From rforno at infowarrior.org Wed Apr 1 00:56:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Mar 2009 20:56:23 -0400 Subject: [Infowarrior] - 6 stages of Twitter media coverage hell Message-ID: <69B301A5-FE5C-4AD2-8B8D-C79D291AFCF5@infowarrior.org> March 31, 2009 - 12:46 P.M. The 6 stages of Twitter media coverage hell http://blogs.computerworld.com/the_6_stages_of_twitter_media_coverage_hell The Twitter microblogging service has received an absurd quantity of press in the mainstream media lately. Everybody has been talking about it, from CNN, which has built entire shows around it, to The View, where each host tries to out do the others in how clueless she is about Twitter. And now, the inevitable "Twitter backlash" has begun. What does it all mean? In a word, nothing. The so-called backlash is just the media's knee-jerk pseudo- contrarianism, right on schedule. Obviously Twitter has been clearly overexposed and overhyped in the media, and now reporters and commentators are both slamming their own hype, and, inevitably, attacking Twitter itself. My advice: Don't take any of it too seriously. The media does this with every truly major Internet phenomenon that comes along. It happened with the Internet itself, then e-mail, then the Web, then the tech bubble, then social networking and now Twitter. Here are the 6 stages of media coverage hell that the press and the TV networks are putting us all through: 1. Ignore Even though Twitter was clearly an interesting service with fast growth and very enthusiastic users, the mainstream media pretty much ignored it for the first year and a half. It simply didn't exist on TV or in the newspapers. 2. Dismiss Say, six months ago, when Twitter did come up in media stories, it was largely belittled as a dorky, obscure nerd thing. 3. Introduce Once discovered, the media spent six months "introducing" Twitter over and over as if every mention was the first time anyone had ever heard of it. 4. Hype This is where the media echo chamber really comes into full force. Every media outlet talks about Twitter, and talks about talking about Twitter. Even luddite reporters work in mentions of Twitter to create the impression that they're in touch with trends. Any story with a Twitter angle becomes automatically newsworthy. Coverage is overwhelmingly positive. 5. Criticize Once the media is itself deafened by the echo chamber, it turns on itself and starts slamming Twitter as an overblown, overhyped fad -- never admitting that the media itself was the one overblowing and overhyping it all along. Coverage is overwhelmingly negative. 6. Ignore Once Twitter has been thoroughly overexposed and discredited, the media will ignore it once again. What makes this a media echo chamber is that none of this really has anything to do with Twitter itself, or the communities growing there. As the media labels, pigeonholes, stereotypes, lionizes, belittles and condescends to the people on Twitter, real people on Twitter remain pretty much everybody and anybody. As the media ignorantly mischaracterizes what happens on Twitter, and what people do with it, Twitter remains a service that people do an unfathomable number of things with. In all the hype and counter-hype, it will be utterly forgotten that Twitter is nothing more than a service for sending messages that lots of people find useful. Because people can involve Twitter in a huge number of activities, and can say anything, reporters looking for certain kinds of stories good or bad will always find what they're looking for. To misuse a metaphor -- just because you find a needle in a haystack doesn't mean it was really a stack of needles all along. Anyway, we're transitioning now from stage 4 to stage 5, so brace yourself. The good news is that the echo chamber cycle is almost complete. Before you know it, the media will go away and leave us alone again. From rforno at infowarrior.org Wed Apr 1 01:08:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Mar 2009 21:08:27 -0400 Subject: [Infowarrior] - Bill Would Federalize Cybersecurity Message-ID: <2B328F9F-3216-48B4-A35C-96EC0A212E99@infowarrior.org> (The "unprecedented authority" mentioned in para 3 is rather disturbing .... there is NEVER a black-and-white decision tree during a cyber incident....what matters is the context of the given incident. I remain skepticlal. --rf ) Bill Would Federalize Cybersecurity Senate Proposal Would Affect Even Some Private Networks By Joby Warrick and Walter Pincus Washington Post Staff Writers Wednesday, April 1, 2009; A04 http://www.washingtonpost.com/wp-dyn/content/article/2009/03/31/AR2009033103684_pf.html Key lawmakers are pushing to dramatically escalate U.S. defenses against cyberattacks, crafting proposals that would empower the government to set and enforce security standards for private industry for the first time. The proposals, in Senate legislation that could be introduced as early as today, would broaden the focus of the government's cybersecurity efforts to include not only military networks but also private systems that control essentials such as electricity and water distribution. At the same time, the bill would add regulatory teeth to ensure industry compliance with the rules, congressional officials familiar with the plan said yesterday. Addressing what intelligence officials describe as a gaping vulnerability, the legislation also calls for the appointment of a White House cybersecurity "czar" with unprecedented authority to shut down computer networks, including private ones, if a cyberattack is underway, the officials said. How industry groups will respond is unclear. Jim Dempsey, vice president for public policy at the Center for Democracy and Technology, which represents private companies and civil liberties advocates, said that mandatory standards have long been the "third rail of cybersecurity policy." Dempsey said regulation could also stifle creativity by forcing companies to adopt a uniform approach. The legislation, co-sponsored by Senate Commerce Committee Chairman John D. Rockefeller IV (D-W.Va.) and Sen. Olympia J. Snowe (R-Maine), was drafted with White House input. While the White House indicated it supported some key concepts of the bill, there has been no official endorsement. Many of the proposals were based on recommendations of a landmark study last year by the Center for Strategic and International Studies. Currently, government responsibility for cybersecurity is split: The Pentagon and the National Security Agency safeguard military networks, while the Department of Homeland Security provides assistance to private networks. Previous cybersecurity initiatives have largely concentrated on reducing the vulnerability of government and military computers to hackers. A 60-day federal review of the nation's defenses against computer- based attack is already underway, and the administration has signaled its intention to incorporate private industry into those defenses in an unprecedented way. "People say this is a military or intelligence concern, but it's a lot more than that," Rockefeller, a former intelligence committee chairman, said in an interview. "It suddenly gets into the realm of traffic lights and rail networks and water and electricity." U.S. intelligence officials have warned that a sustained attack on private computer networks could cause widespread social and economic havoc, possibly shutting down or compromising systems used by banks, utilities, transportation companies and others. The Rockefeller-Snowe measure would create the Office of the National Cybersecurity Adviser, whose leader would report directly to the president and would coordinate defense efforts across government agencies. It would require the National Institute of Standards and Technology to establish "measurable and auditable cybersecurity standards" that would apply to private companies as well as the government. It also would require licensing and certification of cybersecurity professionals. The proposal would also mandate an ongoing, quadrennial review of the nation's cyberdefenses. "It's not a problem that will ever be completely solved," Rockefeller said. "You have to keep making higher walls." Last week, Director of National Intelligence Dennis C. Blair told reporters that one agency should oversee cybersecurity for government and for the private sector. He added that the NSA should be central to the effort. "The taxpayers of this country have spent enormous sums developing a world-class capability at the National Security Agency on cyber," he said. Blair acknowledged there will be privacy concerns about centralizing cybersecurity, and he said the program should be designed in a way that gives Americans confidence that it is "not being used to gather private information." From rforno at infowarrior.org Wed Apr 1 02:43:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Mar 2009 22:43:48 -0400 Subject: [Infowarrior] - EU wants to track all road vehicles? Message-ID: <9A5D4B5B-EAC3-45DA-BF3B-13087C375F1B@infowarrior.org> Big Brother is watching: surveillance box to track drivers is backed ? Privacy row brewing over surveillance on the road ? Box could reduce accidents, pollution and congestion * Paul Lewis in Brussels * The Guardian, Tuesday 31 March 2009 http://www.guardian.co.uk/uk/2009/mar/31/surveillance-transport-communication-box The government is backing a project to install a "communication box" in new cars to track the whereabouts of drivers anywhere in Europe, the Guardian can reveal. Under the proposals, vehicles will emit a constant "heartbeat" revealing their location, speed and direction of travel. The EU officials behind the plan believe it will significantly reduce road accidents, congestion and carbon emissions. A consortium of manufacturers has indicated that the router device could be installed in all new cars as early as 2013. However, privacy campaigners warned last night that a European-wide car tracking system would create a system of almost total road surveillance. Follow that car: 'The British government are the main backers' Link to this audio Details of the Cooperative Vehicle-Infrastructure Systems (CVIS) project, a ?36m EU initiative backed by car manufacturers and the telecoms industry, will be unveiled this year. But the Guardian has been given unpublished documents detailing the proposed uses for the system. They confirm that it could have profound implications for privacy, enabling cars to be tracked to within a metre - more accurate than current satellite navigation technologies. The European commission has asked governments to reserve radio frequency on the 5.9 Gigahertz band, essentially setting aside a universal frequency on which CVIS technology will work. The Department for Transport said there were no current plans to make installation of the technology mandatory. However, those involved in the project describe the UK as one of the main "state backers". Transport for London has also hosted trials of the technology. The European Data Protection Supervisor will make a formal announcement on the privacy implications of CVIS technology soon. But in a recent speech he said the technology would have "great impact on rights to privacy and data". Paul Kompfner, who manages CVIS, said governments would have to decide on privacy safeguards. "It is time to start a debate ... so the right legal and privacy framework can be put in place before the technology reaches the market," he said. The system allows cars to "talk" to one another and the road. A "communication box" behind the dashboard ensures that cars send out "heartbeat" messages every 500 milliseconds through mobile cellular and wireless local area networks, short-range microwave or infrared. The messages will be picked up by other cars in the vicinity, allowing vehicles to warn each other if they are forced to break hard or swerve to avoid a hazard. The data is also picked up by detectors at the roadside and mobile phone towers. That enables the road to communicate with cars, allowing for "intelligent" traffic lights to turn green when cars are approaching or gantries on the motorway to announce changes to speed limits. Data will also be sent to "control centres" that manage traffic, enabling a vastly improved system to monitor and even direct vehicles. "A traffic controller will know where all vehicles are and even where they are headed," said Kompfner. "That would result in a significant reduction in congestion and replace the need for cameras." Although the plan is to initially introduce the technology on a voluntary basis, Kompfner conceded that for the system to work it would need widespread uptake. He envisages governments making the technology mandatory for safety reasons.Any system that tracks cars could also be used for speed enforcement or national road tolling. Roads in the UK are already subject to the closest surveillance of any in the world. Police control a database that is fed information from automatic number plate recognition (ANPR) cameras, and are able to deduce the journeys of as many as 10 million drivers a day. Details are stored for up to five years. However, the government has been told that ANPR speed camera technology is "inherently limited" with "numerous shortcomings". Advice to ministers obtained by the Guardian under the Freedom of Information Act advocates upgrading to a more effective car tracking- based system, similar to CVIS technology, but warns such a system could be seen as a "spy in the cab" and "may be regarded as draconian". Introducing a more benign technology first, the report by transport consultants argues, would "enable potential adverse public reaction to be better managed". Simon Davies, director of the watchdog Privacy International, said: "The problem is not what the data tells the state, but what happens with interlocking information it already has. If you correlate car tracking data with mobile phone data, which can also track people, there is the potential for an almost infallible surveillance system." From rforno at infowarrior.org Wed Apr 1 12:33:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Apr 2009 08:33:30 -0400 Subject: [Infowarrior] - Fwd: contest: Find The Oldest Known Data Loss Incident! References: <26fc42fe0903312031t47a5ddc6n1b3f649f4c520097@mail.gmail.com> Message-ID: <636FE1EA-2E6C-492C-966F-F58148986365@infowarrior.org> Begin forwarded message: > From: David Shettler > Date: March 31, 2009 11:31:54 PM EDT > To: "dataloss at datalossdb.org" > Subject: [Dataloss] contest: Find The Oldest Known Data Loss Incident! > > Announcing our first ever contest, generously sponsored by CREDANT, > AON TechShield, Arcsight, ITAC Sentinel, and StrikeForce Technologies, > Inc. > > Find and submit the oldest data loss incidents you can, and you might > get some great prizes in the process! > > See this link for full contest details: > http://datalossdb.org/oldest_incidents_contest > > First, a little history about the competition: In 2005, the Open > Security Foundation launched the Oldest Vulnerability contest for one > of our other projects, the Open Source Vulnerability Database, and > from it came vulnerabilities dating back as far as 1965. > > Submissions will be accepted starting at midnight CST, April 1st, 2009 > through 11:59pm CST, May 15th, 2009. > > Incidents must have resulted in a breach of Personally Identifiable > Information (PII). Specifically, incidents must have resulted in the > loss of one or more of the below: > > * Social Security Numbers (or National ID) > * Credit Card Numbers > * Bank Account Numbers > * Medical Records > > First Prize goes to the oldest incident found, and consists of: > > * A Mac Mini - Valued at $599.00 > * $250.00 USD American Express Gift Card > * Plus More... > > There are also second and third prizes, so please visit: > > http://datalossdb.org/oldest_incidents_contest > > If you have any questions about this contest that are not answered on > the contest page or in this email, please contact curators at > datalossdb.org > > With that said, please DO NOT REPLY DIRECTLY TO THIS EMAIL. Mail the > curators@ address. All replies to this email or sent to the dataloss@ > address will be rejected, quite possibly with a snarky comment, > finger-pointing, and giggling. > _______________________________________________ > Dataloss Mailing List (dataloss at datalossdb.org) > > CREDANT Technologies, a leader in data security, offers advanced > data encryption solutions. > Protect sensitive data on desktops, laptops, smartphones and USB > sticks transparently > across your enterprise to ensure regulatory compliance. > http://www.credant.com/stopdataloss From rforno at infowarrior.org Wed Apr 1 14:15:56 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Apr 2009 10:15:56 -0400 Subject: [Infowarrior] - WH Announces New Cybersecurity Advisory Council Message-ID: http://www.whitehouse.gov/blog_post/vice_president_biden_announces_cybersecurity_panel_1/ THE WHITE HOUSE Office of the Vice President ____________________________________________________________________________ For Immediate Release April 1, 2009 White House Announces New Cybersecurity Advisory Council Washington, DC - Vice President Joe Biden announced today that President Obama has established a Presidential Advisory Council to help address national cybersecurity concerns. "Cybersecurity remains a top priority of this Administration, and as we've witnessed in this week's Conficker virus and during the cyberattacks in Estonia last year, every nation remains at risk to malicious cybersecurity events. These attacks can cause personal and civil distress, financial loss, threats to our national security, and an inability for the American economy to remain competitive in the global marketplace. That is why the President and I value expert advice in helping this Administration ensure America's future," Vice President Biden said. In prepared remarks, President Obama said that "Traditionally, advice on cybersecurity issues is offered exclusively by senior executives within the cybersecurity industry. That process is helpful by itself - but now, by including the advice of those who work at the very heart of these issues, we can develop much more appropriate and effective practices to secure our national cyber systems and minimize the effect of such attacks should they occur." Reporting to the Director of the White House Office of Cybersecurity Policy, the Presidential Council on Improving Cybersecurity Effectiveness (PC-ICE) will be the first Presidential advisory council that approaches cybersecurity concerns from a community-oriented perspective. This new advisory organ will join other Presidential advisory groups in developing cybersecurity policy recommendations for the Administration. "The PC-ICE is a novel approach to policy advice in that it offers us a perspective of cybersecurity issues and concerns much different than existing advisory mechanisms," said Melissa Hathaway, Director of the White House Office of Cybersecurity Policy. "The creation of this council reflects the Administration's deep committment to soliciting expert advice from across the policy spectrum from those most knowledgeable about the issues being considered. The timing of the Conficker attack today and the ten-year anniversary of the Melissa virus last week only underscores the need for more effective and immediate solutions to better protect America's interests in cyberspace." PC-ICE members are appointed for a renewable three year term of office and selected based on their careers as cybersecurity thought leaders and subject-matter experts. The initial members of the PC-ICE include: Mr. Richard F. Forno - Independent consultant and former Chief Security Officer, InterNIC (Chairman) Mr. Brian A. Martin - Founder, Trusted Security Foundation (TSF) Ms. Sioda al-Cailleach - Principal, TechBank Holdings and ISC2 Advisory Board Member Mr. Ajay Efinreznor - Director, Community Internet Security and Safety Program Mr. Kelly Todd - Independent Internet security researcher, financial services sector Mr. Jason M. Dyson - Independent Internet security researcher, government services sector Mr. Joshua K. Fritsch - Technical Director, UnixGeeks.Org The first cybersecurity policy item to be evaluated by the PC-ICE is the national response to "mass casualty" events in cyberspace such as the Conficker virus. A series of live and webcast Town Hall meetings with local cybersecurty experts will be announced later this month. Contact: April Fueul (202) 456-1414 or april.fueul at eop.whitehouse.gov . # # # # # -------------- next part -------------- An HTML attachment was scrubbed... URL: https://attrition.org/mailman/private/infowarrior/attachments/20090401/85f1a548/attachment.html From rforno at infowarrior.org Wed Apr 1 17:30:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Apr 2009 13:30:24 -0400 Subject: [Infowarrior] - Senators Introduce Comprehensive Cybersecurity Legislation Message-ID: <748B99DA-DE75-44CC-B1D5-8247B59C88A2@infowarrior.org> Boy, I wish this was an April Fools' joke........looking @ the draft language, it's mostly same stuff different year. For Immediate Release 04/01/09 Contact: Jena Longo - Democratic Deputy Communications Director 202.224.7824 http://commerce.senate.gov/public/index.cfm?FuseAction=PressReleases.Detail&PressRelease_id=bb7223ef-1d78-4de4-b1d5-4cf54fc38662&Month=4&Year=2009 Chairman Rockefeller and Senator Snowe Introduce Comprehensive Cybersecurity Legislation WASHINGTON, D.C. ? Senator John D. (Jay) Rockefeller IV, Chairman of the Senate Committee on Commerce, Science, and Transportation and Senator Olympia Snowe (R-ME) today announced the introduction of comprehensive cybersecurity legislation to address our nation?s vulnerability to cyber crime, global cyber espionage, and cyber attacks that could potentially cripple the United States? critical infrastructure. Currently, the U.S. has systems in place to protect our nation?s secrets and our government networks against cyber espionage, and it is imperative that those cyber defenses keep up with our enemies? cyber capabilities. However, another great vulnerability our country faces is the threat to our private sector critical infrastructure?banking, utilities, air/rail/auto traffic control, telecommunications?from disruptive cyber attacks that could literally shut down our way of life. ?We must protect our critical infrastructure at all costs ? from our water to our electricity, to banking, traffic lights and electronic health records ? the list goes on. It?s an understatement to say that cybersecurity is one of the most important issues we face; the increasingly connected nature of our lives only amplifies our vulnerability to cyber attacks and we must act now.? said Senator Rockefeller. Senator Rockefeller went on to say, ?As a member of the Senate Intelligence Committee, I know the threats we face. Our enemies are real, they are sophisticated, they are determined and they will not rest. I believe Congress must bring new high-level governmental attention to develop a fully integrated, thoroughly coordinated, public-private partnership to our cybersecurity efforts in the 21st century.? ?America?s vulnerability to massive cyber crime, global cyber espionage, and cyber attacks has emerged as one of the most urgent national security problems facing our country today? said Senator Snowe. ?The Rockefeller-Snowe initiative will carve a course for our country to embrace a 21st century national security policy that will protect and preserve American cyberspace. Uniquely designed to establish a fully integrated public-private partnership to coordinate cyber security efforts, this legislation will ensure we have many of the tools to target, isolate and effectively combat cyber-attacks in America. Importantly, this legislation loosely parallels the recommendations in the CSIS blue-ribbon panel report to President Obama and has been embraced by a number of industry and government thought leaders.? Snowe added, ?Our failure to implement effective policies and procedures to protect critical infrastructure, prevent invasive intrusion and conduct an aggressive threat assessment has proven extremely consequential, putting the American information system at grave risk. It is abundantly clear we must unite on all fronts to confront this monumental challenge, if we fail to take swift action, we, regrettably, risk a cyber-Katrina.? KEY PROVISIONS OF COMPREHENSIVE CYBERSECURITY LEGISLATION: ? Significantly raising the profile of cybersecurity within the Federal government and streamlining cyber-related government functions and authorities. ? Promoting public awareness and protecting civil liberties. ? Remaking the relationship between government and the private sector on cybersecurity. ? Fostering innovation and creativity in cybersecurity to develop long- term solutions. An important component of this legislation is to establish the Office of the National Cybersecurity Advisor within the Executive Office of the President. The National Cybersecurity Advisor will lead this office and report directly to the President. The Advisor will serve as the lead official on all cyber matters, coordinating with the intelligence community, as well as the civilian agencies. ### From rforno at infowarrior.org Thu Apr 2 01:30:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Apr 2009 21:30:14 -0400 Subject: [Infowarrior] - good read -- Turn Off, Tune Out, Drop In Message-ID: <3431501A-D323-471A-9B79-89239A6B6108@infowarrior.org> Most prescient part of the article? 'TMI may indeed be the despot's friend. Keep citizens so overwhelmed with data that they can't tell what's important and eventually become incapable of responding to what is." --rf Turn Off, Tune Out, Drop In By Kathleen Parker Wednesday, April 1, 2009; 12:00 AM http://www.washingtonpost.com/wp-dyn/content/article/2009/03/31/AR2009033103318_pf.html What if everybody just took a timeout? Now there's a concept for a TMI-addled nation. It isn't only Too Much Information, but the pitch and tenor of delivery that have us in a persistent state of psychic frenzy. From cable news to microblogs to the latest -- "Fox Nation" -- life's background music has become one prolonged car alarm. The market's up! The Dow plunges! Obama fired the GM CEO! Greta's husband helped Palin!! OMG, Obama's taking 500 people to Europe and Merkel doesn't like his new deal and they're taking our assault weapons and we're all going to be communists!! But first, if your erection lasts for more than four hours, contact your physician immediately. The phrase "too much information," a now-cliched talk-to-the-hand deflection, isn't just a gentle whack at someone who tells you more than you want to know about his Cialis experience. It's a toxic asset that exhausts our cognitive resources while making the nonsensical seem significant. TMI may indeed be the despot's friend. Keep citizens so overwhelmed with data that they can't tell what's important and eventually become incapable of responding to what is. Our brains simply aren't wired to receive and process so much information in such a compressed period. In 2006, the world produced 161 exabytes (an exabyte is 1 quintillion bytes) of digital data, according to Columbia Journalism Review. Put in perspective, that's 3 million times the information contained in all the books ever written. By next year, the number is expected to reach 988 exabytes. The massive explosion of information has made us all a little batty. Just ask the congressional assistants who field frantic phone calls from constituents. "Everybody's come unhinged," one told me recently. "They think we're going to hell in a handbasket. And maybe we are." Who knows? The unknowableness of current circumstances, combined with a lack of trust in our institutions, may partly be to blame for our apparent info-insatiability. People sense that they need to know more in order to understand an increasingly complex world. And, of course, it's fun. The urge to know and be known is a uniquely human indulgence. Being connected to friends and colleagues without having to inconvenience one's gluteus maximus surely must stimulate our pleasure center or we wouldn't bother. Yet, with so much data coming from all directions, we risk paralysis. Brain freeze, some call it. More important, we also risk losing our ability to process the Big Ideas that might actually serve us better. It isn't only Jack and Jill who are tethered to the Twittering masses, after all. Our thinkers at the highest levels are, too. Consider: Who didn't want to surrender his BlackBerry? In fact, brain research shows that we do our best thinking when we're not engaged and focused, yet fewer of us have time for downtime. (If you have to schedule relaxation, is it still relaxing?) Daydreaming, we used to call it. Ask any creative person where they got their best ideas and they'll say, "Dunno. Just came to me out of the blue." If you're looking for Eureka -- as in the Aha! moment -- you probably won't find it while following David Gregory's Tweets. Or checking Facebook to see who might be "friending" whom. Or whose status has been updated. George Orwell is . . . More likely, the ideas that save the world will present themselves in the shower or while we're sweeping the front stoop. What the world needs now isn't more, but less. The alternative to mindless activities for the mindful is turning out to be not a less-informed nation but a dumber one. Unchecked "infomania" -- yes, there's even a term for this instapathology -- can lead to a lower IQ, according to a 2005 Hewlett- Packard study. The research, conducted by a University of London psychologist, found that people distracted by e-mail and phone calls lost 10 IQ points, more than twice the impact of smoking marijuana -- or comparable to losing a night's sleep. Given that the brain is apparently more receptive when less focused, might our myriad problems stand a better chance of creative solutions were we more unplugged? In the literal sense, that is. Back in the day, Timothy Leary urged boomers to "turn on, tune in, drop out," which was his snappy way of encouraging the mind-expanding benefits of LSD. (It came to him in the shower, natch.) A more-apt mantra today might be "turn off, tune out, drop in." Turn off the switch, tune out the noise, drop in on a friend. Can't hurt. Might help. Hitting pause now . . . kparker at kparker.com From rforno at infowarrior.org Thu Apr 2 23:06:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Apr 2009 19:06:53 -0400 Subject: [Infowarrior] - Fwd: [IP] Truly Disturbing TSA Recording References: <40A2BB66-2037-4A34-A139-C04A7425814A@farber.net> Message-ID: <4304025A-DDD8-43B2-A1C7-260C2951EC3A@infowarrior.org> Begin forwarded message: > From: David Farber > Date: April 2, 2009 6:10:05 PM EDT > To: "ip" > > Begin forwarded message: > > From: No-Name > Date: April 2, 2009 5:49:36 PM EDT > > > "Man detained and harassed at airport for carrying CASH!" > > http://www.youtube.com/watch?v=XMB6L487LHM&feature=channel_page -------------- next part -------------- An HTML attachment was scrubbed... URL: https://attrition.org/mailman/private/infowarrior/attachments/20090402/deb7542a/attachment-0001.html From rforno at infowarrior.org Fri Apr 3 12:48:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Apr 2009 08:48:03 -0400 Subject: [Infowarrior] - Robot achieves scientific first Message-ID: Robot achieves scientific first By Clive Cookson, Science Editor Published: April 2 2009 19:17 | Last updated: April 2 2009 19:17 http://www.ft.com/cms/s/0/f2b97d9a-1f96-11de-a7a5-00144feabdc0.html A laboratory robot called Adam has been hailed as the first machine in history to have discovered new scientific knowledge independently of its human creators. Adam formed a hypothesis on the genetics of bakers? yeast and carried out experiments to test its predictions, without intervention from its makers at Aberystwyth University. The result was a series of ?simple but useful? discoveries, confirmed by human scientists, about the gene coding for yeast enzymes. The research is published in the journal Science. Professor Ross King, the chief creator of Adam, said robots would not supplant human researchers but make their work more productive and interesting. ?Ultimately we hope to have teams of human and robot scientists working together in laboratories,? he said. Adam is the result of a five-year collaboration between computer scientists and biologists at Aberystwyth and Cambridge universities. The researchers endowed Adam with a huge database of yeast biology, automated hardware to carry out experiments, supplies of yeast cells and lab chemicals, and powerful artificial intelligence software. Although they did not intervene directly in Adam?s experiments, they did stand by to fix technical glitches, add chemicals and remove waste. The team has just completed a successor robot called Eve, which is about to work with Adam on a series of experiments designed to find new drugs to treat tropical diseases such as malaria and schistosomiasis. ?Adam is a prototype,? says Prof King. ?Eve is better designed and more elegant.? In the new experiments, Adam and Eve will work together to devise and carry out tests on thousands of chemical compounds to discover antimalarial drugs. Copyright The Financial Times Limited 2009 From rforno at infowarrior.org Fri Apr 3 13:14:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Apr 2009 09:14:32 -0400 Subject: [Infowarrior] - Sources: Google In Talks To Acquire Twitter Message-ID: <2A88B8BB-DFDF-4978-AFC2-4B9E915D27A0@infowarrior.org> Sources: Google In Talks To Acquire Twitter (Updated) by Michael Arrington on April 2, 2009 Here?s a heck of a rumor that we?ve sourced from two separate people close to the negotiations: Google is in late stage negotiations to acquire Twitter. We don?t know the price but can assume its well, well north of the $250 million valuation that they saw in their recent funding. Twitter turned down an offer to be bought by Facebook just a few months ago for half a billion dollars, although that was based partially on overvalued Facebook stock. Google would be paying in cash and/or publicly valued stock, which is equivalent to cash. So whatever the final acquisition value might be, it can?t be compared apples-to- apples with the Facebook deal. < - > http://www.techcrunch.com/2009/04/02/sources-google-in-late-stage-talks-to-buy-twitter/ From rforno at infowarrior.org Fri Apr 3 14:10:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Apr 2009 10:10:20 -0400 Subject: [Infowarrior] - Comments: Proposed Cybersecurity Legislation Message-ID: Several security and DOD-oriented lists I participate in have been abuzz with the propsed cybersecurity legislation being floated around in the Senate this week by Sens Snowe and Rockefeller. After a few days of discussion, I've decided to just add my comments to the fray here on infowarrior-l based on the following DefenseTech article: Proposed Cyber Security Legislation http://www.defensetech.org/archives/004779.html Summary: They appear to be reinventing the wheel (again) -- and the results will be no different. Comments below: > The proposed legislation calls for the creation of a Cyber Security > Advisory Panel that is composed of outside experts from industry, > academia, and nonprofit groups that would advise the president on > related matters. They have them - NSTAC, NIAC, and other Advisory Counsels. In fact, my April prank this week (yeah yeah) was along just such lines, because any such advisory body likely will be composed of those least knowledgeable about what's really going on (ie, mostly hand-picked senior executives from the corner offices) Of course, those in charge do NOT want to have truly knowledgeable folks advising them, for they will not like what they are being told. Groupthink reigns supreme in Washington policy circles, as does lobbying influence. http://infowarrior.org/aprilfools/aprilfools09.html (for those who missed it) > The proposed legislation calls for the creation of a public/private > clearinghouse for cyber threats and vulnerability information > sharing, establishment of measurable and auditable cyber security > standards from the National Institute of Standards and Technology. Umm, the SEI CERT/CC has been around for 20 years doing just that. Highly trusted and regarded folks, they are. Do we need another group to do this? (Disclaimer: I am a visiting scientist @ SEI) > The proposed legislation would also require that cyber security > professionals be licensed and certified. > Provision: The proposed legislation would also require that the > Cyber Security Adviser conduct a review of the U.S. cyber security > program every four years and require officials to complete a number > of reviews and reports. The security experts whom I respect and admire the most (mentioned above) cut their teeth and made their reputations by hard work and demonstrated professional activities (jobs, papers, con talks, research, etc) and not simply by passing a test. As this proposal reads, will people like Dorothy Denning, Whit Diffie, Matt Blaze, Dan Geer, Bruce Schneier, and how many other VERY competent and knowledgeable security experts be prevented from consulting to the government because they do not have (to my knowledge) any certification? Or will there be waivers? And will "waivers for awesome people" be the new norm? As one securitygeek told me, "The fed gov needs X IA pros. They need to be certified. My guess is the difficulty in getting that cert has to be low enough that you can have X + enough to fill the pipe." So at what point does this policy become meaningless and ineffective because getting a cert is "so simple to pass even a Caveman can do it?" Requiring certification for infosec people is conventional thinking. As with those security experts and hackers whom I respect and admire, the "enemy" will be effective not because the have certifications but because of their personal attributes --- ie, qualities like inquisitiveness, tenacity, professional interests, tacit knowledge, and drive --- things that CAN NOT be externally taught, nor externally certified present. Just as when folks are surprised when I bring up "stuff" (such as threats/vulns/risks/observations) during red team exercises that they thought was uber-classified and known to only a handful of people, the same analogy applies here.....if you maintain the belief in the sanctity and exclusiveness of your standards, don't be surprised when others are able to run circles around you! So who's the real beneficiary here? The certification-issuing folks, who stand to profit handsomely from this. And, those executives/ managers/CIO/CTOs who are forced to use these certified professionals, for they have received a legislated Get-Out-of-Jail-Free card -- if there are problems, damages, or losses, they can point to these certified people and say "these EXPERTS told me what to do, and I did it" ... ie, they can dodge accountability for problems happening on their watch. How convenient! > The proposed legislation calls for the creation of state and > regional cyber security centers to help small and midsize businesses > adopt security measures. Yep. We love those "fusion center" operations, don't we? That's the hottest ticket in town, building these centers. > The proposed legislation would establish a Secure Products and > Services Acquisitions Board that would to review and approve the > security and integrity of products purchased by the federal > government. Isn't that what NIST and NSA were supposed to be doing all along in examining and certifying technology products for federal use and security requirements? Do we need another entity now? > The proposed legislation would require government and private sector > networks that control the critical infrastructure to comply with a > set of cyber security standards established by the National > Institute of Standards and Technology (NIST). They're probably there in one form or other - just need to consolidate things. Okay, fine. > This legislation is past due! Report after report has highlighted > the increased complexity and frequency of cyber attacks on business, > government and our critical infrastructure. Delays in pushing this > legislation through could have serious consequences. So time is of > the essence in preparing for the passage and enactment of this > legislation. This reporter knows nothing about cybersecurity issues and is simply parrotting the typical DC response to problems --- We must do something now, because the threats are immediate. Forget thinking things through and objectively coming to rational, effective solutions, we need solutions NOW. *facepalm* Something must be done; this is something, therefore we must do it. :( > mandatory reporting within 24 hours of discovery is critical. > Another area of concern is training. While the proposed legislation > touches on training, it does not specifically address continuing > education. Cyber attack techniques and criminal scams are highly > dynamic and rapidly evolving. Nor does it do ANYTHING in terms of forcing accountability on people, agencies, vendors, and service providers to build, develop, deploy, and administer resilient systems. Remember that "good enough" has become the accepted standard of cybersecurity excellence. There is no economic motivation for anyone to do anything more to fix these problems short of offering more consultants and "stuff" to deploy on top of foundations that remain fundamentally flawed and unstable. After all, if you think about it, "good enough" is too damn profitable!! Also, IIRC there is also talk of developing a "national cybersecurity dashboard" where someone (WH, DHS) can see at anytime the "cybersecurity health" of the country and then point at some network node and say "disconnect it now". The former notion might - might - be doable, but the latter point is downright scary, especially when we see things like this article, where the FBI creates huge collateral damage "disconnecting" an Internet site: FBI Agents Raid Dallas Computer Business http://cbs11tv.com/local/Core.IP.Networks.2.974706.html. But we've got to have *some* pie-in-the-sky thinking here, right? As I said, this is More of The Same Stuff. Just a different Administration, and Different Congress. I remain cynical. -rick From rforno at infowarrior.org Fri Apr 3 14:44:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Apr 2009 10:44:17 -0400 Subject: [Infowarrior] - Amusing Navy password policy Message-ID: From a March 2009 CNO security manual (OPNAVINST 5510.50M dtd 23 March 09) -- Regarding passwords on official Navy systems -- "Use a combination of two uppercase, two lower case, two numbers, and two symbols in your password (nine characters minimum). Administrator/ developer/root/super user accounts must contain a 15 character minimum." How quickly folks forget that if you raise the bar for "better security" too high, you run the risk of forcing everyday regular users to circumvent those requirements just to accomplish their daily activities. Thus, your attempt at providing "better" security likely does just the opposite of what you intended. .... I wonder how soon before Post-It notes sell out at Navy bases around the world. -rf From rforno at infowarrior.org Fri Apr 3 18:53:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Apr 2009 14:53:16 -0400 Subject: [Infowarrior] - Google Maps, alleged terrorist enabler (again) Message-ID: California legislator seeks to limit photos on Google Maps By Jim Sanders | Sacramento Bee http://www.mcclatchydc.com/254/story/65311.html SACRAMENTO ? California has a new idea for thwarting terrorism: Attackers might not hit what they can't see. Assemblyman Joel Anderson is pushing to ban online mapping services from publishing clear photos of key buildings used by the public ? but fuzzy images would be fine. "All I'm asking is that they reduce the level of detail," he said. "They can either smear it or back (the camera) off." America's enemies benefit from detailed aerial, satellite and street- view images of schools, churches, hospitals and government buildings, Anderson contends. Terrorists have push-button access to minute details of the buildings' exits, windows, facades, access routes ? even rooftop vents, he said. The Alpine Republican points to news reports that terrorists who attacked various locations in Mumbai, India, last year used digital maps and other high-technology equipment. "We should not be helping bad people map their next target," Anderson said. Violators of Anderson's legislation, Assembly Bill 255, could face fines of $250,000 per day and prison terms of up to three years. Critics dismiss the bill as a feel-good measure that would not stop terrorists and could prompt all 50 states to adopt differing standards on mapping browsers. Assemblyman Paul Krekorian, D-Burbank, called the legislation a "fairly superficial response." "I don't see that it's going to contribute a lot to the global war on terrorism if we prohibit al-Qaida from using Google in California," Krekorian said. Assemblyman Chuck DeVore, an Irvine Republican and former military intelligence officer, said the bill could open a Pandora's box. "My concern is, what's next?" DeVore said. "Do politicians then demand that we blur out images of the homes of law enforcement personnel ? or elected officials?" Gov. Arnold Schwarzenegger and state homeland security officials have taken no position on AB 255, which has not yet been debated in legislative committees. The U.S. Department of Homeland Security declined substantive comment Tuesday but said it has not expressed security concerns to Google. Google, a kingpin of online mapping, contends that AB 255 may violate free-speech rights and impair interstate commerce. Microsoft Corp., which also provides an online mapping service, declined comment on AB 255. From rforno at infowarrior.org Sat Apr 4 14:09:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 4 Apr 2009 10:09:36 -0400 Subject: [Infowarrior] - =?windows-1252?q?Google=92s_Plan_for_Out-of-Print?= =?windows-1252?q?_Books_Is_Challenged?= Message-ID: Google?s Plan for Out-of-Print Books Is Challenged By MIGUEL HELFT http://www.nytimes.com/2009/04/04/technology/internet/04books.html?ref=global-home&pagewanted=print SAN FRANCISCO ? The dusty stacks of the nation?s great university and research libraries are full of orphans ? books that the author and publisher have essentially abandoned. They are out of print, and while they remain under copyright, the rights holders are unknown or cannot be found. Now millions of orphan books may get a new legal guardian. Google has been scanning the pages of those books and others as part of its plan to bring a digital library and bookstore, unprecedented in scope, to computer screens across the United States. But a growing chorus is complaining that a far-reaching settlement of a suit brought against Google by publishers and authors is about to grant the company too much power over orphan works. These critics say the settlement, which is subject to court approval, will give Google virtually exclusive rights to publish the books online and to profit from them. Some academics and public interest groups plan to file legal briefs objecting to this and other parts of the settlement in coming weeks, before a review by a federal judge in June. While most orphan books are obscure, in aggregate they are a valuable, broad swath of 20th-century literature and scholarship. Determining which books are orphans is difficult, but specialists say orphan works could make up the bulk of the collections of some major libraries. Critics say that without the orphan books, no competitor will ever be able to compile the comprehensive online library Google aims to create, giving the company more control than ever over the realm of digital information. And without competition, they say, Google will be able to charge universities and others high prices for access to its database. The settlement, ?takes the vast bulk of books that are in research libraries and makes them into a single database that is the property of Google,? said Robert Darnton, head of the Harvard University library system. ?Google will be a monopoly.? Google, which has scanned more than seven million books from the collections of major libraries at its own expense, vigorously defends the settlement, saying it will bring great benefits to the broader public. And it says others could make similar deals. ?This agreement expands access to many of these hard-to-find books in a way that is great for Google, great for authors, great for publishers and great for readers,? said Alexander Macgillivray, the Google lawyer who led the settlement negotiations with the Association of American Publishers and the Authors Guild. Most of the critics, which include copyright specialists, antitrust scholars and some librarians, agree that the public will benefit. But they say others should also have rights to orphan works. And they oppose what they say amounts to the rewriting, through a private deal rather than through legislation, of the copyright rules for millions of texts. ?They are doing an end run around the legislative process,? said Brewster Kahle, founder of the Open Content Alliance, which is working to build a digital library with few restrictions. Opposition to the 134-page agreement, which the parties announced in October, has been building slowly as its implications have become clearer. Groups that plan to raise concerns with the court include the American Library Association, the Institute for Information Law and Policy at New York Law School and a group of lawyers led by Prof. Charles R. Nesson of Harvard Law School. It is not clear that any group will oppose the settlement outright. The groups representing publishers and authors, which filed a class- action lawsuit against Google in 2005 in the Federal District Court for the Southern District of New York on behalf of their members, are defending the settlement, as are some librarians at major universities. ?What we were establishing was a renewed access to a huge corpus of material that was essentially lost in the bowels of a few great libraries,? said Richard Sarnoff, former chairman of the Association of American Publishers and co-chairman of the American unit of Bertelsmann, the parent company of Random House. The lawsuit claimed that Google?s practice of showing snippets of copyrighted books in search results was copyright infringement. Google insisted that it was protected by fair use provisions of copyright law. The settlement, which covers all books protected by copyright in the United States, allows Google to vastly expand what it can do with digital copies of books, whether they are orphans or not. Google will be allowed to show readers in the United States as much as 20 percent of most copyrighted books, and will sell access to the entire collection to universities and other institutions. Public libraries will get free access to the full texts for their patrons at one computer, and individuals will be able to buy online access to particular books. Proceeds from the program, including advertising revenue from Google?s book search service, will be split; Google will take 37 percent, and authors and publishers will share the rest. Google will also help set up a Book Rights Registry, run by authors and publishers, to administer rights and distribute payments. Authors are permitted to opt out of the settlement or remove individual books from Google?s database. Google says it expects the pool of orphan books to shrink as authors learn about the registry and claim their books. While the registry?s agreement with Google is not exclusive, the registry will be allowed to license to others only the books whose authors and publishers have explicitly authorized it. Since no such authorization is possible for orphan works, only Google would have access to them, so only Google could assemble a truly comprehensive book database. ?No other company can realistically get an equivalent license,? said Pamela Samuelson, a professor at the University of California, Berkeley, and co-director of the Berkeley Center for Law and Technology. Mr. Macgillivray said Google shared with many of its critics the goal of making orphan works more widely accessible. He said Google would continue to lobby for legislation to that effect. And he said that nothing prevented a potential rival from following in its footsteps ? namely, by scanning books without explicit permission, waiting to be sued and working to secure a similar settlement. Yet even Michael J. Boni, the lead lawyer representing the Authors Guild, conceded that ?Google will always have the advantage of having access to 100 percent of the orphan works.? Mr. Darnton of Harvard said he feared that without competition Google would be free to ?raise the price to unbearable levels.? But Mr. Macgillivray and Mr. Boni said prices would be kept in check, in part by the goal, spelled out in the agreement, to reach as many customers as possible. Some of Google?s rivals are clearly interested in the settlement?s fate. Microsoft is helping to finance the research on the settlement at the New York Law School institute. James Grimmelmann, an associate professor at the institute, said its work was not influenced by Microsoft. Microsoft confirmed this but declined to comment further. Amazon also declined to comment. An unmatchable back catalog could eventually make Google a primary source for digital versions of books, old and new, threatening other e-book stores. From rforno at infowarrior.org Sat Apr 4 15:40:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 4 Apr 2009 11:40:32 -0400 Subject: [Infowarrior] - Ten business lessons from 'Battlestar Galactica' Message-ID: <9423E391-4371-4580-A819-16D3632B0AE8@infowarrior.org> Ten business lessons from 'Battlestar Galactica' by Robert Strohmeyer, PC World http://www.macworld.com/article/139561/2009/03/bsg.html You think your business has it rough? The people of Battlestar Galactica have lived through a recession you wouldn't believe. With dwindling resources, a skeleton crew, enemies constantly lurking out of view, and a pervasive threat of annihilation, Admiral Adama navigates the vast unknown. Like any leader, he makes his share of mistakes--sometimes with devastating consequences. But regardless of the fate of that ragtag fleet, the tale of Galactica is rife with lessons that can benefit any business leader. 1. Tech isn't always the answer. In the premiere episode, the Cylons took out the entire human battle fleet by exploiting a weakness in the computer network. Only the Galactica survived, because its network was offline. The takeaway? Overdependence on technology can be your downfall. 2. Don't neglect training. In episode 4 of season 1, an explosion on the hangar deck wiped out many of Galactica's top pilots, forcing Starbuck to begin training new pilots. Had Adama and company been training new talent all along, the fleet would have been prepared for such an emergency. 3. Some things can't be outsourced. Pretty much every terrible event that befalls humanity in Galactica is the direct result of an overzealous push toward outsourcing human labor to robots. The business lesson here is clear: While outsourcing may save short-term costs, outsourcing the wrong jobs can ultimately destroy your business, the economy, or your species. 4. Update your antivirus. In season 2, episode 9, a Cylon computer virus threatens to shut down the Galactica's defenses, vent the ship's atmosphere into space, and turn its guns on the civilian fleet. No enterprise is immune to viruses, and an infection can have disastrous consequences. Run your patches and updates, folks. 5. Democracy doesn't always work. At the close of season 2, the weary civilian fleet votes to stop the search for Earth and settle on a verdant planet called New Caprica. But like so many decisions fueled by populist anxiety, this one proves disastrous, leaving humanity enslaved by the Cylon overlords. Good leaders listen to their people, then make their own decisions. 