travels, this shot of the fingerprint reader at Walt Disney World's turnstiles. These machines (which, I'm told, capture the shape of your fingertip instead of your fingerprint itself) are used to keep Disney World customers from sharing or re-selling their admission tickets, and are part of a general and growing police-state climate at the parks that includes routine bag-searches at each park entrance. The readers aren't very effective at stopping admission cheats. You can choose not to register your fingertip, and to use photo ID for admission instead (I'm thinking of having a random piece of photo identification made with the words "OFFICIAL BOGUS SECURITY IDENTIFICATION FOR HOTELS, THEME PARKS AND OTHER JUNIOR G-MEN" printed on it). So it would be very easy to share your pass: the person named on the pass enters with his ID, and the person with whom he's sharing the card uses a fingertip -- you could visit with your sister's family and half of you could use the tickets in the morning while the other half hung around the pool and relaxed, then switch at lunch: the morning crew uses fingertip, the afternoon uses ID. What these readers are effective at is conditioning kids to accept surveillance and routine searches and identity checks without particularized suspcion. One morning at Epcot Center, as we offered our ID to the castmember at the turnstile and began to argue (again -- they're very poorly trained on this point) that we could indeed opt to show ID instead of being printed, a small boy behind us chirped up, "No you have to be fingerprinted! Everybody has to be fingerprinted!" To all those parents who worry that Disney will turn their kids into little princesses, it's time to get priorities straight: the "security" at the parks is even more effective at conditioning your children to live in a police state. From rforno at infowarrior.org Sat Mar 15 15:41:10 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Mar 2008 11:41:10 -0400 Subject: [Infowarrior] - President weakens espionage oversight Message-ID: President weakens espionage oversight Board created by Ford loses most of its power By Charlie Savage Globe Staff / March 14, 2008 http://www.boston.com/news/nation/washington/articles/2008/03/14/president_w eakens_espionage_oversight/?page=full WASHINGTON - Almost 32 years to the day after President Ford created an independent Intelligence Oversight Board made up of private citizens with top-level clearances to ferret out illegal spying activities, President Bush issued an executive order that stripped the board of much of its authority. more stories like this The White House did not say why it was necessary to change the rules governing the board when it issued Bush's order late last month. But critics say Bush's order is consistent with a pattern of steps by the administration that have systematically scaled back Watergate-era intelligence reforms. "It's quite clear that the Bush administration officials who were around in the 1970s are settling old scores now," said Tim Sparapani, senior legislative counsel to the American Civil Liberties Union. "Here they are even preventing oversight within the executive branch. They have closed the books on the post-Watergate era." Ford created the board following a 1975-76 investigation by Congress into domestic spying, assassination operations, and other abuses by intelligence agencies. The probe prompted fierce battles between Congress and the Ford administration, whose top officials included Dick Cheney, Donald Rumsfeld, and the current president's father, George H. W. Bush. To blunt proposals for new laws imposing greater congressional oversight of intelligence matters, Ford enacted his own reforms with an executive order that went into effect on March 1, 1976. Among them, he created the Intelligence Oversight Board to serve as a watchdog over spying agencies. "I believe [the changes] will eliminate abuses and questionable activities on the part of the foreign intelligence agencies while at the same time permitting them to get on with their vital work of gathering and assessing information," Ford told Congress. The board's investigations and reports have been mostly kept secret. But the Clinton administration provided a rare window into the panel's capabilities in 1996 by publishing a board report faulting the CIA for not adequately informing Congress about putting known torturers and killers in Guatemala on its payroll. But Bush downsized the board's mandate to be an aggressive watchdog against such problems in an executive order issued on Feb. 29, the eve of the anniversary of the day Ford's order took effect. The White House said the timing of the new order was "purely coincidental." Under the old rules, whenever the oversight board learned of intelligence activity that it believed might be "unlawful or contrary to executive order," it had a duty to notify both the president and the attorney general. But Bush's order deleted the board's authority to refer matters to the Justice Department for a criminal investigation, and the new order said the board should notify the president only if other officials are not already "adequately" addressing the problem. Bush's order also terminated the board's authority to oversee each intelligence agency's general counsel and inspector general, and it erased a requirement that each inspector general file a report with the board every three months. Now only the agency directors will decide whether to report any potential lawbreaking to the panel, and they have no schedule for checking in. Suzanne Spaulding, a former deputy counsel at the CIA who has worked as a congressional staff member on intelligence committees for members of both parties, said the order "really diminishes the language that calls on the Intelligence Oversight Board to conduct independent inquiries," leaving the panel as potentially little more than "paper pushers." And Elizabeth Rindskopf Parker, a former general counsel at both the CIA and the National Security Agency who is now the dean of the University of the Pacific law school, said it was unwise for the Bush administration to undermine the Intelligence Oversight Board at the same time that the administration has been pushing for fewer restrictions on its intelligence powers. "An organization like this gives some level of comfort that there is an independent review capability," Parker said. "Changes like this appear to water down an organization that contributes to the public's confidence." But Tony Fratto, a White House spokesman, denied that the order reduced the authority and independence of the panel. Fratto pointed to a federal statute that makes it a general duty of all government officials to report lawbreaking to the Justice Department. Because of this, he said, there is still a "widely understood background presumption" that the board can contact the attorney general even though Bush deleted the authority to make criminal referrals from its list of core responsibilities. Fratto also said the changes merely updated the board's responsibilities after Congress in 2004 created a director of national intelligence to run the intelligence community. The order says the director is the person responsible for making any criminal referrals to the Justice Department. Still, critics contend that the director of national intelligence cannot play the same watchdog role as the oversight board because he is part of the intelligence world, not independent from it, and so there may be occasions in which he has signed off on an activity whose legality might be questioned by outsiders. Some analysts said the order is just the latest example of actions the administration has taken since the 2001 terrorist attacks that have scaled back intelligence reforms enacted in the 1970s. In his 1976 executive order, for example, Ford also banned foreign intelligence agencies, such as the National Security Agency, from collecting information about Americans. The Bush administration bypassed that rule by having domestic agencies collect information about Americans and then hand the data to the NSA, The Wall Street Journal reported this week. Ford's order also banned assassination. But Bush authorized the CIA to draw up a list of Al Qaeda suspects who could be summarily killed. The administration decided that such targeted killings were an exception to the rule because it was wartime. In 1978, Congress enacted a law requiring warrants for all wiretaps on domestic soil. But now spies are free to monitor Americans' international calls and e-mails without court supervision if the wiretaps are aimed at targets overseas. In 1980, Congress enacted a law requiring that the full House and Senate intelligence committees be briefed about most spying activities. The Bush administration asserted that it could withhold significant amounts of information from the committees, briefing congressional leaders instead. Finally, executive orders were once widely understood to be binding unless a president revoked them, an act that would notify Congress that the rules had changed. But the administration has decided that Bush is free to secretly authorize spies to ignore executive orders - including one that restricts surveillance on US citizens traveling overseas - without rescinding them. Some critics of the post-Watergate era have contended that its investigations and reforms went too far. For example, Cheney, who was Ford's chief of staff, said in December 2005 that "a lot of the things around Watergate and Vietnam . . . served to erode the authority, I think, the president needs to be effective, especially in a national security area." But Frederick A. O. Schwarz Jr., the former chief counsel to the Senate committee that undertook the 1975-76 investigation into intelligence abuses, said that by rolling back the post-Watergate reforms, the Bush administration had made intelligence abuses more likely to occur. "What the Bush administration has systematically done is to try to limit both internal oversight - things like the Intelligence Oversight Board - and effective external oversight by the Congress," Schwarz said, adding, "It's profoundly disappointing if you understand American history, and it's profoundly harmful to the United States." ? Copyright 2008 Globe Newspaper Company. From rforno at infowarrior.org Sat Mar 15 16:22:28 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 15 Mar 2008 12:22:28 -0400 Subject: [Infowarrior] - Innovation @ Google (PDF) Message-ID: Insight into how Google does project management and coordination from a recent webinar, as presented by a Google sales engineer. http://infowarrior.org/users/rforno/innovation at google.pdf From rforno at infowarrior.org Sun Mar 16 13:36:43 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Mar 2008 09:36:43 -0400 Subject: [Infowarrior] - Wikileaks Publishes FBI VoIP Surveillance Docs In-Reply-To: <000701c88752$3e7c4a20$0201a8c0@DB0PJ521> Message-ID: wikileaks have published a new interesting and shocking report: FBI Electronic Surveillance Needs for Carrier-Grade Voice over Packet (CGVoP) Service. The 88 paged document, which is part of the CALEA Implementation Plan was published in January 2003 and describes in detail all needs for surveillance of phone calls made via data services like the internet. Wikileaks has not published any analysis yet, so maybe some of the techies hanging around this end of the internet are interested in taking that one on. http://wikileaks.org/wiki/FBI_-_Electronic_Surveillance_Needs_for_Carrier-Gr ade_Voice_over_Packet_Service From rforno at infowarrior.org Sun Mar 16 13:38:13 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Mar 2008 09:38:13 -0400 Subject: [Infowarrior] - MI5 seeks powers to trawl records in new terror hunt Message-ID: http://www.guardian.co.uk/uk/2008/mar/16/uksecurity.terrorism MI5 seeks powers to trawl records in new terror hunt Counter-terrorism experts call it a 'force multiplier': an attack combining slaughter and electronic chaos. Now Britain's security services want total access to commuters' travel records to help them meet the threat * Gaby Hinsliff, political editor * The Observer (UK) * Sunday March 16 2008 This article appeared in the Observer on Sunday March 16 2008 on p22 of the News section. It was last updated at 01:49 on March 16 2008. Millions of commuters could have their private movements around cities secretly monitored under new counter-terrorism powers being sought by the security services. Records of journeys made by people using smart cards that allow 17 million Britons to travel by underground, bus and train with a single swipe at the ticket barrier are among a welter of private information held by the state to which MI5 and police counter-terrorism officers want access in order to help identify patterns of suspicious behaviour. The request by the security services, described by shadow Home Secretary David Davis last night as 'extraordinary', forms part of a fierce Whitehall debate over how much access the state should have to people's private lives in its efforts to combat terrorism. It comes as the Cabinet Office finalises Gordon Brown's new national security strategy, expected to identify a string of new threats to Britain - ranging from future 'water wars' between countries left drought-ridden by climate change to cyber-attacks using computer hacking technology to disrupt vital elements of national infrastructure. The fear of cyber-warfare has climbed Whitehall's agenda since last year's attack on the Baltic nation of Estonia, in which Russian hackers swamped state servers with millions of electronic messages until they collapsed. The Estonian defence and foreign ministries and major banks were paralysed, while even its emergency services call system was temporarily knocked out: the attack was seen as a warning that battles once fought by invading armies or aerial bombardment could soon be replaced by virtual, but equally deadly, wars in cyberspace. While such new threats may grab headlines, the critical question for the new security agenda is how far Britain is prepared to go in tackling them. What are the limits of what we want our security services to know? And could they do more to identify suspects before they strike? One solution being debated in Whitehall is an unprecedented unlocking of data held by public bodies, such as the Oyster card records maintained by Transport for London and smart cards soon to be introduced in other cities in the UK, for use in the war against terror. The Office of the Information Commissioner, the watchdog governing data privacy, confirmed last night that it had discussed the issue with government but declined to give details, citing issues of national security. Currently the security services can demand the Oyster records of specific individuals under investigation to establish where they have been, but cannot trawl the whole database. But supporters of calls for more sharing of data argue that apparently trivial snippets - like the journeys an individual makes around the capital - could become important pieces of the jigsaw when fitted into a pattern of other publicly held information on an individual's movements, habits, education and other personal details. That could lead, they argue, to the unmasking of otherwise undetected suspects. Critics, however, fear a shift towards US-style 'data mining', a controversial technique using powerful computers to sift and scan millions of pieces of data, seeking patterns of behaviour which match the known profiles of terrorist suspects. They argue that it is unfair for millions of innocent people to have their privacy invaded on the off-chance of finding a handful of bad apples. 'It's looking for a needle in a haystack, and we all make up the haystack,' said former Labour minister Michael Meacher, who has a close interest in data sharing. 'Whether all our details have to be reviewed because there is one needle among us - I don't think the case is made.' Jago Russell, policy officer at the campaign group Liberty, said technological advances had made 'mass computerised fishing expeditions' easier to undertake, but they offered no easy answers. 'The problem is what do you do once you identify somebody who has a profile that suggests suspicions,' he said. 'Once the security services have identified somebody who fits a pattern, it creates an inevitable pressure to impose restrictions.' Individuals wrongly identified as suspicious might lose high-security jobs, or have their immigration status brought into doubt, he said. Ministers are also understood to share concerns over civil liberties, following public opposition to ID cards, and the debate is so sensitive that it may not even form part of Brown's published strategy. But if there is no consensus yet on the defence, there is an emerging agreement on the mode of attack. The security strategy will argue that in the coming decades Britain faces threats of a new and different order. And its critics argue the government is far from ready. The cyber-assault on Estonia confirmed that the West now faces a relatively cheap, low-risk means of warfare that can be conducted from anywhere in the world, with the power to plunge developed nations temporarily into the stone age, disabling everything from payroll systems that ensure millions of employees get paid to the sewage treatment processes that make our water safe to drink or the air traffic control systems keeping planes stacked safely above Heathrow. And it is one of the few weapons which is most effective against more sophisticated western societies, precisely because of their reliance on computers. 'As we become more advanced, we become more vulnerable,' says Alex Neill, head of the Asia Security programme at the defence think-tank RUSI, who is an expert on cyber-attack. The nightmare scenario now emerging is its use by terrorists as a so-called 'force multiplier' - combining a cyber-attack to paralyse the emergency services with a simultaneous atrocity such as the London Tube bombings. Victims would literally have nowhere to turn for help, raising the death toll and sowing immeasurable panic. 'Instead of using three or four aircraft as in 9/11, you could do one major event and then screw up the communications network behind the emergency services, or attack the Underground control network so you have one bomb but you lock up the whole network,' says Davis. 'You take the ramifications of the attack further. The other thing to bear in mind is that we are ultimately vulnerable because London is a financial centre.' In other words, cyber-warfare does not have to kill to bring a state to its knees: hackers could, for example, wipe electronic records detailing our bank accounts, turning millionaires into apparent paupers overnight. So how easy would it be? Estonia suffered a relatively crude form of attack known as 'denial of service', while paralysing a secure British server would be likely to require more sophisticated 'spy' software which embeds itself quietly in a computer network and scans for secret passwords or useful information - activating itself later to wreak havoc. Neill said that would require specialist knowledge to target the weakest link in any system: its human user. 'You will get an email, say, that looks like it's from a trusted colleague, but in fact that email has been cloned. There will be an attachment that looks relevant to your work: it's an interesting document, but embedded in it invisibly is "malware" rogue software which implants itself in the operating systems. From that point, the computer is compromised and can be used as a platform to exploit other networks.' Only governments and highly sophisticated criminal organisations have such a capability now, he argues, but there are strong signs that al-Qaeda is acquiring it: 'It is a hallmark of al-Qaeda anyway that they do simultaneous bombings to try to herd victims into another area of attack.' The West, of course, may not simply be the victim of cyber-wars: the United States is widely believed to be developing an attack capability, with suspicions that Baghdad's infrastructure was electronically disrupted during the 2003 invasion. So given its ability to cause as much damage as a traditional bomb, should cyber-attack be treated as an act of war? And what rights under international law does a country have to respond, with military force if necessary? Next month Nato will tackle such questions in a strategy detailing how it would handle a cyber-attack on an alliance member. Suleyman Anil, Nato's leading expert on cyber-attack, hinted at its contents when he told an e-security conference in London last week that cyber-attacks should be taken as seriously as a missile strike - and warned that a determined attack on western infrastructure would be 'practically impossible to stop'. Tensions are likely to increase in a globalised economy, where no country can afford to shut its borders to foreign labour - an issue graphically highlighted for Gordon Brown weeks into his premiership by the alleged terrorist attack on Glasgow airport, when it emerged that the suspects included overseas doctors who entered Britain to work in the NHS. A review led by Homeland Security Minister Admiral Sir Alan West into issues raised by the Glasgow attack has been grappling with one key question: could more be done to identify rogue elements who are apparently well integrated with their local communities? Which is where, some within the intelligence community insist, access to personal data already held by public bodies - from the Oyster register to public sector employment records - could come in. The debate is not over yet. The Battlegrounds Energy Security As North Sea oil stocks run out, Britain risks increasing reliance on imported gas and oil from volatile regions such as Russia and the Middle East - but what if Russia turned off the gas tap, as it has repeatedly done to Ukraine? The threat is seen as intensifying the case for new nuclear power stations in UK. China's Monopoly Rapid industrial growth means that China is desperate for oil, coal, iron ore and minerals and is developing a stranglehold on supplies from some countries. There are concerns about its willingness to trade arms for natural resources with unscrupulous governments, such those of Sudan and Burma. Water Wars Global warming could dry up rivers and lakes in regions such as the Nile delta and the Middle East, causing mass human migration and battles for control of remaining water supplies. Global Poverty Hunger and economic collapse drives refugees to overwhelm neighbouring countries and triggers immigration surges to West. Hardship can become a recruiting ground for extremism. Cyber Wars Electronic aggression involving hacking into computer systems running critical services such as communications, banking or water supply. The main threat is from Russia, China and terrorists. From rforno at infowarrior.org Sun Mar 16 16:38:36 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Mar 2008 12:38:36 -0400 Subject: [Infowarrior] - Top TSA Officials Also Ran Private Consulting Firm In-Reply-To: <20080316134715.GA12172@gsp.org> Message-ID: (c/o Anonymous) Via Pajamas Media: Top TSA Officials in Cheating Scandal Also Ran Private Consulting Firm http://pajamasmedia.com/2008/03/top_tsa_officials_in_cheating.php Excerpt: Most top-salaried government officials remain anonymous suits behind the scenes - unless they get caught in a scandal. The name Mike Restovich became public last fall when the security operations assistant administrator for the Transportation Security Administration (TSA) was caught encouraging colleagues to cheat on covert bomb detection tests being performed by the Federal Aviation Administration (FAA). Congress ordered hearings. TSA chief Kip Hawley and Mike Restovich were both ordered to testify, but only Hawley showed up. Restovich was removed from his position and sent overseas to work as "DHS attache' to the United Kingdom." [...] But that's not all. Pajamas Media has learned that Michael "Mike" Restovich and