From rforno at infowarrior.org Thu May 1 01:47:02 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Apr 2008 21:47:02 -0400 Subject: [Infowarrior] - Instant Messaging for Introverts Message-ID: Opinion | 04 Apr 2008 | Instant Messaging for Introverts by Joe Kissell http://db.tidbits.com/article/9544 This fellow nicely sums up nearly my exact sentiment on Instant Messaging. I thought I was the only one who felt this way!!! More specifically, while I'm not as 100% black-and-white as he writes (ie, I don't mind chatting around when working if I'm so inclined every now and then) this article extract pretty much is my take on the IM thing..... < - > > Unlike many people, when I'm in front of my computer, I'm working, which means > I'm concentrating on something. I'm writing an article, or a book, or an email > message, trying to come up with exactly the right way to phrase some sentence > or express a certain point. Or I'm programming, trying to solve some logic > problem. Or I'm reading an article. Whatever the activity, it's something to > which I am predisposed to devote my entire attention. If the phone rings, or > my wife asks me a question, or an iCal alarm goes off, it breaks my > concentration in a way that's frustrating to recover from. I lose my mental > place, and it takes me a long time to get back into that same train of thought > and finish whatever I was working on. I'm not saying I need to write an entire > book without any interruptions, but when my mind is actively juggling > information, I need to complete that particular thought (or block of code, or > paragraph) before moving on to something else. > > This is why I love email as a mode of communication. I get many dozens of > messages every day, but I can answer them whenever I want. I don't have to > look at them right in the middle of this paragraph; I can wait five or ten > minutes - it doesn't matter (though in practice, I usually answer email very > quickly). Voicemail can make handling phone calls similarly convenient. But > instant messaging isn't like that. If my status shows that I'm online, then > people expect an immediate response, and even though I could choose not to > respond, I'd still have the blinking, bouncing, or beeping notification > interrupting my train of thought - it isn't an improvement for me. > > So in terms of IM status, I never consider myself "available" in the sense of > "interruptible." Ever. There is no time of any day, under any circumstances, > when I think to myself, "I really don't mind being interrupted now." If I'm > not at my computer, then most likely a phone call or a knock at the door won't > seem like an interruption. But if I am at my computer, I'm concentrating, > which means I'm not "available" - I do mind being interrupted. And if my > status shows that I'm unavailable, as it invariably does when I'm logged into > iChat, most people will refrain from trying to start a conversation - meaning > I might as well be entirely offline. < - > From rforno at infowarrior.org Thu May 1 01:52:22 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Apr 2008 21:52:22 -0400 Subject: [Infowarrior] - FlyClear Cards? Message-ID: Just out of curiosity, is anyone using the FlyClear "kinda-sorta-vetted" traveller ID card at US airports? Thoughts, opinions? Beuller? -rf From rforno at infowarrior.org Thu May 1 02:00:55 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Apr 2008 22:00:55 -0400 Subject: [Infowarrior] - The Hunt for the Kill Switch Message-ID: The Hunt for the Kill Switch By Sally Adee http://spectrum.ieee.org/print/6171 Last September, Israeli jets bombed a suspected nuclear installation in northeastern Syria. Among the many mysteries still surrounding that strike was the failure of a Syrian radar?supposedly state-of-the-art?to warn the Syrian military of the incoming assault. It wasn't long before military and technology bloggers concluded that this was an incident of electronic warfare?and not just any kind. Post after post speculated that the commercial off-the-shelf microprocessors in the Syrian radar might have been purposely fabricated with a hidden ?backdoor? inside. By sending a preprogrammed code to those chips, an unknown antagonist had disrupted the chips' function and temporarily blocked the radar. That same basic scenario is cropping up more frequently lately, and not just in the Middle East, where conspiracy theories abound. According to a U.S. defense contractor who spoke on condition of anonymity, a ?European chip maker? recently built into its microprocessors a kill switch that could be accessed remotely. French defense contractors have used the chips in military equipment, the contractor told IEEE Spectrum. If in the future the equipment fell into hostile hands, ?the French wanted a way to disable that circuit,? he said. Spectrum could not confirm this account independently, but spirited discussion about it among researchers and another defense contractor last summer at a military research conference reveals a lot about the fever dreams plaguing the U.S. Department of Defense (DOD). Feeding those dreams is the Pentagon's realization that it no longer controls who manufactures the components that go into its increasingly complex systems. A single plane like the DOD's next generation F-35 Joint Strike Fighter, can contain an ?insane number? of chips, says one semiconductor expert familiar with that aircraft's design. Estimates from other sources put the total at several hundred to more than a thousand. And tracing a part back to its source is not always straightforward. The dwindling of domestic chip and electronics manufacturing in the United States, combined with the phenomenal growth of suppliers in countries like China, has only deepened the U.S. military's concern. Recognizing this enormous vulnerability, the DOD recently launched its most ambitious program yet to verify the integrity of the electronics that will underpin future additions to its arsenal. In December, the Defense Advanced Research Projects Agency (DARPA), the Pentagon's R&D wing, released details about a three-year initiative it calls the Trust in Integrated Circuits program. The findings from the program could give the military?and defense contractors who make sensitive microelectronics like the weapons systems for the F?35?a guaranteed method of determining whether their chips have been compromised. In January, the Trust program started its prequalifying rounds by sending to three contractors four identical versions of a chip that contained unspecified malicious circuitry. The teams have until the end of this month to ferret out as many of the devious insertions as they can. < - > http://spectrum.ieee.org/print/6171 From rforno at infowarrior.org Thu May 1 02:17:27 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Apr 2008 22:17:27 -0400 Subject: [Infowarrior] - Universities Baffled By Massive Surge In RIAA Copyright Notices Message-ID: Universities Baffled By Massive Surge In RIAA Copyright Notices By Ryan Singel EmailApril 30, 2008 | 9:42:08 PMCategories: Copyrights and Patents http://blog.wired.com/27bstroke6/2008/04/riaa-sends-spik.html In the last 10 days, universities around the country have seen a 20-fold increase in the number of filesharing takedown notices from the recording industry, in an unexplained spike that seems focused on colleges in the Midwest. The spike is not matched by an increase in actual file sharing. Indiana University says that starting on April 21, the Recording Industry Association of America began sending 80 legal notices a day to the university. Typically, the university handles less than 100 such notices a Digital Millineum Copyright Act notices a month from the RIAA, the Motion Picture Association of America and HBO combined. The DMCA notices include information about a specific IP address, file sharing protocol and named infringing file. IU tech staff compare those details against the university's logs to make sure that the allegations are accurate, according to Mark Bruhn, an associate vice president of Indiana University's IT department. But many of these notices don't correspond to entries in traffic logs, which also don't show any overall increase in file sharing, Bruhn said. "We are not sure now what we have is an allegation of copyright infringement or an allegation of possible future illegal behavior," Bruhn said."The whole thing is very concerning, to be frank, we don't know why they are doing this and I'm not sure they know what they are doing." "They in fact can't know if the files being offered are actually the protected works of their clients -- how would they know if they didn't download and open them?" Bruhn said. Indiana University isn't alone in seeing a spike, according to Mark Luker a vice president of higher education techonology advocate Educause, who has heard that universities around the country are seeing the same spike. "Universities are getting as many notices from the RIAA in one day as what they would typically get from all content owners in a month," Luker said. University of Chicago has also seen a recent surge, its CIO confirmed to THREAT LEVEL. Meanwhile, the Chronicle of Higher Education reported Wednesday that George Washington University and University of Cincinnati are also reporting spikes beginning two weeks ago. For its part, the RIAA denies there's anything new to the letters, sending along a stock statement to THREAT LEVEL. "We are always making an effort to more effectively and efficiently detect infringing activity on the Internet, as we are continuously looking for ways to improve our ability to find and act on incidences of theft online. Having said that, there's been no change in our procedures." RIAA spokeswoman Liz Kennedy did not respond to a follow-up request to explain the surge and IU's analysis that notices were being sent without proof of infringement. Luker finds the RIAA's position difficult to believe. "It is for us hard to accept that students are multiplying their infringements by 30," Luker said. Bruhn concurs. "The RIAA says it is not new, but clearly it is," Bruhn said. University of California at Berkeley's chief information officer Shel Waggener confirmed he'd heard of the spikes and suggested there was a political purpose driving them. "Public universities are in a unique position since the industry puts pressure on us through state legislatures to try to impose what are widely considered to be draconian content monitoring measures and turn us into tech police forces in support of a specific industry," Waggener said. The RIAA is also backing legislation in states such as Illinois and Tennessee that would require schools that get a certain number of notices to begin installing deep packet monitoring equipment on their internet and intranets, according to Luker. "The number of DMCA notices that are sent to a university vary wildly from one day to the next, and no one, including the federal government knows how they send them out or what criteria they use," Luker said. "It is not reasonable in any way to use those counts as a basis for government actions." IU's Bruhn says the school has typically treated the notices seriously, requiring first time offenders to take an online tutorial about copyright, suspending second time offenders from the university's net for two weeks and indefinitely suspending anyone caught a third time. Bruhn, Waggener and Luker all downplayed the amount of file sharing occuring on campus networks these days, saying that the MPAA, for instance, radically overestimated how much movie piracy was attributable to college students. For more than two years, the industry claimed that more than 40 percent of illegal movie downloads came from college students -- costing the industry billions of dollars. Then in January of this year, the estimate was reduced to 15% for college-aged students, and only 3% occurring on campus networks. From rforno at infowarrior.org Thu May 1 18:30:40 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 May 2008 14:30:40 -0400 Subject: [Infowarrior] - DOJ NSD Launches New Office of Intelligence Message-ID: Department of Justice Seal Department of Justice FOR IMMEDIATE RELEASE WEDNESDAY, APRIL 30, 2008 WWW.USDOJ.GOV NSD (202) 514-2007 TDD (202) 514-1888 National Security Division Launches New Office of Intelligence WASHINGTON, D.C. ? Patrick Rowan, Acting Assistant Attorney General for National Security, today announced the formal launch of the Office of Intelligence within the Justice Department?s National Security Division (NSD). The reorganization creates three new sections within the Office of Intelligence dedicated to the NSD?s three primary intelligence related functions ? operations, oversight and litigation. The Department of Justice has played a critical role in the nation?s effort to prevent acts of terrorism and to thwart hostile foreign intelligence activities. Since the 9/11 terrorist attacks, the Department?s Office of Intelligence Policy and Review (OIPR) has grown dramatically because of the steady increase in the number of applications it has handled under the Foreign Intelligence Surveillance Act (FISA) in an effort to ensure that Intelligence Community agencies have the authority necessary to conduct intelligence operations. The creation of NSD in September 2006 brought OIPR under the umbrella of NSD and presented an opportunity to review the office?s structure and expanding mission. Based on this review, the NSD decided to modify the structure of the office, given that its intelligence staff has grown from fewer than 20 lawyers in 2000 to almost 100 today, and that its intelligence operations have increased with the rise in FISA caseload. Moreover, the office has assumed an expanded role in conducting intelligence oversight and in coordinating FISA-related litigation. To meet the needs of multi-faceted intelligence mission, the NSD developed a new structure called the Office of Intelligence, which is the successor to OIPR and consists of three specific sections aligned with the division?s core functions: operations, oversight and litigation. Each section is supervised by a chief who reports directly to Matt Olsen, the Deputy Assistant Attorney General for the Office of Intelligence. A description of each new section is below: Operations Section: The Operations Section handles NSD?s intelligence operations workload, including representing the government before the Foreign Intelligence Surveillance Court. The mission of the section is to ensure that the FBI and other intelligence community agencies have the legal tools necessary to conduct intelligence operations in adherence to the requirements and safeguards of the law. The Justice Department is handling more requests for FISA authority than ever before. From 2001 through 2007, the annual number of FISA applications approved by the Foreign Intelligence Surveillance Court rose from 934 to 2,370. Even with this increased workload, NSD has increased its efficiency in preparing and submitting applications to the Foreign Intelligence Surveillance Court, while ensuring that these applications are accurate and comply with the privacy protections in the FISA statute. The formation of the Operations Section is necessary to ensure that the National Security Division enhances its capacity to meet the demands of this critical mission. Oversight Section: The NSD also faces increased responsibilities in its mission to conduct oversight of the intelligence and counterintelligence activities of the FBI, as well as those of other intelligence agencies, as appropriate, to ensure adherence to the Constitution and applicable laws of the United States. In July 2007, the Department announced that a significant new national security and oversight effort would be implemented by the NSD. To meet this mandate, Justice Department attorneys for the first time have been given comprehensive authority to examine the FBI?s national security program for adherence to all applicable laws, regulations, and guidelines. In conjunction with the FBI?s office of general counsel, NSD attorneys now review national security investigation files at the FBI to identify and provide guidance on a range of issues. Among other things, the reviews examine FBI compliance with Attorney General national security guidelines, use of national security letters, predication for national security investigations, and referrals to the Intelligence Oversight Board. NSD conducted 15 national security reviews at FBI offices in 2007 and plans to complete another 15 reviews in 2008. The mandate to perform these new oversight responsibilities, in addition to NSD?s traditional FISA oversight functions, required the formation of a new Oversight Section dedicated to this mission. Litigation Section: With the lowering of the ?wall? between intelligence and law enforcement investigations, and the enhanced coordination between intelligence and law enforcement personnel, NSD has seen a steady increase in the number of requests to use information from FISA-authorized activities as evidence in criminal prosecutions of terrorists and spies. As a result, the NSD has created a separate Litigation Section to ensure sufficient resources are devoted to FISA-related litigation and to help prosecutors handle evidentiary and discovery issues in such matters. The Litigation Section reviews and prepares requests for Attorney General authorization to use FISA information in criminal and non-criminal proceedings. The section also drafts motions and briefs and responds to defense motions to disclose FISA applications and to suppress the fruits of FISA collection. Finally, the section works to ensure the consistent application of FISA in trial and appellate courts nationwide. To support this effort, the NSD in January 2008 developed a new policy, approved by the Attorney General, for investigators and prosecutors on the use of information obtained or derived from FISA collections. ### 08-360 From rforno at infowarrior.org Thu May 1 23:57:13 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 May 2008 19:57:13 -0400 Subject: [Infowarrior] - USG to automate security clearance reviews Message-ID: This should be....interesting to watch develop. -rf Government to automate security clearance reviews By STEPHEN LOSEY May 01, 2008 http://federaltimes.com/index.php?S=3507324 Bush administration officials want to have a plan in place to automate most aspects of the security clearance process by the time a new administration arrives. The plan, announced today, calls for a system that will accept online clearance applications, perform automated records checks, approve or deny some clearances using automated tools, and use automation to find red flags in applicants? background files and better target where field investigators focus their attention, Clay Johnson, deputy director for management at the Office of Management and Budget, said today. But details on how and when this new system will be in place ? and how much it will cost ? is still unknown. Johnson said he and other officials at the White House, the Office of Personnel Management, Defense Department and the Office of the Director of National Intelligence will release a series of reports this year with more information. Johnson said a big part of the plan is that computers will be regularly checking government and commercial databases to review relevant criminal, financial and other records of people who hold security clearances. Data on people holding top secret clearances will be reviewed every year and people holding secret clearances will be reviewed every five years. Top secret reinvestigations are now conducted every five years and secret reinvestigations are conducted about every 10 years. Johnson said he hopes the new system will enable field investigators to spend their time investigating only those leads that have not been resolved through automation. Investigators now investigate all aspects of an applicant?s background, which Johnson said is inefficient. ?We?ve been making determinations the same way for 50 years, and it?s time to change the way we do it,? Johnson said. From rforno at infowarrior.org Fri May 2 00:47:27 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 May 2008 20:47:27 -0400 Subject: [Infowarrior] - Cyberwarfare: Darpa's New 'Space Race' Message-ID: Cyberwarfare: Darpa's New 'Space Race' By Sharon Weinberger EmailMay 01, 2008 | 4:10:00 PMCategories: DarpaWatch, Info War, Training and Sims http://blog.wired.com/defense/2008/05/the-pentagon-wa.html The Defense Advance Research Projects Agency, or Darpa, was created 50 years ago, in response to the Soviets' launch of Sputnik. In less than a year, Darpa put together the infrastructure that guided the American space effort for decades to come. Now, Darpa has been given new marching orders: to help America fight and win battles online. Under a directive signed by the President -- and OK'd by Congress -- nearly every arm of the government's security apparatus is starting work on a massive national cybersecurity initiative, designed to protect the United States from electronic attack (and strike at adversaries online, as well). Darpa's role: Create a cyberwarfare range where all these new forms of electronic combat can be tried out. According to a defense official familiar with the program: "Congress has given DARPA a direct order; that's only happened once before -- with the Sputnik program in the '50s." Danger Room's sister blog, Threat Level, has a good writeup of the cybersecurity initiative, which has been labeled as a Manhattan Project-type effort (a similar label was used for the Pentagon's work against IEDs, though it's not clear the parallel is as real as some might hope). In the case of cybersecurity, there is at least talk of big money: about $30 billion, Danger Room is told. For its part, Darpa's "National Cyber Range" would create a virtual environment where the Defense Department can mock real warfare, both defense and offense. Darpa today issued an announcement, describing how the range would be a test where the government could: ? Conduct unbiased, quantitative and qualitative assessment of information assurance and survivability tools in a representative network environment. ? Replicate complex, large-scale, heterogeneous networks and users in current and future Department of Defense (DoD) weapon systems and operations. ? Enable multiple, independent, simultaneous experiments on the same infrastructure. ? Enable realistic testing of Internet/Global-Information-Grid (GIG) scale research. ? Develop and deploy revolutionary cyber testing capabilities. ? Enable the use of the scientific method for rigorous cyber testing. This is clearly a serious deal for the agency: Darpa Director Tony Tether is a scheduled speaker at the proposers' day workshop scheduled for mid-May, and apparently plans to help handpick the contractors (Tether is known for his close involvement in Darpa contracts, but this level of detail is apparently somewhat unusual, we're told). It also looks like many of the details surrounding this program will be classified. From rforno at infowarrior.org Fri May 2 00:48:20 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 May 2008 20:48:20 -0400 Subject: [Infowarrior] - EFF: Congress Must Investigate Electronic Searches at U.S. Borders Message-ID: May 1st, 2008 Congress Must Investigate Electronic Searches at U.S. Borders Broad Coalition Urges Hearings on Intrusive Search and Seizure of Electronic Devices San Francisco - The Electronic Frontier Foundation (EFF) and a broad coalition, including civil rights groups, professional associations and technologists, called on Congress today to hold oversight hearings on the Department of Homeland Security's search and seizure of electronic devices at American borders. The press has widely reported disturbing stories about U.S. citizens subject to intrusive searches of their laptops and cell phones. But a recent court decision found that customs officials can search travelers' computers at the border without suspicion or cause. In a letter sent to the House and Senate Homeland Security and Judiciary committees today, the coalition urges lawmakers to consider passing legislation to prevent abusive search practices by border agents and to protect all Americans from suspicionless digital border inspections. "Our computers, cell phones, and other electronic devices hold a vast amount of personal information like financial data, health histories, and personal emails and letters," said EFF Staff Attorney Marcia Hofmann. "In a free country, the government cannot have unlimited power to read, seize, and store this information without any oversight." So far, the Department of Homeland Security has refused to release its policies and procedures for conducting these intrusive searches. EFF and the Asian Law Caucus have filed suit against the Department of Homeland Security to obtain the information through the Freedom of Information Act. "Your privacy could be at risk even if you don't travel yourself. Your financial institution, your insurer, and other enterprises hold extensive personal data about you and your family," said EFF Senior Staff Attorney Lee Tien. "If agents of those groups travel internationally, your information could be exposed to officials at the border or potentially copied and stored in government databases. Americans should know how and why electronic data is seized and kept by the government, and who is able to access it at the border and in the years afterwards." In addition to EFF, the coalition signing today's letter includes more than 40 organizations and individuals, including the Association for Corporate Travel Executives, the American Civil Liberties Union, the National Association of Criminal Defense Lawyers, the Rutherford Institute, and prominent technologists such as Bruce Schneier and Whitfield Diffie. For the full letter to Congress: http://www.eff.org/press/archives/2008/05/01/border-search-open-letter For more on EFF's suit on border searches: http://www.eff.org/cases/foia-litigation-border-searches Contacts: Marcia Hofmann Staff Attorney Electronic Frontier Foundation marcia at eff.org Lee Tien Senior Staff Attorney Electronic Frontier Foundation tien at eff.org From rforno at infowarrior.org Fri May 2 01:25:02 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 May 2008 21:25:02 -0400 Subject: [Infowarrior] - Controversial Pro-IP Act sails through Judiciary Committee Message-ID: Controversial Pro-IP Act sails through Judiciary Committee By Ryan Paul | Published: April 30, 2008 - 06:55PM CT http://arstechnica.com/news.ars/post/20080430-pro-ip-act-passes-in-the-house .html The House Judiciary Committee has unanimously approved the Pro-IP Act, a legislative proposal which aims to impose stronger penalties for copyright infringement. The approval is no surprise, since the bill's chief sponsor is committee chairman Rep. John Conyers. The bill would create a new position for a federal copyright enforcement czar, establish a new copyright enforcement division within the Department of Justice, and would also permit law enforcement agents to seize property from perpetrators of copyright infringement. A controversial provision in the bill?which would have significantly raised the financial penalties for infringement by allowing the recording industry to collect damages for each track copied from a CD?was removed after receiving widespread criticism from critics and intellectual property law experts. The Judiciary Committee's approval of the bill has been welcomed by the Copyright Alliance, an industry-backed group that has lobbied fiercely for more extreme copyright protection. "The PRO IP Act contains numerous means to increase copyright enforcement both domestically as well as abroad, where the US Trade Representative's most recent report shows piracy remains rampant," said Patrick Ross, executive director of the Copyright Alliance, in a statement. "The Copyright Alliance applauds the work of the House Judiciary Committee and the leadership of Chairman John Conyers and Ranking Member Lamar Smith, for advancing this important piece of legislation today. Given the high stakes involved, we expect expedient action by the full House of Representatives." The Pro-IP Act's property seizure issue is still contentious and viewed with serious concern by many who have studied the systematic abuses of the same practices in the War on Drugs. Although the Judiciary Committee's approval is only the first step for the Pro-IP Act and many challenges remain before it can become a law. Its supporters are facing some time constraints, since the upcoming election will likely slow down legislative efforts in Congress. If the Pro-IP Act doesn't pass both chambers before the end of the year, they will have to start again in the following session. The content industry will likely continue its lobbying efforts in an effort to smooth out From rforno at infowarrior.org Fri May 2 01:47:55 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 May 2008 21:47:55 -0400 Subject: [Infowarrior] - Congress passes anti-genetic discrimination bill Message-ID: Congress passes anti-genetic discrimination bill By JESSE J. HOLLAND ? 1 hour ago http://ap.google.com/article/ALeqM5g9PKo1Dr67gVSZWb-B4tOfMvmgDwD90D626G0 WASHINGTON (AP) ? Congress sent President Bush a bill Thursday forbidding employers and insurance companies from using genetic tests showing people are at risk of developing cancer, heart disease or other ailments to reject their job applications, promotions or health care coverage, or in setting premiums. Bush was expected soon to sign the Genetic Information Nondiscrimination Act, which lawmakers and advocates called "the first major civil rights act of the 21st century." Federal law already bans discrimination by race and gender. "Your skin color, your gender, all of those are part of your DNA," said Francis Collins, head of the National Human Genome Research Institute. "Shouldn't the rest of your DNA also fall under that protective umbrella?" Researchers supported the bill because Americans have been refusing to take genetic tests or have been using false names and paying cash because they didn't want the information used against them by their employer or insurance company, Collins said. The bill would prohibit health insurance companies from using genetic information to set premiums or determine enrollment eligibility. Similarly, employers could not use genetic information in hiring, firing or promotion decisions. A 2001 study by the American Management Association showed that nearly two-thirds of major U.S. companies require medical examinations of new hires. Fourteen percent conduct tests for susceptibility to workplace hazards, 3 percent for breast and colon cancer, and 1 percent for sickle cell anemia, while 20 percent collect information about family medical history. In the 1970s, several insurers denied coverage to blacks who carried the gene for sickle cell anemia. The Lawrence Berkeley National Laboratory in California secretly tested workers for sickle cell trait and other genetic disorders from the 1960s through 1993; workers were told it was routine cholesterol screening. In another incident, Burlington Northern and Santa Fe Railway Co. paid 36 employees $2.2 million in 2002 to settle a lawsuit in which the workers claimed the company sought to genetically test them without their knowledge after they had submitted work-related injury claims. The railroad denied that it violated the law or engaged in discrimination. "Health insurance plans are committed to protecting the privacy of patients while ensuring that they have continued access to high quality health care services in the emerging field of genetic medicine," said Karen Ignagni, president and CEO of America's Health Insurance Plans, a national association representing nearly 1,300 companies providing health insurance coverage to more than 200 million Americans. "This legislation advances this principle." The House voted 414-1 for the legislation Thursday, a week after it passed the Senate on a 95-0 vote. The only member of Congress to vote against the bill was Rep. Ron Paul, R-Texas. "Because of the federal government's poor record in protecting privacy, I do not believe the best way to address concerns about the misuse of genetic information is through intrusive federal legislation," Paul said. Increased genetic testing makes it more likely researchers will come up with early, lifesaving therapy for a wide range of diseases with hereditary links such as breast and prostate cancer, diabetes, heart disease and Parkinson's disease, lawmakers said. Genetic testing also will help doctors catch problems early, perhaps leading to preventive treatment and lower medical costs. Once the president signs the bill, people "should do it and get it done right away," said Rep. Louise Slaughter, D-N.Y. The bill "guarantees that no one will be denied health insurance or fired from a job because of a genetic test," said Sen. Edward Kennedy, D-Mass. "We will never unlock the great promise of the Human Genome Project if Americans are too afraid to get genetic testing," said Rep. Judy Biggert, R-Ill., who sponsored the bill along with Slaughter. Each person probably has six or more genetic mutations that place them at risk for some disease, according to the National Human Genome Research Institute. That does not means that a disease will develop, researchers said, just that the person is more likely to get it than someone without the genetic mutation. Congressional efforts to set federal standards to protect people from genetic discrimination go back more than a decade, to a time when there were only a small number of genetic tests. But now, with the mapping of the human genome in 2003, people have access to far more information about their hereditary disposition to such crippling afflictions as cystic fibrosis, Huntington's disease or Lou Gehrig's disease. According to National Human Genome Research Institute, 41 states already have enacted legislation related to genetic discrimination in health insurance and 31 states adopted laws regarding genetic discrimination in the workplace. There has never been a federal law, although then-President Clinton issued an executive order early in his administration to prohibit the federal government ? the nation's largest employer ? from demanding that employees undergo any sort of genetic test or from considering a person's genetic information in hiring or promotion decisions. The bill number is H.R. 493. On the Net: * For bill text: http://thomas.loc.gov * Frequently asked questions about genetic testing: http://www.genome.gov/19516567 From rforno at infowarrior.org Fri May 2 01:55:46 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 01 May 2008 21:55:46 -0400 Subject: [Infowarrior] - EFF Guidance on Border Laptop Protection Message-ID: May 1st, 2008 Protecting Yourself From Suspicionless Searches While Traveling Posted by Jennifer Granick http://www.eff.org/deeplinks/2008/05/protecting-yourself-suspicionless-searc hes-while-t The Ninth Circuit's recent ruling (pdf) in United States v. Arnold allows border patrol agents to search your laptop or other digital device without limitation when you are entering the country. EFF and many civil liberties, travelers? rights, immigration advocacy and professional organizations are concerned that unfettered laptop searches endanger trade secrets, attorney-client communications, and other private information. These groups have signed a letter asking Congress to hold hearings to find out what protocol, if any, Customs and Border Protection (CBP) follows in searching digital devices and copying, storing and using travelers? data. The letter also asks Congress to pass legislation protecting travelers? laptops and smart phones from unlimited government scrutiny. If privacy at the border is important to you, contact Congress now and ask them to take action! In the meantime, how can international travelers protect themselves at the U.S. border, short of leaving their laptops and iPhones at home? Many travelers practice security through obscurity. They simply hope that no border agent will rummage through their private data. Too many people enter the country each day for agents to thoroughly search every device that crosses the border, and there is too much information stored on most devices for agents to find the most revealing and confidential tidbits. But for travelers who may be targeted based on their celebrity, race or other distinguishing factor, obscurity is not an option. As last week's news that Microsoft is giving away forensic tools that can quickly search an entire hard drive on a USB ?thumb drive? shows, it won't be long before customs agents can efficiently perform a thorough search on every machine. So long as there are no protocols or oversight for these searches, every traveler's personal information is at risk. Encryption is one (imperfect) answer. If you encrypt your hard drive with strong crypto, it will be prohibitively expensive for CBP to access your confidential information. This answer is imperfect for two reasons?one is practical, the other is technological. Practically, the government has not disclosed CBP's laptop search practices, despite our Freedom of Information Act lawsuit for these documents. We don't know what a border patrol agent will do when confronted with an encrypted machine. One possibility is that the agent will simply give up and let the traveler pass with her belongings. Other possibilities are that the agent will turn the traveler and her machine away at the border, or that he will seize the laptop and allow the traveler to continue on. I suspect that on most occasions, CBP agents confronted with encrypted or password-protected data tell the owner to enter the password or get turned away, and the owner, eager to continue her voyage or to return home, simply complies. If you don't want to comply, CBP cannot force you to decrypt your data or give over your password. Only a judge can force you to answer questions, and then only if the Fifth Amendment does not apply. While no Fifth Amendment right protects the data on your laptop or phone, one federal court has held that even a judge cannot force you to divulge your password when the act of revealing the password shows that you are the person with access to or control over potentially incriminating files. See In re Boucher, 2007 WL 4246473 (D. Vt. November 29, 2007). If, however, you don't respond to CBP?s demands, the agency does have the authority to search, detain, and even prohibit you from entering the county. CBP has more authority to turn non-citizens away than it does to exclude U.S. persons from entering the country, but we don't know how the agents are allowed to use this authority to execute searches or get access to password protected information. CBP also has the authority to seize your property at the border. Agents cannot seize anything they like (for example, your wedding ring), but we do not know what standards agents are told to follow to determine whether they can and should take your laptop but let you by. Technologically, encryption is imperfect because even strong crypto can be cracked when someone obtains the keys. Border agents can demand the keys from travelers unwilling to face seizure or detention. Agents may also be able to extract and use keys that are stored on the machine itself. Generally, if you keep your keys with the laptop, in your head or on your disk, then the encryption is easier to socially engineer or break than if you keep the keys elsewhere. (Discussion of what encryption techniques to use or avoid is beyond the scope of this post.) Encryption aside, there may be other ways you can show CBP that your laptop is indeed a normal computer and that you mean no harm while keeping confidential information from prying eyes. Most operating systems let users to create multiple accounts on a single machine. A traveler could allow CBP to examine his own account, while storing client data or trade secrets in a separate account ?owned? by his law firm or corporation. Under typical border search circumstances, this might satisfy CBP concerns. However, simply storing information in a different account?even one protected by a password?is not the same as encrypting it. If CBP is interested, the most commonly used forensic search tools can access and search non-encrypted data in every account on the machine. Law firms, corporations and other entities that routinely deal with confidential information are handing their business travelers forensically clean laptops loaded with only what the traveler needs for that particular business trip. Leaving unnecessary data, like five years of email, behind may be the best thing. Of course, if trade secrets or client information are the reason for the trip, this plan will not help. Another option is to bring a clean laptop and get the information you need over the internet once you arrive at your destination, send your work product back, and then delete the data before returning to the United States. Historically, the Foreign Intelligence Surveillance Act (FISA) generally prohibited warrantless interception of this information exchange. However, the Protect America Act amended FISA so that surveillance of people reasonably believed to be located outside the United States no longer requires a warrant. Your email or telnet session can now be intercepted without a warrant. If all you are concerned about is keeping border agents from rummaging through your revealing vacation photos, you may not care. If you are dealing with trade secrets or confidential client data, an encrypted VPN is a better solution. Finally, however useful these techniques might be to protect laptops, travelers do not have this array of options for protecting data stored on less configurable smart phones. Of course, many phones do have a lock or password protection option, which travelers might consider enabling before heading to the airport. In sum, while you must submit yourself and your electronic devices to warrantless and suspicionless searches at the border, you are not legally obligated to decrypt information or reveal passwords. However, if you fail to do so, the border agents may detain or search you, or even seize the device. There are no options that provide perfect privacy protection, but there are some options that reduce the likelihood that a legitimate international traveler's confidential information will be subjected to arbitrary and capricious examination. Example Security Precaution Attorney Alice needs to have confidential attorney-client privileged information overseas. Before departure, she removes unnecessary information, encrypts her hard drive with strong crypto and sets up a login for a protected account and a travel account on her computer. To access the confidential data, one would need to first login to the protected account, and then open the encrypted files. Only Alice?s employer (The Law Offices of Bob) knows the passwords to the account and encrypted data, and keeps them secret until Alice arrives at her destination. Bob then sends the passwords to Alice in an encrypted email message. From rforno at infowarrior.org Fri May 2 11:38:10 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 May 2008 07:38:10 -0400 Subject: [Infowarrior] - Today's Geek Moment of Zen Message-ID: This merger just baffles the mind......not to mention the flower industry is suffering like most other 'luxury' retailers because of the economic downturn not just because they're on the Internet...........--rf United Online to Say It With Flowers Robert McMillan, IDG News Service Wednesday, April 30, 2008 5:30 PM PDT http://www.pcworld.com/businesscenter/article/145364/united_online_to_say_it _with_flowers.html Take note, Microsoft: There may be better ways to diversify your business than by wooing Web 2.0 companies such as Yahoo. Internet service provider United Online -- the owner of NetZero and Juno -- plans to get into the flower business. On Wednesday, it said it would pay about US$456 million in stock and cash to acquire FTD Group, the company that provides flowers and related services to about 20,000 retailers in the U.S., Canada, the U.K. and Ireland. The deal makes sense because the flower market is "experiencing significant growth in the Internet sector," and United will be able to drive its 50 million existing customers to FTD's Web sites, the two companies said in a joint statement. United's NetZero and Juno online businesses will account for less than 25 percent of all revenue under the deal. United is thinking of including FTD products in its MyPoints.com customer loyalty service, which the company acquired in 2006. But FTD will continue to operate from its existing headquarters in Downers Grove, Illinois, as a wholly owned subsidiary of United. The deal is expected to close by the end of September 2008, pending the approval of FTD stockholders. Investment firms holding about 32 percent of FTD shares have agreed to the acquisition. From rforno at infowarrior.org Fri May 2 11:44:46 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 May 2008 07:44:46 -0400 Subject: [Infowarrior] - Announcement: DHS Privacy Compliance Meeting Message-ID: 1 May 2008 [Federal Register: May 1, 2008 (Volume 73, Number 85)] [Notices] [Page 24078-24079] >From the Federal Register Online via GPO Access [wais.access.gpo.gov] [DOCID:fr01my08-59] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF HOMELAND SECURITY Office of the Secretary Public Workshop: Privacy Compliance Fundamentals--PTAs, PIAs, and SORNs AGENCY: Privacy Office, Department of Homeland Security (DHS). ACTION: Notice announcing public workshop. ----------------------------------------------------------------------- SUMMARY: The Department of Homeland Security Privacy Office will host a public workshop, ``Privacy Compliance Fundamentals--PTAs, PIAs, and SORNs.'' DATES: The workshop will be held on May 23, 2008, from 9 a.m. to 4:30 p.m. ADDRESSES: The workshop will be held in the auditorium at the DHS Offices at the GSA Regional Headquarters Building located at 7th and D Streets, SW., Washington, DC, 20024. FOR FURTHER INFORMATION CONTACT: Tamara Baker, Privacy Office, Department of Homeland Security, Washington, DC 20528; by telephone 703-235-0780; by facsimile 703-235-0442; or by e-mail at privacyworkshop at dhs.gov. SUPPLEMENTARY INFORMATION: The Department of Homeland Security (DHS) Privacy Office is holding a public workshop that will provide in-depth training on the privacy compliance process at DHS, and specifically how to write privacy impact assessments (PIAs) [[Page 24079]] and systems of records notices (SORNs). A case study will be used to illustrate a step-by-step approach to researching, preparing, and writing these documents. The workshop will highlight the Privacy Impact Assessments: Official Guidance and introduce the System of Records Notices: Official Guidance for DHS. The workshop is open to the public and there is no fee for attendance. Registration and Security: In order to facilitate security requirements of the GSA facility, attendees must register in advance for this workshop. Registration closes at 9 a.m., Monday, May 19, 2008. To register, please send an e-mail to privacyworkshop at dhs.gov, with the name of the workshop (``Privacy Compliance Fundamentals--PTAs, PIAs, and SORNs'') in the subject line, and your full name and organizational affiliation in the body of the email. Alternatively, you may call 703- 235-0780 to register and to provide the Privacy Office with your full name and organizational affiliation. All attendees who are employed by a federal agency will be required to show their federal agency employee photo identification badge to enter the building. Attendees who do not possess a federal agency employee photo identification badge will need to show a form of government-issued photo identification, such as a driver's license, in order to verify their previously-provided registration information. This is a security requirement of the facility. The Privacy Office will only use your name for the security purposes of this specific workshop and to contact you in the event of a change to the workshop. Special Assistance: Persons with disabilities who require special assistance should indicate this in their admittance request and are encouraged to identify anticipated special needs as early as possible. John W. Kropf, Acting Chief Privacy Officer, Department of Homeland Security. [FR Doc. E8-9519 Filed 4-30-08; 8:45 am] BILLING CODE 4410-10-P From rforno at infowarrior.org Fri May 2 16:35:36 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 02 May 2008 12:35:36 -0400 Subject: [Infowarrior] - Telcos, WH collaborated on domestic surveillance lobbying Message-ID: Just Between Us Telecoms and the Bush administration talked about how to keep their surveillance program under wraps. Michael Isikoff and Mark Hosenball Newsweek Web Exclusive Updated: 6:09 PM ET Apr 30, 2008 http://www.newsweek.com/id/134930/output/print The Bush administration is refusing to disclose internal e-mails, letters and notes showing contacts with major telecommunications companies over how to persuade Congress to back a controversial surveillance bill, according to recently disclosed court documents. The existence of these documents surfaced only in recent days as a result of a Freedom of Information Act lawsuit filed by a privacy group called the Electronic Frontier Foundation. The foundation (alerted to the issue in part by a NEWSWEEK story last fall) is seeking information about communications among administration officials, Congress and a battery of politically well-connected lawyers and lobbyists hired by such big telecom carriers as AT&T and Verizon. Court papers recently filed by government lawyers in the case confirm for the first time that since last fall unnamed representatives of the telecoms phoned and e-mailed administration officials to talk about ways to block more than 40 civil suits accusing the companies of privacy violations because of their participation in a secret post-9/11 surveillance program ordered by the White House. At the time, the White House was proposing a surveillance bill?strongly backed by the telecoms?that included a sweeping provision that would grant them retroactive immunity from any lawsuits accusing the companies of wrongdoing related to the surveillance program. Although a version of this proposal has passed the Senate, it has so far been blocked in the House by Democrats who are demanding greater public disclosure about the scope of the administration's post-9/11 surveillance of individuals inside the United States. Negotiations between House Democrats, the Senate and administration representatives over a possible compromise have made little progress so far. Capitol Hill officials now say Congress may not get around to final action on new surveillance legislation until right before a one-year temporary law expires in August?right before the presidential nominating conventions. The recent responses in the Electronic Frontier Foundation lawsuit provide no new information about the administration's controversial post-9/11 electronic surveillance program itself, but they do shed some light on the degree of anxiety within the telecom industry over the litigation generated by the carriers' participation in the secret spying. One court declaration, for example, confirms the existence of notes showing that a telecom representative called an Office of Director of National Intelligence (ODNI) lawyer last fall to talk about "various options" to block the lawsuits, including "such options as court orders and legislation." Another declaration refers to a letter and "four fax cover sheets" exchanged between the telecoms and ODNI over the surveillance matter. Yet another discloses e-mails in which lawyers for the telecoms and the Justice Department "seek or discuss recommendations on legislative strategy." The declarations were filed in court by government lawyers only after U.S. Judge Jeffrey White in San Francisco, who is overseeing the case, ordered them to fully process the Electronic Frontier Foundation's FOIA request for documents showing lobbying contacts by the telecoms. The government initially resisted even responding to the FOIA request, but White found that disclosure was in the public interest because it "may enable the public to participate meaningfully in the debate over" the pending surveillance legislation. But while complying with the judge's order to confirm the existence of some documents, administration officials have told the judge they cannot actually disclose the documents themselves, in part because to do so would undermine national security. Even to confirm the identity of any of the carriers with whom administration officials have discussed the surveillance issue would implicitly identify the carriers that participated in the program and therefore "would provide our adversaries with a road map" that would help them thwart surveillance against them, according to a court declaration filed by Lt. Gen. Ronald L. Burgess, director of the ODNI's intelligence staff. Spokesmen for the Justice Department and ODNI today declined comment to NEWSWEEK on the grounds that neither agency will talk about pending litigation. The revelation of the existence of the documents comes at a time when Congress is bracing for what is expected to be a grueling summerlong debate over the surveillance measure. Administration officials say that unless Congress acts by this summer, existing court orders permitting surveillance of suspected overseas terrorists will expire, threatening the U.S. government's ability to keep track of potential plots against the homeland. If new legislation is not enacted before the current stop-gap law expires, Republicans may try to use this as an election issue against Democrats. The debate over a new surveillance authorization is likely to be complicated by figures showing sharp increases in the government's electronic eavesdropping on U.S. citizens. One report filed with the office of the administrator of the U.S. Courts shows that standard wiretaps approved by federal and state courts jumped 20 percent last year, from 1,839 in 2006 to 2,208 in 2007. Later this week another report is expected to also show increases in secret wiretaps and break-ins approved by the Foreign Intelligence Surveillance Court (FISC) in terror and espionage cases. But even these secret wiretaps and break-ins?estimated to be about 2,300?tell only part of the story. They don't include other secret methods the government uses to collect personal information on U.S. citizens. URL: http://www.newsweek.com/id/134930 ? 