6. Some problems can't be killed. During the Cylon occupation on New Caprica, Starbucks is imprisoned by Leoben Conoy, who toys with her mind. She kills him repeatedly, but he just keeps coming back. We're not sure what her alternatives might have been, but it's clear that her problem wasn't going away. Likewise, some problems simply must be accepted as reality; endlessly fighting them is a waste of energy and resources. 7. Seek strategic alliances with competitors. There are times when your enemies can also be your friends. In today's world we call these "frenemies." Case in point: In season 4, when Cylon rebels find themselves on the outs with their "people," humanity gets a shot at evening the odds by collaborating with the outcasts to destroy the Cylon resurrection hub. Cylons lose their immortality, and with it, their strategic advantage. Well-timed alliances can change any business landscape in your favor. 8. Don't store all your backups in one place. See number 7. If Cylons can benefit from off-site backup, so can you. 9. The mission can change at any time. Galactica accomplished its primary mission and arrived at planet Earth. Yay. Unfortunately, the entire place had been rendered uninhabitable by a nuclear holocaust two millennia earlier. Boo. New mission: Find someplace else to survive. Your mission can change at any time, whether you're ready for it or not. Be flexible. 10. Beware of visionaries. Zealots make bad leaders. There are a few visionaries out their worth following, but for the most part, people who claim to have visions are insane. For every Bill Gates or Steve Jobs in the world, you'll find a million Admiral Cains willing to sacrifice the entire company in the service of their own egos. Or, worse, you could get stuck with an unwitting Kara Thrace, and we all know she's the harbinger of death. From rforno at infowarrior.org Sat Apr 4 18:43:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 4 Apr 2009 14:43:09 -0400 Subject: [Infowarrior] - Phoenix police raid blogger whose writing is highly critical of them Message-ID: <442FE2D3-E55E-4CCF-8FEF-882F41644AFD@infowarrior.org> Phoenix police raid home of blogger whose writing is highly critical of them April 2nd, 2009 Update: Beneath the article is the leaked memo from Phoenix City Attorney Gary Verburg advising Phoenix police that a litigation hold has been placed on the Pataky case, meaning all documents relating to the case must be preserved under legal obligation. The memo also recommends officers to ?exercise caution and discretion? when discussing the case electronically. In what should send a frightening chill down the spine of every blogger, writer, journalist and First Amendment advocate in the United States, Phoenix police raided the home of a blogger who has been highly critical of the department. Jeff Pataky, who runs Bad Phoenix Cops, said the officers confiscated three computers, routers, modems, hard drives, memory cards and everything necessary to continue blogging. The 41-year-old software engineer said they also confiscated numerous personal files and documents relating to a pending lawsuit he has against the department alleging harassment - which he says makes it obvious the raid was an act of retaliation. Maricopa County Judge Gary Donahoe signed the search warrant that allowed at least ten cops to raid his home in North Phoenix on March 12 while handcuffing his female roommate for three hours as they tore the place apart. Pataky, who was out of town on a business trip during the raid, also believes police were retaliating against him for the content of his blog, much of it which comes from inside sources within the department. ?They broke into my safe and took the backups of my backups,? he said in a phone interview with Photography is Not a Crime on Wednesday. ?I can?t even file my taxes because all my business plans are gone. They took everything.? The search warrant lists ?petty theft? and ?computer tampering with the intent to harass? as probable causes. He has yet to see an actual affidavit that lists in detail the probable cause and is skeptical that one even exists. ?They say everything has been sealed,? he said. The conflict between Pataky and the Phoenix Police Department began two years ago during ?a nasty divorce? after moving out of the house he had shared with his wife. His said she was not taking the divorce too well and began filing false allegations against him accusing him of stalking and harassing her. Many of the reports she filed accused him of doing things when he was out of town, he said. < - > http://carlosmiller.com/2009/04/02/phoenix-police-raid-home-of-blogger-whose-writing-is-highly-critical-of-them/ From rforno at infowarrior.org Sat Apr 4 23:55:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 4 Apr 2009 19:55:11 -0400 Subject: [Infowarrior] - Monster Cable at it again... Message-ID: <70379DCB-9E10-4143-94C8-B2D7A025C995@infowarrior.org> (c/o IP) http://online.wsj.com/article/SB123869022704882969.html The Scariest Monster of All Sues for Trademark Infringement By STEVE STECKLOW When Christina and Patrick Vitagliano dreamed up their Monster Mini Golf franchises -- 18-hole, indoor putting greens straddled by glow-in- the-dark statues of ghouls and gargoyles -- they never imagined that a California maker of high-end audio cables would object. But Monster Cable Products Inc., which holds more than 70 trademarks on the word monster, challenged the Vitaglianos' trademark applications. It filed a federal lawsuit against their company in California and demanded the Rhode Island couple surrender the name and pay at least $80,000 for the right to use it. "It really seemed absurd," says Ms. Vitagliano. The legal actions were nothing new for Monster Cable, which was granted its first "Monster" trademark in 1980. Since then, the company has fought more monsters than Godzilla did. Over the years, it has gone after purveyors of monster-branded auto transmissions, slot machines, glue, carpet-cleaning machines and an energy drink, as well as a woman who sells "Junk Food Monster" kids' T- shirts that promote good eating habits. It sued Monster.com over the job-hunting Web site's name and Walt Disney Co. over products tied to the film "Monsters Inc." It opposed the Boston Red Sox trademark applications for seats and hot dogs named for the Green Monster, the legendary left-field wall in Fenway Park. All in all, Monster Cable says it has fought about 190 monster battles at the U.S. Patent and Trademark Office and filed around 30 monster lawsuits in federal courts. Along the way, it has attracted its share of ire from those who say it is overreaching and trying to corner the market on a word, not a brand. "If Monster Cable prevails, the Gila monster will become just another lizard" and "the monster under your bed will have to become an ogre," wrote Michael Meadors of tabberone.com, a Web site that sells fabrics and also keeps tabs on trademark issues. "Monster Cable's practice of suing anyone using the word 'Monster' in their name is nothing short of playground bullying," says Robert Holloway, a computer contractor in Iowa who set up a Web site called monstercablebully.com to support the Vitaglianos. Monster Cable says its trademark challenges are a matter of necessity. "If you don't defend your mark, and people use [it], it runs the risk of becoming generic and then you lose the mark," says Noel Lee, founder of the Brisbane, Calif., company, whose corporate title is "Head Monster." Mr. Lee says the company sells many other monster- branded products besides cables that it has to protect, including music, clothing and candy mints. To a legal novice, it may seem odd that a common word like monster can be trademarked at all. But in the complex and sometimes murky world of trademark law, common words can be registered, provided they are associated with specific classes of goods. Apple Inc., for example, holds trademarks for the word apple when it's related to computer products, not fruit. Sometimes, trademarks can obtain a higher order of protection, known as "famous marks." This category is supposed to be reserved for words that have become so entwined with a product and a company -- like the word visa and Visa Inc.'s credit card -- that the trademark owner can argue that no other product may use the word in its name. David Tognotti, Monster Cable's general manager and an attorney, says the company considers "Monster" a famous mark -- on a par with Barbie dolls or Camel cigarettes. "We're protecting our mark as if it's a famous mark," he said in an interview in Monster Cable's headquarters, where the walls are lined with framed copies of the company's trademarks and patents. Mr. Tognotti cited a chapter on famous marks in the law book "McCarthy on Trademarks and Unfair Competition" by J. Thomas McCarthy, a noted expert in the field. But in an interview, Prof. McCarthy expressed doubt that Monster Cable possesses a famous mark. He said such determinations are made by courts. Mr. Tognotti acknowledges Monster Cable hasn't obtained such a court ruling. Most of the company's lawsuits have been settled privately under confidential terms. In some instances -- such as the case of the Discovery Channel's reality auto show, Monster Garage -- companies have surrendered their trademarks to Monster Cable, which sometimes licenses them back for a fee. Discovery Channel declined to comment. The show is no longer in production. In its federal civil lawsuit against Monster.com, Mr. Tognotti says owner Monster Worldwide Inc. agreed to pay Monster Cable's legal fees and post a clickable link to its Web site on Monster.com that says, "Looking for Monster Cable?" A spokesman for Monster Worldwide acknowledged the lawsuit was resolved but wouldn't discuss details. A Disney spokesman says the company settled the lawsuit over Monster Inc.-related products without paying any compensation. Mr. Tognotti of Monster Cable says his company dropped the lawsuit after determining there was no trademark infringement. He says Monster Cable has no plans to pursue the new DreamWorks Animation film, "Monsters vs Aliens." Says Mr. Tognotti: "We do not have a concern if a company is using the word 'monster' in a purely descriptive sense to describe actual monsters." As for the Red Sox, Mr. Tognotti says the team agreed to withdraw or modify some of its trademark registrations for Green Monster-related products after Monster Cable argued there was "confusion in the marketplace." At the time, San Francisco's Candlestick Park was called Monster Park because Monster Cable had bought the naming rights. A Red Sox attorney referred questions to Major League Baseball, where a spokesman said the team had agreed with Monster Cable over a "procedural matter" but declined to elaborate. Occasionally, Monster Cable has retreated. After it sued MonsterVintage LLC, an online used-clothing store based in Oregon, owner Victor Petrucci says he drove a rented truck to Monster Cable's headquarters and around San Francisco for two weeks. It was emblazoned with a giant sign that read in part, "Monster Cable S-." Monster Cable dropped the lawsuit. "We have to balance what we do legally to protect our mark with that of public opinion," says Mr. Lee, adding, "We're very sensitive to our reputation." The Vitaglianos say their monstrous fight erupted in 2006, two years after the couple opened their first mini-golf course. "It never occurred to me that a cable company might not like it," she says. Adds her husband, "We just all assumed it was going to go away." Their attorney, Arthur L. Pressman, says he suggested they consider changing the name to Scary Mary's Monster Mini Golf to play down the word monster. But the couple refused to back down. By late last year, with their legal bills approaching $100,000, they agreed to try mediation. But after 10 hours, "we got really angry and sort of stormed away," says Ms. Vitagliano. The couple then launched an Internet-based guerrilla campaign to generate public support. "We blogged nonstop, around the clock, for weeks, and enlisted much of our staff to do the same," she says. The couple offered to sell symbolic slices of "Justice" for $1 on eBay and raised about $4,400 for their legal defense. Two days before Christmas, she sent Mr. Lee a DVD of the film, "How the Grinch Stole Christmas." Monster Cable's Mr. Lee says the company also received at least 200 angry consumer complaints. After speaking with the Vitaglianos, he decided to drop the lawsuit, withdraw his company's opposition to Monster Mini Golf's trademark applications and pay up to $200,000 of their legal expenses. -- Don Drake www.drakeconsulting.com www.maillaunder.com 312-560-1574 800-733-2143 From rforno at infowarrior.org Sun Apr 5 02:00:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 4 Apr 2009 22:00:40 -0400 Subject: [Infowarrior] - Time Warner Unveils 40 GB Bandwidth Cap Message-ID: http://www.tomshardware.com/news/time-warner-cable-bandwidth-cap,7466.html#xtor =RSS-181 Time Warner Unveils 40 GB Bandwidth Cap 8:51 PM - April 3, 2009 by Marcus Yam Source: Tom's Hardware US ? Category : Miscellaneous Time Warner Cable will soon be expanding its bandwidth capping plans to more cities. ZoomAt a time when new media and entertainment delivery systems are evolving and leaning on internet distribution, internet service providers are cracking down on the bandwidth that its users consume. Time Warner Cable, which owns the Road Runner internet service, will this month begin monitoring the activity of its customers in Austin, TX, San Antonio, TX and Rochester, NY, according to BusinessWeek. Roll out of the new program will happen sometime closer to summer, with Greensboro, NC being the first city to see the change. New customers in those markets will be put on tiered and capped plans with monthly bandwidths limits starting at a miniscule 5 GB for the entry level $29.95 fee all the way to an paltry 40 GB for $54.90. The levels will be 5, 10, 20 and 40 GB, with overages charged at $1 per GB. "We need a viable model to be able to support the infrastructure of the broadband business," Time Warner Cable CEO Glenn Britt said in an interview. "We made a mistake early on by not defining our business based on the consumption dimension." With competitors such as Comcast offering 250 GB cap, Time Warner Cable?s top limit of 40 GB seems backwards in comparison. With video streaming services such as Netflix on the PC, Xbox 360 or other set top boxes, such a cap could severely limit utility or make internet bills skyrocket. Analysts estimate that a family who opts for the 40 GB plan and streams 7.25 hours of online video a week could end up spending $200 per month on broadband usage fees. For the sake of comparison, the average American household spends 60 hours per week watching TV. Time Warner Cable defends its plans by saying that most people do not use that much data. Basing its claims from a trial of 100,000 customers in Beaumont, TX about 14 percent exceeded their cap and had to pay about $19 in overages. Time Warner Cable added that the top quarter of users consumed 100 times more data than the bottom quarter of users. We explain this simply by that there are those who use the internet for modern services such as video delivery, and another type of customer that just uses it to send emails. For the sake of the progression of new technologies, we hope Time Warner Cable at least offers its customers a little more freedom in how they use the internet. From rforno at infowarrior.org Sun Apr 5 19:32:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 5 Apr 2009 15:32:53 -0400 Subject: [Infowarrior] - Canada: Deep Packet Inspection site Message-ID: http://dpi.priv.gc.ca/ How does society reconcile the technological benefits and privacy impacts of new technology? Deep packet inspection is just one seemingly neutral technological application that can have a significant impact on privacy rights and other basic civil liberties, especially as market forces, the enthusiasm of technologists and the influence of national security interests grow stronger. This web site is meant to serve as a resource on deep packet inspection. It grew out of a desire at the Office of the Privacy Commissioner of Canada to understand more about a technology that has application in network traffic management, behavioural advertising, and law enforcement. In the summer and fall of 2008, we contacted leading academics and professionals working in telecommunications, law, privacy, civil liberties and computer science to ask if they would contribute a short essay to a project we were planning ? a project that would help Canadians understand the impact of just one component of the technology that underlies our networked society. This site presents the work of these academics, lawyers, researchers, activists and industry professionals. We value the time they invested in preparing their essays, and we are happy to present their work in a format that will, hopefully, encourage further discussion around deep packet inspection and similar technologies. You will notice that this web site was developed with sharing in mind. There are opportunities for you to leave your comments about each essay ? either through a written comment or by voting on the essay. We have built in links to some of the more popular content sharing services, in case you think some or all of the essays should be brought to the attention of friends, colleagues, legislators or others. http://dpi.priv.gc.ca/ From rforno at infowarrior.org Mon Apr 6 11:45:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 6 Apr 2009 07:45:16 -0400 Subject: [Infowarrior] - Facebook hit by new security concerns over privacy settings Message-ID: <0E09B4ED-4491-4367-93F4-541A45DCC0C4@infowarrior.org> (Cambridge paper PDF @ http://www.cl.cam.ac.uk/~jcb82/8_friends_paper.pdf) Facebook hit by new security concerns over privacy settings Dan Raywood | Apr 6, 2009 12:53 PM http://www.securecomputing.net.au/Tools/Print.aspx?CIID=141835 Users of Facebook could be giving away their personal information due to the way the website's privacy settings work. A team from the University of Cambridge's computer laboratory has showed how Facebook public profiles could be used to find out personal information despite appearing to contain only a few details. In the paper, titled ?Eight Friends Are Enough', the team pointed out that it was possible to reconstruct a user's friends list in a way that could allow marketers, governments and even criminals to understand the private relationships between different people. It claimed that a search for a specific Facebook user will display every user's name, photo and eight friendship links. Affiliations with organisations, causes, or products are also listed. The paper's author Joseph Bonneau, said: "This is quite a bit of information given away by a feature many active Facebook users are unaware of. Indeed, it's more information than the Facebook's own privacy policy indicates is given away. "When the feature was launched in 2007, every over-18 user was automatically opted-in, as have been new users since then. You can opt out, but few people do - out of more than 500 friends of mine, only three had taken the time to opt out. It doesn't help that most users are unaware of the feature, since registered users don't encounter it." The paper further claimed that the public listings are designed to be indexed by search engines. In the team's own experiments, it was able to download over 250,000 public listings per day using a desktop PC and a fairly crude Python script. Bonneau said: "For a serious data aggregator getting every user's listing is no sweat. So what can one do with 200 million public listings? Facebook's public listings give us a random sample of the social graph, leading to some interesting exercises in graph theory. As we describe in the paper, it turns out that this sampled graph allows us to approximate many properties of the complete network surprisingly well." "This result leads to two interesting conclusions. First, protecting a social graph is hard. Consistent with previous results, we found that giving away a seemingly small amount can allow much information to be inferred. It's also been shown that anonymising a social graph is almost impossible." "Second, Facebook is developing a track record of releasing features and then being surprised by the privacy implications, from Beacon to NewsFeed and now Public Search. Analogous to security-critical software, where new code is extensively tested and evaluated before being deployed, social networks should have a formal privacy review of all new features before they are rolled out (as, indeed, should other web services which collect personal information). Features like public search listings shouldn't make it off the drawing board." Facebook claimed that its publicly searchable pages were only introduced after an extensive privacy review. A spokesperson told the Guardian: "Public search listings are a way for those users who wish to allow people to find them in search engines to share limited elements of their Facebook profile. Their creation, continued presence, and the particular elements contained within them are entirely configurable by users. "Changes as to the presence or content of a public search listing may be made easily by any user on the privacy settings page." From rforno at infowarrior.org Mon Apr 6 12:12:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 6 Apr 2009 08:12:07 -0400 Subject: [Infowarrior] - Italy muzzled scientist who foresaw quake Message-ID: <75616DD3-B507-4599-812C-CA617D56A55F@infowarrior.org> Italy muzzled scientist who foresaw quake 06 Apr 2009 11:22:02 GMT Source: Reuters By Gavin Jones http://www.alertnet.org/thenews/newsdesk/L6566682.htm ROME, April 6 (Reuters) - An Italian scientist predicted a major earthquake around L'Aquila weeks before disaster struck the city on Monday, killing dozens of people, but was reported to authorities for spreading panic among the population. The first tremors in the region were felt in mid-January and continued at regular intervals, creating mounting alarm in the medieval city, about 100 km (60 miles) east of Rome. Vans with loudspeakers had driven around the town a month ago telling locals to evacuate their houses after seismologist Gioacchino Giuliani predicted a large quake was on the way, prompting the mayor's anger. Giuliani, who based his forecast on concentrations of radon gas around seismically active areas, was reported to police for "spreading alarm" and was forced to remove his findings from the Internet. Italy's Civil Protection agency held a meeting of the Major Risks Committee, grouping scientists charged with assessing such risks, in L'Aquila on March 31 to reassure the townspeople. "The tremors being felt by the population are part of a typical sequence ... (which is) absolutely normal in a seismic area like the one around L'Aquila," the civil protection agency said in a statement on the eve of that meeting. "It is useful to underline that it is not in any way possible to predict an earthquake," it said, adding that the agency saw no reason for alarm but was nonetheless effecting "continuous monitoring and attention". As the media asked questions about the authorities' alleged failure to safeguard the population ahead of the quake, the head of the National Geophysics Institute dismissed Giuliani's predictions. "Every time there is an earthquake there are people who claim to have predicted it," he said. "As far as I know nobody predicted this earthquake with precision. It is not possible to predict earthquakes." Enzo Boschi said the real problem for Italy was a long-standing failure to take proper precautions despite a history of tragic quakes. "We have earthquakes but then we forget and do nothing. It's not in our culture to take precautions or build in an appropriate way in areas where there could be strong earthquakes," he said. From rforno at infowarrior.org Mon Apr 6 12:22:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 6 Apr 2009 08:22:35 -0400 Subject: [Infowarrior] - The Profile Police Message-ID: <03D45802-7D95-4359-A7DA-6F62370F387A@infowarrior.org> The Profile Police Campus Officers Cruise Facebook, MySpace for Clues To School-Related Crimes, to Some Students' Chagrin By Michael Birnbaum Washington Post Staff Writer Monday, April 6, 2009; A01 http://www.washingtonpost.com/wp-dyn/content/article/2009/04/05/AR2009040501880_pf.html As high school students flock to social networking sites, campus police are scanning their Facebook and MySpace pages for tips to help break up fights, monitor gangs and thwart crime in what amounts to a new cyberbeat. Some students object to police looking over their shoulders. But officers responsible for school safety say routine checks of the online forums often add to the knowledge they glean from hallways or schoolyards. "I can't tell you how many fights we've been able to prevent," said Officer Freddie Rappina, who is based at Robinson Secondary School in Fairfax County. He and another officer watch over more than 4,000 students at the largest school in Virginia. In Rappina's small office at the end of a series of long hallways, a flat-panel computer screen offers him a portal into student life. "Let's say two kids are having a spat online," he said. "I can take them in here and talk to them." Students who have run away from home occasionally check in with their friends on the sites, providing him with information he can use to help get the kids to safety, Rappina added. But he said the computer is no substitute for face-to-face contact with students. In recent years, school administrators have blamed some campus fights on Internet taunts and urged parents to keep watch on their children's computer activity. But students who use the Web to let their 500 closest friends know what they are doing at all times are sometimes surprised that police are watching, too. Police don't have special privileges on Facebook or MySpace. Students who want to go unobserved can change privacy settings so that their profiles are displayed only to a list of approved people. But the default settings leave those profiles open to many Internet users (in the case of Facebook) or all of them (in the case of MySpace). Employers and college admissions counselors have vetted online profiles of student applicants for some time. Police across the country have been doing the same for the past two or three years, said Kevin Quinn, a spokesman for the Minnesota-based National Association of School Resource Officers. "If you're already familiar with the technology, it doesn't take you but a couple of minutes to hook into the student population and keep an eye on things," Quinn said. An expedition into a thicket of blinking MySpace profiles found high school students discussing drugs, sex and fights. It was all publicly available (although in language that caused a reporter to blush). "It's crazy, the things they put on there," Loudoun County Sheriff Stephen O. Simpson said. "They seem to think they're invisible." Simpson said some of his deputies, like authorities elsewhere, proactively track student profiles. That disturbs some of those being monitored. "I think it's an invasion of the student's privacy," said Sarah Steinberg, 18, a senior at Robinson Secondary. She said her mother had access to her Facebook account and kept an eye on her online interactions. But she said there was a difference between the forgiving glance of a parent and the potentially more consequential surveillance of a police officer. "It's outside of school, and I just don't think it should be part of the school's job to do that," she said. Her mother agreed: "I believe it's a parent's job," Judy Ottosen said. But police say it is impossible to ignore an important school social sphere. "Three or four years ago, 20 percent of kids" had Facebook or MySpace profiles, said Officer Joe Lowery, who is based at James Hubert Blake High School in Silver Spring. "Now if you ask, they almost all raise their hand." Lowery said he and other Montgomery County officers who work in schools do not peruse the sites systematically. Even if they were inclined to do so, he said, they wouldn't have time. But Lowery said officers will log on, or ask students to log on to their own accounts, when students or parents approach them with concerns. "You get some kids who are gang-involved," Lowery said. "A lot of these kids put it right on their Facebook or their MySpace. And you go to their site and they've got their colors up, they've got their pledges on there, sometimes they're even holding weapons. It can be very disturbing." Lowery said parents often have little idea what their children are up to online. On occasion, he said, parents have brought printouts of profile pages for him to review. Last year, Lowery said, he solved an armed robbery of two Blake students when he turned up a picture on a MySpace profile of a man whose clothing exactly matched the students' description. Late last month, Fairfax County police announced the arrests of seven Chantilly area teenagers for allegedly trying to recruit Franklin Middle School students to a gang. That investigation was aided when a student showed the school resource officer gang symbols littering one of the suspect's MySpace profiles. Fairfax police say they pride themselves on addressing issues in schools before they flare into major problems. Keeping an eye on Facebook and MySpace has become an extra tool in that effort, they said. But some students were surprised that their profiles were subject to search. "It's not really [their] business to be looking at students' profiles," said Eleni Gibson, 15, a freshman at Robinson. "Because they might see something that students didn't want them to see." But she acknowledged that the practice might be worthwhile for safety. Others said they are aware that authorities might be cruising online student profiles. "I think that we all know that [they] can look at our Facebooks, and they do," said LeighAnne Baxter, 17, a senior at Robinson. "If you do put up incriminating pictures, you have to be prepared for the consequences." From rforno at infowarrior.org Mon Apr 6 16:14:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 6 Apr 2009 12:14:45 -0400 Subject: [Infowarrior] - Court: Congress can't put public domain back into copyright Message-ID: <118959AF-B65A-40AF-8940-9A72E49E815A@infowarrior.org> Court: Congress can't put public domain back into copyright A federal court ruled on Friday that Congress overstepped its authority back in 1994 when it put some public domain foreign works back under copyright protection. Such a move changes the "traditional contours of copyright" in the US, even if done to bring the country in line with its treaty obligations. By Nate Anderson | Last updated April 6, 2009 9:30 AM CT http://arstechnica.com/tech-policy/news/2009/04/court-congress-cant-put-public-domain-back-into-copyright.ars In 1994, Congress jammed a batch of foreign books and movies back into the copyright closet. They had previously fallen into the public domain for a variety of technical reasons (the author hadn't renewed the rights with the US Copyright Office, the authors of older works hadn't included a copyright notice, etc.) and companies and individuals had already started reusing the newly public works. Did Congress have the right to put a stop to this activity by shoving the works back into copyright? On Friday, a federal court said no. "Traditional contours of copyright" 1994's Uruguay Round Agreements Act (URAA) brought US intellectual property law in line with that of other countries. Section 514 of URAA better aligned US copyright law with the international Berne Convention, one of the earliest international intellectual property treaties. Though Berne had first been signed back in 1886, the US hadn't joined up until a century later, in 1988. Part of Berne requires countries to honor copyright on foreign works, so long as those works remain protected in their country of origin. Before URAA was passed, foreign works still received copyright protection in the US, but only on US terms. This meant that works began to leave copyright and enter the public domain in the US even though some were still granted copyright protection in their home countries. After signing URAA, these works reverted into copyright in the US. Lawrence Lessig and a team from Stanford have been arguing for years in Golan v. Gonzales (now Golan v. Hodler) that Congress overstepped its authority when it did this. A federal court disagreed and issued a summary judgment against Golan, a music teacher who had been freely using Prokofiev sheet music before it reverted back into copyright. But the 10th Circuit Court of Appeals said back in 2007 that the case should be reconsidered on First Amendment grounds. Last week, the federal judge who oversaw the trial changed his ruling and agreed that URAA violated the First Amendment. How? In another famous copyright case also argued by Lessig (Eldred v. Ashcroft), the Supreme Court had found that Congressional copyright action could be overturned if it "altered the traditional contours of copyright protection." Lessig seized on this phrase, arguing that putting public domain works back under copyright was unprecedented in US law. The Tenth Circuit generally agreed, which meant that the justices opened the door to a review of URAA's legality on First Amendment grounds. "Together, the public in general and these plaintiffs in particular have a First Amendment interest in using works in the public domain," noted the court in 2007. "In reliance on their rights to these works, plaintiffs have already performed or planned future performances and used these publicly available works to create their own artistic productions. By removing works in the public domain, [URAA] arguably hampers free expression and undermines the values the public domain is designed to protect." In the new ruling, Judge Lewis Babcock conducted his First Amendment analysis and concluded that URAA did change the "traditional contours of copyright" in one important sense: it meant that the copyright sequence no longer moves only from protection to public domain. Indeed, at the whim of Congress, public domain works can now migrate into copyright. "Such an alteration is inconsistent with the copyright scheme as designed by the Framers and as implemented by Congress in the ensuing years," wrote Babcock. Sweet vindication Anthony Falzone, who heads up the Fair Use Project at Stanford and has been involved in the case, called it a "big deal" because "it is the first time a court has held any part of the Copyright Act violates the First Amendment and the first time any court has placed specific constitutional limits on the government's ability to erode the public domain." Lawrence Lessig, was just as pleased, saying that he was "very happy and very very proud to report a big victory" in the case. Lessig titled his statement, "From the there's-no-way-in-hell-you'll-win-that- one department," a phrase he must have heard many time since taking the case. (He came in for similar criticism for the Eldred case, especially after losing at the Supreme Court.) While further appeals are likely in such a prominent case, Lessig & Co. can at least take some momentary comfort from confounding the naysayers and finding the edge of Congressional authority to tinker with copyrights. From rforno at infowarrior.org Tue Apr 7 12:26:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Apr 2009 08:26:11 -0400 Subject: [Infowarrior] - ICRC report on Guantanamo medical officers Message-ID: <64D214D4-486D-4E61-8D62-4E13A2C83F9E@infowarrior.org> http://www.washingtonpost.com/wp-dyn/content/article/2009/04/06/AR2009040603654.html?hpid=topnews < - > Medical officers who oversaw interrogations of terrorism suspects in CIA secret prisons committed gross violations of medical ethics and in some cases essentially participated in torture, the International Committee of the Red Cross concluded in a confidential report that labeled the CIA program "inhuman." Health personnel offered supervision and even assistance as suspected al-Qaeda operatives were beaten, deprived of food, exposed to temperature extremes and subjected to waterboarding, the relief agency said in the 2007 report, a copy of which was posted on a magazine Web site yesterday. The report quoted one medical official as telling a detainee: "I look after your body only because we need you for information." New details about alleged CIA interrogation practices were contained in the 43-page volume written by ICRC officials who were given unprecedented access to the CIA's "high-value detainees" in late 2006. While excerpts of the report were leaked previously, the entire document was made public for the first time by author Mark Danner, a journalism professor, on the Web site of the New York Review of Books. < - > The report can be accessed at http://www.nybooks.com/icrc-report.pdf. From rforno at infowarrior.org Tue Apr 7 12:28:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Apr 2009 08:28:05 -0400 Subject: [Infowarrior] - VA "fusion center": black colleges are node for terrorists Message-ID: <88902909-141C-46BA-BBC3-A67FBD231564@infowarrior.org> Virginia terror assessment targets 'historically black colleges' as 'radicalization nodes' Stephen C. Webster Published: Monday April 6, 2009 http://rawstory.com/news/2008/Virginia_terror_assessment_targets_enormous_crosssection_0406.html A newly leaked terrorism assessment from a law enforcement fusion center in Virginia shows that police and feds are targeting "historically black colleges" as "radicalization nodes" for terrorists. RAW STORY has published the entirety of the 215 page report, available here in PDF format. From page 17: A wide variety of terror or extremist groups have links to [a highlighted area of Virginia]. This area not only has a diverse population due to the strong military presence, but it is also the site of several universities. While most of these universities are considered urban, two are designated as a Historically Black Colleges and Universities, while Regent University is a private, evangelical Christian institution. While the majority of individuals associated with educational institutions do not engage in activities of interest to the VFC, it is important to note that University-based students groups are recognized as a radicalization node for almost every type of extremist group. Though the report singles out "historically black colleges" early on, it also contains an extensive list of peaceful American and International activist groups from nearly all cross-sections of political engagement, placing them side-by-side with groups that have long been known for resorting to violence. The list of groups the fusion center considers potential terrorist threats is as follows: Al-Qa?ida Al-Shabaab HAMAS Hizballah Jama?at al-Tabligh Jama?at ul Fuqra Lashkar-e Tayyiba Muslim Brotherhood Anarchist Extremists Green Anarchism Movement Anonymous Black Separatist Extremists Five Percent Nation Nation of Islam New Black Panther Party New African Black Panther Party Homegrown Islamic Extremism As-Sabiqun Iqaamatiddeen Movement Lone Wolf Extremists Militia Extremists Anti-Abortion Extremists Army of God Animal Defense League Animal Liberation Front Stop Huntington Animal Cruelty Earth First! Katuah Earth First Blue Ridge Earth First Earth Liberation Front Sovereign Citizen Extremists Moorish Science Temple of America Neo-Nazis Racist Skinhead Movement White Supremacists The memo also calls out "hacktivism" as a potential terrorist threat. "Also of note is the phenomenon of hacktivism, defined as 'the nonviolent use of illegal or legally ambiguous digital tools in pursuit of political ends. These tools include web site defacements, redirects, denial-of-service attacks, information theft, web site parodies, virtual sit-ins, virtual sabotage, and software development,'" the memo reads. "On March 28, 2008, Wired News reported that 'Internet griefers'?a makeshift term for people who cause grief? posted code and flashing computer animations with the intention of triggering migraine headaches and seizures. Hacktivism and griefing incidents have ranged from minor inconveniences involving modified website content and denial-of-services to potentially dangerous scenarios, such as the modification of electronic traffic safety signs." The center's graphic example of the "dangerous" scenario of altered traffic safety signs was culled from a Wired magazine report on an incident in Austin, Texas, where a hacker changed a sign to warn of a coming zombie infestation. The report also discusses numerous potential areas of fraud which could allow a terrorist to integrate with society, including document fraud, student visa fraud, marriage fraud and employer fraud. "If we are to believe this exaggerated threat assessment, Virginia's learning and religious institutions must be hotbeds of terrorist activity,' said Caroline Fredrickson, Director of the ACLU Washington Legislative Office, in an advisory. "This document and its authors have displayed a fundamental disregard for our constitutional rights of free expression and association. Unfortunately, it's not the first time we've seen such an indifference to these basic rights from local fusion centers. Congress must take the necessary steps to institute real and thorough oversight mechanisms at fusion centers before we reach a point where we are all considered potential suspects." "There is an appalling lack of oversight at these fusion centers and they are becoming ? as the ACLU has repeatedly warned ? a breeding ground for overzealous police intelligence activities," said Michael German, ACLU Policy Counsel and former FBI Agent, in a release. "The Virginia threat assessment isn?t just disturbing for encouraging police to treat education and religious practices with suspicion, it's bad law enforcement. Lawmakers from all levels of government need to enact legislation to protect against these spying activities that threaten our democracy while doing nothing to improve security." Recently, a Department of Homeland Security-funded fusion center in Missouri was accused of blatant disregard for the United States Constitution after one of its memos encouraged the surveillance of third party activists, Christians and supporters of Congressman Ron Paul, for their alleged potential status as illegal militia. The center retracted its memo and publicly apologized when Congressman Paul, along with former presidential candidate Chuck Baldwin and former Congressman Bob Barr, sent a letter to Missouri Governor Jay Nixon (PDF link), demanding an about-face. In 2007, the ACLU published a study called "What's Wrong with Fusion Centers?," exploring the troubling aspects of the post-9/11 law enforcement aparatus, which are designed to facilitate communication between local agencies. The Virginia fusion center's memo was first published by Cryptome. This report was written in haste and should be considered incomplete until a further and more thorough analysis of the Virginia fusion center's memo can be completed. From rforno at infowarrior.org Tue Apr 7 12:31:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Apr 2009 08:31:20 -0400 Subject: [Infowarrior] - Gates Rips Heart Out of Army's 'Future' Message-ID: <449BFCB3-688A-4BDD-A85A-7D36D46DBCA6@infowarrior.org> Pentagon Chief Rips Heart Out of Army's 'Future' By Noah Shachtman EmailApril 06, 2009 | 4:17:00 PM http://blog.wired.com/defense/2009/04/gates-rips-hear.html In 2003, the U.S. Army introduced its plan to wage the wars of tomorrow. A fleet of light, networked, electric-powered combat vehicles would speed American forces into battle against another superpower military ? and win the fight almost instantly, thanks to its unmatched ability to out-think and out-maneuver any foe. The generals called the effort Future Combat Systems, or FCS, and figured the whole thing might cost $92 billion. But, it turns out, just about every assumption the Army had about its future was wrong. America's wars wound up being against terrorists and insurgents, not other big armies. The enemy weapons of choice in those fights -- metal-shredding roadside bombs ? made a priority of more armor, not less. The U.S. military-industrial complex's attempts to make the combat vehicles electric floundered. The projects to provide battlefield bandwidth fizzled. The already-massive budget for FCS grew, by some estimates, to a truly gargantuan $200 billion. And with every added billion and technology flop, the calls to rework or kill off FCS grew louder. Now, Defense Secretary Robert Gates is looking to all-but-end the Army's Future Combat Systems. In his proposal today to radically overhaul of Pentagon's arsenal, Gates said he wanted to scrap all eight of the vehicles at the heart of FCS ? including a next-gen tank, cannon and infantry carrier. "I have concluded that there are significant unanswered questions concerning the FCS vehicle design strategy. I am also concerned that, despite some adjustments, the FCS vehicles ? where lower weight, higher fuel efficiency, and greater informational awareness are expected to compensate for less armor ? do not adequately reflect the lessons of counterinsurgency and close- quarters combat in Iraq and Afghanistan," Gates said. When they first launched FCS six years ago, the Army's top generals made a bet ? not just on the coming wars around the globe, but on the politics within the Beltway. Ordinarily, weapons systems are bought one class at a time: one particular tank, one particular network, a single model of a fighter jet. But in the 1990s and early 2000s, the Army saw several of its weapons programs killed off by the Pentagon brass. So the generals made a decision, to package what would ordinarily be dozens of programs ? new vehicles, new robots, new networks ? into a single effort called "Future Combat Systems." And they awarded the massive contract for the whole thing to a pair of companies, Boeing and SAIC. The executives and the generals said it was to make sure all the gear worked in concert. Critics countered that, by combining all those programs into one, it made FCS too bloated, too ungainly to ever work right. And by the way, they added, why was there so little government oversight of what Boeing and SAIC did? Gates sided with the critics Monday afternoon. "I am troubled by the terms of the current contract, particularly its very unattractive fee structure that gives the government little leverage to promote cost efficiency," he said. "Because the vehicle part of the FCS program is currently estimated to cost over $87 billion, I believe we must have more confidence in the program strategy, requirements and maturity of the technologies before proceeding further." Bits of FCS will continue. Small ground robots and drones developed under the program will be "spun out" soon to the troops. But, if Gates has his way, the generals' original vision for Future Combat Systems is over. As one Capitol Hill source put it, "They wanted to make it too big to fail, and in the process, made it a failure." From rforno at infowarrior.org Tue Apr 7 19:21:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Apr 2009 15:21:12 -0400 Subject: [Infowarrior] - OZ New National Broadband Network Message-ID: <3D25884C-B2C7-4082-A16F-296776FAB3AE@infowarrior.org> http://www.pm.gov.au/media/Release/2009/media_release_0903.cfm Media Release New National Broadband Network 07 April 2009 The Rudd Government today announced the establishment of a new company to build and operate a new super fast National Broadband Network. This new super fast National Broadband Network, built in partnership with private sector, will be the single largest nation building infrastructure project in Australian history. This new National Broadband Network will: * Connect 90 percent of all Australian homes, schools and workplaces with broadband services with speeds up to 100 megabits per second - 100 times faster than those currently used by many households and businesses * Connect all other premises in Australia with next generation wireless and satellite technologies that will be deliver broadband speeds of 12 megabits per second * Directly support up to 25,000 local jobs every year, on average, over the 8 year life of the project Under the Rudd Government?s new national broadband network every house, school and business in Australia will get access to affordable fast broadband. OWNERSHIP AND FINANCING The Rudd Government?s National Broadband Network will be built and operated by a new company specifically established by the Australian Government to carry out this project. The Government will be the majority shareholder of this company, but significant private sector investment in the company is anticipated. The Government will make an initial investment in this company but intends to sell down its interest in the company within 5 years after the network is built and fully operational, consistent with market conditions, and national and identity security considerations. This company jointly owned by the Government and the private sector will invest up to $43 billion over 8 years to build the national broadband network. The Government?s investment in the company will be funded through the Building Australia Fund and the issuance of Aussie Infrastructure Bonds (AIBs), which will provide an opportunity for households and institutions to invest in the national broadband network. The new investment is also the biggest reform in telecommunications in two decades because it delivers separation between the infrastructure provider and retail service providers. This means better and fairer infrastructure access for service providers, greater retail competition, and better services for families and businesses. This announcement follows the Government?s decision to terminate the NBN Request for Proposals (RFP) process on the basis of advice from the independent Panel of Experts that none of the national proposals offered value for money. The Panel noted the rapid deterioration of the global economy had a significant impact on the process. This historic nation-building investment will help transform the Australian economy and create the jobs and businesses of the 21st century. SPECIFICATIONS The new superfast network will: * connect homes, schools and workplaces with optical fibre (fibre to the premise or ?FTTP?), providing broadband services to Australians in urban and regional towns with speeds of 100 megabits per second - 100 times faster than those currently used by most people ? extending to towns with a population of around 1,000 or more people * use next generation wireless and satellite technologies that will be able to deliver 12 megabits per second or more to people living in more remote parts of rural Australia * provide fibre optic transmission links connecting cities, major regional centres and rural towns * be Australia?s first national wholesale-only, open access broadband network * be built and operated on a commercial basis by a company established at arm?s length from Government and involve private sector investment * be expected to be rolled-out, simultaneously, in metropolitan, regional, and rural areas. Every person and business in Australia, no-matter where they are located, will have access to affordable, fast broadband at their fingertips. High speed broadband is increasingly essential to the way Australians communicate, and do business. It will help drive Australia?s productivity, improve education and health service delivery and connect our big cities and regional centres. The Government will invest in this major nation-building infrastructure to stimulate jobs in the short-term and pay a dividend to the Australian people through enhanced productivity and innovation in the long-term. This is a major nation-building project that will support 25,000 every year, on average, over the life of the project. At its peak, it will support 37,000 jobs. Given the productivity gains associated with this investment, the full benefits will continue to flow for decades beyond the completion of the project. The Government?s announcement today has been informed by expert advice. The Panel of Experts has encouraged the Government to invest in optical fibre technology, supplemented by next-generation wireless and satellite technologies. The Australian Competition and Consumer Commission has also endorsed the use of FTTP as a superior technology to Fibre to the Node. The preliminary estimate is that the enhanced NBN network will cost up to $43 billion, which has been developed taking into account advice from specialist technical advisers. The Government?s objective is to achieve 90 per cent coverage of the FTTP network, and remaining coverage to be delivered through wireless and satellite technologies, within this funding envelope. Initial advice to the Government is that this objective is achievable, but this estimate will be subject to an implementation study. The Government will seek private investment in the company to draw on private sector capacity and expertise. However, ownership restrictions will be established to protect the Government?s objective of a wholesale open-access network. PLAN OF ACTION To turn its vision into action the Government will immediately: * Commence an implementation study to determine the operating arrangements, detailed network design, ways to attract private sector investment ? for roll-out early 2010, and ways to provide procurement opportunities for local businesses * Fast-track negotiations with the Tasmanian Government, as recommended by the Panel of Experts, to build upon its NBN proposal to begin the rollout a FTTP network and next generation wireless services in Tasmania as early as July ? an immediate start on a nation-wide investment. * Implement measures to address ?black spots? through the timely rollout of fibre optic transmission links connecting cities, major regional centres and rural towns - delivering improvements to telecommunication services in the short term. * Progress legislative changes that will govern the national broadband network company and facilitate the rollout of fibre networks, including requiring greenfields developments to use FTTP technology from 1 July 2010. * Make an initial investment in the network of $4.7 billion. * Commence a consultative process on necessary changes to the existing telecommunications regulatory regime. The initiative announced today is a historic nation-building investment focused on Australia?s long-term national interest. It will fundamentally transform the competitive dynamics of the telecommunications sector, underpin future productivity growth and our international competitiveness. From rforno at infowarrior.org Tue Apr 7 22:49:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Apr 2009 18:49:47 -0400 Subject: [Infowarrior] - Obama DOJ 'new' theory on state secrets Message-ID: Obama DOJ invents radical authoritarian theory to defend Bush administration's warrantless wiretapping Posted by Cory Doctorow, April 7, 2009 9:41 AM The Obama administration has filed a brief in EFF's lawsuit against the government for its program of illegal, mass wiretapping of Americans, defending the practice, arguing that the lawsuit should be dismissed, endorsing the Bush administration's invented "State Secret" theory, and augmenting it with a new theory, that "the Patriot Act bars any lawsuits of any kind for illegal government surveillance unless there is "willful disclosure" of the illegally intercepted communications." This brief was not written by Bush cronies left behind by the outgoing administration: this is an invention of the Obama administration. I don't expect the guy to walk on water, but I'd sure like it if he'd stop wallowing in the mud. < - > http://www.boingboing.net/2009/04/07/obama-doj-invents-ra.html From rforno at infowarrior.org Wed Apr 8 02:19:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Apr 2009 22:19:24 -0400 Subject: [Infowarrior] - Groups Warn New Cybersecurity Bill Oversteps Message-ID: <7C010433-5D3A-4E5C-897B-401D39867754@infowarrior.org> www.internetnews.com/government/article.php/3814171 Back to Article Groups Warn New Cybersecurity Bill Oversteps By Kenneth Corbin April 7, 2009 White House and the Internet Could President Obama get the power to shut down the Internet? That's the concern of some digital rights groups, who fear that last week's sweeping cybersecurity bill could give the government overly broad power to regulate the Internet in times of crisis -- or even pull the plug on it entirely. One group, the Center for Democracy and Technology (CDT), quickly lashed out at the Senate bill for aiming to give the "federal government extraordinary power over private sector Internet services, applications and software." The bill, introduced by Commerce Committee Chairman John Rockefeller, D-W.V., and Olympia Snowe, R-Maine, aims to strengthen coordination between the public and private sectors in response to Internet threats, but the CDT fears that it goes too far. One of the most troubling parts of the bill to the group is a clause that would give the president authority to "declare a cybersecurity emergency and order the limitation or shutdown of Internet traffic to and from any compromised federal government or United States critical infrastructure information system or network." To the CDT, that raises the possibility of the government leaning on commercial ISPs to shut down Internet service, declaring a sort of digital martial law. The group also expressed concern that the bill would empower agencies within the Commerce Department to run roughshod over consumer privacy in the name of tracking down cyberattacks. "The cybersecurity threat is real, but such a drastic federal intervention in private communications technology and networks could harm both security and privacy," CDT President and CEO Leslie Harris said in a post on the group's Web site. A spokeswoman the Electronic Frontier Foundation, another digital- rights group famous for tangling with the government over Internet and privacy issues, told InternetNews.com that the group is concerned with the implications of the bill, but that its attorneys are still reviewing the language. A staffer at the Commerce Committee told InternetNews.com that the bill was introduced only as a draft, and that the final language is likely to change. "This legislation is the very beginning of the process -- the objective of this cybersecurity bill is to start the debate," said Rockefeller spokeswoman Jena Longo. "Chairman Rockefeller encourages comments from all parties, he is sitting down with stakeholders already and he welcomes input from those who have concerns about this legislation and those who are supportive." Congress is in recess this week and next. On return, Rockefeller is likely to hold a hearing on the bill in short order. Last month, he chaired a hearing on cybersecurity that he promised would be the "first of several," saying that he was deeply troubled by the country's level of vulnerability. By that time, the comprehensive review of the government's various cybersecurity programs President Obama commissioned is due to be completed. Obama tasked Melissa Hathaway, a senior intelligence official in the Bush administration, to meet with stakeholders in the public and private sectors and compile a report with recommendations for how to shore up federal cybersecurity efforts. The extent to which Hathaway's findings informed the Rockefeller-Snowe bill is unclear, but a source familiar with the matter said the senator had been in contact with the White House on the matter. But the CDT, which met with Hathaway's team last month, has been critical of that process, as well, claiming that the government's efforts have been "shrouded in too much secrecy." The CDT has warned that heavy-handed government involvement in the private sector could inadvertently stifle on innovation, with the ultimate effect of making the country less secure. The Rockefeller-Snowe bill, for instance, calls on the Commerce Department to set binding standards for cybersecurity systems that would be enforceable throughout the private sector. Hathaway is due to present her report April 17. From rforno at infowarrior.org Wed Apr 8 02:21:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Apr 2009 22:21:05 -0400 Subject: [Infowarrior] - Electricity Grid in U.S. Penetrated by Spies Message-ID: <14BE17F8-F818-4DD4-8000-C996A4DB1403@infowarrior.org> * TECHNOLOGY * APRIL 8, 2009 Electricity Grid in U.S. Penetrated by Spies By SIOBHAN GORMAN http://online.wsj.com/article/SB123914805204099085.html# WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war. "The Chinese have attempted to map our infrastructure, such as the electrical grid," said a senior intelligence official. "So have the Russians." The espionage appeared pervasive across the U.S. and doesn't target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official said, referring to electrical systems. "There were a lot last year." Discuss Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies, officials said. Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet. Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on." Officials said water, sewage and other infrastructure systems also were at risk. "Over the past several years, we have seen cyberattacks against critical infrastructures abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts, " Director of National Intelligence Dennis Blair recently told lawmakers. "A number of nations, including Russia and China, can disrupt elements of the U.S. information infrastructure." Officials cautioned that the motivation of the cyberspies wasn't well understood, and they don't see an immediate danger. China, for example, has little incentive to disrupt the U.S. economy because it relies on American consumers and holds U.S. government debt. But protecting the electrical grid and other infrastructure is a key part of the Obama administration's cybersecurity review, which is to be completed next week. Under the Bush administration, Congress approved $17 billion in secret funds to protect government networks, according to people familiar with the budget. The Obama administration is weighing whether to expand the program to address vulnerabilities in private computer networks, which would cost billions of dollars more. A senior Pentagon official said Tuesday the Pentagon has spent $100 million in the past six months repairing cyber damage. Overseas examples show the potential havoc. In 2000, a disgruntled employee rigged a computerized control system at a water-treatment plant in Australia, releasing more than 200,000 gallons of sewage into parks, rivers and the grounds of a Hyatt hotel. Last year, a senior Central Intelligence Agency official, Tom Donohue, told a meeting of utility company representatives in New Orleans that a cyberattack had taken out power equipment in multiple regions outside the U.S. The outage was followed with extortion demands, he said. The U.S. electrical grid comprises three separate electric networks, covering the East, the West and Texas. Each includes many thousands of miles of transmission lines, power plants and substations. The flow of power is controlled by local utilities or regional transmission organizations. The growing reliance of utilities on Internet-based communication has increased the vulnerability of control systems to spies and hackers, according to government reports. The sophistication of the U.S. intrusions -- which extend beyond electric to other key infrastructure systems -- suggests that China and Russia are mainly responsible, according to intelligence officials and cybersecurity specialists. While terrorist groups could develop the ability to penetrate U.S. infrastructure, they don't appear to have yet mounted attacks, these officials say. It is nearly impossible to know whether or not an attack is government- sponsored because of the difficulty in tracking true identities in cyberspace. U.S. officials said investigators have followed electronic trails of stolen data to China and Russia. Russian and Chinese officials have denied any wrongdoing. "These are pure speculations," said Yevgeniy Khorishko, a spokesman at the Russian Embassy. "Russia has nothing to do with the cyberattacks on the U.S. infrastructure, or on any infrastructure in any other country in the world." A spokesman for the Chinese Embassy in Washington, Wang Baodong, said the Chinese government "resolutely oppose[s] any crime, including hacking, that destroys the Internet or computer network" and has laws barring the practice. China was ready to cooperate with other countries to counter such attacks, he said, and added that "some people overseas with Cold War mentality are indulged in fabricating the sheer lies of the so-called cyberspies in China." Utilities are reluctant to speak about the dangers. "Much of what we've done, we can't talk about," said Ray Dotter, a spokesman at PJM Interconnection LLC, which coordinates the movement of wholesale electricity in 13 states and the District of Columbia. He said the organization has beefed up its security, in conformance with federal standards. In January 2008, the Federal Energy Regulatory Commission approved new protection measures that required improvements in the security of computer servers and better plans for handling attacks. Last week, Senate Democrats introduced a proposal that would require all critical infrastructure companies to meet new cybersecurity standards and grant the president emergency powers over control of the grid systems and other infrastructure. Specialists at the U.S. Cyber Consequences Unit, a nonprofit research institute, said attack programs search for openings in a network, much as a thief tests locks on doors. Once inside, these programs and their human controllers can acquire the same access and powers as a systems administrator. NERC Letter The North American Electric Reliability Corporation on Tuesday warned its members that not all of them appear to be adhering to cybersecuirty requirements. Read the letter. The White House review of cybersecurity programs is studying ways to shield the electrical grid from such attacks, said James Lewis, who directed a study for the Center for Strategic and International Studies and has met with White House reviewers. The reliability of the grid is ultimately the responsibility of the North American Electric Reliability Corp., an independent standards- setting organization overseen by the Federal Energy Regulatory Commission. The NERC set standards last year requiring companies to designate "critical cyber assets." Companies, for example, must check the backgrounds of employees and install firewalls to separate administrative networks from those that control electricity flow. The group will begin auditing compliance in July. ?Rebecca Smith contributed to this article. Write to Siobhan Gorman at siobhan.gorman at wsj.com From rforno at infowarrior.org Wed Apr 8 11:20:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Apr 2009 07:20:00 -0400 Subject: [Infowarrior] - OT: The Matrix at 10 years Message-ID: A bit off topic, but oh-so-accurate! http://xkcd.com/566/ 10 years ago. That was pre-Twitter, pre-Myspace, pre-Facebook, pre- JesusPhone, pre-Gmail. Back in the nostalgiac days of the commercial Internet and Dot Com. :) Back before Enron, Worldcom, AIG, and Bear. Back before the PATRIOT ACT and domestic surveillance. You know, the good ol' days. :| And on this day, I'm sure that geeks around the world will remember the day 'Trinity' entered their lives. lol Anyway, back to your rregularly scheduled Wednesday. -rf From rforno at infowarrior.org Wed Apr 8 19:07:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Apr 2009 15:07:37 -0400 Subject: [Infowarrior] - Video: Inside Google Data Center Message-ID: <62FE299F-D80D-4C8E-A778-B391B8BD4B54@infowarrior.org> YouTube tour reveals Google data center designs http://news.cnet.com/8301-1001_3-10215392-92.html From rforno at infowarrior.org Wed Apr 8 20:02:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Apr 2009 16:02:43 -0400 Subject: [Infowarrior] - PETA Invading Azeroth Message-ID: <7DE0B131-96ED-4804-B056-D869199080D1@infowarrior.org> PETA Invading WoW to Stop Baby Seal Slaughter 12:41 PM - April 8, 2009 by Jane McEntegart Source: Tom's Hardware US ? Category : Miscellaneous http://www.tomshardware.com/news/Peta-WoW-battle-seals, 7500.html#xtor=RSS-181 Maybe it?s because I never really ventured past Diablo and have no real clue how World of Warcraft plays (something I?m really quite proud of), but am I the only one who can?t get their head around Peta?s WoW endeavors? The animal rights advocacy group this week announced that they?d be taking another avenue in the fight against the Canadian seal slaughter. According to the group?s blog, this Saturday WoW players will have the chance to combat a team of four Horde seal killers. ?Thrall refused to ban the slaughter of seals, despite multiple requests from the Alliance to do so, because Orgrimmar stands to make a large profit from the fur,? writes guest poster Ryan Huling from peta2. ?Activists from across the Eastern Kingdoms and Kalimdor are banding together to put a stop to the atrocious seal slaughter.? ?Anyone who slaughters baby seals for their fur must surely be in service to the evil Lich King,? Ryan finished. Those interested in taking part must be in the WhisperWind realm in order to fight. Once in the WhisperWind realm, players should head to Northrend, where you will find a zone called Howling Fjord, where the baby seals live on glaciers and boats float in the fjords. This will be the battleground to stop the slaughter. Battle takes place Saturday, April 11, at 1 p.m. EST and players are advised that they must be a Level 70 or higher to play. Despite the fact that this is a rather odd medium for PETA, WoW players are pretty adamant that the servers won?t hold up. ?Whisperwind is NOT a pvp server, most likely you are just going to be a witness to the biggest in game seal slaughter and you will be powerless to do anything about it,? writes Bumcrum. ?Whisperwind is already a very high population server, which means most PETA members are just going to see the queue screen like the Ron Paul people did,? he adds. Anyone planning on joining in? From rforno at infowarrior.org Wed Apr 8 20:10:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Apr 2009 16:10:12 -0400 Subject: [Infowarrior] - France Tries to Limit Internet Piracy Message-ID: France Tries to Limit Internet Piracy By KEVIN J. O?BRIEN Published: April 8, 2009 http://www.nytimes.com/2009/04/09/business/global/09net.html?hpw French lawmakers are poised to approve a law to create the world?s first surveillance system for Internet piracy, one that would force Internet service providers in some cases to disconnect customers accused of making illegal downloads. The proposal, called the ?Cr?ation et Internet? and known informally as the ?three strikes? directive, has won preliminary votes by the Parliament and is expected to be approved in both houses Thursday. It has support from the governing party of President Nicolas Sarkozy. The law empowers music and film industry associations to hire companies to analyze the downloads of individual users to detect piracy, and to report violations to a new agency overseeing copyright protection. The agency would be authorized to trace the illegal downloads back to individuals using the downloading computer?s unique identification number, known as its Internet Protocol, or IP, address, which the Internet service providers have on record. For a first violation, the agency would send a warning by e-mail. If a user made another illegal download within three months, a second warning would be sent by certified mail. If a third infraction occurred within a year, the service provider would be required to sever service. Piracy costs the film and music industry in France at least 1 billion euros, or $1.3 billion, a year in lost sales, according to industry figures. ?This law is definitely overdue and it?s only a fair and proportionate response to a major problem,? said Marc Guez, the managing director of the French Society of Phonographic Producers, which represents recording companies. ?Our members are losing more than 500 million euros a year in sales.? While piracy surveillance systems have been discussed in a number of countries, the French plan goes farther than the measures under consideration elsewhere. On April 1, a law in Sweden called the Intellectual Property Rights Enforcement Directive took effect, allowing industry groups to more easily prosecute copyright piracy. In the United States, a Congressional committee this week began studying the issue. In a hearing Monday before the Foreign Affairs Committee of the House of Representatives, Steven Soderbergh, the film director, cited the French initiative in asking lawmakers to deputize the American film industry to pursue copyright pirates. In France, the law has attracted prominent support from the French music and film establishment, including Johnny Hallyday, the French rock star, and Denis Olivennes, the former chief executive of the FNAC retail chain. The International Federation of Phonographic Industry, a group based in London that represents the global music industry, said that 95 percent of all songs downloaded on the Internet last year ? including those in France ? were illegal downloads. Globally, illegal music downloads cost $12.8 billion in sales, according to the group. While supporters and opponents both predicted that the proposal would become law, some lawyers and Internet advocates said the measure would face a tougher road before the French Constitutional Council, which can invalidate laws that it determines do not conform with the Constitution. One of several controversial aspects of the proposal places the onus of proving innocence on those accused, who would only be able to protest their innocence after they were disconnected from the Internet. ?It is always hard to predict how the Constitutional Council may rule, but this new law does not protect the fundamental right to defend oneself,? said C?dric Manara, a law professor at the Edhec Business School in Nice. Winston Maxwell, a media lawyer at Hogan & Hartson in Paris, said the legal challenges might delay the measure?s effective date. ?But I doubt the Constitutional Council will decide a French citizen has the right to make illegal downloads,? Maxwell said. Nonetheless, Internet advocates call the French proposal legally unsound on the ground that there are inadequate the provisions for challenging an action, and because it gives industry groups the power to police the Internet. Others question whether the law would unfairly penalize those whose wireless broadband accounts are misused by others. The French law tries to anticipate this by making it a civil infraction for citizens to fail to ?secure? their broadband accounts by using approved filtering technology. That burden, theoretically, would fall on public Wi-Fi hot spots. Nicolas D?Arcy, a spokesman for France?s ISP Association, the Association des Fournisseurs d?Acc?s et de Services Internet, said Internet providers were hoping the law would not take effect. Internet service providers, Mr. D?Arcy said, do not want to become the enforcement arm of French justice and do not trust the law to insulate them from suits brought by customers whose service has been cut off. ?There are so many things wrong with this,? Mr. D?Arcy said. Other critics say the law will not stop illegal downloads. J?r?mie Zimmermann, director of La Quadrature du Net, an Internet advocacy group based in Paris, said some computer users would turn to encrypted downloads and other methods to avoid detection. On Wednesday, a Swedish company, the Pirate Bay, began a service called Ipredator, which lets users use its virtual private network to make anonymous downloads for 5 euros a month. ?The French law will only drive people further underground,? Mr. Zimmermann said. ?It will make the situation worse.? Michel Thiolli?re, the French Senate sponsor of the legislation, said the system would probably survive legal review by the council and help preserve the rights of French artists, musicians and actors. ?The mechanism is reasonable and a graduated response designed to bring Internet users to a new world where the rights of creators must be respected,? he said. From rforno at infowarrior.org Wed Apr 8 20:37:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Apr 2009 16:37:49 -0400 Subject: [Infowarrior] - More on....PETA Invading Azeroth References: Message-ID: > From: security curmudgeon As a WoW player.. 'wow'. : PETA Invading WoW to Stop Baby Seal Slaughter : : http://www.tomshardware.com/news/Peta-WoW-battle-seals,7500.html#xtor =RSS-181 : : Maybe it?s because I never really ventured past Diablo and have no real : clue how World of Warcraft plays (something I?m really quite proud of), : but am I the only one who can?t get their head around Peta?s WoW : endeavors? What's funny is the recent expansion, Wrath of the Lich King, introduced a zone called 'Borean Tundra'. In this zone is a camp of animal lovers called 'D.E.H.T.A.' (Druids for the Ethical and Humane Treatment of Animals) which offers quests to help animals, save them from hunter's traps, etc. If you kill a non-aggressive animal in the zone, you will also get a 3 minute debuff that basically says "you slaughtered bambi" and make the DEHTA followers attack you on sight. http://www.wowwiki.com/D.E.H.T.A. : The animal rights advocacy group this week announced that they?d be : taking another avenue in the fight against the Canadian seal slaughter. : According to the group?s blog, this Saturday WoW players will have the : chance to combat a team of four Horde seal killers. Sure, blame the Horde. Yet the Alliance has as many hunters and 'bad' characters (Player and computer) as the Horde. : ?Anyone who slaughters baby seals for their fur must surely be in : service to the evil Lich King,? Ryan finished. Yet it's ok to hunt all the other animals for their fur? One of the in game primary professions is 'skinning', in which you collect leather from animals you kill. This profession is used to support "leather working" to craft better armor for your character. So while PETA saves a token seal, both Horde and Alliance will go on to kill and skin great animals like: http://www.wowwiki.com/Barrens_Giraffe http://www.wowwiki.com/Fawn http://www.wowwiki.com/Polar_bear http://www.wowwiki.com/Tiger http://www.wowwiki.com/Owl : Those interested in taking part must be in the WhisperWind realm in : order to fight. Once in the WhisperWind realm, players should head to : Northrend, where you will find a zone called Howling Fjord, where the : baby seals live on glaciers and boats float in the fjords. This will be : the battleground to stop the slaughter. For those who don't play WoW, you won't get how absurd this is. WoW is big, there are over 100 servers to support the 10+ million players. On each server you can choose between two factions (Horde and Alliance), and on Player vs Player (PVP) servers, you can only have characters of one faction. WhisperWind is one realm among more than one-hundred, and the only one you can show your support on. Howling Fjord is one of the new zones released with the latest expansion and is designed for level 68 characters or higher. That means if I want to join in on this 'fun', I have to roll a new character on that realm and level the character to 68. That takes most players over a month to do. : Battle takes place Saturday, April 11, at 1 p.m. EST and players are : advised that they must be a Level 70 or higher to play. See? Way to cater to a handful of people in the grand scheme. : ?Whisperwind is NOT a pvp server, most likely you are just going to be a : witness to the biggest in game seal slaughter and you will be powerless : to do anything about it,? writes Bumcrum. ?Whisperwind is already a very : high population server, which means most PETA members are just going to : see the queue screen like the Ron Paul people did,? he adds. Exactly. Many will show up to slaughter the seals, just to get a rise out of the PETA dorks and their supporters. You can stand by and wish you were on a PVP realm, where you could at least attack and kill those who choose to slaughter the seals. : Anyone planning on joining in? Only in mocking PETA's token gesture. But hey, on the bright side, while they are protecting virtual seals, maybe they aren't killing some of the thousands of animals in the real world: http://www.petakillsanimals.com/petasdirtysecret.cfm From rforno at infowarrior.org Wed Apr 8 21:06:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Apr 2009 17:06:58 -0400 Subject: [Infowarrior] - Cyberattacks: Scary Stories At Budget Time Message-ID: <44AFC711-041E-4921-B190-A5F4029796F4@infowarrior.org> (thanks to K for passing along this gem....--rf) Scary Stories At Budget Time By Steve Hynd http://www.newshoggers.com/blog/2009/04/scary-stories-at-budget-time.html The WSJ's Siobhan Gorman has a tale today about deep penetration of America's power grid by foreign hackers that has several on the wingnut side of The Force hyperventilating. However, Gordon's story hangs mainly on the anonymous say so of "and former national-security officials". The nearest she gets to named sources confirming this alleged penetration is Dennis Blair saying "we have seen cyberattacks against critical infrastructures abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts.", which doesn't actually pinpoint power companies at all. In fact, the best knows infrastructure cyber attack, in Australia, was aimed at sewage infrastructure. She also has this: Last year, a senior Central Intelligence Agency official, Tom Donahue, told a meeting of utility company representatives in New Orleans that a cyberattack had taken out power equipment in multiple regions outside the U.S. The outage was followed with extortion demands, he said. But that's misleading in the extreme, as the original report highlighting what Donahue allegedly claimed makes clear: Alan Paller, director of research at the SANS Institute, said that CIA senior analyst Tom Donahue confirmed that online attackers had caused at least one blackout. The disclosure was made at a New Orleans security conference Friday attended by international government officials, engineers, and security managers from North American energy companies and utilities. Paller said that Donahue presented him with a written statement that read, "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet." Information about which foreign cities were affected by the outage and other information related to the attack was not mentioned and is unlikely to be forthcoming, said Paller. A call to the CIA asking for further comment was not immediately returned. Donahue wasn't actually there. Paller's company, SANS Insitute, touts for business securing companies against cyberattacks. Even Paller admits he has no corroberating details. And the CIA refused even to confirm Donahue had written anything at all. As Mark Silva at The Swamp notes, it's a tale that "begs the question: How safe are you feeling these days? Or, where will your tax dollars go?": Now, in the Washington realm of the annual fight for a share of the $3.5 trillion federal budget - that "closing the Washington Monument'' mentality that sets in during this season -- it's worth noting, as the Journal does, that this tale has emerged at a time when: "Protecting the electrical grid and other infrastructure is a key part of the Obama administration's cybersecurity review, which is to be completed next week,'' the Journal reports. ...Time to start marking up those Intel budgets. Siobhan Gorman has been described as "deeply sourced on NSA issues" and has certainly been partisanly inclined to sympathy with the Bush era intelligence community when it came to torture and destruction of evidence. I've a feeling her sources are using her on this scary story at budget time. From rforno at infowarrior.org Thu Apr 9 11:51:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Apr 2009 07:51:02 -0400 Subject: [Infowarrior] - Rick Interview: Risky Business #103 -- Certified or certifiable? Message-ID: (FYI the interview starts around the 11:00 point ... but the whole program is great, so don't just feel obligated to skip to the feature presentation!! --rf ) Risky Business #103 -- Certified or certifiable? April 9, 2009 -- This week's show is sponsored by Sophos, and hosted, as always, by Vigabyte Virtual Hosting. In this week's feature interview we'll be hearing from former Network Solutions CSO Richard Forno. He's joining us to discuss a proposed bill in the USA that would require all information security professionals working on government systems to hold some sort of certification. It's an interesting idea, but Forno hates it. < - > http://risky.biz/netcasts/risky-business/risky-business-103-certified-or-certifiable From rforno at infowarrior.org Thu Apr 9 15:48:08 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Apr 2009 11:48:08 -0400 Subject: [Infowarrior] - Surprise - French lawmakers reject Internet piracy bill Message-ID: French lawmakers reject Internet piracy bill In surprise move, French lawmakers reject bill punishing illegal downloading * Scott Sayare, Associated Press Writer * Thursday April 9, 2009, 9:23 am EDT http://finance.yahoo.com/news/French-lawmakers-reject-apf-14890742.html PARIS (AP) -- French lawmakers unexpectedly rejected a bill Thursday that would have cut off the Internet connections of people who repeatedly download music or films illegally. The bill would have also created the world's first government agency to track and punish those who steal music and film on the Internet. The music and film industry had supported the bill, aimed at boosting revenue for their struggling sector and cracking down on illegal downloading. Critics said it would be too tough to apply and encroach on freedoms. The Senate had approved an earlier version of the bill. New measures were added in the lower house of parliament, the National Assembly, which passed it last week after a month of contentious debate. On Thursday, lawmakers from both houses met to approve the final wording. The bill had widely been expected to pass, and few people showed up to take part in the vote, apparently assuming it was a foregone conclusion. Instead, when the near-empty National Assembly held a vote, the bill was rejected by a vote of 21-15. Most of those voting were opposition Socialists, who had opposed the measure from the outset. "It's an immense joy," said Socialist legislator Patrick Bloche. The government was not giving up, however, and planned to resubmit the measure to both houses of parliament after legislators return from their Easter break on April 27, said Roger Karoutchi, the junior minister in charge of the government's relations with the parliament. Under the legislation, users would receive e-mail warnings for their first two identified offenses, a certified letter for the next, and would have their Web connection cut for any subsequent illegal downloads. "It's absolutely innovative," said Professor Pierre-Yves Gautier, an Internet law expert at the University Pantheon-Assas in Paris. Music labels, film distributors and artists -- who have seen CD and DVD sales in France plummet 60 percent in the past six years -- hailed the bill as a decisive step toward eliminating online piracy and an example to other governments. But some French activists and legislators say the law would represent a Big Brother intrusion on civil liberties. Other opponents note that users downloading from public Wi-Fi hotspots or using masked IP addresses might be impossible to trace. They say the law also misses the point, by targeting traditional downloads at a time when online streaming is taking off, for example. "It will, in any case, be completely impossible to apply," said Jeremie Zimmerman, coordinator of the Quadrature du Net, a Paris-based Internet activist group that opposes the bill. "It is a bad response to a false problem." French Culture Minister Christine Albanel has said the law "doesn't aim to completely eradicate" illegal downloads, but rather to "contribute to a raising of consciousness" among offenders. "There needs to be an experiment," said Gautier, the Internet law expert, noting plummeting entertainment industry profits. "Frankly, it's worth it." Associated Press writer Emmanuel Georges-Picot in Paris contributed to this report. From rforno at infowarrior.org Thu Apr 9 15:50:04 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Apr 2009 11:50:04 -0400 Subject: [Infowarrior] - More on.....French antipiracy bill failure Message-ID: Setback for Sarkozy as French parliament rejects controversial internet law Charles Bremner http://www.timesonline.co.uk/tol/news/world/europe/article6067641.ece < - > The rejection was embarrassing on two counts. The low turnout for the morning vote by members of Mr Sarkozy's Union for a Popular Movement (UMP) reflected the weakness of parliamenary procedures in France's presidential regime. It also testified to the lack of enthusiasm in the government camp for a law which is deemed by critics to be a breach of democracy and counterproductive. At least two of Mr Sarkozy's MPs voted against the law, saying they did so because of a last-minute amendment. This would require internet users to continue paying for their service as part of an overall telephone and television package, even if their access to the web had been cut. Jean-Marc Ayrault, the Socialists' parliamentary leader, called on the Government to abandon a law that was unpopular and unworkable. Roger Karoutchi, the Minister for Relations with Parliament, called the rejection a "blow against artistic creativity and a bad blow for French artists." The international recording and film industry is strongly behind the French law and they hope that, when enacted, it will set an example for the United States and other countries in the battle to end illegal downloading. The draft law will now go back for another vote by each house before returning to the Assembly for a final vote. Assuming that MPs in Mr Sarkozy's absolute majority obey their party, the law would be expected to come into force. From rforno at infowarrior.org Thu Apr 9 18:49:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Apr 2009 14:49:40 -0400 Subject: [Infowarrior] - CA: Phone service sabotaged for thousands Message-ID: <6B657A2C-55D1-42E7-8C16-9C9B19199A09@infowarrior.org> Phone service sabotaged for thousands Henry K. Lee,Ryan Kim, Chronicle Staff Writers Thursday, April 9, 2009 http://www.sfgate.com/cgi-bin/article.cgi?f=/c/a/2009/04/09/BAP816VTE6.DTL&type=printable (04-09) 11:39 PDT SAN JOSE -- Vandals cut four AT&T fiber-optic cables in San Jose early this morning, knocking out landline and cellular phone service to thousands of residential customers and businesses in southern Santa Clara County and in Santa Cruz and San Benito counties, authorities said. The fiber-optic cables were severed shortly before 1:30 a.m. along Monterey Highway north of Blossom Hill Road in south San Jose, police Sgt. Ronnie Lopez said. Police used yellow tape to cordon off the area, which is near railroad tracks, as investigators and phone company workers descended into an underground vault where the cables are located. "We're treating this as a crime scene," Lopez said. Customers of Verizon as well as AT&T are without service, receiving only a fast busy signal or a recorded message saying the network is unavailable when they try to make a call. The outage is affecting 911 service, meaning people who have an emergency will have to get to a police or fire station or hospital on their own if they need help. Extra sheriff's deputies, firefighters and police officers are on the streets in the affected areas, authorities said. Additional ambulances are on hand at St. Louise Hospital in Gilroy. "We're having a more visual presence out there in the field," said Sgt. Don Morrissey, Santa Clara County sheriff's spokesman. "We're out there to be the conduit, if you will. We're trying to bridge that communication gap between emergency services and citizens." Verizon spokesman Jon Davies said the outage was first reported to the company at 1:25 a.m. He said about 52,000 of the company's landline customers were affected in the Gilroy and Morgan Hill areas. Both Verizon and Verizon Wireless rely on AT&T, the dominant local carrier, to carry their phone traffic back to their networks. Verizon Wireless customers were also affected in southern Santa Clara County and from Watsonville to Scotts Valley in Santa Cruz County. There was no word on when phone service would be restored. E-mail the writers at hlee at sfchronicle.com and rkim at sfchronicle.com. http://sfgate.com/cgi-bin/article.cgi?f=/c/a/2009/04/09/BAP816VTE6.DTL From rforno at infowarrior.org Thu Apr 9 20:27:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Apr 2009 16:27:03 -0400 Subject: [Infowarrior] - EFF: YouTube worse than DMCA Message-ID: <86B97EC8-3F84-4A20-8FC6-BB8BACADA190@infowarrior.org> April 7th, 2009 EFF's von Lohmann: YouTube worse than DMCA for fair use Posted by Richard Koman @ April 7, 2009 @ 5:09 PM http://government.zdnet.com/?p=4570 I passed Jason?s post about getting DMCA?d by Warner Music onto Fred von Lohmann at the Electronic Frontier Foundation. You?ll recall that Jason and his wife put up on Vimeo a reunion slideshow with several tracks of music and that Warner Music Group promptly filed a DMCA take- down notice. Fred?s initial reaction: Wow. Warner Music really doesn?t know when to quit. The really sad thing, Fred told me in a telephone interview, is that Warner probably doesn?t even object to this use of its content. ?Over the past several years we?ve seen fair use become collateral damage in the war against what the studios call piracy,? Fred said. ?A couple of years ago we objected when Viacom ordered a take-down of a parody of The Colbert Report,? he said. Viacom agreed it was fair use and their response was, ?When you?re fishing, a couple of dolphins sometimes get caught in the net.? Because the DMCA regime is so biased against fair uses, few people would choose to alert the studios as to their existence by filing an opposition to a DMCA take-down notice. Still, DMCA does provide for users to mount lawsuits against copyright holders who wrongly assert infringement. You pretty much need a public lawfirm like EFF to make that happen, though. For instance, EFF is suing Universal over the infamous baby-dancing-to-Prince video. (Unlike most copyright holders, who wind up settling, Universal is taking this case to the mat. And EFF is trying to understand their position. ?If they?re saying they have a zero-tolerance policy, I think they?ve broken the law.?) Von Lohmann said he?s not aware of a single infringement suit against one of these remix users, but who?s to say you won?t be the first? In fact, the RIAA litigation against filesharers seems to have a desired impact in that it?s made fair-users reluctant to assert their rights against these takedown notices. But as bad as the DMCA is from a fair-use perspective, the far scarier thing is that the take-down regime is rapidly becoming extra-legal. Exhibit No. 1: YouTube?s ContentID system, an almost entirely automated scheme by which apparently infringing content is flagged to copyright owners. While Google promotes the notion that owners are choosing to monetize rather than block user-uploaded content, when it comes to Warner, it seems that the choice is block, block, block. ?Under the current process, we make YouTube aware of WMG content. Their content ID tool then takes down all unlicensed tracks, regardless of how they are used,? said Will Tanous, a spokesman for Warner Music. On YouTube, you don?t even have the weak protections of DMCA; you get exactly what YouTube?s terms of service let you have. And the chilling effect remains. If you?re afraid of being sued, you?re not going to make a stink over something that was ?just for fun.? So, we?re in a pretty stuck place. Is there any way out? Fred says EFF is pushing for relief on several paths: * We?re pressing YouTube to be more protective of fair use. They have quite a bit of leeway to protect user interest. We?re urging them to match both the soundtrack and the videotrack before flagging something as infringing. If they had to match both, Jason?s wife?s video wouldn?t have been removed. * We?re asking them to take steps to ensure that remixes are protected. If ContentID identifies content from provider X and also from provider B, then that?s a tipoff that somebody is remixing content in a way that is probably fair use. * We?ve approached some of the studios to open dialog to try to get them to adopt some of these approaches. One major studio has set their ContentID settings so that it won?t automatically block anythng unless there?s five minutes of contiguous content and both the audio and video tracks are identical. * The user community also needs to make itself heard. A way for people to get this taken seriously is to boycott YouTube in favor of another site with better terms. If users would vote with their feet, I think YouTube would change their terms. Richard KomanAs a lawyer and technology writer, Richard Koman brings a unique perspective to the blog's intersection of law, government and technology. See his full profile and disclosure of his industry affiliations. Email Richard Koman Subscribe to ZDNet Government via From rforno at infowarrior.org Fri Apr 10 01:06:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Apr 2009 21:06:54 -0400 Subject: [Infowarrior] - OT: Northrop Marketing Video Message-ID: <1A958C22-2BDB-4DF1-88EE-67D98716A3B6@infowarrior.org> Check out this marketing video from Northrop....unbelievable over the top hype about the pervasive nature of the mil-industry complex wrapped up as a Hollywood movie trailer. "THEY'RE EVERYWHERE!!!!!" Northrop Marketing Vid: We're Evil, Omnipresent http://blog.wired.com/defense/2009/04/northrops-marke.html Ugh. -rf From rforno at infowarrior.org Fri Apr 10 01:07:56 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Apr 2009 21:07:56 -0400 Subject: [Infowarrior] - Finally, a good use for Twitter Message-ID: AT&T uses Twitter during service outage by Marguerite Reardon http://news.cnet.com/8301-1035_3-10216712-94.html?part=rss&subj=news&tag=2547-1_3-0-20 Want to find out why you suddenly don't have Internet access or cell phone service? You might want to check out the social-networking site Twitter. It seems that Twitter was one of the main ways that phone company AT&T has been communicating with customers and updating the public about the fiber cut that caused thousands of people in Silicon Valley and the San Francisco Bay Area to go without broadband, phone, and wireless service for most of Thursday. Janine Popick, CEO of VerticalResponse, whose company has been affected by the outage, said the only way she has stayed on top of the situation has been through Twitter. "All of my real time updates have been coming from the AT&T Twitter feed," she said. Indeed, she isn't alone. Nearly 2,400 people have been keeping tabs on the situation via AT&T's Twitter feed. Twitter is a Web-based social-networking service that lets people send messages to a group of followers in 140 characters or less. It's been around for a couple of years now. I have to admit when I first heard about it, I thought it seemed like a service only narcissists would be interested in. After all, who really cares what I am doing or where I am going or even what I decide to eat for lunch. But the service has taken off in the past year, and it's now hitting the mainstream as everyone from doctors to restaurants are using the service to update patients and patrons. And it appears that large companies, such as AT&T, are using the service to keep their customers and anyone interested in the company, informed in real time about a crisis. AT&T began "tweeting" updates about the massive service outage in California around 7 a.m. PDT. With the first message saying: "CA customers: We are aware of a cable cut situation impacting services in Santa Clara and San Jose areas." From then on the company has sent about eight more "tweets" or messages informing customers that technicians have been on the scene and service would be restored as quickly as possible. The company apologized for the outage and also informed its followers that the outage was likely caused by vandals who had cut the fiber cables. The company's most recent "tweet" actually notified its Twitter followers that AT&T is offering a reward for anyone responsible for vandalizing the company's infrastructure: "AT&T offering $100,000 reward for info leading to arrest/conviction of those responsible for CA vandalism. Call 408-947-STOP." The outage has affected thousands of people throughout the Bay Area, even non-AT&T customers. Because AT&T provides the fiber connections that link cell phone towers to their respective networks, wireless subscribers from almost every carrier were also affected by the outage. Some Verizon Communications DSL customers also saw service disrupted, because their service uses the AT&T fiber-optic cables to send its data traffic to its own nationwide network. Sprint Nextel, whose wireless customers experienced service interruption, hasn't provided official updates via Twitter, but the company's spokeswoman Crystal Davis has also been updating customers and reporters via her Twitter feed. Davis' most recent tweet indicated the company still had no idea when service would be restored. "Still working w/ our network and disaster recovery team on fiber cut issue in CA." An earlier message tried to offer encouragement to those affected: "Assessing fibercut issue in CA w/ network + emergency response team. We're all in this together folks. Let's have a day of peace in telecom." Jeffrey Nelson, a spokesman for Verizon Wireless, has also sent updates with links to news stories about the outage. He even sent a message to AT&T's media relations representatives asking who reporters should call for updates. "@ATTNews Understand spokesperson has been tough for reporters to reach at AT&T on Silicon Valley outage. Who should they call for info?" While hundreds of messages were sent back and forth on Twitter throughout the day among angry customers looking for more information on what has been happening, some affected business customers were also using Twitter and other social-networking forums to keep their customers updated on the outage. For example San Francisco-based VerticalResponse has been following AT&T's updates via Twitter, and it's also been updating its own customers using Twitter. VerticalResponse works with roughly 56,000 small-business customers to distribute direct email marketing campaigns. And even though the company is based in San Francisco, its servers are collocated in Palo Alto, which was affected by the outage. For most of the day, VerticalResponse was unable to send marketing campaigns on behalf of its customers. And because the company was disconnected from the Net, it also had no way to communicate with its customers through its corporate e-mail system. So instead the company leveraged several social-networking platforms, including Twitter, to get the word out to its customers about what was happening. Instead of coming into the office, most of the company's employees stayed home, or went to coffee shops in San Francisco where they could get Internet access. "Our clients are pretty pissed," said VerticalResponse's CEO Janine Popick. "And rightly so. When something like happens you just have to throw your hands up. There's nothing you can do. But the good news is we have been building up a Twitter base, and we have nearly 4,000 people as part of our online community, so we can communicate directly with them through Twitter or Facebook or some other social networking medium." Amen for Twitter. But the big question still remains, "When will AT&T fix this mess?" I guess you'll have to check Twitter to know exactly when. VerticalResponse's most recent tweet indicates that its servers are up and running. And the company has sent all its email campaigns for the day. Marguerite Reardon has been a CNET News reporter since 2004, covering cell phone services, broadband, citywide Wi-Fi, the Net neutrality debate, as well as the ongoing consolidation of the phone companies. E- mail Maggie. From rforno at infowarrior.org Fri Apr 10 12:59:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Apr 2009 08:59:10 -0400 Subject: [Infowarrior] - Just how vulnerable is the electrical grid? Message-ID: <50D664C2-86EF-4D0C-B50E-A59DC1284491@infowarrior.org> April 10, 2009 4:00 AM PDT Just how vulnerable is the electrical grid? by Elinor Mills http://news.cnet.com/8301-1009_3-10216702-83.html?part=rss&subj=news&tag=2547-1_3-0-20 Smarter is not always better--at least when it comes to utilities. More than a decade after initial reports said critical infrastructure in the U.S. is vulnerable to cyberattack, the situation has only worsened as utilities move their control systems closer to the Internet and install smart-grid technology, according to security experts. Questions about the security of infrastructure in the United States arose this week following a Wall Street Journal report that said the nation's electricity grid has been compromised by foreign hackers. And several experts said in interviews this week that some energy systems have, in fact, gotten less secure as they have modernized. The Supervisory Control and Data Acquisition (SCADA) control systems used by the energy industry used to be segregated from public networks. But they have increasingly become more dependent on Internet protocol- based systems, the experts said. At the same time, their security precautions are inefficient, they said. "The end result is that, as part of our modernization, we've made ourselves more vulnerable," said James Lewis, a senior fellow at the nonprofit Center for Strategic and International Studies (CSIS). "Plant control networks (and their programmable logic controllers) should be disconnected from the Internet," said Peter "Mudge" Zatko, technical director of the national intelligence research unit at BBN Technologies. "These are the things lifting and lowering the plutonium rods into the water to make steam...It's on the Internet. This is terrifying." Myriad operational problems For many utility workers, it's easier to log onto the Internet from home when they get called at night. But if those home computers are infected with spyware, they can be used by attackers to get into the control systems, which are supposed to be separated from the Internet. And there are other problems that are more deeply embedded in the day- to-day operations of a utility's business. Network control software that utilities buy from outside vendors often includes the ability to run Web servers and enable remote access and wireless access. Then there are configuration problems, such as routers and other systems that use default passwords, or worse, don't use passwords at all, according to Zatko and others who have tested the systems. "It's out of ease-of-use and the fact that there weren't strong restrictions (the electric utilities were deregulated to a large extent) that the networks are a mess in a lot of places," Zatko said. Often, "the systems themselves aren't robust because they were designed to be on networks that weren't talking to the public Internet." Many warnings have been sounded over the years. In 1999, Zatko compiled a list of about 30 utilities whose plant control networks could be accessed remotely, and he says many of them still have the same problems today. In 2004, Gartner did a report concluding that the use of IP networks for critical infrastructure could serve as bait for cyberattackers. "It's painfully easy to exploit" the control systems, said Frank Heidt, chief executive of professional security services company Leviathan Security. "Energy management systems really can't be connected to the Internet. It's going to be painful for some companies, but they're going to have to change this." Last year, a security expert at the RSA conference detailed how easy it is to break into power plants by downloading malware to employee computers through a socially engineered e-mail that directs them to a malicious server. Meanwhile, Core Security found a hole in the Suitelink software that is used to automate operations at power stations, oil refineries, and production lines. Lewis of the CSIS acknowledged that using the Internet opens utilities up to cyberattack risks, but said there are "sound economic reasons" for them doing so. "Most of the critical infrastructure on the Internet is there for legitimate business purposes," agreed John Bumgarner, a research director at the nonprofit U.S. Cyber Consequences Unit. Security company Industrial Defender has done more than 100 threat assessments over the past seven years, primarily in utility infrastructure, and identified 34,000 vulnerabilities, said company CEO Brian Ahern. For the most part, utilities--among the most conservative businesses in spending on technology--don't do basic security monitoring of their power generation and distribution equipment, he said. "You can't protect when you don't know what's happening. I think that less than five percent of utilities have a good sense of critical threats," he said. Utilities "are sacrificing security for convenience and cost savings," said Richard Forno, a principal at KRvW, an information security consulting firm in Washington, D.C. "We've allowed the situation to get worse, and it will be harder to get away from these networks touching the public Net now that we are 10 years, 15 years into the process." Smart grids: Efficient but insecure IP networks aren't the only problem. The use of smart-grid technology, which consists of networked meters designed for adjusting electricity flows and monitoring everything from power plants to individual appliances in homes, are also putting critical systems at risk, experts said. Critical infrastructure insiders in the U.S. and Canada surveyed last year said the energy sector was the industry most vulnerable to cyberattack. The survey cited many contributing factors: an increase in the number of access points through the use of sensors, smart meters, and third-party contractors with remote access capability; use of more IP-based networks; integration between corporate and operational networks; reliance on standard or commodity IT platforms such as Microsoft Windows; and lack of attention to security by network automation and control system vendors. The biggest bottleneck to improving critical infrastructure security is cost, followed by apathy, they said. In March, IOActive, which provides application and smart-grid security services, said it had verified "significant" and "inherent" security flaws with multiple smart-grid platforms" and found them susceptible to common security vulnerabilities such as protocol tampering, buffer overflows, persistent and non-persistent rootkits, and code propagation. "These vulnerabilities could result in attacks to the smart-grid platform causing utilities to lose momentary system control of their advanced metering infrastructure smart meter devices to unauthorized third parties," the company said in a release (PDF). "This would expose utility companies to possible fraud, extortion attempts, lawsuits, or widespread system interruption." More than 2 million smart meters are in use in the U.S. today, and an estimated 73 utilities have ordered 17 million additional smart meters, according to IOActive. The Obama administration's proposed 2010 budget has earmarked $4.5 billion for smart-grid technologies in the electricity infrastructure. "The plan now would be to put in largely unsecured networks for smart grid," said Lewis of CSIS. "Hopefully they'll fix it." The worst case scenario is that a person would access and control a smart meter and control other networked smart meters to disrupt the grid, said Ahern of Industrial Defender. Standards for securing smart-grid technologies are still being finalized, but Ahern thinks that government-led efforts to modernize the grid should focus more on designing security in right at the beginning. "We've got to take a step back from the hurry-up approach with the smart grid," he said. "There needs to be a balanced approach between investing in (smart grid) deployments and building security deeply into it." The vulnerability of the critical infrastructure isn't news, so why the Wall Street Journal report, with its unnamed sources, now? The story is likely linked to turf battles within the federal government over which agency will oversee the cybersecurity policies, and get the funding for it, several of the security experts suggested. For instance, the Department of Homeland Security has been criticized for not doing enough on cybersecurity, while the director of Homeland Security's National Cybersecurity Center resigned recently, accusing the NSA of trying to wrest control. The Obama administration in December ordered officials to do a 60-day review on the Department of Homeland Security's cybersecurity efforts, and that report is due to be released next week. Meanwhile, the administration's proposed 2010 budget includes $355 million to support the base operations of the National Cyber Security Division and the efforts of the Comprehensive National Cybersecurity Initiative. "We're right at the point where they're naming new cybersecurity czars and there's a grab for funding between the Air Force, Navy, NSA, and others that want the cybersecurity budget," said Zatko. "There are a lot of renewed efforts in this particular field, and it's a field that's in a fair amount of disarray." While experts discuss cybersecurity threats, physical attacks on infrastructure are taking place. AT&T said on Thursday that vandals are to blame for the massive phone and Internet outage in Silicon Valley on Thursday. (CNET News' Martin LaMonica contributed to this report.) Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. From rforno at infowarrior.org Fri Apr 10 13:03:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Apr 2009 09:03:59 -0400 Subject: [Infowarrior] - Pirate Bay signs up 113K new anony-service users Message-ID: <2DFE95A1-D054-44AD-9A77-5FBB667DC888@infowarrior.org> The Pirate Bay's Anonymity Service Signs 100,000 Users Pre-Launch By Wired Staff EmailApril 08, 2009 | 12:18:50 PMCategories: Yo Ho Ho Kerstin Sjoden reports. Piratebay Over 100,000 people have already signed up for The Pirate Bay?s new anonymity service, Ipredator, designed to hide IP addresses from the authorities, the Bay's spokesman says. Last Wednesday, the controversial Intellectual Property Rights Enforcement Directive (IPRED) became law in Sweden. Its main goal is to enable copyright holders to acquire data identifying people linked to illegal file sharing. Wired.com reported last week that internet use in Sweden dipped by 30 percent when IPRED came into force on April 1. Some 113,000 persons have signed up and are in queue for the Ipredator service, and about 80 percent are Swede, Peter Sunde, spokesperson for The Pirate Bay, said to the Swedish news agency TT Tuesday. The service was originally set to go live on April 1, but the unexpected high demand delayed it. The service will operate much the same way as other anonymity services, with one important exception: The Pirate Bay says it will not log its data, making it more difficult to trace activity to a specific user. Ipredator is a Virtual Private Network (VPN) which allows users to anonymously connect to the internet. Their ISP-designated IP addresses remain hidden, revealing only a second IP address provided by the VPN. Details concerning the service are scant, except that users will pay a fee of approximately $6 for the security of knowing that their actions will be difficult to trace. The service is expected to start operation on April 8. There are already a numbers of sites online devoted to hiding user IP addresses for a monthly fee, and in the wake of the country's new anti- file sharing measures, the demand for such anonymity services has increased across the board, according to the daily newspaper Svenska Dagbladet. One service, Dold.se, is currently informing visitors that its service is "overloaded". Relakks.com, another service, says on its site that it's seen a big wave of new customers recently, and that the service might be slow as a result. http://blog.wired.com/27bstroke6/2009/04/the-pirate-bays.html From rforno at infowarrior.org Sat Apr 11 00:07:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Apr 2009 20:07:28 -0400 Subject: [Infowarrior] - Pentagon preps for economic warfare Message-ID: <1002F2DD-944A-4133-A5C5-35BEDB230679@infowarrior.org> Pentagon preps for economic warfare By: Eamon Javers April 9, 2009 04:18 AM EST http://www.politico.com/news/stories/0409/21053.html The Pentagon sponsored a first-of-its-kind war game last month focused not on bullets and bombs ? but on how hostile nations might seek to cripple the U.S. economy, a scenario made all the more real by the global financial crisis. The two-day event near Ft. Meade, Maryland, had all the earmarks of a regular war game. Participants sat along a V-shaped set of desks beneath an enormous wall of video monitors displaying economic data, according to the accounts of three participants. ?It felt a little bit like Dr. Strangelove,? one person who was at the previously undisclosed exercise told POLITICO. But instead of military brass plotting America?s defense, it was hedge- fund managers, professors and executives from at least one investment bank, UBS ? all invited by the Pentagon to play out global scenarios that could shift the balance of power between the world?s leading economies. Their efforts were carefully observed and recorded by uniformed military officers and members of the U.S. intelligence community. In the end, there was sobering news for the United States ? the savviest economic warrior proved to be China, a growing economic power that strengthened its position the most over the course of the war-game. The United States remained the world?s largest economy but significantly degraded its standing in a series of financial skirmishes with Russia, participants said. See also * Parental rights: The new wedge issue * Fed judges are fed up * U.S. could join direct talks with Iran The war game demonstrated that in post-Sept. 11 world, the Pentagon is thinking about a wide range of threats to America?s position in the world, including some that could come far from the battlefield. And it?s hardly science fiction. China recently shook the value of the dollar in global currency markets merely by questioning whether the recession put China?s $1 trillion in U.S. government bond holdings at risk ? forcing President Barack Obama to issue a hasty defense of the dollar. ?This was an example of the changing nature of conflict,? said Paul Bracken, a professor and expert in private equity at the Yale School of Management who attended the sessions. ?The purpose of the game is not really to predict the future, but to discover the issues you need to be thinking about.? Several participants said the event had been in the planning stages well before the stock market crash of September, but the real-world market calamity was on the minds of many in the room. ?It loomed large over what everybody was doing,? said Bracken. ?Why would the military care about global capital flows at all?? asked another person who was there. ?Because as the global financial crisis plays out, there could be real world consequences, including failed states. We?ve already seen riots in the United Kingdom and the Balkans.? The Office of the Secretary of Defense hosted the two-day event March 17 and 18 at the Warfare Analysis Laboratory in Laurel, MD. That facility, run by the Johns Hopkins University Applied Physics Laboratory, typically hosts military officials planning intricate combat scenarios. A spokesperson for the Applied Physics Laboratory confirmed the event, and said it was the first purely economic war game the facility has hosted. All three participants said they had been told it was the first time the Pentagon hosted a purely economic war game. A Pentagon spokesman would say only that he was not aware of the exercise. The event was unclassified but has not been made public before. It is regarded as so sensitive that several people who participated declined to discuss the details with POLITICO. Said Steven Halliwell, managing director of a hedge fund called River Capital Management, ?I?m not prepared to talk about this. I?m sorry, but I can?t talk to you.? Officials at UBS also declined to comment. Participants described the event as a series of simulated global calamities, including the collapse of North Korea, Russian manipulation of natural gas prices, and increasing tension between China and Taiwan. ?They wanted to see who makes loans to help out, what does each team do to get the other countries involved, and who decides to simply let the North Koreans collapse,? said a participant. There were five teams: The United States, Russia, China, East Asia and ?all others.? They were overseen by a ?White Cell? group that functioned as referees, who decided the impact of the moves made by each team as they struggled for economic dominance. At the end of the two days, the Chinese team emerged as the victors of the overall game ? largely because the Russian and American teams had made so many moves against each other that they damaged their own standing to the benefit of the Chinese. Bracken says he left the event with two important insights ? first, that the United States needs an integrated approach to managing financial and what the Pentagon calls ?kinetic? ? or shooting ? wars. For example he says, the U.S. Navy is involved in blockading Iran, and the U.S. is also conducting economic war against Iran in the form of sanctions. But he argues there isn?t enough coordination between the two efforts. And second, Bracken says, the event left him questioning one prevailing assumption about economic warfare, that the Chinese would never dump dollars on the global market to attack the US economy because it would harm their own holdings at the same time. Bracken said the Chinese have a middle option between dumping and holding US dollars ? they could sell dollars in increments, ratcheting up economic uncertainty in the United States without wiping out their own savings. ?There?s a graduated spectrum of options here,? Bracken said. For those who hadn?t been to a Pentagon event before, the sheer technological capacity of the Warfare Analysis Laboratory was impressive. ?It was surprisingly realistic,? said a participant. Still, the event conjures images of the ultimate Hollywood take on computer strategizing: the 1983 film ?War Games? in which a young computer hacker nearly triggers a nuclear apocalypse. The film and the reality had one similarity: The characters in the movie used a computer called WOPR, or War Operation Plan Response. The computer system used by the real life war-gamers? It was called WALRUS, or Warfare Analysis Laboratory Registration and User Website. ? 2009 Capitol News Company, LLC From rforno at infowarrior.org Sat Apr 11 02:49:15 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Apr 2009 22:49:15 -0400 Subject: [Infowarrior] - Copyright Harm and The First Amendment Message-ID: <498DC9B8-4CBD-44AF-AE0D-750B84A44A19@infowarrior.org> COPYRIGHT HARM AND THE FIRST AMENDMENT http://works.bepress.com/christina_bohannan/1/ Paper: http://works.bepress.com/cgi/viewcontent.cgi?article=1000&context=christina_bohannan Christina Bohannan, University of Iowa College of Law Abstract Copyright law is a glaring and unjustified exception to the general rule that the government may not prohibit speech without a showing that the speech causes harm. While the First Amendment sometimes protects even harmful speech, it virtually never allows the prohibition of harmless speech. Yet, while other speech-burdening laws, such as defamation and right of publicity laws, require demonstrable evidence that the defendant?s speech causes actual harm, copyright law does not make harm a requirement of infringement. Although copyright law considers harm to the market for the copyrighted work as a factor in fair use analysis, harm is not always required and is so poorly defined that the concept has become circular. Moreover, the defendant ordinarily bears the burden of proof to show the absence of harm. As a result, courts often find liability for infringement (and therefore burden speech) where harm is purely speculative. Potential explanations for copyright?s anomalous treatment are unpersuasive. Copying involves speech as well as conduct, and the fact that copyrights are in some sense property does not come close to justifying its aberrant treatment. Moreover, copyright?s role in encouraging creative expression does not obviate First Amendment concerns. Rather, it provides a way to reconcile copyright law and free speech. Drawing substantially from First Amendment cases holding that speech restrictions must be justified by a governmental interest, this article argues that the First Amendment requires real proof of harm to the copyright holder?s incentives in order to impose liability for copyright infringement. It also explores the types of harm that might arise in copyright infringement cases and considers whether the First Amendment permits recognition of these types of harm. The article concludes that although demonstrable market harm is cognizable under First Amendment principles, recognition of harm to the reputation of copyrighted works, the author?s right not to speak or associate, or the copyright holder?s privacy interests is generally not compatible with the values of free speech. Suggested Citation Christina Bohannan. "COPYRIGHT HARM AND THE FIRST AMENDMENT" ExpressO (2009). Available at: http://works.bepress.com/christina_bohannan/1 http://works.bepress.com/christina_bohannan/1/ From rforno at infowarrior.org Sun Apr 12 17:56:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Apr 2009 13:56:37 -0400 Subject: [Infowarrior] - The Akamai Story: From Theory to Practice Message-ID: <24BFBCB1-7546-4D33-A40A-F4298A7AC89A@infowarrior.org> Video: The Akamai Story: From Theory to Practice F. Thomson Leighton Ph.D. '81 April 21, 2004 Running Time: 55:36 http://mitworld.mit.edu/video/199/ About the Lecture If you have ever wondered what it means for a website to become ?Akamaized,? this lecture about the company?s origins explains much of the mystery. But before there was an Akamai, there were research problems?lots of them. Nearly 15 years ago, Tim Berners-Lee, architect of the World Wide Web, asked Tom Leighton to think about solutions to future -- and now familiar-- Internet issues: bottlenecks that form when users flood to a particular site, often along a single Internet supply line. Leighton?s team generated algorithms (and publications and advanced degrees) while figuring out the fastest means to move information from here to there. Along the way, they learned some tricks to outsmart Internet service providers who slow traffic down by bumping competitors? data from their network lines. Akamai (which means clever and cool in Hawaiian) got its start in the MIT 50k competition, and took off when some big name clients decided to give the company a trial run. Paramount, ESPN, Apple, and Microsoft recognized the importance of Akamai?s Internet optimization strategy: distributing servers and routing software to the ?edge? or end users, rather than centralizing services. Akamai survived the stock market ?bubble? and collapse, and now serves a diverse global market. From rforno at infowarrior.org Sun Apr 12 18:15:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Apr 2009 14:15:24 -0400 Subject: [Infowarrior] - Making a PBX 'botnet' out of Skype or Google Voice? Message-ID: http://www.thestandard.com/news/2009/04/10/making-pbx-botnet-out-skype-or-google-voice Making a PBX 'botnet' out of Skype or Google Voice? Robert McMillan, IDG News Service04.10.2009 Flaws in popular Internet-based telephony systems could be exploited to create a network of hacked phone accounts, somewhat like the botnets that have been wreaking havoc with PCs for the past few years. Researchers at Secure Science recently discovered ways to make unauthorized calls from both Skype and the new Google Voice communications systems, according to Lance James, the company's cofounder. An attacker could gain access to accounts using techniques discovered by the researchers, then use a low-cost PBX (private branch exchange) program to make thousands of calls through those accounts. The calls would be virtually untraceable, so attackers could set up automated messaging systems to try and steal sensitive information from victims, an attack known as vishing. The calls might be a recorded message asking the recipient to update their bank account details, for example. "If I steal a bunch of [Skype accounts], I can set up [a PBX] to round- robin all those numbers, and I can set up a virtual Skype botnet to make outbound calls. It would be hell on wheels for a phisher and it would be a hell of an attack for Skype," James said. In Google Voice, the attacker could even intercept or snoop on incoming calls, James said. To intercept a call, the attacker would use a feature called Temporary Call Forwarding to add another number to the account, then use free software such as Asterisk to answer the call before the victim ever heard a ring. By then pressing the star symbol, the call could then be forwarded to the victim's phone, giving the attacker a way to listen in on the call. Secure Science researchers were able to access accounts they had set up using an online service called spoofcard, which allows users to make it appear as though they are calling from any number they wish. Spoofcard has been used in the past to access voicemail accounts. Most famously, it was blamed when actress Lindsay Lohan's BlackBerry account was hacked three years ago and then used to send inappropriate messages. The attacks on Google Voice and Skype use different techniques, but essentially they both work because neither service requires a password to access its voicemail system. For the Skype attack to work, the victim would have to be tricked into visiting a malicious Web site within 30 minutes of being logged into Skype. In the Google Voice attack (pdf), the hacker would first need to know the victim's phone number, but Secure Science has devised a way to figure this out using Google Voice's Short Message Service (SMS). Google patched the bugs that enabled Secure Science's attack last week and has now added a password requirement to its voicemail system, the company said in a statement. "We have been working in coordination with Secure Science to address the issues they raised with Google Voice, and we have already made several improvements to our systems," the company said. "We have not received any reports of any accounts being accessed in the manner described in the report, and such access would require a number of conditions to be met simultaneously." The Skype flaws have not yet been patched, according to James. EBay, Skype's parent company, did not immediately respond to a request for comment. The attacks show how tricky it will be to securely integrate the old- school telephone system into the more free-wheeling world of the Internet, James said. "This kind of proves ... how easy VoIP is to screw up," he said. He believes that these kinds of flaws almost certainly affect other VoIP systems as well. "There are people out there who can figure out how to tap your phone lines." Reprinted with permission from IDG News Service. Story copyright 2009 IDG News Service Inc. All rights reserved. From rforno at infowarrior.org Sun Apr 12 18:17:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Apr 2009 14:17:21 -0400 Subject: [Infowarrior] - Goldman Sachs intimidating critical blogger Message-ID: <612C8B0A-B949-458C-A3EF-20B1DD98925A@infowarrior.org> http://www.telegraph.co.uk/finance/newsbysector/banksandfinance/5137489/Goldman-Sachs-hires-law-firm-to-shut-bloggers-site.html Goldman Sachs hires law firm to shut blogger's site Goldman Sachs is attempting to shut down a dissident blogger who is extremely critical of the investment bank, its board members and its practices. By James Quinn, Wall Street Correspondent Last Updated: 2:16PM BST 11 Apr 2009 The New York headquarters of Goldman Sachs, which has instructed a Wall Street law firm to tell a blogger to stop criticising the bank The bank has instructed Wall Street law firm Chadbourne & Parke to pursue blogger Mike Morgan, warning him in a recent cease-and-desist letter that he may face legal action if he does not close down his website. Florida-based Mr Morgan began a blog entitled "Facts about Goldman Sachs" ? the web address for which is goldmansachs666.com ? just a few weeks ago. In that time Mr Morgan, a registered investment adviser, has added a number of posts to the site, including one entitled "Does Goldman Sachs run the world?". However, many of the posts relate to other Wall Street firms and issues. According to Chadbourne & Parke's letter, dated April 8, the bank is rattled because the site "violates several of Goldman Sachs' intellectual property rights" and also "implies a relationship" with the bank itself. Unsurprisingly for a man who has conjoined the bank's name with the Number of the Beast ? although he jokingly points out that 666 was also the S&P500's bear-market bottom ? Mr Morgan is unlikely to go down without a fight. He claims he has followed all legal requirements to own and operate the website ? and that the header of the site clearly states that the content has not been approved by the bank. On a special section of his blog entitled "Goldman Sachs vs Mike Morgan" he predicts that the fight will probably end up in court. "It's just another example of how a bully like Goldman Sachs tries to throw their weight around," he writes. Speaking to The Daily Telegraph, Mr Morgan explained how he went through a similar battle with US homebuilder Lennar a few years ago after he set up a website to collect information on what he alleged was shoddy workmanship in its homes. The pair eventually settled out of court. "Since I went through this with Lennar, I've had advice from some of the best intellectual property lawyers, and I know exactly what I can and can't do. We're not going to back down from this," he promises. Mr Morgan adds that if Goldman manages to shut down his site, he has a number of other domain names registered. ? Speculation is mounting that Goldman Sachs is set to raise several billion dollars via a share sale, possibly next week, in order to pay down a $10bn (?6.8bn) US government loan, as revealed in The Sunday Telegraph last week. From rforno at infowarrior.org Sun Apr 12 18:22:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Apr 2009 14:22:22 -0400 Subject: [Infowarrior] - Interesting take on bandwidth capping Message-ID: Bandwidth caps as a form of "DRM" or enticing people to stick with existing modes of content delivery? Perhaps a bit conspiracy-theory, but an innovative explanation for such programs. ---rf http://www.tomshardware.com/news/time-warner-cable-internet-drm,7530.html#xtor =RSS-181 Much like everyone reading this article, I'm a genuine supporter of advancement in hardware and technology services. Suffice to say, I was happy with the progression of Internet connection services over the years. Recently, however, I would have to say that Internet connection advancement in the U.S. and Canada has been purely an interest of the corporations that provide them and not about serving the consumer-- you--and the advancement of technology in America in general. In late March, I wrote an article on Tom's Hardware explaining why HDCP (high definition content protection) is the bane of movie watchers everywhere. Not only is HDCP an invasive technology that kills the enjoyment of movies for enthusiasts, it does nothing to stop pirates. We all know this to be true. Don't think for a moment though, that big media doesn't know this-- they absolutely do. Now, they have a new plan. Since big media can't directly go after pirates, they've decided to go after to after the group of people who they think can't do a thing about it: anyone using an Internet connection. < - > Download capping is the new DRM. It ensures several things: - You will be more hesitant to download movies and music legitimately-- even though you've paid to watch/listen. - You will watch more cable TV (so you can see all those great ads). - You will accidentally pay more for less. - Pirates get a whacking. Big media and ISPs can't effectively eliminate piracy by going after pirates directly or stop online video and music streaming services. So they have a better plan now: go after everyone. From rforno at infowarrior.org Sun Apr 12 21:55:08 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Apr 2009 17:55:08 -0400 Subject: [Infowarrior] - Wikileaks posts ACTA working drafts Message-ID: <7BAD0785-A397-4B95-A85A-1F38DF26A2FA@infowarrior.org> Classified US, Japan and EU ACTA trade agreement drafts, 2009 From Wikileaks April 11, 2009 Summary The file presents US, Japan and EU drafts of the controversial international copyright and patent trade agreement, ACTA ("Anti- Counterfeiting Trade Agreement"). The documents were obtained by Wikileaks staff. The material is significant, both for those countries involved in the negotiations and those who have been excluded from them, such as China, Russia and the nearly all of the developing world. < - > http://www.wikileaks.org/wiki/Classified_US%2C_Japan_and_EU_ACTA_trade_agreement_drafts%2C_2009 From rforno at infowarrior.org Mon Apr 13 01:18:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Apr 2009 21:18:47 -0400 Subject: [Infowarrior] - Amazon taking a position on GLBT books? Message-ID: <3F4B7A05-F8A4-4F39-AAFF-5AE05AF4B90A@infowarrior.org> (h/t TL) http://markprobst.livejournal.com/15293.html On Amazon.com two days ago, mysteriously, the sales rankings disappeared from two newly-released high profile gay romance books: ?Transgressions? by Erastes and ?False Colors? by Alex Beecroft. Everybody was perplexed. Was it a glitch of some sort? The very next day HUNDREDS of gay and lesbian books simultaneously lost their sales rankings, including my book ?The Filly.? There was buzz, What?s going on? < - amazon response - > Yes, it is true. Amazon admits they are indeed stripping the sales ranking indicators for what they deem to be ?adult? material. Of course they are being hypocritical because there is a multitude of ?adult? literature out there that is still being ranked ? Harold Robbins, Jackie Collins, come on! They are using categories THEY set up (gay and lesbian) to now target these books as somehow offensive. Now in fairness I should point out that Amazon has also stopped ranking many books in the "erotica" categories as well which includes straight erotica. But that's a whole other battle that I'll leave to the erotica writers to take on. http://markprobst.livejournal.com/15293.html From rforno at infowarrior.org Mon Apr 13 11:56:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Apr 2009 07:56:07 -0400 Subject: [Infowarrior] - How secure is the U.S. communications network? Message-ID: http://news.cnet.com/8301-1035_3-10217550-94.html?part=rss&subj=news&tag=2547-1_3-0-20 April 13, 2009 4:00 AM PDT How secure is the U.S. communications network? by Marguerite Reardon A simple snip of a few fiber-optic communications cables left thousands of people in Silicon Valley and throughout parts of the San Francisco Bay Area without phone, Internet, or wireless service for more than 12 hours on Thursday. The San Jose Police Department is investigating the incidents, which took place in two different locations in San Jose and San Carlos and classified as acts of vandalism. Now that the network is up and running again, people are asking how difficult is it to take down the nation's communications network? And should we be more worried about the fiber optic cables that ring our communities and crisscross the country carrying all of our communications? "A couple of well-placed attacks could do a lot of damage to the communications network," said Sam Greenholtz, co-founder and principal of Telecom Pragmatics, a consulting and research firm specializing in the telecommunications market. "And it's not really that hard to figure out where the fiber optic cables are laid and to get access to them." That said, Sgt. Ronnie Lopez of the San Jose Police Department said there is no reason yet to suspect terrorism in this case. But the FBI has been briefed on the case. AT&T is offering a $250,000 reward to anyone who can provide information that leads to the arrest and conviction of the vandals. "We are aggressively working with law enforcement authorities to see that those responsible for this willful act are apprehended and prosecuted to the fullest extent of the law," the company said in a statement Friday. AT&T also said in a press release that following the terrorist attacks of September 11, 2001, its networks were declared National Critical Infrastructures, which means that anyone who tampers with, destroys, or disrupts the company's network or its components is in violation of both federal and state laws. Wondering about vulnerabilities Still, with recent reports that our nation's electrical grid has gotten less secure due to technological advances, incidents such as this one leaves many wondering how vulnerable the communications network really is. I talked to a few experts about how telecommunications networks are built and how they operate. And I've concluded that while it's somewhat easy to figure out where fiber is laid and to gain access to the fiber infrastructure in the ground, it's much harder to actually cause major damage unless you know what you're doing. Let me explain. In the AT&T fiber cut case, it was fairly easy for the perpetrator to access the fiber-optic cables that were eventually cut. Sgt. Lopez said that it appeared that whoever cut the fibers simply lifted the manhole cover, went down the ladder, and cut two cables. But knowing exactly which manhole cover to open and which cables to cut that would cause widespread damage to the network is another story. Greenholtz, who was a former manager in the Planning and Engineering Group at Verizon where he worked for nearly 28 years, said that causing a network outage of this magnitude was likely orchestrated by someone who not only knew which manholes provided access to AT&T fibers, but also knew which places on the network were most vulnerable and could cause the most damage. "The manhole covers are not locked," he said. "Anybody can open them and go down there. But most of these networks have redundancy and diversity built-in to the architecture, so if you cut a cable, it reroutes itself and recovers." Greenholtz explained that someone with knowledge of the network would know the most vulnerable points in the network and could pinpoint those areas. Built in rings AT&T declined to discuss specifics of the company's network architecture, but experts say that the Baby Bell phone companies, such AT&T's predecessor SBC Communications, typically built their regional fiber networks in rings. The rings themselves would help provide protection against an outage, because if a line were cut, the traffic could just reverse itself in less than 50 milliseconds and go the other direction around the ring. But the phone companies also typically ran redundant lines that are spaced some distance apart from each other, so that if one line is cut, there is also a separate fiber carrying the traffic. And to ensure that the redundant line can handle excess traffic in an emergency, most phone companies run these systems at 50 percent capacity. The fiber-optic cables that were cut in San Carlos, which were owned by Sprint Nextel, appear to have worked in this way. The traffic was quickly rerouted to another path, and service to Sprint's business customers was not interrupted. Unlike regional networks, which have multiple fiber rings running through and between cities, undersea cables that connect continents do not have this type of redundant architecture because it's much too expensive to build it that way. This means that undersea cables are particularly vulnerable to fiber cuts. But because they are deployed beneath the ocean floor, they tend to be more difficult to tamper with. That said, cables are severed and massive outages do occur from time to time. By contrast, some networks in highly trafficked regions or networks that service critical customers have even more redundancy built into them. Michael Howard, a principal analyst at telecommunications research firm Infonetics Research, said that carriers such as Deutsche Telekom have begun building meshed networks so that there is a third path for traffic if fibers are cut or there is some other disruption on the network. "The more traffic there is on the route, the more redundancy the carrier provides," he said. "There are usually two aspects to a backup plan for networks. One is providing a diversity of virtual routes for the traffic, but the other is providing physically separate routes on separate fibers. I'd have to say the outage that occurred in Silicon Valley seems odd, given the traditional network architecture." An inside job? Indeed, AT&T's network failure seems to suggest that at least one other path that would have rerouted the traffic was also damaged or cut. Given that the police indicated that the incidents occurred in only two locations, San Jose and San Carlos, it seems likely that there was already some damage or issue happening on AT&T's network at the time the fiber was cut or the vandals managed to cut the ring in two places. Of course, neither I nor any other expert could know this for sure. But the fact is that fibers are cut all the time in regional networks, and rarely do they cause massive outages that shut down entire regions for hours. Most of these incidents are accidents. Someone might be landscaping a yard and a back-hoe severs a cable. Or another utility worker accidentally damages a cable while working in the same manhole where communication cables are located. "Fiber cuts happen more often than people realize," said Crystal Davis, a spokeswoman for Sprint Nextel. "It happens by accident all the time when someone is drilling or digging up a street. Or they're doing regular maintenance. We know this, and that's why traffic can be quickly rerouted." This is also why Greenholtz believes that the AT&T fibers were likely cut by someone who knew the network and its potential weaknesses. "If there was an ongoing maintenance issue on one side of the fiber ring that hadn't been addressed," he said. "And then the other side is cut, it would cause a major outage like the one AT&T experienced. But in order to cause that much damage, someone would have to know that. Otherwise, it was just a very lucky vandal." This line of thinking has caused some bloggers to suspect that the vandal was a disgruntled former or current AT&T employee. And some have even gone so far as to suggest that the perpetrator could be an unhappy union worker. AT&T is currently in contract negotiations with its largest union the Communications Workers of America, which represents some 80,000 workers at AT&T. Workers have already voted to strike if a new contract can't be agreed upon. So far, no date has been set for a strike, and Candice Johnson, a spokeswoman for the union said that the two sides are still negotiating. But Johnson also said that the union was not involved in the vandalism and that claims that its members might be involved are unfounded. "There is no basis for speculation that our members were involved in this act of vandalism," she said. "We are cooperating with authorities. We are currently at the bargaining table with AT&T management, and our workers are on the job. Our goal is to get a contract renewed." Sgt. Lopez from the San Jose Police Department said that it's still too early in the investigation to talk about suspects or motives. Regardless of whether the cables were cut by disgruntled employees or random vandals, the recent incident highlights the potential for such an attack to be undertaken on a broader scale by foreign terrorists, who may infiltrate our nation's telephone companies or gain access to information about the country's communications network. But Greenholtz and other experts say that because these networks have always been built with redundancy in mind, it would take a massive coordinated effort to target individual manholes and to cut fibers. "If you really want to take down the communications network and cause damage, you'd probably target a central office," Greenholtz said. A central office is the nerve center of a telecommunications network. It houses all the switching equipment and billing data for a particular region of the network. As an example, Greenholtz said that if a terrorist was able to damage Verizon's central office on 38th Street in Manhattan, communications services on Wall Street could be wiped out not just for a few hours, but likely for days, weeks, or even a month. Because these facilities are so critical, he said all the major phone companies have tight security. "Those places have tons of security," he said. "You'd probably need Jack Bauer (of the TV show '24') to help you get in there." Marguerite Reardon has been a CNET News reporter since 2004, covering cell phone services, broadband, citywide Wi-Fi, the Net neutrality debate, as well as the ongoing consolidation of the phone companies. E- mail Maggie. From rforno at infowarrior.org Mon Apr 13 23:46:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Apr 2009 19:46:51 -0400 Subject: [Infowarrior] - 5th RIAA Lawyer to Justice Dept. Message-ID: Obama Taps 5th RIAA Lawyer to Justice Dept. By David Kravets EmailApril 13, 2009 | 4:52:49 PM http://blog.wired.com/27bstroke6/2009/04/obama-taps-fift.html Riaalogo President Barack Obama is tapping another RIAA attorney into the Justice Department. Monday's naming of Ian Gershengorn, to become the department's deputy assistant attorney of the Civil Division, comes more than a week after nearly two-dozen public interest groups, trade pacts and library coalitions urged the new president to quit filling his administration with lawyers plucked from the Recording Industry Association of America. The move makes it five RIAA lawyers Obama has appointed to the Justice Department. Picture_28 Gershengorn, left, a partner with RIAA-firm Jenner & Block, represented the labels against Grokster (.pdf) and will be in charge of the DOJ Federal Programs Branch. That's the unit that just told a federal judge the Obama administration supports monetary damages as high as $150,000 per purloined music track on a peer-to-peer file sharing program. In addition to Gershengorn, the other Jenner & Block attorneys appointed to the Justice Department include: *Donald Verrilli, associate deputy attorney general ? the No. 3 in the DOJ, who unsuccessfully urged a federal judge to uphold the $222,000 file sharing verdict against Jammie Thomas. *Tom Perrilli, as Verrilli's former boss, the Justice Department's No. 2 argued in 2002 that internet service providers should release customer information to the RIAA even without a court subpoena. *Brian Hauck, counsel to associate attorney general, worked on the Grokster case on behalf of the record labels. *Ginger Anders, assistant to the solicitor general, litigated on the Cablevision case. From rforno at infowarrior.org Mon Apr 13 23:50:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Apr 2009 19:50:39 -0400 Subject: [Infowarrior] - OpenSecrets.org Goes OpenData Message-ID: http://www.opensecrets.org/news/2009/04/opensecretsorg-goes-opendata.html OpenSecrets.org Goes OpenData Published by Communications on April 13, 2009 12:24 PM | Permalink Award-winning website from the Center for Responsive Politics now provides 20 years of downloadable money-in-politics data--for free WASHINGTON -- Politicians, prepare yourselves. Lobbyists, look out. Today the nonpartisan Center for Responsive Politics is putting 200 million data records from the watchdog group's archive directly into the hands of citizens, activists, journalists and anyone else interested in following the money in U.S. politics. For the first time in CRP's 26-year history, the nonprofit research group's most popular data archives are fully and freely downloadable for non-commercial purposes from the Center's website, OpenSecrets.org--a four-time Webby winner for best politics site online. OpenSecrets.org will remain the go-to independent source for most users interested in tracking money's political influence and, in fact, the site has some new general-interest features as of today. (More on those below.) With today's announcement, skilled data-divers can explore the information that's already aggregated on OpenSecrets.org to its full depth. Web developers and database experts can grab federal money-in- politics data that CRP's researchers have standardized and coded, and mash it up with other data sets. Timelines, charts, maps, other graphics and mobile applications are just some of the projects that could result--all powered by CRP's unparalleled data. "Putting our data into more hands will put more eyes on Washington and, we hope, engage more Americans in their government," CRP Executive Director Sheila Krumholz said. "We hope that more people counting cash will lead to more people making change." The OpenSecrets OpenData initiative is being generously underwritten by a three-year $1.2 million grant from Sunlight Foundation, which supports uses of the Internet to promote greater transparency of government and the interplay in Washington between money and public policy. "Building on its outstanding and long-earned reputation for accuracy and integrity, CRP is giving the public the keys to take government transparency to the next level," said Ellen Miller, Sunlight Foundation's executive director and co-founder. "This will have a long- term impact, undoubtedly inspiring many effective and creative uses of the data by civic hackers, journalists and bloggers." Center's Researchers Clean Up, Categorize Government Data The following data sets, along with a user guide, resource tables and other documentation, are now available in CSV format (comma-separated values, for easy importing) through OpenSecrets.org's Action Center at http://www.opensecrets.org/action/data.php : * CAMPAIGN FINANCE: 195 million records dating to the 1989-1990 election cycle, tracking campaign fundraising and spending by candidates for federal office, as well as political parties and political action committees. CRP's researchers add value to Federal Election Commission data by cleaning up and categorizing contribution records. This allows for easier totaling by industry and company or organization, to measure special-interest influence. * LOBBYING: 3.5 million records on federal lobbyists, their clients, their fees and the issues they reported working on, dating to 1998. Industry codes have been applied to this data, as well. * PERSONAL FINANCES: Reports from members of Congress and the executive branch that detail their personal assets, liabilities and transactions in 2004 through 2007. The reports covering 2008 will become available to the public in June, and the data will be available for download once CRP has keyed those reports. * 527 ORGANIZATIONS: Electronically filed financial records beginning in the 2004 election cycle for the shadowy issue-advocacy groups known as 527s, which can raise unlimited sums of money from corporations, labor unions and individuals. To download bulk data from OpenSecrets.org, users must register on the site and agree to prominently credit the Center for Responsive Politics, along with other terms of service. CRP is making its data available through a Creative Commons Attribution-Noncommercial-Share Alike license, which allows users to remix, tweak, build upon and share the Center's work non-commercially. CRP will continue to offer its data to commercial users for a negotiable fee. OpenSecrets.org also offers a number of APIs (Application Programming Interfaces) to give users direct access via web programming to data displayed on OpenSecrets.org. Web developers are already using these APIs to display OpenSecrets data on their web pages and create mashups using live, up-to-date data. Users can also share CRP data using OpenSecrets.org's widgets, which can be placed easily on any website or blog. New widgets for the 2010 election cycle are in development. Another New Feature: Enhanced Politician Profiles In addition to making its data archives available, today the Center has enhanced its online campaign finance profiles for members of Congress. Visitors to OpenSecrets.org now have three options for viewing the top industries and contributors supporting a particular lawmaker: 1) money raised by the politician's campaign committee, 2) money raised by the politician's leadership PAC or 3) money raised by the campaign and PAC combined. More than 300 members of Congress are also linked to a political action committee, ostensibly to raise money to support other members of their party. "Campaign committees and leadership PACs are two of the deepest pockets in a politician's coat," Krumholz said, "so it's important to watch them together to see who's potentially building the most influence with a lawmaker." OpenSecrets.org's enhanced profiles for members of Congress also now allow users to download deeper tables of data-aggregated data and "top" rankings, but not individual records, in a variety of formats with one easy click. This feature will be integrated into other sections of OpenSecrets.org in the future. Krumholz said, "All these enhancements to OpenSecrets.org are about one thing: showing more people how money's influence on politics affects their lives--and empowering them to do something about it." # # # OpenSecrets.org's bulk data is now available for download through the site's Action Center at http://www.opensecrets.org/action/data.php. ABOUT THE CENTER FOR RESPONSIVE POLITICS The Center for Responsive Politics is the nation's premier research group tracking money in U.S. politics and its effect on elections and public policy. For more than 25 years the nonpartisan, nonprofit Center has aimed to create a more educated voter, an involved citizenry and a more responsive government. CRP's award-winning website, OpenSecrets.org, is the most comprehensive resource for campaign contributions, lobbying data and analysis available anywhere. For other organizations and news media, CRP's exclusive data powers their online features tracking money in politics. CRP relies on support from a combination of foundation grants and individual contributions. The Center accepts no contributions from businesses, labor unions or trade associations. From rforno at infowarrior.org Tue Apr 14 11:29:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Apr 2009 07:29:13 -0400 Subject: [Infowarrior] - 10 easy steps to writing the scariest cyberwarfare article ever Message-ID: <6ED64C5A-853C-4531-B3F0-EA7757896407@infowarrior.org> (That is one of the most brilliant assessments about media cyberwar coverage I've seen in the MSM in a long time. Frankly I'm surprised it showed up in Foreign Polocy and not in some of the "hacker"- oriented security sites I frequent. Excellent post! ---rf) 10 easy steps to writing the scariest cyberwarfare article ever Evgeny Morozov Sat, 04/11/2009 - 5:57am http://neteffect.foreignpolicy.com/posts/2009/04/11/writing_the_scariest_article_about_cyberwarfare_in_10_easy_steps With daily reports of severe breaches in national cybersecurity and devastating cyber-attacks on government infrastructure, many journalists are in dire need of a manual to enlighten their writing on the subject. Here are my ten(rather cynical) tips to make your cyberwarfare story succeed. 1. You need a catchy title. It pays to cannibalize on some recent tragic event from the real world; adding "cyber" to its name would usually trigger all the right associations. Studies show that references to "digital Pearl Harbor","cyber-Katrina", and "electronic 9/11" are most effective, particularly for stories involving electricity grids or dams. Never make any explicit attempts to explain the bizarre choice of your title? you need to leave enough ambiguity out there for your readers to "connect the dots" themselves. This is a win-win: readers love solving important cyberspy puzzles - and you could get away without doing any analysis of your own. Quoting real facts would spoil the puzzle-solving experience; plus, the fewer facts you quote, the harder it would be to debunk your story! 2. Begin the story in Estonia, with a reference to its 2007 attacks; make sure to play up the ?E-stonia? tune and how the entire country was under online siege for a month (never mention that rioting in the Estonian streets was much more devastating and that the actual online siege lasted for twenty minutes at best). Setting the story in Estonia would also help to play up the Soviet threat that never really left the country. Blame NATO's impotence, praise Skype's genius, quote non- existent local Web entrepreneurs who lost all their savings in the 2007cyber-attacks. 3. Drop references to the evil Chinese hackers in every paragraph (in every sentence, if it's an article about GhostNet) . Don't forget to mention that cyberwarfare was first explained by Sun Tzu and has been part of the Chinese military tradition since the Shang dynasty. Make unverifiable claims about the tacit support that the Chinese government has offered to its nationalist hackers. Find and quote a Chinese blogger who can't log-in to his blog; quote from a recent Pentagon review of China's military power to explain why this may all be part of China's grand cyberwarfare strategy. 4. Mention the cyber-pranks of as many Kremlin-affiliated youth movements as you can, all the better if they are obscure or only exist on paper. Anyone whose last name ends in "-ov" or "-ev" qualifies as a Kremlin bigwig; use their every sneeze as an extremely accurate articulation of Kremlin's own thinking on cyberwarfare. Keep referencing shady Russian outlets like the Russian Business Network; the fact that they have not been in the news in 2007 only proves they are doing a great job in the cyber-underground. 5. Find and quote industry experts with the biggest possible conflicts of interest ? preferably those who make their living thanks to the public paranoia about cybersecurity. Make sure you give them enough space to quote their latest anti-virus solutions and consulting services. Since nobody important would talk to you on the record anyway, nobody expects your quotes to add any value to the article. Remember: it's all about the metaphors. Ideally, find "unbiased" experts who have never been to Estonia or Georgia, don't know the language, have gathered no data of their own, but who think that cyberwar is going to destroy us all (unless their firm is selected to help us save us from the evil hackers). 6. If you don't have any new facts to warrant yet another story on the subject, go and recycle old facts, quotes, and official statements; you are allowed to go back as early as 1997. In the worst case, give a call to some disgruntled dissident group with an ax to grind and ask if they feel threatened by the Chinese hackers (bonus points if you manage to find someone scared of Burma's junta); if they aren't, make sure to infect them with Conficker and call back shortly. Otherwise, call BBC to learn how to rent a botnet, pay for it with your corporate credit card, and launch a full-blown attack on some high-profile site, preferably the one that belongs to the dissident group you spoke to. Document your every step. 8. If you are still having trouble working the Chinese or the Russian governments into your story, why not throw in some geopolitical kerfuffle that involves a country located in between? Not only would it implicate both governments, it would also make cyberspace seem relevant to geopolitics. I suggest you settle on Kyrgyzstan, as it would also help to make a connection to the US military bases; there is no better story than having Russian and Chinese hackers oust the US from Kyrgyzstan via cyber-attacks. Bonus points for mentioning Azerbaijan and the importance of cyberwarfare to the politics of the Caspian oil; in the worst case, Kazakhstan would do as well. Never mention any connectivity statistics for the countries you are writing about: you don't want readers to start doubting that someone might be interested in launching a cyberwar on countries that couldn't care less about the Internet. 9. Anything involving cyberwar between Israel and Palestine is fair game, no matter how old and how unrelated to cyberwarfare. Don't forget to mention "e-Palestine" as an example of a nation in cyber- exile; throw in occasional references to Israeli Web start-ups. Eventually, blame everything on the growing appreciation of cyberspace by Iran's mullahs or at least local branch of Hamas (also ?Hezbollah). The big prize is alluding to a secretive summer camp on cyberwarfare, where hackers from Russia, China, Iran, and Israel get together to share tricks. 10. Make sure to mention that NSA,CIA, and DIA are all involved in the case, but they cannot comment. Play up the inter-agency squabble and mention that the military types are angry with the spies? and vice versa. Mention that the Pentagon has already been attacked a gazillion times; blame everything on Rumsfeld and his penchant for network- centric warfare (no need to explain it; networks=attacks, for most readers anyway).Include a silly but long quote from a government insider, preferably someone who has been out of the Pentagon or the CIA for twenty years and has never seen a computer. Now is the good time to end the piece with a reference to a bipartisan report on cybersecurity from a Washington think-tank, predict Obama's failure to rule in cyberspace,and mention that Al-Queada recruits online. Bingo! Mail it in ? and wait to hear from the Pulitzer committee. I bet half of your readers would never want to use a computer again. From rforno at infowarrior.org Tue Apr 14 16:54:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Apr 2009 12:54:05 -0400 Subject: [Infowarrior] - Amazon Says Error Removed Listings Message-ID: <85EB0E84-1279-4711-A377-5B3902C2488E@infowarrior.org> April 14, 2009 Amazon Says Error Removed Listings By MOTOKO RICH http://www.nytimes.com/2009/04/14/technology/internet/14amazon.html?hpw=&pagewanted=print In response to nearly two days of angry online commentary, particularly on Twitter, Amazon.com said on Monday that ?an embarrassing and ham-fisted cataloging error? had caused thousands of books on its site to lose their sales rankings and become harder to find in searches. Most of the company?s online critics complained that the problem appeared to have a disproportionate effect on gay and lesbian themed books, leading to cries of censorship. The titles that lost their sales rankings during the weekend included James Baldwin?s ?Giovanni?s Room,? the gay romance novel ?Transgressions? and ?Unfriendly Fire,? a recently published book about the government?s policies on gays in the military. But in an e-mailed statement that came late Monday, Amazon said 57,310 books in several broad categories had been affected, including books on health and reproductive medicine. On Sunday night, an Amazon spokeswoman told The Associated Press that there had been a ?glitch in our systems,? but the company offered no further explanation for most of Monday, allowing suspicion and conspiracy theories to run rampant. One hacker even tried to take credit for the incident, writing on his blog that he had taken advantage of bugs in Amazon?s Web site to trick people into flagging gay-themed books as inappropriate. Thousands of Twitter users included the tag ?