fellow TSA senior executive Morris "Mo" McGowan ran a private security consulting company while working as high-ranking officials with TSA. Their company, Group 2M Consulting, LLC, was filed with the office of the secretary of state of Texas on April 15, 2004, a copy of which can be downloaded here: At the time, Mike Restovich was the federal security director of Dallas Love Field Airport. Morris "Mo" McGowan was the assistant federal security director. Both men held then, and apparently continue to hold now, top secret security clearances with the U.S. government. Consulting in the private sector simultaneously is in direct conflict with federal policy and specifically prohibited by two statutes of Department of Homeland Security employment contracts, a copy of which was obtained by Pajamas Media (available here, with the relevant paragraphs highlighted in yellow) [...] From rforno at infowarrior.org Sun Mar 16 16:40:43 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 16 Mar 2008 12:40:43 -0400 Subject: [Infowarrior] - Japan ISPs to cut access of file sharers Message-ID: Winny copiers to be cut off from Internet http://www.yomiuri.co.jp/dy/national/20080315TDY01305.htm The Yomiuri Shimbun The nation's four Internet provider organizations have agreed to forcibly cut the Internet connection of users found to repeatedly use Winny and other file-sharing programs to illegally copy gaming software and music, it was learned Friday. The move aims to deal with the rise in illegal copying of music, gaming software and images that has resulted in huge infringements on the rights of copyright holders. Resorting to cutting off the Internet connection of copyright violators has been considered before but never resorted to over fears the practice might involve violations of privacy rights and the freedom of use of telecommunications. The Internet provider organizations have, however, judged it possible to disconnect specific users from the Internet or cancel provider contracts with them if they are identified as particularly flagrant transgressors in cooperation with copyright-related organizations, according to sources. The four organizations include the Telecom Service Association and the Telecommunications Carriers Association. About 1,000 major and smaller domestic providers belong to the four associations, which means the measure would become the first countermeasure against Winny-using rights-violators used by the whole provider industry. They organizations plan to launch a consultative panel, possibly in April, together with copyright organizations including the Japanese Society for Rights of Authors, Composers and Publishers and the Association of Copyright for Computer Software. They will then begin making guidelines for disconnecting users from the Internet who leak illegally copied material onto the Net. The number of users of file-sharing software such as Winny in the country is estimated to be about 1.75 million, with most of the files exchanged using the software believed to be illegal copies. A brief six-hour survey by a copyright organization monitoring the Internet found about 3.55 million examples of illegally copied gaming software, worth about 9.5 billion yen at regular software prices, and 610,000 examples of illegally copied music files, worth 440 million yen, that could be freely downloaded into personal computers using such software, the sources said. In other words, this survey alone, uncovered damages amounting to 10 billion yen. Two years ago, a major Internet provider tried to introduce a measure to disconnect users from the Internet whenever the company detected the use of Winny or other file-sharing software. However, the provider abandoned the idea after receiving a warning from the Internal Affairs and Communications Ministry that such an approach was regarded as Internet snooping and might violate the right to privacy in communications. According to the new agreement, copyright organizations would notify providers of Internet protocol addresses used by those who repeatedly make copies illegally, using special detection software. The providers would then send warning e-mails to the users based on the IP addresses of the computers used to connect to the Internet. If contacted users did not then stop their illegal copying, the providers would temporarily disconnect them from the Internet for a specified period of time or cancel their service-provision contracts. (Mar. 15, 2008 From rforno at infowarrior.org Mon Mar 17 11:59:25 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Mar 2008 07:59:25 -0400 Subject: [Infowarrior] - UK: Put young children on DNA list, urge police Message-ID: Put young children on DNA list, urge police http://www.guardian.co.uk/society/2008/mar/16/youthjustice.children * Mark Townsend and Anushka Asthana * The Observer, * Sunday March 16 2008 * Article history About this article Close This article appeared in the Observer on Sunday March 16 2008 on p1 of the News section. It was last updated at 09:23 on March 17 2008. Primary school children should be eligible for the DNA database if they exhibit behaviour indicating they may become criminals in later life, according to Britain's most senior police forensics expert. Gary Pugh, director of forensic sciences at Scotland Yard and the new DNA spokesman for the Association of Chief Police Officers (Acpo), said a debate was needed on how far Britain should go in identifying potential offenders, given that some experts believe it is possible to identify future offending traits in children as young as five. 'If we have a primary means of identifying people before they offend, then in the long-term the benefits of targeting younger people are extremely large,' said Pugh. 'You could argue the younger the better. Criminologists say some people will grow out of crime; others won't. We have to find who are possibly going to be the biggest threat to society.' Pugh admitted that the deeply controversial suggestion raised issues of parental consent, potential stigmatisation and the role of teachers in identifying future offenders, but said society needed an open, mature discussion on how best to tackle crime before it took place. There are currently 4.5 million genetic samples on the UK database - the largest in Europe - but police believe more are required to reduce crime further. 'The number of unsolved crimes says we are not sampling enough of the right people,' Pugh told The Observer. However, he said the notion of universal sampling - everyone being forced to give their genetic samples to the database - is currently prohibited by cost and logistics. Civil liberty groups condemned his comments last night by likening them to an excerpt from a 'science fiction novel'. One teaching union warned that it was a step towards a 'police state'. Pugh's call for the government to consider options such as placing primary school children who have not been arrested on the database is supported by elements of criminological theory. A well-established pattern of offending involves relatively trivial offences escalating to more serious crimes. Senior Scotland Yard criminologists are understood to be confident that techniques are able to identify future offenders. A recent report from the think-tank Institute for Public Policy Research (IPPR) called for children to be targeted between the ages of five and 12 with cognitive behavioural therapy, parenting programmes and intensive support. Prevention should start young, it said, because prolific offenders typically began offending between the ages of 10 and 13. Julia Margo, author of the report, entitled 'Make me a Criminal', said: 'You can carry out a risk factor analysis where you look at the characteristics of an individual child aged five to seven and identify risk factors that make it more likely that they would become an offender.' However, she said that placing young children on a database risked stigmatising them by identifying them in a 'negative' way. Shami Chakrabarti, director of the civil rights group Liberty, denounced any plan to target youngsters. 'Whichever bright spark at Acpo thought this one up should go back to the business of policing or the pastime of science fiction novels,' she said. 'The British public is highly respectful of the police and open even to eccentric debate, but playing politics with our innocent kids is a step too far.' Chris Davis, of the National Primary Headteachers' Association, said most teachers and parents would find the suggestion an 'anathema' and potentially very dangerous. 'It could be seen as a step towards a police state,' he said. 'It is condemning them at a very young age to something they have not yet done. They may have the potential to do something, but we all have the potential to do things. To label children at that stage and put them on a register is going too far.' Davis admitted that most teachers could identify children who 'had the potential to have a more challenging adult life', but said it was the job of teachers to support them. Pugh, though, believes that measures to identify criminals early would save the economy huge sums - violent crime alone costs the UK ?13bn a year - and significantly reduce the number of offences committed. However, he said the British public needed to move away from regarding anyone on the DNA database as a criminal and accepted it was an emotional issue. 'Fingerprints, somehow, are far less contentious,' he said. 'We have children giving their fingerprints when they are borrowing books from a library.' Last week it emerged that the number of 10 to 18-year-olds placed on the DNA database after being arrested will have reached around 1.5 million this time next year. Since 2004 police have had the power to take DNA samples from anyone over the age of 10 who is arrested, regardless of whether they are later charged, convicted, or found to be innocent. Concern over the issue of civil liberties will be further amplified by news yesterday that commuters using Oyster smart cards could have their movements around cities secretly monitored under new counter-terrorism powers being sought by the security services. From rforno at infowarrior.org Mon Mar 17 23:34:43 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 17 Mar 2008 19:34:43 -0400 Subject: [Infowarrior] - Mass. Bankers: Another data breach hits major retailer In-Reply-To: <20080317230337.GA19519@gsp.org> Message-ID: (c/o R) Mass. Bankers: Another data breach hits major retailer http://boston.bizjournals.com/boston/stories/2008/03/17/daily11.html The Massachusetts Bankers Association said Monday that another major retailer has been hit by a data breach and is warning Bay State consumers to monitor credit and debit accounts. MBA officials said in a statement that Visa and MasterCard have contacted 60 to 70 banks in Massachusetts about a large data breach occurring at what the card companies characterized as "a major retailer." [...] Then later today the identity of the retailer was revealed: Breach Exposes 4.2M Credit, Debt Cards http://ap.google.com/article/ALeqM5ipET-mkUFMHvZNMr5WJkcg82NHIwD8VFD3AG2 It's Hannaford Supermarkets. My guess is that in a few hours (if not sooner) this will be on all the regular news sites, maybe with more details. From rforno at infowarrior.org Tue Mar 18 17:43:13 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Mar 2008 13:43:13 -0400 Subject: [Infowarrior] - Felten pressured by Sequoia over voting machines Message-ID: http://www.freedom-to-tinker.com/?p=1265 < - > Interesting Email from Sequoia March 17th, 2008 by Ed Felten A copy of an email I received has been passed around on various mailing lists. Several people, including reporters, have asked me to confirm its authenticity. Since everyone seems to have read it already, I might as well publish it here. Yes, it is genuine. ==== Sender: Smith, Ed [address redacted]@sequoiavote.com To: felten at cs.princeton.edu, appel at princeton.edu Subject: Sequoia Advantage voting machines from New Jersey Date: Fri, Mar 14, 2008 at 6:16 PM Dear Professors Felten and Appel: As you have likely read in the news media, certain New Jersey election officials have stated that they plan to send to you one or more Sequoia Advantage voting machines for analysis. I want to make you aware that if the County does so, it violates their established Sequoia licensing Agreement for use of the voting system. Sequoia has also retained counsel to stop any infringement of our intellectual properties, including any non-compliant analysis. We will also take appropriate steps to protect against any publication of Sequoia software, its behavior, reports regarding same or any other infringement of our intellectual property. Very truly yours, Edwin Smith VP, Compliance/Quality/Certification Sequoia Voting Systems [contact information and boilerplate redacted] From rforno at infowarrior.org Tue Mar 18 23:12:29 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Mar 2008 19:12:29 -0400 Subject: [Infowarrior] - Arthur C Clarke dies aged 90 Message-ID: March 18, 2008 Science fiction author Arthur C Clarke dies aged 90 http://entertainment.timesonline.co.uk/tol/arts_and_entertainment/books/arti cle3579120.ece Science fiction writer Sir Arthur C Clarke has died aged 90 in his adopted home of Sri Lanka, it was confirmed tonight. Clarke, who had battled debilitating post-polio syndrome since the 1960s and sometimes used a wheelchair, died at 1:30am after suffering breathing problems, his personal secretary Rohan De Silva said. ?Sir Arthur passed away a short while ago at the Apollo Hospital [in Colombo}. He had a cardio-respiratory attack,? he said. His valet, W. K. M. Dharmawardena, said funeral arrangements would be finalised after his close family returned to the island from Australia. Mr Dharmawardena said Clarke?s condition had begun to deteriorate in recent weeks and he had been in hospital for the past four days. The visionary author of over 100 books, who predicted the existence of satellites, was most famous for his short story "The Sentinel," which was expanded into the novel on which Stanley Kubrick's "2001: A Space Odyssey" was based. He was also credited with inventing the concept of communications satellites in 1945, decades before they became a reality. Clarke was the last surviving member of what was sometimes known as the "Big Three" of science fiction alongside Robert A. Heinlein and Isaac Asimov. The son of an English farming family, Clarke was born in the seaside town of Minehead, Somerset, England on December 16, 1917. After attending schools in his home county, Arthur Clarke moved to London in 1936 and pursued his early interest in space sciences by joining the British Interplanetary Society. He started to contribute to the BIS Bulletin and began to write science fiction. With the onset of World War II he joined the RAF, eventually becoming an officer in charge of the first radar talk-down equipment, the Ground Controlled Approach, during its experimental trials. Later, his only non-science-fiction novel, Glide Path, was based on this work. In 1945, a UK periodical magazine ?Wireless World? published his landmark technical paper "Extra-terrestrial Relays" in which he first set out the principles of satellite communication with satellites in geostationary orbits - a speculation realised 25 years later. During the evolution of his discovery, he worked with scientists and engineers in the USA in the development of spacecraft and launch systems, and addressed the United Nations during their deliberations on the Peaceful Uses of Outer Space. Today, the geostationary orbit at 36,000 kilometres above the Equator is named The Clarke Orbit by the International Astronomical Union. Despite his vast contribution Clarke still is best known as a visionary science fiction writer. The first story he sold professionally was "Rescue Party", written in March 1945 and appearing in Astounding Science in May 1946. He went on to become a prolific writer of science fiction, renowned worldwide. In 1964, he started to work with the noted film producer Stanley Kubrick on a science fiction movie script. Four years later, he shared an Oscar nomination with Kubrick at the Hollywood Academy Awards for the film version of ?2001: A Space Odyssey?. In television, Clarke worked alongside Walter Cronkite and Wally Schirra for the CBS coverage of the Apollo 12 and 15 space missions. His thirteen-part TV series Arthur C. Clarke's Mysterious World in 1981 and Arthur C. Clarke's World of strange Powers in 1984 have been screened in many countries and he has contributed to other TV series about space, such as Walter Cronkite's Universe series in 1981. Clarke first visited Colombo, Sri Lanka (then called Ceylon) in December 1954 and has lived there since 1956 , pursuing an enthusiasm for underwater exploration along that coast and on the Great Barrier Reef. In 1998, his lifetime work was recognised when he was honoured with a Knighthood ? formally conferred by Prince Charles in Sri Lanka two years later. In recent years, he has been largely confined to a wheelchair due to post-polio syndrome, but his output as a writer continued undiminished. Marking his ?90th orbit of the sun? in December, the author said he did not feel "a day over 89" and made three birthday wishes: for ET to call, for man to kick his oil habit and for peace in Sri Lanka. From rforno at infowarrior.org Wed Mar 19 00:24:50 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 18 Mar 2008 20:24:50 -0400 Subject: [Infowarrior] - Army Information Operations Primer Updated Message-ID: FRIDAY, MARCH 14, 2008 Information Operations Primer Updated http://informationwarfarelinks.blogspot.com/2008/03/information-operatio ns-primer-updated.html The U.S. Army War College has issued a revised and updated Information Operations Primer, AY08 Edition, December 2007. The 178 page pdf is freely accessible at http://www.carlisle.army.mil/usawc/dmspo/Publications/Information%20Oper ations%20Primer%20AY08%20(Dec%2007).pdf "This document provides an overview of Department of Defense (DOD) Information Operations (IO) doctrine and organizations at the joint and individual service levels. It begins with an overview of Information Operations. It then examines the critical concept of information superiority presented in Joint Vision 2020. Current IO Doctrine at the joint and service levels are then summarized. Relevant organizations dedicated to the IO are identified along with their respective missions and capabilities. Finally, the document concludes with an overview of Information Operations Conditions (INFOCONS) and an IO specific glossary. The Information Operations Primer is intended to serve students and staff of the US Army War College as a ready reference for IO information extracted and summarized from a variety of sources. Wherever possible, internet web sites have been given to provide access to additional and more up-to-date information. The book is intentionally UNCLASSIFIED so that the material can easily be referenced during course work, while engaged in exercises, and later in subsequent assignments." From rforno at infowarrior.org Thu Mar 20 02:45:05 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Mar 2008 22:45:05 -0400 Subject: [Infowarrior] - U.S. News Media in Quite a State Message-ID: U.S. News Media in Quite a State Topics: international | internet | journalism | media | war/peace Source: Project for Excellence in Journalism, March 16, 2008 "The state of the American news media in 2008 is more troubled than a year ago," opens the latest "State of the News Media" report from the Project for Excellence in Journalism. Among the major findings is that the Internet is not yet the democratizing media force many hoped for. "Even with so many new sources, more people now consume what old media newsrooms produce, particularly from print, than before," the report states. A detailed analysis of the news stories covered in 2007 found that "the media and the public often disagreed about which stories were important," and that U.S. media mostly ignored the rest of the world. Even though 2007 "was the deadliest for American forces in Afghanistan since that war began," less than one percent of international news dealt with that country. And journalists are more pessimistic, especially about "cutbacks in the newsroom" and the "broken economic model" for many news operations. < - > http://www.prwatch.org/node/7117 From rforno at infowarrior.org Thu Mar 20 02:47:42 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 19 Mar 2008 22:47:42 -0400 Subject: [Infowarrior] - WH Taps Tech Entrepreneur For Cyber Defense Post Message-ID: White House Taps Tech Entrepreneur For Cyber Defense Post By Brian Krebs washingtonpost.com Staff Writer Wednesday, March 19, 2008; 8:21 PM http://www.washingtonpost.com/wp-dyn/content/article/2008/03/19/AR2008031903 125_pf.html The Bush administration is planning to tap a Silicon Valley entrepreneur to head a new inter-agency group charged with coordinating the federal government's efforts to protect its computer networks from organized cyber attacks. Sources in the government contracting community said the White House is expected to announce as early as Thursday the selection of Rod A. Beckstrom as a top-level adviser based in the Department of Homeland Security. Beckstrom is an author and entrepreneur best known for starting Twiki.net, a company that provides collaboration software for businesses. The new inter-agency group, which will coordinate information sharing about cyber attacks aimed at government networks, is being created as part of a government-wide "cyber initiative" spelled out in a national security directive signed in January by President Bush, according to the sources, who asked to remain anonymous because they did not have permission to talk publicly about the information. The presidential directive expanded the intelligence community's role in monitoring Internet traffic to protect against a rising number of attacks on federal agencies' computer systems. According to the sources, the center will be charged with gathering cyber attack and vulnerability information from a wide range of federal agencies, including the FBI, the National Security Agency and the Defense Department. Beckstrom will report directly to Homeland Security Secretary Michael Chertoff. Reached via phone Wednesday evening, Beckstrom declined to provide any specifics about his new position, saying only, "I'm thrilled to be on the DHS team, and I am looking forward to doing my best to serve the country." The White House and the Department of Homeland Security declined to comment. Beckstrom's appointment comes at a time when the government has acknowledged that its information systems have been the target of repeated cyber attacks originating in other counties. The attacks have lead to compromises and several large data breaches at federal agencies and contractors. Sources with knowledge of the selection process said Beckstrom's candidacy was backed chiefly by top brass at the Defense Department and the National Security agency. But Beckstrom's appointment raises a number of questions. James Lewis, director of technology and public policy for the Center for Strategic and International Studies, noted that DHS only recently appointed Greg Garcia, former head of the Information Technology Association of America, to be assistant secretary for cyber-security and telecommunications, a position fought for and won through tireless lobbying from lawmakers on Capitol Hill who believed DHS wasn't placing a strong enough emphasis on cyber. Garcia in turn answers to Robert D. Jamison, who serves as Under Secretary for National Protection and Programs Directorate. When asked last week at a press briefing about a simulated cyber attack against the United States who would lead the government's response in the event of a sustained cyber attack on the federal government, Jamison said that duty would fall to him. "Here you have a group that's allegedly in charge of cyber for DHS, and then we see another group