2008 From rforno at infowarrior.org Sat May 3 13:38:55 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 03 May 2008 09:38:55 -0400 Subject: [Infowarrior] - Pentagon launches foreign news websites Message-ID: Pentagon launches foreign news websites By Peter Eisler, USA TODAY http://www.usatoday.com/news/military/2008-04-30-sites_N.htm WASHINGTON ? The Pentagon is setting up a global network of foreign-language news websites, including an Arabic site for Iraqis, and hiring local journalists to write current events stories and other content that promote U.S. interests and counter insurgent messages. The news sites are part of a Pentagon initiative to expand "Information Operations" on the Internet. Neither the initiative nor the Iraqi site, www.Mawtani.com, has been disclosed publicly. At first glance, Mawtani.com looks like a conventional news website. Only the "about" link at the bottom of the site takes readers to a page that discloses the Pentagon sponsorship. The site, which has operated since October, is modeled on two long-established Pentagon-sponsored sites that offer native-language news for people in the Balkans and North Africa. Journalism groups say the sites are deceptive and easily could be mistaken for independent news. "This is about trying to control the message, either by bypassing the media or putting your version of the message out before others (and) ? there's a heavy responsibility to let people know where you're coming from," says Amy Mitchell, deputy director at the Project for Excellence in Journalism. A disclosure on a separate page "isn't something most people coming to the site are likely to see." Pentagon officials say the sites are a legitimate and necessary way to promote U.S. policy goals and counter the messages of political and religious extremists. They also note that the United States and its allies have been outgunned in the battle to get information to audiences in Iraq and elsewhere. "It's important to ? engage these foreign audiences and inform," says Michael Vickers, the assistant secretary of Defense in charge of special operations and stabilization efforts. "Our adversaries use the Internet to great advantage, so we have the responsibility of countering (their messages) with accurate, truthful information, and these websites are a good vehicle." The Mawtani site is named for the Iraqi national anthem and means "my homeland." It is available in Arabic, Farsi and Urdu ? but not in English ? and is supervised by the Pentagon's Iraq command. The U.S. Southern Command is building a similar site for Latin American audiences. The Pacific Command, which covers Asia, is interested in setting up a news site, says Navy Lt. Cmdr. Amy Derrick-Frost, a spokeswoman. 'True in fact and intent' In a memo last summer, Deputy Defense Secretary Gordon England told all regional commanders that developing such sites was "an essential part of (their) responsibility ? to shape the security environment in their respective areas." The previously unreleased memo, provided by the Pentagon at USA TODAY's request, directed that all site content be "accurate and true in fact and intent." Content for the news sites is written by local journalists hired to write stories that fit the Pentagon's goals for the sites, such as promoting democracy, security, good government and the rule of law. Military personnel or contractors review the stories to ensure they are consistent with those goals. Reporters are paid only for work that is posted to the sites. A recent edition of Mawtani.com featured a story on Iraqi leaders decrying Iranian sponsorship of insurgent groups, as well as coverage of Iraqi-U.S. efforts to restore order in strife-torn Sadr City. Vickers says sponsorship disclosures on Mawtani.com and other Pentagon-run news sites are clear. "Is this propaganda? No," he says. "It's intended to counter extremist propaganda ? with truth." The new websites follow the Pentagon's launch last year of a "Trans Regional Web Initiative" expected to lead to "a minimum of six" news sites run by military commands around the globe, according to a Special Operations Command notice for contractors interested in running the sites. The initiative has its roots in the Balkans, where U.S. commanders set up a website in 1999 to rebut then-Yugoslavian president Slobodan Milosevic's nationalist rhetoric in the Kosovo conflict. In 2002, it became a news site, employing local reporters, and hundreds of thousands of people turn to the Southeast European Times for news on politics, culture, sports or weather in 10 languages. Neither that site nor those being set up are allowed to accept ads. They're not about profit; they're about shaping perceptions. "Youngsters on the street are into the World Wide Web ? that's how they communicate, how they learn what's going on in the world, how they stay informed ? and they pick and choose what (news sources) they have on their desktop," says Army Col. Jerry O'Hara, spokesman for the Pentagon's Iraq command. "We have to be involved in that in order to communicate effectively." Moving past leaflets It wasn't long ago that the military's approach to Information Operations focused largely on dropping leaflets behind enemy lines or broadcasting messages over loudspeakers. Those tactics can't draw the audience of a news website, where a story on a local soccer team might be the hook that gets readers to click on another story about, say, U.S. troops rebuilding a school. The success of the Pentagon's news sites will ride on whether they're seen as credible outlets or propaganda vehicles, says Franklin Kramer, a former assistant Defense secretary and, until last year, a fellow at National Defense University. "In some parts of the world, it's just important to have a reliable, steady source of news ? and being straightforward and truthful is the best way to have a long-term impact," Kramer says. "I think most (users) know these are Defense Department sites ? they really don't hide it at all ? and the audience is going to decide for itself whether it trusts the source." For decades, influencing foreign audiences has been the purview of Voice of America, the U.S. radio and TV service. VOA is under the Broadcasting Board of Governors, an eight-member, presidentially appointed board that oversees all U.S. foreign-language broadcasts, including Radio Sawa and Al Hurra television in the Middle East. Previous Pentagon information efforts have attracted controversy. In 2005, members of Congress chastised the Pentagon over a program that paid for the placement of favorable stories in the Iraqi press. The practice could "erode the independence of Iraqi media," said Sen. John Warner, R-Va., who then chaired the Senate Armed Services Committee. The Pentagon stopped the program. Last month, The New York Times reported how the Pentagon was giving secret briefings and guidance to former Defense officials who are paid by television news outlets for independent analysis. Sen. Carl Levin, D-Mich., has asked for a Pentagon investigation. The websites suggest a pattern of Pentagon efforts to promote its agenda by disseminating information through what appear to be independent outlets, says Marvin Kalb, a fellow at Harvard University's Joan Shorenstein Center on the Press, Politics and Public Policy. "This is deliberate deception, and it's bad ? (because) it weakens the image of journalism as an objective bystander," Kalb says, noting that many of the Pentagon's intended audiences live in a world where they expect the government to control their news. "We're the exception, and unfortunately, we begin to look more and more like the rest of the world when we do this sort of thing." Find this article at: http://www.usatoday.com/news/military/2008-04-30-sites_N.htm From rforno at infowarrior.org Sat May 3 13:59:10 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 03 May 2008 09:59:10 -0400 Subject: [Infowarrior] - Senate presses DHS on secret cybersecurity plan Message-ID: What's Up with the Secret Cybersecurity Plans, Senators Ask DHS By Ryan Singel EmailMay 02, 2008 | http://blog.wired.com/27bstroke6/2008/05/senate-panel-qu.html The government's new cyber-security "Manhattan Project" is so secretive that a key Senate oversight panel has been reduced to writing a letter to beg for answers to the most basic questions, such as what's going on, what's the point and what about privacy laws. The Senate Homeland Security committee wants to know, for example, what is the goal of Homeland Security's new National Cyber Security Center. They also want to know why it is that in March, DHS announced that Silicon Valley evangelist and security novice Rod Beckstrom would direct the center, when up to that point DHS said the mere existence of the center was classified. Those are just two sub-questions out of a list of 17 multi-part questions centrist Sens. Joe Lieberman (I-Connecticut) and Susan Collins (R-Maine) sent to DHS in a letter Friday. In fact, although the two say they asked for a briefing five months ago on what the center does, DHS has yet to explain its latest acronym. The panel, noted it was pleased with the new focus on cyber security, but questioned Homeland Security's request to triple the center's cyber-security budget to about $200 million. They cited concerns about the secrecy around the project, its reliance on contractors for the operation of the center and lack of dialogue with private companies that specialize in internet security. That center is just one small part of the government's new found interest in computer security, a project dubbed the Comprehensive National Cybersecurity Initiative, which has been rumored to eventually get some $30 billion in funding. Little is known about the initiative since it was created via a secret presidential order in January, though the Washington Post reports that portions of it may be made public soon. We are also concerned that the lack of information about the CNCI being provided to the public, other agencies, and private entities that conduct business with the government might be creating confusion and concern about the initiative. Given the broad nature and goals of this initiative, agencies may be less likely to plan for their future information technology needs, fearing that systems they purchase might not comply with the initiative. Similarly, industry will be less likely to do business with the government given the uncertainty about future technical requirements. Additionally, the public, of course, must be reassured that efforts to secure cyber networks will be appropriately balanced with respect for privacy and civil liberties. Why might citizens be worried about privacy and civil liberties? Consider that the whole initiative appears to have been launched after the Director of National Intelligence told the President Bush that a cyber attack might wreak as much economic havoc as 9/11 did. Consider that the NSA, which currently protects classified networks, wants to expand into protecting all non-classified federal government networks. Consider that Congress is set to legalize the NSA's monitoring rooms in the nation's phone and internet infrastructure. For its part, the FBI says it also needs access to the internet's backbone, while the Air Force is hyping its own efforts at cyber defense and offense. Meanwhile, THREAT LEVEL's sister blog Danger Room reports that DARPA is getting in on the hot cyber-action, with a project to make a fake internet to develop new cyber attacks and defenses. It's been said many times that if the government knew what the internet was going to become when it grew up, they would had never let it out of the lab. Now it seems the only question is whether the government will be able to turn the net into a controllable, monitorable and trackable pre-internet AOL-type service or whether the chaotic net will live on as just another frontier for the military-industrial complex to start an arm's race and rake in billions of government dollars. From rforno at infowarrior.org Sat May 3 14:01:13 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 03 May 2008 10:01:13 -0400 Subject: [Infowarrior] - Groups warn travelers to limit laptop data Message-ID: Groups warn travelers to limit laptop data Robert Lemos, SecurityFocus 2008-05-02 http://www.securityfocus.com/news/11516?ref=rss A recent federal district court ruling upholding seizures of electronic devices, such as laptops and iPhones, at the U.S. border has traveler- and civil-rights organizations worried that personal and sensitive data could be put at risk. On Thursday, almost three dozen organizations -- including civil-rights advocates, academic groups, and religious and minority groups -- sent an open letter to four congressional committees, asking that their members consider legislation to "protect all Americans against suspicionless digital border inspections." The letter came ten days after a federal appeals court in the Central District of California ruled that border agents could search laptops without reasonable suspicion of illegal activity. The appeals court overturned a lower court's ruling that stated the evidence of such searches would not be admissible in court. While the case in question involved the discovery of what investigators believe is illicit pornography, the ability to search any person's computer, personal digital assistants or cell phones violates the protections against "unreasonable searches" contained in the Fourth Amendment of the U.S. Constitution, the letter argued. "In a free country, the government cannot have unlimited power to read, seize, store and use all information on any electronic device carried by any traveler entering or leaving the nation," the signatories stated in the letter. The level of surveillance by the United States government has become an increasing worry to civil-rights advocates as well as professional, minority and religious groups that believe their members could be targeted. As part of its "War on Terror," the Bush Administration has instituted a program to eavesdrop on Internet and phone communications, an initiative that violates the Foreign Intelligence Surveillance Act (FISA) and has become the focus of a battle in Congress to craft a new law to govern such wiretapping. In the latest battle, 34 organizations and seven technologists have asked both the Judiciary and Homeland Security Committees in the U.S. House of Representatives and the U.S. Senate to consider legislation that would limit digital border searches and make the process and conditions for such searches more open. The Electronic Frontier Foundation, a digital-rights group and one of the sponsors of the letter, has requested information on the conditions that would trigger a digital search by border agents. "We don't really know what the Department of Homeland Security's procedures and practices are here," said Marcia Hofman, a staff attorney with the EFF. "And the courts are not holding them accountable. That's why we want Congress to step in." The case at the heart of the debate concerns whether evidence from the July 2005 search of a laptop owned by then-43-year-old Michael Arnold can be used by prosecutors. Returning from a three-week trip from the Philippines, Arnold was stopped by customs agents in Los Angeles International Airport and asked to show that his laptop was functioning, according to court filings. When custom agents inspected the computer, they found two folders on the desktop labeled "Kodak Pictures" and "Kodak Memories." Perusing through the files in those folders, the agents found pictures of two nude women and decided to conduct a more thorough investigation, which turned up suspected child pornography. Arnold filed a motion to suppress the evidence. A federal district court in Los Angeles agreed with the defendant that the search had been unreasonable. However, in April, the U.S. Court of Appeals for the Ninth Circuit overturned the lower courts ruling and allowed the evidence from the search. In their ruling, the three-judge panel likened the process to a previous case where a cursory search of a van at the Canadian border revealed video camera that contained footage of a tennis match focusing "excessively on a young ball boy." A further search of the van found several photo albums depicting suspected child pornography, according to court documents. While the search led to grim evidence of an alleged crime, the letter's signatories argued that the power of unregulated digital searches will be abused. The ruling has worried international workers, whose laptops may contain proprietary company information, financial data or sensitive records. The Association of Corporate Travel Executives, one of the letter's signers, recommended that workers not use their personal laptops for international travel and limit the amount of proprietary and personal data stored on any notebook computer taken across borders. "In a time of heightened international security, it will take a brave Congress to rule that parties may not be subject to suspicionless searches," Susan Gurley, the executive director of ACTE, said in a statement. Other organizations that signed the letter included the American Association of University Professors, the Multiracial Activist, Muslim Advocates and the Republican Liberty Caucus. Following the ruling, there is nothing preventing authorities from a more comprehensive search program, said Fred Schneider, a privacy and security expert and professor of computer science at Cornell University. "There is a drift in this country toward more surveillance and less civil liberties, and it is eroding step-by-step," Schneider said. "More people might complain if they were searching people at the Lincoln Tunnel, and I don't see how this case is different from that." The Electronic Frontier Foundation argues that searches of electronic devices at the border will likely only become more frequent, as forensics tools get significantly better. This week, Microsoft announced a set of software tools that fits on a USB drive and gives law enforcement officers the ability to run more than hundred commands quickly and automatically. "It won't be long before customs agents can efficiently perform a thorough search on every machine," Jennifer Granick, civil liberties director at the EFF, said in a discussion of the impact of the ruling. "So long as there are no protocols or oversight for these searches, every traveler's personal information is at risk." Encrypting the hard drive, having a separate account on the PC owned by the worker's company, or traveling with a clean laptop and using an encrypted VPN to access data are all possibilities, Granick said. As an example of the difficulty that unregulated searches add to international travel, Granick uses a hypothetical "Alice," an attorney. "Attorney Alice needs to have confidential attorney-client privileged information overseas," she wrote. "Before departure, she removes unnecessary information, encrypts her hard drive with strong crypto and sets up a login for a protected account and a travel account on her computer. To access the confidential data, one would need to first login to the protected account, and then open the encrypted files. Only Alice?s employer (The Law Offices of Bob) knows the passwords to the account and encrypted data, and keeps them secret until Alice arrives at her destination. Bob then sends the passwords to Alice in an encrypted email message." Yet, Granick's discussion is peppered with uncertainty. Because the U.S. government has not complied with requests for more information through the Freedom of Information Act (FOIA), the attorney cannot make any strong recommendations. "There are no options that provide perfect privacy protection, but there are some options that reduce the likelihood that a legitimate international traveler's confidential information will be subjected to arbitrary and capricious examination," she wrote. From rforno at infowarrior.org Sun May 4 05:21:04 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 May 2008 01:21:04 -0400 Subject: [Infowarrior] - Hundreds of Laptops Missing at State Department Message-ID: <5DD8A623-0C4D-4B99-8BEB-74B1C76E1411@infowarrior.org> Hundreds of Laptops Missing at State Department, Audit Finds By Jeff Stein, CQ National Security Editor http://www.cqpolitics.com/wmspage.cfm?docID=hsnews-000002716318 Hundreds of employee laptops are unaccounted for at the U.S. Department of State, which conducts delicate, often secret, diplomatic relations with foreign countries, an internal audit has found. As many as 400 of the unaccounted for laptops belong to the department?s Anti-Terrorism Assistance Program, according to officials familiar with the findings. The program provides counterterrorism training and equipment, including laptops, to foreign police, intelligence and security forces. Ironically, the Anti-Terrorism Assistance Program is administered by the State Department?s Bureau of Diplomatic Security (DS), which is responsible for the security of the department?s computer networks and sensitive equipment, including laptops, among other duties. It also protects foreign diplomats during visits here. DS officials have been urgently dispatching vans around the bureau?s Washington-area offices to collect and register employee laptops, said department sources who could not speak on the record for fear of being fired. The inventory sometimes strips DS investigators of their laptops for ?days, or weeks,? they said. The State Department?s Inspector General launched an audit of the equipment about three months ago. Only the first stage, or inventory of equipment, has been completed. A State Department official referred all questions regarding laptop losses to the Inspector General. A senior IG official, asking not to be identified, said he could ?not comment on ongoing work.? Nita M. Lowey , D-N.Y., who heads a House Appropriations subcommittee that oversees State Department operations, said she was concerned about the security revelations. ?The importance of safeguarding official laptops and office equipment containing sensitive information is not a new concern,? she said through a spokesman. ?I intend to review the facts about this situation.? ?Unaccounted for? does not necessarily mean the laptops have been lost. But they are ?missing? until they have been found or otherwise accounted for. Auditors found that the department had lost track of $30 million worth of equipment, according to one official, ?the vast majority of which . . . perhaps as much as 99 per cent,? was laptops. Calculating that the average State Department laptop costs $3,000, another official said, hundreds, perhaps as many as a thousand, were missing. It could not be learned how many employees have been issued laptops. On Feb. 6, the department?s Senior Assessment Team gathered at the State Department headquarters in Foggy Bottom to discuss the security of ?personal identification information.? The department?s official in charge of computer equipment, John Streufert, warned the more than two dozen officials present that the department did not have good records of its inventory. A ?significant deficiency? relating to laptops existed, Streufert said, according to a source who attended the meeting. Mark Duda, a representative of the Inspector General?s office at the meeting, warned the managers that they needed to get on top of the equipment issue before it ?blows up.? He said a scandal loomed akin to the one that engulfed the Veterans Administration in 2006, when news broke that a VA official had taken home a laptop with the personal records of 26 million veterans, where it was stolen. The official who chaired the meeting, Christopher Flaggs, the department?s deputy chief financial officer, also warned that revelation of the laptop losses could develop into a ?material weakness,? an accounting term-of-art that essentially means inventories are out of control. ?It?s the worst flaw you can have in management control,? one close observer of the State Department?s problems said. It would have to alert the White House Office of Management and Budget (OMB) and Congress. There could be hearings, headlines, camera crews on the doorstep of State Department officials. That?s what happened in 1999, when a laptop containing the names of foreign agents working for the U.S. government was stolen from the State Department. The security of laptops has vexed federal officials, as well as private industry, for years. The CIA, FBI and other national security agencies have all lost significant numbers of laptops containing sensitive information. More than a year ago, the administration?s Identity Theft Task Force warned of security vulnerabilities within the government?s Internet technology systems. In May 2007, OMB had ordered all federal departments and agencies to ?develop and implement a breach notification policy within 120 days.? Hints of the State Department?s laptop losses first surfaced March 31 in an anonymous post at an obscure Web site frequented by employees of the Bureau of Diplomatic Security, called Dead Men Working. ?We?re not talking about a missing laptop or two,? said a poster who identified himself as ?Steve.? ?A Department-wide audit found hundreds of laptops unaccounted for and identified DS, now rushing to close the barn door before the scandal really breaks, as having the laxest control of any bureau in the agency,? Steve wrote. John Naland, a retired diplomat who is president of the American Foreign Service Association, said the alleged losses were worrisome, and perplexing. ?If the missing ones might have contained classified data, this could be serious,? Naland said. ?At my last overseas post, we did not have any laptops,? Naland continued. ?But we sure did an annual serial number physical inventory of computers. Sometimes our initial count came up with discrepancies, but then we remembered that we returned one to Washington or whatever and that cleared up the paperwork discrepancy.? Jeff Stein can be reached at jstein at cq.com. CQ ? 2007 All Rights Reserved | Congressional Quarterly Inc. 1255 22nd Street N.W. Washington, D.C. 20037 | 202-419-8500 From rforno at infowarrior.org Mon May 5 13:08:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 May 2008 09:08:34 -0400 Subject: [Infowarrior] - China mounts cyber attacks on Indian sites Message-ID: China mounts cyber attacks on Indian sites 5 May 2008, 0116 hrs IST,Indrani Bagchi,TNN http://timesofindia.indiatimes.com/articleshow/msid-3010288,prtpage-1.cms NEW DELHI: China?s cyber warfare army is marching on, and India is suffering silently. Over the past one and a half years, officials said, China has mounted almost daily attacks on Indian computer networks, both government and private, showing its intent and capability. ( Watch: ?China's cyber intrusion a threat? ) The sustained assault almost coincides with the history of the present political disquiet between the two countries. According to senior government officials, these attacks are not isolated incidents of something so generic or basic as "hacking" ? they are far more sophisticated and complete ? and there is a method behind the madness. Publicly, senior government officials, when questioned, take refuge under the argument that "hacking" is a routine activity and happens from many areas around the world. But privately, they acknowledge that the cyber warfare threat from China is more real than from other countries. The core of the assault is that the Chinese are constantly scanning and mapping India?s official networks. This gives them a very good idea of not only the content but also of how to disable the networks or distract them during a conflict. This, officials say, is China?s way of gaining "an asymmetrical advantage" over a potential adversary. The big attacks that were sourced to China over the last few months included an attack on NIC (National Infomatics Centre), which was aimed at the National Security Council, and on the MEA. Other government networks, said sources, are routinely targeted though they haven?t been disabled. A quiet effort is under way to set up defence mechanisms, but cyber warfare is yet to become a big component of India?s security doctrine. Dedicated teams of officials ? all underpaid, of course ? are involved in a daily deflection of attacks. But the real gap is that a retaliatory offensive system is yet to be created. And it?s not difficult, said sources. Chinese networks are very porous ? and India is an acknowledged IT giant! There are three main weapons in use against Indian networks ? BOTS, key loggers and mapping of networks. According to sources in the government, Chinese hackers are acknowledged experts in setting up BOTS. A BOT is a parasite program embedded in a network, which hijacks the network and makes other computers act according to its wishes, which, in turn, are controlled by "external" forces. The controlled computers are known as "zombies" in the colourful language of cyber security, and are a key aspect in cyber warfare. According to official sources, there are close to 50,000 BOTS in India at present ? and these are "operational" figures. What is the danger? Simply put, the danger is that at the appointed time, these "external" controllers of BOTNETS will command the networks, through the zombies, to move them at will. Exactly a year ago, Indian computer security experts got a glimpse of what could happen when a targeted attack against Estonia shut that country down ? it was done by one million computers from different parts of the world ? and many of them were from India! That, officials said, was executed by cyber terrorists from Russia, who are deemed to be more deadlier. The point that officials are making is that there are internal networks in India that are controlled from outside ? a sort of cyberspace fifth column. Hence, the need for a more aggressive strategy. Key loggers is software that scans computers and their processes and data the moment you hit a key on the keyboard. This information is immediately carried over to an external controller ? so they know even when you change your password. Mapping or scanning networks is done as a prerequisite to modern cyber warfare tactics. MEA has a three-layered system of computer and network usage ? only the most open communication is sent on something called "e-grams". The more classified stuff uses old-economy methods ? ironically, probably the most secure though a lot more time-consuming. The same is true of other critical areas of the government. But the real gap inside the national security establishment is one of understanding the true nature of the threat. National security adviser M K Narayanan set up the National Technology Research Organization, which is also involved in assessing cyber security threats. But the cyber security forum of the National Security Council has become defunct after the US spy incident. This has scarred the Indian establishment so badly that it?s now frozen in its indecision. This has seriously hampered India?s decision-making process in cyber warfare. From rforno at infowarrior.org Tue May 6 00:12:12 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 May 2008 20:12:12 -0400 Subject: [Infowarrior] - Pentagon Wants Cyberwar Range Message-ID: <4F79033A-4EFD-4B52-8E4C-DE4FA5F1225A@infowarrior.org> Pentagon Wants Cyberwar Range to 'Replicate Human Behavior and Frailties' By Noah Shachtman EmailMay 05, 2008 | 3:07:00 PMCategories: DarpaWatch, Info War http://blog.wired.com/defense/2008/05/the-pentagons-w.html The Pentagon's way-out researchers don't just want to build an Internet simulator, to test out cyberwar tactics. They want the range's operators to "realistically replicate human behavior and frailties," too. Congress has ordered the Defense Advanced Research Projects Agency, or Darpa, to put together a National Cyber Range, as part of a massive (and massively secret) $30 billion, government-wide effort better prep for battle online. The project is now considered a top priority for the Agency. And to make sure the facility is as true-to-life as possible, Darpa wants the contractors running the Range to be able to "replicate realistic human behavior on nodes," a request for proposals, released today, reveals. Specifically, the Agency wants to have its contractors: ? Provide robust technologies to emulate human behavior on all nodes of the range for testing all aspects of range behavior. ? Replicants will produce realistic chain of events between many users without explicit scripting behavior. ? Replicants must be capable of implementing multiple user roles similar to roles found on operational networks. ? Replicant behavior will change as the network environment changes, as the replicated ?outside environment? (i.e. DoD DefCon, InfoCon, execution of war plans, etc) changes, and as network activity changes (detected attacks, degradation of services, etc). ? Replicants will simulate physical interaction with device peripherals, such as keyboard and mice. ? Replicants will drive all common applications on a desktop environments. ? Replicants will interact with authenticate systems, including but not limited to DoD authentication systems (common access cards ? CAC), identity tokens. These mock people have to be able to "demonstrate human-level behavior on 80% of all events," the Agency adds. And mimicking us flesh-and- blood types is only one of a wide array of tasks Darpa wants to see operators of the National Cyber Range, or NCR, pull off. The facility should also feature a "realistic, sophisticated, nation- state quality offensive and defensive opposition forces" that can fight military info-warriors in mock combat. Contractors have to be ready to create 10,000-node tests from government-provided "network diagrams and configuration files" in less than two hours. And those nodes can't just be computers tied into a faux Internet. The NCR's operators should be able to "integrate, replicate, or simulate" military satellite and digital radio communications, mobile ad-hoc networks, physical access control systems, U.S. and foreign "unmanned aerial vehicles, weapons, [and] radar systems" -- even "cyber cafes" and "personal digital assistances [sic]." Darpa is moving fast on the project, its first since the dawn of the space age that comes from a direct order from Congress. Although there's no money in the Agency's budget for the NCR -- yet -- Darpa has already begun reaching out to potential contractors. Proposals for the Range are due on June 30th. From rforno at infowarrior.org Tue May 6 00:13:20 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 May 2008 20:13:20 -0400 Subject: [Infowarrior] - Security Clearance 'Question 21' Eliminated Message-ID: <504E5D95-83F3-443A-B323-2AD584B170BA@infowarrior.org> Security Clearance 'Question 21' Eliminated By Sharon Weinberger EmailMay 02, 2008 | 11:06:09 AMCategories: Shhh!!! http://blog.wired.com/defense/2008/05/security-cleara.html Having been in the past investigated for a security clearance, and used as a reference for others seeking a security clearance, I can personally attest to it being a somewhat wacky process (but in the end, much, much less scary and typically not as intrusive as those outside the world of security might fear). This week, Defense Secretary Robert Gates at least made it a tad bit more sane, quite literally. As the Washington Post reports: Gates said the security question -- which he referred to as the "infamous Question 21" -- has been an obstacle to care, and he urged service members to get help for mental health problems. "You can be tough and seek help for dealing with these problems," he told reporters. The change will apply not only to military and civilian employees of the Defense Department but also to all applicants for security clearances. The new policy revises the 21st question on the SF-86 Questionnaire for National Security Positions. The revised form allows applicants to respond "no" as to whether they have sought mental health care over the past seven years, if that care was not court- ordered and was "strictly related to adjustments from service in a military combat environment." Previously, military personnel and others applying for the clearance who had sought treatment for PTSD, anxiety, depression and other reactions to combat stress had to answer "yes" and provide details of who conducted the treatment. About 2.5 million of the 3.1 million defense personnel have security clearances. Only a small percentage of applicants were denied clearances for mental health problems, military officials said. They cited data for 2006 showing that only about 75 out of 800,000 applications were rejected for that reason. Last year, a report by the Army's inspector general found that soldiers were hesitant to seek treatment because they worried about losing their security clearances. "The perception was much more an issue than the reality of the situation," said Lt. Col. Patrick Ryder, a Pentagon spokesman. In other words, Gates' decision removes a question that didn't substantively add much, if anything, to security, while encouraging people to get mental health care help they might need. The next big step could be to reform the security clearance process in a way that doesn't discourage much needed experts in Arabic language/culture to work in the world of national security. From rforno at infowarrior.org Tue May 6 02:13:10 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 May 2008 22:13:10 -0400 Subject: [Infowarrior] - Google Backs Open-source CERT Group Message-ID: <726CCBC9-2C99-4073-9A46-B0BCE5DE2728@infowarrior.org> Google Backs Open-source CERT Group Robert McMillan, IDG News Service1 hour, 2 minutes ago http://news.yahoo.com/s/pcworld/20080506/tc_pcworld/145508&printer=1;_ylt=AoQ9ZrUeNtSO4_0KHFsk5VoRSLMF Google has thrown its weight behind a fledgling security reporting group for the open-source community. The search engine giant, long a proponent of open-source software, is now one of three sponsors of oCERT, the Open Source Computer Emergency Response Team. Launched in late March, oCERT aims to be a clearinghouse for data on security vulnerabilities in open-source products, keeping open-source distributors on top of flaws and helping small software projects ensure that users of their code are aware of any issues. OCERT has published four advisories since its inception. In addition to Google, it is sponsored by Inverse Path and the Open Source Lab. There are already many national CERT efforts, which coordinate countrywide responses to security threats, but oCERT hopes to meet the unique requirements of the open-source community, where software is often re-used but patches are not always circulated to everyone who needs them. "It is my hope that this initiative will not only aid in remediating security issues in a timely fashion, but also provide a means for additional security contributions to the open source community," wrote Google's Will Drewry in a Monday post to the company's security blog. From rforno at infowarrior.org Tue May 6 15:50:05 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 May 2008 11:50:05 -0400 Subject: [Infowarrior] - Mysterious Multiplication of Copyright Complaints Message-ID: <434B99FA-084E-4147-8AD3-FEE6F472FC48@infowarrior.org> Mysterious Multiplication of Copyright Complaints http://insidehighered.com/news/2008/05/06/riaa It?d be hard to argue that Indiana University doesn?t take illegal downloading seriously. As noted on its ?Are You Legal? Web site, the university imposes a $50 fine for the first notice university officials receive from entertainment companies about a student?s alleged improper sharing of copyrighted music or video, and cuts off the student?s access to the Indiana network if he or she fails a 10- question quiz within 24 hours. The penalties ramp up from there. But Indiana officials are now discussing whether they should continue to respond to complaints from the recording industry with the same aggressiveness. It?s not that university leaders have suddenly decided that illegal behavior isn?t wrong; instead, they are beginning to question the legitimacy of the notices the Recording Industry Association of America sends accusing network users of illegally sharing music. That?s because, like many colleges and universities, officials at Indiana have seen an eye-popping increase in the number of complaints they?ve received at a time when campus administrators say they have not seen any sort of rise in traffic that would suggest more piracy. Instead, college technology experts ? lacking an explanation from industry officials for the upturn ? suspect that the recording industry has altered the standards it uses to allege illegal behavior, targeting not only instances in which computer users have actively shared music illegally, but instances in which they have stored downloaded music in a folder visible to other users, opening the way to a potential violation. That has officials at Indiana and elsewhere reconsidering how seriously they take the threats the recording industry aims at their students, which has been part of a continuing disagreement between the entertainment industries and higher education leaders over whether the recording and movie industries are disproportionately singling out college students (and their host institutions) for the broader Internet piracy problem. ?We?ve been handling the notices as allegations of actual infringement,? said Mark S. Bruhn, chief IT security and policy officer in Indiana?s Information Technology Policy Office. ?But if they are not allegations of illegal behavior, but of possible future infringement, we may wind up discarding them.? As Indiana and other institutions reported significant upturns in the number of complaints they were fielding, officials of the RIAA have been relatively silent on the matter, letting prepared statements that say little speak for them, thereby encouraging speculation like Bruhn?s. In an interview late Monday, Cary Sherman, president of the RIAA, specifically rebutted the idea that the industry had altered its criteria for going after illegal downloaders. Sherman attributed the ?phenomenal jump? in the number of complaints to a ?major change in the software and hardware? its major vendor uses to detect online infringement. Nothing about the industry?s approach changed, Sherman said: ?It?s the same procedures, the same standards, the same list of copyrighted works that we?re using.? The only changes, he said, were a more efficient software and an increased number of servers powering the industry?s searching for possible shared material. ?The Internet is a huge place, and there are millions of people connected to it,? he said. ?The amount of resources you put into sending out requests for specific files makes a difference; the more requests you make, the more you?re going to find.? He added: ?We don?t think there?s any more infringement going on. We just think there?s more detection of infringement.? In the first 20 days of April, Indiana received a total of 70 complaints directing the institution to take down illegally downloaded content. It received 70 notices alone on April 21. April 22 brought 97. The next few weekdays delivered 44, 91, 83, 72 and 58. Other universities, from major ones like the University of Michigan to smaller institutions such as Whitworth University, are also reporting significant increases in notices from recording companies. Most institutions in the Council on Institutional Cooperation, which includes the Big Ten universities and the University of Chicago, reported big rises in a recent survey, according to Bruhn. He said he and other officials at Indiana have not seen a concomitant increase in actual network traffic, and that the campus is actually emptying out as students finish their final exams and head home. That led Indiana IT administrators to seek an explanation for the dramatic upturn from contractors that the recording companies use to monitor possible illegal file sharing, and Bruhn said that one of the contractors had said that because one student had one of a record company?s songs available to other users in his or her public index of songs, the university would be receiving a DMCA notice. Entertainment industry lawyers have long maintained ? and argued in court ? that it is a copyright infringement to ?make available? illegally downloaded music or movies, even if the material is not actually shared. That has been among the battleground issues in court cases over peer to peer file sharing, and the terrain remains disputed, even though two of three relatively recent court rulings (including last month?s denial of a summary judgment in the closely watched Atlantic v. Howell case) have rejected the recording industry?s argument that making content available for possible download is just as much copyright infringement as actual dissemination of the material. That legal fight is among the factors that has Bruhn and other college officials wondering if the recording industry is altering its approach to try to buttress its political and legal standing, especially given the fact that the statistics entertainment officials have leaned on to persuade Congress to target higher education for a crackdown on downloading were acknowledged early this year to be flawed. Could the industry, they wonder, be ramping up its allegations against college students now to try to reinforce its case to the courts and to Congress that colleges are, in fact, a hotbed of illegal file sharing activity? Sherman scoffed at that notion. ?We have been asking the contractor for years to increase the computing power of its effort, and to search more to detect infringement,? he said Monday. ?We?ve had a standing request to maximize efficiency for what they do for us.... We didn?t even know they were putting a new system online.? Despite the timing, there is ?no connection whatsoever? between the upturn and either the court cases suggesting that actual infringement needs to occur for a finding of copyright violation or the perceived need for new data to show Congress that illegal file sharing is rampant on campuses, Sherman said. ?We would have preferred this uptick five years ago,? he said. ? Doug Lederman From rforno at infowarrior.org Tue May 6 20:13:30 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 May 2008 16:13:30 -0400 Subject: [Infowarrior] - CCTV boom has failed to slash crime, say police Message-ID: <8BC97E8C-6B66-4D6A-BCEA-096322979052@infowarrior.org> CCTV boom has failed to slash crime, say police * Owen Bowcott * The Guardian, * Tuesday May 6 2008 * Article history http://www.guardian.co.uk/uk/2008/may/06/ukcrime1/print This article appeared in the Guardian on Tuesday May 06 2008 on p1 of the Top stories section. It was last updated at 13:35 on May 06 2008. Massive investment in CCTV cameras to prevent crime in the UK has failed to have a significant impact, despite billions of pounds spent on the new technology, a senior police officer piloting a new database has warned. Only 3% of street robberies in London were solved using CCTV images, despite the fact that Britain has more security cameras than any other country in Europe. The warning comes from the head of the Visual Images, Identifications and Detections Office (Viido) at New Scotland Yard as the force launches a series of initiatives to try to boost conviction rates using CCTV evidence. They include: ? A new database of images which is expected to use technology developed by the sports advertising industry to track and identify offenders. ? Putting images of suspects in muggings, rape and robbery cases out on the internet from next month. ? Building a national CCTV database, incorporating pictures of convicted offenders as well as unidentified suspects. The plans for this have been drawn up, but are on hold while the technology required to carry out automated searches is refined. Link to this audio Owen Bowcott on why CCTV is catching few criminals Use of CCTV images for court evidence has so far been very poor, according to Detective Chief Inspector Mick Neville, the officer in charge of the Metropolitan police unit. "CCTV was originally seen as a preventative measure," Neville told the Security Document World Conference in London. "Billions of pounds has been spent on kit, but no thought has gone into how the police are going to use the images and how they will be used in court. It's been an utter fiasco: only 3% of crimes were solved by CCTV. There's no fear of CCTV. Why don't people fear it? [They think] the cameras are not working." More training was needed for officers, he said. Often they do not want to find CCTV images "because it's hard work". Sometimes the police did not bother inquiring beyond local councils to find out whether CCTV cameras monitored a particular street incident. "CCTV operators need feedback. If you call them back, they feel valued and are more helpful. We want to develop a career path for CCTV [police] inquirers." The Viido unit is beginning to establish a London-wide database of images of suspects that are cross-referenced by written descriptions. Interest in the technology has been enhanced by recent police work, in which officers back-tracked through video tapes to pick out terrorist suspects. In districts where the Viido scheme is working, CCTV is now helping police in 15-20% of street robberies. "We are [beginning] to collate images from across London," Neville said. "This has got to be balanced against any Big Brother concerns, with safeguards. The images are from thefts, robberies and more serious crimes. Possibly the [database] could be national in future." The unit is now investigating whether it can use software - developed to track advertising during televised football games - to follow distinctive brand logos on the clothing of unidentified suspects. "Sometimes you are looking for a picture, for example, of someone with a red top and a green dragon on it," he explained. "That technology could be used to track logos." By back-tracking, officers have often found earlier pictures, for example, of suspects with their hoods down, in which they can be identified. "We are also going to start putting out [pictures] on the internet, on the Met police website, asking 'who is this guy?'