#amazonfail? in their messages on the subject, pushing it onto rankings of the most popular topics on the site and drawing in other users. Some affected books started appearing in searches, with sales rankings restored, by early afternoon on Monday. Sales rankings on Amazon are important to authors because they help place books on the Web site?s best-seller lists and help shoppers find them. Many of the affected titles disappeared from basic searches so that, for example, a search from Amazon?s home page for ?E. M. Forster? did not turn up ?Maurice,? Forster?s classic novel about a homosexual relationship. Nathaniel Frank, the author of the well- reviewed ?Unfriendly Fire,? said he could not find a link to the hardcover edition of his book last weekend. Word of the problem started spreading across blogs and Twitter on Sunday after Mark R. Probst, the author of ?The Filly,? a gay western romance for young adults, posted on his blog that several gay romances, including his, had lost their sales rankings on Amazon. Mr. Probst e-mailed Amazon and got a reply that said the company was excluding ? ?adult? material from appearing in some searches and best- seller lists.? In an interview on Monday, Mr. Probst said he was giving Amazon the benefit of the doubt. ?I believe it was an error,? he said. ?I don?t think it was anything malicious they were trying to do.? But other authors were unconvinced that the changes were caused by a simple glitch. ?There are mistakes and there are mistakes,? said Daniel Mendelsohn, an author whose memoir ?The Elusive Embrace? lost its sales ranking over the weekend. ?At some point in this process, which I don?t understand because I?m not a computer genius, the words gay and lesbian were clearly flagged, as well as some kind of porno tag. I say, do I want my book in anyone?s mind to be equivalent to a porno? And the answer is no.? Mr. Mendelsohn pointed out that books like ?American Psycho,? a novel with sexually and violently explicit content, did not lose its sales rank. He teamed up with others affected by the problem, including the playwright and author Larry Kramer, to start a petition to boycott Amazon. As of Monday afternoon it had attracted more than 18,000 names. Mr. Kramer said on Monday that he was willing to shelve the boycott for now. But in an e-mail message he wrote: ?I don?t think for one second that this was a glitch,? adding, ?We have to now keep a more diligent eye on Amazon and how they handle the world?s cultural heritage.? Several publishers whose books were affected, including Simon & Schuster, the Penguin Group USA and Houghton Mifflin Harcourt, declined to comment. Calls to a Random House representative were not returned. Christopher Navratil, publisher of Running Press, a division of the Perseus Book Group, said in an e-mail message that his company had been in touch with Amazon to make sure its books were ?ranked fairly and appropriately.? At least one author said he had encountered malfunctions in his sales rankings on Amazon as far back as February. Craig Seymour, an associate professor of communications at Northern Illinois University and the author of ?All I Could Bare: My Life in the Strip Clubs of Gay Washington, D.C.,? a memoir, said his book had disappeared from most searches for several weeks but was restored in late February. In a blog post late Monday, Mr. Seymour wrote that Amazon?s statement was a start, but not sufficient. ?It does not explain why writers, like myself, were told by Amazon reps that our books were being classified as ?adult products.? ? Amazon said in the statement that it planned ?to implement new measures to make this kind of accident less likely to occur in the future.? It did not elaborate on its statement. Even after it explained the scope of the problem, Amazon continued to face criticism for its slow and limited response to the online blowup, particularly at a time when sites like Twitter can so easily accelerate and amplify a public outcry. ?Frankly, it?s surprising to hear that Amazon, which was a pioneer in the digital space, would miss this opportunity to react in real time and to manage this crisis better than they did,? said Gene Grabowski, chairman of the crisis and litigation practice at Levick Strategic Communications in Washington. Mr. Grabowski added that he hoped Amazon had learned a lesson. ?If it happens too often and you show a disregard or disrespect for the online conversation, then you?re going to be at a big disadvantage,? he said. Miguel Helft contributed reporting. From rforno at infowarrior.org Tue Apr 14 18:20:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Apr 2009 14:20:45 -0400 Subject: [Infowarrior] - BSA equates software pirates to Somali pirates Message-ID: <96DF0EE0-013D-4F95-A752-C2014C8049E3@infowarrior.org> BSA equates software pirates to Somali pirates by Gordon Haff http://news.cnet.com/8301-13556_3-10217889-61.html?part=rss&subj=news&tag=2547-1_3-0-20 Some pieces essentially write themselves. This is one of them. I received the following e-mail this morning with the subject "BSA Launches Faces of Piracy Campaign." It came from the Fd.com domain, which I assume is the Business Software Alliance's public relations firm for this campaign. We've all been following the events of the past week of the pirates off the Horn of Africa. Piracy takes many forms, some more violent than others. I wanted to let you know that the Business Software Alliance is launching a new campaign today "Faces of Internet Piracy" that shows the real-life impact of software piracy--from hundreds of thousands of dollars in fines to jail time. Click on the picture below to learn more about the campaign...let me know if you're interested in writing about this. Whatever you may think of the BSA and its tactics in general, this has got to be one of the most tone-deaf and cynically opportunistic PR pitches I've seen for quite some time. It's one thing to figuratively equate piracy with making digital copies of software, music, movies, or books. We can debate endlessly whether such actions are truly stealing or not. But that's not the point. It's that to literally and deliberately equate the two in the wake of pirates taking a ship's crew hostage and the US Navy subsequently killing three of the attackers...Well, words fail me. From rforno at infowarrior.org Tue Apr 14 18:47:46 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Apr 2009 14:47:46 -0400 Subject: [Infowarrior] - Obama's quest for power and secrecy Message-ID: <09766328-F260-4F8E-BF0B-05D156985605@infowarrior.org> (Change we can believe in??? More like Same Stuff Different Administration ---rf) An emerging progressive consensus on Obama's executive power and secrecy abuses (updated below - Update II - Update III) In the last week alone, the Obama DOJ (a) attempted to shield Bush's illegal spying programs from judicial review by (yet again) invoking the very "state secrets" argument that Democrats spent years condemning and by inventing a brand new "sovereign immunity" claim that not even the Bush administration espoused, and (b) argued that individuals abducted outside of Afghanistan by the U.S. and then "rendered" to and imprisoned in Bagram have no rights of any kind -- not even to have a hearing to contest the accusations against them -- even if they are not Afghans and were captured far away from any "battlefield." These were merely the latest -- and among the most disturbing -- in a string of episodes in which the Obama administration has explicitly claimed to possess the very presidential powers that Bush critics spent years condemning as radical, lawless and authoritarian. It is becoming increasingly difficult for honest Obama supporters to dismiss away or even minimize these criticisms and, especially, to malign the motives of critics. After all, the Obama DOJ's embrace of many (though by no means all) of the most radical and extremist Bush/ Cheney positions -- and the contradictions between Obama's campaign claims and his actions as President -- are now so glaring and severe that the harshest denunciations of Obama's actions are coming from those who, during the Bush years, were held up by liberals and by Obama supporters as the most trustworthy and praiseworthy authorities on these matters. < BIG SNIP > http://www.salon.com/opinion/greenwald/2009/04/13/obama/ From rforno at infowarrior.org Wed Apr 15 02:56:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Apr 2009 22:56:03 -0400 Subject: [Infowarrior] - New Foundation Takes Aim at Urgent Threats Message-ID: <237365F3-648F-4509-8D96-9C15AA3E7F6E@infowarrior.org> New Foundation Takes Aim at Urgent Threats By STEPHANIE STROM Published: April 14, 2009 http://www.nytimes.com/2009/04/15/us/15foundation.html?hp Jeff Skoll, the first president of eBay, has donated $100 million to start a new foundation to address urgent threats like water shortages, pandemics and the Middle East conflict. The organization, the Skoll Urgent Threats Fund, will be led by Dr. Larry Brilliant, the iconoclastic public health expert and technology entrepreneur who until February headed up Google?s philanthropic enterprise, google.org. ?That?s just a start,? Mr. Skoll said of the money he has committed from his Skoll Foundation. ?I?ll be putting in more money over time.? Mr. Skoll is fast putting his mark on the world of philanthropy by using a variety of approaches, nonprofit and for profit, to address social problems. His profit-making film company, Participant Media, is known for producing movies like ?An Inconvenient Truth? and ?The Kite Runner,? which aim to bring greater public awareness to social issues, while his investment firm, Capricorn Investments, puts money into things like waterless urinals and developing sustainable seafood products. The Skoll Foundation underwrites the work of social entrepreneurs like Connie K. Duckworth, who founded an organization, Arzu Inc., that provides health care and higher-than-market-rate compensation to Afghan women making rugs in exchange for their pledge to send their children to school and attend literacy classes themselves. ?What I?ve been aiming at all these years is to try and address these big social issues in the world,? Mr. Skoll said, ?but in the last five years or so, certain issues have emerged very clearly that, if we don?t get ahead of them soon, all of the other things we?re trying to do, whether improving the lives of women or preservation of species or girls? education, won?t really matter.? Dr. Brilliant, who has given up his latest job as Google?s Chief Philanthropy Evangelist, said he hoped to leverage the work of the other organizations Mr. Skoll has supported in pursuing solutions to some of the most complex threats to humanity. ?They are tools in the tool kit,? he said. ?We may be using the films and creative talent of Participant, or the social entrepreneurs whose lives and work can inform our work.? Mr. Skoll said he would like to attract other financial resources to the Urgent Threats Fund. The Skoll Foundation already has partnered with google.org to put $11 million in total into the Global Viral Forecasting Initiative, a nonprofit group that identified 40 new viruses in Africa by studying blood collected by hunters from the animals they kill and studying the blood of the hunters themselves. The grants will allow the organization to spread its work to other regions of the world. From rforno at infowarrior.org Wed Apr 15 12:55:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Apr 2009 08:55:39 -0400 Subject: [Infowarrior] - BC cops think Unix 'prompt commands' is suspicious Message-ID: Again, "that which is strange or different MUST be suspicious" it seems. From using "two different operating systems" including one that "...is a black screen with white font which is uses prompt commands on" having something other than the 'standard' computing environment MUST be a bad thing, right? This warrant reads like it was written in 1990 and possibly even taken verbatin from an early draft of the script for 'Hackers' --rf Boston College Campus Police: "Using Prompt Commands" May Be a Sign of Criminal Activity On Friday, EFF and the law firm of Fish and Richardson filed an emergency motion to quash [pdf] and for the return of seized property on behalf of a Boston College computer science student whose computers, cell phone, and other property were seized as part of an investigation into who sent an e-mail to a school mailing list identifying another student as gay. The problem? Not only is there no indication that any crime was committed, the investigating officer argued that the computer expertise of the student itself supported a finding of probable cause to seize the student's property. < - > http://www.eff.org/deeplinks/2009/04/boston-college-prompt-commands-are-suspicious From rforno at infowarrior.org Wed Apr 15 12:58:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Apr 2009 08:58:20 -0400 Subject: [Infowarrior] - Grassroots Campaign for Canadian DMCA Message-ID: <2223DA72-DAD9-43C1-A24D-A99EB541D6A1@infowarrior.org> CRIA Launching Grassroots Campaign for Canadian DMCA Thursday April 09, 2009 As the Canadian government considers its next move on copyright reform, it would appear that the Canadian Recording Industry Association is readying a grassroots campaign to argue for a repeat of Bill C-61. The following leaked email was widely distributed from an executive at one of the major record labels: I'm sure that all of you are aware of the current challenges that we have within our industry around copyright infringement. What you may not know is that there is a lack of support within our government for laws that are currently in place NOT protecting copyright work. Virtually every other developed nation in the world has taken one key step to keep peer to peer downloading under control: they have modernized their copyright rules for the digital age. It is time Canada's Parliament implement similar, long overdue reforms, in keeping with our country's commitments under the 1996 WIPO Internet Treaties. You can make a difference by understanding the current challenging situation, talking to your colleagues about it, and letting your MP know how you feel about this. Below and attached is a Frequently Asked Question form that can bring you up to speed on the issues and other info that you may not be aware of. Take a minute to review, and then please follow up by sending an email to your MP if you feel that music and these matters are important to you. In addition to the email message, or as an alternative, please write a letter or call your MP and the Heritage and Industry Ministers. The letter then lists the addresses for Industry Minister Tony Clement and Canadian Heritage Minister James Moore along with links to a series of supportive organizations and a non-functioning link to a Copyright FAQ that is currently hosted at Universal Music (but indicating that the source is CRIA). While the industry may face some challenges in generating a major grassroots campaign demanding a Canadian DMCA, more important is their planned Copyright FAQ which unsurprisingly tells only one side of the story. There are no questions about the robust copyright collective system in Canada, private copying, the Songwriters proposal, the CMCC, the effectiveness of notice-and-notice to address online infringement, etc. Instead, the FAQ states [with commentary in brackets from me]: < - > http://www.michaelgeist.ca/content/view/3845/125/ From rforno at infowarrior.org Wed Apr 15 12:59:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Apr 2009 08:59:30 -0400 Subject: [Infowarrior] - PIN Crackers Nab Holy Grail of Bank Card Security Message-ID: <7DB858B6-B4F3-490A-BBA7-B016A4DC680A@infowarrior.org> PIN Crackers Nab Holy Grail of Bank Card Security By Kim Zetter EmailApril 14, 2009 | 10:55:00 PMCategories: Crime http://blog.wired.com/27bstroke6/2009/04/pins.html Hackers have crossed into new frontiers by devising sophisticated ways to steal large amounts of personal identification numbers, or PINs, protecting credit and debit cards, says an investigator. The attacks involve both unencrypted PINs and encrypted PINs that attackers have found a way to crack, according to the investigator behind a new report looking at the data breaches. The attacks, says Bryan Sartin, director of investigative response for Verizon Business, are behind some of the millions of dollars in fraudulent ATM withdrawals that have occurred around the United States. "We're seeing entirely new attacks that a year ago were thought to be only academically possible," says Sartin. Verizon Business released a report Wednesday that examines trends in security breaches. "What we see now is people going right to the source ... and stealing the encrypted PIN blocks and using complex ways to un-encrypt the PIN blocks." The revelation is an indictment of one of the backbone security measures of U.S. consumer banking: PIN codes. In years past, attackers were forced to obtain PINs piecemeal through phishing attacks, or the use of skimmers and cameras installed on ATM and gas station card readers. Barring these techniques, it was believed that once a PIN was typed on a keypad and encrypted, it would traverse bank processing networks with complete safety, until it was decrypted and authenticated by a financial institution on the other side. But the new PIN-hacking techniques belie this theory, and threaten to destabilize the banking-system transaction process. Information about the theft of encrypted PINs first surfaced in an indictment last year against 11 alleged hackers accused of stealing some 40 million debit and credit card details from TJ Maxx and other U.S. retail networks. The affidavit, which accused Albert "Cumbajohnny" Gonzalez of leading the carding ring, indicated that the thieves had stolen "PIN blocks associated with millions of debit cards" and obtained "technical assistance from criminal associates in decrypting encrypted PIN numbers." But until now, no one had confirmed that thieves were actively cracking PIN encryption. Sartin, whose division at Verizon conducts forensic investigations for companies that experience data breaches, wouldn't identify the institutions that were hit or indicate exactly how much stolen money was being attributed to the attacks, but according to the 2009 Data Breach Investigations report, the hacks have resulted in "more targeted, cutting-edge, complex, and clever cybercrime attacks than seen in previous years." "While statistically not a large percentage of our overall caseload in 2008, attacks against PIN information represent individual data-theft cases having the largest aggregate exposure in terms of unique records," says the report. "In other words, PIN-based attacks and many of the very large compromises from the past year go hand in hand." Although there are ways to mitigate the attacks, experts say the problem can only really be resolved if the financial industry overhauls the entire payment processing system. "You really have to start right from the beginning," says Graham Steel, a research fellow at the French National Institute for Research in Computer Science and Control who wrote about one solution to mitigate some of the attacks. "But then you make changes that aren't backwards-compatible." PIN hacks hit consumers particularly hard, because they allow thieves to withdraw cash directly from the consumer's checking, savings or brokerage account, Sartin says. Unlike fraudulent credit card charges, which generally carry zero liability for the consumer, fraudulent cash withdrawals that involve a customer's PIN can be more difficult to resolve since, in the absence of evidence of a breach, the burden is placed on the customer to prove that he or she didn't make the withdrawal. Some of the attacks involve grabbing unencrypted PINs, while they sit in memory on bank systems during the authorization process. But the most sophisticated attacks involve encrypted PINs. Sartin says the latter attacks involve a device called a hardware security module (HSM), a security appliance that sits on bank networks and on switches through which PIN numbers pass on their way from an ATM or retail cash register to the card issuer. The module is a tamper- resistant device that provides a secure environment for certain functions, such as encryption and decryption, to occur. According to the payment-card industry, or PCI, standards for credit card transaction security, PIN numbers are supposed to be encrypted in transit, which should theoretically protect them if someone intercepts the data. The problem, however, is that a PIN must pass through multiple HSMs across multiple bank networks en route to the customer's bank. These HSMs are configured and managed differently, some by contractors not directly related to the bank. At every switching point, the PIN must be decrypted, then re-encrypted with the proper key for the next leg in its journey, which is itself encrypted under a master key that is generally stored in the module or in the module's application programming interface, or API. "Essentially, the thief tricks the HSM into providing the encryption key," says Sartin. "This is possible due to poor configuration of the HSM or vulnerabilities created from having bloated functions on the device." Sartin says HSMs need to be able to serve many types of customers in many countries where processing standards may be different from the U.S. As a result, the devices come with enabled functions that aren't needed and can be exploited by an intruder into working to defeat the device's security measures. Once a thief captures and decrypts one PIN block, it becomes trivial to decrypt others on a network. Other kinds of attacks occur against PINs after they arrive at the card-issuing bank Once encrypted PINs arrive at the HSM at the issuing bank, the HSM communicates with the bank's mainframe system to decrypt the PIN and the customer's 16-digit account number for a brief period to authorize the transaction. During that period, the data is briefly held in the system's memory in unencrypted form. Sartin says some attackers have created malware that scrapes the memory to capture the data. "Memory scrapers are in as much as a third of all cases we're seeing, or utilities that scrape data from unallocated space," Sartin says. "This is a huge vulnerability." He says the stolen data is often stored in a file right on the hacked system. "These victims don't see it," Sartin says. "They rely almost purely on anti-virus to detect things that show up on systems that aren't supposed to be there. But they're not looking for a 30-gig file growing on a system." Information about how to conduct attacks on encrypted PINs isn't new and has been surfacing in academic research for several years. In the first paper, in 2003, a researcher at Cambridge University published information about attacks that, with the help of an insider, would yield PINs from an issuer bank's system. The paper, however, was little noticed outside academic circles and the HSM industry. But in 2006, two Israeli computer security researchers outlined an additional attack scenario that got widespread publicity. The attack was much more sophisticated and also required the assistance of an insider who possessed credentials to access the HSM and the API and who also had knowledge of the HSM configuration and how it interacted with the network. As a result, industry experts dismissed it as a minimal threat. But Steel and others say they began to see interest for the attack research from the Russian carding community. "I got strange Russian e-mails saying, Can you tell me how to crack PINs?" Steel recalls. But until now no one had seen the attacks actually being used in the wild. Steel wrote a paper in 2006 that addressed attacks against HSMs as well as a solution to mitigate some of the risks. The paper was submitted to nCipher, a British company that manufactures HSMs and is now owned by Thales-eSecurity. He says the solution involved guidelines for configuring an HSM in a more secure manner and says nCipher passed the guidelines to customers. Steel says his solution wouldn't address all of the types of attacks. To fix the problem, would take a redesign. But he notes that "a complete rethink of the system would just cost more than the banks were willing to make at this time." Thales-eSecurity is the largest maker of HSMs for the payment-card and other industries, with "multiple tens of thousands" of HSMs deployed in payment-processing networks around the world, according to the company. A spokesman said the company is not aware of any of the attacks on HSMs that Sartin described, and noted that Thales and most other HSM vendors have implemented controls in their devices to prevent such attacks. The problem, however, is how the systems are configured and managed. "It's a very difficult challenge to protect against the lazy administrator," says Brian Phelps, director of program services for Thales-eSecurity. "Out of the box, the HSMs come configured in a very secure fashion if customers just deploy them as is. But for many operational reasons, customers choose to alter those default security configurations ? supporting legacy applications may be one example ? which creates vulnerabilities." Redesigning the global payment system to eliminate legacy vulnerabilities "would require a mammoth overhaul of virtually every point-of-sale system in the world," he says. Responding to questions about the vulnerabilities in HSMs, the PCI Security Standards Council said that beginning next week the council would begin testing HSMs as well as unattended payment terminals. Bob Russo, general manager of the global standards body, said in a statement that although there are general market standards that cover HSMs, the council's testing of the devices would "focus specifically on security properties that are critical to the payment system." The testing program conducted in council-approved laboratories would cover "both physical and logical security properties." From rforno at infowarrior.org Wed Apr 15 14:19:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Apr 2009 10:19:59 -0400 Subject: [Infowarrior] - The ACTA Threat To The Future Of WIPO Message-ID: <40F7CF3F-53F1-4C3D-8839-5473A19CA058@infowarrior.org> 14 April 2009 The ACTA Threat To The Future Of WIPO http://www.ip-watch.org/weblog/2009/04/14/the-acta-threat-to-the-future-of-wipo/ Disclaimer: the views expressed in this column are solely those of the authors and are not associated with Intellectual Property Watch. IP- Watch expressly disclaims and refuses any responsibility or liability for the content, style or form of any posts made to this forum, which remain solely the responsibility of their authors. By Michael Geist Since representatives from the United States, European Union, Canada, and a handful of other countries simultaneously announced their participation in the Anti-Counterfeiting Trade Agreement negotiations in October 2007, the ACTA has been dogged by controversy over the near- total lack of transparency. Early negotiations were held in secret locations with each participating country offering near-identical cryptic press releases that did little more than fuel public concern. The participating countries conducted four major negotiation sessions in 2008 and though the first session of 2009 was postponed at the request of the US (which was busy transitioning to a new president), the negotiations are set to resume in Morocco in May. In recent weeks, the structure and key provisions within the draft treaty have come to light, yet it is the candid acknowledgment that ACTA represents an attempt to avoid the consensus-building approach of the World Intellectual Property Organization that should give supporters of a multilateral approach to intellectual property policy making pause. The ACTA details have come from two sources - a growing number of internet-based leaks and the governments themselves. The leaks began in early February, with blog postings and online references to specific draft language. With the cat seemingly out of the bag, the negotiating countries released a six-page summary earlier this month that confirmed much of the online speculation. The proposed treaty has six main chapters: (1) Initial Provisions and Definitions; (2) Enforcement of Intellectual Property Rights; (3) International Cooperation; (4) Enforcement Practices; (5) Institutional Arrangements; and (6) Final Provisions. Most of the discussion to date has centred on the Enforcement of Intellectual Property Rights chapter, which is divided into four sections - civil enforcement, border measures, criminal enforcement, and the Internet. The first three sections were addressed in meetings last year. Although there is still considerable disagreement on the final text, leaked documents indicate that the draft includes increased damage awards, mandated information disclosure that could conflict with national privacy laws, as well as the right to block or detain goods at the border for up to one year. Moreover, the criminal provisions go well beyond clear cases of commercial infringement by including criminal sanctions such as potential imprisonment for ?significant wilful copyright and trademark infringement even where there is no direct or indirect motivation of financial gain.? Jail time for non-commercial infringement will generate considerable opposition, but it is the internet provisions that are likely to prove to be the most controversial. At the December meeting in Paris, the US submitted a ?non-paper? that discussed internet copyright provisions, liability for internet service providers, and legal protection for digital locks. While the substance of the treaty will remain fodder for much debate, Canadian officials recently hosted a public consultation during which they acknowledged the true motivation behind the ACTA. Senior officials stated that there were really two reasons for the treaty. The first, unsurprisingly, was concerns over counterfeiting. The second was the perceived stalemate at WIPO, where the growing emphasis on the Development Agenda and the heightened participation of developing countries and non-governmental organisations have stymied attempts by countries such as the United States to bull their way toward new treaties with little resistance. Given the challenge of obtaining multilateral consensus at WIPO, the ACTA negotiating partners have instead opted for a plurilateral approach that circumvents possible opposition from developing countries such as Brazil, Argentina, India, Russia, or China. There have been hints of this in the past - an EU FAQ [frequently asked questions] document noted that ?the membership and priorities of those organisations [G8, WTO, WIPO] simply are not the most conducive? to an ACTA-like initiative - yet the willingness to now state publicly what has been only speculated privately sends a shot across the bow for WIPO and the countries that support its commitment to multilateral policymaking. Indeed, there is little reason to believe that WIPO could not serve as the forum to advance intellectual property enforcement. The WIPO General Assembly created the Advisory Committee on Enforcement (ACE) in 2002 with a mandate that includes ?coordinating with certain organisations and the private sector to combat counterfeiting and piracy activities; public education; assistance; coordination to undertake national and regional training programs for all relevant stakeholders and exchange of information on enforcement issues through the establishment of an Electronic Forum.? The decision to move outside the WIPO umbrella and effectively exclude the developing world from participating in the ACTA negotiations has significant short and long-term implications. In the short-term, WIPO members can expect progress on Development Agenda issues to stall as ACTA partners focus on completing their treaty. Given the scepticism surrounding the Development Agenda harboured by some ACTA countries, they may be less willing to promote the Agenda since their chief global policy priorities now occur outside of WIPO. The longer-term implications are even more significant. While it seems odd to conclude an anti-counterfeiting treaty without the participation of the countries most often identified as the sources or targets of counterfeiting activities, the ACTA member countries will undoubtedly work quickly to establish the treaty as a ?global standard.? Non-member countries will face great pressure to adhere to the treaty or to implement its provisions within their domestic laws, particularly as part of bilateral or multilateral trade negotiations. In other words, there will be a concerted effort to transform a plurilateral agreement into a multilateral one, though only the original negotiating partners will have had input into the content of the treaty. With all the cards now on the table, the developing world faces a stark choice - remain on the ACTA sidelines and face a future filled with pressure to implement its provisions or demand a seat at the table now. Countries such as Mexico, Morocco, and the United Arab Emirates have all been part of current or previous ACTA negotiations, suggesting that there is little reason to exclude any country that wants in. By bringing Brazil, Argentina, Chile, India, Egypt, South Africa, China, Russia, Indonesia, and a host of other countries into the mix, the ACTA would shift back toward a multilateral treaty and in the process ensure that the counterfeiting and piracy concerns of the global community are appropriately addressed. Moving the ACTA discussion into WIPO may not be happen, but it is still possible to imbue the negotiations with both transparency and broad participation from the developed and developing worlds. Dr. Michael Geist is a law professor at the University of Ottawa where he holds the Canada Research Chair in Internet and E-commerce Law. Dr. Geist has been an active commentator on the Anti-Counterfeiting Trade Agreement in his weekly columns in the Toronto Star and Ottawa Citizen as well as on his blog at www.michaelgeist.ca. He can be reached at mgeist at uottawa.ca . From rforno at infowarrior.org Wed Apr 15 19:41:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Apr 2009 15:41:24 -0400 Subject: [Infowarrior] - Hello, Streisand Effect Message-ID: <6B4D81C0-7208-49BA-9F21-E37EA5928422@infowarrior.org> News Station Falls For April Fool's Prank, Turns to DMCA As Remedy http://techdirt.com/articles/20090414/2105504516.shtml From rforno at infowarrior.org Thu Apr 16 02:04:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Apr 2009 22:04:23 -0400 Subject: [Infowarrior] - NSA Intercepts Exceed Limits Set by Congress Message-ID: April 16, 2009 N.S.A.?s Intercepts Exceed Limits Set by Congress By ERIC LICHTBLAU and JAMES RISEN http://www.nytimes.com/2009/04/16/us/16nsa.html?_r=1&hp=&pagewanted=print WASHINGTON ? The National Security Agency intercepted private e-mail messages and phone calls of Americans in recent months on a scale that went beyond the broad legal limits established by Congress last year, government officials said in recent interviews. Several intelligence officials, as well as lawyers briefed about the matter, said the N.S.A. had been engaged in ?overcollection? of domestic communications of Americans. They described the practice as significant and systemic, although one official said it was believed to have been unintentional. The legal and operational problems surrounding the N.S.A.?s surveillance activities have come under scrutiny from the Obama administration, Congressional intelligence committees, and a secret national security court, said the intelligence officials, who were speaking only on the condition of anonymity because N.S.A. activities are classified. A series of classified government briefings have been held in recent weeks in response to a brewing controversy that some officials worry could damage the credibility of legitimate intelligence-gathering efforts. The Justice Department, in response to inquiries from The New York Times, acknowledged in a statement on Wednesday night that there had been problems with the N.S.A. surveillance operation, but said they had been resolved. As part of a periodic review of the agency?s activities, the department ?detected issues that raised concerns,? the statement said. Justice Department officials then ?took comprehensive steps to correct the situation and bring the program into compliance? with the law and court orders, the statement said. It added that Attorney General Eric H. Holder Jr. went to the national security court to seek a renewal of the surveillance program only after new safeguards were put in place. In a statement on Wednesday night, the N.S.A. said that its ?intelligence operations, including programs for collection and analysis, are in strict accordance with U.S. laws and regulations.? The Office of the Director of National Intelligence, which oversees the intelligence community, did not specifically address questions about the surveillance issue but said in a statement that ?when inadvertent mistakes are made, we take it very seriously and work immediately to correct them.? The questions may not be settled yet. Intelligence officials say they are still examining the scope of the N.S.A. practices, and Congressional investigators say they hope to determine if any violations of Americans? privacy occurred. It is not clear to what extent the agency may have actively listened in on conversations or read e-mail messages of Americans without proper court authority, rather than simply obtained access to them. The intelligence officials said the problems had grown out of changes enacted by Congress last July in the law that regulates the government?s wiretapping powers, and the challenges posed by enacting a new framework for collecting intelligence on terrorism and spying suspects. While the N.S.A.?s operations in recent months have come under examination, new details are also emerging about earlier domestic- surveillance activities, including the agency?s attempt to wiretap a member of Congress, without court approval, on an overseas trip, current and former intelligence officials said. After a contentious three-year debate that was set off by the disclosure in 2005 of the program of wiretapping without warrants that President George W. Bush approved after the Sept. 11 attacks, Congress gave the N.S.A. broad new authority to collect, without court-approved warrants, vast streams of international phone and e-mail traffic as it passed through American telecommunications gateways. The targets of the eavesdropping had to be ?reasonably believed? to be outside the United States. Under the new legislation, however, the N.S.A. still needed court approval to monitor the purely domestic communications of Americans who came under suspicion. In recent weeks, the eavesdropping agency notified members of the Congressional intelligence committees that it had encountered operational and legal problems in complying with the new wiretapping law, Congressional officials said. Officials would not discuss details of the overcollection problem because it involves classified intelligence-gathering techniques. But the issue appears focused in part on technical problems in the N.S.A.?s ability at times to distinguish between communications inside the United States and those overseas as it uses its access to American telecommunications companies? fiber-optic lines and its own spy satellites to intercept millions of calls and e-mail messages. One official said that led the agency to inadvertently ?target? groups of Americans and collect their domestic communications without proper court authority. Officials are still trying to determine how many violations may have occurred. The overcollection problems appear to have been uncovered as part of a twice-annual certification that the Justice Department and the director of national intelligence are required to give to the Foreign Intelligence Surveillance Court on the protocols that the N.S.A. is using in wiretapping. That review, officials said, began in the waning days of the Bush administration and was continued by the Obama administration. It led intelligence officials to realize that the N.S.A. was improperly capturing information involving significant amounts of American traffic. Notified of the problems by the N.S.A., officials with both the House and Senate intelligence committees said they had concerns that the agency had ignored civil liberties safeguards built into last year?s wiretapping law. ?We have received notice of a serious issue involving the N.S.A., and we?ve begun inquiries into it,? a Congressional staff member said. Separate from the new inquiries, the Justice Department has for more than two years been investigating aspects of the N.S.A.?s wiretapping program. As part of that investigation, a senior F.B.I. agent recently came forward with what the inspector general?s office described as accusations of ?significant misconduct? in the surveillance program, people with knowledge of the investigation said. Those accusations are said to involve whether the N.S.A. made Americans targets in eavesdropping operations based on insufficient evidence tying them to terrorism. And in one previously undisclosed episode, the N.S.A. tried to wiretap a member of Congress without a warrant, an intelligence official with direct knowledge of the matter said. The agency believed that the congressman, whose identity could not be determined, was in contact ? as part of a Congressional delegation to the Middle East in 2005 or 2006 ? with an extremist who had possible terrorist ties and was already under surveillance, the official said. The agency then sought to eavesdrop on the congressman?s conversations, the official said. The official said the plan was ultimately blocked because of concerns from some intelligence officials about using the N.S.A., without court oversight, to spy on a member of Congress. From rforno at infowarrior.org Thu Apr 16 14:01:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Apr 2009 10:01:59 -0400 Subject: [Infowarrior] - Another reason I don't like the 'cloud' idea Message-ID: <809EDF8C-111A-46A7-9F86-CECBBC63E9AD@infowarrior.org> Stuff like this makes me glad I'm an old-fashioned person who likes physical books (geek that I am). If the bookstore closes down, cancels my charge account, or whatever, I still have the books and the knowledge within. They don't come raid my library and deny my use of the books. Call me old fashioned, but I like positive control over my stuff. --rf If you lose your Amazon account, your Kindle loses functionality Posted by Cory Doctorow, April 15, 2009 10:36 PM | permalink http://www.boingboing.net/2009/04/15/if-you-lose-your-ama.html Ian bought a Kindle and some Kindle ebooks from Amazon. He also bought some real-world stuff from them, some of which he returned. Amazon decided that he'd returned too many things, so they suspended his Amazon account, which meant that he could no longer buy any Kindle books, and any Kindle subscriptions he's paid for stop working. After some phone calls, Amazon granted him a one-time exception and lit his account up again. Leaving aside losing your subscriptions, this would not be such a big deal if the Kindle had graceful ways of putting competitors' ebooks on your device. What's your experience getting non-Kindle books onto the Kindle? From rforno at infowarrior.org Thu Apr 16 18:09:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Apr 2009 14:09:51 -0400 Subject: [Infowarrior] - OT: John Madden retires Message-ID: BOOM! er......damn. I'll miss him. :( April 17, 2009 Madden Decides to Put Down His Microphone By RICHARD SANDOMIR http://www.nytimes.com/2009/04/17/sports/football/17madden.html?pagewanted=print John Madden retired on Wednesday from calling football games, leaving a weekly discipline that he revolutionized with a coach?s eye, cartoonish sound effects and a taste for Thanksgiving turducken. ?It?s time,? he said in a statement issued by NBC Sports, where he had been an analyst for ?Sunday Night Football? since 2006 following stints at ABC, Fox and CBS, where he began his second career after retiring from coaching the Oakland Raiders in 1979. ?I?m 73 years old. My 50th anniversary is this fall.? He added: ?It?s been such a great ride. The N.F.L. has been my life for more than 40 years, it has been my passion ? and still is.? Madden rose to prominence at CBS with Pat Summerall as his terse partner and straight man; the two announcers moved to Fox when the network acquired the rights to televise the National Football League. Madden subsequently moved to ABC, where he and Al Michaels called ?Monday Night Football.? He and Michaels moved to NBC in 2006. NBC did not name a replacement for Madden but the likely candidate is Cris Collinsworth, NBC?s lead studio analyst and the co-host with Bob Costas on ?Football Night in America.? Collinsworth has shifted between calling games and studio work (he did both at Fox) in his career, and is currently a game analyst for the NFL Network. Dick Ebersol, the chairman of NBC Universal Sports, said in a statement that he was with Madden on Tuesday to determine if Madden was certain of his decision. ?To put any speculation to rest,? Ebersol said, ?John has just decided to retire because it?s time ? nothing more, nothing less. We?ll never see or hear another man like John Madden. We will sorely miss him because he was the most fun guy ever to just hang out with.? Madden?s retirement means less ? or no more ? mileage on the plush bus that he used to travel to games to avoid flying. But it will probably have no impact on his connection to EA Sports? ?Madden NFL Football,? the top-selling sports video game ever. The video game, now 20 years old, is part of a portfolio of commercial work in which Madden has been a spokesman for Ace Hardware, Outback Steakhouse and Tinactin. He also has interests in real estate and almond orchards. From rforno at infowarrior.org Thu Apr 16 20:23:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Apr 2009 16:23:12 -0400 Subject: [Infowarrior] - Navies to guard undersea cable from Somali pirates Message-ID: Navies to guard undersea cable from Somali pirates Thu Apr 16, 2009 5:30am EDT http://www.reuters.com/article/africaCrisis/idUSLG73912 NAIROBI, April 16 (Reuters) - Foreign navies have agreed to protect a vessel installing an undersea high-speed Internet cable from pirates off the coast of Somalia, a Kenyan minister said on Thursday. Sea gangs from lawless Somalia have been increasingly striking the Indian Ocean shipping lanes and strategic Gulf of Aden, capturing dozens of vessels and hundreds of hostages in attacks that have driven up insurance rates. Patrols by Western navies have done little to deter the attacks. Kenyan Information and Communications Minister Samuel Poghisio said the 5,000 km (3,107 miles) fibre optic cable was on course for completion in June. Last month, a government official said the route for the East African Marine Cable (TEAMS) had been shifted an extra 200 km from the coastline for fear of pirates. "These are concerns we have but they are being addressed. We know it will be secure and will land in Mombasa on time," Poghisio said in a statement on Thursday. "The process (of laying the cable) has begun and will probably take two months. It is likely that by the middle of June the ship should be anchoring in Mombasa, or rather delivering the cable to Mombasa," he added. The $130 million cable will link Kenya's coastal town of Mombasa with Fujairah in the United Arab Emirates. Kenya has been putting down a terrestrial cable connecting different parts of the country to prepare for the arrival of the marine cable, which could be east Africa's first speedy but cheap telecoms link with the rest of the world. Another undersea project known as SEACOM is also expected to be operational in the second half of 2009 and two others are due to land in 2010 -- the Eastern African Submarine Cable System (EASSy) and the France Telecom/Orange Sat3-wasc-Safe cable. East Africa has relied on expensive satellite connections for telephones and Internet. Telecoms operators and outsourcing firms are eagerly awaiting the cable's arrival, which is expected to slash costs and speed up connectivity. (Reporting by Helen Nyambura-Mwaura; Editing by Jack Kimball) From rforno at infowarrior.org Fri Apr 17 00:52:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Apr 2009 20:52:39 -0400 Subject: [Infowarrior] - More 'torture memos' released by Administration Message-ID: <11DDBF86-4363-42A1-87B0-2038239712C2@infowarrior.org> Surprisingly they're not very redacted ---rf (Copies of the memos are @ http://cryptome.org/olc-cia-torture.zip) April 17, 2009 Interrogation Memos Detail Harsh Tactics by the C.I.A. By MARK MAZZETTI and SCOTT SHANE http://www.nytimes.com/2009/04/17/us/politics/17detain.html?