being set up outside that in a structurally new way," said Lewis, whose employer is spearheading a group of industry and government cyber experts called the "Commission on Cyber Security for the 44th Presidency," which is expected to present the next president with a series of actionable recommendations he or she can take to tackle some of most pressing cyber security problems facing the government, industry and consumers. "We still don't know what [Beckstrom's] relationship will be to all of the other bits of cyber bureaucracy lying around." Roger Kresse, a former Bush administration official and president of Good Harbor Consulting, said the creation of a new coordinating group on cyber-security "reflects a concern that government networks have been compromised at an unprecedented level." "The very fact that the president signed a cyber-security presidential directive in the last year of his administration reflects that the current approach the government is taking is not working," Kresse said. By all accounts, Beckstrom is neither a cyber-security expert nor a Washington insider. But his private-sector background and published writings emphasize a decentralized approach to managing large organizations. In "The Starfish and the Spider: The Unstoppable Power of Leaderless Organizations," a book Beckstrom co-authored with Ori Brafman in 2006, the authors use the two creatures to illustrate their argument that decentralized organizations -- whether in the marketplace or the battlefield -- are more nimble, creative and resilient than those that operate in a rigid, top-down fashion. Following this analogy, user-driven, starfish-like organizations distribute decision-making among all members. If parts of the organization are crushed, the whole survives and recovers, just as a starfish regenerates an arm if it is severed. In contrast, the book posits, industry and government are more akin to "spider" organizations that function within a centralized structure, with the leader calling the shots. One solid blow to the head cripples or kills a spider. "Whether we're looking at a Fortune 500 company, an army, or a community, our natural reaction is ask, 'Who's in charge?'," Beckstrom and Brafman wrote. "The absence of structure, leadership, and formal organization, once considered a weakness, has become a major asset. Seemingly chaotic groups have challenged and defeated established institutions. The rules of the game have changed." "I think it's a unconventional choice, and that's a good thing," Kresse said of the Beckstrom pick. From rforno at infowarrior.org Thu Mar 20 16:17:05 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Mar 2008 12:17:05 -0400 Subject: [Infowarrior] - Ottawa to probe report that anti-terror unit blueprints found in trash Message-ID: (c/o Dissent) Ottawa to probe report that anti-terror unit blueprints found in trash Last Updated: Thursday, March 20, 2008 | 10:38 AM ET http://www.cbc.ca/canada/story/2008/03/20/blueprints-ottawa.html Public Safety Minister Stockwell Day said on Thursday that the government will look into a report that blueprints for a new building for the military's counterterrorism unit were found in a pile of trash in downtown Ottawa. The Ottawa Citizen reported Thursday that a passerby discovered the plans for the layout of a new building going up at Canadian Forces Base Trenton on top of a pile of garbage on the busy Bank Street in the Glebe. The blueprints stamped with Department of Defence markings detail the location of security fences, the electrical grid system and layout of offices and other rooms, according to the Ottawa newspaper. The plans, dated March 5, 2007, are for the new building for the Canadian Joint Incident Response Unit, created post-Sept. 11 to respond to large-scale attacks. Day said he is awaiting for a detailed report on the incident to determine what happened, what type of documents were involved and whether there's a need to implement new systems. "If a security breach of some kind has taken place, then clearly that's a huge concern for me," Day said. "We'll wait for all the details and see exactly what that was." The newspaper said Anthony Salloum and his wife spotted the seven rolls of Defence Department documents on March 13 but only picked up one of them. Salloum, who works for the Rideau Institute, later showed them to his colleagues to try to figure out what the documents were and then revealed them to the Citizen. The Citizen says the Rideau Institute was arranging to return the blueprints to the Defence Department. From rforno at infowarrior.org Fri Mar 21 00:24:08 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 20 Mar 2008 20:24:08 -0400 Subject: [Infowarrior] - Shock bracelets for airline passengers Message-ID: (c/o Schneier -- why do I see this either as an enticing thing to 'hack' while in flight, or a method of treating all passengers like prisioners? --rf) Disturbing concept, as gleaned from the USPTO filing: A method of providing air travel security for passengers traveling via an aircraft comprises situating a remotely activatable electric shock device on each of the passengers in position to deliver a disabling electrical shock when activated; and arming the electric shock devices for subsequent selective activation by a selectively operable remote control disposed within the aircraft. The remotely activatable electric shock devices each have activation circuitry responsive to the activating signal transmitted from the selectively operable remote control means. The activated electric shock device is operable to deliver the disabling electrical shock to that passenger. < - > http://tinyurl.com/2j6jp8 From rforno at infowarrior.org Sat Mar 22 04:03:45 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Mar 2008 00:03:45 -0400 Subject: [Infowarrior] - BB thread on US economy Message-ID: ...you know the merde has hit the ventilateur when even geek blogs (such as the esteemed BoingBoing) start discussing the abyssmal current US economic situation. --rick Good comment thread: What's happened to the U.S. economy? There's a good discussion revving up in the comment thread of Mark Frauenfelder's entry, Documentary examines possibility of US dollar collapse. The first major salvo came from Cowicide, twenty comments in, responding to arguments that the problem isn't that serious: http://www.boingboing.net/2008/03/21/good-comment-thread.html From rforno at infowarrior.org Sat Mar 22 04:06:00 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Mar 2008 00:06:00 -0400 Subject: [Infowarrior] - CIA's Intellipedia Marks Second Anniversary Message-ID: Intellipedia Marks Second Anniversary https://www.cia.gov/news-information/featured-story-archive/intellipedia-mar ks-second-anniversary.html Many people in today?s world are familiar with Wikipedia, the free online collaborative encyclopedia. But, have you ever heard of Intellipedia? Intellipedia is the Intelligence Community?s version of the famous encyclopedia. It is used by analysts, working groups, and engineers throughout the IC. Since its unveiling in 2006, Intellipedia has grown exponentially ? with more than 1.5 million edits on the top secret network alone. How It All Began The catalyst for applying this revolutionary approach to collaboration in the Intelligence Community was a 2004 award-winning paper by CIA employee Calvin Andrus entitled, ?The Wiki and the Blog: Toward a Complex Adaptive Intelligence Community.? The paper detailed the need for the IC to adapt to the increased pace of the world. Intellipedia has grown into a rich tapestry of knowledge, collaboration, and cross-agency efforts. In late 2005, the CIA?s Sean Dennehy spearheaded the initial Intellipedia effort, becoming the ?pilot customer? for a wiki capability within the IC. Intellipedia was formally announced to the Intelligence Community in April 2006. And while the CIA has been a vocal advocate of these capabilities, the CIA is only one of the many US intelligence, diplomatic, and military organizations that use Intellipedia on top secret, secret, and unclassified networks. How Does It Work? Intellipedia has grown into a valued repository of information that allows employees in any position (from analysts and engineers to librarians and HR specialists) to quickly learn about a wide variety of topics and issues important to the Intelligence Community and US Government. It also offers a powerful location for individuals from across the world to capture reporting as a crisis unfolds. As a wiki, Intellipedia allows all authenticated users to aggregate information and knowledge by creating, editing, and discussing articles in an agency-neutral and topically-focused space. Unlike the world?s Wikipedia, Intellipedia is not restricted to encyclopedic-only content. Intellipedians are using the wiki, as well as other ?web 2.0? tools, to improve communication and connect related data and efforts together. Intellipedia provides a cost-effective platform to access expertise wherever it resides across the IC. It allows anyone to connect the who with the what. ?If you have expertise on a subject, you can contribute to a topical page with other experts working that issue in different organizations and immediately you?ve made a connection with others, who you may not have known otherwise,? said Don Burke of the CIA?s Directorate of Science and Technology. ?Furthermore, more senior members of our Community can use Intellipedia to capture decades of knowledge which, without Intellipedia, would otherwise walk out the door when they retire.? Intellipedia also helps address the problem of information discovery. Prior to Intellipedia, a lot of information remained inaccessible in shared drives and e-mail folders. But, information on Intellipedia is easily found by search engines and readily available across the Community. Intellipedia also is a bonus for new Intelligence Community members, who expect the IC to use modern information tools. ?The seamless integration between the way we use Internet tools at home and at work enable us to be a more effective organization,? said an another Intellipedian. Marking Its Second Anniversary As Intellipedia nears its second anniversary, it continues to grow rapidly. Since July 2007, Intellipedia has grown from 20,000 registered users to more than 35,000. Intellipedia reached 1 million total edits in September 2007. In March 2008, Intellipedia will pass 1.6 million edits. There are approximately 48,000 article pages and more than 200,000 total pages that help tie information together. Intellipedia and other ?web 2.0? tools available to the Intelligence Community are making individuals more productive and efficient. Intellipedia?s vibrant environment has played an important role in improving morale, unleashing creativity, and helping officers across the world feel more connected with their colleagues. Every day, Intellipedia helps facilitate a hundred small wins as experts across each network connect with one another, identify relationships in data and topics, and capture historical knowledge that facilitates better decision-making today. It has grown into a rich tapestry of knowledge, collaboration, and cross-agency efforts. Posted: 2008-03-20 14:31 From rforno at infowarrior.org Sat Mar 22 04:09:20 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Mar 2008 00:09:20 -0400 Subject: [Infowarrior] - Privacy: Comcast DVR Cameras to Start Watching You? Message-ID: Comcast Cameras to Start Watching You? http://newteevee.com/2008/03/18/comcast-cameras-to-start-watching-you/ If you have some tinfoil handy, now might be a good time to fashion a hat. At the Digital Living Room conference today, Gerard Kunkel, Comcast?s senior VP of user experience, told me the cable company is experimenting with different camera technologies built into devices so it can know who?s in your living room. The idea being that if you turn on your cable box, it recognizes you and pulls up shows already in your profile or makes recommendations. If parents are watching TV with their children, for example, parental controls could appear to block certain content from appearing on the screen. Kunkel also said this type of monitoring is the ?holy grail? because it could help serve up specifically tailored ads. Yikes. Kunkel said the system wouldn?t be based on facial recognition, so there wouldn?t be a picture of you on file (we hope). Instead, it would distinguish between different members of your household by recognizing body forms. He stressed that the system is still in the experimental phase, that there hasn?t been consumer testing, and that any rollout ?must add value? to the viewing experience beyond serving ads. Perhaps I?ve seen Enemy of the State too many times, or perhaps I?m just naive about the depths to which Comcast currently tracks my every move. I can?t trust Comcast with BitTorrent, so why should I trust them with my must-be-kept-secret, DVR-clogging addiction to Keeping Up with the Kardashians? Kunkel also spoke on camera with me about fixing bad Comcast user experiences, the ongoing BitTorrent battle and VOD. But he mostly towed the corporate line on these issues (the monitoring your living room came up after my camera was put away). From rforno at infowarrior.org Sat Mar 22 04:17:48 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Mar 2008 00:17:48 -0400 Subject: [Infowarrior] - Chertoff: ID must comply to fly Message-ID: Chertoff: ID must comply to fly By DEVLIN BARRETT, Associated Press WriterFri Mar 21, 6:39 PM ET http://news.yahoo.com/s/ap/20080321/ap_on_go_ca_st_pe/secure_driver_s_licens es Homeland security officials on Friday hinted at a possible face-saving deal to end their standoff with a handful of states over new driver's license rules ? a dispute that, left unresolved, could cause big air travel headaches. For weeks, the Homeland Security Department has been headed toward a showdown with some states over a law called Real ID, which would require new security measures for state-issued driver's licenses. Yet a late Good Friday letter from a top DHS official suggested Washington may be backing away from a messy fight. South Carolina, Maine and Montana are the only states that have not sought extensions to comply, or already started toward compliance with Real ID, which was passed after the 2001 terror attacks on New York and Washington. On Friday, the federal agency granted Montana an extension, even though state officials didn't ask for one and insist they will not adhere to the Real ID law. Montana Gov. Brian Schweitzer told The Associated Press that DHS "painted themselves in a corner." A fourth state, New Hampshire, has asked to be exempted, but Homeland Security officials have not found that letter legally acceptable, so the Granite State has not received an extension. Homeland Security Secretary Michael Chertoff had warned that if holdout states do not send a letter by the end of March seeking an extension, come May, residents of such states will no longer be able to use their driver's licenses as valid ID to board airplanes or enter federal buildings. Such travelers would instead have to present a passport or be subjected to secondary screening. Five senators ? Susan Collins and Olympia Snowe of Maine, Jon Tester and Max Baucus of Montana, and John Sununu of New Hampshire ? appealed to Chertoff last week to exempt all 50 states from the looming deadline. Chertoff responded that it was not he but Congress that picked the date when the law went into effect in 2005. "You may disagree with the foregoing law, but I cannot ignore it," Chertoff said in the letter. The law, he said, is necessary for national security according to recommendations from the commission that studied the Sept. 11, 2001, attacks. Yet hours after Chertoff sent those letters Friday, DHS Assistant Secretary Stewart Baker wrote to the attorney general of Montana, saying that even though the state was explicitly not seeking an extension, it would be granted one anyway. Baker reasoned the state's new license security measures already met many of the Real ID requirements anyway. "I can only provide the relief you are seeking by treating your letter as a request for an extension," Baker wrote. Schweitzer, Montana's Democratic governor, said his state had not backed down. "We sent them a horse. If they choose to call it a zebra, that is their business," said Schweitzer. The agency's approach to Montana could provide an easy way out for the remaining states resistant to Real ID ? and suggests the federal government doesn't want to go ahead with its plan to conduct extra screening on residents of certain states. If the two sides can't cut a face-saving deal, Chertoff has offered a blunt warning to those critics who claim the government is bluffing. "Showing up at the airport with only a driver's license from such a state will be no better than showing up without identification," he wrote to the senators. "No doubt this will impel many to choose the inconvenience of traveling with a passport." The end of the standoff with Montana does not necessarily mean the entire fight is over. South Carolina Gov. Mark Sanford was considering legal action, and the state's attorney general was preparing an opinion on whether the governor would have a case if he decided to sue the federal government. A spokesman for Attorney General Henry McMaster said the opinion will be released Monday. Chertoff has offered a plan to gradually implement Real ID requirements over a period of 10 years, so that eventually all driver's licenses would have several layers of security features to prevent forgery. They would also be issued only after a number of identity checks, including immigration status and verification of birth certificates. Critics of the plan say it is too expensive, an invasion of privacy, and won't actually make the country safer. ___ Associated Press writer Matt Gouras in Helena, Mont., contributed to this report. From rforno at infowarrior.org Sat Mar 22 04:19:01 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Mar 2008 00:19:01 -0400 Subject: [Infowarrior] - Spitzer felled by USA PATRIOT provisions Message-ID: Unintended Consequences Spitzer got snagged by the fine print of the Patriot Act. Mark Hosenball and Michael Isikoff NEWSWEEK Updated: 12:42 PM ET Mar 15, 2008 http://www.newsweek.com/id/123489/output/print When Congress passed the Patriot Act in the aftermath of the 9/11 attacks, law-enforcement agencies hailed it as a powerful tool to help track down the confederates of Osama bin Laden. No one expected it would end up helping to snag the likes of Eliot Spitzer. The odd connection between the antiterror law and Spitzer's trysts with call girls illustrates how laws enacted for one purpose often end up being used very differently once they're on the books. The Patriot Act gave the FBI new powers to snoop on suspected terrorists. In the fine print were provisions that gave the Treasury Department authority to demand more information from banks about their customers' financial transactions. Congress wanted to help the Feds identify terrorist money launderers. But Treasury went further. It issued stringent new regulations that required banks themselves to look for unusual transactions (such as odd patterns of cash withdrawals or wire transfers) and submit SARs?Suspicious Activity Reports?to the government. Facing potentially stiff penalties if they didn't comply, banks and other financial institutions installed sophisticated software to detect anomalies among millions of daily transactions. They began ranking the risk levels of their customers?on a scale of zero to 100?based on complex formulas that included the credit rating, assets and profession of the account holder. Another element of the formulas: whether an account holder was a "politically exposed person." At first focused on potentially crooked foreign officials, the PEP lists expanded to include many U.S. politicians and public officials who were conceivably vulnerable to corruption. The new scrutiny resulted in an explosion of SARs, from 204,915 in 2001 to 1.23 million last year. The data, stored in an IRS computer in Detroit, are accessible by law-enforcement agencies nationwide. "Terrorism has virtually nothing to do with it," says Peter Djinis, a former top Treasury lawyer. "The vast majority of SARs filed today involve garden-variety forms of white-collar crime." Federal prosecutors around the country routinely scour the SARs for potential leads. One of those leads led to Spitzer. Last summer New York's North Fork Bank, where Spitzer had an account, filed a SAR about unusual money transfers he had made, say law-enforcement and industry sources who asked not to be identified because of the sensitivity of the probe. One of the sources tells NEWSWEEK that Spitzer wasn't flagged because of his public position. Instead, the governor called attention to himself by asking the bank to transfer money in someone else's name. (A North Fork spokesperson says the bank does not discuss its customers.) The SAR was not itself evidence that Spitzer had committed a crime. But it made the Feds curious enough to follow the money. URL: http://www.newsweek.com/id/123489 From rforno at infowarrior.org Sun Mar 23 00:24:10 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 22 Mar 2008 20:24:10 -0400 Subject: [Infowarrior] - Feds Tout New Domestic Intelligence Centers Message-ID: Feds Tout New Domestic Intelligence Centers By Ryan Singel EmailMarch 20, 2008 | 8:02:57 PMCategories: Privacy, Sunshine and Secrecy, Watchlists http://blog.wired.com/27bstroke6/2008/03/feds-tout-new-d.html Federal, state and local cops are huddling together in domestic intelligence dens around the nation to fuse anti-terror information and tips in ways they never have before, and they want the American people to know about it -- sort of. Some of the nation's top law enforcement and anti-terror officials got together to hold press briefings Tuesday and Wednesday mornings at the second annual National Fusion Center conference held in San Francisco. Homeland Security Under Secretary Charlie Allen, formerly of the CIA, described how sharing threat assessments, and even the occasional raw intel, with the new fusion centers marks a cultural shift from the Cold War era. Back then, spies treated everyone, other departments and agencies included, as suspicious. "Things have changed remarkably in Washington. We are talking to each other," Allen said Tuesday. "I am from the shadows of the CIA where in the Cold War, we followed a different model. That model does not apply for the kinds of threats we have today that are borderless. The threats are so different and so remarkably dangerous for our citizens." The fifty or so U.S. fusion centers are where the federal, state and local cops share intelligence, sift data for clues, run down reports of suspicious packages and connect dots in an effort to detect and thwart terrorism attacks, drug smuggling and gang fighting. russellporter Iowa's fusion center director Russell Porter ran the sparsely attended press conference, flanked by FBI intelligence director Tracy Reinhold, DHS civil liberties officer David Gersten and the Justice Department's privacy officer Kenneth Mortenson.