. If criminals see that CCTV works they are less likely to commit crimes." Cheshire deputy chief constable Graham Gerrard, who chairs the CCTV working group of the Association of Chief Police Officers, told the Guardian, that it made no sense to have a national DNA and fingerprint database, but to have to approach 43 separate forces for images of suspects and offenders. A scheme called the Facial Identification National Database (Find), which began collecting offenders' images from their prison pictures and elsewhere, has been put on hold. He said that there were discussions with biometric companies "on a regular basis" about developing the technology to search digitised databases and match suspects' images with known offenders. "Sometimes when they put their [equipment] in operational practice, it's not as wonderful as they said it would be, " he said. "I suspect [Find] has been put on hold until the technology matures. Before you can digitise every offender's image you have to make sure the lighting is right and it's a good picture. It's a major project. We are still some way from a national database. There are still ethical and technical issues to consider." Asked about the development of a CCTV database, the office of the UK's information commissioner, Richard Thomas, said: "CCTV can play an important role in helping to prevent and detect crime. However we would expect adequate safeguards to be put in place to ensure the images are only used for crime detection purposes, stored securely and that access to images is restricted to authorised individuals. We would have concerns if CCTV images of individuals going about their daily lives were retained as part of the initiative." The charity Victim's Voice, which supports relatives of those who have been murdered, said it supported more effective use of CCTV systems. "Our view is that anything that helps get criminals off the street and prevents crime is good," said Ed Usher, one of the organisation's trustees. "If handled properly it can be a superb preventative tool." * Print thisPrintable version * Send to a friendSend to a friend * Share thisShare * Clip thisClip * Contact usContact us * Resize font larger | smaller Share Close * Digg * reddit * Google Bookmarks * Yahoo! My Web * del.icio.us * StumbleUpon * Newsvine * livejournal * Facebook * BlinkList Email Close Recipient's email address Your name Add a note (optional) Contact us Close * Report errors or inaccuracies: reader at guardian.co.uk * Letters for publication should be sent to: letters at guardian.co.uk * If you need help using the site: userhelp at guardian.co.uk * Call the main Guardian and Observer switchboard: +44 (0)20 7278 2332 * o Advertising guide o License/buy our content UK news * Crime ? * Civil liberties * Print thisPrintable version * Send to a friendSend to a friend * Share thisShare * Clip thisClip * Contact usContact us * Article historyArticle history About this article Close This article appeared in the Guardian on Tuesday May 06 2008 on p1 of the Top stories section. It was last updated at 13:35 on May 06 2008. Share Close * Digg * reddit * Google Bookmarks * Yahoo! My Web * del.icio.us * StumbleUpon * Newsvine * livejournal * Facebook * BlinkList Email Close Recipient's email address Your name Add a note (optional) Contact us Close * Report errors or inaccuracies: reader at guardian.co.uk * Letters for publication should be sent to: letters at guardian.co.uk * If you need help using the site: userhelp at guardian.co.uk * Call the main Guardian and Observer switchboard: +44 (0)20 7278 2332 * o Advertising guide o License/buy our content Latest news on guardian.co.uk Last updated 11 minutes ago * News Cyclone death toll rises to 22,000 as Burma seeks aid * UK news Guant?namo Briton sues UK over 'torture evidence' * Sponsored features * * Guardian Jobs Browse all jobs * License/buy our content | * Privacy policy | * Terms & conditions | * Advertising guide | * Accessibility | * A-Z index | * Inside guardian.co.uk | * About guardian.co.uk | * Join our dating site today * guardian.co.uk ? Guardian News and Media Limited 2008 From rforno at infowarrior.org Wed May 7 01:24:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 May 2008 21:24:34 -0400 Subject: [Infowarrior] - FBI Raids Special Counsel Office, Seizes Records Message-ID: <98CAA6F1-0B02-4F2E-8259-045F8F3C3CEF@infowarrior.org> FBI Raids Special Counsel Office, Seizes Records by Ari Shapiro http://www.npr.org/templates/story/story.php?storyId=90223448 NPR.org, May 6, 2008 ? FBI agents on Tuesday raided the offices of Special Counsel Scott J. Bloch, who oversees protection for federal whistle-blowers. The agents seized computers and shut down e-mail service as part of an obstruction of justice probe, as first reported by NPR News. A grand jury in Washington issued subpoenas for several OSC employees, including Bloch, according to NPR sources who spoke on condition their names not be used. Bloch's home was also searched. Those developments came about on a Tuesday morning that had seemed no different from any other weekday in the Washington headquarters of the Office of Special Counsel. But at 10 a.m., the OSC's national e-mail system went down, and the FBI arrived. A half-dozen FBI agents swarmed into the OSC's Washington offices, grabbing documents and seizing computers. By 1 p.m., more than 20 agents had arrived in the agency's D.C. bureau. One official close to the investigation said that today's action was "significant" and that other field offices would also be included in the investigation. The focus of the probe appears to be Special Counsel Bloch, who was appointed by President Bush in 2004. Bloch has been a controversial figure ever since taking over the Office of Special Counsel, which, among other things, ensures that federal whistle-blowers get the protection they need. One of Bloch's first official actions was to refuse to investigate any claims of discrimination based on sexual orientation. When the news of his refusal was leaked to the press, career employees in his office say, Bloch blamed them for the leak. He retaliated, the employees said, by creating a new field office in Detroit and forcing them either to accept assignments there or resign. This morning, FBI agents in Washington took Bloch into a separate room at OSC to interview him, while additional investigators searched his office. They also arrived at his home in Alexandria, Va., with a search warrant. The Office of Personnel Management's inspector general has been looking into allegations that Bloch retaliated against career employees and obstructed an investigation. Sources close to the probe said the FBI's raid this morning was related to work the inspector general had already done. In addition to concerns about obstruction of justice, investigators are also looking into whether Bloch violated the Hatch Act, a congressional mandate that prohibits employees from using their offices for partisan political purposes. Bloch has admitted to hiring Geeks on Call ? a computer servicing company ? to purge his computer and two of his deputies' computers, sources said. But he said the computers contained a virus, which necessitated a purge. Investigators are looking into whether the purge was meant to destroy evidence related to the current investigation. OSC employees for months have called on President Bush to ask for Bloch's resignation. The White House today declined to comment on the developments, as did Bloch's lawyers and the FBI. From rforno at infowarrior.org Wed May 7 01:25:50 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 May 2008 21:25:50 -0400 Subject: [Infowarrior] - DOD Released Military Analyst Program Archive Message-ID: Military Analysts These documents were released to the New York Times regarding the Pentagon's Military Analyst program. < - > http://www.dod.mil/pubs/foi/milanalysts/ From rforno at infowarrior.org Wed May 7 01:27:56 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 May 2008 21:27:56 -0400 Subject: [Infowarrior] - Windows XP SP3 Available Message-ID: <3D531943-8FD1-4CFF-A090-FF36366EF46C@infowarrior.org> Windows XP SP3 leaps into the tubes Second verse, same as the first By Austin Modine ? More by this author Published Tuesday 6th May 2008 22:32 GMT Microsoft is giving the automatic web release of Windows XP Service Pack 3 another go today, after an eleventh hour muck-up ruined its scheduled availability last week. The truant XP service pack is ready for download via Microsoft's Download Center or alternatively, Windows Update if using Internet Explorer. Here's the ISO CD image file too for good measure while we're trolling hyperlinks. Microsoft had pulled the mass download last week when it uncovered an incompatibility issue between SP3 and its point-of-sale application, Dynamics Retail Management System (RMS). The issue in question ? and they've yet to specify what the problem is ? also affects Windows Vista SP1. http://www.theregister.co.uk/2008/05/06/windows_xp_sp3_updater_release/ From rforno at infowarrior.org Wed May 7 01:28:47 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 May 2008 21:28:47 -0400 Subject: [Infowarrior] - VeriSign receives SiteFinder patent Message-ID: <0CAEAF9D-80B9-4E82-AB3C-9657FD7D22CE@infowarrior.org> VeriSign receives SiteFinder patent by Frank Michlick in Categories: Registries As part of VeriSign?s (VRSN) 2001 purchase of eNic Corporation (operator of the .CC registry) the company became the owner of a patent application, which has now been granted on March 4th of this year under patent number 7,337,910 b2. While the original patent application, at the time written by eNic?s CEO Brian Cartmell and eNic?s CTO Jothan Frakes, was used in order to resolve and offer non-existent domain names for registration, it would also cover Verisign?s Sitefinder application, implemented in September of 2003, causing any unregistered .COM/.NET domain to resolve to a parked page. VeriSign, was ordered by ICANN to cease the practice shortly after they introduced it. The patent could potentially be used in order to request licensing fees from the operators of the .CM wildcard or DNS providers and ISPs whose nameservers respond to failed DNS queries. http://www.domainnamenews.com/registries/verisign-receives-sitefinder-patent/1559 From rforno at infowarrior.org Wed May 7 12:15:31 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 May 2008 08:15:31 -0400 Subject: [Infowarrior] - OT: The Rise of The Rest Message-ID: <59293656-3E98-47A9-A9CA-BB9010D0B4D4@infowarrior.org> Fareed Zakaria is one shrewd analyst/journalist. This is an exerpt from his well-written cover story in Newsweek this week, and is worth sharing. May 12, 2008 The Rise of the Rest It's true China is booming, Russia is growing more assertive, terrorism is a threat. But if America is losing the ability to dictate to this new world, it has not lost the ability to lead. By Fareed Zakaria http://www.fareedzakaria.com/articles/newsweek/051208.html < - > At the military and political level, we still live in a unipolar world. But along every other dimension?industrial, financial, social, cultural?the distribution of power is shifting, moving away from American dominance. In terms of war and peace, economics and business, ideas and art, this will produce a landscape that is quite different from the one we have lived in until now?one defined and directed from many places and by many peoples. The post-American world is naturally an unsettling prospect for Americans, but it should not be. This will not be a world defined by the decline of America but rather the rise of everyone else. It is the result of a series of positive trends that have been progressing over the last 20 years, trends that have created an international climate of unprecedented peace and prosperity. I know. That's not the world that people perceive. We are told that we live in dark, dangerous times. Terrorism, rogue states, nuclear proliferation, financial panics, recession, outsourcing, and illegal immigrants all loom large in the national discourse. Al Qaeda, Iran, North Korea, China, Russia are all threats in some way or another. But just how violent is today's world, really? A team of scholars at the University of Maryland has been tracking deaths caused by organized violence. Their data show that wars of all kinds have been declining since the mid-1980s and that we are now at the lowest levels of global violence since the 1950s. Deaths from terrorism are reported to have risen in recent years. But on closer examination, 80 percent of those casualties come from Afghanistan and Iraq, which are really war zones with ongoing insurgencies?and the overall numbers remain small. Looking at the evidence, Harvard's polymath professor Steven Pinker has ventured to speculate that we are probably living "in the most peaceful time of our species' existence." Why does it not feel that way? Why do we think we live in scary times? Part of the problem is that as violence has been ebbing, information has been exploding. The last 20 years have produced an information revolution that brings us news and, most crucially, images from around the world all the time. The immediacy of the images and the intensity of the 24-hour news cycle combine to produce constant hype. Every weather disturbance is the "storm of the decade." Every bomb that explodes is BREAKING NEWS. Because the information revolution is so new, we?reporters, writers, readers, viewers?are all just now figuring out how to put everything in context. We didn't watch daily footage of the two million people who died in Indochina in the 1970s, or the million who perished in the sands of the Iran-Iraq war ten years later. We saw little of the civil war in the Congo in the 1990s, where millions died. But today any bomb that goes off, any rocket that is fired, any death that results, is documented by someone, somewhere and ricochets instantly across the world. Add to this terrorist attacks, which are random and brutal. "That could have been me," you think. Actually, your chances of being killed in a terrorist attack are tiny?for an American, smaller than drowning in your bathtub. But it doesn't feel like that. The threats we face are real. Islamic jihadists are a nasty bunch?they do want to attack civilians everywhere. But it is increasingly clear that militants and suicide bombers make up a tiny portion of the world's 1.3 billion Muslims. They can do real damage, especially if they get their hands on nuclear weapons. But the combined efforts of the world's governments have effectively put them on the run and continue to track them and their money. Jihad persists, but the jihadists have had to scatter, work in small local cells, and use simple and undetectable weapons. They have not been able to hit big, symbolic targets, especially ones involving Americans. So they blow up bombs in cafes, marketplaces, and subway stations. The problem is that in doing so, they kill locals and alienate ordinary Muslims. Look at the polls. Support for violence of any kind has dropped dramatically over the last five years in all Muslim countries. < - > From rforno at infowarrior.org Wed May 7 12:19:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 May 2008 08:19:34 -0400 Subject: [Infowarrior] - Comcast Considering 250GB Cap, Overage Fees Message-ID: (c/o IP) http://www.dslreports.com/shownews/Comcast-Considering-250GB-Cap-Overage-Fees-94185 Comcast Considering 250GB Cap, Overage Fees Insider provides details of new 'protocol agnostic' solution 04:15PM Tuesday May 06 2008 by Karl A Comcast insider tells me the company is considering implementing very clear monthly caps, and may begin charging overage fees for customers who cross them. While still in the early stages of development, the plan -- as it stands now -- would work like this: all users get a 250GB per month cap. Users would get one free "slip up" in a twelve month period, after which users would pay a $15 charge for each 10 GB over the cap they travel. According to the source, the plan has "a lot of momentum behind it," and initial testing is slated to begin in a month or two. "The intent appears to be to go after the people who consistently download far more than the typical user without hurting those who may have a really big month infrequently," says an insider familiar with the project, who prefers to remain anonymous. "As far as I am aware, uploads are not affected, at least not initially." According to this source, the new system should only impact some 14,000 customers out of Comcast's 14.1 million users (i.e. the top 0.1%). As a few of you may have noticed, Comcast received a public relations beating and is being investigated by the FCC for their use of Sandvine gear to throttle upstream P2P traffic. This practice of using forged TCP packets to "break" BitTorrent connections was discovered first in our forums in May of last year, some five months before the Associated Press story made national headlines. From rforno at infowarrior.org Wed May 7 14:13:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 May 2008 10:13:54 -0400 Subject: [Infowarrior] - more on - OT: The Rise of The Rest References: Message-ID: <1C22F8D7-F46A-4899-8623-891025FD868F@infowarrior.org> (c/o Dano) Begin forwarded message: > > > > The Washington Note weblog has an article about Kishore Mahbubani, > with references to his book and his article in the magazine Foreign > Policy. His proposals are similar to Zakaria's though are more > detailed and go further in detailing the rise and increasing > importance of countries that only twenty years ago were thought of > as "third world". I saw him speak at RAND several weeks ago. (He's > on book tour.) It was fantastic and worth the hour of my time. New > America usually tapes their presentations and makes them available. > You might check it out. > > > > > Book Description > For centuries, the Asians (Chinese, Indians, Muslims, and others) > have been bystanders in world history. Now they are ready to become > co-drivers. > > Asians have finally understood, absorbed, and implemented Western > best practices in many areas: from free-market economics to modern > science and technology, from meritocracy to rule of law. They have > also become innovative in their own way, creating new patterns of > cooperation not seen in the West. > > Will the West resist the rise of Asia? The good news is that Asia > wants to replicate, not dominate, the West. For a happy outcome to > emerge, the West must gracefully give up its domination of global > institutions, from the IMF to the World Bank, from the G7 to the UN > Security Council. > > History teaches that tensions and conflicts are more likely when new > powers emerge. This, too, may happen. But they can be avoided if the > world accepts the key principles for a new global partnership > spelled out in The New Asian Hemisphere. From rforno at infowarrior.org Wed May 7 19:40:14 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 May 2008 15:40:14 -0400 Subject: [Infowarrior] - A Copyright Cop In Every Zune Message-ID: Microsoft May Build a Copyright Cop Into Every Zune By Saul Hansell http://bits.blogs.nytimes.com/2008/05/07/microsoft-may-build-a-copyright-cop-into-every-zune/index.html If you like to download the latest episodes of ?Heroes? or other NBC shows from BitTorrent, maybe you shouldn?t buy a Microsoft Zune to watch them on. A future update of the software for Microsoft?s portable media player may well include a feature that will block unauthorized copies of copyrighted videos from being played on it. Tuesday, Microsoft announced that it would start selling video programming for the Zune, mainly TV shows. These include programs from NBC Universal, which has pulled its shows off Apple?s iTunes Store. Late Tuesday afternoon I reached J. B. Perrette, the president of digital distribution for NBC Universal, to ask why NBC found Microsoft?s video store more appealing than Apple?s. He explained that NBC, like most studios, would like the broadest distribution possible for its programming. But it has two disputes with Apple. First, Apple insists that all TV shows have an identical wholesale price so that it can sell all of them at $1.99. NBC wants to sell its programs for whatever price it chooses. Second, Apple refused to cooperate with NBC on building filters into its iPod player to remove pirated movies and videos. Microsoft, by contrast, will accept NBC?s pricing scheme and will work with it to try to develop a copyright ?cop? to be installed on its devices. For now, both issues are rather theoretical. NBC does have some variation in its wholesale price schedule, although Mr. Perrette declined to describe it. Microsoft has chosen to absorb the differences and sell all shows for about $1.99. Nonetheless, Mr. Perrette said, NBC wants the flexibility to sell older shows at lower prices and hit shows at higher prices than the standard Apple has set. It also wants to create various deals that would, for example, allow a discount for people buying a season or other group of episodes at one time. ?That separation of the wholesale pricing flexibility and what the retailer decides to charge is core to us,? Mr. Perrette said. ?Zune was willing to provide that.? Similarly, the copyright filtering system is still in development and its exact form has not been set. Mr. Perrette said the plan is to create ?filtering technology that allows for playback of legitimately purchased content versus non- legitimately purchased content.? He said this would be similar to systems being tested by Microsoft, Google and others that are meant to block pirated clips from video sharing sites. NBC is also working with Internet service providers like AT&T to put similar filters right into the network. Mr. Perrette added that NBC is trying to develop similar hardware technology with SanDisk, through whom NBC also sells its programming. Adam Sohn, a spokesman for Microsoft, declined to discuss details of this effort other than to say that the software company is exploring anti-piracy measures with NBC. He said Microsoft, which suffers from its own piracy problems, is sympathetic to Hollywood?s concerns. At the same time, it will be difficult for Microsoft to add features that consumers don?t like to its Zune products, which already lag far behind Apple in the market. Mr. Perrette said NBC understands the potential resistance. ?In the short term, this will not win us a lot of friends,? he said. ?In the long term, the consumer wants there to be quality premium-produced content, and in order for that to continue to be a viable business, there needs to be significant protection around it.? From rforno at infowarrior.org Wed May 7 19:42:53 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 May 2008 15:42:53 -0400 Subject: [Infowarrior] - WoW, DMCA, and WTF? Message-ID: http://arstechnica.com/news.ars/post/20080507-blizzard-attempt-to-kill-wow-bot-bad-news-for-copyright-law.html Blizzard attempt to kill WoW bot bad news for copyright law By Ben Kuchera World of WarCraft is a game made of many parts: resource gathering, combat, item-creation... and some of those parts are more fun than others. A company called MDY wanted to help with the dull bits of the game, and maybe assist gold farmers a little bit, by releasing a program called Glider that allows your character to continue collecting gold and leveling while you're not at your computer. In 2006, Blizzard and Vivendi showed up at an MDY employee's home and threatened legal action against the company, claiming Glider violates the Terms of Service of World of Warcraft as well as the Digital Millennium Copyright Act. MDY then sued to establish its right to sell its software, causing Blizzard to file its own suit to stop MDY from selling the program. The issue is whether or not Glider is breaking any laws, and Blizzard is hoping that by stretching the boundaries of what constitutes copyright infringement, it can get MDY shut down. If Blizzard succeeds, it could set a very dangerous precedent. < - > By scrolling through the EULA and clicking okay, you agree, and can then play the game. Here's where Blizzard's logic gets slippery. To play the game, certain parts of the code have to loaded into your computer's RAM. In effect, Blizzard says you're making a copy of the game. Since Glider breaks the EULA, you no longer have a license to make that copy in your system's RAM, and now you're infringing on Blizzard's copyright. So you see, any program which creates a "copy" of itself in your system's RAM?and that's every program on your computer?makes you guilty of copyright infringement unless you have a license allowing you to do so. Public Knowledge, a DC-based public interest group defending the rights of users in "the emerging digital culture" has filed an amicus brief with the court explaining why these claims are so preposterous. PK's arguments are sound and easy to understand. "Defendant Blizzard insists that users of its software must rely upon a license from Blizzard to make RAM copies, and users infringe copyright when they use the software in a way not permitted by the license agreement," the amicus stated. "But the license agreement cannot govern users' rights to make RAM copies, because that right is already reserved to users under 17 U.S.C. ? 117. Therefore, Blizzard cannot claim any infringement of its copyrights based upon the creation of RAM copies..." From rforno at infowarrior.org Wed May 7 19:56:19 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 May 2008 15:56:19 -0400 Subject: [Infowarrior] - Terrorist Triage Message-ID: <5861BE0A-F1A7-4554-8B83-9E7088F87525@infowarrior.org> Terrorist Triage Why are the presidential candidates?and so many counterterrorism experts?afraid to say that the Al Qaeda threat is overrated? Christopher Dickey Newsweek Web Exclusive Updated: 9:32 AM ET May 6, 2008 http://www.newsweek.com/id/135654/output/print Michael Sheehan is on a one-man mission to put terrorist threats into perspective, which is a place they've rarely or ever been before. Already you can see it's going to be a hard slog. Fighting the inflated menace of Osama bin Laden has become big business, generating hundreds of billions of dollars for government agencies and contractors in what one friend of mine in the Washington policy-making stratosphere calls "the counterterrorist-industrial complex." But Sheehan's got the kind of credentials that ought to make us stop and listen. He was a U.S. Army Green Beret fighting guerrillas in Central America in the 1980s, he served on the National Security Council staff under both President George H.W. Bush and President Bill Clinton, and he held the post of ambassador-at-large for counterterrorism from 1998 to 2000. In those days Sheehan was among that persistent, relentless and finally shrill chorus of voices trying to warn the Clinton administration that Osama bin Laden and his boys represented a horrific danger to the United States and its interests. Days after the October 2000 suicide attack on the USS Cole in Yemen that killed 17 American sailors, experienced analysts like Sheehan at the State Department and Richard A. Clarke at the White House were certain Al Qaeda was behind it, but there was no support for retaliation among the Clintonistas or, even less, the Pentagon. Clarke later wrote vividly about Sheehan's reaction after the military brass begged off. "Who the s--- do they think attacked the Cole, f--- in' Martians?" Sheehan asked Clarke. "Does Al Qaeda have to attack the Pentagon to get their attention?" We all know the answer to that question, of course. But what's interesting is not that Sheehan was so right, for all the good it did, or that President Bill Clinton and then President George W. Bush were so wrong not to pay attention. What's interesting is Sheehan's argument now that Al Qaeda just isn't the existential-twilight- struggle threat it's often cracked up to be. Hence the subtitle of his new book, "Crush the Cell: How to Defeat Terrorism Without Terrorizing Ourselves" (Crown, 2008). The ideas Sheehan puts forth in a text as easy to read as a Power Point should be central to every security debate in the current presidential campaign. But given the personality politics that have dominated the race so far, that seems unlikely. Once again it's up to the public to figure these things out for itself. "I want people to understand what the real threat is and what's a bunch of bull," Sheehan told me when I tracked him down a few days ago in one of those Middle Eastern hotel lobbies where you sip orange juice and lemonade at cocktail time. (He asked me not to say where, precisely, since the government he's now advising on policing and terrorism puts a high premium on discretion.) Before September 11, said Sheehan, the United States was "asleep at the switch" while Al Qaeda was barreling down the track. "If you don't pay attention to these guys," said Sheehan, "they will kill you in big numbers." So bin Laden's minions hit U.S. embassies in Africa in 1998, they hit the Cole in 2000, and they hit New York and Washington in 2001 ?three major attacks on American targets in the space of 37 months. Since then, not one. And not for want of trying on their part. What changed? The difference is purely and simply that intelligence agencies, law enforcement and the military have focused their attention on the threat, crushed the operational cells they could find? which were in fact the key ones plotting and executing major attacks? and put enormous pressure on all the rest. "I reject the notion that Al Qaeda is waiting for 'the big one' or holding back an attack," Sheehan writes. "A terrorist cell capable of attacking doesn't sit and wait for some more opportune moment. It's not their style, nor is it in the best interest of their operational security. Delaying an attack gives law enforcement more time to detect a plot or penetrate the organization." Terrorism is not about standing armies, mass movements, riots in the streets or even palace coups. It's about tiny groups that want to make a big bang. So you keep tracking cells and potential cells, and when you find them you destroy them. After Spanish police cornered leading members of the group that attacked trains in Madrid in 2004, they blew themselves up. The threat in Spain declined dramatically. Indonesia is another case Sheehan and I talked about. Several high- profile associates of bin Laden were nailed there in the two years after 9/11, then sent off to secret CIA prisons for interrogation. The suspects are now at Guant?namo. But suicide bombings continued until police using forensic evidence?pieces of car bombs and pieces of the suicide bombers?tracked down Dr. Azahari bin Husin, "the Demolition Man," and the little group around him. In a November 2005 shootout the cops killed Dr. Azahari and crushed his cell. After that such attacks in Indonesia stopped. The drive to obliterate the remaining hives of Al Qaeda training activity along the Afghanistan-Pakistan frontier and those that developed in some corners of Iraq after the U.S. invasion in 2003 needs to continue, says Sheehan. It's especially important to keep wanna-be jihadists in the West from joining with more experienced fighters who can give them hands-on weapons and explosives training. When left to their own devices, as it were, most homegrown terrorists can't cut it. For example, on July 7, 2005, four bombers blew themselves up on public transport in London, killing 56 people. Two of those bombers had trained in Pakistan. Another cell tried to do the same thing two weeks later, but its members had less foreign training, or none. All the bombs were duds. Sheehan's perspective is clearly influenced by the three years he spent, from 2003 to 2006, as deputy commissioner for counterterrorism at the New York City Police Department. There, working with Commissioner Ray Kelly and David Cohen, the former CIA operations chief who heads the NYPD's intelligence division, Sheehan helped build what's regarded as one of the most effective terrorist-fighting organizations in the United States. Radicals and crazies of many different stripes have targeted the city repeatedly over the last century, from alleged Reds to Black Blocs, from Puerto Rican nationalists and a "mad bomber" to Al Qaeda's aspiring martyrs. But the police have limited resources, so they've learned the art of terrorist triage, focusing on what's real and wasting little time and money on what's merely imagined. "Even in 2003, less than two years after 9/11, I told Kelly and Cohen that I thought Al Qaeda was simply not very good," Sheehan writes in his book. Bin Laden's acolytes "were a small and determined group of killers, but under the withering heat of the post-9/11 environment, they were simply not getting it done ? I said what nobody else was saying: we underestimated Al Qaeda's capabilities before 9/11 and overestimated them after. This seemed to catch both Kelly and Cohen a bit by surprise, and I agreed not to discuss my feelings in public. The likelihood for misinterpretation was much too high." It still is. At the Global Leadership Forum co-sponsored by NEWSWEEK at the Royal United Services Institute in London last week, the experts and dignitaries didn't want to risk dissing Al Qaeda, even when their learned presentations came to much the same conclusions as Sheehan. The British Tories' shadow security minister, Pauline Neville-Jones, dismissed overblown American rhetoric: "We don't use the language of the Global War on Terror," said the baroness. "We actively eschew it." The American security expert Ashton Carter agreed. "It's not a war," said the former assistant secretary of defense, who is now an important Hillary Clinton supporter. "It's a matter of law enforcement and intelligence, of Homeland Security hardening the target." The military focus, he suggested, should be on special ops. Sir David Omand, who used to head Britain's version of the National Security Agency and oversaw its entire intelligence establishment from the Cabinet Office earlier this decade, described terrorism as "one corner" of the global security threat posed by weapons proliferation and political instability. That in turn is only one of three major dangers facing the world over the next few years. The others are the deteriorating environment and a meltdown of the global economy. Putting terrorism in perspective, said Sir David, "leads naturally to a risk management approach, which is very different from what we've heard from Washington these last few years, which is to 'eliminate the threat'." Yet when I asked the panelists at the forum if Al Qaeda has been overrated, suggesting as Sheehan does that most of its recruits are bunglers, all shook their heads. Nobody wants to say such a thing on the record, in case there's another attack tomorrow and their remarks get quoted back to them. That's part of what makes Sheehan so refreshing. He knows there's a big risk that he'll be misinterpreted; he'll be called soft on terror by ass-covering bureaucrats, breathless reporters and fear-peddling politicians. And yet he charges ahead. He expects another attack sometime, somewhere. He hopes it won't be made to seem more apocalyptic than it is. "Don't overhype it, because that's what Al Qaeda wants you to do. Terrorism is about psychology." In the meantime, said Sheehan, finishing his fruit juice, "the relentless 24/7 job for people like me is to find and crush those guys." As I headed into the parking lot, watching a storm blow in off the desert, it occurred to me that one day in the not too distant future the inability of these terrorist groups to act effectively will discredit them and the movement they claim to represent. If they did succeed with a new attack and the public and media brushed it off after a couple of news cycles, that would discredit them still more. The psychological victory would be ours for a change, and not only in our own societies but very likely in theirs. Or, to paraphrase an old Army dictum, if you crush the cells, the hearts and minds will follow. URL: http://www.newsweek.com/id/135654 From rforno at infowarrior.org Thu May 8 00:03:21 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 May 2008 20:03:21 -0400 Subject: [Infowarrior] - USAF: Have you seen our drone? Message-ID: Air Force captain: Have you seen our drone? Published: Wednesday, May 7, 2008 at 2:43 p.m. Last Modified: Wednesday, May 7, 2008 at 6:21 p.m. OCALA ? Air Force officials are looking for a radio-controlled surveillance plane that disappeared Tuesday in Marion County. According to an Ocala Police Department press release, the drone was being used in a training exercise in a vacant field next to the McPherson Governmental Complex on Southeast 25th Avenue when it flew east without responding to commands. The plane has a wingspan of about six feet but weighs just a few pounds. The press release said it may have landed anywhere between Southeast 25th Avenue and the Ocala National Forest area. The Air Force did say that the unmanned aerial vehicle, or UAV, was not equipped with a camera when it disappeared Tuesday. Anyone who finds the plane can call Friedman at 910-382-6492. - Joe VanHoose http://www.ocala.com/article/20080507/NEWS/667333754/1001/NEWS01&title=Air_Force_captain__Have_you_seen_our_drone_ From rforno at infowarrior.org Thu May 8 00:07:05 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 May 2008 20:07:05 -0400 Subject: [Infowarrior] - FBI withdraws secret Internet Archive probe Message-ID: <425366E6-128C-4E1B-A9E2-081BF40BD30A@infowarrior.org> FBI withdraws secret Internet Archive probe Abuse of power alleged By Dan Goodin in San Francisco Published Wednesday 7th May 2008 22:08 GMT http://www.theregister.co.uk/2008/05/07/fbi_withdraws_secret_demand/ The FBI has withdrawn a secret order that used new anti-terrorism powers to demand information about a user of the Internet Archive without a court order after attorneys challenged it as an unconstitutional abuse of power. The victory for the San Francisco-based digital library meant that its founder was able to speak publicly about the sweeping demand, known as an NSL or national security letter, for the first time on Wednesday. Up until now, the demand for personal information about an undisclosed Internet Archive patron was protected by a gag order that prevented all but a handful of people from knowing it even existed. Since the 9/11 attacks, the use of NSLs has proved a popular tool for getting information in government investigations if it is deemed relevant to terrorism or espionage. More than 200,000 of them were issued between 2003 and 2006, and yet, because of the secrecy surrounding them, only three have been known to have been challenged in court. Remarkably, all three challenges have succeeded. "The NSL basically allows the FBI to demand extremely sensitive personal information about innocent people without any prior court approval, often in total secrecy without any meaningful judicial review," Melissa Goodman, one of the attorneys representing the Internet Archive, said during a telephone conference with reporters. "It makes you wonder about the hundreds of thousands of other NSLs that have never been challenged and we know there are many." The FBI withdrew the NSL after the American Civil Liberties Union and the Electronic Frontier Foundation, which represented the Internet Archive, filed a complaint (PDF) arguing that the Patriot Act statute that expanded the use of NSLs was unconstitutional. Among other things, the lawsuit argued that the law was a violation of freedom-of-speech guarantees because it allowed the FBI to unilaterally gag NSL recipients with no prior court approval or judicial review afterwards. Rather than fight the case in court, the FBI agreed to withdraw the NSL and lift much of the gag order surrounding it. Not an 'unqualified success' Contrary to claims by Brewster Kahle, founder and chairman of the Internet Archive, that it was an "unqualified success" for all libraries seeking to protect their patrons from unwarranted government fishing expeditions, it was clear that the FBI was still managing to squelch considerable discussion about the case. Kahle and his lawyers repeatedly refused to say exactly what information the FBI sought and what, if any, was ultimately provided. They refused to say, for example, whether they supplied the FBI with an email address the patron had used to register an Internet Archive account. They even declined to say what their reasons were for withholding such details. "You're always in an extremely difficult place when the FBI is still gagging us, not pursuant to the NSL but because of the settlement agreement," Goodman said. "We have to be cautious in those situations and its always difficult. It's terribly frustrating to us." They were also forbidden from saying who the patron was or what the person had done to attract the attention of investigators in the first place. Even though the NSL was served in November, it remains unknown if the patron has been notified that he or she is the target of the NSL. Given the limits of the legal victory, it's interesting to learn that the FBI was likely limited in the information it could have gained, thanks to fairly sensible policies at the Internet Archive about the information it stores. The site doesn't collect IP addresses of its visitors and doesn't log what users do while browsing through its extensive catalog of music, videos and historical documents. "As a library, we know that we've long protected patrons from government intrusions," Kahle (whose name rhymes with "pale") said. "Our document retention policies did exactly what we intended them to do." Think about that, the next time you're surfing Google. ? From rforno at infowarrior.org Thu May 8 01:36:57 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 May 2008 21:36:57 -0400 Subject: [Infowarrior] - Harvard Law School to Distribute Research for Free Message-ID: Harvard Law School to Distribute Research for Free (Update2) By Brian Kladko http://www.bloomberg.com/apps/news?pid=newsarchive&sid=aTV432mbXYtY May 7 (Bloomberg) -- Harvard Law School will become the first U.S. law school to distribute professors' scholarly articles over the Internet for free, following a similar move by the university's arts and science faculty three months ago. The 92-member law faculty, in Cambridge, Massachusetts, voted last week to post articles in an online repository that will be searchable by other Internet services, according to a statement today. Educators at other schools can freely provide the articles to students if the material isn't used for profit. The vote advances the movement to make scholarship more widely available to individuals and institutions that sometimes pay thousands of dollars a year for a single academic journal subscription. Harvard Law's move also may challenge legal databases that collect law journal articles, such as Thomson Reuters Plc's Westlaw and Reed Elsevier Plc's Lexis-Nexis, said John Palfrey, a Harvard law professor who pushed for the motion. ``The economics of publishing, both in the scholarly field and in the trade press, is changing very quickly in the digital era,'' said Palfrey, who also is vice dean of library and information resources. ``I think this is a period of transition, where we have to balance the interests of openness and access to scholarship against certain economic interests. There is that tension.'' The unanimous decision followed a Feb. 13 vote by Harvard's arts and sciences professors, the largest faculty at the university. Both policies encourage professors to post articles on a Harvard Web site, and allow professors who want to restrict publication to an academic journal to keep articles off the site. Hundreds of Articles ``Our decision to embrace `open access' means that people everywhere can benefit from the ideas generated here at the law school,'' said Law School Dean Elena Kagan in today's statement. Harvard Law's faculty members probably produce a few hundred articles a year, Palfrey said. The articles, like those from other faculties, are typically published in journals affiliated with a law school, many of which are student-run and receive some financial support from the institution, he said. The school's decision doesn't threaten the Harvard Law Review, said Bob Allen, the journal's editor-in-chief. The publication already allows authors to post their articles on their own Web sites, and its subscription revenue has been shrinking for years as articles become more widely available online. The Harvard Law Review gets an increasing share of revenue from selling articles to Westlaw and Lexis-Nexis, he said. Scholars, and the people who read their work, will still look for the legitimacy conveyed by having a manuscript published in a journal, Allen said. Navigating Literature ``There's so much scholarship being produced that you sort of need that indicator to help you navigate the literature,'' said Allen, 24, a second-year student from Atlanta. ``I think that's the role we'll continue to play. The name of the journal stands as backing for the veracity of sourcing and factual claims in the piece.'' Bloomberg LP, the parent of Bloomberg News, competes with Thomson Reuters and with Lexis. To contact the reporter on this story: Brian Kladko in Boston at bkladko at bloomberg.net . Last Updated: May 7, 2008 15:36 EDT From rforno at infowarrior.org Thu May 8 15:12:16 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 May 2008 11:12:16 -0400 Subject: [Infowarrior] - Brian Krebs column on network hijacking References: <20080508150838.GB12430@gsp.org> Message-ID: Begin forwarded message: > From: Rich Kulawiec > Date: May 8, 2008 11:08:38 AM EDT > To: Dave Farber , Richard Forno >, Fergie > Subject: Brian Krebs column on network hijacking > > Brian Krebs of the Washington Post has written a column about the > apparent hijacking of a /16: > > A Case of Network Identity Theft? - Security Fix > http://blog.washingtonpost.com/securityfix/2008/04/a_case_of_network_identity_the_1.html > > That column is largely based on the fine research done by Ronald > Guilmette, > available here: > > 47-usc-230c2.org > http://www.47-usc-230c2.org/ > > I find myself wondering -- given recent discussions about the possible > exhaustion of IPv4 space on NANOG and similar -- how many network > blocks > are unaccounted for, or disused, or controlled by someone other than > their putative owners. > > ---Rsk From rforno at infowarrior.org Thu May 8 22:37:16 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 May 2008 18:37:16 -0400 Subject: [Infowarrior] - If music DRM is dead, the RIAA expects its resurrection Message-ID: If music DRM is dead, the RIAA expects its resurrection By Jacqui Cheng | Published: May 08, 2008 - 02:11PM CT http://arstechnica.com/news.ars/post/20080508-if-music-drm-is-dead-the-riaa-expects-its-resurrection.html Despite widespread declarations of the death of DRM in music, the Recording Industry Association of America insists that it's far from dead. At the Digital Hollywood conference taking place in Los Angeles this week, the organization argued that DRM is still used in the large majority of music distribution methods. Not only that, but DRM is poised to make a comeback to make up for where it has fallen. "(Recently) I made a list of the 22 ways to sell music and 20 of them still require DRM," RIAA technology unit head David Hughes said during a panel discussion, according to CNet. "Any form of subscription service or limited play-per-view or advertising offer still requires DRM. So DRM is not dead." Hughes' statement comes just four months after the last of the Big Four music labels decided to ditch DRM for some sales. Sony BMG joined EMI, Universal, and Warner in selling DRM-free MP3 files through Amazon's MP3 service (in addition to a rather large handful of independent labels), making Amazon the only online destination that sells unprotected music from all of the majors. Other music stores offer some DRM-free selections too, like the iTunes Store, the Zune Marketplace, eMusic, and Amie Street, to name a few. Still, it's true that DRM still exists in the music world. The majority of songs from the iTunes Store still utilize DRM, many stores continue to sell tracks with Windows-centric DRM, and practically all subscription services still use it. Other services, such as web-based music service Last.fm, offer free ad-supported streaming, but users are limited to listening over the web and cannot take the files with them offline. And, of course, subscription-based services use DRM to ensure that the downloaded music expires once users cancel their subscriptions. Hughes believes that per-track purchases are going the way of the dodo in favor of these other models, and that's why DRM will have a resurgence. "I think there is going to be a shift," he said. "I think there will be a movement towards subscription services and they will eventually mean the return of DRM." Hughes did acknowledge that users would rather live in a world where DRM stayed out of their way by saying that as long as they get to use files how they want, users don't care about DRM. The problem with DRM is that users can't use the files how they want, which is why they do care. And we're miles away from the kind of magical solution solution envisioned by the Hughes that would create the perfect, unnoticeable DRM scheme. Others on the panel realize this. Digimarc Corp. director of business development Rajan Samtani pointed out that there are too many ways for the "kids" to get around DRM and that it's time to "throw in the towel." Aside from incompatibility, there's another major danger with DRM: having your music licenses disappear on you one day. This most recently happened with MSN Music, which announced that users will need to either commit to their authorized computers for life or circumvent the DRM by burning the music to a CD and re-ripping. The industry's recent willingness to drop DRM and embrace other, nontraditional models led us to believe that the music industry was finally "getting it." Given Hughes' comments, however, perhaps the Big Four labels and RIAA never will. From rforno at infowarrior.org Thu May 8 22:42:59 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 May 2008 18:42:59 -0400 Subject: [Infowarrior] - Ferry riders sought by FBI last summer were just tourists Message-ID: <4839130E-BEB1-4B48-9B50-AD2205617DD6@infowarrior.org> Tuesday, May 6, 2008 - Page updated at 12:00 AM http://seattletimes.nwsource.com/cgi-bin/PrintStory.pl?document_id=2004394642&zsection_id=2003925728&slug=fbi06m&date=20080506 Two ferry riders sought by FBI last summer were just tourists By Sara Jean Green Seattle Times staff reporter They were software consultants in town for a weeklong business conference ? not terrorists planning an attack to cripple the country's largest ferry system. Last summer, the FBI launched an international search for two men after crew members and riders on a Washington State Ferry reported their unusual behavior ? namely that they were taking pictures below deck, in areas that don't hold much interest for most tourists. A ferry captain snapped their photo, which was passed along to the FBI. Turns out the men, both citizens of a European Union nation, were captivated by the car-carrying capacity of local ferries. "Where these gentlemen live, they don't have vehicle ferries. They were fascinated that a ferry could hold that many cars and wanted to show folks back home," FBI Special Agent Robbie Burroughs said Monday. The FBI's decision to release the photograph to the media last summer was controversial because the men ? who were described as Middle Eastern-looking ? were not suspected of committing a crime. While law- enforcement officials say they focus on behavior, not ethnicity, local activists say members of the Arab-American community often complain of racial profiling and many are afraid to ride ferries or board planes because of it. Two weeks ago, the men appeared at a U.S. Embassy and identified themselves as the men in the photo released to the media in August, a couple of weeks after they took a ferry from Seattle to Vashon Island during a business trip, Burroughs said. They came forward because they worried they'd be arrested if they traveled to the U.S. and so provided proof of their identities, employment and the reason for their July trip to Seattle, according to the FBI. The bureau was able to verify that information but declined to identify the men or the city where the embassy is located, citing privacy concerns. One of the men recognized himself in the photo sometime in the fall but didn't know what to do, said David Gomez, the FBI's assistant special agent in charge of national-security programs in Seattle. He contacted his friend and they consulted family members involved in law enforcement in their home country. Then they went to the U.S. Embassy, Gomez said. "We want to put the issue to rest," he said, noting that all along, the FBI only wanted to talk to the men. They aren't in trouble, nor do their names appear on a government watch list or no-fly list, he said. For someone who rides the ferry every day, taking photos of the car deck is pretty unusual ? but not so for "a guy who rides it one time in his life," Gomez said. "Their story makes sense; their story has validity ... . It was perfectly normal once we learned what was going on." Gomez defended the decision to release the photo to the public after agents became "somewhat stymied" in their investigation into the men's identities. The Seattle Times initially refrained from publishing the photos in print or online to allow time for additional reporting on the circumstances surrounding the FBI investigation and the photographs. After more reporting, The Times did publish the photos with a story that also covered the controversy. But Rita Zawaideh criticized the FBI's decision to release the photo ? then and now. At the time, Zawaideh, chairwoman of the Seattle-based Arab American Community Coalition, questioned why officials didn't first consult community members, who might have been able to identify the men. "Everyone yelled at me for telling the FBI off," she said. "We're lucky it came out the way it did." Had the men been terrorists, the publicity could have forced them to change tactics and targets, creating a risk for another city, she said. Or the men could have been innocent victims had someone spotted them and "decided to take the law into their own hands," she said. Zawaideh says relationships between the local Arab community and law- enforcement agencies have since improved. Still, at least 30 calls to the coalition's 24-hour hotline are logged each month with complaints of racial profiling, said Zawaideh, who suspects the problem is underreported. The majority involve the treatment of "anyone who looks dark-skinned and foreign" when they ride ferries, board airplanes or cross the U.S.-Canada border, she said. Aziz Junejo, who hosts a weekly public-access television program and writes a column on Islam for The Seattle Times, said he's heard stories about and even experienced more scrutiny on local ferries, particularly when he's with Muslim women who wear traditional head scarves. "We kind of get the walk-by a little slower and a little more noticeable than any others on the boat," he said. "It perpetuates fear, especially in Muslim children who are Americans, first and foremost." A ferries spokeswoman could not be reached for comment Monday. Coast Guard Cpt. Steve Metruck said none of the agencies that meet monthly to discuss the ferry system's vulnerability to a terrorist attack ? including the FBI, Washington State Ferries and the Washington State Patrol ? engage in "any profiling of that sort." Threats to the ferry system ? which carries 24 million people and 11 million vehicles on 10 routes each year ? are constantly monitored, he said. "We're constantly changing our [security] practices so they can't be predicted," he said. "This work is never done ? it's always continuous." Sara Jean Green: 206-515-5654 or sgreen at seattletimes.com Copyright ? 