_r=1&hp=&pagewanted=print WASHINGTON ? The Justice Department made public on Thursday detailed memos describing harsh interrogation techniques used by the Central Intelligence Agency, as President Obama said that C.I.A. operatives who carried out the techniques would not be prosecuted. One technique authorized for use by the C.I.A. beginning in August 2002 was the use of ?insects placed in a confinement box,? presumably to induce fear on the part of a terror suspect. According to a footnote, the technique was not used. The interrogation methods were among the Bush administration?s most closely guarded secrets, and what was released on Thursday afternoon marked the most comprehensive public accounting to date of a program that some senior Obama administration officials contend included illegal torture. The memos were released after a tense internal debate at the White House. Saying that it is a ?time for reflection, not retribution,? Mr. Obama reiterated his opposition to a extensive investigation of controversial counterterrorism programs. ?In releasing these memos, it is our intention to assure those who carrying out their duties relying in good faith upon the legal advice from the Department of Justice that they will not be subject to prosecution,? theWhite House statement said. One memo showed that a top Justice Department lawyer issued a legal opinion in 2005 saying that C.I.A. officers were allowed to use a combination of interrogation methods to produce a more effective result. ?Interrogators may combine water dousing with other techniques, such as stress positions, wall standing, the insult slap, or the abdominal slap,? wrote the official, Stephen G. Bradbury. An early review suggested that the administration had declassified the vast bulk of the memos? contents, a defeat for C.I.A. officials who had argued that such a step could be harmful to national security. The documents included Justice Department memos from 2002 and 2005 authorizing the C.I.A. to employ a number of aggressive techniques ? including sleep deprivation, exposure to extreme temperatures and ?waterboarding,? the near-drowning technique. Among the documents were the 2005 memos by Mr. Bradbury, then the acting head of the Justice Department?s Office of Legal Counsel, authorizing the C.I.A. techniques. The documents have never before been made public, but an article in The New York Times in October 2007 said that the memos gave legal support for using a combination of coercive techniques at the same time and concluded that the C.I.A.?s methods were not ?cruel, inhuman or degrading? under international law. Another document released Thursday afternoon was a Justice Department memo written August 1, 2002. The memo, written by John C. Yoo and signed by Jay S. Bybee, two Justice Department officials at the time, is a legal authorization for a laundry list of proposed C.I.A. interrogation techniques. The debate about just how much detail to include in the public release has bitterly divided an Obama administration through its early months. Fueling the urgency of the discussion was Thursday?s court deadline in a lawsuit filed by the American Civil Liberties Union, which had sued the government for the release of the Justice Department memos. Leon E. Panetta, the C.I.A. director, has pressed the White House for weeks to redact sensitive details about specific interrogation techniques. He argued that revealing such information would pave the way for future disclosures of intelligence sources and methods and would jeopardize the C.I.A.?s relationship with foreign intelligence services. But the most immediate concern of C.I.A. officials is that the revelations could give new momentum to a full-blown congressional investigation into covert activities under the Bush administration. From rforno at infowarrior.org Fri Apr 17 02:33:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Apr 2009 22:33:33 -0400 Subject: [Infowarrior] - Cylab Roundtable on Cybersecurity News Reporting Message-ID: <625B9BE5-FEBF-4DCC-8658-94EA58F5DEC2@infowarrior.org> CyLab Virtual Roundtable on Cyber Security News Media http://www.cyblog.cylab.cmu.edu/2009/04/cylab-virtual-roundtable-on-cyber.html (Carnegie Mellon CyLab was founded in 2003 and is one of the largest university-based cybersecurity research and education centers in the U.S.) From rforno at infowarrior.org Fri Apr 17 11:42:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Apr 2009 07:42:30 -0400 Subject: [Infowarrior] - Verdict: The Pirate Bay Guilty Message-ID: The Pirate Bay Guilty By Wired Staff EmailApril 17, 2009 | 5:28:00 AM Categories: Yo Ho Ho Tpb Oscar Swartz reports. http://blog.wired.com/27bstroke6/2009/04/pirateverdict.html Four men connected to The Pirate Bay, the world's most notorious file sharing site, were convicted by a Swedish court Friday of contributory copyright infringement, and each sentenced to a year in prison. Pirate Bay administrators Fredrik Neij, Gottfrid Svartholm Warg and Peter Sunde were found guilty in the case, along with Carl Lundstr?m, who was accused of funding the 5-year-old operation. In addition to jail time, the defendants were ordered to pay damages of 30 million kronor ($3.6 million) to a handful of entertainment companies, including Sony Music Entertainment, Warner Bros, EMI and Columbia Pictures, for the infringement of 33 specific movie and music properties tracked by industry investigators Sunde, The Pirate Bay's spokesman, announced the news over Twitter Friday morning before the verdict was official. He remained defiant, and offered comfort to supporters. "Stay calm -- Nothing will happen to TPB, us personally or file sharing whatsoever. This is just a theater for the media." The two week trial, which ended March 2, was a joint civil and criminal proceeding that pitted the entertainment industry and the government against the four defendants, who each faced up to two years in prison and fines as high as $180,000. In addition, motion picture and record companies sought $13 million in damages for the 33 movies and music tracks at issue. The verdicts are a significant symbolic victory for Hollywood, the record labels and the rest of the content industry that claims online piracy costs them billions of dollars in lost sales. "The Pirate Bay has claimed all the time that their activities are legal," Henrik Pont?n, a lawyer who represented the film and computer game companies in the trial, told the Swedish media. "Now that it has been proven illegal we presume that they will stop." The Pirate Bay crew, though, has vowed to continue running the site whatever happens, and claims that it is secured from a forced shutdown through a network of distributed servers located outside Sweden. For now, the attention brought by the highly-publicized trial has only made The Pirate Bay more popular. The site has swelled to some 22 million users. And thousands of Pirate Bay fans have flocked to sign up for its new $6 anonymization VPN service, which allows torrent feeders and seeders to conduct their business in private without leaving a trace of their internet IP addresses. And since the trial began, membership in Sweden's copyright reform Pirate Party has grown 50 percent, while its youth affiliate is now the second largest in Sweden. Even if The Pirate Bay is ultimately shuttered, dozens of other illicit BiTtorrent tracking services are easily accessible. The defendants are expected to appeal, and they remain free pending further proceedings. The defense largely hinged on an architectural point. Because of the way BitTorrent works, pirated material was neither stored on, nor passed through, The Pirate Bay's servers. Instead the site merely provided an index of torrent files -- some on its servers, some elsewhere -- that direct a user's client software to the content. But prosecutor H?kan Roswall argued successfully that the defendants were culpable anyway, citing past prosecutions of criminal accomplices. In a Supreme Court decision from 1963, he noted, a defendant who held a friend's coat while the friend beat someone up was considered culpable. The verdict could shatter Sweden's reputation as a safe haven for content piracy, coming just weeks after a new law that took effect that allows content owners to force internet service providers to reveal subscriber data in piracy investigations. But supporters of copyright reform hope that the trial will energize Swedish youth. One minute after the judgment was public Friday, Sweden's Pirate Party issued a press release claiming: "The verdict is our ticket to the EU Parliament", referring to the election that takes place in the beginning of June. The party's top candidate, Christian Engstr?m, comments: "Sweden has now outlawed one of our most successful ambassadors. We have long been a leading IT nation but with these kind of actions we will be left behind and become dependent on other nations' arbitrary views". Reached by e-mail after the verdict, defendant Gottfrid Svartholm Warg's sole comment was: "Like a dog!" -- the condemned Josef K's final words in Franz Kafka's The Trial. In a web-only press conference held two hours after the verdict, Sunde was more upbeat, invoking Hollywood in explaining why he still believes The Pirate Bay's crew will ultimately prevail. "We see this as a film," he said. "This is the first set-back for the heroes. ... In the end we know that the good guys will win, as in all movies." Last updated 7:30 a.m. From rforno at infowarrior.org Fri Apr 17 11:50:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Apr 2009 07:50:38 -0400 Subject: [Infowarrior] - FBI CIPAV in the news Message-ID: Documents: FBI Spyware Has Been Snaring Extortionists and Hackers for Years By Kevin Poulsen EmailApril 16, 2009 | 12:33:32 AMCategories: Surveillance http://blog.wired.com/27bstroke6/2009/04/fbi-spyware-pro.html A sophisticated FBI-produced spyware program has played a crucial behind-the-scenes role in federal investigations into extortion plots, terrorist threats and hacker attacks in cases stretching back at least seven years, newly declassified documents show. As first reported by Wired.com, the software, called a "computer and internet protocol address verifier," or CIPAV, is designed to infiltrate a target's computer and gather a wide range of information, which it secretly sends to an FBI server in eastern Virginia. The FBI's use of the spyware surfaced in 2007 when the bureau used it to track e-mailed bomb threats against a Washington state high school to a 15-year-old student. But the documents released Thursday under the Freedom of Information Act show the FBI has quietly obtained court authorization to deploy the CIPAV in a wide variety of cases, ranging from major hacker investigations, to someone posing as an FBI agent online. Shortly after its launch, the program became so popular with federal law enforcement that Justice Department lawyers in Washington warned that overuse of the novel technique could result in its electronic evidence being thrown out of court in some cases. "While the technique is of indisputable value in certain kinds of cases, we are seeing indications that it is being used needlessly by some agencies, unnecessarily raising difficult legal questions (and a risk of suppression) without any countervailing benefit," reads a formerly-classified March 7, 2002 memo from the Justice Department's Computer Crime and Intellectual Property Section. The documents, which are heavily redacted, do not detail the CIPAV's capabilities, but an FBI affidavit in the 2007 case indicate it gathers and reports a computer's IP address; MAC address; open ports; a list of running programs; the operating system type, version and serial number; preferred internet browser and version; the computer's registered owner and registered company name; the current logged-in user name and the last-visited URL. After sending the information to the FBI, the CIPAV settles into a silent "pen register" mode, in which it lurks on the target computer and monitors its internet use, logging the IP address of every server to which the machine connects. The documents shed some light on how the FBI sneaks the CIPAV onto a target's machine, hinting that the bureau may be using one or more web browser vulnerabilities. In several of the cases outlined, the FBI hosted the CIPAV on a website, and tricked the target into clicking on a link. That's what happened in the Washington case, according to a formerly-secret planning document for the 2007 operation. "The CIPAV will be deployed via a Uniform Resource Locator (URL) address posted to the subject's private chat room on MySpace.com." In a separate February 2007 Cincinnati -based investigation of hackers who'd successfully targeted an unnamed bank, the documents indicate the FBI's efforts may have been detected. An FBI agent became alarmed when the hacker he was chasing didn't get infected with the spyware after visiting the CIPAV-loaded website. Instead, the hacker "proceeded to visit the site 29 more times," according to a summary of the incident. "In these instances, the CIPAV did not deliver its payload because of system incompatibility." The agent phoned the FBI's Special Technologies Operations Unit for "urgent" help, expressing "the valid concern that the Unsub hackers would be 'spooked.'" But two days later the hacker, or a different one, visited the site again and "the system was able to deliver a CIPAV and the CIPAV returned data." The software's primary utility appears to be in tracking down suspects that use proxy servers or anonymizing websites to cover their tracks. That's illustrated in several cases in the documents, including the 2004 hunt for a saboteur who cut off telephone, cable TV and internet service for thousands of Boston residents. The man's name is redacted from the documents, but the description of the case matches that of Danny Kelly, an unemployed Massachusetts engineer. According to court records, Kelly deliberately cut a total of 18 communications cables belong to Comcast, AT&T, Verizon and others over a three month period. In anonymous extortion letters to Comcast and Verizon, Kelly threatened to increase the sabotage if the companies didn't begin paying him $10,000-a-month in protection money. He instructed the companies to deposit the cash in a new bank account and post the account information to a webpage he could access anonymously. When the FBI tried to track him down from his visits to the webpage, they found he was routing through a German-based anonymizer. The FBI obtained a warrant to use the CIPAV on February 10, 2005, and was apparently successful. Kelly went on to plead guilty to extortion, and was sentenced to five years probation. The CIPAV also played a previously-unreported role in an investigation of a prolific computer hacker who made headlines after penetrating thousands of computers at Cisco, various U.S. national laboratories, and NASA's Jet Propulsion Laboratory in 2005. The FBI agent leading the case sought approval to plant a CIPAV through an undercover operative posing as a Defense Department contractor "with a computer network connected to JPL's computer network," according to one document. The FBI linked the intrusions to known 16-year-old hacker in Sweden. And in 2005, FBI agents on the Innocent Images task force hit a wall when trying to track a sexual predator who'd begun threatening the life of a teenage girl he'd met for sex. The man's IP addresses were "from all over the world" -- a sign of web proxy use. The bureau sought and won court approval to use the CIPAV on August 9 2005. Other cases are less weighty. In another 2005 case, someone was unwisely using the name of the chief of the FBI's Buffalo, New York office to harass people online. The FBI got a warrant to use the spyware to track down the fake agent. Additional cases include: * In March 2006, the FBI investigated a hacker who took over a Hotmail user's account and acquired personal information. The hacker tried to extort the owner out of $10,000, demanding the victim crete and fund an E-Gold account and e-mail the password to the hacker. The FBI obtained a search warrant allowing them to send the intruder a CIPAV instead, to uncover his or her location. * In October, 2005, an undercover agent working a case described as "WMD (bomb & anthrax)" communicated with the suspect via Hotmail, and sought approval from Washington to use a CIPAV to locate the subject's computer. * In December 2005, FBI agents sought to use the spyware to track down another extortionist who sent an e-mail to a casino threatening violence. * In June 2005, an intruder deleted a database at an unnamed company and demanded payment to restore it. The FBI prepared a search warrant affidavit and was ready to ask a judge for authorization to deliver the CIPAV through the hacker's Yahoo e-mail account. They were briefly thwarted when the intruder stopped communicating with the victim, but after a month of silence the hacker reestablished contact and, presumably, got the FBI's spyware for his trouble. The documents appear to settle one of the questions the FBI declined to answer in 2007: whether the bureau obtains search warrants before using the CIPAV, or if it sometimes uses so-called "pen register" warrants that don't require a showing of probable cause that a crime has been committed. In all the criminal cases described in the documents, the FBI sought search warrants. The records also indicate that the FBI obtained court orders from the Foreign Intelligence Surveillance Court, which covers foreign espionage and terrorism investigations, but the details are redacted. The FBI released 152 heavily-redacted pages in response to Threat Level's FOIA request, and withheld another 623. We're scanning the documents now, and we'll add them to this story later Friday. From rforno at infowarrior.org Fri Apr 17 11:54:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Apr 2009 07:54:22 -0400 Subject: [Infowarrior] - Control of Cybersecurity Becomes Divisive Issue Message-ID: April 17, 2009 Control of Cybersecurity Becomes Divisive Issue By JAMES RISEN and ERIC LICHTBLAU http://www.nytimes.com/2009/04/17/us/politics/17cyber.html?hp=&pagewanted=print WASHINGTON ? The National Security Agency has been campaigning to lead the government?s rapidly growing cybersecurity programs, raising privacy and civil liberties concerns among some officials who fear that the move could give the spy agency too much control over government computer networks. The Obama administration is expected to complete an internal cybersecurity review on Friday and may publicly announce its new computer-security strategy as early as next week, White House officials said Thursday. That plan will determine the scope of cybersecurity efforts throughout the federal government, they said, as well as which agencies will take leading roles in protecting the government?s computer systems. The security agency?s interest in taking over the dominant role has met resistance, including the resignation of the Homeland Security Department official who was until last month in charge of coordinating cybersecurity efforts throughout the government. Rod Beckstrom, who resigned in March as director of the National Cyber Security Center at the Homeland Security Department, said in an interview that he feared that the N.S.A.?s push for a greater role in guarding the government?s computer systems could give it the power to collect and analyze every e-mail message, text message and Google search conducted by every employee in every federal agency. Mr. Beckstrom said he believed that an intelligence service that is supposed to focus on foreign targets should not be given so much control over the flow of information within the United States government. To detect threats against the computer infrastructure ? including hackers, viruses and intrusions by foreign agents and terrorists ? cybersecurity guardians must have virtually unlimited access to networks. Mr. Beckstrom argues that those responsibilities should be divided among agencies. ?I have very serious concerns about the concentration of too much power in one agency,? he said. ?Power over information is so important, and it is so difficult to monitor, that we need to have checks and balances.? Government officials have acknowledged that the agency has gone beyond the broad limits set by Congress last year for intercepting telephone and e-mail messages of Americans. Leading Democratic and Republican lawmakers and civil liberties groups voiced strong concerns Thursday after The New York Times reported the breach. Senator Dianne Feinstein, the California Democrat who leads the Senate Intelligence Committee, said in a statement that ?these are serious allegations, and we will make sure we get the facts.? The committee plans to hold a closed hearing on the issue soon, Mrs. Feinstein said. Representative Silvestre Reyes, the Texas Democrat who leads the House Intelligence Committee, said his panel had already held four closed- door sessions on N.S.A. compliance problems, and he said it would continue to monitor the issue actively. Representative Peter Hoekstra, the Michigan Republican who is the ranking minority member on the committee, complained, though, that the intelligence community had failed to inform Congress of the problem in ?a quick and timely manner.? Some lawmakers said hearings were not enough. Senator Russ Feingold, a Wisconsin Democrat who was an outspoken opponent of the legislation that broadened the security agency?s wiretapping powers last year, said the wiretapping problems were part of ?a tragic retreat from the principles that had governed the sensitive area of government surveillance for the previous three decades.? Mr. Feingold called for reforms in intelligence law as well as the public release of certain aspects of wiretapping operations ?so that the American people can better understand their scope and impact.? Dennis C. Blair, the director of national intelligence, defended the agency?s wiretapping operation in a statement Thursday as ?vital work? in protecting national security, but he acknowledged that ?on occasion, N.S.A. has made mistakes and intercepted the wrong communications.? Mr. Blair said the numbers of such mistakes were ?very small? in the agency?s vast overall collection efforts, although officials would not quantify how many violations had occurred. Some experts said Thursday that the disclosure of excessive domestic collection of information by the security agency served as a warning against giving it greater control over cybersecurity. ?The N.S.A.?s expertise, which is impressive and very, very deep, is focused primarily on the needs of the military and the intelligence community,? said Matt Blaze, a computer security expert at the University of Pennsylvania. ?Their track record in dealing with civilian communications security is mixed at best.? Agency officials declined to comment Thursday, but the N.S.A. ? which has the greatest concentration of computing power and expertise in the government ? has powerful allies in its bid for control. Mr. Blair told Congress recently that he believed the agency should be given the lead in cybersecurity, arguing that it has the computer ?wizards? with the skills needed. In a recent interview, Dale Meyerrose, a retired Air Force general who was the chief information officer for the director of national intelligence until last year, agreed, saying that while intelligence officials need to be mindful of civil liberties concerns in the cybersecurity debate, the N.S.A. must have a leading role in that effort because of its technical expertise. ?They are probably the premier cybersecurity, cyberorganization in the world,? General Meyerrose said. Like Mr. Beckstrom, others worry about giving a spy agency a virtual monopoly over information security. ?There is a tremendous amount of expertise at N.S.A.,? said Amit Yoran, the former director of the cybersecurity division of the Homeland Security Department, ?but I also agree that it would be a significant detriment to the nation to let the N.S.A. be the lead agency running cyberprograms. There is an inherent conflict of interest between their intelligence mission and the mission of the folks doing cyber.? From rforno at infowarrior.org Fri Apr 17 12:45:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Apr 2009 08:45:17 -0400 Subject: [Infowarrior] - Facebook: Vote on new ToS Message-ID: interesting approach. Too bad such an approach isn't taken by more companies, both social networking and otherwise! --rf Facebook opens up vote on new terms of service http://news.cnet.com/8301-1023_3-10221676-93.html?part=rss&subj=news&tag=2547-1_3-0-20 From rforno at infowarrior.org Fri Apr 17 13:25:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Apr 2009 09:25:45 -0400 Subject: [Infowarrior] - Gov't won't classify proxies as 'sophisticated' Message-ID: <07513FDA-DA0C-4F42-A7F5-F65EBDFFBE7B@infowarrior.org> (via IP) Gov't won't classify proxies as 'sophisticated' http://www.wral.com/news/technology/story/4961227/ By JORDAN ROBERTSON AP Technology Writer Posted: Apr. 15, 2009 SAN FRANCISCO ? The U.S. government has dropped - for now - a plan to classify the use of "proxy" servers as evidence of sophistication in committing a crime. Proxy servers are computers that disguise the source of Internet traffic. They are commonly used for legitimate purposes, like evading Internet censors and working from home. But they can also be used to hide from law enforcement. The Washington-based U.S. Sentencing Commission was considering a change to federal sentencing guidelines that would have increased sentences by about 25 percent for people convicted of crimes in which proxies are used to hide the perpetrators' tracks. But after digital-rights advocates complained that the proposed language was too broad, the commission struck the controversial language from the amendments it voted on Wednesday. .... The Justice Department supported the proposed amendment as a way to hand down stiffer sentences for people who set up elaborate proxy networks - sometimes in multiple countries - to commit crimes and hide their identities. From rforno at infowarrior.org Fri Apr 17 17:33:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Apr 2009 13:33:49 -0400 Subject: [Infowarrior] - Why I Fired My Broker Message-ID: <51F071CE-30BA-4B08-A3CA-C67582FE77B4@infowarrior.org> Why I Fired My Broker Personal Finance May 2009 With his 401(k) in ruins, our correspondent visits investment gurus, hedge fund managers, and a freakish Arizona survivalist with one question in mind: How can the ordinary investor recover? by Jeffrey Goldberg http://www.theatlantic.com/doc/print/200905/goldberg-economy From rforno at infowarrior.org Sat Apr 18 00:42:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Apr 2009 20:42:40 -0400 Subject: [Infowarrior] - Judge Skeptical Of State Secrets Privilege For NSA/Charity Case Message-ID: <079285AE-A79E-4218-9306-B25976734F19@infowarrior.org> Judge Skeptical Of State Secrets Privilege For NSA/Charity Case The Obama administration suffered a bit of a legal setback this afternoon: a federal judge in California rejected the administration's assertion of the state secrets privilege in the civil suit brought by an Islamic charity that was allegedly subjected to illegal NSA surveillance. The order, in Al-Haramain v. Bush, requires the government to come up with a way to safeguard the classified information it plans to present in the NSA's defense by May 8. Judge Vaughn Walker noted that the government has elsewhere made provisions for the discussion of Top Secret/SCI information. It so happens that the plaintiffs attorneys have been cleared to that level. Walker crafted his order narrowly to prevent the government from appealing it immediately to the Ninth Circuit. On May 8, it will be interesting to see whether the administration presents a plan for safeguarding classified info -- or whether it re-asserts the state secrets privilege. Order.April%2017.pdf http://politics.theatlantic.com/2009/04/court_rejects_states_secrets_privilege_for_nsacharity_case.php From rforno at infowarrior.org Sat Apr 18 12:12:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Apr 2009 08:12:40 -0400 Subject: [Infowarrior] - US Looks to Hackers to Protect Cyber Networks Message-ID: <785D41BD-85C4-4A75-8FFC-6BF60A7BF5AC@infowarrior.org> US Looks to Hackers to Protect Cyber Networks By THE ASSOCIATED PRESS Published: April 18, 2009 Filed at 4:34 a.m. ET http://www.nytimes.com/aponline/2009/04/18/business/AP-US-Cyber-Security.html?_r=2 WASHINGTON (AP) -- Wanted: Computer hackers. Buffeted by millions of digital scans and attacks each day, federal authorities are looking for hackers -- not to prosecute them, but to pay them to secure the nation's networks. General Dynamics Information Technology put out an ad last month on behalf of the Homeland Security Department seeking someone who could ''think like the bad guy.'' Applicants, it said, must understand hackers' tools and tactics and be able to analyze Internet traffic and identify vulnerabilities in the federal systems. And in the Pentagon's budget request submitted last week, Defense Secretary Robert Gates hung out his own help-wanted sign, saying the Pentagon will increase the number of cyber experts it can train each year from 80 to 250 by 2011. Amid dire warnings that the U.S. is ill-prepared for a cyber attack, the White House conducted a 60-day study of how the government can better manage and use technology to protect everything from the nation's electrical grid and stock markets to tax data, airline flight systems, and nuclear launch codes. President Barack Obama appointed former Bush administration aide Melissa Hathaway to head the effort, and her report was delivered Friday, the White House said. While the country had detailed plans for floods, fires or errant planes drifting into protected airspace, there is no similar response etched out for a major computer attack. David Powner, director of technology issues for the Government Accountability Office, told Congress last month that the U.S. has no recovery plan for a digital disaster. ''We're clearly not as prepared as we should be,'' he said. The U.S., administration officials say, has not kept pace with technological innovations needed to protect its computer networks against emerging threats from hackers, criminals or other nations looking for national security secrets. U.S. computer networks, including those at the Pentagon and other federal agencies, are under persistent attack, ranging from nuisance hacking to more nefarious assaults, possibly from other nations, such as China. Industry leaders told Congress during a recent hearing that law enforcement and other protections are too outdated to fend off threats from criminals, terrorists and unfriendly foreign nations. Just last week, a former government official revealed that spies had hacked into the U.S. electric grid and left behind computer programs that would let them disrupt service. The intrusions were discovered after electric companies gave the government permission to audit their systems, said the ex-official, who was not authorized to discuss the matter and spoke on condition of anonymity. Cyber threats are also included as a key potential national security risk outlined in a classified report put together by Adm. Mike Mullen, chairman of the Joint Chiefs of Staff. And Pentagon officials say they spent more than $100 million in the last six months responding to and repairing damage from cyber attacks and other computer network problems. Nadia Short, vice president at General Dynamics Advanced Information Systems, said the job posting for ethical hackers fills a critical need for the federal government. The analysts keep constant watch on the government networks as part of a surveillance programs called Einstein that was initiated by the Bush administration under the U.S. Computer Emergency Readiness Team. US- CERT is a partnership of the Homeland Security Department, other public agencies and private companies. The Einstein program is an automated process for collecting and sharing security information. Short said the $60 million, four-year contract with US-CERT uses the so-called ethical hackers to analyze threats to the government's computer systems and develop ways to reduce vulnerabilities. Faced with such cyber challenges, Obama ordered the 60-day review to examine how federal agencies manage and protect their massive amounts of data and what the government's role should be in guarding the vast networks that control the country's vital utilities and infrastructure. Over the past two months, Hathaway met with hundreds of industry leaders, Capitol Hill staff and other experts, seeking guidance on what the federal government's role should be in protecting information networks against an attack. And she sought recommendations on how officials should define and report cyber incidents and attacks; how the government should structure its cyber oversight and how the nation can increase security without stifling innovation. A task force of technology giants, including representatives from General Dynamics, IBM, Lockheed Martin and Hewlett-Packard Co. urged the administration to establish a White House-level official to lead cyber efforts and to develop ways to share information on problems more quickly with the private sector. The administration has struggled with the basics, such as who should control the nation's cyberspace programs. There appears to be some agreement now that the White House should coordinate the overall effort, rejecting suggestions that the National Security Agency take it on -- a plan that triggered protests on Capitol Hill and from civil liberties groups worried about giving such control to U.S. spy agencies. From rforno at infowarrior.org Sat Apr 18 12:22:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Apr 2009 08:22:16 -0400 Subject: [Infowarrior] - Legal Take on the Google Booksearch Settlement Message-ID: Legally Speaking: The Dead Souls of the Google Booksearch Settlement by Pamela Samuelson http://radar.oreilly.com/2009/04/legally-speaking-the-dead-soul.html Guest blogger Pamela Samuelson is the Richard M. Sherman Distinguished Professor of Law and Information at the University of California, Berkeley, as well as a Director of the Berkeley Center for Law & Technology and an advisor to the Samuelson High Technology Law & Public Policy Clinic at Boalt Hall. She has written and spoken extensively about the challenges that new information technologies pose for traditional legal regimes, especially for intellectual property law. This piece will appear in the July 2009 issue of Communications of the ACM. Readers may also be interested in the slides from Pam's recent presentation, "Reflections on the Google Book Search Settlement." Google has scanned the texts of more than seven million books from major university research libraries for its Book Search initiative and processed the digitized copies to index their contents. Google allows users to download the entirety of these books if they are in the public domain (about 1 million of them are), but at this point makes available only ?snippets? of relevant texts when the books are still in copyright unless the copyright owner has agreed to allow more to be displayed. In the fall of 2005, the Authors Guild, which then had about 8000 members, and five publishers sued Google for copyright infringement. Google argued that its scanning, indexing, and snippet-providing was a fair and non-infringing use because it promoted wider public access to books and because Google would take out of the Book Search corpus any digitized books whose rights holders objected to their inclusion. Many copyright professionals expected the Authors Guild v. Google case to be the most important fair use case of the 21st century. This column argues that the proposed settlement of this lawsuit is a privately negotiated compulsory license primarily designed to monetize millions of orphan works. It will benefit Google and certain authors and publishers, but it is questionable whether the authors of most books in the corpus (the ?dead souls? to which the title refers) would agree that the settling authors and publishers will truly represent their interests when setting terms for access to the Book Search corpus. Orphan Works An estimated 70 per cent of the books in the Book Search repository are in-copyright, but out of print. Most of them are, for all practical purposes, ?orphan works,? that is, works for which it is virtually impossible to locate the appropriate rights holders to ask for permission to digitize them. A broad consensus exists about the desirability of making orphan works more widely available. Yet, without a safe harbor against possible infringement lawsuits, digitization projects pose significant copyright risks. Congress is considering legislation to lessen the risks of using orphan works, but it has yet to pass. The proposed Book Search settlement agreement will solve the orphan works problem for books?at least for Google. Under this agreement, which must be approved by a federal court judge to become final, Google would get, among other things, a license to display up to 20 per cent of the contents of in-copyright out-of-print books, to run ads alongside these displays, and to sell access to the full texts of these books to institutional subscribers and to individual purchasers. The Book Rights Registry Approval of this settlement would establish a new collecting society, the Book Rights Registry (BRR), initially funded by Google with $34.5 million. The BRR will be responsible for allocating $45 million in settlement funds that Google is providing to compensate copyright owners for past uses of their books. More important is Google?s commitment to pay the BRR 63 per cent of the revenues it makes from Book Search that are subject to sharing provisions. The revenue streams will come from ads appearing next to displays of in-copyright books in response to user queries and from individual purchases of and institutional subscriptions to some or all of the books in the corpus. Google and the BRR may also develop new business models over time that will be subject to similar sharing. One of the main jobs of the BRR will be to distribute the settlement revenues. The money will go, less BRR?s costs, to authors and publishers who have registered their copyright claims with BRR. Although the settlement agreement extends only to books published prior to January 5, 2009, BRR is expected to attract authors and publishers of later-published books to participate in the revenue sharing arrangement that Google has negotiated with BRR. Class Action Settlement By now, readers may be a bit puzzled. How can Google be getting a license to make millions of in-copyright books available through Book Search just by settling a lawsuit brought by a small fraction of authors and publishers? U.S. law allows the filing of ?class action? lawsuits whose named plaintiffs claim they represent a class of persons who have suffered the same kind of harm from the defendant?s wrongful conduct as long as there are common issues of fact and law that make it desirable to adjudicate the claims in one lawsuit instead of many. The Authors Guild and three of its members sued Google, claiming to represent a class of similarly situated authors whose books Google was scanning and whose copyrights Google was violating. By bringing a class action, the Authors Guild put considerable financial pressure on Google because the winner of a class action lawsuit is entitled to compensation that equals all of the monies owed to the class, which may be exponentially higher than awards to individual plaintiffs. In the absence of the proposed settlement, Google would almost certainly have vigorously fought against certification of the class in the Authors Guild case. After all, the guild has only a few thousand members and most of them do not write the kinds of scholarly works that are typically found in major university research libraries. Many scholars would want their books to be scanned by the Book Search project so they would be more accessible to potential readers. The publisher lawsuit did not start out as a class action, perhaps in part because McGraw-Hill, et al., recognized how difficult it would be for them to prove they adequately represented a class of all book publishers whose books Google had scanned. However, the settlement agreement that Google has negotiated with the Authors Guild and the Association of American Publishers would, if approved, be settled as a class action on behalf of all book authors and publishers, with the Guild and AAP claiming to represent their entire respective classes. By acceding to the certification of these classes through this settlement, Google will get a license from all authors and publishers of books covered by the agreement (which is to say nearly every in-copyright book ever published in the U.S.) so that it can commercialize them though Book Search. Google's New Monopoly The proposed settlement agreement would give Google a monopoly on the largest digital library of books in the world. It and BRR, which will also be a monopoly, will have considerable freedom to set prices and terms and conditions for Book Search?s commercial services. BRR is unlikely to complain that the price is too high, the digital rights management technology is too restrictive, or the terms are too onerous. Google will also be the only service lawfully able to sell orphan books and monetize them through subscriptions. BRR will get 63 per cent of these revenues which it will pay out to authors and publishers registered with it, even as to books in which they hold no rights. (Some unclaimed orphan book funds may go to charities that promote literacy.) No author whose books are in the corpus can get paid by the BRR unless he/she has registered with it. Virtually the only way that Amazon.com, Microsoft, Yahoo!, or the Open Content Alliance could get a comparably broad license as the settlement would give Google would be by starting its own project to scan books. The scanner might then be sued for copyright infringement, as Google was. It would be very costly and very risky to litigate a fair use claim to final judgment given how high copyright damages can be (up to $150,000 per infringed work). Chances are also slim that the plaintiffs in such a lawsuit would be willing or able to settle on equivalent or even similar terms. Dead Souls The Book Search settlement brings to mind Nikolai Gogol?s story, Dead Souls. Chichikov, its main character, travels around the Russian countryside to buy ?dead souls? so that he can become a wealthy and influential man. In the early 19th century, you see, Russian landowners had to pay annual taxes on the number of serfs (counted as ?souls?) they owned as of the last census. Chichikov offered to buy ?dead souls? (i.e., serfs who had died since the last census) from the landowners. His plan was to acquire enough of these souls so that he could take out a large loan secured by his portfolio, and thereby to become a wealthy man. In Gogol?s story, Chichikov?s scheme falls apart. Rumors fly that the souls he owns are all dead and he flees the town in disgrace. However, Google?s ?dead souls? scheme may pay off handsomely, as the settlement would, in effect, give Google the exclusive right to commercially exploit millions of orphan books. Representativeness? As galling as it is to realize that the BRR and its registered authors and publishers will derive income from millions of books they didn?t write or publish, it is even more galling that copyright maximalists will almost certain dominate the BRR governing board. (The Authors Guild president, for example, recently complained about the ?read aloud? feature of Kindle, denoting it a ?swindle,? and a copyright infringement. The AAP is supporting legislation to forbid the National Institutes of Health from promoting ?open access? policies for articles written under NIH grants. And of course, the Authors Guild and AAP characterized Google as a thief for scanning books from research libraries.) If asked, the authors of orphan books in major research libraries might well prefer for their books to be available under Creative Commons licenses or put in the public domain so that fellow researchers could have greater access to them. The BRR will have an institutional bias against encouraging this or considering what terms of access most authors of books in the corpus would want. In reviewing the settlement, the judge who is supposed to consider whether the settlement is ?fair? to the classes on whose behalf the lawsuits were brought. He may assume the settlement is fair because money will flow to authors and publishers. But importantly absent from the courtroom will be the orphan book authors who might have qualms about the Authors Guild and AAP as their representatives. Conclusion In the short run, the Google Book Search settlement will unquestionably bring about greater access to books collected by major research libraries over the years. But it is very worrisome that this agreement, which was negotiated in secret by Google and a few lawyers working for the Authors Guild and AAP (who will, by the way, get up to $45.5 million in fees for their work on the settlement?more than all of the authors combined!), will create two complementary monopolies with exclusive rights over a research corpus of this magnitude. Monopolies are prone to engage in many abuses. The Book Search agreement is not really a settlement of a dispute over whether scanning books to index them is fair use. It is a major restructuring of the book industry?s future without meaningful government oversight. The market for digitized orphan books could be competitive, but will not be if this settlement is approved as is. From rforno at infowarrior.org Sun Apr 19 04:11:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Apr 2009 00:11:36 -0400 Subject: [Infowarrior] - F.B.I. and States Vastly Expand DNA Databases Message-ID: April 19, 2009 F.B.I. and States Vastly Expand DNA Databases By SOLOMON MOORE http://www.nytimes.com/2009/04/19/us/19DNA.html?_r=1&pagewanted=print Law enforcement officials are vastly expanding their collection of DNA to include millions more people who have been arrested or detained but not yet convicted. The move, intended to help solve more crimes, is raising concerns about the privacy of petty offenders and people who are presumed innocent. Until now, the federal government genetically tracked only convicts. But starting this month, the Federal Bureau of Investigation will join 15 states that collect DNA samples from those awaiting trial and will collect DNA from detained immigrants ? the vanguard of a growing class of genetic registrants. The F.B.I., with a DNA database of 6.7 million profiles, expects to accelerate its growth rate from 80,000 new entries a year to 1.2 million by 2012 ? a 17-fold increase. F.B.I. officials say they expect DNA processing backlogs ? which now stand at more than 500,000 cases ? to increase. Law enforcement officials say that expanding the DNA databanks to include legally innocent people will help solve more violent crimes. They point out that DNA has helped convict thousands of criminals and has exonerated more than 200 wrongfully convicted people. But criminal justice experts cite Fourth Amendment privacy concerns and worry that the nation is becoming a genetic surveillance society. ?DNA databases were built initially to deal with violent sexual crimes and homicides ? a very limited number of crimes,? said Harry Levine, a professor of sociology at City University of New York who studies policing trends. ?Over time more and more crimes of decreasing severity have been added to the database. Cops and prosecutors like it because it gives everybody more information and creates a new suspect pool.? Courts have generally upheld laws authorizing compulsory collection of DNA from convicts and ex-convicts under supervised release, on the grounds that criminal acts diminish privacy rights. DNA extraction upon arrest potentially erodes that argument, a recent Congressional study found. ?Courts have not fully considered legal implications of recent extensions of DNA-collection to people whom the government has arrested but not tried or convicted,? the report said. Minors are required to provide DNA samples in 35 states upon conviction, and in some states upon arrest. Three juvenile suspects in November filed the only current constitutional challenge against taking DNA at the time of arrest. The judge temporarily stopped DNA collection from the three youths, and the case is continuing. Sixteen states now take DNA from some who have been found guilty of misdemeanors. As more police agencies take DNA for a greater variety of lesser and suspected crimes, civil rights advocates say the government?s power is becoming too broadly applied. ?What we object to ? and what the Constitution prohibits ? is the indiscriminate taking of DNA for things like writing an insufficient funds check, shoplifting, drug convictions,? said Michael Risher, a lawyer for the American Civil Liberties Union. This year, California began taking DNA upon arrest and expects to nearly double the growth rate of its database, to 390,000 profiles a year from 200,000. One of those was Brian Roberts, 29, who was awaiting trial for methamphetamine possession. Inside the Twin Towers Correctional Facility in Los Angeles last month, Mr. Roberts let a sheriff?s deputy swab the inside of his cheek. Mr. Roberts?s DNA will be translated into a numerical sequence at the F.B.I.?s DNA database, the largest in the world. The system will search for matches between Mr. Roberts?s DNA and other profiles every Monday, from now into the indeterminate future ? until one day, perhaps decades hence, Mr. Roberts might leave a drop of blood or semen at some crime scene. Law enforcement officials say that DNA extraction upon arrest is no different than fingerprinting at routine bookings and that states purge profiles after people are cleared of suspicion. In practice, defense lawyers say this is a laborious process that often involves a court order. (The F.B.I. says it has never received a request to purge a profile from its database.) When DNA is taken in error, expunging a profile can be just as difficult. In Pennsylvania, Ellyn Sapper, a Philadelphia public defender, has spent weeks trying to expunge the profile taken erroneously of a 14-year-old boy guilty of assault and bicycle theft. ?I?m going to have to get a judge?s order to make sure that all references to his DNA are gone,? she said. The police say that the potential hazards of genetic surveillance are worth it because it solves crimes and because DNA is more accurate than other physical evidence. ?I?ve watched women go from mug-book to mug-book looking for the man who raped her,? said Mitch Morrissey, the Denver district attorney and an advocate for more expansive DNA sampling. ?It saves women?s lives.? Mr. Morrissey pointed to Britain, which has fewer privacy protections than the United States and has been taking DNA upon arrest for years. It has a population of 61 million ? and 4.5 million DNA profiles. ?About 8 percent of the people commit about 70 percent of your crimes, so if you can get the majority of that community, you don?t have to do more than that,? he said. In the United States, 8 percent of the population would be roughly 24 million people. Britain may provide a window into America?s genetic surveillance future: As of March 2008, 857,000 people in the British database, or about one-fifth, have no current criminal record. In December, the European Court of Human Rights ruled that Britain violated international law by collecting DNA profiles from innocent people, including children as young as 10. Critics are also disturbed by the demographics of DNA databases. Again Britain is instructive. According to a House of Commons report, 27 percent of black people and 42 percent of black males are genetically registered, compared with 6 percent of white people. As in Britain, expanding genetic sampling in the United States could exacerbate racial disparities in the criminal justice system, according to Hank Greely, a Stanford University Law School professor who studies the intersection of genetics, policing and race. Mr. Greely estimated that African-Americans, who are about 12 percent of the national population, make up 40 percent of the DNA profiles in the federal database, reflective of their prison population. He also expects Latinos, who are about 13 percent of the population and committed 40 percent of last year?s federal offenses ? nearly half of them immigration crimes ? to dominate DNA databases. Enforcement officials contend that DNA is blind to race. Federal profiles include little more information than the DNA sequence and the referring police agency. Subjects? names are usually kept by investigators. Rock Harmon, a former prosecutor for Alameda County, Calif., and an adviser to crime laboratories, said DNA demographics reflected the criminal population. Even if an innocent man?s DNA was included in a genetic database, he said, it would come to nothing without a crime scene sample to match it. ?If you haven?t done anything wrong, you have nothing to fear,? he said. From rforno at infowarrior.org Sun Apr 19 04:20:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Apr 2009 00:20:09 -0400 Subject: [Infowarrior] - Why Google Is The New Pirate Bay Message-ID: <8D1A0A9F-3382-4DB1-B908-8060E87DB932@infowarrior.org> http://www.forbes.com/2009/04/17/pirate-bay-google-technology-internet-pirate-bay_print.html Digital Media Why Google Is The New Pirate Bay Andy Greenberg, 04.17.09, 4:00 PM ET This week has offered a hard lesson for pirates, both water- and Web- based: Keep a low profile and your illicit business can flourish. But draw too much attention, and you're likely to get sniped. On Friday, the trial of the Pirate Bay, the Web's highest-profile source of TV shows, movies and music, came to an end when a Swedish court found the administrators of the site guilty of copyright infringement, sentencing them to a year in prison and more than $3 million in fines. The verdict comes as a surprise to many who assumed the site, which indexes the "tracker" files that allow users to share video and music, was beyond prosecution in its home country of Sweden. And though the sites' owners say they plan to appeal the decision, it may nonetheless lead to the takedown of the Web's most popular index of peer-to-peer downloads. But even if the Pirate Bay sinks, putting an end to file-sharing isn't so simple. Waiting in the wings to absorb the site's audience are dozens of second-string bittorrent tracker sites that have avoided the Pirate Bay's level of notoriety, including Mininova, isoHunt and Demonoid. And according to Ben Edelman, a professor at Harvard's Business School focused on Internet regulation, that longer-tail assortment of piracy outlets means the starting point for finding pirated content has shifted to an even more resilient source: Google. "Google now can and does do what the Pirate Bay has always done," Edelman says. "And if they're prosecuted, they would have much more interesting arguments in their defense." By searching for pirated music or video, Google users can easily scan a range of lesser-known pirate sites to dig up illicit content. Those looking for the upcoming film X-Men Origins: Wolverine, for instance, can search for "wolverine torrent." The first result is a link to file- sharing site isoHunt, with a torrent tracker file that allows the user to download the full film. In fact, searches for "wolverine torrent" on Google have more than quadrupled since the movie file was first leaked to peer-to-peer networks on April 5, according to Google Trends. Googling more obscure films works just as well. For example, search for "the maltese falcon torrent," and the first result links to Torrentz.com, which in turn links to other sites hosting torrent trackers for the Bogart classic, including Mininova, BTjunkie, Torrenthound and Seedpeer. Google, for its part, says it is vigilant about removing illegal content. "We are committed to respecting copyrights and have a well- established process under the [Digital Millennium Copyright Act] for removing links to infringing content when they appear in our search results," a company spokesman wrote in an e-mail. Yahoo! did not respond immediately to requests seeking comment. But Google and Yahoo! have always been a starting point for peer-to- peer piracy, says Eric Garland, chief executive of the bittorrent research firm Big Champagne. In focus groups, Garland says he's found that users begin their searches for pirated movies on search engines as often as any source, including the Pirate Bay. That means preventing a user from downloading copyrighted files would mean not simply shutting down the Pirate Bay, but every one of the lesser- traveled sites that Google or Yahoo! provide links to. "I've argued for years that the real battle rights holders are fighting isn't with individual users or file-sharing sites, but with search," Garland says. "As long as there's robust search that allows people to find the titles they're seeking, you will have this problem, period." The Pirate Bay's guilty verdict was partly due to its notoriety as a flagrant source of pirated content. The site thumbed its nose publicly at its detractors in interviews with Wired, Vanity Fair, Forbes and other news outlets and its administrators publicly posted their retorts to cease-and-desist letters, including repeated suggestions that media company lawyers perform painful acts on their nether regions with a retractable baton. Google, on the other hand, may be more legally defensible than any single torrent site. Any piracy-related activity by its users would be dwarfed by the search engine's massive number of legitimate users, says Big Champagne's Garland, and Google is careful to avoid any encouragement of copyright infringing activity. "Google doesn't call itself 'The Pirate Google,'" Garland says. "If the number of queries looking for copyrighted works is massive, that's only because the number of searches on Google in general is massive." Google's popularity as a resilient portal for piracy means that even if the media industry were to pursue torrent sites one by one, the search engine would always link to the newest site to host those tracking files, a potentially endless war on torrent sites. "It's a cat and mouse game," says Harvard's Edelman. "Sometimes the mouse gets eaten. But there are always more mice scurrying around, willing to try their luck." From rforno at infowarrior.org Sun Apr 19 04:21:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Apr 2009 00:21:26 -0400 Subject: [Infowarrior] - Federal CTO Picked Message-ID: <89ADA45D-8254-464B-B29B-324A3E89D6A2@infowarrior.org> www.internetnews.com/government/article.php/3816126 Obama Makes Surprise Pick for Federal CTO By Kenneth Corbin April 18, 2009 President Obama today announced his choice for the nation's first chief technology officer, bringing a months-long guessing game to an end with a pick that virtually no one saw coming. Aneesh Chopra, Virginia's Secretary of Technology, landed the job. In his weekly Internet and radio address, Obama said the new position aims to "promote technological innovation to help achieve our most urgent priorities -- from creating jobs and reducing healthcare costs to keeping our nation secure." Obama said that Chopra will work closely with White House CIO Vivek Kundra, who oversees the government's technology budget and internal IT policies. Both positions are creations of the Obama administration, and stand as further evidence of the importance the president places on technology. After running an impressively tech-savvy campaign, Obama has pledged to use the Web to make more government information easily accessible to the public. "The goal is to give all Americans a voice in their government and ensure that they know exactly how we're spending their money -- and can hold us accountable for the results," Obama said. Of course, the idea of a fully open, transparent e-government is often at odds with the bureaucratic realities of Washington, where legacy systems, arcane reporting structures and security issues have come as a culture shock to Obama staffers who joined the administration from the campaign. Chopra, who previously served as managing director of the hospital consulting Advisory Board Company, is a largely unknown figure in Silicon Valley. Obama was widely expected to pick a top gun in the industry, with figures like Google's Eric Schmidt and Vint Cerf, Microsoft's Bill Gates and Cisco's Padmasree Warrior topping many people's shortlists. In his four years heading Virginia's technology efforts, Chopra worked extensively on health IT issues, which Obama has repeatedly said ranks as a high priority for his administration. Chopra also worked to craft public-private partnerships to bring technical expertise from firms like Google (NASDAQ: GOOG) and Microsoft (NASDAQ: MSFT) inside the walls of government. Under Chopra's direction, Virginia was one of the first states to partner with Google to implement its site-map protocols across the Web sites of the state's roughly 90 agencies. At a Washington policy conference in January, Chopra described the challenges of trying to make government data more accessible to the public -- in essence doing on a state level what Obama has said he would like to see happen across the federal government. "Open government first and foremost begins with an open and more modern IT infrastructure," he said. "We have all this data, we just can't mine it, because the information is siloed." Chopra holds a master's degree in public policy from Harvard and a bachelor's degree in public health from Johns Hopkins. In an address themed around government efficiency and accountability, Obama this morning also named Jeffrey Zients as the government's chief performance officer, another position created by the administration. Obama had previously tapped Nancy Killefer for the job, also nominating her as deputy director of the Office of Management and Budget, only to see her withdraw her name from consideration after it became known that she had failed to pay unemployment taxes for household help at her D.C. home. From rforno at infowarrior.org Sun Apr 19 04:26:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Apr 2009 00:26:28 -0400 Subject: [Infowarrior] - @ Infowarcon.... Message-ID: <4AE4081E-9034-4316-A26A-C48B9FE67F14@infowarrior.org> A reminder that I will be chairing a panel on US Cybersecurity at INFOWARCON 2009 in Washington, DC on Friday 4/24, and will be around for most of the conference as well. Looking forward to meeting several of you during the coming week. ----rf http://infowarcon.com/ Session 7: US Cybersecurity Friday, April 24 10:15 a.m. - 12:00 a.m. The chance of a cataclysmic event interrupting our internet dependent society is a critical issue that the new administration has stated publicly its concern over. Noted information security and incident handling expert Richard Forno will lead a panel of experts and thought leaders in a review and discussion of America's true state of cybersecurity readiness and offer objective recommendations for the future on this national security issue. Panelists Include: ? Mr. Pieter ?Mudge? Zatko ? L0pht member, testified to a Senate committee in 1998 that they could bring down the Internet in 30 minutes ? Mr. James ?Jim? Christy - Director of Futures Exploration for the Department of Defense Cyber Crimes Center (DC3) ? Ms. Christine A.R. MacNutly, FRSA, President & CEO, Applied Futures ? Mr. Robert Gourley, Chief Technology Officer (CTO) at Crucial Point LLC ? Mr. Tim Rosenberg, CEO, Whitewolf Security From rforno at infowarrior.org Sun Apr 19 04:27:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Apr 2009 00:27:50 -0400 Subject: [Infowarrior] - Cybersecurity bill goes too far Message-ID: <8DFF5E89-8087-4E92-9227-0B67378C0ED5@infowarrior.org> William Jackson | Senate's cybersecurity bill goes too far ? By William Jackson ? Apr 17, 2009 http://gcn.com/articles/2009/04/20/cybereye-security-bill.aspx The Senate should take a close look at a comprehensive and far- reaching cybersecurity bill that attempts to assign responsibilities for better protecting the nation?s critical information infrastructure. Based on a working draft of the legislation, there are some good ideas in the Cybersecurity Act of 2009, introduced by John ?Jay? Rockefeller IV (D-W.Va.), chairman of the Senate Commerce, Science and Transportation Committee, and Olympia Snowe (R-Maine). But there also are some quixotic elements and a few provisions so far-reaching that they could effectively turn the Internet within the United States into a state-controlled medium. The most troubling provisions would let the president order the disconnection of any federal information system or privately owned critical infrastructure component for undefined reasons of national security. The bill, S.773, was introduced April 1 and referred to Rockefeller?s committee. It probably should remain there until the 60-day review of the nation?s cybersecurity policies ordered by President Obama has been digested. According to the bill?s preamble, ?America?s failure to protect cyberspace is one of the most urgent national security problems facing the country.? It goes on to warn of the risk not only to national security but also to the economy. Its good ideas include the creation of a presidential cybersecurity advisory panel, the development of a comprehensive national cybersecurity strategy, and the establishment of measurable and auditable standards for government and contractor information technology systems. The National Science Foundation would support security research and development, and the Commerce Department would be the clearinghouse for threat and vulnerability information. Perhaps the most unrealistic provision of the bill is its call for Commerce, in consultation with the Office of Management and Budget, to develop a plan for providing comprehensive, real-time cybersecurity status and vulnerability information on all federal systems it manages within 90 days of the bill?s enactment and implement that plan within a year. This is a fine goal. But 90 days? Implemented in one year? Not likely. At first blush, the provision allowing the president to disconnect networks for national security might not sound unreasonable. But it is far too vague and goes too far. The Internet is so interconnected that almost any network could be defined as critical infrastructure, and the ?interest of national security? has been abused so routinely that this provision poses the risk of almost anyone who offends the administration being taken off-line. This provision could, for example, have been used in 1971 to stop the New York Times and Washington Post from publishing the Pentagon Papers, had they attempted to put them online rather than print them. With no judicial review, the law would let a president order the publications' Web servers offline with the argument that it was not censoring a publication, but protecting the national security by removing infrastructure that had become critical. If such authority is needed, the bill should carefully spell out in a constitutionally appropriate way the circumstances under which it could be used and the recourse and other safeguards against abuse. From rforno at infowarrior.org Sun Apr 19 17:46:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Apr 2009 13:46:11 -0400 Subject: [Infowarrior] - British spy agency searches for real-life `Q' Message-ID: http://news.yahoo.com/s/ap/20090418/ap_on_re_eu/eu_britain_quest_for_q British spy agency searches for real-life `Q' AP LONDON ? He was James Bond's go-to guy for inventions that included dagger-embedded shoes, radioactive lint and a deadly sofa that swallowed people. Now, Britain's domestic spy agency ? MI5 ? is hunting for its very own "Q," of sorts. MI6's sister organization, which carries out surveillance on terror suspects inside Britain and gives security advice to the government, is searching for someone to lead its scientific work. Projects could include everything from developing counterterrorism technology to tackling a biological or chemical attack. "Looking for a chief scientific adviser to lead and coordinate the scientific work of the security service so that the service continues to be supported by excellent science and technology advice," MI5's Web site ad reads. Since the 2001 terror attacks in the United States and the suicide bombings in London in 2005, spy agencies around the world have raced to develop technological tools in the fight against terrorism. Mobile phones equipped with sensors for detecting chemical, biological or radioactive agents are in the works. Others, such as supersensitive eavesdropping devices, will likely be rolled out for the 2012 Olympics in London. The biggest fear, however, remains a chemical, biological or nuclear attack. "Threat equals the capability of your enemy and their intention," said a British government official who spoke on condition of anonymity because of the sensitivity of his work. "What we've seen over the years is terror cells transferring both knowledge and technology. The intention is limitless." MI5 has long had a roster of scientific staff tasked with developing high-tech gadgets, but an official said the service now wants a high- profile figure to lead pioneering work in technology and science. The adviser's work will focus chiefly on creating sophisticated new tools to help security service officers carry out surveillance and analysis work, said a government security official, who requested anonymity to discuss the work of MI5. Recent court cases in Britain have detailed the heavy use by MI5 and police of audio and video bugs and e-mail intercepts to track conversations between suspects. Security officials refuse to discuss what techniques MI5 uses, for fear of compromising their methods. But officers have been rumored to have other James Bond-style kits at their disposal, including chemicals which can be attached to a suspect and leave a trace wherever they go ? similar to the radioactive lint supplied by Q to 007. Although the fictional James Bond character of "Q" worked for MI6 and was best remembered for his gadgets, he was also known in the Ian Fleming novels as a quartermaster of the agency's scientific branch. Candidates for the MI5 job need to be at least 18, British or naturalized citizens who have "world-class scientific expertise and credibility in relevant scientific and technology disciplines, outstanding influencing and communication skills, experience of building an effective network and of creating a high quality team." There are no salary details posted for the job, which would be two to three days a week. ___ Associated Press Writer David Stringer contributed to this report. ___ On the Net: MI5: http://mi5.gov.uk From rforno at infowarrior.org Sun Apr 19 17:47:46 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Apr 2009 13:47:46 -0400 Subject: [Infowarrior] - Army issuing iPod Touch to troops Message-ID: <999C83C5-EDA6-4103-AB91-8D6DA63B2545@infowarrior.org> http://www.newsweek.com/id/194623/output/print Apple?s New Weapon To help soldiers make sense of data from drones, satellites and ground sensors, the U.S. military now issues the iPod Touch. Benjamin Sutherland NEWSWEEK From the magazine issue dated Apr 27, 2009 Tying the hands of a person who is speaking, the Arab proverb goes, is akin to "tying his tongue." Western soldiers in Iraq know how important gestures can be when communicating with locals. To close, open and close a fist means "light," but just opening a fist means "bomb." One soldier recently home from Iraq once tried to order an Iraqi man to lie down. To get his point across, the soldier had to demonstrate by stretching out in the dirt. Translation software could help, but what's the best way to make it available in the field? The U.S. military in the past would give a soldier an electronic handheld device, made at great expense specially for the battlefield, with the latest software. But translation is only one of many software applications soldiers now need. The future of "networked warfare" requires each soldier to be linked electronically to other troops as well as to weapons systems and intelligence sources. Making sense of the reams of data from satellites, drones and ground sensors cries out for a handheld device that is both versatile and easy to use. With their intuitive interfaces, Apple devices?the iPod Touch and, to a lesser extent, the iPhone?are becoming the handhelds of choice. Using a commercial product for such a crucial military role is a break from the past. Compared with devices built to military specifications, iPods are cheap. Apple, after all, has already done the research and manufacturing without taxpayer money. The iPod Touch retails for under $230, whereas a device made specifically for the military can cost far more. (The iPhone offers more functionality than the iPod Touch, but at $600 or $700 each, is much more expensive.) Typically sheathed in protective casing, iPods have proved rugged enough for military life. And according to an Army official in Baghdad, the devices have yet to be successfully hacked. (The Pentagon won't say how many Apple devices are deployed, and Apple Computer declined to be interviewed for this article.) The iPod also fulfills the U.S. military's need to equip soldiers with a single device that can perform many different tasks. Apple's online App Store offers more than 25,000 (and counting) applications for the iPhone and iPod Touch, which shares the iPhone's touchscreen. As the elegantly simple iPods?often controlled with a single thumb?acquire more functionality, soldiers can shed other gadgets. An iPod "may be all that they need," says Lt. Col. Jim Ross, director of the Army's intelligence, electronic warfare and sensors operations in Fort Monmouth, New Jersey. The iPod isn't the only multifunction handheld on the market, but among soldiers it's the most popular. Since most recruits have used one ?and many already own one?it's that much easier to train them to prepare and upload new content. Users can add phrases to language software, annotate maps and link text or voice recordings to photos ("Have you seen this man?"). Apple devices make it easy to shoot, store and play video. Consider the impact of showing villagers a video message of a relaxed and respected local leader encouraging them to help root out insurgents. Since sharing data is particularly important in counterinsurgency operations, the Pentagon is funding technology that makes it easier for the soldier on the ground to acquire information and quickly add it to databases. Next Wave Systems in Indiana, is expected to release iPhone software that would enable a soldier to snap a picture of a street sign and, in a few moments, receive intelligence uploaded by other soldiers (the information would be linked by the words on the street sign). This could include information about local water quality or the name and photograph of a local insurgent sympathizer. The U.S. Marine Corps is funding an application for Apple devices that would allow soldiers to upload photographs of detained suspects, along with written reports, into a biometric database. The software could match faces, making it easier to track suspects after they're released. Apple gadgets are proving to be surprisingly versatile. Software developers and the U.S. Department of Defense are developing military software for iPods that enables soldiers to display aerial video from drones and have teleconferences with intelligence agents halfway across the globe. Snipers in Iraq and Afghanistan now use a "ballistics calculator" called BulletFlight, made by the Florida firm Knight's Armament for the iPod Touch and iPhone. Army researchers are developing applications to turn an iPod into a remote control for a bomb-disposal robot (tilting the iPod steers the robot). In Sudan, American military observers are using iPods to learn the appropriate etiquette for interacting with tribal leaders. Translation is another important area. A new program, Vcommunicator, is now being issued to soldiers in Iraq and Afghanistan. It produces spoken and written translations of Arabic, Kurdish and two Afghan languages. It also shows animated graphics of accompanying gestures and body language, and displays pictures of garments, weapons and other objects. Procurement officials are making a "tremendous push" to develop and field militarily useful Apple devices, says Ernie Bright, operations manager of Vcom3D, the Florida firm that developed the software. The iPod has already transformed the way we listen to music. Now it's taking on war. URL: http://www.newsweek.com/id/194623 From rforno at infowarrior.org Mon Apr 20 03:25:04 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Apr 2009 23:25:04 -0400 Subject: [Infowarrior] - The Fog of Cyberwar Message-ID: <1B4E4D59-3E71-4241-A8C5-F90F03891F2A@infowarrior.org> The Fog of Cyberwar NATO military strategists are waking up to the threat from online attacks. By Evgeny Morozov | NEWSWEEK Published Apr 18, 2009 From the magazine issue dated Apr 27, 2009 http://www.newsweek.com/id/194605 Ghostnet sounds like something John le Carr? would invent. This vast cyber-espionage operation spanned 1,295 computers worldwide, a third of them located in ministries of foreign affairs, embassies, international organizations and news media, some holding classified data. According to a report by three Canadian security think tanks in March, it included at least one unclassified computer at NATO headquarters in Mons, Belgium. Although the culprit is unidentified, some experts suspect China. Whether it exploited any of the data is hard to say. That it could obtain it so easily has raised eyebrows in the world's mightiest military alliance. NATO is only just beginning to recognize that the Internet has become a new battleground, and that it requires a military strategy. As economic life relies more and more on the Internet, the potential for small bands of hackers to launch devastating attacks on the world economy is growing. To counter such threats, a group of NATO members, including the U.S. and Germany, last year established a kind of internal cybersecurity think tank, based in a former government building in Tallinn, Estonia. The 30 staffers at the Cooperative Cyber Defense Centre of Excellence analyze emerging viruses and other threats, and pass on alerts to sponsoring NATO governments. They are also working to bring the allies together on the elusive issues that deepen the fog of cyberwar. Experts with backgrounds in the military, technology, law and science are wrestling with such questions as: What qualifies as a cyber "attack" on a NATO member, and so triggers the obligation of alliance members to rush to its defense? And how can the alliance defend itself in cyberspace? Already, the debate is producing strikingly different answers: as Washington moves to create a new "cybersecurity czar" and new funds for cyberdefenses, Estonia is moving much of the job into civilian hands, aiming to create a nation of citizens alert and wise to online threats. The choice of Estonia as the home to NATO's new cyberwar brain trust is not accidental. In 2007 Estonia was in a public squabble with Russia over the fate of a Soviet-era monument when it suddenly found itself under a wave of cyberattacks. Among the targets were two of Estonia's biggest banks, whose online systems were severely degraded for several hours. The scale of the economic damage is still classified as a state secret, but the fact that this happened in "E- stonia," a proud digital society where even parking meters take payment via text messages, was eye-opening. Although the decentralized nature of cyberattacks made it hard to know whether the Kremlin ordered the attacks, clues led Estonia to a Russian suspect, whom the Kremlin refused to extradite. One thing is clear: Russia gained from what may be the first successful invasion in the new age of cyberwar. Hillar Aarelaid, a manager at Estonia's computer emergency response team, who coordinated Estonia's defenses during the assault, told me that the attack used a nasty weapon called a "distributed denial of service," or DDOS. Cheap to organize and devastating, DDOS involves a small gang of hackers who command a cyber-army of infected PCs to overwhelm the Web sites of a bank (or other institution) with seemingly legitimate requests. Yet Aarelaid believes that the attackers who came after Estonia aimed to flaunt the range and power of their arsenal. If the orders came from the Kremlin, the message to former Soviet satellites was clear: defy us at your own risk. Estonia, courageously, went ahead and moved the Soviet monument anyway. The attack revealed the vulnerability of a NATO member to external pressure. If a group in Russia could wreak so much havoc over a statue, imagine what a state-sponsored effort could do? Attackers could infect and gain control of thousands of computers?much like GhostNet did?and go after banks all across Europe, leading to digital chaos?online banking would go down, credit-card purchases couldn't be verified. Factor in electricity grids, dams and airport navigation systems, which are connected to the Internet, and it begins to sound like a Hollywood movie. The trick, from NATO's standpoint, is figuring out when an attack is hacker mischief and when it's a military matter. Back in 2007, Estonia's minister of defense stated that "the attacks cannot be treated as hooliganism, but have to be treated as an attack against the state." But no troops crossed Estonia's borders, and there was almost nothing that we associate with a conventional conflict. How to respond, and against whom? The first step, say scientists at the center, is to identify when a threat warrants a military response. "In the absence of a clear legal framework for dealing with cyberattacks, it's very hard to decide whether to treat them as the beginning of armed conflict," says Rain Ottis, one of the center's senior scientists. The United States is clearly leaning toward a military strategy. In March the U.S. Senate took up a bill that would bring cybersecurity work at the NSA, Air Force, DHS and a dozen other agencies under a "cybersecurity czar," who would also become a "national cybersecurity adviser." It would arm this person with unprecedented powers, including the right to shut off federal networks if they are found to be vulnerable. If passed, the bill might result in even further militarization of cyberspace; today, virtually all major security contractors?from Lockheed Martin to Boeing?have already set up cybersecurity divisions, fighting for government funds. U.S. government spending on secure computer networks is forecast to rise from $7.4 billion in 2008 to $10.7 billion in 2013. Most of NATO's biggest members, including France, Britain and Germany, appear to be following the U.S. lead. Estonia, on the other hand, is choosing not to play up fear of a cyberwar. Such talk in 2007 only made already strained relations with Russia worse. Instead, it prefers to demilitarize the issue by shifting the responsibility for cybersecurity from the Ministry of Defense to the Ministry of Economic Affairs and Communications, and is working to identify the services?like online banking?that are most critical to running a digital economy. The Estonians are stepping up efforts to educate citizens on how to identify risks, and creating graduate programs in cybersecurity. Heli Tiirmaa-Klaar, the senior defense adviser at Estonia's defense ministry and one of the country's leading cybersecurity officials, speaks of promoting a "culture of cybersecurity," starting with schoolchildren. The Estonians have the right idea. Cyberattacks would be prohibitively expensive if hackers had to build their own computers, rather than hijacking idle ones. And a society of savvy citizens is the best defense, because they have every incentive to stay ahead of the hackers; industry tends to stay a step behind, because attacks create a demand for new software. That's how America's reliance on centralized military industries could backfire: they are not numerous or nimble enough to fight Internet battles. Estonia's civilian answer is both more likely to prove popular in diplomatic circles, and more likely to be successful. ? 2009 From rforno at infowarrior.org Mon Apr 20 11:59:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Apr 2009 07:59:49 -0400 Subject: [Infowarrior] - Oracle buys Sun for $7.4b cash Message-ID: <1A145B1F-4B89-4B9A-81A3-E6B15C5F27F9@infowarrior.org> (Frankly I think IBM was a better fit.....---rf) Oracle to buy Sun for $7.4B after IBM dropped bid http://finance.yahoo.com/news/Oracle-to-buy-Sun-for-74B-apf-14969257.html?.v=1 REDWOOD SHORES, California (AP) -- Information technology company Oracle Corp. is buying Sun Microsystems Inc. in a cash deal the company valued at $7.4 billion. The deal comes after IBM Corp. abandoned its bid to buy the networking equipment maker. Redwood Shores-based Oracle will buy Sun shares for $9.50 each. The price represents a 42 percent premium to Sun's Friday closing stock price of $6.69. Net of Sun's cash and debt, the transaction is valued at $5.6 billion, Oracle says. IBM had offered to buy Sun for $9.40 per share, but acquisition talks fell apart earlier this month after Sun canceled IBM's exclusive negotiating rights, and IBM withdrew its offer. The transaction has been approved by Sun's board of directors. Oracle expects to close the deal this summer. From rforno at infowarrior.org Mon Apr 20 12:05:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Apr 2009 08:05:32 -0400 Subject: [Infowarrior] - Goldman Sachs Sues Blogger Message-ID: Goldman Sachs Sues Blogger ?Goldmansachs666.com? Email this post Print this post By Barry Ritholtz - April 20th, 2009, 6:41AM http://www.ritholtz.com/blog/2009/04/goldman-sachs-sues-blogger-goldmansachs666com/ Today, I added a new blog to the blog roll for the first time in months. I urge you to do the same. Why? Because they were sued by GS for criticizing the firm: ?Goldman Sachs Group Inc. has been called many things over the years. Plenty of people have raged against its power and wealth. If you spend decades as the most successful investment bank, it goes with the territory. Calling it the devil may be going a bit far, though, even for the flinty-hearted employees of the New York-based bank. Last month, a blog called Goldmansachs666.com was set up. Goldman Sachs has taken legal action against the site, alleging it infringes a trademark in the phrase ?Goldman Sachs.? The owner of the site, investment adviser Mike Morgan of Jensen Beach, Florida, has promised to contest the litigation and pursue similar campaigns against other banks. ?They might think it is just a Mickey Mouse Web site, but we?re coming after them,? Morgan said in a telephone interview. ?It would be really stupid for the banks to try and stop us. But banks do stupid things all the time.? Let?s review your tax dollars at work: Godlman Sachs CEO Hank Paulson lobbied the SEC to allow the 5 largest iBanks to be exempt from net capital rules, and then leverage up 40 to 1. Which they did, especially with Mortgage-backed paper and derivatives. Then he becomes Treasury Secretary, and transfers from the taxpayers to these same iBanks ? some directly, and some thru AIG ? trillions of dollars. Now, the taxpayer subsidized disaster creator is thin skinned about criticism. Note that the trademark claim is bullshit ? its well settled law, via WalmartSucks.com. This 2000 case was originally found in favor of Wal-Mart by World Intellectual Property Organization but later reversed. Walmartsucks.com is no longer operating, but a new site, Walmartsucks.org appears to be run by author Kenneth J. Harvey. As another example of the legality of the ??sucks.com? sites, see also, disney-sucks.com. No one seems to ever learn: If you want to close a critical site down, you ignore ? you don?t sue them. Thus, we add Goldmansachs666.com to the blog roll. If you have a blog, I STRONGLY suggest you do the same. From rforno at infowarrior.org Mon Apr 20 12:10:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Apr 2009 08:10:44 -0400 Subject: [Infowarrior] - As Costs Fall, Companies Push to Raise Internet Price Message-ID: <15263715-8C4A-468B-9525-E977E9797C79@infowarrior.org> April 20, 2009 As Costs Fall, Companies Push to Raise Internet Price By SAUL HANSELL http://www.nytimes.com/2009/04/20/business/20isp.html?partner=rss&emc=rss&pagewanted=print Internet service providers want to end the all-you-can-eat plans and get their customers paying ? la carte. But they are having a hard time closing the buffet line. Faced with rising consumer protest and calls from members of Congress for new regulations, Time Warner Cable backed down last week from a plan to impose new fees on heavy users of its Road Runner Internet service. The debate over the price of Internet use is far from over. Critics say cable and phone companies are already charging far more than Internet providers in other countries. Some also wonder whether the new price plans are meant to prevent online video sites from cutting into the lucrative revenue from cable TV service. Cable executives say the issue is not competition but cost. People who watch or download a lot of movies and TV shows use hundreds of times more Internet capacity than those who simply read e-mail and browse the Web. It is only fair, they argue, that heavy users should pay more. ?When you go to lunch with a friend, do you split the bill in half if he gets the steak and you have a salad?? Landel C. Hobbs, the chief operating officer of Time Warner Cable, asked recently in a blog post defending the company?s now abandoned plan. Still, critics say the image of Internet providers as restaurants about to go broke serving an endless line of gluttons simply does not match the financial or technological realities of the industry. They point out that providers? profit margins are stable, and that investment in network equipment is generally falling. These plans to charge for above-average Internet use ?are unjustifiable for almost everywhere in the country except for rural America,? Richard F. Doherty, the research director of the Envisioneering Group, a consulting firm that studies cable technology. Cable or telephone networks have little in common with a restaurant, the critics say, because there is no electronic equivalent of food to buy. If all Time Warner customers decided one day not to check their e- mail or download a single movie, the company?s costs would be no different than on a day when every customer was glued to the screen watching one YouTube video after another. That is because their networks are constantly being expanded to handle ever-greater peak periods. It is the modern equivalent of how the old AT&T was said to have built the long-distance network to handle the number of calls expected on Mother?s Day. ?All of our economics are based on engineering for the peak hour,? said Tony Werner, the chief technical officer of Comcast. ?Just because someone consumes more data doesn?t mean they drive more cost.? Yet even as the providers continually upgrade their networks, the cost of the equipment needed to do so is shrinking steadily, reflecting the well-worn economics of computing. Indeed, the equipment needed to add capacity to any household costs a fraction of one month?s Internet service bill. Comcast, the nation?s largest cable provider, has told investors that doubling the Internet capacity of a neighborhood costs an average of $6.85 a home. The cost of providing Internet service is about to fall even more, as cable companies install new technology, called Docsis 3, that will both increase their capacity and allow them to offer much faster download speeds. So far, however, companies in the United States have chosen to use Docsis 3 as an opportunity to offer far more expensive Internet plans. Comcast has introduced a new 50-megabit-per-second service at $139 a month, compared with its existing service that costs about $45 a month for 8 megabits per second. Time Warner just announced it will charge $99 for 50 megabits per second. By contrast, JCom, the largest cable company in Japan, sells service as fast as 160 megabits per second for $60 a month, only $5 a month more than its slower service. Why so cheap? JCom faces more competition from other Internet providers than companies in the United States do. Cable systems in the United States use the same technology and have roughly the same costs. Comcast told investors that the hardware to provide 50-megabits-per-second service costs less than it had been paying for the equipment for 6 megabits per second. Questions about the speed, availability and affordability of Internet service in the United States will be central to the study Congress has required from the Federal Communications Commission next year. And cable and phone executives are worried that the commission may call for more regulation of Internet service, which currently is free from any government price controls. Time Warner Cable abandoned its plan to expand a test of what it called ?usage-based pricing? in four cities after Senator Charles E. Schumer, Democrat of New York, announced his opposition to the idea in a meeting with Glenn A. Britt, the company?s chief executive. From rforno at infowarrior.org Mon Apr 20 17:44:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Apr 2009 13:44:51 -0400 Subject: [Infowarrior] - Book: Cyberpower and National Security Message-ID: <9C838DBE-F1AD-421F-8651-2EFD3EF96B97@infowarrior.org> Cyberpower and National Security Edited by Franklin D. Kramer, Stuart H. Starr and Larry Wentz 642 pages; 6" x 9"; 36 Figures; 19 Tables Paperback $39.95 $31.96 978-1-59797-423-3 http://www.potomacbooksinc.com/Books/BookDetail.aspx?productID=207249 The cyber domain is undergoing extraordinary changes that present both exceptional opportunities to and major challenges for users of cyberspace. The challenges arise from the malevolent actors who use cyberspace and the many security vulnerabilities that plague this sphere. Exploiting opportunities and overcoming challenges will require a balanced body of knowledge on the cyber domain. Cyberpower and National Security assembles a group of experts and discusses pertinent issues in five areas. The first section provides a broad foundation and overview of the subject by identifying key policy issues, establishing a common vocabulary, and proposing an initial version of a theory of cyberpower. The second section identifies and explores possible changes in cyberspace over the next fifteen years by assessing cyber infrastructure and security challenges. The third section analyzes the potential impact of changes in cyberspace on the military and informational levers of power. The fourth section addresses the extent to which changes in cyberspace serve to empower key entities such as transnational criminals, terrorists, and nation-states. The final section examines key institutional factors, which include issues concerning governance, legal dimensions, critical infrastructure protection, and organization. Cyberpower and National Security frames the key issues concerned and identifies the important questions involved in building the human capacity to address cyber issues, balancing civil liberties with national security considerations, and developing the international partnerships needed to address cyber challenges. With more than two dozen contributors, Cyberpower and National Security covers it all. About the Author(s)/Editor(s) Franklin D. Kramer is a distinguished research fellow in the Center for Technology and National Security Policy at the National Defense University. He served as the assistant secretary of defense for international security affairs from 1996 to 2001. Stuart H. Starr is also a distinguished research fellow in the Center for Technology and National Security Policy at the National Defense University. He concurrently serves as the president of the Barcroft Research Institute. Larry Wentz is a senior research fellow in the Center for Technology and National Security Policy at the National Defense University. From rforno at infowarrior.org Mon Apr 20 18:30:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Apr 2009 14:30:28 -0400 Subject: [Infowarrior] - NSA, DOJ, AIPAC, Congress, and wiretapping Message-ID: <4B399608-90F2-446B-91B4-543CAC0E1B9B@infowarrior.org> April 19, 2009 ? 8:49 p.m. Sources: Wiretap Recorded Rep. Harman Promising to Intervene for AIPAC By Jeff Stein, CQ SpyTalk Columnist http://www.cqpolitics.com/wmspage.cfm?docID=hsnews-000003098436&cpage=1 Rep. Jane Harman , the California Democrat with a longtime involvement in intelligence issues, was overheard on an NSA wiretap telling a suspected Israeli agent that she would lobby the Justice Department to reduce espionage-related charges against two officials of the American Israeli Public Affairs Committee, the most powerful pro-Israel organization in Washington. Harman was recorded saying she would ?waddle into? the AIPAC case ?if you think it?ll make a difference,? according to two former senior national security officials familiar with the NSA transcript. In exchange for Harman?s help, the sources said, the suspected Israeli agent pledged to help lobby Nancy Pelosi , D-Calif., then-House minority leader, to appoint Harman chair of the Intelligence Committee after the 2006 elections, which the Democrats were heavily favored to win. Seemingly wary of what she had just agreed to, according to an official who read the NSA transcript, Harman hung up after saying, ?This conversation doesn?t exist.? Harman declined to discuss the wiretap allegations, instead issuing an angry denial through a spokesman. ?These claims are an outrageous and recycled canard, and have no basis in fact,? Harman said in a prepared statement. ?I never engaged in any such activity. Those who are peddling these false accusations should be ashamed of themselves.? It?s true that allegations of pro-Israel lobbyists trying to help Harman get the chairmanship of the intelligence panel by lobbying and raising money for Pelosi aren?t new. They were widely reported in 2006, along with allegations that the FBI launched an investigation of Harman that was eventually dropped for a ?lack of evidence.? What is new is that Harman is said to have been picked up on a court- approved NSA tap directed at alleged Israel covert action operations in Washington. And that, contrary to reports that the Harman investigation was dropped for ?lack of evidence,? it was Alberto R. Gonzales, President Bush?s top counsel and then attorney general, who intervened to stop the Harman probe. Why? Because, according to three top former national security officials, Gonzales wanted Harman to be able to help defend the administration?s warrantless wiretapping program, which was about break in The New York Times and engulf the White House. As for there being ?no evidence? to support the FBI probe, a source with first-hand knowledge of the wiretaps called that ?bull****.? ?I read those transcripts,? said the source, who like other former national security officials familiar with the transcript discussed it only on condition of anonymity because of the sensitivity of domestic NSA eavesdropping. ?It?s true,? added another former national security official who was briefed on the NSA intercepts involving Harman. ?She was on there.? Such accounts go a long way toward explaining not only why Harman was denied the gavel of the House Intelligence Committee, but failed to land a top job at the CIA or Homeland Security Department in the Obama administration. Gonzales said through a spokesman that he would have no comment on the allegations in this story. The identity of the ?suspected Israeli agent? could not be determined with certainty, and officials were extremely skittish about going beyond Harman?s involvement to discuss other aspects of the NSA eavesdropping operation against Israeli targets, which remain highly classified. But according to the former officials familiar with the transcripts, the alleged Israeli agent asked Harman if she could use any influence she had with Gonzales, who became attorney general in 2005, to get the charges against the AIPAC officials reduced to lesser felonies. AIPAC official Steve Rosen had been charged with two counts of conspiring to communicate, and communicating national defense information to people not entitled to receive it. Weissman was charged with conspiracy. AIPAC dismissed the two in May 2005, about five months before the events here unfolded. Harman responded that Gonzales would be a difficult task, because he ?just follows White House orders,? but that she might be able to influence lesser officials, according to an official who read the transcript. Justice Department attorneys in the intelligence and public corruption units who read the transcripts decided that Harman had committed a ?completed crime,? a legal term meaning that there was evidence that she had attempted to complete it, three former officials said. And they were prepared to open a case on her, which would include electronic surveillance approved by the so-called FISA Court, the secret panel established by the 1979 Foreign Intelligence Surveillance Act to hear government wiretap requests. First, however, they needed the certification of top intelligence officials that Harman?s wiretapped conversations justified a national security investigation. Then-CIA Director Porter J. Goss reviewed the Harman transcript and signed off on the Justice Department?s FISA application. He also decided that, under a protocol involving the separation of powers, it was time to notify then-House Speaker J. Dennis Hastert, R-Ill., and Minority Leader Pelosi, of the FBI?s impending national security investigation of a member of Congress ? to wit, Harman. Goss, a former chairman of the House Intelligence Committee, deemed the matter particularly urgent because of Harman?s rank as the panel?s top Democrat. But that?s when, according to knowledgeable officials, Attorney General Gonzales intervened. According to two officials privy to the events, Gonzales said he ?needed Jane? to help support the administration?s warrantless wiretapping program, which was about to be exposed by the New York Times. Harman, he told Goss, had helped persuade the newspaper to hold the wiretap story before, on the eve of the 2004 elections. And although it was too late to stop the Times from publishing now, she could be counted on again to help defend the program He was right. On Dec. 21, 2005, in the midst of a firestorm of criticism about the wiretaps, Harman issued a statement defending the operation and slamming the Times, saying, ?I believe it essential to U.S. national security, and that its disclosure has damaged critical intelligence capabilities.? Pelosi and Hastert never did get the briefing. And thanks to grateful Bush administration officials, the investigation of Harman was effectively dead. Many people want to keep it that way. Goss declined an interview request, and the CIA did not respond to a request to interview former Director Michael V. Hayden , who was informed of the Harman transcripts but chose to take no action, two knowledgeable former officials alleged. Likewise, the first director of national intelligence, former ambassador John D. Negroponte, was opposed to an FBI investigation of Harman, according to officials familiar with his thinking, and let the matter die. (Negroponte was traveling last week and did not respond to questions relayed to him through an assistant.) Harman dodged a bullet, say disgusted former officials who have pursued the AIPAC case for years. She was protected by an administration desperate for help. ?It?s the deepest kind of corruption,? said a recently retired longtime national security official who was closely involved in AIPAC investigation, ?which was years in the making. ?It?s a story about the corruption of government ? not legal corruption necessarily, but ethical corruption.? Ironically, however, nothing much was gained by it. The Justice Department did not back away from charging Rosen and fellow AIPAC official Keith Weissman with espionage (for allegedly giving classified Pentagon documents to Israeli officials). Gonzales was engulfed by the NSA warrantless wiretapping scandal. And Jane Harman was relegated to chairing a House Homeland Security subcommittee. Join Jeff Stein for a live online chat at 3:30 p.m. today about his story, or submit a question for Jeff. Jeff Stein can be reached at jstein at cq.com. This story originally ran as CQ Homeland Security's Spytalk column. From rforno at infowarrior.org Tue Apr 21 16:18:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Apr 2009 12:18:18 -0400 Subject: [Infowarrior] - Study: pirates biggest music buyers Message-ID: <375121FC-CC81-49CC-B2D5-37016CF615C5@infowarrior.org> Study: pirates biggest music buyers. Labels: yeah, right Those who download "free" music from P2P networks are more likely to spend money on legit downloads than those who are squeaky clean, according to a new report out of Norway. The music labels, however, aren't quite buying that data. By Jacqui Cheng | Last updated April 20, 2009 10:31 PM CT http://arstechnica.com/media/news/2009/04/study-pirates-buy-tons-more-music-than-average-folks.ars Those who download illegal copies of music over P2P networks are the biggest consumers of legal music options, according to a new study by the BI Norwegian School of Management. Researchers examined the music downloading habits of more than 1,900 Internet users over the age of 15, and found that illegal music connoisseurs are significantly more likely to purchase music than the average, non-P2P-loving user. Unsurprisingly, BI found that those between 15 and 20 are more likely to buy music via paid download than on a physical CD, though most still purchased at least one CD in the last six months. However, when it comes to P2P, it seems that those who wave the pirate flag are the most click-happy on services like the iTunes Store and Amazon MP3. BI said that those who said they download illegal music for "free" bought ten times as much legal music as those who never download music illegally. "The most surprising is that the proportion of paid download is so high," the Google-translated Audun Molde from the Norwegian School of Management told Aftenposten. Record label EMI doesn't quite buy into BI's stats, though. EMI's Bj?rn Rogstad told Aftenposten that the results make it seem like free downloads stimulate pay downloads, but there's no way to know for sure. "There is one thing we are not going away, and it is the consumption of music increases, while revenue declines. It can not be explained in any way other than that the illegal downloading is over the legal sale of music," Rogstad said. Rogstad's dismissal of the findings don't take into account that the online music model has dramatically changed how consumers buy music. Instead of selling a huge volume of full albums?the physical media model?the record labels are now selling a huge volume of individual, cherry-picked tracks. It's no secret that the old album format is in dire straits thanks to online music, which is a large part of why overall music revenue is going down. BI's report corroborates data that the Canadian branch of the RIAA, the Canadian Record Industry Association, released in 2006. At that time, the organization acknowledged that P2P users do indeed buy more music than the industry wants to admit, and that P2P isn't the primary reason why other people aren't buying music. 73 percent of of respondents to the CRIA's survey said that they bought music after they downloaded it illegally, while the primary reason from the non- P2P camp for not buying music was attributed to plain old apathy. From rforno at infowarrior.org Tue Apr 21 19:44:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Apr 2009 15:44:51 -0400 Subject: [Infowarrior] - On Macs And Malware Message-ID: <31E5EC7E-4F1B-4595-84B6-A31DFF4D4C45@infowarrior.org> http://www.businessweek.com/technology/ByteOfTheApple/blog/archives/2009/04/on_macs_and_mal.html On Macs And Malware Posted by: Arik Hesseldahl on April 21 Windows apologists hate being reminded that their platform of choice has long been rife with security problems, and that relatively speaking, the Mac suffers less from these problems. I was reminded of this in spades in recent days furious comments on last week?s column and emails from Windows fans. Here?s a sample from a reader known as Robert: ?NO NEED FOR ANTI-VIRUS ON A MAC??!!! Are you serious? I can?t believe I just read that?? Yes Robert. You did read it. And I meant it, because I?m living proof that Mac user can exist happily without using anti-virus software on their computer, and I have done so for about a decade. Now there are some caveats to that statement. First off circumstances can change. A very scary new threat could emerge on the Mac tomorrow that sends people like me running to the near security software vendor, credit card in hand. And there are certain scenarios where it makes sense to use anti-virus or anti-malware protection on you Mac. I?ll get to those scenarios presently. But first, after the jump, let me tell out about the last time I saw a Mac virus. I remember very well the last time I experienced malware of any kind on a Mac: It was in the summer of 1998. I worked at a now-defunct trade publication called Internet World, where I was required to use an IBM ThinkPad running Windows 95. To this day I remember this machine as the very best Windows computer I have ever used, but I digress. A guy in the art department ? the art department was all Macs, naturally ? had copied some files for me. One was a Quicktime file of the fan-made Star Wars parody film Troops, which had been making the rounds. He copied it to an Iomega Zip Disk which I promptly took home. This disk was one I used frequently for sharing files around my house. As I later learned, this disk picked up an infection at the office. (The "Troops" file had nothing to do with it.) It was popularly known as theAutostart 9805 worm, also known as the Hong Kong virus, and having jumped from the art guy?s machine to my Zip disk, it jumped next to my machine at home, a PowerMac 6500/250 running Mac OS 8.1, and soon as that same disk was used to share files around the house, had spread to other Macs in the house, and from there to Macs outside our home after sharing other disks. Once I discovered the infection I ran an application called WormScanner to eliminate it, and then I thoroughly scanned all the affected machines for any other known viruses. There weren?t any. The damage was minimal: A few files were corrupted, and I blew a Saturday night running virus scans instead of doing something fun. But that was it. That was 11 years ago. Since moving to Mac OS X in 2001 I haven?t bothered with anti-virus software because broadly speaking, there hasn?t been anything for a reasonably cautious Mac users to worry about. The few threats that have materialized have for the most part been Trojans. In the universe of computer malware a Trojan, is a very specific kind of threat that is different from either a computer virus or a worm. A virus is something your computer catches, usually via contact with infected media, like a CD, USB drive, external drive, floppy disk, and sometimes it?s attached to a program or file. A worm is a type of virus that tends to spread itself via network connections, and so doesn?t need to be passed actively by users on infected media. A Trojan ? the name is borrowed from the Trojan Horse of Greek mythology -- is something else: It?s a bad program that is designed to masquerade as something else, usually something you think you want. It?s introduced to the target system by way of the user actively installing it after having been fooled into doing so. Trojans are the types of malware most often seen for the Mac, and so when Macs get infected with malware, it means that the user of the target machine has been tricked into thinking they were installing something else. Sometimes Trojans can be made to look like documents and sent as attachments in email. One Trojan for the Mac I remember from about 2005 was one that masqueraded as a Dashboard Widget, but was really a proof-of-concept, meant to demonstrate the potential vulnerability. Another, called OSX.RSPlugA surfaced in 2007 was spotted in the wild in 2007 being served by 65 porn sites. Visitors to said site would click on a link to a ?video? only to be told they didn?t have the latest version of some video software, and were then asked if they wanted the latest version, and were presented with a link. Instead of new video software and a naughty clip they got a program, which once installed changed the target machine?s network settings. Wired?s Ryan Singel covered the outbreak here and here. Among the other things the Trojan could do: If you tried to visit the Web site of your bank or credit card company, your browser session would be intercepted so that your user name and password could be captured as you typed them in. Scary? Yes. Widespread? No. The RSPlug Trojan is still around and has morphed into new variants. Security software firm Sophos found an interesting case of a variant called RSPlug.F pretending to be a new HD video program. (As if Quicktime plus Perian weren?t enough?.) More recently, a new Trojan has been seen on BitTorrent file-sharing networks attached to pirated versions of Mac software like iWork and Adobe Photoshop CS4. As reported by Ars Technica. This Trojan, known as the iServices Trojan, joined targeted Macs into a botnet ? meaning that many compromised machines can be controlled remotely in order to carry out malicious actions as a group. Sometimes they?re used to execute distributed denial of service attacks against Web sites by overwhelming the targeted site?s Web server with constant requests for attention. Other times botnets are used to convey large volumes of email spam. It?s not known exactly how many Macs were assembled into this botnet, though Intego, a company that sells security software for the Mac said that some 20,000 people had downloaded infected versions of iWork and Photoshop in January. Some interesting technical details about it, from someone whose machine was part of the botnet can be found here. The largest known botnet, not surprisingly made up of compromised Windows machines, is thought to be the one created by the Conficker Worm, which has been spotted on more than 4 million individual IP addresses. What this means to me ? and here is the caveat that I promised above ? is this: If you?re the kind of person who?s likely to trust a porn site to serve up legitimate copies of video software, or who trusts pirated versions of commercial software found on file-sharing networks, then by all means, download and install whatever anti- malware program you feel best meets your needs for your Mac. Personally I don?t fit either profile and so I?ll continue on my merry but cautious way. I?m generally pretty careful about what I put on my machine. Before downloading and installing shareware, I vet it a little first, and check its reputation via sites like Macupdate.com or Versiontracker. Many pundits have been saying that the Mac it?s ?only a matter of time? before a serious security threat emerges for the Mac and shocks people like me out of their complacency. There have been many points when this was supposed to happen: As a result of the transition from OS 9 to the Unix-based OS X, and the reason was all the underlying security vulnerabilities lurking within the BSD Unix on which it is based. It didn?t happen. Then there was the switch to Intel processors bringing with it the ability to run Windows on a Mac. This, many with a chip in the security software game argued, only heightened the potential threat to Mac users. I didn?t buy their arguments then and I don?t buy them now. With the exception of these Trojans ?: which to me prove only that there?s no cure for stupidity or bad judgment ?: nothing of substance has changed since then. Windows malware in aggregate still far, far outnumbers malware for the Mac. A malware discovery on Windows is still a near-daily occurrence that no longer makes the news, (Conficker stories on ?60 Minutes? notwithstanding) while the same discovery on the Mac, given Apple?s high profile in the media, makes news, however much the details concerning what the malware actually does and how it spreads get lost in the heat of uninformed reporting. The result? Fear, Uncertainty, and Doubt, also known as FUD. Critics are quick to point out that the Mac has a smaller market share, making it a less inviting target. Since malware is now created with a financial motive, and so malware creators go where the numbers are, which globally means Windows users. Sure, there is some truth to that, but I don?t see what?s small about 46 million Macs sold so far this decade, out of a billion-plus personal computers in use around around the world. There are other factors to consider. The most determined malware creators tend to live in places like Russia, Eastern Europe and China, places where historically Macs aren?t as popular. Perhaps malware creators haven?t the experience in writing software for the Mac. Or maybe they're just waiting for the moment to slap Mac users upside the head with something devastating. No one can say for sure. Or it may be that the Mac OS simply doesn?t have the same types of security holes and vulnerabilities that have historically caused problems on Windows. I suspect it?s a combination of these and other factors. Regardless, it's clear that there will continue to be attention paid in the media to the matter of Mac security. Rich Mogull at TidBits has a nice summary of how Mac users and others should consider and evaluate the stories that are likely to emerge about new instances of Mac malware in the coming months and years. It will be helpful to keep a shaker of salt nearby as these stories emerge and to read beyond the headlines. Or maybe I?m just a Mac-loving Pollyanna. In my own defense, I have to say I like my chances to far. TrackBack URL for this entry: http://blogs.businessweek.com/mt/mt-tb.cgi/14093.141291259 