(L to R) Photo: Ryan Singel/Wired.com Privacy and civil liberties groups are increasingly suspicious of the fusion centers, but state and local officials have complained for years that the feds don't share any useful information. The 9/11 Commission agreed, blaming the CIA and FBI's lack of information-sharing for wasted chances to stop the airline hijackings. The commission strongly urged they change their ways and put holes in so-called "stove pipes." And in 2007, the Democrats boosted fusion centers' stature and funding in the first bill they passed after taking control of Congress. More than $130 million federal dollars have fed the development of the fusion centers in locations as diverse as Kansas and Northern California. On Tuesday, San Francisco police chief Heather Fong said the information flow was getting better, especially around big events being held in the city. "When we get information, it's not how much can we amass and keep to ourselves," Fong said. "It's how much information can we obtain but appropriately share so that it positively assists others in doing their jobs around the country and the world." The dominant catchphrase from the officials was that the centers need to focus on "all threats, all hazards." That means that the fusion centers would be working on immigration, radicalization, demographic changes, hurricanes, biological and chemical threats, as well as common criminal activity. Officials say the centers must look at even the most mundane crimes, since they can be used to fund terrorism. By way of example, Los Angeles police chief Bratton cites the investigation of a string of gas station stick-ups in L.A. in 2005. The robbery investigation led to the prosecution of militant Muslim convicts who were planning attacks on synagogues. That, Bratton said, illustrates why these intelligence centers need to be analyzing run-of-the-mill crimes. "Information that might seem innocuous may have some connection to terrorism," Bratton said. But critics say that "all hazards, all threats" approach sounds suspiciously like the government is building a distributed domestic intelligence service that could easily begin keeping tabs on Americans exercising their First Amendment rights. The scope also seems at odds with the federal government's Information Sharing Environment guidelines, which say these centers are supposed to focus on terrorism. California's Anti-Terrorism Information Center admitted to spying on anti-war groups in 2003. And Denver's police department built their own secret spy files on Quakers and 200 other organizations. Earlier this year, the ACLU issued a warning report about Fusion Centers, complete with an interactive fusion center map, earlier this year. The report, entitled What's Wrong With Fusion Centers, cited concerns about military units operating in the centers, as well as the potential for scope creep and data mining. How, the group asked, can citizens contest information about themselves, given the patchwork of state, local and federal sunshine laws that may or may not apply. But in a conference keynote Tuesday, Congresswoman Jane Harman (D-California), a powerful force in intelligence matters and funding, pooh-poohed the ACLU's concerns, and said she supported both fusion centers, and civil liberties. "I was frustrated when I met with the [ACLU] report authors and they could not point to a single instance of a fusion center violating someone's civil rights or liberties," Harman said. "In fact, state and local laws and protections in place at many fusion centers are more rigorous than their federal counterparts." Tim Sparapani, the ACLU's top legislative lawyer in D.C., bristled at Harman's remakrs. "Our prognosticating track record in identifying programs ripe for abuse of privacy and civil liberties is pretty solid," Sparapani wrote in an e-mail that listed several other programs that the ACLU correctly raised warning flags on. "That's not luck," he wrote. "It's a trend based on seeing the surveillance industrial complex being built bit-by-bit and terabyte by terabyte. As sure as the sun rises in the east and sets in the west, if Fusion Centers aren't built with rigid controls they will be privacy-invading monsters. The ACLU points to Virginia, where legislators are moving to exempt their fusion center from government sunshine laws and give legal immunity to companies that report information -- such as the name of a person accosted by a private security guard for taking pictures of a skyscraper. On Wednesday, a trio of federal privacy and civil liberties officers, including the Department of Homeland Security's chief privacy officer Hugo Teufel, promised they were working to make sure the centers respect citizens' civil liberties and privacy. David Gersten, the director of the civil rights and civil liberties programs at DHS, said he was working to expand their training course for Fusion Center employees to "include an examination of the history of privacy and civil liberties as they relate to intelligence and criminal investigations." That history includes the famous 1976 Church Committee report on the FBI's notorious COINTELPRO spying program. The report warned in the introduction "Unless new and tighter controls are established by legislation, domestic intelligence activities threaten to undermine our democratic society and fundamentally alter its nature. THREAT LEVEL asked conference attendees about the concerns over expanding the dissemination of intelligence given the continuing trouble innocent Americans have trying to get off the nation's unified terrorist watch list. Just this week, the Justice Department's inspector general issued a watch list audit (.pdf), finding that FBI agents were watch-listing people who they weren't even investigating. Moreover, since those names were added through a back channel, there was no scheduled review or follow-up to take them off the watch list. Leonard Boyle, who runs the Terrorist Screening Center that curates and runs the watch list, said those problems are being fixed. "We have streamlined our processes so [...] we avoid delays in amending nominations or removing people who ought to be removed because they are no longer suspected of having a nexus to terrorism," Boyle said. Also present at the conference was Ambassador Thomas McNamara who now works at the Director of National Intelligence Office. McNamara's group is working on custom-built XML schemes, such as a standard for Suspicious Activity Reports. The idea is have all fusion centers and intelligence agencies using the same data format, to more easily share, search, sort and store intelligence data. Surprisingly, a total of only three reporters showed up over two days of the conference to hear from the officials. THREAT LEVEL was the only media outlet to show up both days. Despite journalists taking up only two of the fifty or so chairs, officials stuck with the formality of a press conference. Each day six to eight officials stood in a semicircle flanking the lectern and took turns issuing short remarks. After each set of speeches, the director of the Iowa fusion center and designated emcee Russell Porter allowed for a handful of questions from the two-reporter audience. And as for information sharing, the conference's openness extended only so far, and the press was not allowed into sensitive sessions such as "How to Generate Suspicious Activity Reporting" and "Commanders and Analysts: Sharing Perspectives." Government employees manning an informational booth for the Director of National Intelligence's OpenSource.gov website refused to even describe the program, saying they would need to call in a press minder. The website seems to indicate that the program is a way for the government to share intel reports composed by analysts who read international newspapers and watch TV stations from around the world. THREAT LEVEL guessed we would not be able to sign up for the email blasts, due to our propensity to share information with the public. The taciturn DNI employees confirmed that fact, adding that they also couldn't share the information from OpenSource.gov due to copyright issues. From rforno at infowarrior.org Sun Mar 23 04:12:11 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Mar 2008 00:12:11 -0400 Subject: [Infowarrior] - CSTLR: What's In A Copyright? The Forgotten Right "To Authorize" Message-ID: What's In A Copyright? The Forgotten Right "To Authorize" by Aden Allen 9 Colum. Sci. & Tech. L. Rev. 87 (2008) (Published February 19, 2008) Abstract For years, Congress and the Judiciary have wrestled with the problem of how to properly protect intellectual property rights while balancing them against the common good. One of the most active areas is that of indirect liability. The Patent Act of 1952 expressly codified liability for inducement and contributory infringement. However, the Copyright Act of 1976 failed to do the same. What should be made of Congress' codification of indirect liability in patent but not copyright law? This Note will argue that indirect liability for copyright infringement can be derived from the 1976 Act's use of the phrase "to authorize" when describing the exclusive rights of a copyright holder. This Note will consider the development of indirect liability in patent and copyright law, and compare the jurisprudence of America with that of Australia and England. Borrowing from the English and Australian copyright systems, this Note proposes that an appropriate authorization test would hold a party liable for (1) failing to take reasonable and effective measures to curtail infringement while (2) not enabling copyright owners to monitor infringement themselves. An additional authorization test would hold a party liable for granting or purporting to grant the authority to do an act exclusively reserved to the copyright owner. To highlight potential uses and effects of an authorization standard, this Note reviews the Supreme Court's Grokster decision and compares two recent Ninth Circuit decisions. The Note concludes that the proposed authorization standard comports with the Copyright Act of 1976. However, the Note also suggests the need for Congress to provide greater guidance in the area. < - > http://www.stlr.org/html/volume9/allenintro.php From rforno at infowarrior.org Sun Mar 23 20:37:05 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Mar 2008 16:37:05 -0400 Subject: [Infowarrior] - Food for thought: The joy of boredom Message-ID: The Boston Globe OPINION/IDEAS The joy of boredom Don't check that e-mail. Don't answer that phone. Just sit there. You might be surprised by what happens. By Carolyn Y. Johnson | March 9, 2008 A DECADE AGO, those monotonous minutes were just a fact of life: time ticking away, as you gazed idly into space, stood in line, or sat in bumper-to-bumper traffic. Boredom's doldrums were unavoidable, yet also a primordial soup for some of life's most quintessentially human moments. Jostled by a stranger's cart in the express checkout line, thoughts of a loved one might come to mind. A long drive home after a frustrating day could force ruminations. A pang of homesickness at the start of a plane ride might put a journey in perspective. Increasingly, these empty moments are being saturated with productivity, communication, and the digital distractions offered by an ever-expanding array of slick mobile devices. A few years ago, cellphone maker Motorola even began using the word "microboredom" to describe the ever-smaller slices of free time from which new mobile technology offers an escape. "Mobisodes," two-minute long television episodes of everything from "Lost" to "Prison Break" made for the cellphone screen, are perfectly tailored for the microbored. Cellphone games are often designed to last just minutes -- simple, snack-sized diversions like Snake, solitaire, and Tetris. Social networks like Twitter and Facebook turn every mundane moment between activities into a chance to broadcast feelings and thoughts; even if it is just to triple-tap a keypad with the words "I am bored." But are we too busy twirling through the songs on our iPods -- while checking e-mail, while changing lanes on the highway -- to consider whether we are giving up a good thing? We are most human when we feel dull. Lolling around in a state of restlessness is one of life's greatest luxuries -- one not available to creatures that spend all their time pursuing mere survival. To be bored is to stop reacting to the external world, and to explore the internal one. It is in these times of reflection that people often discover something new, whether it is an epiphany about a relationship or a new theory about the way the universe works. Granted, many people emerge from boredom feeling that they have accomplished nothing. But is accomplishment really the point of life? There is a strong argument that boredom -- so often parodied as a glassy-eyed drooling state of nothingness -- is an essential human emotion that underlies art, literature, philosophy, science, and even love. "If you think of boredom as the prelude to creativity, and loneliness as the prelude to engagement of the imagination, then they are good things," said Dr. Edward Hallowell, a Sudbury psychiatrist and author of the book "CrazyBusy." "They are doorways to something better, as opposed to something to be abhorred and eradicated immediately." < - > http://www.boston.com/bostonglobe/ideas/articles/2008/03/09/the_joy_of_bored om?mode=PF From rforno at infowarrior.org Mon Mar 24 01:23:21 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 Mar 2008 21:23:21 -0400 Subject: [Infowarrior] - Pilot's gun discharges on US Airways flight Message-ID: http://www.wcnc.com/news/topstories/stories/wcnc-032308-sjf-gunonplane.1c4ca bd1.html Pilot's gun discharges on US Airways flight 5:39 PM 05:32 PM EDT on Sunday, March 23, 2008 By DIANA RUGG / WCNC E-mail Diana: DRugg at wcnc.com CHARLOTTE, N.C.-- A US Airways pilot?s gun accidentally discharged during a flight from Denver to Charlotte Saturday, according to as statement released by the airline. The statement said the discharge happened on Flight 1536, which left Denver at approximately 6:45am and arrived in Charlotte at approximately 11:51am. The Airbus A319 plane landed safely and none of the flight?s 124 passengers or five crew members was injured, according to the statement. It was a full flight. And airline spokeswoman said the plane has been taken out of service to make sure it is safe to return to flight. A Transportation Safety Administration spokeswoman reached by WCNC Sunday said the pilot is part of TSA?s Federal Flight Deck Officer (FFDO) program, which trains pilots to carry guns on flights. Andrea McCauley said the gun discharged in the cockpit, but she could not release how the gun was being transported at the time. She did not release the pilot?s name, but said he was authorized to carry the weapon and was last requalified in the FFDO program last November. A statement from TSA said the airplane was never in danger, and the TSA and the Federal Air Marshals Service are investigating the incident. WCNC reporter Diana Rugg is following up on this story. If you or someone you know were on that flight, please e-mail her at drugg at wcnc.com. From rforno at infowarrior.org Mon Mar 24 13:24:46 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Mar 2008 09:24:46 -0400 Subject: [Infowarrior] - OpenID Being Exploited By The Big Internet Companies? Message-ID: Is OpenID Being Exploited By The Big Internet Companies? Michael Arrington OpenID, a distributed single sign on solution that allows people to sign into different services with the same login credentials, gained significant momentum over the last year as Google, Microsoft, Yahoo and AOL all pledged their support for the initiative. There are two ways companies/websites can participate in the OpenID framework - as ?issuing parties? or as ?relying parties.? Issuing parties make their user accounts OpenID compatible. Relying parties are websites that allow users to sign into their sites with credentials from Issuing parties. Of course, sites can also be both. In fact, if they aren?t both it can be confusing and isn?t a good user experience. The problem, though, is that the Big Four Internet companies that I mentioned above have made big press announcements about their support for OpenID, but haven?t done enough to actually implement it. Microsoft has done absolutely nothing, even though Bill Gates announced their support over a year ago. Google has limited its support to Blogger, where it is both an Issuing and Relying party. Yahoo and AOL are Issuing parties only. < - > http://www.techcrunch.com/2008/03/24/is-openid-being-exploited-by-the-big-in ternet-companies/ From rforno at infowarrior.org Tue Mar 25 00:12:46 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Mar 2008 20:12:46 -0400 Subject: [Infowarrior] - Justice Dept. Approves XM-Sirius Merger Message-ID: Justice Dept. Approves XM-Sirius Merger By JOHN DUNBAR The Associated Press Monday, March 24, 2008; 5:07 PM http://www.washingtonpost.com/wp-dyn/content/article/2008/03/24/AR2008032401 645_pf.html WASHINGTON -- The Justice Department on Monday approved Sirius Satellite Radio Inc.'s proposed $5 billion buyout of rival XM Satellite Radio Holdings Inc., saying the deal was unlikely to hurt competition or consumers. The transaction was approved without conditions, despite opposition from consumer groups and an intense lobbying campaign by the land-based radio industry. The combination still requires approval from the Federal Communications Commission, which prohibited a merger when it first granted satellite radio operating licenses in 1997. The Justice Department, in a statement explaining its decision, said the combination of the companies won't hurt competition because the companies are not competing today. Customers must buy equipment that is exclusive to either XM or Sirius, and subscribers rarely switch providers. "People just don't do that," Assistant Attorney General Thomas Barnett said in a conference call with reporters. The government also appeared to endorse a central argument the companies used in pushing for their merger: that ample competition is provided by other forms of audio entertainment, including "high-definition" radio, Internet-based radio stations and even devices like Apple Inc.'s iPod. "The likely evolution of technology in the future, including the expected introduction in the next several years of mobile broadband Internet devices, made it even more unlikely that the transaction would harm consumers in the longer term," the Justice Department said. The buyout received shareholder approval in November. The companies said the merger will save hundreds of millions of dollars in operating costs _ savings that will ultimately benefit their customers. The Justice Department also noted that argument in its approval. The FCC had no comment on the decision Monday. In the past, FCC Chairman Kevin Martin has said any approval faced a "high hurdle." Martin said last week that agency staff was "drafting various options" in preparation for a final recommendation. The five-member commission could vote against the deal, approve it or approve it with conditions. The agency could require the companies to freeze prices or make part of their satellite spectrum available for public-interest obligations. Both XM and Sirius declined to comment on the decision on Monday. Sen. Herb Kohl, D-Wis., chairman of the Senate Judiciary Committee's subcommittee on antitrust, said in a statement that the merger would create a satellite radio monopoly and asked the FCC to block it. "We are particularly disturbed by this decision, given the Justice Department's record in recent years of failing to oppose numerous mergers which reduced competition in key industries, resulting in the Justice Department not bringing a single contested merger case in nearly four years," he said. The companies have pledged that the combined firm will offer listeners more pricing options and greater choice and flexibility in the channel lineups they receive. If the deal is approved, the companies have said they would offer pricing plans ranging from $6.99 per month, for 50 channels offered by one service, up to $16.99 a month, where subscribers would keep their existing service plus choose channels offered by the other service. Despite the consumer-friendly promises, most consumer groups have opposed the proposed merger. "If this is what our competition cops do, we might as well close shop and save taxpayers a few hundred million dollars because they're not doing their jobs," said Gene Kimmelman, the Washington lobbyist for Consumers Union, nonprofit publisher of Consumer Reports magazine. Shares of both companies rose following the news. XM Satellite shares were up 15 percent in afternoon trading while Sirius was up 8.6 percent. ? 2008 The Associated Press From rforno at infowarrior.org Tue Mar 25 00:13:17 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Mar 2008 20:13:17 -0400 Subject: [Infowarrior] - Are Iraqi Insurgents Emboldened by Antiwar Reporting? In-Reply-To: <47E84013.1020509@inetassoc.com> Message-ID: (c/o DS) http://www.usnews.com/articles/news/iraq/2008/03/12/are-iraqi-insurgents-emb oldened-by-antiwar-reporting.html Are Iraqi Insurgents Emboldened by Antiwar Reporting? Economists say their study, with caveats, finds some linkages By Alex Kingsbury Posted March 12, 2008 Are insurgents in Iraq emboldened by voices in the news media expressing dissent or calling for troop withdrawals from Iraq? The short answer, according to a pair of Harvard economists, is yes. In a paper published by the National Bureau of Economic Research, the authors are quick to point out numerous caveats to their findings, based on data from mid-2003 through late 2007. Yet, their results show that insurgent groups are not devoid of reason and unresponsive to outside pressures and stimuli. "It shows that the various insurgent groups do respond to incentives and shows that a successful counter insurgency strategy should take that reality into account," says one of the paper's coauthors, Jonathan Monten, a postdoctoral fellow at Harvard's Belfer Center for Science and International Affairs. The paper "Is There an 'Emboldenment' Effect in Iraq? Evidence From the Insurgency in Iraq" concludes the following: - In the short term, there is a small but measurable cost to open public debate in the form of higher attacks against Iraqi and American targets. - In periods immediately after a spike in "antiresolve" statements in the American media, the level of insurgent attacks increases between 7 and 10 percent. - Insurgent organizations are strategic actors, meaning that whatever their motivations, religious or ideological, they will respond to incentives and disincentives. - But before partisans go wild on both sides of the aisle, here are just three of the important caveats to this study: - The city of Baghdad, for a variety of reasons, was excluded from the report. The authors contend that looking at the outside provinces, where 65 percent of insurgent attacks take place, is a better way to understand the effect they have discovered. Other population centers like Mosul, Basra, Kirkuk, and Najaf were included in the study. - The study does not take into account overall cost and benefit of public debate. Past research has shown that public debate has a positive effect on military strategy, for example, and, in the case of Iraq, might be a factor in forcing the Iraqi government to more quickly accept responsibility for internal security. - It was not possible, from the data available, to determine whether insurgent groups increased the overall number of attacks against American and Iraqi targets in the wake of public dissent and debate or simply changed the timing of those attacks. This means that insurgents may not be increasing the number of attacks after all but simply changing the days on which they attack in response to media reports. [The full report is available here: http://people.rwj.harvard.edu/~riyengar/insurgency.pdf] From rforno at infowarrior.org Tue Mar 25 00:14:35 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Mar 2008 20:14:35 -0400 Subject: [Infowarrior] - Google Offers New Plan for the Airwaves Message-ID: Google Offers New Plan for the Airwaves By REUTERS Published: March 24, 2008 http://www.nytimes.com/2008/03/24/technology/24google-web.html Google, the Internet search engine company, released plans on Monday for a new generation of wireless devices to operate on soon-to-be-vacant television airwaves and sought to ease fears that this might interfere with TV broadcasts or wireless microphones. In comments filed with the Federal Communications Commission, Google outlined plans for low-power devices that use local wireless airwaves to access the ?white space? between television channels. A Google executive