2008 The Seattle Times Company From rforno at infowarrior.org Thu May 8 22:44:12 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 May 2008 18:44:12 -0400 Subject: [Infowarrior] - China Satellite Navigation System Planned for 2010 Message-ID: <477E9CEA-89C9-499B-8A2D-237BDC4C1F2C@infowarrior.org> China Satellite Navigation System Planned for 2010 By Peter B. de Selding, Toulouse, France Space News Staff Writer http://www.space.com/businesstechnology/080505-busmon-china-beidou.html Chinese satellite navigation officials say they intend to field an operational system covering all of Asia by 2010, but they are giving few details on the deployment plans for their global system. In addition China has yet to complete frequency coordination with the United States, Europe, Russia and others. In presentations April 23 here at the Toulouse Space Show, these Chinese officials nonetheless said their global Compass/Beidou system would be fully compatible with the U.S. GPS, European Galileo and Russian Glonass global navigation constellations. Like GPS, Galileo and Glonass, Beidou/Compass would be free of direct user charges but also feature an encrypted signal for authorized users only, presumably including the Chinese military. Chengqi Ran, vice director of the China Satellite Navigation Project Center, said the secure Beidou/Compass signal would be "a highly reliable signal dedicated to complex situations." Beidou/Compass is designed to feature five satellites in geostationary orbit and 30 satellites in medium Earth orbit. Ran and Xiaohan Liao, a deputy director at China's Ministry of Science and Technology, said the first of the medium Earth orbit satellites, launched in April 2007, is functioning well but is still the subject of in-orbit validation. Liao said China intends to operate a Wide Area Precise Pointing system using geostationary satellites. China operates three Beidou/Compass satellites in geostationary orbit. Liao said the wide-area coverage, to include all of Asia, should be in operation by 2010. Liao said China wants to ensure that the growing population of GPS users in China will have a smooth transition from GPS-only devices to devices that receive both GPS and Beidou/Compass signals. He said the market for GPS gear in China is expected to reach around $5 billion in 2010. China's intentions for Beidou/Compass remain a subject of concern in the United States, Europe, Russia and Japan, according to government officials representing those countries at the Toulouse Space Show. China's plans for an Asian regional system are the most immediate concern to Japanese authorities, who are developing their own regional system, called the Quazi Zenith Satellite System, because its three satellites will be in a highly elliptical orbit whose apogee will be over Japan and Asia. Satoshi Kogure, associate senior engineer at the Japan Aerospace Exploration Japanese Agency, said some in Japan fear the Chinese system and think "this is an important issue for Japanese national security." Kogure said China and Japan have had few, if any, talks about their respective systems, although both nations are members of the International Committee on Global Navigation Satellite Systems. This committee is next scheduled to meet in December in Pasadena, Calif. "All the [satellite system] provider nations have agreed in principle" to seek maximum compatibility and interoperability among the different systems to permit users to take maximum benefit from the proliferation of satellites now planned, said Anthony Russo, deputy director of the U.S. National Coordination Office for Space-based Positioning, Navigation and Timing. "But a lot of details still need to be worked." Europe's Galileo managers are actively seeking Chinese clarification on plans for Beidou/Compass so European engineers can freeze their plans for the signal structure of Galileo this year, when contracts for the satellites are scheduled to be signed. "Our position with the Chinese is that we need to make sure we all have the same understanding of the problem," said Paul Verhoef, head of the Galileo unit at the European Commission, which is financing Galileo's development. "It has taken the Chinese awhile for them to realize that it is in their interest to [coordinate signals and other compatibility issues] if they want to be in this community of providers." Verhoef noted that when the U.S., Russian, Chinese and European medium Earth navigations are added together, there could be 120 operational navigation satellites in medium Earth orbit by the middle of the next decade ? plus the three Japanese elliptical satellites. From rforno at infowarrior.org Sat May 10 04:10:25 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 May 2008 00:10:25 -0400 Subject: [Infowarrior] - Congress to work infosec miracle? Message-ID: <8E5C3C01-DAFC-4FA0-9C9E-1216C1788063@infowarrior.org> So as I read this, Congress wants to *legislate down* the number of successful network attacks. I had no idea such promising capabilities were available to us in defense of the Nation! -rf Proposed cybersecurity bill to pressure DHS Published: 2008-05-09 Rep. Jim Langevin, D-RI, introduced a bill on Wednesday that aims to hold the U.S. Department of Homeland Security responsible for investigating every cyber attack and for shoring up its network security. The bill would better define the roles and responsibilities of the agency's chief information officer, require that the department reduce the number of successful attacks against its networks and mandate that the DHS investigate the state of contractors' network security before signing a contract with them. < - > The bill has been designated the Homeland Security Network Defense and Accountability Act of 2008 (H.R. 5983). More @ http://www.securityfocus.com/brief/736?ref=rss From rforno at infowarrior.org Sat May 10 04:11:45 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 May 2008 00:11:45 -0400 Subject: [Infowarrior] - XP Service Pack 3 Kills AMD Machines Message-ID: <1786AAEB-20E9-468A-BD6A-98AE04247EA6@infowarrior.org> XP Service Pack 3 Kills AMD Machines 2:40 PM - May 9, 2008 by Bestofmedia Team Source: Tom's Hardware ? Keywords: Windows, XP, SP3 Categories: AMD/ATI http://www.tomshardware.com/news/Windows-XP-SP3,5334.html Windows XP Service Pack 3 finally arrived to our computers this week? And is now killing AMD machines, according to Jesper Johansson, former program manager for security policy at Microsoft. The problem relates to machines with SP3 installed rebooting and then not allowing users to get so much as Safe Mode. The problem is mainly affecting AMD users who bought their machines from HP. Johansson attributes the problem to the way that HP puts images of Windows onto its machines, using the same copy for both Intel and AMD boxes. "Because the image for both Intel and AMD is the same all have the intelppm.sys driver installed and running. That driver provides power management on Intel-based computers. On an AMD-based computer, amdk8.sys provides the same functionality," says Johansson. Some other OEM?s beside HP have the same practice, and presumably their users will be seeing the same issue. There is another problem with SP3 that has not yet been tracked down to anything so specific that is causing random hangs and system crashes, though at least one can get into Windows itself (unlike the lucky AMD users.) Windows service packs causing mayhem and havoc is not a new phenomenon ? indeed, AMD machines got hit with a similar bug back in 2000 when any machine running over 350 MHz crashed and burned after a new service pack was released ? and we may wait a few weeks for all of the kinks to get sorted out. From rforno at infowarrior.org Sat May 10 04:21:12 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 May 2008 00:21:12 -0400 Subject: [Infowarrior] - EPIC Prevails in Virginia Fusion Center FOIA Case Message-ID: EPIC Prevails in Virginia Fusion Center FOIA Case Yesterday, Richmond General District Court held that EPIC "substantially prevailed" on the merits of its freedom of information lawsuit against the Virginia State Police. EPIC filed the case after the State Police refused to disclose documents describing the federal government's involvement in efforts to limit Virginia's transparency and privacy laws. Through the litigation, EPIC uncovered a secret contract between the State Police and the FBI that limits the rights of Virginia citizens to learn what information the State Police collect about them. The court's letter opinion requires the State Police to pay EPIC's litigation costs, but not its attorneys' fees. For more information, see EPIC's web page EPIC v. Virginia Department of State Police: Fusion Center Secrecy Bill. For more information about fusion centers, see EPIC's Fusion Center Page (May 9) http://epic.org/ From rforno at infowarrior.org Sat May 10 13:44:19 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 May 2008 09:44:19 -0400 Subject: [Infowarrior] - FBI, ATF Battle for Control Of Cases Message-ID: <0F324E6D-CAD6-4F26-A27D-7B223559020D@infowarrior.org> FBI, ATF Battle for Control Of Cases Cooperation Lags Despite Merger By Jerry Markon Washington Post Staff Writer Saturday, May 10, 2008; A01 In the five years since the FBI and ATF were merged under the Justice Department to coordinate the fight against terrorism, the rival law enforcement agencies have fought each other for control, wasting time and money and causing duplication of effort, according to law enforcement sources and internal documents. Their new boss, the attorney general, ordered them to merge their national bomb databases, but the FBI has refused. The Bureau of Alcohol, Tobacco, Firearms and Explosives has long trained bomb- sniffing dogs; the FBI started a competing program. At crime scenes, FBI and ATF agents have threatened to arrest one another and battled over jurisdiction and key evidence. The ATF inadvertently bought counterfeit cigarettes from the FBI -- the government selling to the government -- because the agencies are running parallel investigations of tobacco smuggling between Virginia and other states. The squabbling poses dangers, many in law enforcement say, in an era in which cooperation is needed more than ever to prevent another terrorist attack on U.S. soil. Michael A. Mason, a former head of the FBI's Washington field office who retired in December from a senior post at FBI headquarters, said outside intervention might be needed. < - > http://www.washingtonpost.com/wp-dyn/content/article/2008/05/09/AR2008050903096_pf.html From rforno at infowarrior.org Sun May 11 19:05:11 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 May 2008 15:05:11 -0400 Subject: [Infowarrior] - USAF Scare-Mongering Ad Shoves Facts Out of the Airlock Message-ID: Air Force's Scare-Mongering Space Ad Shoves Facts Out of the Airlock By Noah Shachtman EmailMay 07, 2008 | 3:13:00 PM Categories: Money Money Money, Paper Pushers & Powerpoint Rangers, Space, Video Fix http://blog.wired.com/defense/2008/05/usaf-ridiculous.html No one expects commercials to be word-for-word accurate -- not even ads from the U.S. military. But a new Air Force commercial, about the perils of an attack in space, does more than stretch the truth, a bit. It snaps the truth into tiny little pieces, experts and former officers say -- violating the laws of physics and common sense, while flying in the face everything that's known about the world's constellation of satellites. "What if your cell phone calls, your television, your GPS system, even your bank transactions, could be taken out with a single missile?" the military ad asks. "They can." No, they can't. Not unless there's some new missile out there that can strike dozens and dozens of targets, spread out over thousands and thousands of miles. Even a nuke in space wouldn't do the trick. Communication, television and navigational systems are handled by different arrays of satellites. Each craft in the constellation is set apart by hundreds, if not thousands, of miles. And each constellation is thousands of miles from the other. At least ten thousand miles, for example, separates the arrays of communications and GPS satellites. The communications birds are typically positioned in geostationary orbit, or GEO, about 22,000 miles away from Earth. The ring of 32 GPS satellites, on the other hand, circle the planet in a Medium Earth Orbit, or MEO, approximately 12,000 miles up. There's no missile that can hit two targets that far away from one other. (In fact, there's no anti-satellite missile, taking off from Earth, that can even reach GEO or MEO. China's satellite-killing missile only reached up to about 540 miles.) And even if such a weapon was one day invented, it still wouldn't cause much more than hiccups in your GPS or bank service. Because "while it is true that a single ASAT [anti-satellite weapon] could theoretically take out a single satellite, none of the services mentioned in the commercial rely on a single satellite," says Brian Weeden, who served nine years in the Air Force's space and missile corps. "I find it distressing that the Air Force would resort to such fear-mongering." Take GPS. There are 24 of those satellites. Blasting one of them might slow up your car's navigational system for a little while. But one missile could in no way bring down the entire constellation. "It is impossible, period," says the Center for Defense Information's Theresa Hitchens. "We do lose satellites, you know. They die all the time," adds our own Jeffrey Lewis, an expert on space security (among other things) at the New America Foundation. "When the Galaxy IV [telecommunications satellite] croaked, there was a real problem for the pagers in the U.S. But we got over it. Even if you whack one satellite (which is really a collection of transponders), the service could simply lease more space. The point is that with debris, the harsh environment of outer space and Murphy's Law, that we don't have a single satellite in orbit that is irreplaceable. Because it would go dead at the worst possible time." And, of course, not all of the services mentioned in the Air Force's ad rely solely on satellites to function. "Cell phone calls are not, generally speaking, dependent on satellites. Indeed, that is why they are not called satellite phones," Lewis quips. "Nor does television (or radio), with the exception of DirectTV and satellite radio. So, you lose porn and Howard Stern, but PBS keeps going." Even banks -- which do use GPS to track the timing of their transactions -- have terrestrial, fiber optic backups. "It is clear that the Air Force is preying on the lack of public understanding of the threat (and space in general) in an attempt to convince voters that space is important too and only the US Air Force can protect America in space,' Weeden notes. "After years of trying to convince the politicians that areas such as space situational awareness needed more funding and failing, the Air Force has turned to another method to get its message across: fear." Because Air Force Space Command can't even do that much against the kind of satellite-killing missile depicted in the ad, Hitchens observes. It's pretty nigh impossible to protect current LEO [Low Earth Orbit] sats unless you have time to move them (which is doubtful) and GEO sats are relatively safe only because of the booster power required to get something there. The primary USAF [US Air Force] efforts at space protection currently center of space situational awareness (knowing what is happening in space), and research on distributed architectures (i.e. constellations) and rapid resupply. The latter two capabilities once developed would help ensure redundant capability but it wouldn't "protect" any individual satellite from a DA [direct assent] ASAT [a satellite-striking missile that takes off from Earth]. There are also efforts to convince commercial folks to take steps like encryption and electromagnetic hardening; again nothing to help... The only sure way at the moment to protect against a DA ASAT is to bomb the launch pad before it takes off. The last time I checked, Air Force Space Command does not drop bombs. The anti-satellite ad is part of an $81 million marketing push to "reinvigorate America's love for fighter jets and high technology, and to highlight the service's wartime activity," as the Washington Post put it. Most of the commercials in the series make no explicit attempt to recruit new airmen. And the service is currently looking to pare back, rather than increase, its workforce. Which leads John Pike, director of GlobalSecurity.org, to say, "I am at a loss to understand the statutory authority under which the US Air Force can spend my money in propagandizing to me that they are doing a great job of spending my money. This advertising initiative is without precedent, and if it is not illegal it should be." From rforno at infowarrior.org Mon May 12 11:49:03 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 May 2008 07:49:03 -0400 Subject: [Infowarrior] - Is Real ID Really Going to Happen? Message-ID: Is Real ID Really Going to Happen? The National Identification Law Was Supposed to Take Effect This Week By Matthew Blake 05/12/2008 http://www.washingtonindependent.com/view/is-real-id-really Yesterday, May 11, was when the Real ID Act, signed into law three years ago to the day, was due to kick in. The law set national standards for all state driver's licenses and other forms of photo identification. It directs states to store people's drivers license information in a database, along with additional identity information, like a digital copy of each person's birth certificate. The law mandates that all state databases are to be linked. By now, every state should have built this database and issued Real ID-compliant licenses to all residents. (Matt Mahurin) But you don't need to worry about these new ID's. The law has yet to go into effect. Little about Real ID has gone as planned. All 50 states, and the District of Columbia, were given extensions by the Dept. of Homeland Security to comply with Real ID. This extension was given despite the fact that 17 states passed resolutions saying they have no intention of ever implementing the program. State governors and legislatures, members of Congress and civil- liberties groups have slammed Real ID. They say the program is an unfunded mandate and that the federal government should not be in the business of directing how states issue identifications in the first place. They also argue that the linked databases, complete with comprehensive identity information on people from every state, creates a "one-stop shop" for identity theft. Slipped into "must pass" legislation to fund the war in Iraq and help victims from the December 2004 Southeast Asian tsunami, Real ID is now one of Washington's most maligned policy programs. Sen. Daniel Akaka (D-Hawaii) is leading a bipartisan effort in the Senate to repeal the law and replace it with recommendations made by the 9/11 Commission. The commission recommended that states and civil-liberties groups negotiate with the federal government in developing minimum ID standards. So Real ID could be killed, most likely in the next administration. It's still not a sure thing that, if implemented, the more modest and politically popular 9/11 commission guidelines would strike the right balance among state's rights, personal privacy and the need to stop identity theft. The broad post-9/11 support for national ID standards could turn out to be an unworkable policy in any incarnation. "I don't think that just because the 9/11 commission said it was a good idea necessarily makes its a good idea." said Lee Tien, senior staff attorney at the Electronic Frontier Foundation, an advocacy group opposed to Real ID. The "Identification Security Enhancement Act," was introduced last year by Akaka, and has since picked up Republican co-sponsors Sen. Lamar Alexander (R-Tenn.) and Sen. John Sununu (R-N.H.). It would follow suggestions from the 9/11 commission, which concluded that more identification requirements were needed because all but one of the 9/11 hijackers was able to obtain a driver's license. Instead of outlining what information should go on a license or be stored in a database, the 9/11 Commission said it was best to let states, civil- liberties organizations and security experts set up a group to develop ID standards. These recommendations were actually briefly law, after passage in December 2004 of the Intelligence Reform and Terrorism Prevention Act. In fact, the Dept. of Homeland Security had started to assemble the rule-making coalition. But they were overwritten when Rep. James Sensenbrenner (R-Wis.), then chairman of the House Judiciary Committee, pasted the Real ID Act into a 2005 emergency spending bill for the war in Iraq and the Asian tsunami. With Real ID, the federal government was now setting requirements on state-issued ID's instead of working with states and other stakeholders. "By bringing everyone together," Akaka said at a Senate oversight hearing last week that garnered bipartisan criticism of Real ID. "I believe that we can address the problems with Real ID and have secured drivers licenses faster than through the time frame proposed by DHS's final rules." That time frame for Real ID has already been pushed back twice. The original May 11, 2008 deadline has been extended to Dec. 31, 2009. But states can request an extension from DHS, to be compliant by 2011. And states don't need to issue Real ID's for residents over 50 until 2017-- nine years after the original deadline. Critics of Real ID see the extensions as a sign that the Bush administration doesn't seriously want to deal with implementation problems. "By granting all 50 states waivers, the current administration has handed off the issue to the next administration," said Jim Dempsey, policy director at the Center for Democracy and Technology, another group against Real ID. Tim Sparapani, senior legislative counsel for the American Civil Liberties Union, argues that DHS has not seriously addressed the need to develop technology that can safely store personal ID information on a database shared by all 50 states. Sparapani said that the linked databases create an appealing target for terrorists, or any identity thief. "If I break into a database in Alabama, I don't just get Alabama information." Sparapani said . "I get information from all states." He added that the extra identification requirements will give a hacker the information to commit identity fraud. To develop secure databases and issue new licenses, homeland security now estimates that Real ID implementation will cost $3.9 billion. Sensenbrunner's original estimate was $100 million, and so far homeland security has issued just $79.8 million in grants. Congress and the administration are reluctant, however, to make up the difference. Part of the reason is that many state legislatures have made clear to Washington that they reject Real ID on principle. On the basis of state's right and privacy concerns, 17 states have officially announced they won't comply with Real ID, even if the money were available. DHS, nonetheless, granted compliance extensions even to those states, saying that they are working to meet national security standards. "Whatever their motivations may be, states are taking measures toward the path of Real ID compliance," said Russ Knocke, a spokesman for DHS. Critics of Real ID pointed out that DHS had little choice. "Being at DHS is not an easy job," said Tien, at the Electronic Frontier Foundation. "Congress has given them a stinky bill that they now have to make look workable." Repealing Real ID then, through the Akaka bill, has better prospects under a new administration that might give homeland security a clean slate. "It's a political rule that nobody creates controversy during an election year," said Jim Harper, director of information policy studies at the libertarian Cato institute, "But we'll probably see it introduced again with a high likelihood of passage in December 2009, when states can apply for an additional extension." Like Tien, Harper is uncertain whether Akaka's bill with the 9/11 commission recommendations is a good thing. "It's obviously an improvement," he said. But Harper added he prefers "pushing aside Real ID to create a new post-9/11 conversation." Some proponents of federal ID standards say that civil libertarians would create opposition to any kind of baseline ID requirement. "When Americans think up about national ID cards, it drives them up the wall," said Amitai Etzioni, director at the Institute of Communitarian Studies at George Washington University. "Even after 9/11, they think of it as totalitarian." Along with never satisfying privacy advocates, Etizioni said that the negotiated rule-making called for by the 9/11 commission is wrong to expect that all 50 states could get on the same page. "If you negotiate with the states," he said, "each will have their own ideas." But many Real ID critics do see the Akaka bill as a pragmatic solution. "There is a certain amount of national leadership needed to bring all the states up to certain minimum standards," said Dempsey, at the Center for Democracy and Technology. "Negotiated rule-making with state and local officials and privacy advocates is the right approach." The Real ID Act was added onto a bill with no public debate on whether it effectively combated terrorism and identity theft. Almost all sides now talk about wanting Congress and the next administration to discuss the pitfalls of national standards, before killing, keeping or revising Real ID. "I'm hopeful that Real ID will collapse under the weight of everyone's lack of enthusiasm," said Tien. "The real question is what comes next." From rforno at infowarrior.org Mon May 12 14:21:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 May 2008 10:21:54 -0400 Subject: [Infowarrior] - Fear as a "Terror Tax" Message-ID: Here's How America Looks to the World By Josef Joffe Sunday, May 4, 2008; B03 http://www.washingtonpost.com/wp-dyn/content/article/2008/04/30/AR2008043003008_pf.html HAMBURG Some years ago, I received a terror threat. If I did not apologize publicly and profusely for a column that blasted the Iranian regime, I would be killed by Friday, Sept. 13 -- what an auspicious date! So I sent for the security experts, and this is what they told me: Your front and back doors are worthless; get armored ones. Order bulletproof windows. Build a safe room. Install panic buttons. Get rid of that silly chicken-wire fence and put in a steel and concrete one. Don't use the driveway; try to vary your access routes (which, I think, meant sneaking home through the neighbors' gardens). Pretty soon, we were talking six-figure costs and contemplating emigration to Iceland. The appointed day of my demise came and went. (Real terrorists don't write letters; they just kill you.) But the moral of this story will remain etched in my mind: When security is at stake, there is no limit to fear or fortification. Fear, in other words, is a tax, and al-Qaeda and its ilk have done better at extracting it from Americans than the Internal Revenue Service. Think about the extra half-hour millions of airline passengers waste standing in security lines; the annual cost in lost work hours runs into the billions. Add to that the freight delays at borders, ports and airports, the cost of checking money transfers as well as goods in transit, the wages for beefed-up security forces around the world. And that doesn't even attempt to put a price tag on the compression of civil liberties or the loss of human dignity from being groped in full public view by Transportation Security Administration personnel at the airport or from having to walk barefoot through the metal detector, holding up your beltless pants. This global transaction tax represents the most significant victory of Terror International to date. The new fear tax falls most heavily on the United States. Last November, the Commerce Department reported a 17 percent decline in overseas travel to the United States between Sept. 11, 2001, and 2006. (There are no firm figures for 2007 yet, but there seems to have been an uptick.) That slump has cost the country $94 billion in lost tourist spending, nearly 200,000 jobs and $16 billion in forgone tax revenue -- and all while the dollar has kept dropping. Why? The journal Tourism Economics gives the predictable answer: "The perception that U.S. visa and entry policies do not welcome international visitors is the largest factor in the decline of overseas travelers." Two-thirds of survey respondents worried about being detained for hours because of a misstatement to immigration officials. And here is the ultimate irony: "More respondents were worried about U.S. immigration officials (70 percent) than about crime or terrorism (54 percent) when considering a trip to the country." The falloff has not been as uniform when it comes to international scholars. Chinese, Koreans and Indians keep coming, reports the International Institute of Education (IIE); for the 2006-07 academic year, growth rates were between 3 and 6 percent. But the number of Western scholars coming to the United States is falling. Japan, Germany, Canada, Great Britain, Israel, Australia and Holland show declines of between 1 and 13 percent -- presumably because the richer a country, the less willing its scientists are to brave the indignities they face before entering the United States. Those hailing from poorer countries, with more limited opportunities -- such as the Chinese and the Indians -- remain undaunted. The pattern for international students resembles that of the scholars. For 2006-07, the IIE reports the "first significant increase in total international student enrollment since 2001/2002." Again, the rise is led by the Indians, the Chinese and the Koreans. The number of students from Japan is down; ditto for Germany. Hence the IIE's veiled warning: "America needs to continue its proactive steps to insure that our academic doors remain wide open, and that students around the world understand that they will be warmly welcomed." To which all Americans should say amen, as these foreign students contribute about $14.5 billion annually to the U.S. economy, according to the IIE. Higher education, after all, is the fifth-largest service-sector export of the United States. And foreign talent that's willing to stick around is one of the country's critical natural resources. Some U.S. officials know all this, of course. But while the State Department protests, the Department of Homeland Security makes the rules -- and will invent new verbotens by the day. Nor is there any end in sight. The demand for security, as my death threat taught me, is like an obsession, spreading relentlessly, for which there is no rational counterargument. DHS always asks, "What if?" -- which always trumps "Why more?" A more fruitful dialogue with the homeland security apparat would be trying to answer: "What is the national interest?" After all, which face does the United States want to show to the world? One distorted by fear and suspicion, or the face that it used to present: that of a boisterous, easy-going and welcoming society? America's face used to be George Bailey's genial grin in "It's a Wonderful Life," filled with the optimism and trust that can banish greed and evil; now, it's the grim visage of Jack Bauer in "24." This is not woolly-headed idealism but sober realism. Just imagine how the U.S. Army would have fared in liberating my home continent, Europe, if the blinkered commissars of DHS had been calling the shots in 1944. The way the last superpower chooses to bestride the world brings with it hard consequences. Does the United States open its arms or ball up its fists? Growling rarely elicits smiles, and distrust never reaps its opposite. To present a friendly face to the world is not a matter of saccharine niceness but of well-considered interests, especially for a fearsome giant like the United States. For trust breeds authority, and authority breeds influence. What is happening to the American character? True, the country has gone through crises of confidence before, some of them cresting in sheer hysteria -- from the Alien and Sedition Acts to Sen. Joseph McCarthy's search for a commie under every State Department desk. But the worst acts from 1798 were repealed or allowed to lapse within three years, and the senator from Wisconsin was censured a few years into his red-baiting career. Alas, the USA Patriot Act and DHS have already endured longer than either earlier excess, and neither is fading. Will the 9/11 terrorist attacks change the American character in ways that John Adams's laws and McCarthy's mendacity could not? The answer is still "no" if you go to the heartland, where trusting librarians let this perfect stranger shove his memory stick into a public computer; they seemed to think that a virus scan referred to the common cold. The heartland is still Jefferson country. But when you travel through John F. Kennedy International Airport or Dulles International Airport, you notice nervousness bordering on angst, which is hardly a classic American trait. No, your neighbor will not let you leave your bag on the seat while you amble over to Starbucks. Have the "free and brave" lost it? If so, you are not alone. Look at France, where the controls at Paris's Charles de Gaulle Airport are just as invasive as those at Reagan National Airport. Like the United States, the European Union now wants to fingerprint all foreigners who enter or leave its boundaries. So there is a larger moral to this tale: Security is an obsession that defies natural limits. And we submit because we like it. Al-Qaeda likes it, too. Never before have so few terrorized so many with so little. Josef Joffe is publisher-editor of Die Zeit, a German weekly newspaper, and co-founder of the American Interest. From rforno at infowarrior.org Tue May 13 01:08:47 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 May 2008 21:08:47 -0400 Subject: [Infowarrior] - U.S. military to build botnet? Message-ID: U.S. military to build botnet? Published: 2008-05-12 http://www.securityfocus.com/brief/737?ref=rss A colonel in the U.S. Air Force argued in a recent opinion piece that the United States needs to build its own collection of computers able to digitally "carpet bomb" enemies with a denial-of-service attack. The capability to overwhelm attackers would help the nation deter attacks against its systems, Col. Charles Williamson III, a staff judge advocate for the U.S. Air Force Intelligence, Surveillance and Reconnaissance Agency, stated in an opinion piece in the Armed Forces Journal. Military bases could use outdated PCs as nodes on its "botnet," replacing their hard drives with a simple flash drives. "America needs the ability to carpet bomb in cyberspace to create the deterrent we lack," Col. Williamson wrote. "America faces increasingly sophisticated threats against its military and civilian cyberspace. At the same time, America has no credible deterrent, and our adversaries prove it every day by attacking everywhere." The U.S. military has grown more worried about cyber attacks. A year ago, online protesters attacked the northern European country of Estonia, essentially cutting off online contact to many of the nation's businesses and government agencies. Other denial of service attacks have shut down news sites and even forced an Israeli company to go out of business. While the degree to which nation-states take part in such attacks is unknown, the U.S. military has flagged China as a major future threat in cyberspace. In his column, Col. Williamson acknowledges that using a botnet against attackers could pose serious legal issues in international circles. Botnets frequently use compromised systems owned by private groups and allies of the United States. "The biggest challenge will be political. How does the U.S. explain to its best friends that we had to shut down their computers? The best remedy for this is prevention. The U.S. and its allies need to engage in a robust joint endeavor to improve net defense and intelligence to minimize this risk." In the past, governments have been able to take selective military actions against threats operating in neutral, or on the edge, of another nation's territory, Col. Williamson stated. From rforno at infowarrior.org Tue May 13 01:14:16 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 May 2008 21:14:16 -0400 Subject: [Infowarrior] - Released: WH Policy on "Controlled Unclassified Info" Message-ID: <9D6555CD-B829-49A3-AC07-2249FC336204@infowarrior.org> (c/o SecrecyNews) WHITE HOUSE ISSUES POLICY ON "CONTROLLED UNCLASSIFIED INFO" The White House last week issued a long-awaited policy on "controlled unclassified information" (CUI) that is intended to provide a uniform government-wide system for safeguarding unclassified information that is deemed sensitive. http://www.fas.org/sgp/bush/cui.html The CUI framework is supposed to replace the numerous individual agency control markings -- "sensitive but unclassified," "for official use only," and over a hundred other designations -- and thereby to overcome barriers to information sharing within the government. But the new policy will do nothing to restore public access to government records that have been improperly withheld. Development of the CUI policy began with a December 16, 2005 memo from the President directing agencies to "standardize procedures for sensitive but unclassified information." Despite the passage of two and a half years, however, little progress has been made in defining the terms of the new policy. It establishes a single CUI framework, with three graduated levels of sensitivity and security. But the definition of what information may qualify as CUI, which includes anything that "under law or policy" requires protection from unauthorized disclosure, is vague and expansive. To put it another way, the CUI policy does not exclude anything that is currently controlled as Sensitive But Unclassified. This is a disappointment in light of previous suggestions that wholesale disclosures of currently controlled unclassified information might ensue. "The great majority of the information which is now controlled can be put in a simple unclassified, uncontrolled category, it seems to me," said Amb. Thomas McNamara, program manage of the ODNI Information Sharing Environment, in 2006 testimony before Congress (Secrecy News, 01/16/08). But under the new Bush policy, "the great majority of the information" that Amb. McNamara said should be uncontrolled will remain controlled and unavailable to the public. The CUI policy properly notes that the new policy does not modify the requirements of the Freedom of Information Act process: "CUI markings may inform but do not control the decision of whether to disclose or release the information to the public, such as in response to a request made pursuant to the Freedom of Information Act." But despite the passage of years since the policy was proposed, many of the hard decisions involved have been deferred to the implementation phase. Which, if any, of the more than 100 existing control categories will be canceled, rather than absorbed into the new CUI category? The new policy does not say. At what point, if any, does the CUI designation expire? There's no way to tell. What enforcement mechanisms are established to ensure compliance with the new policy? To be determined. From rforno at infowarrior.org Tue May 13 01:16:38 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 May 2008 21:16:38 -0400 Subject: [Infowarrior] - DHS Q1 Privacy Officer Report Message-ID: <3C3E0F60-85A7-42BE-88D8-61545373D443@infowarrior.org> http://www.pogowasright.org/article.php?story=20080512151046525 Homeland Security: Privacy Officer Report Monday, May 12 2008 @ 03:10 PM EDT Contributed by: PrivacyNews News Section: Fed. Govt. In support of Section 803 of the Implementing Recommendations of the 9/11 Commission Act of 2007, The Privacy Officer will submit a report covering all privacy protection activities of the Department. Source - Quarterly Report, December 2007 - March 2008 (PDF, 5 pages - 40 KB) - contains 2nd quarter findings for 2008. From rsk at gsp.org Tue May 13 12:07:48 2008 From: rsk at gsp.org (Rich Kulawiec) Date: Tue, 13 May 2008 08:07:48 -0400 Subject: [Infowarrior] - Charter announces its intentions to spam its own customers Message-ID: <20080513120748.GA545@gsp.org> (c/o RSK) Charter To Begin Tracking Users' Searches And Inserting Targeted Ads http://consumerist.com/5008801/charter-to-begin-tracking-users-searches-and-inserting-targeted-ads Excerpt: Charter Communications is sending letters to its customers informing them of an "enhanced online experience" that involves Charter monitoring its users' searches and the websites they visit, and inserting targeted third-party ads based on their web activity. Charter, which serves nearly six million customers, is requiring users who want to keep their activity private to submit their personal information to Charter via an unencrypted form and download a privacy cookie that must be downloaded again each time a user clears his web cache or uses a different browser. From rforno at infowarrior.org Wed May 14 00:32:08 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 May 2008 20:32:08 -0400 Subject: [Infowarrior] - Can U Read Kant? Message-ID: (Something I discussed as well in 2003's 'Weapons of Mass Delusion', I might add........rf) http://online.wsj.com/article/SB121063808679386853.html?mod=2_1167_1 Can U Read Kant? By DAVID ROBINSON May 13, 2008; Page A15 The Dumbest Generation By Mark Bauerlein (Tarcher/Penguin, 264 pages, $24.95) It would seem that technology and culture both make the present a good time to be young. The digital tools that are reshaping our economy make more sense to young "digital natives" than to members of older generation, an imbalance of abilities that tips the economic and political scales in favor of young people. Meanwhile, aging boomer parents, rather than pass down a fixed, canonical culture to their kids, encourage a modern-day version of their own rebellion, inviting younger voices to disrupt stodgy cultural continuities. To Mark Bauerlein, a professor of English at Emory University, the present is a good time to be young only if you don't mind a tendency toward empty-headedness. In "The Dumbest Generation," he argues that cultural and technological forces, far from opening up an exciting new world of learning and thinking, have conspired to create a level of public ignorance so high as to threaten our democracy. [Can U Read Kant?] Adults are so busy imagining the ways that technology can improve classroom learning or improve the public debate that they've blinded themselves to the collective dumbing down that is actually taking place. The kids are using their technological advantage to immerse themselves in a trivial, solipsistic, distracting online world at the expense of more enriching activities ? like opening a book or writing complete sentences. Mr. Bauerlein presents a wealth of data to show that young people, with the aid of digital media, are intensely focusing on themselves, their peers and the present moment. YouTube and MySpace, he says, are revealingly named: These and other top Web destinations are "peer to peer" environments in the sense that their juvenile users have populated them with predictably juvenile content. The sites where students spend most of their time "harden adolescent styles and thoughts, amplifying the discourse of the lunchroom and keg party, not spreading the works of the Old Masters." If the new hours in front of the computer were subtracting from television time, there might be something encouraging to say about the increasingly interactive quality of youthful diversions. The facts, at least as Mr. Bauerlein marshals them, show otherwise: TV viewing is constant. The printed word has paid a price ? from 1981 to 2003, the leisure reading of 15- to 17-year-olds fell to seven minutes a day from 18. But the real action has been in multitasking. By 2003, children were cramming an average of 8? hours of media consumption a day into just 6? hours ? watching TV while surfing the Web, reading while listening to music, composing text messages while watching a movie. This daily media binge isn't making students smarter. The National Assessment of Educational Progress has pegged 46% of 12th-graders below the "basic" level of proficiency in science, while only 2% are qualified as "advanced." Likewise in the political arena: Participatory Web sites may give young people a "voice," but their command of the facts is shaky. Forty-six percent of high-school seniors say it's " 'very important' to be an active and informed citizen," but only 26% are rated as proficient in civics. Between 1992 and 2005, the NAEP reported, 12th-grade reading skills dropped dramatically. (As for writing, Naomi Baron, in her recent book, "Always On: Language in an Online and Mobile World," cites the NAEP to note that "only 24% of twelfth-graders are 'capable of composing organized, coherent prose in clear language with correct spelling and grammar.' ") Conversation is affected, too. Mr. Bauerlein sums up part of the problem: "The verbal values of adulthood and adolescence clash, and to enter adult conditions, individuals must leave the verbal mores of high school behind. The screen blocks the ascent." What frustrates Mr. Bauerlein is not these deficits themselves ? it's the way a blind celebration of youth, and an ill-informed optimism about technology, have led the public to ignore them. "Over and over," he writes, "commentators stress the mental advance, the learning side over the fun and fantasy side." Steven Johnson, in his best-selling "Everything Bad Is Good for You," describes videogames as "a kind of cognitive workout." Jonathan Fanton of the MacArthur Foundation writes that children have created "communities the size of nations" where they explore "new techniques for personal expression." Such assessments, Mr. Bauerlein argues, are far too charitable. Mr. Bauerlein contrasts such "evidence-lite enthusiasm" for digital technologies with a weightier learning tradition. He eulogizes New York's City College in the mid-20th century, a book-centered, debate- fostering place where a generation of intellectuals rejected the "sovereignty of youth" in favor of the concerted study of canonical texts and big ideas. Is there any way of recovering this lost world? Probably not. But the future may be brighter than Mr. Bauerlein allows. No matter how frivolously young people may use digital technology now, a schoolchild's taste for play tells us little about what the next generation of intellectual leaders will do with technology's tools. There are glimmers: The new Amazon book reader may bring the best of predigital life forward into the present, and any number of institutions are (gradually) exploring ways to harness the new communications environment for scholarship, innovation and profit rather than idle enjoyment. In short, the children of future years will learn from their elders how to make the most of digital life just as soon as there are elders in place to offer instruction. The "elders" now don't seem to have a clue. Mr. Robinson is associate director of Princeton University's Center for Information Technology Policy, a research center for the study of digital technologies and public life. From rforno at infowarrior.org Wed May 14 00:44:30 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 May 2008 20:44:30 -0400 Subject: [Infowarrior] - RFP: Dominant Cyber Offensive Engagement and Supporting Technology Message-ID: Dominant Cyber Offensive Engagement and Supporting Technology Solicitation Number: BAA-08-04-RIKA Agency: Department of the Air Force Office: Air Force Materiel Command Location: AFRL - Rome Research Site < - -> http://tinyurl.com/3egwsb < - > I. FUNDING OPPORTUNITY DESCRIPTION: Air Force Research Laboratory (AFRL)/RI is soliciting white papers for various scientific studies and experiments to increase our knowledge and understanding of the broad range of capabilities required in support of Dominant Cyber Offensive Engagement and Supporting Technology, to include testing of prototype capabilities. Solutions to basic and applied research and engineering for the problems relating to Dominant Cyber Offensive Engagement and Supporting Technology are sought. This includes high risk, high payoff capabilities for gaining access to any remotely located open or closed computer information systems; these systems enabling full control of a network for the purposes of information gathering and effects based operations. Of interest are any and all techniques to enable user and/or root level access to both fixed (PC) or mobile computing platforms. Robust methodologies to enable access to any and all operating systems, patch levels, applications and hardware are of interest. Also, we are interested in technology to provide the capability to maintain an active presence within the adversaries' information infrastructure completely undetected. Of interest are any and all techniques to enable stealth and persistence capabilities on an adversaries infrastructure. This could be a combination of hardware and/or software focused development efforts. Following this, it is desired to have the capability to stealthily exfiltrate information from any remotely-located open or closed computer information systems with the possibility to discover information with previously unknown existence. Any and all techniques to enable exfiltration techniques on both fixed and mobile computing platforms are of interest. Consideration should be given to maintaining a "low and slow" gathering paradigm in these development efforts to enable stealthy operation. Finally, this BAA's objective includes the capability to provide a variety of techniques and technologies to be able to affect computer information systems through Deceive, Deny, Disrupt, Degrade, Destroy (D5) effects. Of interest are any and all techniques including enabling D5 effects to computers and their networks; integration of effects with Access, Stealth and Persistence and Cybint capabilities; command and control of effects; and determining effects' link to operational impact. In addition to these main concepts, we desire to have research efforts in the supporting areas including (but not limited to): Information Assurance through Flattened Computer Architectures in special application/user environments; NGPSec: Secure Next Generation Protocol Suite to investigate feasibility and determine whether reinventing the network protocol stack can be done and the resulting success quantified; Proactive Botnet Defense Technology Development specifically as applies to new ideas/concepts for practical application; Carbon nanotubes for high density interconnects and RF applications, to allow for incorporating novel IA designs into computer architectures through nanotube interconnects with nanotube based RF peripherals (antennas). Research efforts under this program are expected to result in complete functional capabilities ideally addressing the Dominant Cyber Offensive Engagement problem. However, projects specializing in highly novel and interesting applicable techniques will also be considered, if deemed to be of "breakthrough" quality and importance. The effectiveness of the developed technologies for potential operational use will be assessed through preplanned testing and evaluation activities. Technologies that can be transitioned for operational use are of high interest. Offerors are encouraged to describe the pre- conditions that are necessary for the proposed techniques to work efficiently. Offerors are encouraged to submit classified white papers via the appropriate channels. Contact the technical point of contact listed in Section VII before submitting any classified white papers. This effort includes any and all techniques to enable user and/or root level access to both fixed (PC) or mobile computing platforms, using robust methodologies to enable access to operating systems, patch levels, applications, and hardware of interest. Further techniques include enabling of stealth and persistence capabilities on an adversarial infrastructure, possibly in combination with hardware and/ or software focused development. In addition, other areas include techniques to enable exfiltration on both fixed and mobile computing platforms with consideration given to maintaining a "low and slow" gathering paradigm to enable stealthy operation. Finally the effort includes any and all techniques to enable D5 effects to computers/ networks; and integration of these effects with access, stealth, persistence, Cybint capabilities; command and control of effects; and determination of effects link operational impact. Deliverables will be technical reports, software, demonstrations, and results of experiments which provide evidence and metrics concerning the assertions/claims about the research. Demonstrations may involve exploratory development models (ie brassboards) if appropriate. From rforno at infowarrior.org Thu May 15 11:21:34 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2008 07:21:34 -0400 Subject: [Infowarrior] - Comcast Acquires Plaxo Message-ID: <32FBFAA4-9E44-4980-88B3-3BE29F2C6BD7@infowarrior.org> Comcast Acquires Social Contact List Plaxo by: Michael Arrington posted on: May 15, 2008 | about stocks: CMCSA http://seekingalpha.com/article/77387-comcast-acquires-social-contact-list-plaxo The rumors were accurate: Comcast (CMCSA) will announce their acquisition of social contact list Plaxo today. Financial terms are not being disclosed, but the purchase price is between $150 and $170 million. Plaxo, which was founded in 2002, has raised just under $30 million in venture capital. Plaxo has been the subject of considerable acquisition rumors lately, with both Google and Facebook named as potential suitors. Plaxo says they will remain an independent organization in Silicon Valley. It will report into Comcast Interactive Media, which is a division of Comcast that develops and operates Internet businesses focused on entertainment, information and communication. More from Plaxo?s CEO Ben Golub: Plaxo and Comcast have been working together for the past year on a number of initiatives. Plaxo is providing the universal address book for Comcast?s SmartZone communications center (slated to launch later this year), and we are also now hosting all of the address book accounts for Comcast webmail users. Our partnership has already more than doubled the reach of the Plaxo network, bringing the total number of accounts to nearly 50 million. Together, we intend to deliver on a vision of making ?social media? a natural part of the lives of regular people, not just early- adopters. For example, you should be able to securely post family photos online in Pulse, and have them viewable by any of your family members, whether they are online, at work, on their mobile device, or in their living room watching TV. And you should be able to discover new shows to watch, based on what your friends and coworkers have recommended. So, what about current Plaxo members? The services you know and enjoy from Plaxo will not only continue, but will continue to evolve and improve. In addition, both of our services benefit from ?network effect,? which is to say that the more people who use them, the more useful they become. On Monday I had an impromptu interview with Plaxo VP Marketing John McCrea and Chief Architect Joseph Smarr. They still had their poker faces on with regard to the acquisition: This ends a long and sometimes troubled history for Plaxo, which was founded by Sean Parker, Minh Nguyen and two Stanford engineering students, Todd Masonis and Cameron Ring, in 2002. In 2006 the company finally abandoned its hated ?viral? feature that tricked users into spamming their entire address book with Plaxo invitations. More recently, however, Plaxo has been playing nice with the Internet. Last year they launched a popular service called Pulse, which pulls activity streams from other services into users? Plaxo profiles. They were launch partners with Google Open Social, and announced support for DataPortability early this year. Even so, they still had the occasional misstep. From rforno at infowarrior.org Thu May 15 11:31:33 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2008 07:31:33 -0400 Subject: [Infowarrior] - CBS buying CNET for $1.8B Message-ID: <98030D9E-FA51-4F4D-A043-058D35DA772E@infowarrior.org> CBS inks deal to buy CNet for $11.50 a share http://www.marketwatch.com/News/Story/Story.aspx?guid=%7b14FC0294-677A-497E-88AC-938C0692BEE0%7d From rforno at infowarrior.org Thu May 15 11:47:26 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2008 07:47:26 -0400 Subject: [Infowarrior] - Detainees Drugged for Deportation Message-ID: <2CF361BA-FF46-43DC-B2E5-307274BA2E5C@infowarrior.org> big article from the wapo...........rf Some Detainees Are Drugged For Deportation Immigrants Sedated Without Medical Reason by Amy Goldstein and Dana Priest | Washington Post Staff Writers Page A1; May 14, 2008 The U.S. government has injected hundreds of foreigners it has deported with dangerous psychotropic drugs against their will to keep them sedated during the trip back to their home country, according to medical records, internal documents and interviews with people who have been drugged. < - > Involuntary chemical restraint of detainees, unless there is a medical justification, is a violation of some international human rights codes. The practice is banned by several countries where, confidential documents make clear, U.S. escorts have been unable to inject deportees with extra doses of drugs during layovers en route to faraway places. Federal officials have seldom acknowledged publicly that they sedate people for deportation. The few times officials have spoken of the practice, they have understated it, portraying sedation as rare and "an act of last resort." Neither is true, records and interviews indicate. < - > http://www.washingtonpost.com/wp-srv/nation/specials/immigration/cwc_day4_printer.html From rforno at infowarrior.org Thu May 15 11:48:41 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2008 07:48:41 -0400 Subject: [Infowarrior] - Estonian cyber defence hub set up Message-ID: Estonian cyber defence hub set up Seven Nato nations have backed a new cyber defence centre in Estonia, which last year blamed Russia for weeks of attacks on its internet structure. Germany, Slovakia, Latvia, Lithuania, Italy and Spain will staff and fund the hub in the Estonian capital Tallinn. Estonia came under cyber attack in 2007 after its decision to remove the bronze statue of a Red Army soldier from the centre of Tallinn. Moscow denied involvement in the flood of data which crashed computers. "We have seen in Estonia that a cyber attack can swiftly become an issue of national security," Nato spokesman James Appathurai said after a signing ceremony in Brussels. "Cyber attacks can cripple societies." The US will initially send an observer to the project, which will have some 30 staff when fully operational in August. The centre will provide research, consultation and training on the development of cyber defences for participating national governments. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/europe/7401260.stm Published: 2008/05/14 16:00:57 GMT From rforno at infowarrior.org Thu May 15 11:49:43 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2008 07:49:43 -0400 Subject: [Infowarrior] - Quantum cryptography may not be as secure as we thought Message-ID: <3E1D37C5-C282-4E21-9DA4-95A167C7CDC1@infowarrior.org> Quantum cryptography may not be as secure as we thought By Chris Lee | Published: May 15, 2008 - 05:05AM CT http://arstechnica.com/news.ars/post/20080515-quantum-cryptography-not-as-secure-as-we-thought.html Quantum cryptography is often touted as the ultimate in information security, but that doesn't make it immune to successful attack. A recent publication in IEEE Transactions on Information Theory details how the very process of ensuring security can be used by evildoers to send fake messages on a network. As with all good cryptography researchers, the publication also includes a method for defeating the attack. The security provided by a quantum system relies on the fundamental laws of nature rather than the inability of computers to factor large numbers efficiently. The sender, traditionally called Alice, encodes information in the quantum states of, for instance, light. The recipient, imaginatively referred to as Bob, measures the quantum state. That measurement depends on what is called the basis and, if Bob and Alice don't have the same basis, Bob will not receive the same information that Alice sent. This feature is used to generate a secret key that can then be used to send information over more public channels. Generating a key The key generation process looks like this. Alice takes a random string of ones and zeros and encodes them in the quantum states of light. In doing so, she doesn't use the same basis, but rather flips randomly between two different basis sets. Bob also flips his basis sets and records the bit values that he receives. He then transmits his basis flips to Alice and she sends her basis flips to Bob. Those cases where, at random, the two agree on the value received, the bit values encoded by Alice are used as the key. An eavesdropper (who, amazingly enough, is always called Eve) can obtain all the publicly sent information and still not obtain the secret key. If she attempts to measure the quantum bits, they will be modified, meaning that Alice and Bob will see errors in the bits where their bases were not the same. One vulnerability of this system is the man-in-the-middle attack, where Eve plays the role of Alice for Bob and Bob for Alice. Every security system fails at this point because sometimes you have to trust that Alice really is Alice. One way to try and ensure the security of the exchange is to begin communications using a small, shared key. This key is then expanded using the quantum cryptographic system. Part of the expanded key is set aside so it can act as the shared key that initiates the next session. The remainder is used to encode messages sent in the current session. Assuming Eve has no knowledge of the starting key, the system is secure. But what if Eve knows some of the key already? Well, then problems can arise. Eve can grab the full key provided certain conditions are met: first, she has to be able to capture the quantum and classical information sent by Alice before Bob sees it. Second, she has to be able to modify the information in the quantum channel?a modification that may not necessarily be detectable, since it does not require measuring the quantum state?though I am not certain that this is truly practical. If these conditions are met, then Eve may be able to obtain the key for this session and, by extension, all future sessions. Probabilities and coincidences The explanation for how this works is a little technical but it involves probabilities. The key is generated from coincidences in two sets of random numbers, meaning that any number within a bit range is equally probable. However, if Eve has part of the key, it can be used to break up the distribution of possible numbers, making some of them much more probable while completely eliminating others. Eve can then modify the information in the quantum channel to make just a few numbers within the distribution much more probable. Since Eve has not measured the information in the quantum channel, and the information in the classical channel is public, Alice and Bob remain unaware of Eve. At this point, Eve can simply try out the few remaining possible keys on various messages until she achieves success. Since sessions using the same key will last for a long time, Eve can be sure to get some of the good sauce from Alice and Bob. So, what can Alice and Bob do about this? There are several solutions, which mainly involve making sure that Eve cannot delay transmissions in the quantum channel long enough to be able to modify it after receiving the classical information. What the authors propose is similar, but offers a guarantee that the message was not delayed. In their scheme, Alice sends a random string of ones and zeros on the quantum channel. Bob selects a bunch of bits from the message at random and sends them back to Alice using the quantum channel. Alice evaluates the bits and adds them to the bit string generated by the basis flips. This is then sent to Bob, who replies by sending his basis flips, and the key is generated. Now Eve cannot modify Alice's message before sending it on to Bob because she does not have the basis state string required to modify the message. So what does this all mean? It means that a security protocol that is designed to counter a threat that does not yet exist (quantum computing) is slightly more secure than it was yesterday. IEEE Transactions on Information Theory, 2008, DOI: 10.1109/TIT. 2008.917697 From rforno at infowarrior.org Thu May 15 11:58:43 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2008 07:58:43 -0400 Subject: [Infowarrior] - Global anti-cyberterror group formed? Message-ID: <3EAF37B9-21AF-47F7-9BD2-406F479EB300@infowarrior.org> I'm not sure whether to laugh, cry, or run away sadly shaking my head here.....don't know enough @ the moment to be sure, but it sounds from this article like it's more of the same stuff already in operation.......rf New international group to become the CDC of cyber security By Jon Stokes | Published: May 14, 2008 - 09:51PM CT http://arstechnica.com/news.ars/post/20080514-new-international-group-to-become-the-cdc-of-cyber-security.html Next week, the biannual World Congress of IT (WCIT) will be the venue for the launch of a new initiative from an organization that aims to become a platform for international cooperation on cyber security. The group calls itself the International Multilateral Partnership Against Cyber-Terrorism (IMPACT), and its advisory board features tech luminaries like Google's Vint Cerf and Symantec CEO John Thompson. The group's forthcoming World Cyber Security Summit (WCSS), which will be part of the WCIT 2008, is an effort to raise IMPACT's profile as an international platform for responding to and containing cyber attacks. On a conference call this morning, one of IMPACT's principals described the organization's mission as becoming a kind of "CDC [Centers for Disease Control] for cyber security." The idea is that it will provide both a forum and an actual communications system for coordinating international responses to cyber attacks, especially when those attacks involve civilian networks as a target, a source, or both. "Typically governments around the world have taken cyber security as a domestic issue," said IMPACT Chairman Mohd Noor Amin. "While it's important to have a domestic policy, it's no longer tenable to treat cyber security as purely something that you can effectively monitor or police within your own territory. In order for governments to be aware of what's going on out there, governments and organizations must begin to talk to one another." The principal members of IMPACT are governments, but the organization will include experts from academia and the private sector, as well. Indeed, the group is premised on the understanding that universities and corporations own most of the networks and computers that are at increasing risk of cyber attack, and that these entities are also at the forefront of current information security research and development. Despite the fact that IMPACT is headquartered in Kuala Lumpur, Malaysia, and was founded in 2006 with a grant of $13 million from the Malaysian government, most of the 30 governments that are involved in the group's launch are Western (the US is a major backer). Russia and China, the two largest source countries for cyber attacks, aren't represented, but IMPACT has made clear that they intend to reach out to everyone as a potential partner. Blessed are the peacemakers? Building a forum for international cooperation on cyber security issues has a lot to recommend itself. As IMPACT pointed out on the call, cyber security is effectively borderless, so cross-border cooperation seems like a no-brainer. I'd go even further than IMPACT has gone and suggest that a CDC-like paradigm, where member entities (governments, schools, companies) cooperate to share defensive information, shut down attacks in- progress, and stop conflicts from escalating, could turn out to be superior way of approaching cyber terror than the more traditional, nation-state-centric "cyber warfare" paradigm that is also emerging. Indeed, the call itself offered a brief glimpse at the tension between IMPACT's "cooperate and contain" approach and the cyber warfare approach that the US Air Force is actively pursuing. Check out this partial quote from Amin's response to a journalist's question about the absence of China and Russia on the IMPACT rolls: "We believe that none of the governments who are participating in the summit subscribe to the belief that the Internet is a legitimate place for any form of cyberterrorism or whether its [inaudible] the Internet is not a platform for offensive measures, and I think that most of the governments by virtue of participating want safe cyberspace, at least in their own territory." If Amin intended to make the point here that the IMPACT member governments believe that "the Internet is not a platform for offensive measures," then the US Air Force may want to call him up and correct him. I've recently been covering the USAF's very aggressive efforts to position itself as "the point of the spear" in the US military's burgeoning cyber warfare efforts. The US military has identified electronic communication networks as a new theater of war, and the USAF clearly believes that America should have a robust offensive capability in that theater. Not only are military botnets on the military's list of "must haves," but now Wired's Noah Schactman has uncovered a new USAF effort that will offer one lucky military contractor $11 million to develop a slate of software and hardware tools that will enable it to take full control of any kind of networked computer. (I'm sure America's defense contractors are thrilled at having a brand new theater of war for which they can develop and sell new technologies.) Ultimately, the two approaches embodied by IMPACT and the new AFCYBER Command seem to me to fundamentally at odds with one another, sort of like the CDC is at odds with any military bioweapon programs. But perhaps someone who follows these issue closely can convince me otherwise. From rforno at infowarrior.org Thu May 15 12:04:10 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2008 08:04:10 -0400 Subject: [Infowarrior] - Mozilla/Firefox Stealth Data Project Message-ID: <6635EC58-F8F0-4B3F-9C62-145F7C422DAB@infowarrior.org> ...not really sure I like this idea, even if it's on an opt-in basis........rf Mozilla Stealth Data Project Could Be Just What The Internet Needs Michael Arrington http://www.techcrunch.com/2008/05/13/mozilla-stealth-data-project-could-be-just-what-the-internet-needs/ One of the most frustrating tasks about my job is finding reliable traffic and other usage data about websites. But today, Mozilla CEO John Lilly and VP Engineering Mike Schroepfer said they may fix that problem in the future, via the massive installed base of Firefox users. The State of Analytics Today There are three ways to measure web traffic. The first is user-focused and based on software installed on user machines. Services like Alexa and Compete get users to install software on their computers and then track surfing habits to come up with best guesses on Internet-wide traffic. It works in theory, but getting enough users to get statistically relevant results has proven challenging. Alexa is famously flawed, and while Compete seems to be somewhat better, it only tracks U.S. users. Comscore is another user- focused metrics company that tends to work well for large sites, not well at all for newcomers (and it is very expensive to access their database). A second way to determine site useage is to track traffic directly from websites. Quantcast combines user surveys with direct tracking on websites (when they can get it) to estimate traffic. Comscore also does this with certain sites. The third way is to track surfing behaviors via records from ISPs. Hitwise uses this method to provide web analytics to clients. None of these services are particularly accurate (as can be seen by the fact that they almost always disagree with eachother). The problem is simply gathering enough data from enough users to be able to draw a picture-perfect image of actual Internet usage. That?s why I?ve called for Google to offer users to make their Google Analytics data publicly available. Would many people do it? Just the ones that want us to trust the user numbers and page views they claim. How Firefox Could Fix The Problem The product is still very early, say Lilly and Schroepfer. In fact, it doesn?t have a project name within Mozilla - they simply refer to it as ?Data.? But the idea is fairly straightforward. Ask Firefox?s 170 million (and growing) user base if they would like to opt in to anonymous data collection on their surfing habits. Then take that anonymized data and create very statistically relevant analytics reports for all websites. Only a small percentage of those 170 million users would have to agree to be tracked (Lilly said 1% is more than enough) to get useful data. There are Firefox users in every country, and the distribution is fairly attractive for worldwide analytics tracking. Only 29% of Firefox users are in the U.S. 13% are in Germany, 6% in France, 4% in the UK, and so on. Firefox is now available in 50 different languages. Of course, this would track only Firefox users, not IE, Safari, Opera and other browsers. And Firefox users as a group may have different surfing habits than the Internet as a whole. But as Firefox usage grows more mainstream, this will become less and less of a problem. Mozilla estimates that they now have 18% market share across all browsers. If and when this launches, it would likely be the most reliable public traffic and usage data available. Let?s hope they do launch it, and soon. I?ll be the first to sign up. From rforno at infowarrior.org Fri May 16 00:33:47 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2008 20:33:47 -0400 Subject: [Infowarrior] - Cox blocking BitTorrent traffic, too References: Message-ID: <5A60ED33-42C5-4D23-AD20-CC0F657F535B@infowarrior.org> > From: lyger > Date: May 15, 2008 7:40:29 PM EDT > > (as a Cox customer, not too surprising. of course, I usually stick > to those SSH and HTTP thingys...) > > http://www.news.com/8301-10784_3-9945542-7.html?part=rss&subj=news&tag=2547-1_3-0-5 > > Cox is the latest Internet service provider to have been found > blocking peer-to-peer traffic on its network. > > The Max Planck Institute for Software Systems released a survey > Thursday showing that 54 percent of Cox subscribers reported having > their connections blocked when they tried to share files over the > Internet. Comcast has been castigated for a similar practice, but > apparently it wasn't the only company engaging in such action, > according to the Associated Press. > > The blocked connections occurred when Cox subscribers used > BitTorrent to download or upload files, according to the results of > the survey. Cox has acknowledged a practice called "protocol > filtering," but says that's not the equivalent of creating different > standards for handling content traveling across its networks. > > The survey results will provide another log for the fire started by > Net neutrality activists pushing for rules that would prohibit ISPs > from enacting different standards for different types of content. > The AP said the Federal Communications Commission would look into > the matter "expeditiously." From rforno at infowarrior.org Fri May 16 00:45:23 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2008 20:45:23 -0400 Subject: [Infowarrior] - DNS Trouble Knocks NSA off Internet Message-ID: <4CC92DE5-D4D3-47D2-A5CE-670EE798113C@infowarrior.org> DNS Trouble Knocks NSA off Internet Robert McMillan, IDG News Service Thursday, May 15, 2008 10:40 AM PDT http://www.pcworld.com/businesscenter/article/145945/dns_trouble_knocks_ A server problem at the U.S. National Security Agency has knocked the secretive intelligence agency off the Internet. The nsa.gov Web site was unresponsive at 7 a.m. Pacific time Thursday and continued to be unavailable throughout the morning for Internet users. The problem was resolved at around 11 a.m. Pacific time, according to Web site measurement company Netcraft. The Web site was unreachable because of a problem with the NSA's DNS (Domain Name System) servers, said Danny McPherson, chief research officer with Arbor Networks. DNS servers are used to translate things like the Web addresses typed into machine-readable Internet Protocol addresses that computers use to find each other on the Internet. The agency's two authoritative DNS servers were unreachable Thursday morning, McPherson said. Because this DNS information is sometimes cached by Internet service providers, the NSA would still be temporarily reachable by some users, but unless the problem is fixed, NSA servers will be knocked completely off-line. That means that e-mail sent to the agency will not be delivered, and in some cases, e-mail being sent by the NSA would not get through. "We are aware of the situation and our techs are working on it," a NSA spokeswoman said at 9:45 a.m. PT. She declined to identify herself. A similar DNS problem knocked Youtube.com off-line in early May. There are three possible reasons the DNS server was knocked off-line, McPherson said. "It's either an internal routing problem of some sort on their side or they've messed up some firewall or ACL [access control list] policy," he said. "Or they've taken their servers off- line because something happened." That "something else" could be a technical glitch or a hacking incident, McPherson said. In fact, the NSA has made some basic security mistakes with its DNS servers, according to McPherson. The NSA should have hosted its two authoritative DNS servers on different machines, so that if a technical glitch knocked one of the servers off-line, the other would still be reachable. Compounding problems is the fact that the DNS servers are hosted on a machine that is also being used as a Web server for the NSA's National Computer Security Center. "Say there was some Apache or Windows vulnerability and hackers controlled that server, they would now own the DNS server for nsa.gov," he said. "That really surprised me. I wouldn't think that these guys would do something like that." The NSA is responsible for analysis of foreign communications, but it is also charged with helping protect the U.S. government against cyber attacks, so the outage is an embarrassment for the agency. "I am certain that someone's going to send an e-mail at some point that's not going to get through," McPherson said. "If it's related to national security and it's not getting through, then as a U.S. citizen, that concerns me." (Anders Lotsson with Computer Sweden contributed to this report.) From rforno at infowarrior.org Fri May 16 00:48:42 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 May 2008 20:48:42 -0400 Subject: [Infowarrior] - Security and Privacy Day @ Stony Brook Message-ID: <9BBAE546-E2BE-4BC8-9F66-E22B87A2892C@infowarrior.org> Security and Privacy Day @ Stony Brook The Security and Privacy Day is a biannual workshop sponsored by the greater New York City area computer security research community for bringing area researchers together, fostering multi-institutional collaborations, and discussing and exchanging our ideas and experiences with security and privacy research. We invite you to attend and encourage you to submit a proposal for a poster or demonstration. Registration is required, if you plan to attend. The 2008 S&P Day is hosted by Stony Brook University on Friday, May 30, 2008. While registration is free please register here by May 25. http://web.crypto.cs.sunysb.edu/spday/ From rforno at infowarrior.org Fri May 16 12:24:15 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 May 2008 08:24:15 -0400 Subject: [Infowarrior] - Passport cards called security vulnerability Message-ID: <8751E304-615C-4160-BC61-59863D4E7256@infowarrior.org> Article published May 16, 2008 Passport cards called security vulnerability http://www.washingtontimes.com/apps/pbcs.dll/article?AID=/20080516/NATION/662238118/1001&template=printart May 16, 2008 By Bill Gertz THE WASHINGTON TIMES - The State Department will soon begin production of an electronic passport card that security specialists and members of Congress fear will be vulnerable to alteration or counterfeiting. The agency has contracted with L-1 Identity Solutions Inc. to produce electronic-passport cards as a substitute for booklet passports for use by Americans who travel frequently by road or sea to Canada, Mexico and the Caribbean. About the size of a credit card, the electronic-passport card displays a photo of the user and a radio frequency identification (RFID) chip containing data about the user. The State Department announced recently that it will begin producing the cards next month and issue the first ones in July. Security specialists told The Washington Times that the electronic- passport card can be copied or altered easily by removing the photograph with solvent and replacing it with one from an unauthorized user. James Hesse, former chief intelligence officer for the Immigration and Customs Enforcement Forensic Document Laboratory, which monitors fraudulent government documents, said the card should have been designed with a special optical security strip to make it secure and prevent counterfeiting. The selection of a card with an RFID chip is "an extremely risky decision," Mr. Hesse said in an interview. "The optical strip has never been compromised," he said. "It's the most secure medium out there to store data." Joel Lisker, a former FBI agent who spent 18 years countering credit- card fraud at MasterCard, said the new cards pose a serious threat to U.S. security. "There really is no security with these cards," he said. Mr. Lisker, a consultant to a competitor for the electronic-passport card contract, said the State Department's selection of the RFID card shows it favors speedy processing at entry points more than security. He charged that the department "will not make changes until it is satisfied that compromises are occurring on a regular basis." The State Department rejected a more secure card because it is "surrendering to speed over security, essentially creating new vulnerabilities. ... It will not take long for the bad guys to figure out which ports have readability and which do not," he said. Steve Royster, a State Department spokesman, declined to comment. Another State Department official, however, said the agency thinks the RFID passport card is secure. "The passport card is the result of an interagency effort to produce the most durable, secure and tamper-resistant card for the American public using state-of-the-art, laser-engraving and security features," said the official, who spoke on the condition that he not be identified. Members of Congress have raised concerns about the new card in a bipartisan letter to Secretary of State Condoleezza Rice and Homeland Security Secretary Michael Chertoff. "We have serious concerns regarding the final card chosen for the Passport Card," the April 25 letter states. It was written by Reps. Brian P. Bilbray, California Republican, and Christopher Carney, Pennsylvania Democrat. Seventeen Republicans and one Democrat signed the letter. "Each card will carry the same rights and privileges of the U.S. passport book with the exception of international air travel. As such, the cards will be used not only to cross the border, they will also be used throughout the interior United States as proof of citizenship and identity in everyday transactions; as a proof of identity in [Transportation Security Administration] lines, to enter federal buildings, to engage in financial transactions, and to obtain driver's licenses," the letter said. The lawmakers noted that the bipartisan Sept. 11 commission final report stated that "travel documents are as important as weapons" for global terrorists. In a separate letter to the State Department on May 2, Mr. Carney asked for a briefing on the passport cards, saying "we need to have confidence that these cards cannot be compromised by terrorists, drug smugglers, human traffickers and others who would break our laws and do us harm." The State Department considered a prototype passport card designed by General Dynamics that used the optical security strip but rejected the option, preferring a passport card that contains an RFID chip made in Europe. An optical security strip appears as a dark, 1-inch-wide line on the top of a card. Close inspection of the strip reveals ultra-high resolution images that security specialists say cannot be counterfeited and can be identified easily by border officials. Security specialists say the strip is needed to boost the security features of the RFID chip in the passport cards. L-1 Identity Solutions announced in March that it won the State Department contract, which has an estimated value of $107 million over five years. The cards are intended for use by travelers in U.S. border communities as a "less expensive and more portable alternative to the traditional passport book," according to the State Department Web site. The cards are not valid for entry into the United States by travelers arriving by aircraft. Mr. Hesse, the former Forensic Document Laboratory intelligence chief, stated in a 2006 letter to Mr. Chertoff that he is "seriously alarmed" by the use of RFID technology on the passport card. He also noted that the U.S. permanent residence and border-crossing cards that use the optical security strip are being phased out. "With my 30-plus years experience in the field of travel and identity document security, this is, in my opinion, a shortsighted and extremely risky decision," Mr. Hesse stated. Because the passport card will be widely accepted as an official travel document for entry into the country, "this card will definitely become the document of choice for counterfeiters," Mr. Hesse said. "Why would a non-U.S. citizen even bother to counterfeit the green card? The PassCard makes you a U.S. citizen and gives you the access to and/or the privileges mentioned above," he stated. "Therefore, it should be imperative that the U.S. government produce and provide the most secure card as possible." Brian Zimmer, a former House Judiciary Committee investigator, said the new passport cards lack sufficient security features because the State Department did not demand them of the contractor, L-1 Identity Solutions. "It's critical that the passport card be made highly counterfeit- resistant," said Mr. Zimmer, now head of the Coalition for a Secure Driver's License. "The State Department should address these deficiencies and change the contract so the manufacturer can address them." Mr. Zimmer was for a time a consultant on the passport card to a subcontractor of General Dynamics. Frank Moss, a former State Department passport office official who is now a consultant to L-1, said the State Department and the Department of Homeland Security set the specifications for the contract. "It was government security experts who determined the specifications," Mr. Moss said in an interview. "The optical stripe, quite honestly, was never used as a stand-alone security feature." The federal government plans to supply only 39 ports of entry with equipment capable of checking the validity of the cards with electronic scanners. More than 300 other entry points will not have the RFID chip readers. Kelly Klundt, a spokeswoman for U.S. Customs and Border Protection, said the deployment of passport card readers to the largest and busiest 39 border-entry points was intended to expedite travel. The more than 300 remaining points of entry without passport card scanners are in remote locations, and officials will visually inspect passport cards at those entry points, she said. "Just because there aren't RFID readers at every entry point doesn't mean we don't inspect [the passport cards]," she said. From rforno at infowarrior.org Sat May 17 04:03:32 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 May 2008 00:03:32 -0400 Subject: [Infowarrior] - US citizenship to be checked in event of a storm Message-ID: May 15, 2008, 11:34PM U.S. citizenship to be checked in event of a storm Agents to watch those in the Valley who board buses to flee a hurricane By LYNN BREZOSKY San Antonio Express-News http://www.chron.com/disp/story.mpl/headline/metro/5784300.html BROWNSVILLE ? Ending speculation about the fate of the Rio Grande Valley's undocumented immigrants during a hurricane evacuation, U.S. Customs and Border Protection has confirmed it will check the citizenship both of people boarding buses to leave the Valley and at inland traffic checkpoints. Those determined to be in the country illegally will be taken to detention centers away from the hurricane's path and later processed for deportation. "It's business as usual at the checkpoints," said Dan Doty, spokesman for CBP's Rio Grande Valley sector. "We'll still check everybody." Locals responded with predictions of humanitarian disaster. "We can't wait to see the helicopter photos of us sitting on roofs," said the Rev. Mike Seifert, a priest and activist based in a colonia outside Brownsville. The many area families with one or more undocumented members would just refuse to evacuate, he said. "Imagine," Seifert said. "We're all in an uproar, everybody's in an enormous hurry, there's just a narrow window of opportunity and you get to the place with the buses and the Border Patrol's checking people. You're not going to go." In the disastrous wake of hurricanes Katrina and Rita in 2005, officials in the Valley have pondered the politics of mass evacuation, illegal immigration and the checkpoints that filter northbound traffic every day. After Hurricane Rita threatened the Houston area, clogging highways for miles, drying up gas pumps and creating chaos, emergency management officials set out to improve planning. State Director of Homeland Security Steve McCraw in 2006 said the highway checkpoints should be closed if the Valley needed to evacuate. U.S. 77 parallels the coast and could be underwater once hurricane rains or flooding hit. Even if all the lanes on U.S. 281 are dedicated for northbound traffic, that's the main route for a population that now tops a million people. Krista Piferrer, a spokeswoman for Gov. Rick Perry, said Thursday the state's stand on the issue had not changed. "The governor's office prefers that the Border Patrol not use checkpoints during times of evacuation for obvious reasons," she said. "It will slow down traffic and create problems. ... During times of emergency our priority No. 1 is safety and we continue to hold on to the same belief." At a recent discussion with reporters, Hidalgo County Judge J.D. Salinas said he didn't expect the Border Patrol to publicize a policy on the checkpoints for fear of inviting a free-for-all for illegal traffic. The unofficial word, he said, was that agents recognized they'd have to be more lax amid a disaster. But Tuesday, a reporter photographing a mock evacuation for the Rio Grande Guardian Web site saw Border Patrol agents rehearsing citizenship document checks of people boarding buses. CBP's Doty confirmed this was the planned procedure and said those determined to be undocumented immigrants would be taken to separate shelters, likely detention centers in Laredo or San Antonio. He said the highway checkpoints would stay open. Document checks are not mandatory at the checkpoints; it's up to an agent to assess travelers and determine whether to ask for papers. Doty said that even with the checks, 120,000 people could be evacuated within 80 hours. "Our agents, they do it so often, they know what to look for," he said. Doty could not say what would happen if children in a vehicle were citizens but parents were not, or if everybody but an elderly grandparent had a green card. "We try to keep families together, but I can't put a U.S. citizen in a detention center," he said. Cameron County Judge Carlos Cascos said locals would have to work with federal directives, but said document checks would hamper an evacuation. lbrezosky at express-news.net From rforno at infowarrior.org Sat May 17 04:06:04 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 May 2008 00:06:04 -0400 Subject: [Infowarrior] - OT: VA Official Urged Fewer Diagnoses of PTSD Message-ID: Directing for staff doctors to misdiagnose PTSD in an attempt to cut costs, and describing them as "compensation seeking veterans"????? Words utterly fail me here. Of course, aside from the thorny issue of what appears to be a giant f- you to our vets, I'm sure the aftermath of this article again will raise the issue of Iraq and general military readiness, to say nothing about forecasting (let alone budgeting for) military health expenses as the result of ongoing operations now in their fifth year. Stay tuned for what's likely to be her unanimous and bipartisan lynching at a likely Congressional hearing. ----rf VA Official Urged Fewer Diagnoses of PTSD By Christopher Lee Washington Post Staff Writer Friday, May 16, 2008; A02 A psychologist who helps lead the post-traumatic stress disorder program at a medical facility for veterans in Texas told staff members to refrain from diagnosing PTSD because so many veterans were seeking government disability payments for the condition. "Given that we are having more and more compensation seeking veterans, I'd like to suggest that you refrain from giving a diagnosis of PTSD straight out," Norma Perez wrote in a March 20 e-mail to mental-health specialists and social workers at the Department of Veterans Affairs' Olin E. Teague Veterans' Center in Temple, Tex. Instead, she recommended that they "consider a diagnosis of Adjustment Disorder." VA staff members "really don't . . . have time to do the extensive testing that should be done to determine PTSD," Perez wrote. Adjustment disorder is a less severe reaction to stress than PTSD and has a shorter duration, usually no longer than six months, said Anthony T. Ng, a psychiatrist and member of Mental Health America, a nonprofit professional association. Veterans diagnosed with PTSD can be eligible for disability compensation of up to $2,527 a month, depending on the severity of the condition, said Alison Aikele, a VA spokeswoman. Those found to have adjustment disorder generally are not offered such payments, though veterans can receive medical treatment for either condition. Perez's e-mail was obtained and released publicly yesterday by VoteVets.org, a veterans group that has been critical of the Bush administration's policies in Iraq and Afghanistan, and Citizens for Responsibility and Ethics in Washington (CREW), a nonprofit government watchdog group. "Many veterans believe that the government just doesn't want to pay out the disability that comes along with a PTSD diagnosis, and this revelation will not allay their concerns," John Soltz, chairman of VoteVets.org and an Iraq war veteran, said in a statement. Melanie Sloan, executive director of CREW, said in a statement: "It is outrageous that the VA is calling on its employees to deliberately misdiagnose returning veterans in an effort to cut costs. Those who have risked their lives serving our country deserve far better." < - > Peake said Perez has been "counseled" and is "extremely apologetic." Aikele said Perez remains in her job. A Rand Corp. report released in April found that repeated exposure to combat stress in Iraq and Afghanistan is causing a disproportionately high psychological toll compared with physical injuries. About 300,000 U.S. military personnel who have served in Iraq or Afghanistan are suffering from PTSD or major depression, the study found. The economic cost to the United States -- including medical care, forgone productivity and lost lives through suicide -- is expected to reach $4 billion to $6 billion over two years. < - > http://www.washingtonpost.com/wp-dyn/content/article/2008/05/15/AR2008051503533_pf.html From rforno at infowarrior.org Sat May 17 04:13:40 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 May 2008 00:13:40 -0400 Subject: [Infowarrior] - Carlyle to Acquire Booz Allen USG Consulting Unit Message-ID: <682774F9-CB46-4904-801E-2BDE1C0CB0F7@infowarrior.org> Carlyle to Acquire Booz Allen Unit for $2.54 Billion (Update3) By Jason Kelly http://www.bloomberg.com/apps/news?pid=20601087&sid=aa9gcBDBo03g&refer=home May 16 (Bloomberg) -- Carlyle Group, the private-equity firm run by David Rubenstein, agreed to acquire Booz Allen Hamilton Inc.'s U.S. government-consulting business for $2.54 billion, its biggest buyout since the credit markets collapsed in July. Booz Allen, based in McLean, Virginia, will split off its corporate- consulting unit into a separate company, Carlyle said today in an e- mailed statement. Booz Allen Chief Executive Officer Ralph Shrader will run the Carlyle-owned entity focused on government clients. Carlyle and Booz Allen had been in talks since at least January. The purchase would be Carlyle's biggest since it agreed to buy nursing- home operator Manor Care Inc. last July for $6.3 billion. Deal-making may be rebounding from a 68 percent decline in the first quarter as investment banks begin writing new commitments for private-equity transactions. Buyouts ground to a halt last year because of a global credit freeze triggered by record U.S. subprime-mortgage defaults. ``The private-equity firms are not going away,'' said Steven Kaplan, a professor of finance at University of Chicago Graduate School of Business. ``They have too much capital.'' The Booz Allen government-consulting unit has more than 18,000 employees and annual sales of more than $2.7 billion. Its clients include branches of the U.S. military, the Department of Homeland Security and the World Bank. Government Ties Carlyle, based in Washington, manages $81.1 billion in assets. Rubenstein founded the firm in 1987 with William Conway and Daniel D'Aniello. The trio initially focused on deals tied to government and defense. Carlyle and closely held Booz Allen have attracted high- level officials from the government. Carlyle's senior advisers have included former President George H.W. Bush, former British Prime Minister John Major, and Arthur Levitt, the ex-chairman of the U.S. Securities and Exchange Commission. R. James Woolsey, who led the U.S. Central Intelligence Agency from 1993 to 1995, is a Booz Allen executive. Mike McConnell, the U.S. director of national intelligence, is a former senior vice president with the company. Carlyle last year sold a minority interest in itself to Mubadala Development Co., an investment fund affiliated with the government of Abu Dhabi, capital of the United Arab Emirates. Carlyle said today it will have no management role or access to any classified information at Booz Allen. More Deals Carlyle had turned real estate investments as the market for large leveraged buyouts waned. The company acquired a Manhattan building last month for $650 million and is set to buy a stake in the retail portion of another for $525 million. Carlyle raised $3 billion for a U.S. real estate fund last year. Private-equity executives are increasingly optimistic about doing more buyouts. The firms are eyeing transactions around the size of Carlyle's, as well as minority stakes that require less debt, said Chip MacDonald, a partner with Jones Day in Atlanta. ``There is a lot of pent-up demand,'' MacDonald said in an interview. ``People will move down market because there's a huge need that's unmet.'' Blackstone Group LP Chief Executive Officer Stephen Schwarzman told investors yesterday the financial markets were showing ``signs of recovery.'' Credit Suisse Group AG and Latham & Watkins LLP advised Booz Allen on the sale. Debevoise & Plimpton LLP provided legal advice to Carlyle. To contact the reporter on this story: Jason Kelly in New York at jkelly14 at bloomberg.net Last Updated: May 16, 2008 13:39 EDT From rforno at infowarrior.org Sat May 17 04:18:29 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 May 2008 00:18:29 -0400 Subject: [Infowarrior] - Secret Data in FBI Wiretapping Audit Revealed with Ctrl-C Message-ID: <295E07EE-A456-4F2C-A028-8B665C0A3CB7@infowarrior.org> Secret Data in FBI Wiretapping Audit Revealed with Ctrl-C By Ryan Singel EmailMay 16, 2008 | 7:51:59 PMCategories: Glitches and Bugs, Surveillance http://blog.wired.com/27bstroke6/2008/05/secret-data-in.html Once again, supposedly sensitive information blacked out from a government report turns out to be visible by computer experts armed with the Ctrl-C keys -- and that information turns out to be not very sensitive after all. This time around, Princeton professor Matt Blaze discovered that the Justice Department's Inspector General's office had failed to adequately obfuscate data in a March report (.pdf) about FBI payments to telecoms to make their legacy phone switches comply with 1995 wiretapping rules. That report detailed how the FBI had finished spending its allotted $500 million to help telephone companies retrofit their old switches to make them compliant with the Communications Assistance to LAw Enforcement Act or CALEA-- even as federal wiretaps target cell phones more than 90 percent of the time. < - > Some of the tidbits considered to sensitive to be aired publicly? The FBI paid Verizon $2500 a piece to upgrade 1,140 old telephone switches. Oddly the report didn't redact the total amount paid to the telecom -- slightly more than $2.9 million dollars -- but somehow the bad guys will win if they knew the number of switches and the cost paid. FBI survey results about wiretaps could also be found hidden under the redaction layer. For the record, in 2005 and 2005, from talking to federal, state and local law enforcement agencies believed that the top emerging technologies causing surveillance concerns were VOIP, broadband and prepaid cell phones. While cops have long fretted about encryption and one might expect it to be in this list, it seems to have never been a problem for wiretapping. In 2005, only 8% had tried tapping internet phone calls, but that number rose to 34% in 2006. In 2006, 35 percent of agencies had tried some sort of surveillance on broadband, but the question wasn't asked in 2005. The price of wiretaps and pen traps still limits surveillance, according to 68% of agencies in 2005 and 65% in '06. Meanwhile, telecoms seem to be getting better at providing data in standard formats to cops, whose complaints about data format fell dramatically from 60% in 2005 to 12% in in 2006. But, oddly, 41% of agencies in 2006 say investigations have been hampered by companies not complying with CALEA's mandates, while in 2005, that number was only 22%, Other nuggets? Hidden info in a blacked out screenshot of the FBI's wiretapping help line complaint management software reveals that even wiretappers have IT problems. Cops in Montgomery County, Maryland had trouble right after Christmas in 2007 getting wiretap info delivered. Not far away in Baltimore (the honorary wiretap capital of the U.S.), cops had problems just before Christmas using the FBI's database of cell towers, which help cops figure out target's location and movements. Kenner, Louisiana cops just wanted a user name and password to chat in the Law Enforcement forum on ASKCalea. Now that the cat is out of the bag, one is sure to see a crime wave across the country. Professor Matt Blaze suggests following NSA's technical recommendations (.pdf) on how to redact documents. THREAT LEVEL merely suggests that report writers start telling the classifiers to stop acting like censors from WWII carrier groups. From rforno at infowarrior.org Sat May 17 04:29:12 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 May 2008 00:29:12 -0400 Subject: [Infowarrior] - Want to use Bittorrent on campus? Take the Quiz Message-ID: <99F916B9-274A-4C03-8BF3-78D8C5EF6890@infowarrior.org> Want to Download? Take the Quiz For all the high-tech tactics colleges have employed to slow or block students? illegal file sharing activity, few have actually turned to methods used in the classroom to get the message across. A university in Missouri thinks it?s found the right solution, combining an age-old teacher?s tool with a dash of discipline. Last academic year, Missouri University of Science and Technology, in Rolla, received some 200 Digital Millennium Copyright Act ?takedown? notices from the recording industry, notifying the institution that users of its network had made copyrighted works available for download. This academic year ? at a time when colleges across the country have been experiencing sudden spikes in copyright complaints ? the university received eight. Karl F. Lutzen, a systems security analyst at the university, chalks it up to Missouri S&T?s unusual method of regulating students? network usage: In order to download (or upload) files on any peer-to-peer network whatsoever, all on-campus users have to pass an online quiz on copyright infringement. But not just once. Passing the test ? with a perfect score ? enables peer-to-peer access for six hours on the user?s on-campus registered machines, presumably enough time to download that (legal) song, TV show or e-book. The next time, the student, staff or faculty member has to go to the intranet Web page and take the randomized test again, for a maximum of eight uses per month (which, kind of like vacation days, can accrue to at most 20). < - > http://www.insidehighered.com/news/2008/05/15/p2p From rforno at infowarrior.org Sat May 17 16:22:41 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 May 2008 12:22:41 -0400 Subject: [Infowarrior] - UAVs pose myriad problems to US airspace, GAO reports Message-ID: Unmanned aircraft pose myriad problems to US airspace, GAO reports Submitted by Layer 8 on Fri, 05/16/2008 - 3:54pm. http://www.networkworld.com/community/node/27876 A ton of work needs to be done by military, federal and civil aviation groups if the rapidly growing unmanned aircraft community is allowed routine access to public airspace. In a wide-ranging report on the impact of unmanned aircraft on the country?s commercial airspace, congressional watchdogs at the Government Accountability Office today called on Congress to create an overarching body within Federal Aviation Administration to coordinate unmanned aircraft development and integration efforts. The GAO also called on the FAA to work with the Department of Defense, which has extensive unmanned aircraft experience to issue its program plan. In addition, the Department of Homeland Security (DHS) assesses the security implications of routine unmanned aircraft access to commercial airspace, the GAO said. Even if all issues are addressed, and there are a number of critical problems, unmanned aircraft may not receive routine access to the national airspace system until 2020, the GAO concluded. But such access is certainly on the minds of the unmanned aircraft community. That?s mainly because the market for government and commercial-use unmanned aircraft could explode in the coming years. Federal agencies such as the DHS, the Department of Commerce, and NASA alone use unmanned planes in many areas, such as border security, weather research, and forest fire monitoring. Researchers at the Teal Group said in their 2008 market study estimates that UAV spending will more than double over the next decade from current worldwide UAV spending of $3.4 billion annually to $7.3 billion, totaling close to $55 billion in the next ten years. The forecast also indicates that the US could account for 73% of the world?s research and development investment unmanned flight in the next decade. Still, routine unmanned aircraft access to the national airspace system poses technological, regulatory, workload, and coordination challenges, the GAO said. A key technological challenge is providing the capability for unmanned aircraft to meet the safety requirements of the national airspace system. For example, a person operating an aircraft must maintain vigilance so as to see and avoid other aircraft. However, because the airplanes have no person on board, on- board equipment, radar, or direct human observation must substitute for this capability. No technology has been identified as a suitable substitute for a person on board the aircraft in seeing and avoiding other aircraft, the GAO report stated Additionally, the aircraft? communications and control links are vulnerable to unintentional or intentional radio interference that can lead to loss of control of an aircraft and an accident, and in the future, ground control stations?the unmanned airplane equivalent to a manned aircraft cockpit?may need physical security protection to guard against hostile takeover, the GAO said. There are other issues as well, the GAO report states, including: ? Many unmanned airplanes, particularly smaller models, will likely operate at altitudes below 18,000 feet, sharing airspace with other objects, such as gliders. Sensing and avoiding these other objects represents a particular challenge for unmanned aircraft, since the other objects normally do not transmit an electronic signal to identify themselves and FAA cannot mandate that all aircraft or objects possess this capability so that the aircraft can operate safely. Many small unmanned do not have equipment to detect such signals and, in some cases, are too small to carry such equipment. The Aircraft Owners and Pilots Association, in a 2006 survey of its membership, found that unmanned aircraft?s inability to see and avoid manned aircraft is a priority concern. ? The effort to develop the Traffic Alert and Collision and Avoidance System (TCAS), used widely in manned aircraft to help prevent collisions, demonstrates the challenge of developing a detect, sense, and avoid capability for unmanned airplanes. Although FAA, airlines, and several private-sector companies developed TCAS over a 13-year period, at a cost of more than $500 million, FAA officials point out that the designers did not intend for TCAS to act as the sole means of avoiding collisions and that the on board pilot still has the responsibility for seeing and avoiding other aircraft. FAA officials also point out that TCAS computes collision avoidance solutions based on characteristics of manned aircraft, and does not incorporate unmanned aircraft?s slower turn and climb rates in developing conflict solutions. Consequently, FAA officials believe that developing the detect, sense, and avoid technology that unmanned aircraft would need to operate routinely in the national airspace system poses an even greater challenge than TCAS did. FAA officials believe that an acceptable detect, sense, and avoid system for airplanes could cost up to $2 billion to complete and is still many years away. ? The lack of protected radio frequency spectrum for unmanned operations heightens the possibility that an operator could lose command and control of the plane. Unlike manned aircraft, which use dedicated, protected radio frequencies, unmanned aircraft currently use unprotected radio spectrum and, like any other wireless technology, remain vulnerable to unintentional or intentional interference. This remains a key security vulnerability for unmanned aircraft, because in contrast to a manned aircraft where the pilot has direct, physical control of the aircraft, interruption of radio frequency, such as by jamming, can sever the plane?s only means of control. One of the experts we surveyed listed providing security and protected spectrum among the critical airplane integration technologies. ? Unmanned aircraft have the capability to deliver nuclear, biological, or chemical payloads, and can be launched undetected from virtually any site. In response to the events of September 11, 2001, entry doors to passenger airplane cockpits were hardened to prevent unauthorized entry. However, no similar security requirements exist to prevent unauthorized access to unmanned aircraft ground control stations?the unmanned system equivalent of the cockpit. Security is a latent issue that could impede unmanned airplane developments even after all the other challenges have been addressed, according to one study. ? Although DOD has obtained benefits from its unmanned operations overseas, the agency notes in its Unmanned Systems Roadmap that unmanned aircraft reliability is a key factor in integrating unmanned systems into the national airspace system. Our analysis of information that DOD provided on 199 military unmanned airplane accidents, of varying degrees of severity, that occurred over 4? years during operations Enduring Freedom and Iraqi Freedom, indicates that reliability continues to be a challenge. About 65% of the accidents resulted from materiel issues, such as failures of aircraft components. FAA officials noted that unmanned aircraft today are at a similar stage as personal computers in their early years before newer, more user-friendly operating systems became standard. ? The variety of ground control station designs across unmanned aircraft is another human factors concern. For example, pilots of the Predator B control the aircraft by using a stick and pedals, similar to the actions of pilots of manned aircraft. In contrast, pilots of the Global Hawk use a keyboard and mouse to control the aircraft. Differences in unmanned system missions could require some variation among control station designs, but the extent to which regulations should require commonalities across all ground control stations awaits further research. ? Because unmanned aircraft have never routinely operated in the national airspace system, the level of public acceptance is unknown. One researcher observed that as unmanned aircraft expand into the non-defense sector, there will inevitably be public debate over the need for and motives behind such proliferation. One expert we surveyed commented that some individuals may raise privacy concerns about a small aircraft that is ?spying? on them, whether operated by law enforcement officials or by private organizations, and raised the question of what federal agency would have the responsibility for addressing these privacy concerns. While those issues are just a few outlined in the report, the GAO said a number of activities are also ongoing to address concerns. The GAO report states some of those activities include: ? The DoD plans to spend over $7 billion in research, development, test, and evaluation funds for unmanned aircraft between fiscal years 2007 and 2013. Data from these efforts could facilitate FAA?s development of a regulatory framework to allow unmanned aircraft to have routine access to the national airspace. ? The FAA has budgeted $4.7 million for fiscal years 2007 through 2009 for further unmanned systems research on topics such as detect, sense, and avoid; command and control; and system safety management. NASA, FAA, and others have conducted tests to determine the capabilities of and potential improvements to detect, sense, and avoid technology. For example, in 2003, NASA installed radar on a manned aircraft that was equipped for optional control from the ground. The tests indicated that the radar detected intruding aircraft earlier than the onboard pilot, but also revealed the need for further work on the onboard sensing equipment to ensure adequate response time for the remote pilot. According to a summary of the lessons learned from these tests, the results showed some promise, but indicated that much work and technology maturation would need to occur before the tested system could be deemed ready for operational use. ? The FAA has established a 12,000 square mile unmanned system test center to provide airspace for testing and evaluating unmanned aircraft and to provide data for use in developing regulations. FAA expects to obtain additional data from increased coordination with the DoD. However, FAA has not yet analyzed the limited data that it has already accumulated on recent unmanned operations in the national airspace system, citing resource constraints. To address expected workload increases, FAA is introducing more automation into its work processes and has granted DoD authority to operate small unmanned systems weighing 20lbs or less, over its installations without receiving prior FAA approval. ? Addressing the challenge of radio frequency allocation for unmanned operations is moving forward, but may not be completed for several years. The International Telecommunication Union allocates radio frequency spectrum and deliberates such issues at periodic World Radiocommunication Conferences, the most recent of which was held in the fall of 2007. To obtain spectrum allocation for unmanned aircraft, FAA has participated with the Department of Commerce in a national preparation process to place spectrum allocation decisions on the conference?s future agenda. At the 2007 conference, delegates agreed to discuss at the next conference, in 2011, the spectrum requirements and possible regulatory actions, including spectrum allocations, needed to support the safe operation of unmanned systems. ? The DoD is urging manufacturers to increase reliability while keeping costs low by using such practices as standard systems engineering, ensuring that replacement parts are readily available, and using redundant, fail-safe designs. The DoD also notes in its Unmanned Systems Roadmap that, although unmanned planes suffer accidents at one to two orders of magnitude greater than the rate incurred by manned military aircraft, accident rates have declined as operational experience increased. For some airplanes, the accident rates have become similar to or lower than that of the manned F-16 fighter jet, according to the roadmap. According to a study by The MITRE Corporation, General Atomics designed the Predator B with reliability in mind, and the Altair airplane, which is a modified version of the Predator, has, among other things, triple redundant avionics to increase reliability. ? FAA has established an unmanned system program office and is reviewing the body of manned aviation regulations to determine the modifications needed to address unmanned aircraft, but these modifications may not be completed until 2020. As an interim step, the FAA has begun an effort to provide increased access to the national airspace system for small unmanned aircraft. The FAA is taking steps to develop data to use in developing standards, but has been slow to analyze the data that it has already collected. FAA is also coordinating with other countries to harmonize regulations. From rforno at infowarrior.org Sun May 18 14:51:42 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 May 2008 10:51:42 -0400 Subject: [Infowarrior] - FBI Director Praises Press @ NPC Message-ID: <46438E4E-E6B2-4079-B304-90D074A9F345@infowarrior.org> Robert S. Mueller, III Director Federal Bureau of Investigation National Press Club Washington, D.C. May 16, 2008 Good afternoon. It?s good to be here with you today. New York Times columnist Maureen Dowd once said, ?Wooing the press is an exercise roughly akin to picnicking with a tiger. You might enjoy the meal, but the tiger always eats last.? I did indeed enjoy the meal, but I am struck with the notion that I am now at the podium and many of you still look quite hungry. Those of you who have heard me speak before know that I often talk about our top priorities in the FBI, or about a particular program, such as terrorism or cyber crime. Today, I want to take a different tack. This summer, the FBI will celebrate its 100th anniversary. Coincidentally, the National Press Club also celebrates its 100th anniversary this year. With that backdrop, I thought it appropriate to talk about what the FBI and the press have in common, which is a mission to serve the public good. < - > http://www.fbi.gov/pressrel/speeches/mueller051608.htm From rforno at infowarrior.org Mon May 19 11:24:06 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 May 2008 07:24:06 -0400 Subject: [Infowarrior] - Google, Facebook, Square Off Over Who Owns Your Personal Data References: Message-ID: (c/o DanO) > > > Facebook, Google Square Off Over Who Controls Your Data (Hint: It's > Not You) > By Scott Gilbertson EmailMay 16, 2008 | 9:29:26 AMCategories: > communities > > facebook.jpgHere's a shocker for you: Facebook doesn't want to give > up its tight-knit control of your personal information. The company > has officially banned Google's recently-launched Friend Connect > service, which would allow you to pull your personal data out of > Facebook and use it elsewhere. > > Considering that the only value Facebook actually has is all the > data you've entered into it, it shouldn't really surprise anyone > that the site doesn't want to hand over control of that information, > particularly to a competitor like Google. > > And if that means denying Facebook users the right to share their > own information with other networks, so be it. This isn't really > about your privacy, after all. This is about Facebook's data versus > Google's data. > > Don't believe it? Read Facebook's terms of service (TOS). > > Facebook's TOS make no bones about who controls your data. The > answer is: not you. > > It gets a little confusing because there's the TOS you the user > agrees to, which is fairly benign, but then there's the Developer > TOS, which, while it doesn't directly apply to you, does end up > affecting what sort of tools you can use on Facebook. > > And Facebook's beef with Google Friend Connect centers around those > Developer restrictions. Here's the relevant section of the Facebook > Developer TOS: > > You may not store any Facebook Properties in any Data Repository > which enables any third party (other than the Applicable Facebook > User for such Facebook Properties) to access or share the Facebook > Properties without our prior written consent. > > In other words, once a user has entered something in Facebook - a > list of friends, a blog post, a status update, etc - it's > effectively stuck in Facebook, since developers are not allowed to > store that information outside of Facebook. > > By limiting what developers can do with your data Facebook in turn > limits your ability to pull out the things you put into Facebook. > This is why we've always referred to Facebook as a black hole. > > When Facebook does make concessions and allow you to move data off > the site, it's always on Facebook's terms - like the announced, but > not yet launched, Facebook Connect. > > "We're disappointed that Facebook disabled their users' ability to > use Friend Connect with their Facebook friends," a Google spokesman > told Wired.com. > > But don't go getting the idea that Google is really all that > concerned with freeing up your data. Google, like every other site, > wants a slice of the pie. If Google helps you gain a little control > at the same time, consider it a happy coincidence, not a motivating > factor. > > What's galling to many is that Facebook still tries to hide its > blatant control complex behind the guise of protecting your privacy. > > Any time Facebook shuts down a service like Google Friend Connect it > brushes off complaints with warm, fuzzy words about keeping you > safe. This time the excuse was that Friend Connect "doesn't respect > the privacy standards our users have come to expect." > > Yet Facebook's own failed Beacon ad platform effectively showed > that, deep down, Facebook doesn't care about your privacy, it cares > about making money off your data. And to do that it has to make sure > it keeps that data locked up on the site. Letting Google siphon your > info off to other social sites isn't going to help line Facebook's > coffers. > > In this particular case Facebook claims that its issue with Friend > Connect is that there's no way to turn Friend Connect widgets off > from within Facebook. However, the reason for that is that Facebook > doesn't offer such features in its developer API, so there's no way > for Google to add that feature. If Facebook were really concerned > about your privacy it could simply add in the API feature, and maybe > it will at some point. But for now it strikes us as an awfully > convenient way of keeping your data locked out of Friend Connect. > > Unfortunately for Facebook, it seems unlikely the site will be able > to maintain that control for much longer. As Robert Scoble points > out in his take on the Google-Facebook scuffle, tools like Minggl > are already making an end run around Facebook's restrictions by > simply screen-scraping what gets loaded into your browser. As far as > I can tell there's no way Facebook can stop Minggl, short of suing > the company out of existence. > > But this isn't just a case of Facebook being overly restrictive and > forbidding you from taking your data with you when you leave the > site. While much of Facebook's supposed concern for your privacy may > be a desire to protect its own interests, it isn't all smoke and > mirrors. > > The issues surrounding your ability to control your data are far > more complex than that. > > Before you can really address control of your data, you have to > first decide what actually is your data. As we've pointed out > before, how much of your data can be said to be "owned" by you is > debatable. Obviously your Facebook Wall posts, updates and personal > notes are yours and should be available for export, but what about > your friends and all the connections you have on Facebook? > > Just because you and I might be connected on Facebook, does that > give you the right to export my e-mail and contact info and take it > with you where ever you go? You didn't enter that data into > Facebook, I did. So what gives you the right to take it with you > when you leave? > > How you answer that question will more or less determine who you see > as the good guy in this latest scuffle between Facebook and Google. > > That's the real take away from this latest tussle: If you're looking > for a truly open, distributed social network that works across the > web, don't look to existing sites for help. > > If we want an open social web, we're going to have to build it > ourselves, using technologies that no one company controls. From rforno at infowarrior.org Tue May 20 00:06:32 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 May 2008 20:06:32 -0400 Subject: [Infowarrior] - ID theft protection firm sued Message-ID: <99AB8DFE-5C6D-4FE2-B90D-5126DBEC49AA@infowarrior.org> ID theft protection firm sued LifeLock misinformed customers, lawsuit says http://www.wvgazette.com/News/200805172662 For a time, the ads were everywhere on TV and radio, the ones with the head of a security company brazenly challenging would-be thieves to try to steal his identity. By Andrew Clevenger Staff writer For a time, the ads were everywhere on TV and radio, the ones with the head of a security company brazenly challenging would-be thieves to try to steal his identity. Richard Todd Davis, CEO of LifeLock Inc., was so confident in his company's ability to protect his identity that he publicly revealed his Social Security number: 457-55-5462. But according to a new class-action lawsuit filed last week in Jackson County, LifeLock's identity theft protection services were so inept that Davis' personal information was stolen repeatedly. "While LifeLock has only publicly acknowledged that Davis' identity was compromised on one occasion, there are more than 20 driver's licenses that have been fraudulently obtained [using his personal information]," the suit states. "Furthermore, a simple background check performed using Davis' Social Security number reveals that his entire personal profile has been compromised to the extent that the birth date associated with his Social Security number is Nov. 2, 1940, which would [inaccurately] make Davis 67 years old." The lawsuit maintains that LifeLock, which claims on its Web site to be "the industry leader in the rapidly growing field of Identity Theft Protection," made false and misleading claims in its multimillion- dollar ad campaign about the level of protection it provides. "Through its advertisements, LifeLock misrepresents and assures consumers that it can protect against all types of fraud including, without limitation, computer hacking, password theft and other noncredit-related theft," the suit reads. But LifeLock doesn't protect against many forms of identity theft, according to the lawsuit. The Arizona-headquartered company does place and renew fraud alerts on its subscribers' credit profiles. But it does nothing to combat breaches involving personal bank, employment or medical information, as well as theft pertaining to government documents and benefits, the suit alleges. "LifeLock knows, yet fails to disclose, that the services it provides do not offer the breadth of protection that it promotes through its massive advertising campaign," the suit states. The West Virginia suit follows similar suits filed in New Jersey in March and Maryland in April. It asks the judge to certify it as a class-action suit. The lawsuit was filed on behalf of Kevin Gerhold of Falling Waters, and maintains that there are numerous other state residents who were similarly misled into signing up. Gerhold was attracted by LifeLock's $1 million guarantee against any damages resulting from breaches that occur under the company's watch. But even that is misleading, according to Charleston attorney David Grubb, who is serving as the suit's local counsel. "In actuality, once you get beyond the numerous legal limitations and disclaimers, the policy really only guarantees that LifeLock will investigate how to fix its failure," Grubb said in a news release. "The subscriber receives no monetary recompense and no guarantee that their reputation and credit status will be restored." According to the suit, the company has almost 1 million subscribers who pay roughly $110 a year for LifeLock's protection. "This is a service that you pay for and it kind of lays dormant," said David Paris, an attorney with the New Jersey firm Marks & Klein who is heading the case against LifeLock. "So no one knows that they're not getting what they paid for, because they don't know what to look for." Paris said that consumers can activate for free the same safeguards that LifeLock does, but the company fails to mention that in its marketing campaign. The suit alleges that LifeLock's services can actually harm its clients because the constant placement of fraud alerts can prevent them from getting a home loan or refinancing their existing loans. In addition, the company fails to reveal that it obtains its credit reports by requesting on its clients' behalf their free annual credit report. That means consumers can't ask for their own free report for at least 12 months, according to the suit. The suit also traces what it calls the "nefarious origin" of the company, including the background of Robert J. Maynard Jr., who co- founded the company with Davis in 2005. "Upon information and belief, Maynard developed the idea for LifeLock while sitting in a jail cell after having been arrested for failure to repay a $16,000 casino marker taken out at the Mirage Hotel in Las Vegas," the suit states. Maynard was sanctioned by the Federal Trade Commission because of misleading infomercials for National Credit Foundation, a separate credit-improvement company, according to the suit. The suit also maintains that Maynard stole his father's identity by using his information to get an American Express card, which he used to rack up more than $100,000 of debt. Paris said he plans to file another suit in a fourth state soon, and he is still gathering information about LifeLock's practices. "In Wisconsin, a woman's debit card was stolen, and that thief used that card to sign up for LifeLock," he said. "If you can't provide the basic information to verify someone for subscription purposes, how can you be relied upon to protect people's identities?" To contact staff writer Andrew Clevenger, use e-mail or call 348-1723. From rforno at infowarrior.org Tue May 20 00:48:48 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 May 2008 20:48:48 -0400 Subject: [Infowarrior] - ABC fawning over crippled DVRs Message-ID: From the ABC 'upfront' event today where they pitch their various new shows and themes for the coming seasons. Blogged by the NYT, we see yet another "benefit" of crippled DVR devices: http://tvdecoder.blogs.nytimes.com/2008/05/13/upfronts-live-blogging-the-abc-upfront/ < - > 4:34: Here?s a fancy way to combat DVR use: cable video on demand with fast-forwarding disabled. Mr. Shaw said media buyers should work with networks to encourage the implementation of this form of V.O.D. (ABC is already testing it in a small number of local markets.) 4:25: Now it?s time to remind advertisers that television is still the dominant form of media. ?Television is important to our viewers, your customers,? said Mike Shaw, ABC?s sales chief. Mr. Shaw discussed the impact of digital video recorder playback. ?It?s no surprise that the highest rated shows have the highest live and recorded viewing,? he said. < - > These people just don't get it......DVRs are so popular and allow shows to be popular BECAUSE folks can time-shift to watch them when it's convenient AND do so in a manner condusive to their viewing habits and interests -- ie, fast-forwarding through the commercials. ....and in related news, it seems NBC and Microsoft have re-ignited the Broadcast Flag debate: http://www.boingboing.net/2008/05/16/microsoft-and-nbc-en.html The more things change...... From rforno at infowarrior.org Tue May 20 11:43:39 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 May 2008 07:43:39 -0400 Subject: [Infowarrior] - Lieberman calls on Google to censor terrorist content References: Message-ID: <2293AD7E-CA38-4976-A69C-8632CA28CA14@infowarrior.org> > > http://hsgac.senate.gov/public/index.cfm?FuseAction=PressReleases.Print&PressRelease_id=8093d5b2-c882-4d12-883d-5c670d43d269&suppresslayouts=true > > May 19, 2008 > > LIEBERMAN CALLS ON GOOGLE TO TAKE DOWN TERRORIST CONTENT > YouTube Videos Are Produced by Al Qaeda and Other Terror > Organizations; Videos Show Attacks on U.S. Soldiers, Civilians > > WASHINGTON ? Homeland Security and Governmental Affairs Committee > Chairman Joe Lieberman, ID-Conn., Monday called on Google to remove > Internet video content produced by terrorist organizations such as > Al-Qaeda. The videos ? readily available on YouTube ?show > assassinations, deaths of U.S. soldiers and civilians, weapons > training, incendiary speeches by al-Qaeda leadership, and other > material intended to encourage violence against the West. > > The videos are branded with Al-Qaeda logos ? a practice detailed in > a recent bipartisan Committee staff report entitled ?Violent > Islamist Extremism, the Internet, and the Homegrown Terrorist > Threat.? These production logos are easily recognizable, making it > easy for Google to remove them from its Internet sites. Lieberman > called on Google to enforce its own community standards against > videos that show gratuitous violence or people getting ?hurt, > attacked, or humiliated.? > > ?Islamist terrorist organizations use YouTube to disseminate their > propaganda, enlist followers, and provide weapons training,? the > Senator said in his letter. ?YouTube also, unwittingly, permits > Islamist terrorist groups to maintain an active, pervasive, and > amplified voice, despite military setbacks or successful operations > by the law enforcement and intelligence communities? > > ?Protecting our citizens from terrorist attacks is a top priority > for our government. The private sector can help us do that. By > taking action to curtail the use of YouTube to disseminate the goals > and methods of those who wish to kill innocent civilians, Google > will make a singularly important contribution to this important > national effort.? > > Following is a copy of the letter: > > May 19, 2008 > > Dr. Eric Schmidt > Chairman of the Board and Chief Executive Officer > Google, Inc. > 1600 Amphitheatre Parkway > Mountain View, CA 94043 > > Dear Dr. Schmidt: > > YouTube is being used to share videos produced by al-Qaeda and other > Islamist terrorist groups. The purpose of this letter is to request > that Google implement its own policy against this offensive > material, remove these videos from YouTube, and prevent them from > reappearing. > > Today, Islamist terrorist organizations rely extensively on the > Internet to attract supporters and advance their cause. The > framework for much of this Internet campaign is described in a > bipartisan staff report released last week by the Senate Committee > on Homeland Security and Governmental Affairs (?Committee?), which I > am privileged to chair, titled Violent Islamist Extremism, the > Internet, and the Homegrown Terrorist Threat. The report explains, > in part, how al-Qaeda created and manages a multi-tiered online > media operation that produces content intended to enlist followers > in countries all over the world, including the United States. > Central to this media campaign is the branding of content with an > icon or logo to guarantee authenticity that the content was produced > by al-Qaeda or allied organizations like al-Qaeda in Iraq, Ansar al- > Islam (a.k.a Ansar al-Sunnah) or al-Qaeda in the Land of the Islamic > Maghreb. All of these groups have been designated Foreign Terrorist > Organizations (FTO) by the Department of State. > > Searches on YouTube return dozens of videos branded with an icon or > logo identifying the videos as the work of one of these Islamist > terrorist organizations. A great majority of these videos document > horrific attacks on American soldiers in Iraq or Afghanistan. Others > provide weapons training, speeches by al-Qaeda leadership, and > general material intended to radicalize potential recruits. > > In other words, Islamist terrorist organizations use YouTube to > disseminate their propaganda, enlist followers, and provide weapons > training ? activities that are all essential to terrorist activity. > According to testimony received by our Committee, the online content > produced by al-Qaeda and other Islamist terrorist organizations can > play a significant role in the process of radicalization, the end > point of which is the planning and execution of a terrorist attack. > YouTube also, unwittingly, permits Islamist terrorist groups to > maintain an active, pervasive, and amplified voice, despite military > setbacks or successful operations by the law enforcement and > intelligence communities. > > YouTube posts ?community guidelines? for users to follow, but it > does not appear that the company is enforcing these guidelines to > the extent they would apply to this content. For example, the > community guidelines state that ?[g]raphic or gratuitous violence is > not allowed. If your video shows someone getting hurt, attacked, or > humiliated, don?t post it.? Many of the videos produced by one of > the production arms of al-Qaeda show attacks on U.S. forces in which > American soldiers are injured and, in some cases, killed. > Nevertheless, those videos remain available for viewing on YouTube. > At the same time, the guidelines do not prohibit the posting of > content that can be readily identified as produced by al-Qaeda or > another FTO. > > I ask you, therefore, to immediately remove content produced by > Islamist terrorist organizations from YouTube. This should be a > straightforward task since so many of the Islamist terrorist > organizations brand their material with logos or icons identifying > their provenance. In addition, please explain what changes Google > plans to make to the YouTube community guidelines to address violent > extremist material and how Google plans to enforce those guidelines > to prevent the content from reappearing. > > Protecting our citizens from terrorist attacks is a top priority for > our government. The private sector can help us do that. By taking > action to curtail the use of YouTube to disseminate the goals and > methods of those who wish to kill innocent civilians, Google will > make a singularly important contribution to this important national > effort. > > Thank you for your immediate attention to this critical matter and I > look forward to your response. > > Sincerely, > > > > Joseph I. Lieberman (ID-CT) > Chairman, Senate Committee on Homeland Security and Governmental > Affairs From rforno at infowarrior.org Tue May 20 15:11:40 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 May 2008 11:11:40 -0400 Subject: [Infowarrior] - =?windows-1252?q?UK_plans_=91Big_Brother=92_datab?= =?windows-1252?q?ase_for_phones_and_e-mails?= Message-ID: <6A133888-B104-4508-A2C2-0FC23A57DB98@infowarrior.org> May 20, 2008 ?Big Brother? database for phones and e-mails Men talking on mobile phones Richard Ford http://business.timesonline.co.uk/tol/business/industry_sectors/telecoms/article3965033.ece A massive government database holding details of every phone call, e- mail and time spent on the internet by the public is being planned as part of the fight against crime and terrorism. Internet service providers (ISPs) and telecoms companies would hand over the records to the Home Office under plans put forward by officials. The information would be held for at least 12 months and the police and security services would be able to access it if given permission from the courts. The proposal will raise further alarm about a ?Big Brother? society, as it follows plans for vast databases for the ID cards scheme and NHS patients. There will also be concern about the ability of the Government to manage a system holding billions of records. About 57 billion text messages were sent in Britain last year, while an estimated 3 billion e-mails are sent every day. Home Office officials have discussed the option of the national database with telecommunications companies and ISPs as part of preparations for a data communications Bill to be in November?s Queen?s Speech. But the plan has not been sent to ministers yet. Industry sources gave warning that a single database would be at greater risk of attack and abuse. Jonathan Bamford, the assistant Information Commissioner, said: ?This would give us serious concerns and may well be a step too far. We are not aware of any justification for the State to hold every UK citizen?s phone and internet records. We have real doubts that such a measure can be justified, or is proportionate or desirable. We have warned before that we are sleepwalking into a surveillance society. Holding large collections of data is always risky - the more data that is collected and stored, the bigger the problem when the data is lost, traded or stolen.? David Davis, the Shadow Home Secretary, said: ?Given [ministers?] appalling record at maintaining the integrity of databases holding people?s sensitive data, this could well be more of a threat to our security, than a support.? The proposal has emerged as part of plans to implement an EU directive developed after the July 7 bombings to bring uniformity of record- keeping. Since last October telecoms companies have been required to keep records of phone calls and text messages for 12 months. That requirement is to be extended to internet, e-mail and voice-over- internet use and included in a Communications Data Bill. Police and the security services can access the records with a warrant issued by the courts. Rather than individual companies holding the information, Home Office officials are suggesting the records be handed over to the Government and stored on a huge database. One of the arguments being put forward in favour of the plan is that it would make it simpler and swifter for law enforcement agencies to retrieve the information instead of having to approach hundreds of service providers. Opponents say that the scope for abuse will be greater if the records are held on one database. A Home Office spokesman said the Bill was needed to reflect changes in communication that would ?increasingly undermine our current capabilities to obtain communications data and use it to protect the public?. From rforno at infowarrior.org Tue May 20 20:39:21 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 May 2008 16:39:21 -0400 Subject: [Infowarrior] - YouTube refuses Lieberman request Message-ID: <7F0CCC7A-D8E7-40E6-A0DC-7A7EB5E2EB18@infowarrior.org> YouTube refuses Lieberman request Published on May 19, 2008 http://www.fcw.com/online/news/152587-1.html The chairman of the Senate Homeland Security and Governmental Affairs Committee today asked Google, the parent company of the popular online video-sharing site, YouTube, to ?immediately remove content produced by Islamist terrorist organizations? from YouTube and prevent similar content from reappearing. However, the company immediately refused to comply with his request. Joseph Lieberman (I-Conn.) made the request in a letter to Eric Schmidt, the chairman of the board and chief executive officer at Google, in which he said that YouTube ?unwittingly, permits Islamist terrorist groups to maintain an active, pervasive and amplified voice despite military setbacks or successful operations by the law enforcement and intelligence communities.? Lieberman asked the company not only to remove existing content but also identify changes that Google plans to make to YouTube?s community guidelines and explain how it plans to enforce the guidelines. Lieberman said removing such content should be ?a straightforward task since so many of the Islamist terrorist organizations brand their material with logos or icons identifying their provenance.? However, YouTube in a response this afternoon, said taking those actions was not so simple and refused to remove all videos mentioning or featuring these groups without consideration of whether the videos were legal, nonviolent or non-hate speech videos. ?While we respect and understand his views, YouTube encourages free speech and defends everyone's right to express unpopular points of view,? the company said. ?We believe that YouTube is a richer and more relevant platform for users precisely because it hosts a diverse range of views, and rather than stifle debate, we allow our users to view all acceptable content and make up their own minds.? The statement thanked Lieberman for alerting the company last week of several videos which violated the company?s community guidelines and that have subsequently been removed. However, the statement said that ?most of the videos, which did not contain violent or hate speech content, were not removed because they do not violate our Community Guidelines.? YouTube?s community guidelines prohibit hate speech and ask users not to post videos that show someone getting hurt, attacked or humiliated. According to the YouTube Community Guidelines, users can flag videos they feel are inappropriate, which may then be removed from the site by the company after review. Lieberman?s letter comes after his committee released a report, ?Violent Islamist Extremism, the Internet and the Homegrown Terrorist Threat,? May 8 that said chatrooms, message boards and Web sites can play critical roles in recruitment, indoctrination into violent Islamist theology, linking radicalized individuals and providing information to independent terrorists unaffiliated with organizations. The report also said the government needs to develop a plan to counter terrorist groups' increasing reliance on the Internet. However, whatever federal strategy is developed may face scrutiny from critics who say the committee?s May 8 report unfairly singled out Muslims as possible extremists, in addition to civil libertarians and privacy advocates concerned with protecting free speech and Internet freedom. John Morris, senior counsel at the Center for Democracy and Technology, said Lieberman?s letter was a practical impossibility and having sites such as YouTube pre-screen content would radically change how the Internet is used. YouTube noted in its statement that hundreds of thousands of videos are uploaded to the site daily. ?The government can?t get involved in suppressing videos if the content is not illegal,? Morris said, explaining that such a policy would likely face stiff opposition from advocates of First Amendment rights. From rforno at infowarrior.org Wed May 21 01:26:56 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 May 2008 21:26:56 -0400 Subject: [Infowarrior] - Fwd: Charter tracks user activity even if users opt out References: <20080521012416.GA7598@gsp.org> Message-ID: <6FD98B73-0985-4CAE-B0AF-BED1ACDC887B@infowarrior.org> Begin forwarded message: > From: Rich Kulawiec > Date: May 20, 2008 9:24:16 PM EDT > To: David Farber , Richard Forno >, Fergie > Subject: Charter tracks user activity even if users opt out > > Via The Consumerist: > > UPDATE: Charter Will Track Your Internet Activity Regardless Of > Whether You Opt Out > http://consumerist.com/tag/privacy/?i=5009976&t=update-charter-will-track-your-internet-activity-regardless-of-whether-you-opt-out > > Excerpt: > > When a customer clicks a link, advertisement, or visits a > page, Charter will capture the browsing data and send it to > the third-party advertising provider. If Charter wanted to > offer a functional opt-out, it would be at this deep-packet > inspection level. The do not offer a way out of that service, > however. The only thing they offer is the cookie-based solution > you've previously covered, which *merely tells the third-party > organization not to match the machine with the DPI-harvested data > or deliver the advertising*. Customer browsing is still being > captured and is still being turned over regardless of anyone's > individual opt-out status, but the third party is just blocked > from doing anything with it by the cookie. > > I might also point out that by doing this *Charter is explicitly > requesting that their customers choose not to follow safe > browsing best practices.* [...] > > I'm not sure "the third party is just blocked from doing anything with > it by the cookie" is entirely accurate, however; I think "the third > party is supposed to honor the cookie and not supposed to use the data > and not supposed to match the data against the machine" may be more > likely. > > ---Rsk From rforno at infowarrior.org Wed May 21 11:33:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 May 2008 07:33:54 -0400 Subject: [Infowarrior] - Cisco Leak: 'Great Firewall' of China was a Chance to Sell More Routers Message-ID: Cisco Leak: 'Great Firewall' of China was a Chance to Sell More Routers By Sarah Lai Stirland EmailMay 20, 2008 | 7:50:52 PMCategories: Censorship, Tech Companies in China An internal Cisco document (.pdf) leaked to reporters on the eve of a Senate human rights hearing reveals that Cisco engineers regarded the Chinese government's rigid internet censorship program as an opportunity to do more business with the repressive regime. The 90-page document is an internal presentation that Cisco engineers and staffers in China mulled over in 2002 as the central government was upgrading its local, state and provincial public safety and security network infrastructure. Under the category "Cisco Opportunities," the document provides bullet point suggestions for how it might service China's censorship system called the "Golden Shield", and better known in the West as the Great Firewall of China. The document is the first evidence that the networking giant has marketed its routers to China specifically as a tool of repression. It reinforces the double-edged role that Americans' technological ingenuity plays in the rest of the world. Companies including Cisco, Yahoo, Microsoft and Google have faced criticism for cooperating to various degrees with the repressive Chinese regime, and the document leak on Monday came one day before a Senate Judiciary subcommittee hearing into U.S. technology companies participation in foreign government censorship programs. < - > http://blog.wired.com/27bstroke6/2008/05/leaked-cisco-do.html From rforno at infowarrior.org Wed May 21 23:41:29 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 May 2008 19:41:29 -0400 Subject: [Infowarrior] - Fed Judge upholds First Sale Doctrine Message-ID: <517C49F2-CF05-4911-B3F8-CABCDBC99750@infowarrior.org> http://www.citizen.org/pressroom/release.cfm?ID=2659 Federal Judge Upholds Right of Vendor to Sue Against Anti-Consumer Copyright Claim eBay Vendor Claims Right to Resell Used Copies of Products from Software Company WASHINGTON, D.C. - A California software company?s "license agreement" it includes with copies of its products does not prohibit buyers from reselling the software on sites such as eBay or anywhere else, a federal judge ruled today. Judge Richard A. Jones denied Autodesk?s motion to dismiss a lawsuit filed by eBay seller Timothy Vernor, who is represented by Public Citizen and Seattle attorney Michael Withey. Vernor sued Autodesk in November after the company prevented him from reselling copies of "AutoCAD Release 14." Autodesk filed several Digital Millennium Copyright Act (DCMA) notices with eBay claiming the sale would infringe its copyright. Vernor acquired a used copy of AutoCAD at a garage sale in 2005 and put it up for auction on eBay. Autodesk sells this product in a shrink- wrapped box that includes a license agreement. Public Citizen contended that Autodesk?s actions suppressed competition and led to higher prices for consumers. Public Citizen argues in the complaint that the owner of a copyrighted product can resell that product without permission, and that the court should protect Vernor?s rights to resell AutoCAD software. Jones? ruling, filed in the U.S. District Court Western District of Washington at Seattle, stated that Vernor is entitled to protection under the First Sale Doctrine, which allows a person who owns a lawfully-made copy of a copyrighted work to sell or dispose of the copy. "This sends a clear message to copyright owners that once they sell a copy of their products, they have no right to control subsequent sales," said Public Citizen attorney Greg Beck. "Consumers deserve protection against these types of abusive tactics that can force consumers to pay higher prices." Vernor?s suit against Autodesk will proceed. READ the case documents http://www.citizen.org/pressroom/release.cfm?ID=2659 From rforno at infowarrior.org Thu May 22 02:57:16 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 May 2008 22:57:16 -0400 Subject: [Infowarrior] - Pentagon Plan: 'Eliminate' Space, Cyberspace Threats Message-ID: Pentagon Plan: 'Eliminate' Space, Cyberspace Threats By Noah Shachtman EmailMay 21, 2008 | 2:41:00 PMCategories: Info War, Space http://blog.wired.com/defense/2008/05/develop-and-emp.html Spcinvad The Pentagon's spies are looking to "eliminate" opponents' abilities to strike from space, or online. A new plan from the Undersecretary of Defense for Intelligence, retired Gen. James Clapper, warns that the "current patchwork of passive defense" in cyberspace "is likely to fail in the face of greater vulnerabilities and more sophisticated threats. Defense intelligence must do its part to defeat this critical threat." In recent months, military officials have been issuing shrill warnings about attacks from space and cyberspace -- and darkly promising massive and devastating retribution, if the United States is struck. A recently-luanched Air Force program is searching for "full control" of "any and all" computers. "Every potential adversary, from nation states to rogue individuals... should be compelled to consider... an attack on U.S. systems resulting in highly undesireable consequences to their own security," a recent Defense Department report notes. This latest document, entitled "Defense Intelligence Strategy" and highlighted by Secrecy News and BeSpacific, echoes some of that rhetoric. It states as its fourth "strategic objective": Eliminate any advantage held by our adversaries to operate from and within the space and cyber domains. The anticipated increase in global military and commercial space and cyber activities ensures that the focus of defense intelligence professionals employed in these domains will grow exponentially. The potential for the deployment of weapons by near-peer competitors and increasing dependence on space- based assets for military and civilian technologies makes these domains increasingly important. As stated in the U.S. National Space Policy, the focus of defense intelligence in space will be to ensure full situational awareness for military and civilian decision-makers, support military planning initiatives, and satisfy operational requirements. As addressed within the Comprehensive National Cybersecurity Initiative, cyberspace has become a vital national interest economically, militarily and culturally, and the current patchwork of passive defense is likely to fail in the face of greater vulnerabilities and more sophisticated threats. Defense intelligence must do its part to defeat this critical threat. Not only does that mean building better "space situational awareness" for spotting those threats, the document says. It means "protect[ing] cyberspace systems with both defensive and offensive countermeasures," too. From rforno at infowarrior.org Fri May 23 02:41:35 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 May 2008 22:41:35 -0400 Subject: [Infowarrior] - US plots "Pirate Bay killer" multi-lateral trade agreement References: <20080523010934.5FE76394A75@mail.wikileaks.org> Message-ID: <7BA9BA26-E2B4-4DAF-B443-C1D1C8300B6C@infowarrior.org> > > Fri May 23 02:06:26 GMT 2008 > Wikileaks Press Release > > US PLOTS "PIRATE BAY KILLER" MULTI-LATERAL TRADE AGREEMENT > > Wikileaks has revealed that the United States is plotting a "Pirate > Bay killing" multi-lateral trade agreement with the EU, Japan, > Canada, Mexico, Switzerland and New Zealand. The proposal includes > clauses designed to criminalize the non-profit facilitation of > copyrighted information exchange on the internet, which would also > affect transparency sites such as Wikileaks. > > The Wikileaks document details provisions that would impose strict > enforcement of intellectual property rights related to Internet > activity and trade in information-based goods. If adopted, the > treaty would impose a strong, top-down enforcement regime imposing > new cooperation requirements upon internet service providers, > including perfunctory disclosure of customer information, as well > as measures restricting the use of online privacy tools. > > See > > http://wikileaks.org/wiki/Proposed_US_ACTA_multi-lateral_intellectual_property_trade_agreement_(2007) > > and > > http://ipjustice.org/wp/2008/05/22/leaked-us-govt-discussion-paper-on-proposed-anti-counterfeiting-trade-agreement-acta-from-wikileaks/ > > for further detail. From rforno at infowarrior.org Fri May 23 11:45:49 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 May 2008 07:45:49 -0400 Subject: [Infowarrior] - 26 Years After Gibson, Pentagon Defines 'Cyberspace' Message-ID: (the Inside Defense article mentioned is behind a paywall.......rf) 26 Years After Gibson, Pentagon Defines 'Cyberspace' By Noah Shachtman EmailMay 23, 2008 | 3:01:00 AMCategories: Info War http://blog.wired.com/defense/2008/05/pentagon-define.html Bill "More than two decades after novelist William Gibson coined the term cyberspace as a 'consensual hallucination' of data... the Pentagon has come up with its own definition," Inside Defense reports. "A May 12 'for official use only' memo signed by Deputy Defense Secretary Gordon England... offers a 28-word meaning for the term." It is decidedly "less poetic" than Gibson's. It is different from previous military definitions. And it doesn't exactly square with how the Air Force's new "Cyberspace Command" sees this emerging battlefield. Cyberspace, England writes, is ?a global domain within the information environment consisting of the interdependent network of information technology infrastructures, including the Internet, telecommunications networks, computer systems, and embedded processors and controllers.? It is a far cry from the prose Gibson used in his 1984 novel ?Neuromancer? to describe cyberspace: ?A graphic representation of data abstracted from banks of every computer in the human system. Unthinkable complexity. Lines of light ranged in the nonspace of the mind, clusters and constellations of data. Like city lights, receding.? The Pentagon's definition will ?serve as the foundation? upon which the Defense Department will ?further mature this warfighting domain,? England writes. And "it is not the first time the U.S. government has tried to define, or redefine, cyberspace," Inside Defense notes. ?Cyberspace is composed of hundreds of thousands of interconnected computers, servers, routers, switches, and fiber optic cables that allow our critical infrastructures to work,? states the Bush administration?s 2003 National Strategy to Secure Cyberspace. ?Thus, the healthy functioning of cyberspace is essential to our economy and our national security.? In the 2006 National Military Strategy for Cyberspace Operations, a classified document, the Joint Chiefs of Staff defined cyberspace as ?a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify and exchange data via networked systems and associated physical infrastructures.? Major General William T. Lord, the chief of the Air Force's new Cyberspace Command, expanded that definition evern further, saying, "We define the domain as the entire electromagnetic spectrum." Everything from microwaves to radio to lasers to x-rays, on other words. He sees his fledgling force conducting "not just [c]omputer network operations, but [a]lso [e]lectronic warfare, electronic combat and even, potentially, directed energy." Exactly how that will square with the Pentagon new definition of cyberspace remains to be seen. From rforno at infowarrior.org Fri May 23 12:34:29 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 May 2008 08:34:29 -0400 Subject: [Infowarrior] - OT: Pre-Holiday Weekend Chuckle Message-ID: <19E7524C-C0C9-4795-BA96-852A8E879208@infowarrior.org> This is cute and totally work-safe. NPR interviews Cookie Monster -- you can tell the NPR host is having an absolute hoot here in this latest episode of their "In Character" interview series. http://www.npr.org/templates/story/story.php?storyId=18659731 Enjoy ...... and I hope everyone has a good weekend! -rick From rforno at infowarrior.org Fri May 23 12:46:52 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 May 2008 08:46:52 -0400 Subject: [Infowarrior] - Fingerprint Registry in Housing Bill Message-ID: <39193CBC-D1D7-45F7-B941-277A4F69E956@infowarrior.org> Fingerprint Registry in Housing Bill!!! Posted by John Berlau http://www.openmarket.org/2008/05/23/fingerprint-registry-in-housing-bill/ Fingerprints are considered to be among the most personal of information, and fingerprint databases created and proposed in the name of national security have generated much debate. Recently, ?Server in the Sky? ? a proposed international database of the fingerprints of suspected criminals and terrorists to be shared among the U.S., U.K. and Canada ? has ignited a firestorm of controversy. As have cavalier comments by Homeland Security Secretary Michael Chertoff that fingerprints aren?t ?personal data.? Yet earlier this week, a measure creating a federal fingerprint registry totally unrelated to national security passed a U.S. Senate committee almost without notice. The legislation would require thousands of individuals working even tangentially in the mortgage and real estate industries ? and not suspected of anything ? to send their prints to the feds. The database and fingerprint mandates were tucked into housing and foreclosure assistance bills that on Tuesday passed the Senate Banking Committee by a vote of 19-2. The measure the committee passed states that ?an indvidual may not engage in the business of a loan originator without first ? obtaining a unique identifier.? To obtain this ?identifier,? an individual is requiredto ?furnish? to the newly created Nationwide Mortgage Licensing System and Registry ?information concerning the applicant?s identity, including fingerprints for submission? to the FBI and other government agencies. The fingerprint provisions are contained in a ?manager?s amendment? that was hammered out by committee Chairman Chris Dodd, D-Conn, and Ranking Member Richard Shelby, R-Ala., on Monday and attached the next day to a broader housing bailout bill that had been scheduled for a comittee vote. That bill, the ?Federal Housing Finance Regulatory Reform Act of 2008,? expands the lending authority of the Federal Housing Administration and the government-sponsored enterprises Fannie Mae and Freddie Mac to refinance the mortgages of troubled borrowers and banks. The amendment adopted the fingerprint provisions in a section called the ?S.A.F.E. Mortgage Licensing Act.? The fingerprints will be part of what the amendment calls ?a comprehensive licensing and supervisory database.? And the database would cover a broad swath of individuals involved with mortgage lending. The amendment defines ?loan originator? as anyone who ?takes a residential loan application; and offers or negotiates terms of a residential mortgage loan for compensation or gain.? It states that even real estate brokers would be covered if they receive any compensation from lenders or mortgage brokers. Since many jobs in both real estate and mortgage lending are part-time and seasonal, even some of the most minor players in the mortgage market may have to submit their prints. Justifications listed in the bill for this database include ?increased accountability and tracking of loan originators,? ?enhance[d] consumer protection,? and ?facilitat[ing] responsible behavior in the subprime mortgage market.? I conducted a wide Internet search and found fingerprint provisions in some state bills, but I don?t know if any, or how many passed. But in my search, I could find no arguments explaining how, specifically, collecting the fingerprints of loan originators would better serve borrowers getting mortgages. I called the Senate Banking Committee asking this question, but my call has not been returned yet. (I will update OpenMarket readers when and if it is.) I imagine that, yes, a fingerprint registry might stop an ex-con from handling loans, but I doubt it will make even a dent in the lending problems the bill aims to stop. And I would venture to guess that the vast majority of the problem mortages were handled by employees with no criminal record. Rather, this seem like another thoughtless idea that lets politicians brag that they are ?getting tough? about a particular problem. But this fingerprint database, in addition to the privacy violations, might create a host of new problems of mortgage fraud. Identity theft involving fingerprints is becoming a major concern among data security experts. Security consultant Bruce Schneier has argued that hackers can steal electronic images of fingerprints directly from the databases they are stored in. And there is virtually nothing in this bill about security procedures that would apply to this database. It amazes me. We have wrenching debates about privacy and freedom vs. national security when it comes to proposed anti-terrorist programs. But then a smililar scheme is done in response to an economic problem, and it almost escapes without notice. A similar thing has happened with anti-money laundering requirements that mandate that banks effectively spy on their customers for possible violations of everything from drug laws to the tax code. From rforno at infowarrior.org Sat May 24 16:41:43 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 May 2008 12:41:43 -0400 Subject: [Infowarrior] - NYPD's $10M eye in the sky Message-ID: <3C502BDE-875A-41B1-836D-7572123874D2@infowarrior.org> Unmarked chopper patrols NY city from high above May 23 04:24 PM US/Eastern By TOM HAYS Associated Press Writer http://www.breitbart.com/article.php?id=D90RIHF00&show_article=1 NEW YORK (AP) - On a cloudless spring day, the NYPD helicopter soars over the city, its sights set on the Statue of Liberty. A dramatic close-up of Lady Liberty's frozen gaze fills one of three flat-screen computer monitors mounted on a console. Hundreds of sightseers below are oblivious to the fact that a helicopter is peering down on them from a mile and a half away. "They don't even know we're here," said crew chief John Diaz, speaking into a headset over the din of the aircraft's engine. The helicopter's unmarked paint job belies what's inside: an arsenal of sophisticated surveillance and tracking equipment powerful enough to read license plates?or scan pedestrians' faces?from high above the nation's largest metropolis. Police say the chopper's sweeps of landmarks and other potential targets are invaluable in helping guard against another terrorist attack, providing a see-but-avoid-being-seen advantage against bad guys. "It looks like just another helicopter in the sky," said Assistant Police Chief Charles Kammerdener, who oversees the department's aviation unit. Police Commissioner Raymond Kelly has said that no other U.S. law enforcement agency "has anything that comes close" to the surveillance chopper, which was designed by engineers at Bell Helicopter and computer technicians based on NYPD specifications. The chopper is named simply "23"?for the number of police officers killed in the Sept. 11, 2001, attacks. The $10 million helicopter is just part of the department's efforts to adopt cutting-edge technology for its counterterrorism operations. The NYPD also plans to spend tens of millions of dollars strengthening security in the lower Manhattan business district with a network of closed-circuit television cameras and license-plate readers posted at bridges, tunnels and other entry points. Police have also deployed hundreds of radiation monitors?some worn on belts like pagers, others mounted on cars and in helicopters?to detect dirty bombs. Kelly even envisions someday using futuristic "stationary airborne devices" similar to blimps to conduct reconnaissance and guard against chemical, biological and radiological threats. Civil rights advocates are skeptical about the push for more surveillance, arguing it reflects the NYPD's evolution into ad hoc spy agency. "From a privacy perspective, there's always a concern that 'New