called the plan ?Wi-Fi 2.0 or Wi-Fi on steroids.? ?The airwaves can provide huge economic and social gains if used more efficiently,? Google said in the comments. Rick Whitt, Google?s Washington telecom and media counsel, said this class of Wi-Fi devices could eventually offer data transmission speeds of billions of bits a second ? far faster than the millions of bits a second available on most current broadband networks. Consumers could watch movies on wireless devices and do other things that are currently difficult on slower networks. The white-space airwaves could become available in February 2009, when TV broadcasters switch from analog to digital signals. Mr. Whitt said he expected devices using white-space spectrum could be available by the end of 2009. Shares of Google surged $27.36, to $460.91 amid a sharp rise in the stock market. Google sees the white-space spectrum as a natural place to operate a new class of phones and wireless devices based on Android, Google?s software that a variety of major equipment makers plan to use to build Internet-ready phones. The company also said that, in general, it stands to benefit whenever consumers have easier access to the Internet. Google?s primary business is selling online ads as people perform Web searches. The filing came less than two weeks after Bill Gates, a founder of Google?s rival, Microsoft, urged the agency to free up the white-space spectrum so it could be used to expand access of wireless broadband. Google and Microsoft are part of a coalition of technology companies that has been lobbying the F.C.C. to allow unlicensed use of white-space spectrum. The group also includes Dell, Intel, Hewlett-Packard and the North American unit of Philips Electronics. The idea is opposed by broadcasters and makers of wireless microphones, who fear the devices would cause interference. The FCC is testing equipment to see if the white-space spectrum can be used without interfering with television broadcasts. In a compromise intended to mollify some interest groups opposed to expanding use of white-space spectrum, Google proposed a ?safe harbor? on channels 36-38 of the freed-up analog TV spectrum for exclusive use by wireless microphones, along with medical telemetry and radio astronomy devices. In effect, no white-space devices could use these channels. Google said ?spectrum-sensing technologies? could be used that would automatically check to see whether a channel was open before using it, thereby avoiding interference with other devices. It said such technology was already being used by the military. A proposal being studied by the F.C.C. would create two categories of users for the airwaves: one for low-power, personal, portable devices, and a second group for fixed commercial operations. From rforno at infowarrior.org Tue Mar 25 00:52:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Mar 2008 20:52:34 -0400 Subject: [Infowarrior] - Patriot Act haunts Google service Message-ID: http://www.theglobeandmail.com/servlet/story/RTGAM.20080324.wrgoogle24/BNSto ry/Technology/home Patriot Act haunts Google service SIMON AVERY >From Monday's Globe and Mail March 24, 2008 at 4:05 AM EDT Google Inc. is a year into its ground-shifting strategy to change the way people communicate and work. But the initiative to reinvent the way that people use software is running headlong into another new phenomenon of the information technology age: the unprecedented powers of security officials in the United States to conduct surveillance on communications. Eighteen months ago, Lakehead University in Thunder Bay, Ont., had an outdated computer system that was crashing daily and in desperate need of an overhaul. A new installation would have cost more than $1-million and taken months to implement. Google's service, however, took just 30 days to set up, didn't cost the university a penny and gave nearly 8,000 students and faculty leading-edge software, said Michael Pawlowski, Lakehead's vice-president of administration and finance. U.S.-based Google spotlighted the university as one of the first to adopt its software model of the future, and today Mr. Pawlowski boasts the move was the right thing for Lakehead, saving it hundreds of thousands of dollars in annual operating costs. But he notes one trade-off: The faculty was told not to transmit any private data over the system, including student marks. The U.S. Patriot Act, passed in the weeks after the September, 2001, terrorist attacks in the United States, gives authorities the means to secretly view personal data held by U.S. organizations. It is at odds with Canada's privacy laws, which require organizations to protect private information and inform individuals when their data has been shared. At Lakehead, the deal with Google sparked a backlash. "The [university] did this on the cheap. By getting this free from Google, they gave away our rights," said Tom Puk, past president of Lakehead's faculty association, which filed a grievance against Lakehead administration that's still in arbitration. Professors say the Google deal broke terms of their collective agreement that guarantees members the right to private communications. Mr. Puk says teachers want an in-house system that doesn't let third parties see their e-mails. Some other organizations are banning Google's innovative tools outright to avoid the prospect of U.S. spooks combing through their data. Security experts say many firms are only just starting to realize the risks they assume by embracing Web-based collaborative tools hosted by a U.S. company, a problem even more acute in Canada where federal privacy rules are at odds with U.S. security measures. "You have to decide which law you are going to break," said Darren Meister, associate professor of information systems at the Richard Ivey School of Business, who specializes in how technology enhances organizational effectiveness. "If I were a business manager, I would want to be very careful about what kind of data I made accessible to U.S. law enforcement." Using their new powers under the Patriot Act, U.S. intelligence officials can scan documents, pick out certain words and create profiles of the authors - a frightening challenge to academic freedom, Mr. Puk said. For instance, a Lakehead researcher with a Middle Eastern name, researching anthrax or nuclear energy, might find himself denied entry to the United States without ever knowing why. "You would have no idea what they are up to with your information until, perhaps, it is too late," Mr. Puk said. "We don't want to be subject to laws of the Patriot Act." Google's free Web tools are advertising-based and they automatically extract information from personal content to build a profile for advertisers. Lakehead professors also object to this feature, although Mr. Puk says Google has refrained from attaching ads until the grievance is settled. The privacy issue goes far beyond academia. In Toronto, at SickKids Foundation, which has the largest endowment of any Canadian hospital, employees have been keen to use Google tools. But the foundation's IT department blocked access for two reasons. "Wherever possible, we keep our donor and patient records in Canada, as trying to enforce privacy laws in other jurisdictions is complex and expensive," said Chris Woodill, director of IT and new media at SickKids Foundation. Second, free hosted software offers limited support and no formal legal contract, limiting an organization's ability to demand additional privacy or security measures, he said. Google says it has a strong track record in regard to protecting customers' data. The firm cites a court case it fought in 2006 against attempts by the U.S. Justice Department to subpoena customer search records. "We will continue to be strong advocates on behalf of protecting our users' data," said Peter Fleischer, Google's global privacy counsel. But the Mountain View, Calif.-based company will not discuss how often government agencies demand access to its customers' information or whether content on its new Web-based collaborative tools has been the subject of any reviews under the Patriot Act. Montreal security strategist Jeffrey Posluns says Google's software suite may suit some small businesses because cost savings are significant. But he warns that the deciding factor should be the sensitivity of the organization's information. From rforno at infowarrior.org Tue Mar 25 00:54:20 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Mar 2008 20:54:20 -0400 Subject: [Infowarrior] - US government cools on Real ID threats Message-ID: US government cools on Real ID threats That's Uncle Sam in the corner By Dan Goodin in San Francisco ? More by this author Published Tuesday 25th March 2008 00:30 GMT http://www.theregister.co.uk/2008/03/25/real_id_revolt/ As a showdown shapes up over federally mandated requirements for state-issued IDs, the US government is signaling it may be ready to compromise. States have until next Monday to ask that the deadline for complying with the Real ID Act be extended to 2010. The Feds have threatened that a failure to meet the deadline will result in citizens of pesky, non-compliant states being turned away or forced to endure additional screening when trying to board airplanes or access federal buildings or military facilities starting in May. Even with such threats, however, some states are balking at committing to the increased security measures, which, among many other things, require DMV (Department of Motor Vehicles) offices to check with other states to ensure applicants don't have more than one license. Last week, two holdout states, California and Montana, received extensions even though both states refused to commit to follow the plan. Previously, the US Department of Homeland Security said the extension would be given only to states that explicitly pledged to comply with the law. Last Tuesday, the head of the California Department of Motor Vehicles wrote that his state's request for an extension "is not a commitment to implement Real ID, [but] rather it will allow us to fully evaluate the impact of the final regulations and precede with necessary policy deliberations prior to a final decision on compliance," according to Wired News. Officials from Montana have gone one step further, refusing to apply for an extension and insisting they will not follow the law. Critics object to the Real ID requirements for a host of reasons. They say requirements that states link their databases jeopardizes individuals' privacy. They also say it costs too much and unfairly interferes with states' rights. The decision by Homeland Security officials to grant the extensions anyway may signal a tacit concession that its hard line approach isn't working. Requiring citizens of California, the nation's most populous state, to undergo additional airport screening would have put additional pressures on the Transportation Security Administration, an agency that is already viewed by many as overextended. One can only imagine the outcry at airports if Californians were forced to endure a unique set of bizarre screening rituals. Montana Governor Brian Schweitzer told The Associated Press that federal officials had "painted themselves in a corner." Remaining holdout states include Maine and South Carolina, which have not sought extensions, and New Hampshire, which passed a law last year making it illegal to comply. On Monday, South Carolina's attorney general held out the possibility of suing the federal government over the requirements but said it would be premature to do so now. The Real ID act was passed four years after the 9/11 attacks and was billed as a way of making it harder for terrorists and immigrants to illegally stay in this country. It calls for new regulations to be phased in over the next decade. By 2014, the federally compliant IDs would be required to board a plane or enter federally controlled premises except for people over 50. By 2017, people over 50 would also have to present a license that meets the requirements. ? From rforno at infowarrior.org Tue Mar 25 03:46:58 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 Mar 2008 23:46:58 -0400 Subject: [Infowarrior] - Network Solutions Pre-Censors Anti-Islam Site Message-ID: Brian Krebs on Computer Security Network Solutions Pre-Censors Anti-Islam Site http://blog.washingtonpost.com/securityfix/2008/03/networksolutions_precenso rs_an.html?hpid=sec-tech Web site name registrar Network Solutions is blocking access to a site owned by a controversial Dutch politician known for his confrontational views about Islam and Muslim immigrants. The move by one of the largest companies in the domain registration business is notable, experts say, because it may be the first documented case of Internet pre-censorship by a major U.S.-based Web registrar. The site in question is fitnathemovie.com, which is registered by Dutch Party for Freedom leader Geert Wilders. Wilders has said that he planned to post a short film on the site designed to rally support for banning the Koran in Holland. Wilders has said that Islam's holy scripture urges followers to commit violent acts. Network Solutions imposed its block on Wilders's site Saturday evening, at which time it hosted little more than an image of the Koran on its homepage. But a company spokeswoman said Sunday evening that Network Solutions decided to pull the plug on it due to the potential unrest that could follow if Wilders followed through on his pledge to post his film on the site. Network Solutions spokeswoman Susan Wade said the company has received numerous complaints about the Web site over the past three weeks, though she declined to discuss the exact number or nature of those complaints. She said the company was still investigating whether the site violated its acceptable use policy. In the meantime, she said, a decision was made to deactive the site given the potential violence that the movie could spark. She said Wilders could still access the site himself and was free to move or redirect its content to another domain. "When you look at the history and violence surrounding this particular situation...some of the bad things that have happened or could happen, that was part of what we were thinking in suspending the Web site," Wade said. "We felt it was best to take it down while we continued our investigation." Prior to the site's shuttering this weekend, its only content was a picture of a gilded Koran along with the text "Allahu Akhbar," (God is Great), and the words "Geert Wilders presents Fitna - Coming Soon." The action comes after weeks of speculation about the movie's content and its potential for sparking violent protests and outbursts of the kind that followed the 2006 publication in several European newspapers of political cartoons of the Prophet Mohammed that many Muslims found offensive. Earlier this month, NATO's secretary general said he was concerned that the Wilders movie could foment anger that could translate into added danger for troops in Afghanistan. Protests against the Wilders film occurred this past weekend there, according to Reuters. Wilders, who was elected to the Dutch parliament on an anti-immigration platform, had planned to air the video online after being turned down by television networks. Wilders could not be immediately reached for comment. Wade said the company hadn't received any specific threats regarding the site, but that Network Solutions employees had been reminded this week about observing regular physical safety and security measures at work. "We're taking precautions like we would in any situation," Wade said. "We reminded employees that it is everyone's duty to make sure they badge-in, those kinds of general things." Fred von Lohmann, a senior staff attoney with the Electronic Frontier Foundation, said it was the first case he'd heard of in which a U.S.-based registrar had preemptively suspended a domain name for violating its use policy. Still, he said, most registrars' acceptable-use policies reserve for them right to cut off service to almost any customer for nearly any reason. "If you're lucky, the contract might provide that you get a partial refund for the portion of the domain registration that you haven't used," von Lohmann said. "That's probably the best you can hope for." To me, this raises the question of what Network Solutions would do if dozens of people who'd registered domains through the company spontaneously decided to mirror the controversial movie once it goes live. Wade declined to speculate on such a situation, saying the company would respond to each complaint on a case-by-case basis. Furthermore, there must be other sites registered by the company that host content that violates the company's AUP or would be seen as offensive to some individual or group. From rforno at infowarrior.org Tue Mar 25 12:04:01 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Mar 2008 08:04:01 -0400 Subject: [Infowarrior] - Va. Domestic Intelligence Center Sued for Info Message-ID: Va. Domestic Intelligence Center Sued for Info By Ryan Singel EmailMarch 24, 2008 | 7:55:48 PMCategories: Sunshine and Secrecy, Surveillance http://blog.wired.com/27bstroke6/2008/03/va-domestic-int.html A D.C. privacy group that is curious about the activities of a Virginia domestic intelligence center filed a government sunshine lawsuit Friday, after Virigina's so-called fusion center rebuffed its requests for documents about what the center was doing. The Electronic Privacy Information Center's complaint (.pdf) asks a Virginia judge to force state police to cough up records about meetings with the Departments of Justice and Homeland Security, especially in regards to discussions about how the center would or would not comply with state open government laws. Virginia state police denied the request, saying the documents were "criminal intelligence data." Fusion centers are relatively new creatures on the homeland security scene and are intended to allow local and state police to combine their criminal and intelligence information with information shared by government agencies. The idea is to break the chokehold the feds have had on intelligence and to find ways to integrate beat cops information with the feds' intel. Private companies, such as banks and chemical plants, are also expected to funnel reports of suspicious information to the centers, which can then look for patterns and run down leads. While the original idea was to focus on anti-terrorism, both states and the federal government are now touting an all-encompassing "alll threats, all hazards" model. That means the centers would focus not just on anti-terrorism, but also gangs, immigration, floods and common crimes -- under the justification that these other areas sometimes have links to terrorism. Privacy groups are cold on fusion centers, the latest growth sector in the homeland security industrial complex. There are now some 50 such centers around the country. The feds recently attempted, with little media interest, to tout their cooperation with the centers as a symbol of the change in how Washington operates after 9/11. One of the main objections of groups like EPIC and the ACLU is that as information gets fused, it's not clear what privacy laws apply. Do state open-access rules apply? What about the federal Privacy Act? Will state rules only apply to data collected by states? How does one clear one's name if a center adds false information to their database and then share it with the feds and all the other states? EPIC is focusing on Virgina, since the legislature is considering legislation that would exempt the fusion center from the state's open government rules. From rforno at infowarrior.org Tue Mar 25 12:09:57 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Mar 2008 08:09:57 -0400 Subject: [Infowarrior] - RFI: Office 2008 experiences Message-ID: I've been noticing Entourage 04 is acting a bit more quirky in the past week or so now that I'm on OSX 10.5 -- in particular, I'm experiencing random Entourage shut downs with no apparent reason. Hence I'm thinking of moving "up" to Office 2008. Any Mac users care to comment on their experiences using MS Office 2008? In particular, Entourage and Word, but any/all comments on the suite are welcomed. Thx -rf From rforno at infowarrior.org Tue Mar 25 23:54:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Mar 2008 19:54:34 -0400 Subject: [Infowarrior] - Yahoo and MySpace join with Google Message-ID: Yahoo and MySpace join with Google Reuters Tuesday, March 25, 2008 http://www.iht.com/bin/printfriendly.php?id=11413976 SAN FRANCISCO: Yahoo, Google and MySpace said Tuesday that they would create the OpenSocial Foundation to maintain a neutral, community-governed forum for developing applications for social networks. Google presented its OpenSocial network in November to lure developers who were already creating popular Web applications on social networks like Facebook. Google, owner of the most popular Internet search engine, said the support of its rival Yahoo for the OpenSocial software would allow developers to put their programs on a broader range of social networking sites. Teaming with Yahoo gives the alliance the backing of the most visited U.S. Web site. Google and sites like MySpace, the most popular online social network, have sought more programs to appeal to users as they compete for advertising revenue in a market that some analysts estimate could grow 69 percent over the next three years. Internet users have flocked to social sites where they can keep up with their friends, show pictures, share music and play games. Visitors to Facebook grew fourfold to 100.7 million in January from a year earlier, while uses of MySpace rose 15 percent to 109.3 million in that period, according to ComScore, a research company in Reston, Virginia. The increased popularity is luring advertisers, who are eager to target Web users based on their age, location and hobbies. Ad spending on social networks in the United States may jump to $2.7 billion by 2011, according to EMarketer in New York. The alliance may help Yahoo make headway in the social networking market, where Facebook and MySpace have won an increasing share of graphical banner ads. Spending on social networking sites more than doubled last year, while sales growth at Yahoo slowed to 8 percent, down from 22 percent in 2006. Google, based in Mountain View, California, recruited networking sites like LinkedIn, Friendster and Ning as early OpenSocial supporters, as well as makers of business software like Oracle and Salesforce.com. Google shares fell $6.50 to $454.06 in afternoon trading on the Nasdaq, while Yahoo, based in Sunnyvale, California, rose 82 cents to $28.34. Class A shares of News Corp., based in New York, advanced 19 cents to $19.15. Assets will be allocated to the nonprofit foundation by July 1, the companies said. Facebook hires from Google Facebook, the most popular social networking site after MySpace, hired Ethan Beard away from Google to help run its business development, Bloomberg News reported from San Francisco. Beard had served as director of social media at Google, said Erin Zeitler, a Facebook spokeswoman. Facebook also hired Sheryl Sandberg, vice president of global online sales and operations at Google, to become its chief operating officer this month. From rforno at infowarrior.org Wed Mar 26 00:59:49 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 Mar 2008 20:59:49 -0400 Subject: [Infowarrior] - Pentagon Admits Mistaken Shipment of Missile Fuses Message-ID: Pentagon Admits Mistaken Shipment of Missile Fuses By Debbi Wilgoren Washington Post Staff Writer Tuesday, March 25, 2008; 2:35 PM http://www.washingtonpost.com/wp-dyn/content/article/2008/03/25/AR2008032501 309_pf.html The U.S. Air Force mistakenly shipped fuses that are used in nuclear weapons to Taiwan in 2006, believing the crates contained helicopter batteries, officials at the Pentagon announced this morning. The error -- undetected by the United States until last week, despite repeated inquiries by Taiwan -- raises questions about how carefully the Pentagon safeguards its weapons systems. It also exposes the United States to criticism from China, a staunch opponent of a militarized Taiwan. Pentagon officials said Defense Secretary Robert M. Gates has launched a full investigation. The devices -- which, when attached to a missile, help launch the detonating process -- have been returned to the United States, and President Bush has been briefed. "There are multiple players; there are multiple parties involved," said Ryan Henry, principal deputy undersecretary of defense policy. "We'll do a thorough investigation, and those who are found responsible will be held accountable." Among other things, officials will try to determine why no one noticed that the four boxes of components were missing, even though Pentagon policy requires inventory reconciliation every three months. The probe will also focus on whether any other material has been wrongly shipped or cannot be located. An initial evaluation suggests the devices were not tampered with while they were in Taiwan, officials said. Henry, who called the error "disconcerting," said the government of Taiwan acted "very responsibly," quickly notifying the United States that the four boxes it received in fall 2006 did not appear to contain what had been ordered. However, both he and Air Force Secretary Michael Wynne added, more than a year passed before the United States realized what had been shipped and moved to get the fuses back. "It wasn't until this week that we became aware that they had something akin to a nose-cone assembly," Ryan said. "There were early communications, but we thought we were hearing one thing, and in reality they were saying something different." Ryan said U.S. officials have notified authorities in Beijing, which considers Taiwan to be part of China and opposes its independence. Neither he nor Wynne answered a reporter who asked how China responded. "Our policy on Taiwan arm sales has not changed. This specific incident was an error in process only and was not indicative of a policy change," Henry said. "We made an error in execution, and we notified them as soon as we were aware of it." Wynne described the devices as "the electrical firing mechanism that allows" an intercontinental ballistic missile "to detonate -- just like the fuse on a stick of dynamite." The fuses were manufactured for use on a Minuteman strategic nuclear missile but contain no nuclear materials. The devices would not work on any other missile system, officials said. The nose cones, designed for a missile system that dates to the 1960s, were declared excess in March 2005 and shipped to a warehouse on an Air Force base in Wyoming, officials said. It is unclear whether they were placed in a classified storage area or how they were eventually mistaken for crates of batteries. In response to a question from a reporter, Wynne said the Pentagon is still analyzing whether the shipment violated U.S. law or any treaties regulating arms trade and nuclear weapons policies. "If there was a violation, we are coming forth with it as soon as we became aware of it," Wynne said. "And if there was something that was amiss, it clearly was not intentional. The United States stands by its treaty obligations." From rforno at infowarrior.org Wed Mar 26 13:06:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Mar 2008 09:06:54 -0400 Subject: [Infowarrior] - Frontline: Bush's War Message-ID: PBS Frontline did a 4.5-hour documentary entitled 'Bush's War' this past Monday and Tuesday nights. It was a very well-done historical retrospective of the military ventures of the US post-911 in Afghanistan and Iraq. I daresay it will become the definitive video history of the "war" up until this point. Video is online, along with tons of archive material, interviews, and more. http://www.pbs.org/wgbh/pages/frontline/bushswar/ From rforno at infowarrior.org Wed Mar 26 14:25:30 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Mar 2008 10:25:30 -0400 Subject: [Infowarrior] - Readers' comments on: MS Office 2008 Message-ID: For the most part it has been a significantly better user experience for me with one giant caveat: the new way entourage handles flagging emails. It used to just create a task linked to an email which was more than adequate. Now there's an in between stage where you can flag an email without creating the task. Sounds great right? Well the implementation is kind of a nightmare as it is slow to flag and check off in email view, and god forbid you want to switch from email view to calendar view and you have a lot of those flagged emails; there's a bug (feature?) which delays the switch, in my case it took 7 minutes every time I switched views. Seriously. So, I just keep two entourage windows open at all times to avoid the switching: one for email/contacts/memos and another just for calendar. < -- > In my experience, it's been worth updating to 2008. By a nose. I work in a (officially) Windows-only environment and use an Exchange server for email, calendar, and address book. My main reason for upgrading was Entourage. On my MacBook (2GHz Core 2 Duo, 1GB RAM), Office 2008 performance (especially under Leopard) seems slightly better. This could be due to 1) my imagination or 2) the fact that Rosetta is no longer required. Activity Viewer suggests that resource consumption is similar, though I did no scientific test. (I saved a before (2004) and after (2008) Activity Viewer screenshot to compare.) Stability is definitely better, though not perfect. New features are mainly cosmetic or not of use to me. Bottom line: If you keep your expectations low and you pay the upgrade price (as opposed to retail), you'll consider the upgrade worth it after the initial experience of being underwhelmed. For reference, my experience running iWork and Apple's included apps (Mail, Address Book, iCal) at home far exceeds my experience running MS Office at work both in terms of performance and application usability. And iWork comes with a much smaller price tag. But for many (like me), iWork is not an option at work. < -- > I have about half-a-dozen Mac Office 2008 users here and they are perturbing the rest of the folks using Office 2003. The 2008 apps eat older Windows Office documents, making arbitrary and silent changes in fonts, headers, footers, styles, and so on. Items cut-and-pasted between PC Office 2003 apps (e.g., an Excel chart in a Word document) can be summarily destroyed. Effectively, I cannot allow any complex Office 2003 document to go to a Mac Office 2008 user for editing and hope to get it back intact. I suspect the same would happen between our consultants and our customers, which could be something of a nightmare scenario for a consulting company. We are moving our PC users to Office 2007, but that won't happen for a couple of months. I've seen a few problems between PC Office 2007 and Mac Office 2008, but small things only. Also, the problems seem to occur more when saving from Office 2008 to Office 2003 formats. If you save from Office 2008 to XML formats and make all the Office 2003 users employ the free translator plugins from Microsoft, things seem to be a little better. < -- > Word and Excel have been very solid for me. I'm waiting for Outlook so I can punt Mail.app. It has some known issues that make me think I am losing email. Even though I'm not, having to manually sync it is annoying. < -- > I use apple mail still, i fear remote MS bugs with Entourage, however mail.app is just as scary. anyway - i was a long time MS Word 2004 user, and i tell you - going to 2008 was the best MS investment i've made in years! word uses much less memory, its much much more efficient, the graphics handling is much improved (inserted images etc), the styles no longer crash randomly when editing them etc. word 2008 is a big big improvement on word 2004, so its almost worth it just for that. sorry - cant comment on entourage though. From rforno at infowarrior.org Thu Mar 27 03:12:05 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Mar 2008 23:12:05 -0400 Subject: [Infowarrior] - At Least 20 Big-Name Passports Breached Message-ID: At Least 20 Big-Name Passports Breached Last Edited: Wednesday, 26 Mar 2008, 6:47 PM EDT http://www.myfoxdc.com/myfox/pages/News/Detail?contentId=6140974&version=2&l ocale=EN-US&layoutCode=TSTY&pageId=3.3.1 WASHINGTON -- State Department workers viewed passport applications containing personal information about high-profile Americans, including the late Playboy playmate Anna Nicole Smith, at least 20 times since January 2007, The Associated Press has learned. That total is far more than disclosed last week with the news that presidential candidates Hillary Rodham Clinton, John McCain and Barack Obama had been victims of improper snooping. An internal department review has found the additional instances of department employees or contractors looking at computerized passport files of politicians and celebrities, according to preliminary results. It has not been determined if the new cases also involved improper peeking, officials familiar with the review said Wednesday. Smith's case, however, seems legitimate, the officials said. The review is not complete and the exact number of cases was not yet clear. They spoke on condition of anonymity because the review is going on at the same time as the department's internal watchdog investigates passport record security related to the breaches involving the White House candidates. Smith died in the Bahamas in February 2007. The review of her passport file appears to have come after a legitimate request from the U.S. Embassy in the Bahamas for information needed to complete her death certificate, the officials said. From rforno at infowarrior.org Thu Mar 27 03:13:49 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Mar 2008 23:13:49 -0400 Subject: [Infowarrior] - Outsourced passport work scrutinized Message-ID: rticle published Mar 26, 2008 Outsourced passport work scrutinized http://washingtontimes.com/apps/pbcs.dll/article?AID=/20080326/NATION/866727 364/1001&template=printart March 26, 2008 By Bill Gertz - The inspector general of the Government Printing Office today said his office is conducting an "end-to-end" review of the agency's production of electronic passports. GPO Inspector General J. Anthony Ogden said the review is part of the office's work plan and will look at the outsourcing of some passport components, such as computer chips embedded in travel documents. The comments follow a report in today's editions of The Washington Times quoting congressional and GPO officials who raised security questions about the use of foreign contractors in the process. "We do pay close attention to the issue of passport manufacturing. It is a high priority of this office," Mr. Ogden said in an interview. Mr. Ogden said his office's plan includes the review "to help improve the process of manufacturing passports. That's no secret." The Washington Times reported that the GPO had contracted with two European companies to produce computer chips with a wire antenna assembled at a plant in Thailand. The company in Thailand, Smartrac, charged in a court filing in Netherlands last year that its technology was stolen by China. The outsourcing has raised concerns among investigators over the security of passports. GPO and State Department officials have sought to play down security concerns and have said they conduct regular checks of overseas manufacturers. Mr. Ogden said deficiencies in passport manufacturing detailed in an Oct. 12 report cited by the paper were related to older, non-electronic passports. He declined to specify what the deficiencies are but said the agency has been responsive in addressing many of the problems. "We work with the agency, and that agency has been very receptive," he said. Mr. Ogden also said he did not tell congressional investigators he was unaware of large profits being made by the GPO, although he declined to detail his discussions. He referred questions about the GPO's business practices to other GPO officials but noted that there may be differences over what is defined as profits. Documents and interviews with Bush administration officials said the GPO made about $100 million in profits on the production of electronic passports since 2006 and their sale to the State Department far beyond the costs. The profits are raising questions among congressional investigators about whether the GPO is complying with laws that limit its business activities to recovering printing costs on a break-even basis. From rforno at infowarrior.org Thu Mar 27 03:44:22 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 Mar 2008 23:44:22 -0400 Subject: [Infowarrior] - Has Congress Backdoored In 'Attempted Infringement' As A Crime? Message-ID: Has Congress Backdoored In 'Attempted Copyright Infringement' As A Crime? from the uh-oh... dept Last year, when Alberto Gonzales was under pressure from Congress, he suddenly started spending a lot of time talking about stricter copyright laws. Perhaps it gave him a distraction from repeating "I do not recall" all day in front of Congress. His proposal was basically a laundry list of the entertainment industry's desired changes to copyright law, including making "attempted infringement" a crime. Despite the fact that copyright law is pretty clear that an actual violation needs to happen first, this would shift the standard so that if you just attempted to infringe, you could be found guilty of the full infringement itself. While Gonzales' efforts went nowhere, William Patry is pointing out that Congress may have backdoored in this "attempted" clause late last year through the Orwellianly-titled Criminal Code Modernization and Simplification Act. In that act, it notes that: "Unless otherwise provided by law, whoever attempts to commit an offense shall be punished as is provided for the completed offense." When it comes to copyright law in the bill, no exception is provided. Patry points to the recent story of the guy sent to jail for just clicking a link to give you a suggestion of where this new law will allow complaints to go. It's not a pretty picture. http://techdirt.com/articles/20080324/152810634.shtml From rforno at infowarrior.org Thu Mar 27 19:41:03 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Mar 2008 15:41:03 -0400 Subject: [Infowarrior] - DHS IG gets IED components past screeners In-Reply-To: <47EBECC7.2090302@inetassoc.com> Message-ID: (c/o DS) http://hstoday.us/index.php?option=com_content&task=view&id=2579&Itemid=149 DHS IG Gets Past Screeners With IED Components by Anthony L. Kimery Thursday, 27 March 2008 /*Growing strain on screeners feared could cause bomb materials to be overlooked*/ Last week the Department of Homeland Security?s Office of Inspector General (OIG) released the unclassified summary of its latest audit of covert testing of airport screeners? ability to detect IEDs and IED components in both carry-on and checked baggage. OIG undercover personnel conducted unannounced, clandestine testing at eight domestic airports between late May 2007 through August 2007. Meanwhile, questions have been raised by intelligence authorities and lawmakers about whether high screener turn-over and some screeners at congested airports having been told to speed up the screening process have contributed to some of the problems DHS?s OIG discovered. There?s no way to independently scrutinize the impact of these concerns though because the OIG?s report is classified. The summary assures, however, that the IG?s conclusions about ?the strengths and weaknesses of the Transportation Security Administration?s [TSA] procedures, equipment, and supervision to ensure that Transportation Security Officers are able to prevent threat items from being introduced into the sterile areas and checked baggage systems of the nation?s airports? have been discussed with senior DHS officials ?and appropriate congressional committees.? DHS?s OIG also is not divulging ?the number of tests conducted, the names of the airports tested,? or ?the quantitative and qualitative results of our testing? ? all that also has been classified. Clearly, though, problems were found. DHS?s OIG stated that ?as a result of our testing, we made six recommendations to TSA, which concurred with all of them.? In contrast, the Government Accountability Office (GAO) in November disclosed that its covert testers were able to sneak liquid bomb-making components past screeners in carry-on luggage 19 times in 2007. In 2006, they were able to get past screeners 21 times with incendiary devices and bomb detonators that could have ?caused not insignificant explosions.? Indeed. The two senior GAO officials involved in the testing told lawmakers the liquid bomb and other explosives components they were able to carry on board passenger jets could have been assembled in as little as ten minutes. And if successfully detonated, they could have potentially caused a ?catastrophic? explosion. ?Our tests clearly demonstrate that a terrorist group, using publicly available information and few resources, could cause severe damage to an airplane and threaten the safety of passengers by bringing prohibited IED and IID components through security checkpoints,? GAO said . That both GAO and DHS IG undercover testers succeeded in getting prohibited explosive materials past screeners proved that gaps in security existed. ?Given our degree of success, we are confident that our investigators would have been able to evade transportation security officers at additional airports had we decided to test them,? GAO stated. ?We understand the challenges TSA faces in balancing security risks with the efficient movement of passengers; however, from a strict security standpoint, current policies allowing substantial carry-on luggage and related items through TSA checkpoints increases the risk of a terrorist successfully bringing an IED, an IID, or both onto an aircraft undetected,? GAO concluded. ?Even if current carry-on luggage policies are left unchanged, our testing shows that risks can be reduced through improvements in human capital, improved processes, and continued advances in technology.? GAO briefed TSA officials on August 16, 2007, and September 5, 2007, to discuss its findings. ?TSA officials indicated that they did not disagree with our suggestions in principle and that they would examine them closely to determine whether and how they should be implemented,? GAO reported, adding, ?they acknowledged vulnerabilities in human capital, processes, and technology.? Similarly, DHS?s OIG said in its February report that TSA didn?t substantively disagree with its findings, either, and that as a consequence TSA ?is enhancing the effectiveness of screening by expanding the unpredictability of screening measures.? ?When fully implemented,? DHS?s IG said, its ?recommendations will improve an already strong passenger and checked baggage screening process.? Still, some intelligence and security officials and members of Congress are concerned that the high rate of turn-over among TSA?s screener workforce and the consequent burden it sometimes puts on short-handed airports to quickly move passengers through the screening process is causing short-cuts to be taken and inexperienced new screeners to miss things veteran screeners have learned to identify and look for. A /USA Today/ investigation last month found that the turnover among airport security screeners is among the worst in the federal workforce despite a $100 million effort to improve salaries and work duties. One in five screeners left between Oct. 1, 2006, and Sept. 30, 2007, federal Office of Personnel Management figures revealed. The turnover rate was the same for the previous same 12-month period. Attrition for the rest of the federal government was eight percent in 2006-07. ?Twenty percent [turnover] is pretty high,? said former DHS Inspector General Clark Kent Ervin. ?You want people who are as sharp and experienced as possible, and that?s why it?s a concern.? Airport screening checkpoints are ?chronically short-handed,? Rebecca O?Bryan told /USA Today/. O?Bryan quit her full-time screener job at San Jose International Airport in January. ?You?ve got these inexperienced people who are really slow using the equipment. It slows everything down,? she said. But it?s clearly been a problem for some time. Three years ago HSToday.us reported that screeners at airports across the country said during interviews they were having to work longer hours and extra shifts because of understaffing, and were sometimes called to work on days off because of the lack of manpower to meet workloads. (Also see the HSToday.us report, ?/Reasons for TSA Understaffing, Strains on Screeners Outlined in Report/ ? ) In more recent interviews with screeners around the nation, they said increased security measures have put a strain on the existing workforce, including having to cut short scheduled breaks because of staffing problems. Similarly, a screener at Atlanta's Hartsfield-Jackson International Airport, one of the busiest in the nation and an international hub, earlier told /USA Today/ that ?If there's a long line ? [managers] cancel breaks.? The New Jersey /Star-Ledger/ reported in late February that ?security screeners and supervisors at Newark Liberty International Airport are being pressured to move as many as 200 passengers through checkpoint lanes every hour to minimize wait times, according to security officials at the airport.? The 200 passengers-per-hour goal has never been widely publicized, although TSA acknowledged it, and it has surprised some aviation security experts who assert 18 seconds of screening simply isn?t enough time ? either for the screeners watching the x-ray machines or the Screening Passengers by Observation Techniques (SPOT) Behavior Detection Officers (BDOs) who may be questioning flyers looking for hints of deception and dishonesty. At major international hubs like Los Angeles and JFK airports, evidence indicates delayed flights into the US have especially put strains on screeners trying to process long lines of passengers arriving in the US who must go through TSA security before catching their domestic-bound connecting flights. Upon returning from France last summer on a delayed flight to JFK, I encountered a TSA screening checkpoint where screeners were scrambling to process passengers through only two screening lanes because two of the normally four lanes were shut down because of ?technical problems? and manpower shortages, several screeners confided. The screeners on hand when I arrived were visibly tired, stressed, and obviously taking well-reasoned shortcuts ? they allowed me through with prohibited quantities of liquids, just as they did my traveling companion. According to the /Atlanta Journal-Constitution/, screeners at Hartsfield-Jackson told it the pressure to shorten lines had resulted in missing some of the training mandated by TSA. Screeners said they were threatened with disciplinary action or dismissal if they didn?t sign a form each week stating they had received the training. Rather than the stipulated three hours a week, some screeners say their training has been reduced to minutes. TSA officials have dismissed most such allegations, some of which are the subject of on-going investigations by the DHS IG?s office. In an effort to help ease gridlock at security checkpoints at Boston?s Logan International Airport's Terminal A, TSA has established multiple ?self-select lanes.? There?s a "families and special assistance," "expert," and ?casual" lane. The Diamond Lane Self Select Program debuted last month in Salt Lake City and Denver. Last week it was rolled out at in Spokane, Washington and Orlando. From rforno at infowarrior.org Fri Mar 28 01:02:11 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Mar 2008 21:02:11 -0400 Subject: [Infowarrior] - New War on MP3s: EMI's Push to Ban Remote Music Storage Message-ID: he New War on MP3s: EMI's Push to Ban Remote Music Storage C:\Spin #196 by Ryan Radia March 24, 2008 http://cei.org/node/20537 Like never before, intellectual property is a hot issue, with media companies waging a global legal campaign against copyright infringement. The music industry has gone to court to combat perceived threats ranging from multinational piracy rings to casual file sharers. Recently, it has won some big victories in court. Yet this frenzy of litigation has yielded some troublesome legal precedents, which highlight the shortcomings of intellectual property law in the United States. The next potential casualty of America?s deficient copyright regime is MP3Tunes, a Silicon Valley startup founded by Web entrepreneur Michael Robertson, which lets users store digital music files in a secure, Web-based locker they can access from anywhere. MP3Tunes lets listeners access only music they have uploaded themselves. Like a handheld MP3 player, MP3Tunes frees music lovers from dragging around massive album collections on physical discs. But now Robertson?s service has run into a major obstacle. EMI, a major British record label, has sued MP3Tunes for copyright infringement. EMI contends that since users are transferring their music to a third party without getting permission from the record label, MP3Tunes is violating EMI?s exclusive right to distribute its music. MP3Tunes faces tough odds given past rulings in copyright infringement cases. EMI?s argument seems tenuous. MP3Tunes doesn?t ?share? files with anybody but the original owner, and paying a third party to act as a custodian does not imply a transfer of ownership. Individuals can already store digital files online using myriad services from Flickr to Mozy. We increasingly back up our entire lives to online repositories, and the individual, not the website, remains the owner. To be sure, intellectual property deserves strong legal protections, and content owners must be empowered with legal tools to combat piracy. But this does not mean laws should erect ironclad walls around digital media, dictating what consumers may do with files they have already purchased. At some point, content owners have to leave some breathing room. Once someone has purchased an album, moving that music online doesn?t undermine future commercial opportunities for the record company as long as the original buyer retains exclusive access. The digital age presents new challenges in defining copyright terms. Distinctions based on physical ownership of tangible media seem downright quixotic in a world where intellectual property can be transferred electronically through the Web. Still, current copyright laws fail to recognize the changing face of the music business, relying instead on an obsolete definition of digital media ownership. Content owners have rights, but those should not extend to shutting down music storage websites that are not abetting copyright infringement. And nothing is stopping EMI from developing its own digital locker service. That a Web startup dreamt up an innovative business model to complement consumers? busy lifestyles is no cause for judicial intervention. MP3Tunes is neither facilitating piracy nor discouraging people from buying music in any way. In fact, by making music collections more accessible and therefore more valuable, MP3Tunes might actually cause people to buy more music. This is an old story, familiar since Napster burst upon the scene: Instead of fighting sites like MP3Tunes, major labels would be wise to embrace new ways of delivering value to consumers. Rather than fight Silicon Valley startups, the big music labels could partner with them. The digital era presents a golden opportunity for consumers and producers alike, if only companies and courts can keep pace with the breakneck pace of technology. Listeners? appetite for compact discs may have waned, but not so with digital media files. ITunes recently announced that is has sold over 4 billion songs. In addition, the runaway success of satellite radio and online music subscription services point to a bright future for new music distribution media . Clinging to outmoded distribution methods will not restore the major labels? past glory. Heavy-handed tactics will only drive people toward forms of entertainment with flexible rules and innovative supply schemes. Just as importantly, lawmakers should not support entrenched media?s efforts to squelch new media at the expense of consumers and the equally valid business models of tomorrow. The MP3Tunes dispute underscores the need for substantive copyright reform. The 1996 Digital Millenium Copyright Act (DMCA) sought to preempt future copyright skirmishes by establishing new protections for content secured through Digital Rights Management, but it has fallen short of this aim. The DMCA has its merits. Its Safe Harbor provision, which shields network providers from liability for users? actions, has been essential in promoting network investment and fostering online commerce. Without legal protections, network operators would have little choice but to preemptively suppress a lot of user speech to avoid costly court battles. But other parts of the Act have been more troubling. The most widely criticized section is the anti-circumvention clause, which bans outright any device or software that breaks copy protection. For example, DVDs are copy-protected, so any program that allows owners to make back-up copies is illegal?even if no piracy is involved. Some experts, including noted cryptologists like Dmitry Sklyarov, have decried this section as chilling of academic speech. Some might conclude the obvious answer to the intellectual property dilemma is a sweeping new law, enumerating content owners? and consumers? respective rights. But technology is constantly evolving, and any new regulation is bound to face the same difficulties that plague the DMCA today. When Congress tries to foresee the unforeseeable, failure is inevitable. A better approach would be to empower courts to balance intellectual property rights with free speech on a case-by-case basis, while at the same time reexamining the DMCA. Should new legislation become necessary, lawmakers should tread carefully, framing the issue with general principles rather than technical specifics designed to compensate for every possible eventuality. Pioneering businesses like MP3Tunes embody the future of digital entertainment, but unless balance is restored to America?s intellectual property regime, consumers may end up stuck in the information stone age. From rforno at infowarrior.org Fri Mar 28 01:05:42 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Mar 2008 21:05:42 -0400 Subject: [Infowarrior] - Comcast and BitTorrent agree to 'collaborate' Message-ID: Comcast and BitTorrent agree to 'collaborate' Posted by Anne Broache | 4 comments Update 10:15 a.m. PDT: Comments from Rep. Edward Markey and FCC Chairman Kevin Martin added. It's official: Comcast and BitTorrent are calling a truce. Ever since the cable giant admitted to disrupting file-sharing traffic based on the BitTorrent protocol, a very public debate has erupted over what constitutes appropriate "network management" by Internet service providers, and with it, a resurgence of calls for Net neutrality rules that would prohibit such practices. But as companies are wont to do when regulators are breathing down their necks (read: the Federal Communications Commission), the companies announced that they're going to become collaborators. Whether the deal is enough to satisfy policymakers scrutinizing Comcast's behavior, however, remains to be seen, as it's already drawing some measure of skepticism. The "collaborative effort" doesn't mean that Comcast will give up on managing the way traffic flows through its network. Rather, Comcast said it will work on reconfiguring its networks so that, by year's end, it manages data in a "protocol agnostic" way. Comcast has confessed to "delaying" uploads to the BitTorrent protocol at peak congestion times, but the new process would apparently involve managing traffic based on how much bandwidth consumers use, rather than what sort of applications they're running. It's not clear what levels of bandwidth use would trigger such steps. As a Comcast vice president said during a recent FCC hearing about his company's network management practices, the cable operator tells its customers what broadband speeds they can expect, but it doesn't spell out how much bandwidth they're allotted. Instead, it says that subscribers are entitled to use the service in a way that doesn't degrade other subscribers' experiences. (In an interview with News.com's Declan McCullagh on Thursday morning, Comcast Vice President Joe Waz said no "bandwidth caps" are planned and offered some more details on the company's plans.) < - > http://www.news.com/8301-10784_3-9904494-7.html From rforno at infowarrior.org Fri Mar 28 01:07:00 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Mar 2008 21:07:00 -0400 Subject: [Infowarrior] - Bye, Bye TorrentSpy Message-ID: MPAA copyright punch up knocks out TorrentSpy Former BitTorrent champ throws in the towel By Chris Williams ? More by this author Published Thursday 27th March 2008 14:43 GMT http://www.theregister.co.uk/2008/03/27/torrentspy_shuttered/ The operators of TorrentSpy, once the most popular BitTorrent tracker, have been forced to permanently shutter the site after losing a battle with rights holders. A Los Angeles court ruled in favour of the Motion Picture Ass. of America in December after TorrentSpy destroyed evidence, claiming it was protecting users' privacy. The judge said it had made a fair trial impossible and imposed a $30,000 fine. This statement has been posted the TorrentSpy site by its founder Justin Bunnell: We have decided on our own, not due to any court order or agreement, to bring the Torrentspy.com search engine to an end and thus we permanently closed down worldwide on March 24, 2008. The legal climate in the USA for copyright, privacy of search requests, and links to torrent files in search results is simply too hostile. We spent the last two years, and hundreds of thousands of dollars, defending the rights of our users and ourselves. Ultimately the court demanded actions that in our view were inconsistent with our privacy policy, traditional court rules, and international law; therefore, we now feel compelled to provide the ultimate method of privacy protection for our users - permanent shutdown. It was a wild ride, The TorrentSpy Team Rights holders might question how TorrentSpy's operators made those "hundreds of thousands" of dollars in the first place. The December decision marked the knockout blow in a lengthy pummeling of TorrentSpy by the film industry lobby. The site's operators unsuccessfully attempted to appease US courts by applying a filter against copyright files. When that didn't work it began blocking American IP addresses. The restrictions resulted in a slide in the popularity of TorrentSpy among filesharers, which was funded by advertising. Its crown as the most popular BitTorrent tracker was taken by the Pirate Bay. The militant Swedish outfit's administrators are currently in court themselves. Peter Sunde, one of the four on trial, reacted to the permanent closure of Torrentspy today, writing: "I was not the biggest TorrentSpy fan out there. It was a personal thing about filters and such that I could not agree to, but I must applaud Justin Bunnell for the way he has been taking care of his users and their privacy. "Today all big torrent sites are pressured somehow. [The Pirate Bay] has it's [sic] share of pressure, however we expected it and have a legal system that is more just in cases like this. The way that the copyright lobby is going at this is totally wrong and we can't let them win." Illegal filesharers are now facing a pincer movement from the record, software, and film industries. As well as attacking BitTorrent trackers, a long-running international lobbying campaign to force ISPs to disconnect persistent infringers seems to be gaining ground. Japanese telcos have acquiesced to the scheme and the French government, ISPs, and rights holders have agreed to implement a similar system. Westminster is, meanwhile, threatening new anti-filesharing laws if UK internet providers don't voluntarily agree sanctions against repeat copyright infringers. From rforno at infowarrior.org Fri Mar 28 01:12:20 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Mar 2008 21:12:20 -0400 Subject: [Infowarrior] - DOD gives inexperienced 22 year-old $300 million contract Message-ID: " A lengthy investigation published Thursday reveals that the Pentagon gave an inexperienced 22-year-old a $300 million contract to provide ammunition to Afghanistan. The shady deal resulted in decades old, substandard munitions being delivered to US and Afghan troops fighting on the front lines of the war on terror." < - more - > http://tinyurl.com/3ancmp From rforno at infowarrior.org Fri Mar 28 01:51:49 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Mar 2008 21:51:49 -0400 Subject: [Infowarrior] - Wikileaks more Scientology documents Message-ID: Church of Scientology collected Operating Thetan documents http://tinyurl.com/2s7knf >From the Wikileaks analysis, this juicy quote: 'Hubbard then goes on to explain OT2, but before he does so, he tells the Churches how to keep Scientology working. One way is to not divulge information on their "technology." Doing so, says Hubbard, would result in "the complete destruction of all our work."' ...hrmmm. Security through obscurity, anyone? -rf From rforno at infowarrior.org Fri Mar 28 03:05:33 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 Mar 2008 23:05:33 -0400 Subject: [Infowarrior] - Gates Orders Inventory of US Nukes Message-ID: Gates Orders Inventory of US Nukes Mar 27, 9:37 PM (ET) By LOLITA C. BALDOR http://apnews.myway.com/article/20080328/D8VM4P8G2.html WASHINGTON (AP) - Defense Secretary Robert Gates has ordered a full inventory of all nuclear weapons and related materials after the mistaken delivery of ballistic missile fuses to Taiwan, the Pentagon said Thursday. Gates told officials with the Air Force, Navy and Defense Logistics Agency to assess inventory control procedures for the materials and to submit a report within 60 days. Earlier this week, Gates directed Navy Adm. Kirkland H. Donald to take charge of a full investigation of the delivery mistake in which four cone-shaped electrical fuses used in intercontinental ballistic missile warheads were shipped to the Taiwanese instead of the helicopter batteries they had ordered. It was the second nuclear-related mistake involving the military that has been revealed in recent months. In August an Air Force B-52 bomber was mistakenly armed with six nuclear-tipped cruise missiles and flown from Minot Air Force Base, N.D., to Barksdale Air Force Base, La. At the time, the pilot and crew were unaware they had nuclear arms aboard. The electrical fuses were delivered in fall 2006, but the military did not fully realize the gravity of the blunder until last week. The revelation sparked sharp protests from China and forced President Bush to acknowledge the error in a phone call Wednesday with Chinese President Hu Jintao. While the shipment did not contain nuclear materials, the error is particularly sensitive because China vehemently opposes U.S. arms sales to Taiwan. U.S. officials were quick to say that the incident did not suggest any change in policies toward Taiwan arms sales. But China's Foreign Ministry spokesman Qin Gang said, in a statement posted on the agency's Web site, that China had sent a protest to Washington expressing "strong displeasure." He said China demanded the U.S. investigate the matter and report back to China to "eliminate the negative effects and disastrous consequences created by this incident." Despite quarterly checks of the inventory, defense officials said they never knew the fuses were gone. Only after months of discussions with Taiwan over the missing batteries did the Pentagon finally realize - late last week - the seriousness of what had happened. During that time, according to a senior Taiwan defense official, the U.S. initially asked Taiwan to dispose of the missile fuses. U.S. officials said that early on it was thought the Taiwanese had simply received the wrong batteries. Once the error was discovered, the military quickly recovered the four fuses, which are linked to the triggering mechanisms in Minuteman nuclear missile nose cones. But Gates has demanded sweeping reviews to discover how it happened and whether it indicates a broader problem in the security of the military's nuclear weapons and related materials. In his memo released Thursday, Gates ordered a physical inventory of all nuclear related items. Donald, whose assessment is separate from the agencies' inventories, must provide Gates with an initial report by April 15. --- On the Net: Defense Department: http://www.defenselink.mil From rforno at infowarrior.org Fri Mar 28 13:24:41 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Mar 2008 09:24:41 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?Tapes_=B9_Destruction_Hovers_Over_?= =?iso-8859-1?q?Detainee_Cases?= Message-ID: Tapes? Destruction Hovers Over Detainee Cases By MARK MAZZETTI and SCOTT SHANE Published: March 28, 2008 WASHINGTON ? When officers from the Central Intelligence Agency destroyed hundreds of hours of videotapes documenting harsh interrogations in 2005, they may have believed they were freeing the government and themselves from potentially serious legal trouble. But nearly four months after the disclosure that the tapes were destroyed, the list of legal entanglements for the C.I.A., the Defense Department and other agencies is only growing longer. In addition to criminal and Congressional investigations of the tapes? destruction, the government is fighting off challenges in several major terrorism cases and a raft of prisoners? legal claims that it may have destroyed evidence. ?They thought they were saving themselves from legal scrutiny, as well as possible danger from Al Qaeda if the tapes became public,? said Frederick P. Hitz, a former C.I.A. officer and the agency?s inspector general from 1990 to 1998, speaking of agency officials who favored eliminating the tapes. ?Unknowingly, perhaps, they may have created even more problems for themselves.? < - > http://www.nytimes.com/2008/03/28/washington/28intel.html From rforno at infowarrior.org Fri Mar 28 18:00:55 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 Mar 2008 14:00:55 -0400 Subject: [Infowarrior] - FW: [IP] Yahoo to Eliminate 'Adult' Profiles In-Reply-To: <0E6E608443A703489B63435E45E6427129D5E235F5@EXVMBX016-3.exch016.msoutlookonline.net> Message-ID: (via IP list) ------ Forwarded Message ________________________________________ From: Jeff Schult [jss at tftb.com] Sent: Thursday, March 27, 2008 6:11 PM To: David Farber Subject: Yahoo to Eliminate 'Adult' Profiles I got an e-mail from Yahoo today telling me that the company is eliminating "adult profiles" for members as of April 9. Obviously, this affects a vast number of people who make their living taking off their clothes in front of webcams, other exhibitionists and those who care about or even love them. Yahoo says in the e-mail that it is eliminating the whole category of 'adult' profiles, and will delete, on April 9, all photos on adult profiles. The implication is that the profiles will otherwise remain intact. However, Yahoo says nothing in the email about the implication of its action for Yahoo Groups -- a very large number require a Yahoo adult profile as a condition to join. This includes a multitude of pornography groups, yes. But in my experience it also includes a significant number of groups that are forums for discussing such things as plastic surgery, or breast cancer, etc. -- groups to which "adult" images are posted. So it appears, at first glance, to be a step with more implications than just eradicating a community of pornophiles ... I realize that not all would find *that* alarming enough. Discussed at: http://www.jeffschult.com/blog/?p=70 -jeff From rforno at infowarrior.org Sat Mar 29 13:38:42 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Mar 2008 09:38:42 -0400 Subject: [Infowarrior] - VeriSign ups cost of .com, .net domains second year in a row Message-ID: VeriSign ups cost of .com, .net domains second year in a row By David Chartier | Published: March 28, 2008 - 02:00PM CT http://arstechnica.com/news.ars/post/20080328-verisign-ups-cost-of-com-net-d omains-second-year-in-a-row.html Exercising its contractual right to raise prices, VeriSign is once again increasing the base registration fees for .com and .net domain names. It's the second increase in as many years since the company extended its control of those two TLDs in 2006. Currently, registrars pay VeriSign $6.42 per .com domain and $3.85 for .net domains. Come October, those prices will increase to $6.86 and $4.23, respectively. Those price hikes are the maximum 7 percent allowable (to the penny) under VeriSign's contract (which runs through 2012) with ICANN. Chances are, registrars will pass the price increase on to customers. In a press release justifying the higher prices, VeriSign cited increases in the amount of traffic and cyber attacks on the global TLD infrastructure it is responsible for. The company says it is boosting infrastructure capacity ten-fold by 2010 via its Project Titan, as well as increasing DNS capacity from 400 billion daily queries to over four trillion, even though it currently only processes a peak of 33 billion queries per day under current conditions. It also helps that the ICANN has given VeriSign a monopoly over the .com and .net TLDs, allowing the company to jack prices up each year. At least ICANN had the foresight to mandate a 7 percent annual cap on increases, putting a limit on the amount of pain VeriSign can inflict on registrars each year. Assuming that VeriSign continues the 7 percent rise each year (which seems reasonable given the company's history), registrars will be looking at $9.00 for .com domains by the time the current contract ends in 2012?a 50 percent increase in six years. Per the agreement ICANN made with VeriSign in 2006, VeriSign is required to provide notice of rate hikes in registration costs at least six months in advance, so the pain won't be felt by registrars for a few more months. Those registrars have not been happy about the ICANN-VeriSign pact, with Network Solutions calling it a "de facto perpetual monopoly." VeriSign sure is acting like one. From rforno at infowarrior.org Sat Mar 29 13:38:47 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 Mar 2008 09:38:47 -0400 Subject: [Infowarrior] - Daffy Rep Berman at it again, still 0wn3d by Hollywood Message-ID: Rep. Berman: Pro-IP bill will become law in 2008 Posted by Declan McCullagh | 6 comments http://www.news.com/8301-10784_3-9905598-7.html HOLLYWOOD, Calif.