York's Finest' are spending millions of dollars to engage in peeping tom activities," said Donna Lieberman, executive director of the New York Civil Liberties Union. Police insist that law-abiding New Yorkers have nothing to fear. "Obviously, we're not looking into apartments," Diaz said during a recent flight. "We don't invade the privacy of individuals. We only want to observe anything that's going on in public." The helicopter's powers of observation come from a high-powered robotic camera mounted on a turret projecting from its nose like a periscope. The camera has infrared night-vision capabilities and a satellite navigation system that allows police to automatically zoom in on a location by typing in the address on a computer keyboard. The surveillance system can beam live footage to police command centers or even to wireless hand-held devices. "The commander on the ground can see what we're seeing," Diaz said. On this flight, the helicopter used the camera to look for signs of trouble at several key transportation sites: the decks of Staten Island ferry terminal, the stanchions of the Verrazzano-Narrows Bridge, the giant air vents feeding the Lincoln Tunnel. All of them passed inspection. Without leaving Manhattan airspace, the chopper also was able to get a crystal-clear picture of jetliners waiting to take off from LaGuardia Airport and to survey Kennedy International Airport's jet fuel lines, which were targeted in a plot uncovered last year. The chopper has helped track down fleeing suspects, including a recent case of a gunman who had shot his wife in Queens. As officers on the ground worried about how to approach the suspect's car, the camera in the sky hovered overhead, peeked inside the vehicle and found that he had already shot and killed himself. During Pope Benedict XVI's recent visit, 23 patrolled the skies, at one point receiving a call from officers who had spotted a suspicious man with a camera on a rooftop near the pontiff's residence. Diaz radioed back that it was a false alarm. "There was a modeling shoot going on," he said. Copyright 2008 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Sat May 24 16:44:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 May 2008 12:44:54 -0400 Subject: [Infowarrior] - Postgrad student's research led to 'bad' terror arrest Message-ID: <2B97BC45-DCB0-4994-A3BE-617DA4B595E9@infowarrior.org> Research into Islamic terrorism led to police response 22 May 2008 By Melanie Newman http://www.timeshighereducation.co.uk/story.asp?sectioncode=26&storycode=402125&c=2 A masters student at the University of Nottingham who was arrested under the Terrorism Act under suspicion of possessing extremist material was studying terrorism for his dissertation, Times Higher Education can reveal. Academics and students have expressed concerns about the police?s handling of the case, which saw police searching campus property. Rizwaan Sabir, a 22-year-old who was studying in the politics department, was arrested along with a 30-year-old member of staff. Both were released without charge on 20 May after having been held in custody for six days. Mr Sabir?s lawyer, Tayab Ali of McCormacks solicitors in London, told Times Higher Education that as preparation for a PhD on radical Islamic groups, Mr Sabir had downloaded an edited version of the al- Qaeda handbook from a US government website. It is understood that Mr Sabir sent the 1,500-page document to the staff member - who was subsequently arrested - because he had access to a printer. Mr Ali said: ?The two members of the university were treated as though they were part of an al-Qaeda cell. They were detained for 48 hours, and a warrant for further detention was granted on the basis that the police had mobile phones and evidence taken from computers to justify this.? The case highlights concerns that new anti-terrorism legislation allowing detention for 28 days without charge would lead to people?s being held for extended periods on the ?flimsiest of evidence?, Mr Ali said. ?Why did it take so long for the police to reach the conclusions they did?? Mr Ali asked. ?These are not unqualified police, they are the top counterterrorism command for the region. They should know the difference between a book that is useful for terrorism and one that is not.? Academics at Nottingham have expressed deep concerns about the arrest?s implications for academic freedom. Bettina Rentz, a lecturer in international security and Mr Sabir?s personal tutor, said: ?This case is very worrying. The student downloaded publicly accessible information and provoked this very harsh reaction. Nobody tried to speak to him or to his tutors before police were sent in. The whole push from the Government is on policy relevance of research, and in this case the student?s research could not be more policy relevant.? Alf Nilsen, research fellow in law and social sciences, said: ?What we?re seeing here is a blatant attack on academic freedom ? people have been arrested for being in possession of legitimate research materials. How can we exercise our academic freedom if we are at risk of being arrested for possession of subversive material? This sets a very alarming precedent. Academic freedom on campus should be guaranteed for all staff and students regardless of their ethnic or religious backgrounds.? Dr Nilsen added: ?I perceive the current incident at Nottingham to be occurring in tandem with several other attempts by UK authorities to increase surveillance of the academy and, in particular, non-Western students and staff, and moreover as an episode that is symptomatic of a more general curtailment of civil liberties in UK society, which seems to particularly affect and victimise non-Western citizens.? Students at Nottingham are circulating a petition asking for the university to guarantee that the freedom of academics and students will be protected. It asks the university to acknowledge its ?disproportionate response? to the possession of legitimate research materials. A spokesman for Nottingham confirmed that the police had been called after material was found on the computer used by a junior clerical member of staff. ?There was no reasonable rationale for this person to have that information,? he said. ?The police were called in on the basis of reasonable anxiety and concern. In response to that, the police made a connection with a student who, we understand, was impeding the investigation and arrested that person.? He added that the edited version of the al-Qaeda handbook was ?not legitimate research material? in the university?s view. A Nottinghamshire police spokesman said the police had applied for a warrant to extend the detention. ?The judge was satisfied with the evidence presented and granted the extension,? he said. melanie.newman at tsleducation.com From rforno at infowarrior.org Sat May 24 16:48:37 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 May 2008 12:48:37 -0400 Subject: [Infowarrior] - Content Creation-Ownership: Sign of the Future? Message-ID: <7CD837C3-54D1-4155-95C5-3B73A0E5ED59@infowarrior.org> Is this a sign of the future? When a smalltime independent content creator gets shafted because someone else uses their public domain work within one of their commercial products? http://hownow.brownpau.com/archives/2008/05/owning_the_clouds/ From rforno at infowarrior.org Sat May 24 16:52:10 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 May 2008 12:52:10 -0400 Subject: [Infowarrior] - Global Son of DMCA in the works? Message-ID: <6F510A2B-3005-49C3-BE64-4F3DFD3E6224@infowarrior.org> (See Wikileaks for the proposed treaty -- https://secure.wikileaks.org/wiki/Proposed_US_ACTA_multi-lateral_intellectual_property_trade_agreement_(2007)) What is the Proposed Anti-Counterfeiting Trade Agreement (ACTA)? http://ipjustice.org/wp/campaigns/acta/ In 2007 a select handful of the wealthiest countries began a treaty- making process to create a new global standard for intellectual property rights enforcement, the Anti-Counterfeiting Trade Agreement (ACTA). ACTA is spearheaded by the United States, the European Commission, Japan, and Switzerland ? those countries with the largest intellectual property industries. Other countries invited to participate in ACTA?s negotiation process are Canada, Australia, Korea, Mexico and New Zealand. Noticeably absent from ACTA?s negotiations are leaders from developing countries who hold national policy priorities that differ from the international intellectual property industry. After the multi-lateral treaty?s scope and priorities are negotiated by the few countries invited to participate in the early discussions, ACTA?s text will be ?locked? and other countries who are later ?invited? to sign-on to the pact will not be able to re-negotiate its terms. It is claimed that signing-on to the trade agreement will be "voluntary", but few countries will have the muscle to refuse an ?invitation? to join, once the rules have been set by the select few conducting the negotiations. The US is negotiating ACTA through the Office of the US Trade Representative (USTR), an office within the Bush Administration that has concluded more than 10 ?free trade? agreements in recent years, all of which require both the US and the other country to increase intellectual property rights enforcement measures beyond the international legal norms in the WTO-TRIPS Agreement. As of 25 March 2008, no draft text has been published yet to provide the public with substance of the proposed international treaty. A ?Discussion Paper on a Possible Anti-Counterfeiting Trade Agreement? was reportedly provided to select lobbyists in the intellectual property industry, but not to public interest organizations concerned with the subject matter of the proposed treaty. More at -- http://ipjustice.org/wp/campaigns/acta/ From rforno at infowarrior.org Sat May 24 16:58:11 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 May 2008 12:58:11 -0400 Subject: [Infowarrior] - Cable Prices Keep Rising; Customers Keep Paying Message-ID: <904873DE-F31B-4408-BD2A-7D47E31BF68A@infowarrior.org> May 24, 2008 Cable Prices Keep Rising; Customers Keep Paying By MATT RICHTEL http://www.nytimes.com/2008/05/24/technology/24cable.html?_r=1&oref=slogin&partner=rssnyt&emc=rss&pagewanted=print Americans discouraged by higher gas prices and airline fares may decide to spend more vacation time at home, perhaps watching television. But that, too, will cost them more than ever. Cable prices have risen 77 percent since 1996, roughly double the rate of inflation, the Bureau of Labor Statistics reported this month. Cable customers, who typically pay at least $60 a month, watch only a fraction of what they pay for ? on average, a mere 13 percent of the 118 channels available to them. And the number of subscribers keeps growing. The resiliency of cable is all the more remarkable because the Internet was supposed to change all things digital. Technology has led to more choices and lower prices for news and music as well as cellphone and landline minutes ? not to mention computers, cameras, music players and phones themselves. Yet here is a rare instance where Silicon Valley has failed to break a traditional media juggernaut. And not for lack of trying. Technology companies keep insisting they will provide new low-cost ways to get video into the home, but so far their efforts have created more black boxes to stash under the TV, not real competition for cable that could bring prices down. ?A couple of years ago, there was a thesis that we were at the twilight of Comcast as the gatekeeper,? said Craig Moffett, a cable industry analyst at Sanford C. Bernstein & Company. ?That thesis still titillates some. But technologically and economically, it?s probably not going to happen.? So why hasn?t technology had a bigger impact? One answer is the alliance between cable companies and Hollywood producers of content to sell channels in bundles, rather than letting consumers pay only for the channels they want. The producers of cable television content share $15 billion to $20 billion a year in fees from cable subscribers, roughly equal to the $20 billion they receive in advertising revenue, Mr. Moffett said. Without those fees, the cable companies say, prices would go up. ?If each channel depended on individual consumers electing to pay individually for it, this would slash potential viewership and seriously hurt the ability of most channels to attract their current level of advertising dollars,? said Jenni Moyer, a spokeswoman for Comcast. ?Lost ad revenue would have to be replaced by higher license fees.? The industry says the digital era has brought its customers better image quality, more on-demand services and solid value through packages that combine cable, phone and Internet service. It also says consumers are actually getting more viewing value for their dollar, at least relative to inflation. The National Cable & Telecommunications Association says that from 1998 to 2006, the price consumers paid for each viewing hour was essentially flat. The chief economist of the Federal Communications Commission, Gregory S. Crawford, disagrees, saying the industry is not factoring in the real cost of the programming that subscribers are watching. By his analysis, the increase has been around 50 percent from 1997 to 2005. The F.C.C. and some politicians have been in a pitched battled with the cable industry, trying to get it voluntarily to offer so-called ? la carte pricing. But cable companies insist that this is not economically feasible. Kevin J. Martin, chairman of the F.C.C., said in an interview that since 1996, when Congress increased competition in telecommunications, prices have dropped for many other services. ?We?ve seen the opposite occur in the cable industry,? he said. ?The dramatic increases in pricing we?ve seen are one of the most troubling issues from a consumer point of view.? In 2007, average monthly revenue for each Cablevision subscriber was $75, up from $65 in 2005, according to SNL Kagan, a research company. At Time Warner it was $64, up from $54.50. The cable industry has never felt the pricing pressures the music industry is feeling. The most obvious reason is that Internet speeds have not been fast enough to permit easy downloading of movies and other video material. That is changing, though. People are viewing millions of videos online each month ? albeit mostly short video clips, and not Hollywood movies. At the same time, the use of file-sharing tools like BitTorrent to download illegally popular movies and television shows is growing. Another factor helping the cable industry is the difficulty of getting video from the computer onto the TV. That may not be a deterrent for those who have grown accustomed to watching movies on their laptop. But the last thing many consumers want to do is hook up wires or program a new box before sitting back to relax and watch TV. In that sense, the lure of cable appears to have a sociological component. In a stress-filled life, cable television is easy to use. ?I work eight hours a day facing a computer. When I come home, the last thing I want to do is mess with another computer,? said Eric Yu, 24, a college student in San Francisco who pays around $80 a month for cable. Mr. Yu said he watches only a handful of channels, including some in high definition like National Geographic. But to get them, he has to pay for a premium package. ?I just pay the bill and try to forget about it,? he said. ?It lessens the pain.? Evelyn Tan, 22, a friend of Mr. Yu, takes a different approach. She pays Comcast $33 a month for Internet access and does not get cable television ? but she does watch TV programming. In fact, she watches ABC shows like ?Desperate Housewives? and ?Gray?s Anatomy,? which are free on the Web. When she wants to watch shows or movies that are not readily available online, she says she easily pirates them. ?I would not pay for cable TV at all,? she said. Broadcast networks like ABC, NBC and Fox are starting to put their programming on the Internet. But most cable channels do not because they depend on subscriber revenue. Albert Cheng, executive vice president for digital media at the Disney- ABC Television Group, said the industry was trying to prepare for an era in which more video is watched on computers. ?It wasn?t lost on us what happened to the music industry,? Mr. Cheng said. Even though the audience is growing for ABC shows online, he said, this is supplementing, rather than undercutting, the television audience. Enter Silicon Valley. It is trying to marry the content people want with their preferred setting for viewing it. There is a host of new set-top boxes and consumer devices aimed at bringing video and other content from the Internet to the TV. Apple?s iTunes store offers 20,000 episodes of some 800 shows at typically $1.99 or $2.99 an episode, effectively creating an ? la carte option. But consumers must either watch on their computers, wire the computer to the television or get an Apple TV. This week Roku, a Silicon Valley start-up, began selling a $99 box that streams movies from Netflix straight to the TV. And this summer Hewlett-Packard is expected to introduce a device called the MediaSmart Connect, a sleek box connecting computer and TV that lets users watch Internet videos as well as rent or buy some 6,000 movies through CinemaNow, an H.P. partner. But the box will also demonstrate how much of a gap still separates the computer screen and the TV screen. Carlos Montalvo, vice president for marketing of connected entertainment at H.P., said the MediaSmart Connect and similar devices would not offer much of the programming provided over cable, or even programming that content companies allow to be delivered over the Internet to computers. The reason, he said, is that this content is licensed to be shown only on a computer, not delivered via computer to a TV. ?Simply because the technology is there doesn?t mean that the large opus of content ? both television and movies ? that is available on the two-foot screen can move automatically to the large-screen TV,? he said. From rforno at infowarrior.org Sun May 25 23:28:54 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 May 2008 19:28:54 -0400 Subject: [Infowarrior] - CSIS spying on Canadian punk band Message-ID: CSIS spying on Canadian punk band Matthew Brett, May 20th, 2008 http://www.canadiandimension.com/blog/2008/05/csis-spying-on-canadian-punk-band/ (Share widely) Canada?s spy agency and an RCMP anti-terror unit carried out an intelligence campaign against Ottawa-based punk band The Suicide Pilots, documents obtained through Access to Information requests show. Following the arrest of the band?s drummer, bones (aka Jeffrey Monaghan), the RCMP?s anti-terror unit opened a file on the band, alleging their logo ?depicts an airplane flying into the Peace Tower on Parliament Hill.? A copy of the frightened-looking airplane caricature was included in the 184 page file. ?If you want an example of bloated police powers, this is it,? says Ottawa-based lawyer Yavar Hameed. Hameed notes that the investigation seems to be completely unrelated to the arrest of Mr. Monaghan. Monaghan was alleged to have leaked the Tory Green Plan last spring. The anti-terror investigation appears to have surfaced after media coverage of Mr. Monaghan denouncing the Harper regime?s actions of climate change. Monaghan has never been charged. The investigation is organized through the Integrated National Security Enforcement Teams (INSET), and the documents reveal an explicit coordination with Canada?s spy agency, CSIS. Hameed notes that this case illustrates the unaccountability of police agencies in their efforts to catalog and criminalize activists. The Suicide Pilots have commented that the intelligence effort is another example of state-lawlessness in the so-called ?War on Terror.? ?The explosion of security culture over the past few years has cost countless innocent people very dearly, in ways we can?t even begin to fully appreciate - but this just straddles the line between disturbing and silly. What?s next? A tag-and-release program for social activists? We already have a make-work program for creepy, paranoid voyeurs,? says the band?s vocalist NaCl. It is unclear why, precisely, the band has been targeted. The documents indicate that investigators believe the band compares ?Harper to Hitler? ? a reference to the band?s song entitled Harper Youth. It notes that the band has ?anti-Harper songs? and a ?9-11 type drawing showing an airplane crashing into the Parliament.? The documents also make several references to the recently-opened Anarchist infoshop, Exile, in Ottawa. ?Transforming artistic expression into a terrorist thought-crime is outrageous? declares University of Victoria Canada Research Chair in Modern and Contemporary Art Allan Antliff. ?I would be interested to learn more about the definition of terrorism under which the police justify their actions. I define terrorism as the illegal use of violence for the purposes of influencing someone?s behaviour, inflicting punishment, or seeking revenge. By those criteria they should be investigating the CIA, not a Punk Rock band.? This is only one more example of Harper?s ?War on Terror? gone mad. If a no-name punk band in Canada can have a domestic terrorism file opened on them for promoting an anti-statist message, it sets an alarming precedent for the Harper government to monitor and censor all dissenters that voice their politics through art. All art, all music, is threatened by such RCMP and CSIS monitoring. KEY FINDINGS: -The investigation seems to be unrelated to the alleged Green Plan leak. -The investigation is organized through the Integrated National Security Enforcement Teams (INSET). INSET is a recent amalgamation of intelligence and security agencies. It was created with the mandate to coordinate information flow between Canadian, US, as well as other policing and intelligence agencies. -A PDF of the ATIP is available from thesuicidepilots at gmail.com and Yavar Hameed Contact: Yavar Hameed, Legal Council, 613 853 0840 (cell) Allan Antliff, Canada Research Chair, Art History, University of Victoria (allan at uvic.ca) From rforno at infowarrior.org Mon May 26 03:24:41 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 May 2008 23:24:41 -0400 Subject: [Infowarrior] - The Last Roundup Message-ID: (Conspiracy or truth, you be the judge........rf) The Last Roundup Is the government compiling a secret list of citizens to detain under martial law? By Christopher Ketcham PAGE 1 / 5 This article is from the May/June issue of Radar Magazine. For a risk- free issue, click here. In the spring of 2007, a retired senior official in the U.S. Justice Department sat before Congress and told a story so odd and ominous, it could have sprung from the pages of a pulp political thriller. It was about a principled bureaucrat struggling to protect his country from a highly classified program with sinister implications. Rife with high drama, it included a car chase through the streets of Washington, D.C., and a tense meeting at the White House, where the president's henchmen made the bureaucrat so nervous that he demanded a neutral witness be present. The bureaucrat was James Comey, John Ashcroft's second-in-command at the Department of Justice during Bush's first term. Comey had been a loyal political foot soldier of the Republican Party for many years. Yet in his testimony before the Senate Judiciary Committee, he described how he had grown increasingly uneasy reviewing the Bush administration's various domestic surveillance and spying programs. Much of his testimony centered on an operation so clandestine he wasn't allowed to name it or even describe what it did. He did say, however, that he and Ashcroft had discussed the program in March 2004, trying to decide whether it was legal under federal statutes. Shortly before the certification deadline, Ashcroft fell ill with pancreatitis, making Comey acting attorney general, and Comey opted not to certify the program. When he communicated his decision to the White House, Bush's men told him, in so many words, to take his concerns and stuff them in an undisclosed location. The Continuity of Governance program encompasses national emergency plans that would trigger the takeover of the country by extra- constitutional forces. In short, it's a road map for martial lawComey refused to knuckle under, and the dispute came to a head on the cold night of March 10, 2004, hours before the program's authorization was to expire. At the time, Ashcroft was in intensive care at George Washington Hospital following emergency surgery. Apparently, at the behest of President Bush himself, the White House tried, in Comey's words, "to take advantage of a very sick man," sending Chief of Staff Andrew Card and then?White House counsel Alberto Gonzales on a mission to Ashcroft's sickroom to persuade the heavily doped attorney general to override his deputy. Apprised of their mission, Comey, accompanied by a full security detail, jumped in his car, raced through the streets of the capital, lights blazing, and "literally ran" up the hospital stairs to beat them there. Minutes later, Gonzales and Card arrived with an envelope filled with the requisite forms. Ashcroft, even in his stupor, did not fall for their heavy-handed ploy. "I'm not the attorney general," Ashcroft told Bush's men. "There"?he pointed weakly to Comey?"is the attorney general." Gonzales and Card were furious, departing without even acknowledging Comey's presence in the room. The following day, the classified domestic spying program that Comey found so disturbing went forward at the demand of the White House?"without a signature from the Department of Justice attesting as to its legality," he testified. What was the mysterious program that had so alarmed Comey? Political blogs buzzed for weeks with speculation. Though Comey testified that the program was subsequently readjusted to satisfy his concerns, one can't help wondering whether the unspecified alteration would satisfy constitutional experts, or even average citizens. Faced with push-back from his bosses at the White House, did he simply relent and accept a token concession? Two months after Comey's testimony to Congress, the New York Times reported a tantalizing detail: The program that prompted him "to threaten resignation involved computer searches through massive electronic databases." The larger mystery remained intact, however. "It is not known precisely why searching the databases, or data mining, raised such a furious legal debate," the article conceded. Another clue came from a rather unexpected source: President Bush himself. Addressing the nation from the Oval Office in 2005 after the first disclosures of the NSA's warrantless electronic surveillance became public, Bush insisted that the spying program in question was reviewed "every 45 days" as part of planning to assess threats to "the continuity of our government." Few Americans?professional journalists included?know anything about so- called Continuity of Government (COG) programs, so it's no surprise that the president's passing reference received almost no attention. COG resides in a nebulous legal realm, encompassing national emergency plans that would trigger the takeover of the country by extra- constitutional forces?and effectively suspend the republic. In short, it's a road map for martial law. While Comey, who left the Department of Justice in 2005, has steadfastly refused to comment further on the matter, a number of former government employees and intelligence sources with independent knowledge of domestic surveillance operations claim the program that caused the flap between Comey and the White House was related to a database of Americans who might be considered potential threats in the event of a national emergency. Sources familiar with the program say that the government's data gathering has been overzealous and probably conducted in violation of federal law and the protection from unreasonable search and seizure guaranteed by the Fourth Amendment. According to a senior government official who served with high-level security clearances in five administrations, "There exists a database of Americans, who, often for the slightest and most trivial reason, are considered unfriendly, and who, in a time of panic, might be incarcerated. The database can identify and locate perceived 'enemies of the state' almost instantaneously." He and other sources tell Radar that the database is sometimes referred to by the code name Main Core. One knowledgeable source claims that 8 million Americans are now listed in Main Core as potentially suspect. In the event of a national emergency, these people could be subject to everything from heightened surveillance and tracking to direct questioning and possibly even detention. < - > http://www.radaronline.com/from-the-magazine/2008/05/government_surveillance_homeland_security_main_core_02-print.php From rforno at infowarrior.org Mon May 26 03:28:36 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 May 2008 23:28:36 -0400 Subject: [Infowarrior] - States Chafing at U.S. Focus on Terrorism Message-ID: <97C059E7-0C14-478D-9AF4-66B6420DCFFD@infowarrior.org> May 26, 2008 States Chafing at U.S. Focus on Terrorism By ERIC SCHMITT and DAVID JOHNSTON http://www.nytimes.com/2008/05/26/us/26terror.html?hp=&pagewanted=print Juliette N. Kayyem, the Massachusetts homeland security adviser, was in her office in early February when an aide brought her startling news. To qualify for its full allotment of federal money, Massachusetts had to come up with a plan to protect the state from an almost unheard-of threat: improvised explosive devices, known as I.E.D.?s. ?I.E.D.?s? As in Iraq I.E.D.?s?? Ms. Kayyem said in an interview, recalling her response. No one had ever suggested homemade roadside bombs might begin exploding on the highways of Massachusetts. ?There was no new intelligence about this,? she said. ?It just came out of nowhere.? More openly than at any time since the Sept. 11 attacks, state and local authorities have begun to complain that the federal financing for domestic security is being too closely tied to combating potential terrorist threats, at a time when they say they have more urgent priorities. ?I have a healthy respect for the federal government and the importance of keeping this nation safe,? said Col. Dean Esserman, the police chief in Providence, R.I. ?But I also live every day as a police chief in an American city where violence every day is not foreign and is not anonymous but is right out there in the neighborhoods.? The demand for plans to guard against improvised explosives is being cited by state and local officials as the latest example that their concerns are not being heard, and that federal officials continue to push them to spend money on a terrorism threat that is often vague. Some $23 billion in domestic security financing has flowed to the states from the federal government since the Sept. 11 attacks, but authorities in many states and cities say they have seen little or no intelligence that Al Qaeda, or any of its potential homegrown offshoots, has concrete plans for an attack. Local officials do not dismiss the terrorist threat, but many are trying to retool counterterrorism programs so that they focus more directly on combating gun violence, narcotics trafficking and gangs ? while arguing that these programs, too, should qualify for federal financing, on the theory that terrorists may engage in criminal activity as a precursor to an attack. Michael Chertoff, the Homeland Security secretary, said in an interview that his department had tried to be flexible to accommodate local needs. ?We have not been highly restrictive,? Mr. Chertoff said. But he said the department?s programs were never meant to assist local law enforcement agencies in their day-to-day policing. The requirements of the Homeland Security programs had helped strengthen the country against an attack, Mr. Chertoff said, expressing concern about shifting money to other law enforcement problems from counterterrorism. ?If we drop the barrier and start to lose focus,? he said, ?we will make it easier to have successful attacks here.? Local officials have long groused that Homeland Security grants seemed mismatched with local needs and that the agency?s requirements failed to recognize regional differences. After Hurricane Katrina struck Gulf Coast states in 2005, federal authorities demanded that cities come up with evacuation plans, even on the West Coast where earthquakes, not hurricanes, are a threat. Most of the $23 billion in federal grants has been spent shoring up local efforts to prevent, prepare for and ferret out a possible attack. Because official post-9/11 critiques found huge gaps in communication and coordination, billions of dollars have been spent linking federal law enforcement and intelligence authorities to the country?s more than 750,000 police officers, sheriffs and highway patrol officers. Many Homeland Security-financed ?fusion centers,? designed to collect and analyze data to deter terrorist attacks, have evolved into what are known as ?all-crimes? or ?all-hazards? operations, branching out from terrorism to focus on violent crime and natural disasters. Intelligence officials assert that Al Qaeda remains intent on striking inside the United States. The Seattle chief of police, R. Gil Kerlikowske, said, ?If the law enforcement focus at the local level is only on counterterrorism, you will be unable as a local entity to sustain it unless you are an all-crimes operation, and you may be missing some very significant issues that could be related to terrorism.? Chief Kerlikowske is president of a group of police chiefs from major cities who said in a report last week that local governments were being forced to spend increasingly scarce resources because, they say, Homeland Security did not pay for all the costs. ?Most local governments move law enforcement, counterterrorism and intelligence programs down on the priority list because their municipality has not yet been directly affected by an attack,? the report said. Seattle has experienced its own terrorism scares since 9/11, after photographs of the Space Needle were recovered in 2002 from suspected Qaeda safe houses in Afghanistan. The city had another jolt last year when the Federal Bureau of Investigation sought the public?s help in locating two men ?exhibiting unusual behavior? on a ferry. Neither episode proved an actual threat. In the case of this year?s focus on improvised explosives, the main killer of American troops in Iraq, Homeland Security officials say the attention to the domestic threat stems from a classified strategy that President Bush approved last year that is designed to help the country to deter and defeat I.E.D.?s before terrorists can detonate them here. The administration is completing a plan to assign specific training, prevention and response duties to several federal agencies, including the F.B.I. and Homeland Security, the officials said. But they also said that state advisers misunderstood the financing guidelines, and that states could also meet the requirement by improving their overall preparedness against a range of undefined terrorist threats. State officials say the federal government issued the grant requirement without providing any new information pointing to the danger of bomb threats in the United States ? an approach they said underscored the glaring disconnect between how states and the federal government view the terrorist threat. ?I.E.D. detection, protection, and prevention is an important issue, and we all need to be looking at that,? Matthew Bettenhausen, California?s homeland security director, said in a telephone interview. But, he said of the grant requirement: ?It?s another thing to be so prescriptive; that came as a surprise to many of us states.? Maj. Gen. Tod M. Bunting, the homeland security director for Kansas, said Washington ran the risk of raising undue public alarm by prescribing such a large part of the grant to bomb prevention. ?A federal cookie-cutter mandate doesn?t work on every state,? said General Bunting, who is also the state?s adjutant general. Leesa Berens Morrison, Arizona?s homeland security director, said the new federal guidance ?absolutely surprised us,? and said state officials were scrambling to comply. In Massachusetts, Ms. Kayyem regarded a potential grant this year of $20 million in federal homeland security money as too important to pass up, even though she said that technically one-quarter of it had to be spent on I.E.D.?s to qualify for the money. So, Massachusetts officials wrote a creative proposal, pledging to upgrade bomb squads in many of the state?s 351 cities and towns. It also proposed buying new hazardous-material suits, radios to communicate between law enforcement agencies and explosive-detection devices. But Ms. Kayyem acknowledged that much of the equipment was chosen to serve double duty. Hazmat suits could be useful in the event of a bombing, but would be even more help with accidents that state officials regarded as much more probable, like chemical spills on the Massachusetts Turnpike. The grant was approved by federal authorities, but Mr. Chertoff warned: ?There are times when you get so far away from the core purpose that it?s hard to justify the grant money.? In one effort to crack down on what Mr. Chertoff referred to as ?mission creep,? Homeland Security officials last year imposed restrictions on use of a heavy truck by the police in Providence, R.I. The truck had been bought with federal counterterrorism money, based on a plan that it be used to haul a patrol boat used for port security. But when the Police Department began to use the truck instead to pull a horse trailer, federal authorities sought to draw the line, relenting only after local officials protested in a phone call with Washington, said local and federal officials. Eric Schmitt reported from Boston, Phoenix and Topeka, Kan.; and David Johnston from Washington. From rforno at infowarrior.org Mon May 26 13:48:23 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 May 2008 09:48:23 -0400 Subject: [Infowarrior] - Papers Posted: Web 2.0 Security & Privacy 2008 conference Message-ID: W2SP 2008: Web 2.0 Security and Privacy 2008 http://seclab.cs.rice.edu/w2sp/2008/ From rforno at infowarrior.org Mon May 26 13:53:45 2008 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 May 2008 09:53:45 -0400 Subject: [Infowarrior] - The music biz's digital flops - a short history Message-ID: <2BC3D42B-9E1B-4D73-B299-DBB562A30839@infowarrior.org> The music biz's digital flops - a short history By Paul Sanders Published Monday 26th May 2008 12:02 GMT Since the record industry first noticed that some of the kids were using the internet in the mid-90s, it's flopped from one puddle to the next. Despite a desperate need to evolve - guys, the pond is drying up, do try to breathe - recording industry strategy has flopped from one muddy puddle to the next, and a muddy puddle is quite a good metaphor for the latest survival strategy: advertising supported music which 'feels like free' to the consumer. Flop, flop, flop. So let's take a quick tour of the puddles, in rough chronological order. < - > Original URL: http://www.theregister.co.uk/2008/05/26/paul_sanders_digital_flops/ From rforno at infowarrior.org Tue May 27 11:43:37 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 May 2008 07:43:37 -0400 Subject: [Infowarrior] - FBI hiring moles for GOP Convention Message-ID: <3659AFFF-8BD3-4589-B60F-8C5177BF92C3@infowarrior.org> (Paying someone only if their report leads to an arrest makes it quite likely there would be a few false arrests, don'tcha think? This is a convention with short-term intelligence requirements, not a Missing Persons alert that can conduct deeper and more rigorous analysis of leads received....meaning a likely situation of 'shoot- first, arrest-first, and ask questions later' ---of course, once you get accidentally placed into 'some database' it'll probably be impossible to get out of....how reassuring. -.rf) http://articles.citypages.com/2008-05-21/news/moles-wanted/ May 21, 2008 In preparation for the Republican National Convention, the FBI is soliciting informants to keep tabs on local protest groups Moles Wanted By Matt Snyders Paul Carroll was riding his bike when his cell phone vibrated. Once he arrived home from the Hennepin County Courthouse, where he?d been served a gross misdemeanor for spray-painting the interior of a campus elevator, the lanky, wavy-haired University of Minnesota sophomore flipped open his phone and checked his messages. He was greeted by a voice he recognized immediately. It belonged to U of M Police Sgt. Erik Swanson, the officer to whom Carroll had turned himself in just three weeks earlier. When Carroll called back, Swanson asked him to meet at a coffee shop later that day, going on to assure a wary Carroll that he wasn?t in trouble. Carroll, who requested that his real name not be used, showed up early and waited anxiously for Swanson?s arrival. Ten minutes later, he says, a casually dressed Swanson showed up, flanked by a woman whom he introduced as FBI Special Agent Maureen E. Mazzola. For the next 20 minutes, Mazzola would do most of the talking. ?She told me that I had the perfect ?look,?? recalls Carroll. ?And that I had the perfect personality?they kept saying I was friendly and personable?for what they were looking for.? What they were looking for, Carroll says, was an informant?someone to show up at ?vegan potlucks? throughout the Twin Cities and rub shoulders with RNC protestors, schmoozing his way into their inner circles, then reporting back to the FBI?s Joint Terrorism Task Force, a partnership between multiple federal agencies and state and local law enforcement. The effort?s primary mission, according to the Minneapolis division?s website, is to ?investigate terrorist acts carried out by groups or organizations which fall within the definition of terrorist groups as set forth in the current United States Attorney General Guidelines.? Carroll would be compensated for his efforts, but only if his involvement yielded an arrest. No exact dollar figure was offered. ?I?ll pass,? said Carroll. For 10 more minutes, Mazzola and Swanson tried to sway him. He remained obstinate. ?Well, if you change your mind, call this number,? said Mazzola, handing him her card with her cell phone number scribbled on the back. (Mazzola, Swanson, and the FBI did not return numerous calls seeking comment.) Carroll?s story echoes a familiar theme. During the lead-up the 2004 Republican National Convention in New York City, the NYPD?s Intelligence Division infiltrated and spied on protest groups across the country, as well as in Canada and Europe. The program?s scope extended to explicitly nonviolent groups, including street theater troupes and church organizations. There were also two reported instances of police officers, dressed as protestors, purposefully instigating clashes. At the 2004 Republican National Convention, the NYPD orchestrated a fake arrest to incite protestors. When a blond man was ?arrested,? nearby protestors began shouting, ?Let him go!? The helmeted police proceeded to push back against the crowd with batons and arrested at least two. In a similar instance, during an April 29, 2005, Critical Mass bike ride in New York, video footage captured a ?protestor??in reality an undercover cop ?telling his captor, ?I?m on the job,? and being subsequently let go. Minneapolis?s own recent Critical Mass skirmish was allegedly initiated by two unidentified stragglers in hoods?one wearing a handkerchief over his or her face?who ?began to make aggressive moves? near the back of the pack. During that humid August 31 evening, officers went on to arrest 19 cyclists while unleashing pepper spray into the faces of bystanders. The hooded duo was never apprehended. In the scuffle?s wake, conspiracy theories swirled that the unprecedented surveillance?squad cars from multiple agencies and a helicopter hovering overhead?was due to the presence of RNC protesters in the ride. The MPD publicly denied this. But during the trial of cyclist Gus Ganley, MPD Sgt. David Stichter testified that a task force had been created to monitor the August 31 ride and that the department knew that members of an RNC protest group would be along for the ride. ?This is all part of a larger government effort to quell political dissent,? says Jordan Kushner, an attorney who represented Ganley and other Critical Mass arrestees. ?The Joint Terrorism Task Force is another example of using the buzzword ?terrorism? as a basis to clamp down on people?s freedoms and push forward a more authoritarian government.? From rforno at infowarrior.org Tue May 27 11:53:47 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 May 2008 07:53:47 -0400 Subject: [Infowarrior] - Copyright deal could toughen rules governing info on iPods, computers Message-ID: <2DF4CDF1-60FF-4A8F-BD1E-F1AA0824BB30@infowarrior.org> Copyright deal could toughen rules governing info on iPods, computers http://www.canada.com/topics/technology/science/story.html?id=ae997868-220b-4dae-bf4f-47f6fc96ce5e Vito Pilieci Canwest News Service Monday, May 26, 2008 CREDIT: OTTAWA - The federal government is secretly negotiating an agreement to revamp international copyright laws which could make the information on Canadian iPods, laptop computers or other personal electronic devices illegal and greatly increase the difficulty of travelling with such devices. The deal could also impose strict regulations on Internet service providers, forcing those companies to hand over customer information without a court order. Called the Anti-Counterfeiting Trade Agreement (ACTA), the new plan would see Canada join other countries, including the United States and members of the European Union, to form an international coalition against copyright infringement. The agreement is being structured much like the North American Free Trade Agreement (NAFTA) except it will create rules and regulations regarding private copying and copyright laws. Federal trade agreements do not require parliamentary approval. The deal would create a international regulator that could turn border guards and other public security personnel into copyright police. The security officials would be charged with checking laptops, iPods and even cellular phones for content that "infringes" on copyright laws, such as ripped CDs and movies. The guards would also be responsible for determining what is infringing content and what is not. The agreement proposes any content that may have been copied from a DVD or digital video recorder would be open for scrutiny by officials - even if the content was copied legally. "If Hollywood could order intellectual property laws for Christmas what would they look like? This is pretty close," said David Fewer, staff counsel at the University of Ottawa's Canadian Internet Policy and Public Interest Clinic. "The process on ACTA so far has been cloak and dagger. This certainly raises concerns." The leaked ACTA document states officials should be given the "authority to take action against infringers (i.e., authority to act without complaint by rights holders)." Anyone found with infringing content in their possession would be open to a fine. They may also have their device confiscated or destroyed, according to the four-page document. The trade agreement includes "civil enforcement" measures which give security personnel the "authority to order ex parte searches" (without a lawyer present) "and other preliminary measures". In Canada, border guards already perform random searches of laptops at airports to check for child pornography. ACTA would expand the role of those guards. On top of these enforcement efforts, ACTA also proposes imposing new sanctions on Internet service providers. It would force them to hand over personal information pertaining to "claimed infringement" or "alleged infringers" - users who may be transmitting or sharing copyrighted content over the Internet. Currently, rights holders must collect evidence to prove someone is sharing copyrighted material over the Internet. That evidence is then presented to a judge who issues a court order telling the Internet service provider to identify the customer. The process can produce lengthy delays. It is expected the new agreement will be tabled at July's meeting of G8 nations in Tokyo, Japan. Fewer has been following the progress of ACTA and has exhausted every avenue at his disposal to gain insight into its details. He said Friday's leak of a "discussion paper" which outlines the priorities of the agreement is the first glimpse anyone has into ACTA. "We knew this existed, we filed an Access to Information request for this but all it provided us with was the title. All the rest of it was blacked out, " he said. "Those negotiations can take place behind closed doors. At the end of the day we may be provided with something that has been negotiated which is a `fait accompli' in which civil society gets no opportunity to critique it." Fewer expressed concerns about the part of the proposal that calls for ACTA to operate outside of accepted international forums such as the World Trade Organization (WTO), the World Intellectual Property Organization (WIPO) or the United Nations. In the discussion paper, it is proposed ACTA create its own governing body and be overseen by a committee made up of representatives from member nations. "This initiative is unprecedented," he said. The ACTA discussion paper was leaked online by Sunshine Media, the company that runs the Wikileaks.org website - a whistleblowing website created to help circulate secret documents. In October, International Trade Minister David Emerson announced Canada would participate in ACTA's creation. The initiative was originally aimed at stopping large-scale piracy, such as printing operations that make thousands of copies of movies that are still in theatres. "We are seeking to counter global piracy and counterfeiting more effectively," said Emerson at the time. "This government is working both at home and internationally to protect the intellectual property rights of Canadian artists, creators, inventors and investors." The new document is reported to be drafted by the Office of the United States Trade Representative. A spokeswoman with the office refused to comment on the leaked document and directed all questions about ACTA to a short information circular about the initiative. Michael Geist, Canada research chair of Internet and E-commerce law at the University of Ottawa and expert on Canadian copyright law, blasted the government for advancing ACTA with little public consultation. Geist said documents detailing ACTA's plans would not need to be leaked online if the process was open and transparent. "That's what happens when you conduct all of this behind closed doors," he said. "The lack of consultation, the secrecy behind it and the speculation that this will be concluded within a matter of months without any real public input is deeply troubling." Fewer and Geist said, once Canada signs the new trade agreement it will be next to impossible to back out of it. In a situation similar to what happened in the Softwood Lumber trade dispute, Canadians could face hefty penalties if it does not comply with ACTA after the agreement has been completed. The Department of International Trade did not respond to repeated requests for comment. ? CanWest News Service 2008 From rforno at infowarrior.org Tue May 27 12:00:04 2008 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 May 2008 08:00:04 -0400 Subject: [Infowarrior] - CALL: Media Is the Battlefield: TTP (2006) Message-ID: US Army Center for Lessons Learned report "Media is the Battlefield: Tactics, Techniques and Procedures", 89 pages written at the For Official Use Only level and dated Oct 2006. In 2006, the media is indeed part of the battlefield, and commanders must look at it that way. War in the 21st century is certainly fought in the fourth dimension. All commanders, leaders, and Soldiers must understand that and train for that fight. Media operations are vital components of the information operations fight. This newsletter explores the role media operations play on the modern battlefield, enumerating battle-tested and proven public affairs training guidance tactics, techniques, and procedures (TTP) http://www.wikileaks.org/wiki/US_Army_Center_for_Lessons_Learned:_Media_is_the_Battlefield_%282006%29 From rforno at infowarrior.org Thu May 29 00:47:52 2008 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 May 2008 20:47:52 -0400 Subject: [Infowarrior] - USAF pulls controversial TV spot Message-ID: <51D8CBD9-47DE-4A2F-B20E-100D5FD0F6D2@infowarrior.org> U.S. Air Force pulls controversial TV spot By BEN IANNOTTA May 15, 2008 http://www.c4isrjournal.com/story.php?F=3530863 The U.S. Air Force has temporarily pulled a television advertisement depicting a missile destroying an American satellite. The blogosphere lit up with criticism of the ad?s narration, which said that a single missile could knock out cell phone calls, television programming and GPS navigation. The ad, which ran on CNN and online, was part of the Air Force?s new ?Above All? recruiting and public-relations campaign. The service does not appear to be backing away from the ad?s fiery visual or its premise that Americans are more vulnerable than they realize to attacks on U.S. satellites. The Air Force plans to bring the ad back with a new story line, said Air Force spokeswoman Maj. Morshe Araujo. ?The Air Force stopped airing the spot due to a misleading statement about the ability of a single missile to take out multiple satellite capabilities,? Araujo said, adding that new language is under review. ?We?re looking at the story board and making sure it doesn?t have any misleading statements.? The service completed pulling the ad May 14. In the ad, which still appears on the YouTube.com Web site, a satellite floats above the Earth while a narrator warns: ?What if your cell-phone calls, your television, your GPS system, even your bank transactions could be taken out with a single missile? They can.? The satellite then explodes. GPS experts said it is true that cellular-phone communications and bank transactions would crash without timing signals from the Air Force?s GPS constellation. The precise timing signals ensure that millions of communications do not collide with each other as they course along crowded airwaves and fiber-optic cables. But several GPS satellites would have to be destroyed to disrupt those services, they said. The same thing could be accomplished, though temporarily, if an enemy were to use ground transmitters to jam GPS signals at key communications installations. From rforno at infowarrior.org Thu May 29 12:07:49 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 May 2008 08:07:49 -0400 Subject: [Infowarrior] - Viacom's argument on YouTube ignores DMCA 'Safe Harbor' Message-ID: Viacom's New Argument Against YouTube: Embedding Videos Removes Safe Harbors http://techdirt.com/articles/20080528/0108041242.shtml While we already discussed Google's latest response to Viacom's lawsuit against YouTube, Cynthia Brumfeld has picked up on an interesting point that's