--Rep. Howard Berman, who heads a congressional panel in charge of writing copyright legislation, lashed out at Internet pirates this week and defended his effort to add stiffer anticopying penalties to federal law. Berman, a Democrat who represents the congressional district near Hollywood, said at a technology policy conference here that he was on track to enact the so-called Pro-IP Act by the end of 2008. The bill ratchets up civil penalties for copyright infringement and creates a new federal agency charged with bringing about a national and international copyright crackdown. "I don't think there's a lot of controversy," Berman said on Wednesday. "This one is not like the patent bill." Groups like the Electronic Frontier Foundation and Public Knowledge have opposed the Pro-IP Act, saying it makes little sense to seize a family computer allegedly used to download music on a peer-to-peer network and that the legislation amounts to protecting the entertainment industry's business model at the expense of technology. "There are people who want to steal intellectual property," Berman said in an apparent criticism of EFF and Public Knowledge. "Their lobby is distributed, diffuse, but unfortunately very popular." Berman dismissed the Justice Department's criticism of Pro-IP--the agency believes the current arrangement for criminal enforcement works fine--as merely protecting political turf. "They don't like Congress telling them how to organize their branch, but that's our right," Berman said. "They take the notion of executive privilege very seriously." He also: * Defended the Digital Millennium Copyright Act, which has been the subject of protests from technologists for nearly a decade: "I know the DMCA is controversial--by and large I think it makes a lot of sense." * Wondered whether Internet service providers should be required to pull the plug on customers engaged in piratical activities: "To what extent do we ask ISPs to (undertake) some affirmative actions?" The Motion Picture Association of America has called on ISPs to do precisely that, without saying it should be mandated by law; its international counterparts have not been as reticent. * Joked that as the new chairman of the House Foreign Affairs Committee (after Rep. Tom Lantos' death), he'd support using military force against countries that are piracy havens. Berman didn't say who would be the next chairman of the House copyright subcommittee and refused to speculate on whether Rick Boucher or Jerry Nadler would get the spot. From rforno at infowarrior.org Sun Mar 30 04:18:17 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Mar 2008 00:18:17 -0400 Subject: [Infowarrior] - Who Patches Bugs Faster, Apple or Microsoft? Message-ID: Who Patches Bugs Faster, Apple or Microsoft? Jeremy Kirk, IDG News ServiceSat Mar 29, 6:00 PM ET http://news.yahoo.com/s/pcworld/20080329/tc_pcworld/143957&printer=1;_ylt=A0 WTcVVFFO9HijkAzBYRSLMF Apple's teasing commercials that imply its software is safer than Microsoft's may not quite match the facts, according to new research revealed at the Black Hat conference on Thursday. Researchers from the Swiss Federal Institute of Technology looked at how many times over the past six years the two vendors were able to have a patch available on the day a vulnerability became publicly known, which they call the zero-day patch rate. They analyzed 658 vulnerabilities affecting Microsoft products and 738 affecting Apple. They looked at only high- and medium-risk bugs, according to the classification used by the National Vulnerability Database, said Stefan Frei, one of the researchers involved in the study. What they found is that, contrary to popular belief that Apple makes more secure products, Apple lags behind in patching. "Apple was below 20 [unpatched vulnerabilities at disclosure] consistently before 2005," Frei said. "Since then, they are very often above. So if you have Apple and compare it to Microsoft, the number of unpatched vulnerabilities are higher at Apple." It's generally good for vendors to have a software fix available when a vulnerability is disclosed, since hackers often try to find out where the problem is in order to write malicious software to hack a machine. For a vendor to have a patch ready when the bug is detailed in public, it needs to get prior information from either its security analysts or external ones. Otherwise the vendor has to hurry to create a patch, but that process can be lengthy, given the rigorous testing needed to test the patch to ensure it does not conflict with other software. Apple only started patching zero-day vulnerabilities in late 2003, Frei said. "We think that Apple had fewer vulnerabilities early on, and they were just surprised or not as ready or not as attentive," Frei said. "It looks like Microsoft had good relationships earlier with the security community." Over the past few years, Microsoft has tried to cultivate a closer relationship with the security community in order to encourage researchers to give it a heads-up about software problems. Apple, however, doesn't appear to have that same sort of engagement yet, and, "based on our findings, this is hurting them," Frei said. Curiously, both vendors' abilities to have zero-day patches ready at disclosure seemed to dip in the six months before a major product release. That trend was most pronounced in 2004 and 2005. Frei theorized that the buildup to big software releases took away software engineering resources. Andrew Cushman, director of Microsoft's Security and Research, said he couldn't pinpoint what might cause that trend. But in 2004 and 2005, Microsoft had a rash of vulnerabilities pop up in its Office products that it did not get advance notice of, which may have contributed to a higher percentage of unpatched publicly disclosed bugs. However, the study proved to be such a glowing affirmation of Microsoft's increased focus on security in the past few years that it prompted Cushman to ask Frei, "Did Microsoft fund this research?" "This is independent academic research," Frei replied. From rforno at infowarrior.org Sun Mar 30 15:43:43 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Mar 2008 11:43:43 -0400 Subject: [Infowarrior] - Comcast's P2P Conversion: I'll Believe It When I See Results Message-ID: Comcast's P2P Conversion: I'll Believe It When I See Results Posted by: Peter Burrows on March 28 http://blogs.businessweek.com/mt/mt-tb.cgi/9777.1413113105 Is Comcast serious about making nice with the ?peer to peer? technology crowd? That would seem to be the case given the deal announced yesterday with BitTorrent Inc., in which the cable giant agreed to stop throttling the performance of heavy P2P users during peak times, and instead pledged to invest in the bandwidth and technologies to be able to handle that traffic. Says BitTorrent CEO Ashwin Navin: ?It?s a great day for us. A lot of good can come out of this.? I think that may well be true?somewhere down the line. For now, it?s pretty clear that this conversion is more about solving a nasty PR problem, than in truly working with P2P providers to better handle the rising tide of online video traffic. Clearly, Comcast needs to calm down critics?including at the FCC?who?ve had a field day since the Associated Press revealed last Fall that Comcast was throttling the bandwidth to heavy P2P users during peak times. And BitTorrent was the most convenient partner through which to make such a move. ?Comcast has been caught with its hand in the cookie jar, and they?re trying to quickly close the book on the issue,? says Gilles BianRosa, CEO of P2P rival Vuze Inc., which filed a complaint with the FCC last year seeking new rules on how ISPs can manage traffic over their networks. ?Just putting out a press release doesn?t push the envelope too much.? Om Malik was similarly suspicious. And FCC chairman Kevin Martin says he?s watching to make sure words are followed by action. Why such cynicism about the deal with BitTorrent? For starters, the company is a known quantity to Comcast. BitTorrent president Ashwin Navin says the company has been having talks with Comcast technologists about they could use P2P to their advantage for the past 2.5 years, and a year ago Comcast CTO Tony Werner joined BitTorrent?s advisory board. Also, BitTorrent certainly has the right name, since it may lead some to make more of the deal than really exists. That's because BitTorrent is the name of the most commonly used software protocol used to distribute P2P traffic. But while BitTorrent, the company, invented the underlying protocol, it's only one of many that make software that work with this standard. Vuze, for example, has created programs (mostly a client called Azureus) that have been downloaded more than 160 million times. Navin is quick to admit that politics played a major role in Comcast?s turnaround. While his company may have been in talks with Comcast for 2.5 years, it didn?t find out about Comcast?s throttling policy until the rest of the world did. Indeed, BitTorrent has supported Vuze?s petition with the FCC. Rather, Comcast only got serious about partnering with BitTorrent in the aftermath of amajor PR debacle. Not only did its surreptitious throttling create a prime-rib of an issue for the Net Neutrality crowd to bite into, but Comcast's clumsy efforts to deny or at least downplay the significance only made matters worse. That led to an FCC hearing in January, in which FCC Chairman Martin vowed to consider regulations on network management techniques. Worse, telecom rival Verizon has since stolen the high-ground on this issue. Just days ago, the AP broke news that the phone giant has not only been partnering with P2P players, but had done research that suggests the collaboration can vastly improve download speeds for its broadband customers. With Verizon now out telling millions of young, Net savvy P2P users that it's on their side, Comcast can ill afford to stand still. But if Comcast was serious, a greater symbol of sincerity would have been to reach out to Vuze, given that it was the company that filed the FCC petition. From the start, Vuze CEO BianRosa (who, by the way, is a former McKinsey consultant?not some wise-acre whippersnapper out to build a business on piracy), made it clear he hoped the pressure would lead to more fruitful talks with Comcast. ?From day one, we?ve said that cooperation is required,? he says. Regardless of the depth of Comcast's P2P conversion, yesterday?s news is a welcome step forward. At least Comcast will end its efforts to demonize P2P. I certainly understand the temptation. By some counts, P2P consumes as much as 60% of all consumer traffic?and carriers don?t currently charge extra beyond normal monthly bills. But ask the technical experts, and they'll tell you that P2P technology has a critical role to play if Internet video really is going to become truly mainstream. By letting the world's PCs store vast amounts of video content, P2P can lighten the bandwidth load for content owners, who would otherwise have to pay much higher costs to pipe that fare direct to all of our living rooms. That's why many P2P companies have been quietly bought up by the likes of Verisign, Cisco and others in recent years Even if tech experts have noticed P2P's promise, until recently the general perception of the technology among the Net-using public is still that defined for it by Napster, which used P2P approaches to become the first mainstream piracy site in the late 1990s (not the public company that bears that name today, which sells licensed music). Ironically, I think Comcast may have done more than any PR campaign could have done to revamp P2P's brand-?from a weapon used by bandwidth-hogging online pirates, into a tool that all law-abiding consumers should be free to benefit from. Truth is, technologies are a lot like political revolutions: they're often dismissed by the prevailing powers as unreliable, under-powered and un-economical--until they prevail in the marketplace. Think PC vs. mainframe, Linux vs. Unix and Windows, and even cable versus broadcast back in the 1970s. We may well look back one day and see Comcast's conversion as a major milestone in the evolution of P2P. ?The elephant in the room is that people are using P2P to watch long-form content?because it?s a very powerful platform for the job,? says Bianrosa. ?More people are starting to realize this.? TrackBack URL for this entry: http://blogs.businessweek.com/mt/mt-tb.cgi/9777.1413113105 From rforno at infowarrior.org Mon Mar 31 02:59:31 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Mar 2008 22:59:31 -0400 Subject: [Infowarrior] - FW: Heathrow terminal five in complete meltdown In-Reply-To: <20080330214835.GA19229@gsp.org> Message-ID: ------ Forwarded Message From: Rich Couple of links: British Airways loses 15-20,000 bags since Thursday at supremely b0rked Heathrow Terminal 5 - Boing Boing http://www.boingboing.net/2008/03/29/british-airways-lose.html BA'S bosses partied as as Heathrow Terminal Five crashed - Sunday Mirror http://www.sundaymirror.co.uk/news/sunday/2008/03/30/ba-s-bosses-partied-as -as-heathrow-terminal-five-crashed-98487-20366962/ I believe this is the same terminal where an insanely stupid plan to collect passenger fingerprints was being piloted. I do hope, now that they've conclusively proven they can't even handle parking, elevators, and baggage competently, that the grown-ups will step in and forbid them from collecting biometric data, as they'd probably just lose it: Heathrow Terminal Five hit by security leak http://www.sundaymirror.co.uk/news/sunday/2008/03/30/heathrow-terminal-five -hit-by-security-leak-98487-20367557/ Someone should also explain why buffoon-in-chief Willie Walsh still has a job: "I think it's great and it's going to get better. This is a hundred times better than anything else at Heathrow." From rforno at infowarrior.org Mon Mar 31 03:42:04 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 Mar 2008 23:42:04 -0400 Subject: [Infowarrior] - Europe poised to bolster Web shield Message-ID: Europe poised to bolster Web shield By Doreen Carvajal Sunday, March 30, 2008 http://www.iht.com/bin/printfriendly.php?id=11530880 PARIS: Nearly a year after Estonia weathered an onslaught of cyberattacks, its name has become a rallying cry for countries pressing to strengthen global cooperation between governments and private Internet service providers to combat computer crime. But some privacy advocates and computer experts remain wary of such efforts. On Tuesday, the Council of Europe plans to introduce guidelines to aid computer crime investigators, building on a cybercrime treaty that has been signed by 43 nations, including the United States. A controversial proposal would require service providers to give the authorities a list of the types of information that they could offer. On Wednesday, NATO will present a strategy for countering computer attacks at a meeting for heads of state in Bucharest, with a proposal to create a central cyberdefense authority. "The attacks on Estonia - directed at services on which Estonian citizens rely - could happen anywhere," said James Appathurai, a NATO spokesman. "The only way to defend against them is through multinational, multilateral cooperation." That kind of military talk concerns privacy advocates and computer experts, who fear that private companies will be pressed into service to police users as part of these strategies. "One of the great consequences of all of this is that an agenda is created for a society that is under surveillance," said Peter Sommers, a senior research fellow at the London School of Economics and author of "The Hacker's Handbook," written under the pseudonym Hugo Cornwall. "And in the panic, we lose the quality of control." Sommers added, "You can talk yourself into the threat of terrorism or cyberterrorism that has no relationship to the actual risk you face." At the Bucharest summit meeting, the NATO authorities will seek final approval for a plan to emphasize international cyberdefense training programs, an information alert system and the development of a central authority to coordinate cyberdefense. The civilian and military authorities in Estonia are rushing to complete a NATO center for digital defense in the capital, Tallinn. The center, in an old military barracks, is designed to be an international academy that brings together experts from Western countries to analyze cyberthreats and develop counterstrategies. The United States, Germany, Italy and Spain have signaled that they will take part in the center under an accord that is expected to be signed in May. About 50 technicians and scientists will be recruited to work on strategies for detecting and foiling attacks. "Today it is quite easy to organize these attacks, and these criminals know very well that there are not enough regulations and not enough laws," said Estonia's foreign minister, Urmas Paet, who lobbied for an international center in his country and more cooperation. "It's difficult to investigate and also to punish." Estonia is also participating in the Council of Europe's cybercrime conference, contributing ?50,000, or $79,000, to finance cybercrime training programs along with Microsoft, which has donated $560,000. The Council of Europe, where 47 member nations work to promote human rights, is urging more countries to sign its cybercrime convention. It was the first international treaty to define cybercrimes from child pornography to computer fraud and network security violation. The council is now trying to raise public and private cooperation with guidelines for investigators to make information requests to a 24-hour emergency contact network of service providers to obtain quick, efficient responses from them. Margus Kolga, director general of security policy for the Estonian Ministry of Foreign Affairs, said the guidelines were essential because current relations between law enforcement and service providers were based on informal ties. Kolga said that when Estonia came under attack last spring, most Internet service providers cooperated with local investigators, but there were exceptions, notably from ISPs in Russia, the suspected origin of the cyberattacks. The help of private companies is vital, Kolga said, because "criminals use certain channels to do things." "And through cooperation with the ISPs, those channels can be blocked and the information flow can be redirected," Kolga said. "And then it's possible to keep things operating." They can also help, he noted, in the most difficult part of an investigation by providing information that may identify anonymous hands on a keyboard. Experts say one of their most difficult tasks remains the determination of whether they are looking for the handiwork of a hacker, a national government, a company or a mix of all three. The ISPs have not raised major objections to the guidelines, but there are a few controversial proposals that they expect will be eliminated during the council's conference, said Michael Rotert, a vice president of EuroISPA, a trade organization for the largest Internet providers in Europe. "These guidelines will give a certain set framework that can be applied without interfering with national laws such as a 24/7 hotline," Rotert said, adding that the companies opposed direct interference, like Scotland Yard investigators in Britain calling a German company with a demand for information. Rotert said he expected at least one proposal to be deleted at the conference. "They want the service providers to tell them what data is available," he said. "That should be the other way around." Marco Gerke, who led a working group of 25 computer experts that devised the guidelines over the last six months, said the framework was designed to set up a format of standard, written requests to help overcome the often uneasy relationship between investigators and service providers. "Cooperation between law enforcement and ISPs is very difficult," he said. "Law enforcement has a view of what they want to get, but by the book they're not allowed to get it. So this can lead to conflicts for a service provider that wants to protect the rights of the customers." Paet, the foreign minister of Estonia, said he hoped that more countries would support the various international agreements to create "a legal, concrete framework." But it may not improve matters in the long term with Russia, which, along with nations like Georgia, Turkey and Liechtenstein, has not signed the Council of Europe's cybercrime treaty. From rforno at infowarrior.org Mon Mar 31 12:30:15 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Mar 2008 08:30:15 -0400 Subject: [Infowarrior] - Hackers Assault Epilepsy Patients via Computer Message-ID: Hackers Assault Epilepsy Patients via Computer By Kevin Poulsen Email 03.28.08 | 8:00 PM http://www.wired.com/politics/security/news/2008/03/epilepsy Internet griefers descended on an epilepsy support message board last weekend and used JavaScript code and flashing computer animation to trigger migraine headaches and seizures in some users. The nonprofit Epilepsy Foundation, which runs the forum, briefly closed the site Sunday to purge the offending messages and to boost security. "We are seeing people affected," says Ken Lowenberg, senior director of web and print publishing at the Epilepsy Foundation. "It's fortunately only a handful. It's possible that people are just not reporting yet -- people affected by it may not be coming back to the forum so fast." The incident, possibly the first computer attack to inflict physical harm on the victims, began Saturday, March 22, when attackers used a script to post hundreds of messages embedded with flashing animated gifs. The attackers turned to a more effective tactic on Sunday, injecting JavaScript into some posts that redirected users' browsers to a page with a more complex image designed to trigger seizures in both photosensitive and pattern-sensitive epileptics. RyAnne Fultz, a 33-year-old woman who suffers from pattern-sensitive epilepsy, says she clicked on a forum post with a legitimate-sounding title on Sunday. Her browser window resized to fill her screen, which was then taken over by a pattern of squares rapidly flashing in different colors. Fultz says she "locked up." "I don't fall over and convulse, but it hurts," says Fultz, an IT worker in Coeur d'Alene, Idaho. "I was on the phone when it happened, and I couldn't move and couldn't speak." After about 10 seconds, Fultz's 11-year-old son came over and drew her gaze away from the computer, then killed the browser process, she says. "Everyone who logged on, it affected to some extent, whether by causing headaches or seizures," says Browen Mead, a 24-year-old epilepsy patient in Maine who says she suffered a daylong migraine after examining several of the offending posts. She'd lingered too long on the pages trying to determine who was responsible. Circumstantial evidence suggests the attack was the work of members of Anonymous, an informal collective of griefers best known for their recent war on the Church of Scientology. The first flurry of posts on the epilepsy forum referenced the site EBaumsWorld, which is much hated by Anonymous. And forum members claim they found a message board thread -- since deleted -- planning the attack at 7chan.org, a group stronghold. Fultz says the attack spawned an uncommonly bad seizure. "It was a spike of pain in my head," she says. "And the lockup, that only happens with really bad ones. I don't think I've had a seizure like that in about a year." But she's satisfied with the Epilepsy Foundation's relatively fast response to the attack, about 12 hours after it began on Easter weekend. "We all really appreciate them for giving us this forum and giving us this place to find each other," she says. Epilepsy affects an estimated 50 million people worldwide, about 3 percent of whom are photosensitive, meaning flashing lights and colors can trigger seizures. From rforno at infowarrior.org Mon Mar 31 14:15:18 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Mar 2008 10:15:18 -0400 Subject: [Infowarrior] - Transitions for Rick Message-ID: Message From Rick - March 2008 Richard Forno First published on 2008-03-31 (c) 2008 by author. Many of you have asked why I've been rather quiet over the past year or so with regard to penning very few articles and giving even fewer speeches in/for the information security community. At long last, an explanation is due, and I'm able to explain my recent reclusive status in the internet security world. < - > http://www.infowarrior.org/update-2008/ From rforno at infowarrior.org Mon Mar 31 17:33:58 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Mar 2008 13:33:58 -0400 Subject: [Infowarrior] - Sony BMG Caught Pirating Software In-Reply-To: <20080331150227.GA11679@gsp.org> Message-ID: (from RK) Sony BMG Sued for Using Pirated Software http://yro.slashdot.org/article.pl?sid=08/03/30/1856232&from=rss "The small software company PointDev learned that Sony BMG was using a pirated license for one of its system administration tools. PointDev got bailiffs to raid a Sony property and they found pirated software on four servers."