been overlooked: Viacom's amended complaint includes a slightly different argument as to why Google/YouTube are not protected by the DMCA's safe harbors, effectively claiming that YouTube takes an active role in transmitting the content. This is somewhat similar to an earlier argument that some made that YouTube is disqualified from the safe harbors because it transforms video from its original format into flash, but stretches it even further. Even worse, Viacom brings up the issue of embedding videos. Of course, YouTube's embedding feature that allows anyone to easily embed a video in any webpage was one of its big selling points. Last year, we had raised the question (that still hasn't been answered) whether or not it was copyright infringement to embed an infringing video into your own site (even though you don't host the content at all). Viacom seems to be claiming that by enabling this act of embedding is infringing. Why? Because it's YouTube serving up the video, rather than the original uploader. That's a huge stretch by any imagination and hopefully the court will toss it out. Otherwise, it effectively nullifies the entire safe harbor provision of the DMCA. The point of the safe harbors are to protect the platform provider for the infringement of its users. If the court accepts Viacom's claim here, then it completely throws out that clear meaning of the safe harbor provision. It basically says that any service provider who "hosts" content that is accessed via another site is now guilty of copyright infringement, even if the company is never alerted that the content infringes. That goes against the clear meaning and purpose of the safe harbor provisions. From rforno at infowarrior.org Fri May 30 01:45:28 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 May 2008 21:45:28 -0400 Subject: [Infowarrior] - US probes whether laptop copied on China trip Message-ID: (....so what's the point of us 'worker bees' having to endure mindless 'foreign travel briefings' when the idiots up top don't even exercise common sense and basic overseas OPSEC? ----rf) US probes whether laptop copied on China trip By TED BRIDIS, Associated Press Writer2 hours, 40 minutes ago http://news.yahoo.com/s/ap/20080529/ap_on_go_ca_st_pe/china_hacking&printer=1;_ylt=Alo4DyD.pkDYRJ7Pn8KGwIqWwvIE U.S. authorities are investigating whether Chinese officials secretly copied the contents of a government laptop computer during a visit to China by Commerce Secretary Carlos M. Gutierrez and used the information to try to hack into Commerce computers, officials and industry experts told The Associated Press. Surreptitious copying is believed to have occurred when a laptop was left unattended during Gutierrez's trip to Beijing for trade talks in December, people familiar with the incident told the AP. These people spoke on condition of anonymity because the incident was under investigation. Gutierrez told the AP on Thursday he could not discuss whether or how the laptop's contents might have been copied. "Because there is an investigation going on, I would rather not comment on that," he said. "To the extent that there is an investigation going on, those are the things being looked at, those are the questions being asked. I don't think I should provide any speculative answers." A Commerce Department spokesman, Rich Mills, said he could not confirm or deny such an incident in China. Asked whether the department has issued new rules for carrying computers overseas, Mills said: "The department is continuing to improve our security posture, and that includes providing updates, guidances and best practices to staff to maintain security." It was not immediately clear what information on the laptop might have been compromised, but it would be highly unorthodox for any U.S. government official to carry classified data on a laptop overseas to China, especially one left unattended even briefly. Modern copying equipment can duplicate a laptop's storage drive in just minutes. The report of the incident is the latest in a series of worrisome cyber security problems blamed on China and comes at a sensitive time, with looming trade issues between the countries and special attention on China over the upcoming summer Olympics. Gutierrez returned just weeks ago from another trip to Beijing, where he noted he had "traveled here more than to any other foreign city during my tenure as commerce secretary." In the period after Gutierrez returned from China in December, the U.S. Computer Emergency Readiness Team ? known as US-CERT, some of the government's leading computer forensic experts ? rushed to the Commerce Department on at least three occasions to respond to serious attempts at data break-ins, officials told the AP. "There's nothing to substantiate an actual compromise at this time," said Russ Knocke, spokesman for the Department of Homeland Security. Knocke said he was unable to find records of a DHS investigation. He said US-CERT workers have visited the Commerce Department eight times since December, but none of those visits related to laptops or the secretary's trip to China. He said the US-CERT organization works routinely with all U.S. agencies. The FBI declined to comment. It wasn't clear whether leaving the laptop unattended violated U.S. government rules. Some agencies, such as Homeland Security, routinely provide officials with sanitized laptops to carry on trips overseas and require them to leave in the U.S. their everyday laptops, which might contain sensitive information. Some former Commerce officials told the AP they were careful to keep electronic devices with them at all times during trips to China. "We have rules in place," Gutierrez said. "We have procedures that people go through before they travel. So, there is a very significant process in place. Technology is obviously moving very quickly, and we have to move very quickly with it. But all of that is something that we are going through." A senior U.S. intelligence official, Joel F. Brenner, recounted a separate story of an American financial executive who traveled to Beijing on business and said he had detected attempts to remotely implant monitoring software on his handheld "personal digital assistant" device ? software that could have infected the executive's corporate network when he returned home. The executive "counted five beacons popped into his PDA between the time he got off his plane in Beijing and the time he got to his hotel room," Brenner, chief of the office of the National Counterintelligence Executive under the CIA, said during a speech in December. Brenner recommended throwaway cellular phones for any business people traveling to China. "The more serious danger is that your device will be corrupted with malicious software that takes only a second or two to download ? and you will not know it ? and that can be transferred to your home server when you collect your e-mail," he said. The Pentagon, State Department and Commerce Department all have been victimized by widespread computer intrusions blamed on China since July 2006. Defense Secretary Robert Gates confirmed in September that parts of the Pentagon's unclassified e-mail system ? used by Gates and hundreds of others ? were disrupted in June 2007 due to a break-in. The Commerce Department break-ins have been so serious that its Bureau of Industry and Security, which regulates exports of sensitive technology that might be used in weapons, effectively unplugged itself from the Internet. Workers were instructed to use a few laptops placed around the office that are isolated from the department's network, even to search for public information using Google's Web search engine. "We have discovered a number of very serious threats to the integrity of our systems and data," wrote then-Deputy Undersecretary of Commerce Mark Foulon to employees in an e-mail obtained by AP under the Freedom of Information Act. He said the department was not the government's only hacking victim, "but we have an obligation, which we must take seriously, to take all necessary measures to protect our systems and our data." At the time, Foulon acknowledged that some of the protective measures "may create difficulties and even reduce productivity." Fully one year after being unplugged from the Internet, some Commerce Department employees complained about the inconvenience. One worker offered to provide his own laptop so he could work at his desk, rather than use one of the office terminals 30 feet away. "How that endanger the network?" the employee wrote last summer. His request was denied by a security supervisor who complained that he, too, was struggling with the same Internet restrictions. ___ Associated Press writers Jeannine Aversa and Eileen Sullivan contributed to this story from Washington. From rforno at infowarrior.org Fri May 30 02:05:35 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 May 2008 22:05:35 -0400 Subject: [Infowarrior] - Did Hollywood launch illegal DDOS against Revision3? Message-ID: Revision3 DOS outage, has Hollywood gone too far? http://news.cnet.com/8301-10784_3-9955365-7.html?part=rss&subj=news&tag=2547-1_3-0-20 A company that legitimately distributes its video programming via peer- to-peer is shut down for three days last weekend after being pummeled with traffic. The likely culprit: a company paid by the major movie studios and record labels to fight piracy. What's wrong with this picture? It was Memorial Day weekend and Revision3 was scrambling to get its Web TV network back up. Its servers were being bombarded with so much traffic, they were shut down in what is known as a denial-of-service outage. That meant no Diggnation or Tekzilla--popular Web shows for a generation of tech-savvy consumers who get their news and entertainment from the Internet instead of TV. (Credit: Revision3) The attacks led to hundreds of thousands of disgruntled fans and tens of thousands of dollars in lost ad revenue for Revision3, estimates Revision3 Chief Executive Jim Louderback. In the following days, Revision3 was able to trace the majority of the packets overwhelming its torrent index server to a company called ArtistDirect, which acknowledged to Louderback that the IP address generating the packets belonged to a Los Angeles-based subsidiary called MediaDefender. MediaDefender offers Internet piracy fighting services to clients including "every major record label and every major movie studio, video game publishers, software publishers, and anime publishers," according to its Web site. The company markets "non-invasive technological countermeasures" it uses on peer-to-peer networks that are designed to "frustrate users' attempts to steal/trade copyrighted content." Among those methods are decoying and spoofing, in which they send blank files and "data noise" that make finding pirated content on the Internet as hard as finding a needle in a haystack. MediaDefender Chief Executive Randy Saaf says he has found evidence that Revision3's tracker has been used to index pirated content for at least four years. "They are running an open tracker that had (links to) a lot of pirated content on it," Saaf said. "We didn't know they were running it. We were targeting the pirated content." But Louderback says that since April 2007, Revision3's tracker has only linked to its own content, except for during the five weeks leading up to Memorial Day. Last month, the company switched tracker software as part of a move to stabilize the server because it was crashing, and that left the server open to the public to post links to outside content, he says. "We didn't advertise it was open. It's like leaving your garage door open," and people can't legally just walk in, he said. Things came to a head after Revision3 closed what Louderback described as a "back door" to its tracker server. The MediaDefender packets-- arriving as fast as 7,000 packets a second--backed up and Revision3's operations were offline for about three days, according to Louderback. "They were either grossly negligent in how they program, or programmed (the traffic) to be obnoxious," he said. "I can't impugn their motives. All I can say is the behavior we saw." "They said they are changing their process and procedures," he added. "That still doesn't give me my weekend back." MediaDefender's Saaf sees it differently. "In our mind we were not targeting a legitimate company. All we saw was a public tracker with (links to) pirated content, he said. Going forward, MediaDefender will look to see if any public trackers it finds are associated with a company, and if so will contact them before acting, Saaf says. "Hollywood goes too far and loses all credibility when their investigators, in the name of antipiracy, act like lawless pirates and hack servers and force law abiding services off the Internet." --Ira Rothken, intellectual property attorney The legal issues are unclear. Putting aside any discrepancies over whether there were links to pirated content on Revision3's tracker and for how long, there are questions about whether by transmitting so many packets at once, MediaDefender knowingly caused a denial-of- service outage. In addition, anti-competition questions could be raised since ArtistDirect promotes videos and music and could be seen as a rival to Revision3. "Hollywood goes too far and loses all credibility when their investigators, in the name of antipiracy, act like lawless pirates and hack servers and force law abiding services off the Internet," said Ira Rothken, an attorney who recently defended TorrentSpy against copyright claims. Using a back door to a server without permission of the owner could make MediaDefender liable under the Computer Fraud and Abuse Act and could violate Revision3's terms of use, which typically prohibit creating unreasonable loads on the servers or accessing servers without authorization, Rothken says. Louderback, who wrote about the situation on his company blog early on Thursday, said he probably won't sue because of financial constraints. MediaDefender's behavior has crossed a line, Rothken says. "Hollywood goes too far and loses all credibility when their investigators, in the name of antipiracy, act like lawless pirates and hack servers and force law abiding services off the Internet," he said. "It's ironic for a company that is supposed to be helping major Hollywood organizations in getting legal compliance, that they would use techniques that at least optically appear to be in violation of the law," Rothken added. To others, including my CNET News.com colleague Charles Cooper, Revision3 is more like a civilian casualty in an escalating cold war over how to protect and distribute copyrighted content in a digital age. "You'll find over time more and more examples of Hollywood, big music and their agents being overzealous, overreaching, and overprotecting," said Eric Garland, chief executive of peer-to-peer file-sharing tracking firm Big Champagne. "If they are going to compete and defend their content aggressively enough to put a meaningful dent in piracy, they are going to be overinclusive and make mistakes." From rforno at infowarrior.org Fri May 30 02:07:32 2008 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 May 2008 22:07:32 -0400 Subject: [Infowarrior] - Broadcast Flag by any other name... Message-ID: May 28, 2008 4:34 PM PDT Microsoft denies Windows Media blocks digital broadcasts http://news.cnet.com/8301-10784_3-9954223-7.html?part=rss&subj=news&tag=2547-1_3-0-20 Microsoft says that there isn't anything in Windows Vista Media Center that would have stopped users from recording two NBC Universal shows earlier this month. Microsoft said in an e-mail to CNET News.com on Wednesday that Media Center honors flags sent to protect against the recording of pay-per- view channels or video on demand (VOD). The company said that it doesn't prevent the recording of over-the-air digital or QAM digital broadcasts. "Windows Media Center currently supports and adheres to CGMS-A," a Microsoft spokeswoman said in the e-mail. "Content distributors use CGMS-A in very limited circumstances, such as to protect programs intended for video on demand. Please note that Windows Media Center does not support Broadcast Flag, sometimes referred to as Digital Broadcast Television Redistribution Control, on ATSC and clear QAM." A controversy began on May 12, when people who attempted to use Windows Vista Media Center to record digital broadcasts of NBC Universal shows American Gladiators and Medium received a message saying the copyright holder had blocked recording of the shows. This isn't supposed to happen. Television viewers have the right to record shows (that aren't pay per view or video on demand) for personal use. NBC Universal later acknowledged that it accidentally flagged the shows, but what irked some Vista users is that the block couldn't have been carried out unless Windows adhered to the flag. NBC Universal also said Wednesday that it had discovered that the flag it sent out was CGMS-A. "It was a CGMS-A flag, not a broadcast flag, that was inadvertently set on those programs," wrote an NBC spokeswoman. "We're not aware of any other issues since then, and the flags were simply mistakes, not a change in policy here." So where does this leave us? Right back to where we started, with a major media company and the world's premiere software maker denying blame. On the bright side, if you can call it that, the situation has illuminated just how much control over home recording broadcasters have as the country moves from analogue to digital broadcasting. "This shows the dangers of having these technologies baked into your devices," said someone who deals with such issues and who asked for anonymity due to potential dealings with the companies involved. Microsoft's response comes a week after saying it had built technology into Vista that adhered to "flags used by broadcasters" that allowed them to "determine how their content is distributed and consumed." This set off warning bells to some because it looked like Microsoft was obeying an FCC proposal that would have required software and hardware makers honor restrictions on recording digital broadcasts--or flags--issued by TV networks. The courts threw out the FCC's plan in 2005 so Microsoft wasn't required to adhere to such restrictions. More than a week later, Microsoft says what it meant was that Vista Media Centers adheres to flags for analog broadcasts. CGMS-A is copy protection for analog TV signals and they aren't supposed to be able to block digital signals. But If nothing in Windows Media Centers was designed to block digital broadcasts and NBC Universal never sent a flag to block digital recording, then how were the shows blocked? Is there a glitch that Microsoft doesn't know about that can be triggered by a CGMS-A flag that prevents the recording of digital broadcasts? Why has Microsoft chosen to adhere to CGMS-A flags? The Electronic Frontier Foundation isn't waiting for NBC Universal or Microsoft to hand over information. The group that advocates for Internet users has has begun looking for the causes of the block and has asked for help from Vista users to shed light on what's happening. EFF staffer Danny O'Brien wrote on the group's blog:"We're looking to obtain raw data dumps of the ATSC stream next time your copy of Vista chokes on an over-the-air digital TV feed." From rforno at infowarrior.org Fri May 30 11:54:20 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 May 2008 07:54:20 -0400 Subject: [Infowarrior] - Good Read.....OSVDB on Zero-Day Hysteria Message-ID: <1976BC90-44CF-4E3F-AA56-F7DAF5B0EB09@infowarrior.org> Who?s to blame? The hazard of ?0-day?. This blog entry is probably worth many pages of ranting, examining and dissecting the anatomy of a 0-day panic and the resulting fallout. Since this tends to happen more often than some of us care to stomach, i?ll touch on the major points and be liberal in pointing fingers. If you receive the ?wag of my finger?, stop being part of the problem and wise up. < - > http://osvdb.org/blog/?p=246 From rforno at infowarrior.org Fri May 30 12:26:35 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 May 2008 08:26:35 -0400 Subject: [Infowarrior] - The Only Thing We Have to Fear Message-ID: Fareed Zakaria Editor of Newsweek International, columnist PostGlobal co-moderator Fareed Zakaria is editor of Newsweek International, overseeing all Newsweek's editions abroad. He writes a regular column for Newsweek, which also appears in Newsweek International and often The Washington Post. more ? http://newsweek.washingtonpost.com/postglobal/fareed_zakaria/2008/05/the_only_thing_we_have_to_fear.html The Only Thing We Have to Fear ... You know that we are living in scary times. Terrorist groups are metastasizing all over the globe. Al Qaeda has re-established its bases in Pakistan and Afghanistan. Hizbullah, Hamas and other radical Islamic groups are gaining strength. You hear this stuff all the time, on television and on the campaign trail. Amid the din, it's hard to figure out the facts. Well, finally we have a well-researched, independent analysis of the data relating to terrorism, released last week by Canada's Simon Fraser University. Its findings will surprise you. It explains that there is a reason you're scared. The U.S. government agency charged with tracking terrorist attacks, the National Counterterrorism Center (NCTC), reported a 41 percent increase from 2005 to 2006 and then equally high levels in 2007. Another major, government-funded database of terrorism, the Memorial Institute for the Prevention of Terror (MIPT), says that the annual toll of fatalities from terrorism grew 450 percent (!) between 1998 and 2006. A third report, the Study of Terrorism and Responses to Terrorism (START), also government-funded, recorded a 75 percent jump in 2004, the most recent year available for the data it uses. The Simon Fraser study points out that all three of these data sets have a common problem. They count civilian casualties from the war in Iraq as deaths caused by terrorism. This makes no sense. Iraq is a war zone, and as in other war zones around the world, many of those killed are civilians. Study director Prof. Andrew Mack notes, "Over the past 30 years, civil wars in the Democratic Republic of Congo, Angola, Liberia, Sierra Leone, Uganda, Bosnia, Guatemala, and elsewhere have, like Iraq, been notorious for the number of civilians killed. But although the slaughter in these cases was intentional, politically motivated, and perpetrated by non-state groups-and thus constituted terrorism as conceived by MIPT, NCTC, and START-it was almost never described as such." To take just two examples, Mack pointed out that in 2004, the Janjaweed militia killed at least 723 civilians in Sudan (as documented by independent studies). The MIPT recorded zero deaths in Sudan from terrorism that year; START counted only 17. In Congo in 1999, independent studies identified hundreds killed by militia actions. The MIPT notes zero deaths that year from terrorism; and START, seven. Including Iraq massively skews the analysis. In the NCTC and MIPT data, Iraq accounts for 80 percent of all deaths counted. But if you set aside the war there, terrorism has in fact gone way down over the past five years. In both the START and MIPT data, non-Iraq deaths from terrorism have declined by more than 40 percent since 2001. (The NCTC says the number has stayed roughly the same, but that too is because of a peculiar method of counting.) In the only other independent analysis of terrorism data, the U.S.-based IntelCenter published a study in mid-2007 that examined "significant" attacks launched by Al Qaeda over the past 10 years. It came to the conclusion that the number of Islam-ist attacks had declined 65 percent from a high point in 2004, and fatalities from such attacks had declined by 90 percent. The Simon Fraser study notes that the decline in terrorism appears to be caused by many factors, among them successful counterterrorism operations in dozens of countries and infighting among terror groups. But the most significant, in the study's view, is the "extraordinary drop in support for Islamist terror organizations in the Muslim world over the past five years." These are largely self-inflicted wounds. The more people are exposed to the jihadists' tactics and world view, the less they support them. An ABC/BBC poll in Afghanistan in 2007 showed support for the jihadist militants in the country to be 1 percent. In Pakistan's North-West Frontier province, where Al Qaeda has bases, support for Osama bin Laden plummeted from 70 percent in August 2007 to 4 percent in January 2008. That dramatic drop was probably a reaction to the assassination of Bena-zir Bhutto, but it points to a general trend in Pakistan over the past five years. With every new terrorist attack, public support for jihad falls. "This pattern is repeated in country after country in the Muslim world," writes Mack. "Its strategic implications are critically important because historical evidence suggests that terrorist campaigns that lose public support will sooner or later be abandoned or defeated." The University of Maryland's Center for International Development and Conflict Management (I wish academic centers would come up with shorter names!) has released another revealing study, documenting a 54 percent decline in the number of organizations using violence across the Middle East and North Africa between 1985 and 2004. The real rise, it points out, is in the number of groups employing nonviolent means of protest, which increased threefold during the same period. Why have you not heard about studies like this or the one from Simon Fraser, which was done by highly regarded scholars, released at the United Nations and widely discussed in many countries around the world- from Canada to Australia? Because it does not fit into the narrative of fear that we have all accepted far too easily. Editor's Note: Fareed Zakaria is the editor of Newsweek International, and co-moderator of PostGlobal. His "World View" column and recent pieces for Newsweek can be found here. From rforno at infowarrior.org Fri May 30 16:28:42 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 May 2008 12:28:42 -0400 Subject: [Infowarrior] - Bletchley Park may close Message-ID: Bletchley Park faces bleak future 12 May 2008 10:39 The secret home to Britain's World War II codebreaking efforts could face closure in two to three years unless it receives more funding Historians have postulated that, without Bletchley Park, the Allies may never have won the war. But, despite an impressive contribution to the war effort, the Bletchley Park site, now a museum, faces a bleak future unless it can secure funding to keep its doors open and its numerous exhibits from rotting away. The Bletchley Park Trust receives no external funding. It has been deemed ineligible for funding by the National Lottery, and turned down by the Bill & Melinda Gates Foundation because the Microsoft founder will only fund internet-based technology projects. "We are just about surviving. Money ? or lack of it ? is our big problem here. I think we have two to three more years of survival, but we need this time to find a solution to this," said Simon Greenish, the Trust's director. As a result of lack of funds, the Trust is unable to rebuild the site's rotting infrastructure and faces an uncertain future. "The Trust is the hardest-up museum I know," said Greenish. "We have this huge estate to run and it's one of the most important World War II stories there is." < - > Story URL: http://resources.zdnet.co.uk/articles/imagegallery/0,1000002003,39415278,00.htm From rforno at infowarrior.org Fri May 30 20:57:42 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 May 2008 16:57:42 -0400 Subject: [Infowarrior] - Resource: The Magic Background To Pearl Harbor Message-ID: http://www.ibiblio.org/pha/pha/magic/ FOREWORD The Department of Defense is releasing for public use and research this multi-volume study giving the "MAGIC" or communications intelligence background of the 1941 Pearl Harbor disaster. In its review of classified records pursuant to E. O. 11652, the Department of Defense decided that it was in the public interest to declassify the intelligence which the U.S. obtained from the communications of its World War II enemies. This study contains a major part of the communications intelligence which the U.S. derived from intercepted Japanese communications during 1941. The documentation presented here is both voluminous and significant. The large volume of intelligence concerning Japanese secret plans, policies, and activities which U.S. cryptologic specialists produced will augment the information already available on Pearl Harbor from Congressional and other public hearings. Of particular importance in this study is the correlation of the intelligence with the discussions of Secretary of State Hull and Japanese Ambassador Nomura in the critical months before Pearl Harbor. Scholars no doubt will find new challenges in this voluminous intelligence information as they examine not only the decisions made by the U.S. but also the intelligence which influenced and occasionally prompted those decisions. End quote. The Pearl Harbor History Associates are happy to be able to bring this work to the Internet after decades of being hidden in the stacks or costing $100+ for each volume on the used market. We hope this will be useful in the study of the events leading up to the attack on Pearl Harbor and the study of events leading to wars whenever they occur. Our greatest wish is that by learning more about how wars start we can learn more about how to prevent them, and some day will come the time when we will "study war no more." .... files at: http://www.ibiblio.org/pha/pha/magic/ From rforno at infowarrior.org Fri May 30 21:04:24 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 May 2008 17:04:24 -0400 Subject: [Infowarrior] - Comcast Is Hiring an Internet Snoop for the Feds Message-ID: <7455FC71-1E29-41D2-8ED2-C3A0884510F1@infowarrior.org> Comcast Is Hiring an Internet Snoop for the Feds By Noah Shachtman http://blog.wired.com/defense/2008/05/comcast-wants-d.html Wanna tap e-mail, voice and Web traffic for the government? Well, here's your chance. Comcast, the country's second-largest Internet provider, is looking for an engineer to handle "reconnaissance" and "analysis" of "subscriber intelligence" for the company's "National Security Operations." Day-to-day tasks, the company says in an online job listing, will include "deploy[ing], installing] and remov[ing] strategic and tactical data intercept equipment on a nationwide basis to meet Comcast and Government lawful intercept needs." The person in this "intercept engineering" position will help collect and process traffic on the company's "CDV [Comcast Digital Voice], HSI [High Speed Internet] and Video" services. Since May 2007, all Internet providers have been required to install gear for easy wiretapping under the Communications Assistance for Law Enforcement Act, or CALEA. Anyone taking this position, Comcast says, will have to be "knowledgeable with ... standards such as CALEA." (The company is all too happy to "intercept its customers? communications" for a fee of a thousand dollars, Secrecy News revealed last year.) But the person in this job won't just be snooping for the government. He or she will also "perfor[m] diagnosis on data, voice, and video services to detect and respond to fraudulent activity such as theft of service and speed enhancement." For the better part of a year, there have been rumors that the company kept some sort of bandwidth limit on its customers. Finally, in February, Comcast admitted that it had been "clamping down on subcribers' file-sharing as a way of keeping overall net traffic up. The job requires a "B.S. Degree in Information Systems Technology, MIS or related field or equivalent years of progressive experience and self-study," a minimum of two years of policy or security engineering experience," as well as the "ability to carry and coordinate delivery of a 50-pound server to support deployments in local market." If that's too much for you, don't worry. The company is also looking for an administrative assistant in its National Security Operations office. In that position, you'll be able to handle "sensitive incoming Legal subpoenas and other material. Some of this material may be 'Secret/Top Secret' and be classified under applicable Federal Law." From rforno at infowarrior.org Sat May 31 00:26:55 2008 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 May 2008 20:26:55 -0400 Subject: [Infowarrior] - USG Press Releases = 'Controlled Unclassified Info' ? Message-ID: <114E6669-91DF-4FD5-B2D3-52CFE2BEF174@infowarrior.org> (via SecrecyNews) PRESS RELEASES COULD BECOME "CONTROLLED UNCLASSIFIED INFO" Government press releases could be temporarily marked as "controlled unclassified information" to protect them from premature disclosure, according to an official Background paper on the new White House information security policy. Controlled unclassified information, or CUI, refers to information that does not meet the standards for classification but that is considered too sensitive for unrestricted public disclosure. The new CUI policy was issued by President Bush on May 7. While the precise definitions of CUI and the implementing policy directives remain to be written, there are indications that CUI could end up as a catch-all category for information that agencies wish to withhold. Thus, "embargoed press releases" could be designated as CUI for at least a few hours, according to the newly released Background paper (at page 5, paragraph 8). http://www.fas.org/sgp/cui/background.pdf What if a member of the public wants to obtain information that some agency has marked as CUI? Well, he should file a Freedom of Information Act request, the Background paper says. "The FOIA process will provide a straightforward way for anyone to seek public release of CUI and ensure that all CUI for which there is a demand will be carefully reviewed for release." (at page 6). But anyone who has filed a FOIA request knows that the FOIA process is not quite straightforward, nor does it produce a timely result. The Background paper thus affirms a view that information deemed "sensitive" shall be presumptively withheld, and any exceptions shall be handled through the FOIA process. In truth, this policy of presumptive withholding is pretty much how the Bush Administration currently operates. And it makes no tangible difference if agencies use 100 different terms for "sensitive" or replace them all with one term, "controlled unclassified information." But informal, discretionary disclosure was far more common in previous Administrations, and it could be once again in some future Administration. Institutionalizing presumptive withholding in a government-wide CUI policy could make it harder to overcome current secrecy practices when the opportunity to do so presents itself. On the other hand, Allen Weinstein, the head of the National Archives (NARA), told agencies in a May 21 memorandum that CUI would be narrowly construed. "NARA, as the Executive Agent and consistent with the President's direction, will ensure that only that information which truly requires the protections afforded by the President's memorandum be introduced into the CUI Framework," he wrote. http://www.fas.org/sgp/cui/nara052108.pdf This implies that at least some information that is currently withheld as sensitive might not qualify for the new CUI marking. But if so, the criteria for excluding any existing sensitive information from the CUI category have not been identified. William J. Bosanko, the Director of the CUI Office, told public interest groups at a May 27 meeting that he was committed to an open and accountable CUI policy process. Various resources on CUI and sensitive information policy are available here: http://www.fas.org/sgp/cui/index.html From rforno at infowarrior.org Sat May 31 14:44:06 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 May 2008 10:44:06 -0400 Subject: [Infowarrior] - Another onboard "terrorist recognition" farce program Message-ID: <23BD0CEA-CD2D-442B-9C11-FC57D8847FC9@infowarrior.org> EU project scans air passengers for terrorist tendencies By James Sherwood [More by this author] 31st May 2008 07:02 GMT http://www.reghardware.co.uk/2008/05/31/airliner_security_safee/ An EU aviation safety project is testing a camera-based passenger surveillance system intended to spot terrorists poised to rush the cockpit. According to a report in the New Scientist, the European Union?s Security of Aircraft in the Future European Environment (SAFEE) project relies on video cameras being built into every passenger?s seat. Rumours of such aircraft anti-hijack systems have been flying around since the 11 September attcks. Each camera tracks passengers? facial expressions, with the footage then analysed by software to detect developing terrorist activity or potential air rage. Six wide-angle cameras are also positioned to monitor the plane?s aisles, presumably to catch anyone standing by the cockpit door with a suspiciously crusty bread roll. But since people never sit still on planes, the software?s also designed so that footage from multiple cameras can be analysed. So, if one person continually walks from his seat to the bathroom, then several cameras can be used to track his facial movements. The software watches for all sorts of other terrorist-like activities too, including running in the cabin, someone nervously touching their face or excessive sweating. An innocent nose scratch won?t see the F16s scrambled, but a combination of several threat indicators could trigger a red alert. Related stories * BenQ touts world's slimmest compact * Brits pine for old and analogue tech * RC car puts you in the driving seat * Brit glitterati offered high-flying handset * Supermarket goes hi-tech to stop kids buying booze and cigs Digg Google Reddit del.icio.us Yahoo! Facebook The system was tested earlier this year in a dummy Airbus A380. Unsurprisingly, the researchers who built the system, including Dr James Ferryman from Reading University, said the test went well. Dr Ferryman admitted that the system still needs to be tested on thousands more passengers before it can be proven as reliable though. But isn't it a little late to be detecting terrorists once they're already on the plane? And how prepared are we to have our every last twitch monitored and analysed? From rforno at infowarrior.org Sat May 31 19:14:19 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 May 2008 15:14:19 -0400 Subject: [Infowarrior] - Full Disclosure and why Vendors Hate it Message-ID: <72C4371B-3813-4FD2-9AB2-E491AB29B75F@infowarrior.org> Full Disclosure and why Vendors Hate it May 2008 http://www.zdziarski.com/papers/fulldisclosure.html I did a talk recently at O'Reilly's Ignite Boston party about the exciting iPhone forensics community emerging in law enforcement circles. With all of the excitement came shame, however; not for me, but for everyone in the audience who had bought an iPhone and put something otherwise embarrassing or private on it. Very few people, it seemed, were fully aware of just how much personal data the iPhone retains, in spite of the fact that Apple has known about it for quite some time. In spite of the impressive quantities of beer that get drunk at Tommy Doyle's, I was surprised to find that many people were sober enough to turn their epiphany about privacy into a discussion about full disclosure. This has been a hot topic in the iPhone development community lately, and I have spent much time pleading with the different camps to return to embracing the practice of full disclosure. The iPhone is shrouded in secrecy on both sides - Apple (of course) uses their secrets to instill hype (and gloss over many otherwise obvious privacy flaws), while the iPhone development community uses their secrets to ensure they can exploit future versions of the firwmware to find these flaws (along with all the other fun stuff we do). The secrets on both sides appear to have not only hurt the product, but run the risk of devolving an otherwise amazing device into the next surveillance fear. With the military and federal agencies testing the iPhone for possible use, some of the long-held secrets surrounding the iPhone even run the risk of affecting national security. Secrecy and Hype Secrecy is nothing new, especially with Apple. One of Apple's greatest marketing strengths is this ability to add hype around their products by piquing the curiosity of the common geek. When it comes to such an amazing device as the iPhone, Apple seems to be very tolerant when it comes to grassroots hacking - tolerant enough to allow iPhone hackers to come and give talks about it in their store. It almost seems counter-intuitive that the more padlocks Apple places on the iPhone, the more the number of hackers who show up to pick them, and the more phones sold. Obviously it isn't just hackers buying iPhones, or the community would be much bigger. Part of what Apple is selling is the hacker image - an image that they ingeniously didn't even have to invent. By simply locking up the device and attracting the right audiences, every tech store cashier within a thousand mile radius can buy an iPhone and feel like they are in the same class of uber-hacker as the ones who originally wrote the tools they're using. With more secrets come more hype, and ultimately more people who buy the product to feel like they're doing something "unsanctioned" or "cool" with it. Apple wants you to think that buying an iPhone is bucking the system - and all they had to do was lock it down. It is estimated that over a third of all iPhones sold have been jailbroken and unlocked, supporting at the very least the claim that a lot of people are unlocking their iPhones just because Apple said they can't. Apple has proven that secrets really can sell products. Secrecy and Privacy The problem with too many secrets is that they frequently rub against the notion of privacy. One would think that secrets and privacy track together, but more often than not, secrets only mean that you don't know your enemy, or what weapons they have to use against you. Secrets can be a hindrance to privacy because they leave the consumer exposed; not knowing if their home is secure, or if it's going to be broken into. If you knew that the lock on your front door was broken, you'd probably be less inclined to leave a diamond ring lying on the foyer table. More dangerous is the idea that you have no right to know about your broken front door lock until after the locksmith fixes it. Everyone agrees that security flaws should be fixed; the looming issue is whether full disclosure is appropriate, or whether the "vendor first" approach is more responsible. The thing with secrets is that someone always has one, and when it comes to protecting your data, a well-informed public is often better equipped to protect themselves than an ignorant one. In the digital world, the locks belong to the vendor, but the data is typically within either the customer or the consumer's control; and if not the data, then certainly lawyers from hell are within reach. Longstanding arguments have been made that the vendor should be the first to notified, and the owner of the data should remain in ignorance until the front door lock has been fixed. Ironically, this is an argument I only ever hear coming from vendors (or those indoctrinated by vendors). Some vendors take this philosophy so seriously that they attempt to legally bind their own customers from releasing information about vulnerabilities to the public. The inherent flaw in the "vendor first" argument is this: if you know about a particular vulnerability, chances are the bad guy already does too, and probably knew about it before you did. The bad guy is far more dangerous when the public doesn't know what he knows, leaving the vendor's customers and consumers both oblivious that there is any risk, or that an appropriate response to safeguard data is necessary. It is the customer and the consumer who have the most to lose from a breach, and bear the most liability should one occur. It seems that these two groups would be the best suited to also choose how the risk should be mitigated in the short term, and ultimately what procedures for auditing data should be taken after the fact. If indeed the bad guy knows about the vulnerability, they are certainly already exploiting it, leaving one to wonder what the advantage is to keeping it secret from the public. It would seem as though it would be a rather large disadvantage if no-one is given the knowledge to do anything about it. It's quite simple logic: * Full Disclosure Scenario: Vendor screws up grocery chain software. Grocery chain and consumers notified by newspaper. Grocery chain's customers switch to cash, with minor loss in business. Grocery chain results in exponentially fewer losses than had they gotten sued by credit card companies for a breach. * Vendor First Scenario: Vendor screws up grocery chain software. Vendor is notified, takes 2 months to patch security vulnerability. Three grocery chains experience data breaches, with a fourth breach while the first three figure out what happened. All four grocery chains sued by credit card companies. Consumers and grocery chains suffer. Vendor has disclaimer, pays nothing. Just who is the beneficiary of the "vendor first" concept exactly? Full disclosure ultimately protects the consumer, where as "vendor first" only protects the vendor. Full disclosure safeguards the consumer by getting people away from the dam until the leak is plugged. Take this more real-world scenario for example: * Full Disclosure Scenario: I announced last week that refurbished iPhones may contain previous customer data, and provided some blurred screenshots to show evidence of it. Both Apple and AT&T are suddenly listing refurbished iPhones as unavailable. Apple revises their refurbishing practices, and until the dam is permanently plugged, the flood of refurbished iPhones with customer data has been turned off. * Vendor First Scenario: Had I reported the problem to Apple directly, they may have decided to quietly fix their internal practices while still selling refurbished units. Additional units are sold with customer data on them, and no-one is any the wiser (except for the people stealing the data). In the time it takes Apple to revise their refurbishing practices, X additional phones containing customer data are leaked. The consumer loses, and might not even know it. Plausible Deniability The advantage that vendors gain in keeping secrets from customers is simply having plausible deniability. When a vulnerability is actually fixed, a vendor may deny the privacy flaw ever existed, or at least severely downplay any risk. This can (and has) been used to sweep over any concern, having the side effect of also downplaying any inclination to audit for a security breach. After all, it's bad for a vendor to have to admit to a security flaw, but entirely disasterous for their image should anyone discover an actual breach occured. As far as the vendor is concerned, 'tis best not to check. I ran into this shortly after I discovered a flaw in Verizon's online billing services some years ago, which allowed me to view other customers' billing information through Verizon's web portal. I'll not likely forget the famous last words of the Verizon security technician, "Thanks for not telling anybody about this." It was the next day that I talked to the Washington Post, with Verizon denying and/or downplaying each claim. I doubt the leak ever would have come to light otherwise, and most definitely would have never been audited. My screenshots were the only proof that there ever was a problem, and at that point it comes down to mere credibilty. Plausible deniability is one of a vendor's greatest advantages when the "vendor first" approach is used instead of full disclosure. By fixing things privately, there is no way (in some cases at least) to verify that the vulnerability ever existed, or by the time the vendor releases information about the vulnerability, it may be well too late to check for a privacy breach. When this happens, it is the word of the person reporting the vulnerability against a team of corporate engineers who will all insist it isn't as bad as it sounds. The full disclosure approach solves the problem of corporate accountability by ensuring that the informed public (specifically, security professionals) can verify and assess the situation. Full disclosure gives the public a window of opportunity to not only verify the vulnerability, but to see just how deep the rabbit hole goes; something the vendor is almost guaranteed to either intentionally ignore or cover up. The bad guy is already going to test and exploit these vulnerabilities long before the public even discovers them - the good guys ought to have a crack at verifying it too. Public Outcry Just how large that window of opportunity is depends on the vendor, and presents another reason why "vendor first" doesn't work. Vendors can be slow about fixing things - and many have a track record of lethargy. Some software vendors lag months behind. In spite of what you may think, the goal of the vendor is not to produce a quality product; it is to sell product. And in selling product, selling support agreements come with the turf. Carefully timing security updates so that they span certain contractual intervals is one way to ensure that a product's maintenance fees are going to get bought into. The average MTTR for some of the most widely used operating systems and other popular software is on the order of 3-6 months! So if you're following along with the thought pattern laid out here, that means 3-6 months of unknown bad guys possibly exploiting these vulnerabilities and stealing personal information that may have otherwise been stopped at the customer or consumer level. There is, however, one way to ensure a vendor fixes a flaw quickly, and that is public outcry. I find some otherwise slow vendors respond quite snappily when five million consumers are banging down their door and threatening to sue them in class action court. Public outcry has become the Q/A filter for many vendors whose response times have become ridiculously poor in recent years. It lets the vendor know what bugs are going to hurt their bottom line - and those are the ones that are quite likely to receive the most attention. It is certainly advantageous for the vendor to push the "vendor first" approach when it means removing the pressure to repair critical flaws. It is public pressure that has the power to change governments - certainly, it can be an effective tool at fixing security flaws. Over-Fixing Of course, over-fixing things is the fear many development teams have with vendors, and is an issue I've experienced first hand with Apple, Verizon, and a few other vendors. Before you report a security vulnerability privately to a vendor, pretend the vendor is going to read it miranda rights, because essentially your vulnerability can (and will likely) be used against you. Not to incriminate you, per se, but to rather handicap your ability to follow up. As an example, the open source community has built up a significant arsenal. We've built a solid base of iPhone developers as well as a community distribution mechanism for software. Apple came along a little later (due to public outcry) and decided to build their own solid developer base and their own distribution mechanism, embarrassingly trying to copy the open source community. Apple has effectively positioned themselves as a competitor of the open development community for the iPhone. As is the case with other similar vendors, privately releasing a vulnerability to them is a technological death wish; the technique you used to find the vulnerability in the first place will likely be "fixed" so that you won't have access to find such a vulnerability again. Make no mistake - this is not to better secure the product; this is to quiet the noise you've generated and ensure that they don't have to hear from you again. Once again, full disclosure presents a window. This window of opportunity allows others to collaborate with you by picking up where your work left off. Over-fixes are likely going to happen, but by the time they do, the public will have given the product a thorough proctological and likely uncovered many additional exploits you may have missed. Litmus Test Not to suggest that all vendors are evil, lazy, or financially motivated, but in a capitalist society, it is the consumer's responsibility to hold a corporation accountable. This is not possible if the corporation is controlling the flow of information. If you're interviewing vendors, ask them where you can find a manifest of security flaws accompanied by dates reported, dates patches were released, and a report of all associated breaches. If this information is available publicly, you've stumbled across a rare breed of responsible vendor. The bottom line is this: a company that is afraid to tell the customer about a security risk until after it's fixed is both dangerous and irresponsible. The best litmus test when selecting a vendor is to find vendors who embrace full disclosure in such a way that vulnerabilities are reported quickly to their downstream customers, and if privacy- related, the consumer. Full disclosure is the key to privacy. If your goal is to have security flaws fixed, rather than covered up, full disclosure is the only way to guarantee that your research will be thoroughly tested and patched; what's more, it is the only way to ensure that the vendor is held accountable in an age of privacy breaches and litigation. From rforno at infowarrior.org Sat May 31 19:17:05 2008 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 May 2008 15:17:05 -0400 Subject: [Infowarrior] - UK airport blocks guy in 'Transformers' t-shirt Message-ID: No t-shirt, no flight Going out to Dusseldorf for work. Flying British Airways, leaving from terminal 5. Go through security, get pulled to the side. I'm wearing a French Connection Transformers t-shirt. Bloke starts joking with me is that Megatron. Then he explains that since Megatron is holding a gun, I'm not allowed to fly. WTF? It's a 40 foot tall cartoon robot with a gun as an arm. There is no way this shirt is offensive in any way, and what I'm going to use the shirt to pretend I have a gun? Now here's the stupid part. I was only taking carry on luggage, so my clothes were in my bag, so I said I'd get changed. So I stripped off at security and changed t-shirts, putting the "offensive" t-shirt in my bag. Now I haven't been a dick so far, I've done what they've said. No point in arguing with the drones. The supervisor comes over and is now a dick to me, telling me if I put the shirt on I'll be arrested. I then told him that I wasn't going to waste time arguing with him and he wasn't worth the effort and didn't have any power to change anything anyway. With hindsight I should have said, yeah arrest me, great publicity for you guys to arrest a bloke wearing a transformers t-shirt. And here's a picture of the "offending" t-shirt. Tossers. < - > http://www.theedgeofmadness.com/index.php?title=no_t_shirt_no_flight