From rforno at infowarrior.org Tue Apr 21 20:14:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Apr 2009 16:14:22 -0400 Subject: [Infowarrior] - SCOTUS Limits Searches of Suspect's Car After Arrest Message-ID: <72386A59-BB6D-4543-94E6-8DDEDE21F542@infowarrior.org> Interesting split on the court, I think. ---rf High Court Limits Searches of Suspect's Car After Arrest By Robert Barnes Washington Post Staff Writer Tuesday, April 21, 2009 2:10 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/04/21/AR2009042102125_pf.html The Supreme Court today sharply limited the power of police to search a suspect's car after making an arrest, acknowledging that the decision changes a rule that law enforcement has relied on for nearly 30 years. In a decision written by Justice John Paul Stevens, an unusual five- member majority said police may search a vehicle without a warrant only when the suspect could reach for a weapon or try to destroy evidence or when it is "reasonable to believe" there is evidence in the car supporting the crime at hand. The court noted that law enforcement for years has interpreted the court's rulings on warrantless car searches to mean that officers may search the passenger compartment of a vehicle as part of a lawful arrest of a suspect. But Stevens said that was a misreading of the court's decision in New York v. Belton in 1981. "Blind adherence to Belton's faulty assumption would authorize myriad unconstitutional searches," Stevens said, adding that the court's tradition of honoring past decisions did not bind it to continue such a view of the law. "The doctrine of stare decisis does not require us to approve routine constitutional violations." Stevens was joined by two of his most liberal colleagues -- Justices David H. Souter and Ruth Bader Ginsburg -- and two of his most conservative -- Justices Antonin Scalia and Clarence Thomas. The decision overturned a three-year prison sentence for Arizonan Rodney Gant, who had been convicted of cocaine possession. Police found the drug in a search of his car, following his arrest for driving with a suspended license. Gant had already walked away from his car when he was arrested, and he sat handcuffed a distance away while police searched his car. "Police could not reasonably have believed either that Gant could have accessed his car at the time of the search or that evidence of the offense for which he was arrested might have been found therein," Stevens wrote. Justice Samuel A. Alito Jr., writing for the four dissenters, said the court's insistence that its precedents had been misinterpreted was simply a cover for getting rid of a decision with which it disagreed. He said the replacement of what had been an easy-to-understand "bright line" rule for police "is virtually certain to confuse law enforcement officers and judges for some time to come." The court's new rules will endanger arresting officers, he said, and "cause the suppression of evidence gathered in many searches carried out in good-faith reliance on well-settled case law." He was joined by Chief Justice John G. Roberts Jr. and Justices Anthony M. Kennedy and Stephen G. Breyer. The case is Arizona v. Gant. From rforno at infowarrior.org Wed Apr 22 10:34:29 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Apr 2009 06:34:29 -0400 Subject: [Infowarrior] - Military Command to Focus on Cybersecurity Message-ID: <017FFE0B-8807-4262-A1F9-9E022AB870AF@infowarrior.org> * APRIL 22, 2009, 5:52 A.M. ET New Military Command to Focus on Cybersecurity By SIOBHAN GORMAN and YOCHI J. DREAZEN http://online.wsj.com/article/SB124035738674441033.html WASHINGTON -- The Obama administration plans to create a new military command to coordinate the defense of Pentagon computer networks and improve U.S. offensive capabilities in cyberwarfare, according to current and former officials familiar with the plans. The initiative will reshape the military's efforts to protect its networks from attacks by hackers, especially those from countries such as China and Russia. The new command will be unveiled within the next few weeks, Pentagon officials said. The move comes amid growing evidence that sophisticated cyberspies are attacking the U.S. electric grid and key defense programs. A page-one story in The Wall Street Journal on Tuesday reported that hackers breached the Pentagon's biggest weapons program, the $300 billion Joint Strike Fighter, and stole data. Lawmakers on the House Oversight and Government Reform Committee wrote to the defense secretary Tuesday requesting a briefing on the matter. Lockheed Martin Corp., the project's lead contractor, said in a statement Tuesday that it believed the article "was incorrect in its representation of successful cyber attacks" on the F-35 program. "To our knowledge, there has never been any classified information breach," the statement said. The Journal story didn't say the stolen information was classified. Related Article * Computer Spies Breach Fighter-Jet Project 04/21/09 President Barack Obama, when he was a candidate for the White House, pledged to elevate cybersecurity as a national-security issue, equating it in significance with nuclear and biological weapons. A White House team reviewing cybersecurity policy has completed its recommendations, including the creation of a top White House cyberpolicy official. Details of that and other proposals are still under debate. A final decision from the president is expected soon. A draft of the White House review steps gingerly around the question of how to improve computer security in the private sector, especially key infrastructure such as telecommunications and the electricity grid. The document stresses the importance of working with the private sector and civil-liberties groups to craft a solution, but doesn't call for a specific government role, according to a person familiar with the draft. Defense Secretary Robert Gates plans to announce the creation of a new military "cyber command" after the rollout of the White House review, according to military officials familiar with the plan. The Pentagon has several command organizations structured according to both geography and operational responsibility. Central Command, for example, oversees the wars in Iraq and Afghanistan, while the Special Operations Command is responsible for operations involving elite operatives such as Navy Seals. View Full Image Defense Secretary Robert Gates plans to announce the creation of a new military 'cyber command' after the rollout of a White House review. Associated Press Defense Secretary Robert Gates plans to announce the creation of a new military 'cyber command' after the rollout of a White House review. Defense Secretary Robert Gates plans to announce the creation of a new military 'cyber command' after the rollout of a White House review. Defense Secretary Robert Gates plans to announce the creation of a new military 'cyber command' after the rollout of a White House review. The cyber command is likely to be led by a military official of four- star rank, according to officials familiar with the proposal. It would, at least initially, be part of the Pentagon's Strategic Command, which is currently responsible for computer-network security and other missions. Pentagon officials said the front-runner to lead the new command is National Security Agency Director Keith Alexander, a three-star Army general. In a rare public appearance Tuesday at a cybersecurity conference in San Francisco, Gen. Alexander called for a "team" approach to cybersecurity that would give the NSA lead responsibility for protecting military and intelligence networks while the Department of Homeland Security worked to protect other government networks. His spokeswoman said he had no additional comment. Former President George W. Bush's top intelligence adviser, Mike McConnell, first proposed the creation of a unified cyber command last fall. The military's cybersecurity efforts are currently divided between entities like the NSA and the Defense Information Systems Agency, which is responsible for ensuring secure and reliable communications for the military. The Air Force also runs a significant cybersecurity effort. Advocates believe the new command will be able to avoid duplication and better leverage the technical expertise of the agencies and the military services' cyberwarriors. Cyber defense is the Department of Homeland Security's responsibility, so the command would be charged with assisting that department's defense efforts. The relationship would be similar to the way Northern Command supports Homeland Security with rescue capabilities in natural disasters. The NSA, where much of the government's cybersecurity expertise is housed, established a similar relationship with Homeland Security through a cybersecurity initiative that the Bush administration began in its final year. NSA's increasingly muscular role in domestic cybersecurity has raised alarms among some officials and on Capitol Hill. Rod Beckstrom, former chief of the National Cyber Security Center, which is charged with coordinating cybersecurity activities across the U.S. government, resigned last month after warning that the growing reliance on the NSA was a "bad strategy" that posed "threats to our democratic processes." Gen. Alexander countered in his speech Tuesday that the NSA did "not want to run cybersecurity for the U.S. government." ?August Cole contributed to this article. Write to Siobhan Gorman at siobhan.gorman at wsj.com and Yochi J. Dreazen at yochi.dreazen at wsj.com Printed in The Wall Street Journal, page A2 Copyright 2008 Dow Jones & Company, Inc. All Rights Reserved From rforno at infowarrior.org Wed Apr 22 10:36:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Apr 2009 06:36:09 -0400 Subject: [Infowarrior] - Open Security Foundation Wins the SC Magazine 2009 Editor's Choice Award References: Message-ID: <6DB79EF7-82A6-43E9-B05D-C1FE33E38E1A@infowarrior.org> Begin forwarded message: > From: lyger > Date: April 22, 2009 2:01:50 AM EDT > To: attrition at attrition.org > Subject: [attrition] news: Open Security Foundation Wins the SC > Magazine 2009 Editor's Choice Award > Reply-To: staff at attrition.org > > > http://attrition.org/news/content/09-04-22.001.html > > Thanks, everyone :) > > [..] > > ______________________________________________ > Attrition Mailing List (http://attrition.org) From rforno at infowarrior.org Wed Apr 22 11:08:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Apr 2009 07:08:11 -0400 Subject: [Infowarrior] - OT: Cassini photos Message-ID: Stunning photos of Saturn, her rings, and moons from the Cassini probe. The photo of the moon Enceladus looks almost like the Death Star sans laser dish, too. :) http://www.dailymail.co.uk/sciencetech/article-1172205/Saturn-close-Sensational-cosmic-images-bring-ringed-planet-life.html -rf From rforno at infowarrior.org Wed Apr 22 19:29:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Apr 2009 15:29:54 -0400 Subject: [Infowarrior] - Web founder makes online privacy plea Message-ID: Web founder makes online privacy plea Apr 22 09:56 AM US/Eastern http://www.breitbart.com/article.php?id=CNG.e21bbbc9d0fd2f2a807e5013a1bc1fdd.e41&show_article=1 Plans by Internet service providers to deliver targeted adverts to consumers based on their Web searches threaten online privacy and should be opposed, the founder of the Web said Wednesday. "I just want to know that when I click on a link it is between me and the Web, and the Internet service provider is not going to immediately characterise me in different categories for advertising or insurance of for government use," Tim Berners-Lee told a Web conference in Madrid. "The postman does not open my mail, the telephone company does not listen to my telephone conversations. Internet use is often more intimate than those things," he added. New software called Webwise allows Internet service providers to show adverts to their clients based on their Web browsing habits instead of based on the content of a single Web page as currently happens. Several British Internet service providers, including BT and Virgin Media, have said they are considering using the software, which is aimed at making the Web more financially profitable for advertisers. With the help of other scientists at the European Organisation for Nuclear Research (CERN), Berners-Lee set up the Web in 1989 to allow thousands of scientists around the world to stay in touch. The WWW technology -- which simplifies the process of searching for information on the Internet -- was first made more widely available from 1991 after CERN was unable to ensure its development, and the organisation made a landmark decision two years later not to levy royalties. Copyright AFP 2008, From rforno at infowarrior.org Wed Apr 22 19:30:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Apr 2009 15:30:41 -0400 Subject: [Infowarrior] - Fwd: [Dataloss] Diary of a Data Breach Investigation References: Message-ID: <4758FEFE-0C2D-47DE-9E61-5C55AC50DA6A@infowarrior.org> Begin forwarded message: > From: security curmudgeon > Date: April 22, 2009 3:06:18 PM EDT > To: dataloss at datalossdb.org > Subject: [Dataloss] Diary of a Data Breach Investigation > > > http://www.cio.com/article/487728/Diary_of_a_Data_Breach_Investigation > > By Anonymous > Wed, April 01, 2009 CSO Monday > > When the CISO asks to speak to you with that look on his face, you > know > the news isn't good. We were contacted by one of our third-party > vendors, > whom we had hired to do analysis on our website traffic. > > It appears that we have been passing sensitive information to them > over > the Internet. This sensitive information included data, such as > customer > names, addresses and credit card information. Because we are a public > company, there are many regulatory guidelines that we have to follow > like > Sarbanes-Oxley (SOX) and the Payment Card Industry's (PCI) data > security > standard. > > Fortunately for us, our vendor has retained a copy of everything > that we > have sent to them. > > Unfortunately for us, it was six months of information totaling over a > terabyte. > > [..] > _______________________________________________ > Dataloss Mailing List (dataloss at datalossdb.org) From rforno at infowarrior.org Wed Apr 22 19:38:04 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Apr 2009 15:38:04 -0400 Subject: [Infowarrior] - Fun with YouTube's Audio Content ID System Message-ID: <08CF5417-529B-44F9-9673-7418DA926EA0@infowarrior.org> Fun with YouTube's Audio Content ID System Mirror: http://www.infowarrior.org/users/rforno/mirror/fingerprint/ Original: http://www.csh.rit.edu/~parallax/ From rforno at infowarrior.org Wed Apr 22 23:45:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Apr 2009 19:45:48 -0400 Subject: [Infowarrior] - A Cyber-Attack on an American City Message-ID: A Cyber-Attack on an American City Bruce Perens http://perens.com/works/articles/MorganHill/ Just after midnight on Thursday, April 9, unidentified attackers climbed down four manholes serving the Northern California city of Morgan Hill and cut eight fiber cables in what appears to have been an organized attack on the electronic infrastructure of an American city. Its implications, though startling, have gone almost un-reported. That attack demonstrated a severe fault in American infrastructure: its centralization. The city of Morgan Hill and parts of three counties lost 911 service, cellular mobile telephone communications, land-line telephone, DSL internet and private networks, central station fire and burglar alarms, ATMs, credit card terminals, and monitoring of critical utilities. In addition, resources that should not have failed, like the local hospital's internal computer network, proved to be dependent on external resources, leaving the hospital with a "paper system" for the day. In technical terms, the area was partitioned from the surrounding internet. What was the attackers goal? Nothing has been revealed. Robbery? With wires cut, silent alarms were useless. Manipulation of the stock market? Companies, brokerages, and investors in the very wealthy community were cut off. Mayhem, murder, terrorism? But nothing like that seems to have happened. Some theorize unhappy communications workers, given the apparent knowledge of the community's infrastructure necessary for this attack. Or did the attackers simply want to teach us a lesson? Although they are silent on the topic, I hope those responsible for emergency services, be they in business or government, are learning the lessons of Morgan Hill. The first lesson is what stayed up: stand- alone radio systems and not much else. Cell phones failed. Cellular towers can not, in general, connect phone calls on their own, even if both phones are near the same tower. They communicate with a central switching computer to operate, and when that system doesn't respond, they're useless. But police and fire authorities still had internal communications via two-way radio. Realizing that they'd need more two-way radio, authorities dispatched police to wake up the emergency coordinator of the regional ham radio club, and escort him to the community hospital with his equipment. Area hams dispatched ambulances and doctors, arranged for essential supplies, and relayed emergency communications out of the area to those with working telephones. That the hospital's local network failed is evidence of over- dependence on centralized services. The development of the internet's communications protocols was sponsored by the U.S. Army, and the scientists involved planned for a system robust enough to be used by the military in wartime. But it still takes local engineering skill to implement robust networking services. Most companies stop when something works, not considering whether or how it will work in an emergency. Institutional networks, even those of emergency services providers, are rarely tested for operation while disconnected from the outside world. Many such networks depend on outside services to match host names to network addresses, and thus stop operating the moment they are disconnected from the internet. Even when the internal network stays up, email is often hosted on some outside service, and thus becomes unavailable. Programs that depend on an internet connection for license verification will fail, and this feature is often found in server software. Commercial VoIP telephone systems will stay up for internal use if properly engineered to be independent of outside resources, but consumer VoIP equipment will fail. This should lead managers of critical services to reconsider their dependence on software-as-a-service rather than local servers. Having your email live at Google means you don't have to manage it, but you can count on it being unavailable if your facility loses its internet connection. The same is true for any web service. And that's not acceptable if you work at a hospital or other emergency services provider, and really shouldn't be accepted at any company that expects to provide services during an infrastructure failure. Email from others in your office should continue to operate. What to do? Local infrastructure is the key. The services that you depend on, all critical web applications and email, should be based at your site. They need to be able to operate without access to databases elsewhere, and to resynchronize with the rest of your operation when the network comes back up. This takes professional IT engineering to implement, and will cost more to manage, but won't leave you sitting on your hands in an emergency. Communications will be a problem during any emergency. Two-way radios have, to a great extent, been replaced by cellular "walkie-talkie" services that can not be relied upon to work during an infrastructure failure. Real two-way radios, stand-alone pager systems, and radio repeaters that enable regional communications are still available to the governments and businesses that endure the expense of planning, acquiring, maintaining, and testing them. Corporate disaster planners should look into such facilities. Municipalities, regardless of their size, should not consider abandoning such resources in favor of the less-robust cellular services. Satellite telephones can be expected to keep operating, although they too depend on a land infrastructure. They are expensive, and they frequently fail in emergency situations simply because their users, administrative officials rather than technical staff, fail to keep them charged and have no back-up power resource once they are discharged. A big plus for Morgan Hill was that emergency services had an well- practiced partnership with the local hams. Since you can never budget for all of the communications technicians you'll need in an emergency, using these volunteers is a must for any civil authority. They come with their own equipment, they run their own emergency drills and thus are ready to serve, and they are tinkerers able to improvise the communications system needed to meet a particular emergency. Which brings us to the issue of testing. No disaster system can be expected to work without regular testing, not only of the physical infrastructure provided for an emergency but of the people who are expected to use it, in its disaster mode. But such testing takes much time and work, and tends to trigger any lurking infrastructure problems, creating outages of its own. It's much better to work such things out as a result of testing than to meet them during a real disaster. We should also consider whether it might be necessary to harden some of the local infrastructure of our communities. The old Bell System used to arrange cables in a ring around a city, so that a cut in any one location could be routed around. It's not clear how much modern telephone companies have continued that practice. It might not have helped in Morgan Hill, as the attackers apparently even disabled an unused cable that could have been used to recover from the broken connections. Surprisingly, manholes don't usually have locks. They rely on the weight of the cover and general revulsion to keep people out. They are more likely to provide alarms for flooding than intrusion. Utility poles are similarly accessible. Much of our infrastructure isn't protected by anything so tough as a manhole cover. Underground cables are easily accessible in surface posts and "tombstones", boxes often located in residential neighborhoods. These can be wrecked with a screwdriver. Most buried cable cuts are caused by operating a back-hoe without first using one of the "call before digging" services to mark out the location of all of the buried utilities. What's done accidentally can also be done deliberately, and the same services that help diggers avoid utilities might point them out to an attacker. The most surprising news from Morgan Hill is that they survived reasonably unscathed. That they did so is a result of emergency planning in place for California's four seasons: fire, floods, earthquakes, and riots. Most communities don't practice disaster plans as intensively. Will there be another Morgan Hill? Definitely. And the next time it might happen to a denser community that won't be so astonishingly able to sustain the trouble using its two-way radios and hams. The next time, it might be connected with some other event, be it crime or terrorism. Company and government officers take notice: the only way you'll fare well is if you start planning now. From rforno at infowarrior.org Wed Apr 22 23:46:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Apr 2009 19:46:28 -0400 Subject: [Infowarrior] - When the FBI Raids a Data Center: A Rare Danger Message-ID: <62E7869A-6CC3-43B2-BE06-0E1070637944@infowarrior.org> (c/o KM) When the FBI Raids a Data Center: A Rare Danger By Robert Lemos http://www.cio.com/article/490340/When_the_FBI_Raids_a_Data_Center_A_Rare_Danger Wed, April 22, 2009 ? CIO ? As part of coordinated raids in early April, FBI agents seized computers from a data center at 2323 Bryan Street in Dallas, Texas, attempting to gather evidence in an ongoing investigation of two men and their various companies accused of defrauding AT&T and Verizon for more than $6 million. The FBI's target in the data center raid?one of five seizures conducted that day?is simply listed as Cabinet 24.02.900 in the affidavit and search warrant. Cabinet 24.02.900 allegedly held the computers and data used to serve voice-over-IP clients for the companies at the center of the case. Yet, it was also home to the digital presence of dozens of other businesses, according to press reports. To LiquidMotors, a company that provides inventory management to car dealers, the servers held its client data and hosted its managed inventory services. The FBI seizure of the servers in the data center rack effectively shut down the company, which filed a lawsuit against the FBI the same day to get the data back. "Although the search warrant was not issued for the purpose of seizing property belonging to Liquid Motors, the FBI seized all of the servers and backup tapes belonging to Liquid Motors, Inc.," the company stated in its court filing. "Since the FBI seized its computer equipment earlier today, Liquid Motors has been unable to operate its business." The court denied the company's attempt to get its data back, but the FBI offered to copy the data to blank tapes to help the company restart its services, according to a report in Wired. The incident has worried IT managers, especially those with a stake in cloud computing, where a company's data could be co-mingled with other businesses' data on a collection of servers. "The issue, I think, is one of how search and seizure laws are being interpreted for assets hosted in third-party facilities," James Urquhart, manager of Cisco Systems' Data Center 3.0 strategy, said in a recent blog post. "If the court upholds that servers can be seized despite no direct warrants being served on the owners of those servers? or the owners of the software and data housed on those servers?then imagine what that means for hosting your business in a cloud shared by thousands or millions of other users." Yet, a careful reading of the case suggest that such issues are unlikely, says attorney and former Department of Justice prosecutor James M. Aquilina, who argues that the FBI and the judges took the correct actions. "Probable cause to search is probable cause to search," says Aquilina, who is the executive managing director and deputy general counsel for Stroz Friedberg, a digital forensics and intellectual property advisory firm. "That being said, federal law enforcement agents, prosecutors, and magistrate judges alike remain sensitive to the realities of co-mingled data encountered at hosting providers." Typically, judges and law enforcement agents will attempt to work with co-location and data center providers to hone a search to specific data, he says. However, two factors in the current case changed that policy. Most importantly, the co-location firm was a suspect in the case. In addition, the firm's owner had stated that it "was transitioning from the service provider business to the Venture Capital business and they only had a handful of telecommunications customers," according to the FBI's affidavit. Such an assertion could make a judge less likely to limit a search and seizure, says Aquilina. Such determinations will become more difficult as virtualization technologies and cloud computing become more prevalent, says Scott Gode, vice president of product management for Azaleos, a managed service provider for Microsoft services. Virtual machines and nebulous temporal instances of applications divorced from physical machines could turn law enforcement's job into a game of whack-a-mole, he says. Even today's state of partial progress toward cloud computing, with dedicated machines running multi-tenant applications could still lead to massive collateral damage, if the company operating the data center is considered a suspect, Gode says. "Even with that dedicated box, there are tons of shared components within the data center," he says. "For a SAN storage unit, there is still a lot of caching devices, a lot of those are used ubiquitously by other components in the data center." Yet for the most part, larger companies contracting with larger providers are not the ones at the most risk, Gode says. Such firms usually will usually not be hosted alongside fly-by-night firms and will likely get more consideration from law enforcement. Smaller firms are the ones that more often cut costs and corners, making them more likely to use an unknown service provider and more ready to consider cloud computing as a solution, he says. "They are the ones who will take those risks," Gode says. "They will take those risks around power, they will take those risks around security and they will take those risks around FBI seizure, because otherwise, it costs them money." From rforno at infowarrior.org Wed Apr 22 23:48:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Apr 2009 19:48:58 -0400 Subject: [Infowarrior] - Transportation Dept. Reverses FAA on Bird Strike Data Message-ID: Transportation Dept. Reverses FAA on Bird Strike Data By Lois Romano Washington Post Staff Writer Wednesday, April 22, 2009 5:16 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/04/22/AR2009042202057_pf.html The Department of Transportation is preparing to reject a proposal by the Federal Aviation Administration that would keep secret data about where and when birds strike airplanes. The FAA last month quietly posted a proposal in the federal register, requesting public comment, that would bar the release of its records on bird collisions. The proposal followed a prominent incident in January when a flock of geese brought down a commercial flight, forcing the pilot to make an emergency landing on the Hudson River. The agency immediately came under fire because the recommendation runs counter President's Obama vows of government transparency. Among the high-profile boosters of releasing the information is Transportation Secretary Ray LaHood, whose agency oversees the FAA. He said the comments ran "99.9 percent" in favor of making such information accessible. "I think all of this information ought to be made public, and I think that you'll soon be reading about the fact that we're going to, you know, make this information as public as anybody wants it," LaHood said in an interview for The Washington Post's "New Voices of Power" series. "The people should have access to this kind of information. "The whole thing about the bird strike issue is it doesn't really comport with the president's idea of transparency," the secretary said. "I mean, here they just released all of these CIA files regarding interrogation, and . . . the optic of us trying to tell people they can't have information about birds flying around airports, I don't think that really quite comports with the policies of the administration. . . . It's something that somebody wanted to put out there to get a reaction. We got the reaction, and now we're going to bring it to conclusion." The FAA proposed secrecy on the collisions because the reports are now voluntary and because it was concerned that worries about a harmful impact on business would discourage both airlines and airports from providing the information. In the federal register, the agency wrote that "there is a serious potential that information related to bird strikes will not be submitted because of fear that the disclosure of raw data could unfairly cast unfounded aspersion on the submitter." From rforno at infowarrior.org Thu Apr 23 02:20:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Apr 2009 22:20:17 -0400 Subject: [Infowarrior] - MySpace CEO Chris DeWolfe Steps Down Message-ID: It's Official: MySpace CEO Chris DeWolfe Steps Down Michael Arrington TechCrunch.com Wednesday, April 22, 2009 4:00 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/04/22/AR2009042203659_pf.html No more speculation or leaks, it's official. As we wrote yesterday, MySpace cofounder Chris DeWolfe will shortly be leaving the company. He'll remain on board as a strategic advisor. The press release is below. News Corp. is also signaling that cofounder Tom Anderson is staying on board, albeit in a new role - even last night we heard that he was a goner. Whoever the new CEO is, we'll know soon. News Corp. PR is leaking to their subsidiary press outlets that Owen Van Natta is the prime candidate, but at least a couple of other people are still supposedly in the running. If Van Natta, a former Facebook exec, takes over, the investors that backed him at Playlist are going to want an explanation. He took over the CEO role there less than six months ago. Chris DeWolfe to Step Down as CEO of MySpace Will serve as strategic advisor to Company Los Angeles, CA, April 22, 2009 - MySpace CEO Chris DeWolfe and News Corporation?s Chief Digital Officer Jonathan Miller, announced today that, by mutual agreement, Mr. DeWolfe will not be renewing his contract and will be stepping down in the near future. Mr. DeWolfe will continue to serve on the board of MySpace China and will be a strategic advisor to the Company. Additionally, Mr. Miller announced that he was in discussions with Tom Anderson, MySpace?s president, about Mr. Anderson assuming a new role in the organization. ?Chris and Tom are true pioneers and we greatly value the tremendous job they?ve done in growing MySpace into what it is today,? said Mr. Miller. ?Thanks largely to their vision, MySpace has become a vibrant creative community with 130 million passionate followers worldwide. It is an enormously successful property and we look forward to building on its achievements with a new management structure we?ll announce in the near future.? ?In a little under six years we?ve grown MySpace from a small operation with seven people to a very profitable business with over 1,600 employees,? said Mr. DeWolfe. ?It?s been one of the best experiences of my life and we?re proud of, and grateful to, the team of talented people who helped us along the way. We thank them, as well as the MySpace community for making our vision a reality.? ?From the very beginning, our driving passion has been simple - to create and foster a platform where people across the globe can not only meet and interact, but share music, videos, thoughts and ideas,? said Mr. Anderson. I look forward to working with Jon. I love this business, and look forward to its next chapter.? ? 2009 TechCrunch From rforno at infowarrior.org Thu Apr 23 12:53:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Apr 2009 08:53:49 -0400 Subject: [Infowarrior] - Biden promises 'right person' as new U.S. copyright czar Message-ID: April 21, 2009 10:00 PM PDT Biden promises 'right person' as new U.S. copyright czar by Declan McCullagh http://news.cnet.com/8301-13578_3-10224689-38.html Vice President Joe Biden lauded Hollywood at a gala dinner in Washington, D.C. on Tuesday evening, assailed movie piracy, and promised film executives that the Obama administration would pick "the right person" as its copyright czar. Just days after four Pirate Bay defendants were found guilty in Sweden, Biden warned of the harms of piracy at a private event organized by the Motion Picture Association of America in the sumptuous, newly renovated Great Hall of the National Portrait Gallery in Washington, D.C. "It's pure theft, stolen from the artists and quite frankly from the American people as consequence of loss of jobs and as a consequence of loss of income," Biden said, according to a White House pool report. Biden blasted China, saying its intellectual property laws remain "largely ineffective" and will end up "strangling their own creative juices," and compared it to what he described as India's more effective anti-piracy regime. He singled out Canada, a close U.S. ally, as needing stronger laws; it never signed the treaty that led to the Digital Millennium Copyright Act, and a proposal to adopt anti- circumvention restrictions was never adopted. He also addressed President Obama's forthcoming decision about who will be named the intellectual-property enforcement coordinator, better known as the copyright czar. Copyright industry lobbyists sent a letter Monday to the president asking him to pick someone sympathetic to their concerns, while groups that would curb copyright law sent their own letter urging the opposite approach. We "will find the right person for intellectual property czar," Biden said. Under a law approved by the U.S. Congress last October, Obama is required to appoint someone to coordinate the administration's IP enforcement efforts and prepare annual reports. Senators attending the MPAA gala included Richard Durban (D-Illinois); Sheldon Whitehouse (D-R.I.); Frank Lautenberg (D-N.J.), Judd Gregg (R- N.H.); Amy Klobuchar (D-Minnesota); Patrick Leahy (D-Vermont); Roger Wicker (R-Mississipi); and Ben Nelson (D-Nebraska). An unspoken reason for the MPAA event--which included a symposium earlier in the day with remarks from top House Democrats and Commerce Secretary Gary Locke--was the loss of $246 million in tax breaks when the Senate revised the economic stimulus bill earlier this year. An MPAA report released Tuesday appears designed to avoid a repeat of that setback, listing the number of movies being filmed in each state. Earlier in the day, Locke also talked up more government action against peer-to-peer piracy. "The recent revelation that an illegal copy of the upcoming movie "Wolverine" had been posted on the Internet prior to its theatrical release underscores the problem the industry faces...As a former prosecutor, I believe in the full and impartial enforcement of the law," he said. On copyright, President Obama has signaled a more pro-industry approach than his predecessor, which has alarmed advocates of less restrictive laws. The president chose as top Justice Department officials the music industry attorney who pulled the plug on Grokster and another longtime Recording Industry Association of America ligitator. The Obama administration recently sided with the RIAA in a file-sharing suit, and Biden was a staunch RIAA and MPAA ally as a U.S. senator. "I think sometimes you underestimate the impact you have, and not just entertaining but uplifting," Biden told the audience at the MPAA event. "I wish I could inspire the way you do." From rforno at infowarrior.org Fri Apr 24 00:00:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Apr 2009 20:00:39 -0400 Subject: [Infowarrior] - Cyber Czar Offers Few Details on Govt. Strategy Message-ID: <5DB502D8-08CD-43CB-BF9A-B073B9187542@infowarrior.org> Obama's Cyber Czar Offers Few Details on Govt. Strategy http://voices.washingtonpost.com/securityfix/2009/04/obamas_cyber_czar_offers_few_d.html?hpid=sec-tech Those who were hoping to hear details today about how the Obama administration plans to revamp the government's approach to cyber security threats may have to wait a little while longer. In a much-anticipated speech at the RSA security conference in San Francisco today, Melissa Hathaway, the White House's top cyber official, instead highlighted all of the meetings, studies, and recommendations that have informed the administration's 60-day cyberspace policy review, which was completed last week. But details about how the administration might seek to organize and streamline the government's cyber efforts were lacking. Much of the coverage of the administration's cyber review has focused on the power struggle on cyber underway between the Department of Homeland Security and the National Security Agency. The Obama administration also is finalizing plans for a new Pentagon command to coordinate the security of military computer networks and to develop new offensive cyber weapons. Meanwhile, civil liberty advocates are concerned that the government's effort to define cyber security in broad economic and national security terms could sweep virtually every aspect of American life into the mix. Hathaway seemed to acknowledge this tension in her speech: Previous attempts to deal with cyber security in isolation have failed, in no small part, because they were perceived to be in conflict with the broader societal goals of progress and innovation, civil liberties and privacy rights. However, cyber security only succeeds in the context of broader economic progress. At times, it was a destination in itself, rather than a compass that guides us toward our objective. If treated in a broader context, cyber security will enable higher and far reaching national goals, have better acceptance, and as a result, a greater chance for success. Our goals depend on trust, and trust cannot be achieved if people believe that they are vulnerable to fraud and theft or if they cannot depend upon the resources (infrastructure services, i.e., water, power, telephone service) being available when needed most. At the same time, security has no meaning if the application that serves society no longer is practical or usable. Stated differently, progress and security must not viewed in a zero-sum fashion. Hathaway did say more about the economic aspects of cyber (in)security than I've heard recently from a top government official, which is encouraging. The government's usual approach in discussing the nation's cyber threats is to couch the issue in cyber terrorism dimensions. However, early in her keynote, Hathaway made an apparent reference to a data breach last year at payment processor RBS Worldpay. In that complex, multi-stage attack, hackers were able to inflate the dollar value of stolen payroll cards that were then used by a small army of hired hands who made coordinated withdrawals of millions of dollars from ATMs around the world. "One recent example from November 2008 illustrates both the speed and the scope of these challenges. In a single 30-minute period, 130 automated teller machines in 49 cities around the world were illicitly emptied. These and other risks have the potential to undermine our confidence in the information systems that underlie our economic and national security interests." From rforno at infowarrior.org Fri Apr 24 00:08:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Apr 2009 20:08:37 -0400 Subject: [Infowarrior] - Software That Copies DVDs to Players Is on Trial Message-ID: <15CA0915-7F18-4A4D-A128-6ADAA4356238@infowarrior.org> April 24, 2009 Software That Copies DVDs to Players Is on Trial By BRAD STONE http://www.nytimes.com/2009/04/24/technology/24dvd.html?hpw=&pagewanted=print SAN FRANCISCO ? RealNetworks says it wants to help increase DVD sales by allowing people to copy their movie discs. Hollywood studios say that idea will only hurt their already struggling business. The two sides square off in a federal court here on Friday to determine who prevails. The case is ostensibly about RealDVD, a $30 software program that allows users to save digital copies of Hollywood DVDs to their computers ? a capability the movie industry strenuously objects to, worrying that it will stimulate piracy and undermine the budding market for digital downloads. But the outcome of the trial, set against the backdrop of plummeting DVD sales, could also have more far-reaching effects on the future capabilities of the DVD player ? a device connected to millions of television sets. Before it started making RealDVD software for computers, Real was also developing DVD-saving software that it hoped to license to manufacturers of DVD players, according to the company?s executives and legal filings in the case. That software, which the company refers to by its internal name, Facet, would allow companies like Sony, Samsung and Toshiba to sell DVD players capable of making digital copies of all discs, even movie DVDs that have anticopying software, called C.S.S. The owners of those devices could save copies of their DVDs to watch later ? much as people use digital video recorders like TiVo to save live television programs. Real has built a prototype of a Facet device that runs on the Linux operating system, which is used in many digital set-top boxes. The device can hold about 70 movies, which take up to 20 minutes to copy. RealNetworks executives have said they were inspired by Kaleidescape, a Sunnyvale, Calif., company that makes high-end DVD players (the price is more than $10,000) that can save hundreds of movies on a hard drive. Kaleidescape was challenged by the DVD Copy Control Association, which administers the C.S.S. encryption, but won. The Facet-powered DVD players would sell for $300 or less, said Jeff Albertson, manager of the Facet project at RealNetworks, and Real aims to collect a royalty on each device sold. RealNetworks says that one consumer electronics company has already licensed the platform, and others are closely watching the outcome of the case. Devices could hit the market this fall if Real wins the case, the company said. Hollywood, of course, hopes that does not happen. The major studios, acting under the umbrella of the Motion Picture Association of America, won a temporary injunction in October that required Real Networks to stop selling the RealDVD software. Hollywood fears that people will use products like RealDVD and Facet- powered DVD players to ?rent, rip and return?; that is, make copies of movies they get from Netflix, Blockbuster or the public library and then watch them again and again, without ever buying the disc. The studios also worry that the technology will undermine the market for digital downloads and streaming services like iTunes and Hulu.com. It could also hurt new revenue opportunities, like the sale of bonus DVDs that contain a special copy of the film for viewing on laptops and other devices. The motion picture association?s lawyers plan to claim that RealNetworks has breached its license to use C.S.S. encryption and violated the Digital Millennium Copyright Act by circumventing the anticopying locks on Hollywood DVDs. ?Our objective is to get the illegal choices out of the marketplace and instead focus constructively with the technology community on bringing in more innovative and flexible legal options for consumers to enjoy movies,? said Greg Goeckner, executive vice president and general counsel of the association. Bill Way, the vice president and general counsel of RealNetworks, said the company was only trying to make DVDs cool again. ?The movie industry wants people to buy DVDs and so do we,? he said. ?They have a real problem with piracy, and we are not that problem. I don?t think our product will make the problem one iota bigger. I think it gives people an opportunity to make digital copies of their movies in a legal way.? From rforno at infowarrior.org Fri Apr 24 00:13:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Apr 2009 20:13:48 -0400 Subject: [Infowarrior] - Pirate Bay Judge Exposed as Member of Pro-Copyright Groups Message-ID: <03F31243-DD66-47F2-BB59-1CD6FF500D45@infowarrior.org> Pirate Bay Judge Exposed as Member of Pro-Copyright Groups By Wired Staff EmailApril 23, 2009 | 3:21:15 PMCategories: Yo Ho Ho http://blog.wired.com/27bstroke6/2009/04/pirateconflict.html One of the four men convicted in The Pirate Bay trial is seeking to have his guilty verdict thrown out after learning that the judge in the trial is a member of two pro-copyright groups, including one whose membership includes entertainment industry representatives who argued in the case. Stockholm district court judge, Tomas Norstr?m told a Swedish newspaper that his previously-undisclosed entanglements with the copyright groups did not constitute a conflict of interest. The groups include the Swedish Association of Copyright, a discussion forum. Henrik Pont?n of the Swedish Anti-Piracy Bureau, Monique Wadsted, a motion picture industry lawyer, and Peter Danowsky from the recording industry's IFPI are members of the organizations, and were largely responsible for pressing the case against The Pirate Bay before the judge. Norstr?m also sits on the board of the Swedish Association for the Protection of Industrial Property, and the Internet Infrastructure Foundation, which oversees the dot-se country code and advises on domain name disputes. Monique Wadsted is one of his colleagues at the foundation. The judge's links to the groups were reported by Swedish National Radio. Peter Althin, the lawyer who represents Pirate Bay spokesperson Peter Sunde, announced Thursday that he plans to demand a retrial. "The Court of Appeal will decide if the district court decision should be set aside and the case revisited," Althin said on Thursday to the site The Local. Last Friday Norstr?m and three lay judges found Sunde and three other men guilty of contributory copyright infringement, sentenced them to a year in prison, and ordered them to pay damages of 30 million kronor ($3.6 million) to entertainment companies. "It wasn't appropriate for him to take on this case," says Eric Bylander, senior lecturer in procedure law at Gothenburg University. "There are several circumstances which individually don't constitute partiality, but that put together can form a quite different picture. It's also a matter of what signal this sends to the citizens. Anyone who, on reasonable grounds, can be appear biased in a case should not judge that case." But Bylander says it's a toss-up as to whether the appeals court will find the conflict serious enough to throw out the verdict. "I don't think the trial will be declared a mistrial, but it's definitely a close call," he says. (AP Photo/Fredrik Persson, file) From rforno at infowarrior.org Fri Apr 24 20:36:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Apr 2009 16:36:30 -0400 Subject: [Infowarrior] - MPAA: Seal our courtroom, please Message-ID: <44B82E86-12A4-43CE-844F-B966573A8DF6@infowarrior.org> Hollywood group asks judge to seal courtroom in DVD-copying case by Greg Sandoval and Declan McCullagh http://news.cnet.com/8301-13578_3-10227195-38.html?part=rss&subj=news&tag=2547-1_3-0-20 Updated 12:55 p.m. PDT to add more background. SAN FRANCISCO--A Hollywood trade group asked a federal judge on Friday to kick the public out of a courtroom, saying confidential information about DVD encryption would be disclosed. An attorney for the DVD Copy Control Association, which is involved in a lawsuit here over DVD-backup software sold by RealNetworks, said details about the technology used to encrypt DVDs justified the unusual request. "The MPAA is trying to seal proprietary specifications," said DVD-CCA attorney Reginald Steer, referring to the Motion Picture Association of America, another party to the case. Steer said the trade secrets related to licensing technology and CSS, or Content Scrambling System, which is an algorithm used to encrypt DVDs. DVD-CCA once filed a lawsuit against programmer Jon Johansen, who wrote a DVD-descrambling utility that circumvented CSS--a suit that had the unintended consequence of publicizing the code widely, including on ties, T-shirts, and at least one haiku poem. The MPAA, the lobbying group for the six largest film studios, alleges that RealDVD violates the Digital Millennium Copyright Act (DMCA) because it bypasses the copy protection built into DVDs. The DMCA generally restricts companies from developing products that circumvent antipiracy protections, but Real says that its RealDVD product complies with the law. It's unclear exactly what information concerns the MPAA and DVD-CCA. Because Johansen's DeCSS code--which was the subject of an injunction nine years ago by a court in New York--is so widely distributed including through a online gallery published by a Carnegie Mellon University researcher, it may be difficult for Hollywood to claim that anything about CSS is confidential. On the other hand, the lawyers may stand a better chance of arguing that specific contracts are confidential. The case is taking place before U.S. District Judge Marilyn Patel, who said she would wait until later in the day to make a formal ruling about whether to close the courtroom. Patel's initial response, though, seemed skeptical. She joked that if DVD-CCA and the MPAA wanted to close the courtroom, "You should have gotten yourself a private judge. This is an open forum." Under long-standing U.S. law, courtrooms are open by default. The 9th Circuit Court of Appeals, which is binding on Patel, has said that judges considering closing a courtroom or sealing records "must provide sufficient notice to the public and press to afford them the opportunity to object or offer alternatives. If objections are made, a hearing on the objections must be held as soon as possible." Once that hearing is held, the courtroom can only be closed if specific conditions are met, including that there are no alternatives that are practical. Also, the judge must "make specific factual findings," and not just claim it was necessary. CNET News' publisher, CBS Interactive, may challenge any courtroom closure. CNET intervened last year in federal court in a case pitting Facebook against ConnectU to unseal documents, a dispute that ended up before the 9th Circuit Court of Appeals. From rforno at infowarrior.org Fri Apr 24 20:40:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Apr 2009 16:40:44 -0400 Subject: [Infowarrior] - DVD Copying Case: Why You Should Care Message-ID: <8A0DF467-5C55-4781-830E-C3F97618EB6E@infowarrior.org> DVD Copying Case: Why You Should Care Christopher Breen, Macworld.com Apr 24, 2009 3:40 pm http://www.pcworld.com/article/163821/dvd_copying_case_why_you_should_care.html RealNetworks and the major movie studios are gathering in San Francisco's U.S. District Court on Friday to, possibly, determine the fate of DVD copying. RealNetworks would like to sell its $30 RealDVD application--an application that allows consumers to back up commercial DVDs to their computers' hard drive for archival purposes. (These back up copies are still protected and can't be burned to DVD.) The movie industry wants to maintain control of its content and argues that RealNetworks has breached a license to use CSS encryption (the form of copy-protection found on commercial DVDs) and is in violation of the Digital Millennium Copyright Act. The Motion Picture Association of America (MPAA) won a temporary injunction in October that prevents RealNetworks from selling RealDVD.) While this may result in a narrow ruling--RealNetworks did or did not breach its CSS license--it has broad implications for the future of media distribution and copyright. The movie industry, like the music industry before it, wants complete control over its content and, therefore, hopes RealNetworks takes the fall. If digital copies must be made, they will be provided, at extra expense, by the movie companies in the form of special edition DVDs that contain bonus digital copies which can be played on computers and portable media devices such as the iPod. Or, of course, consumers are welcome to purchase digital copies directly from online retailers such as Amazon.com and the iTunes Store. Unfortunately for the movie industry, that wall has already been breached. California-based Kaleidescape, makers of high-end media players, were sued by the DVD Copy Control Association (DCCA) over the company's high-end media systems that can archive commercial DVDs to a hard drive. After a seven-day trial in 2007, Kaleidescape was judged to be in full compliance with the DCCA's encryption license. RealNetworks is suggesting that if Kaleidescape can do it, why not them? A less compelling argument, but one RealNetworks representatives might want to mention when it's the company's turn to stand before the judge, is that this train left the station long ago. Software to remove copy protection from commercial DVDs has been around for more than five years. A Google search (or search of Macworld.com, for that matter) will provide links to such software that's free and not terribly difficult to use. And, unlike RealDVD, these applications completely strip copy-protection from DVDs. If someone were really interested in pirating and distributing the contents of commercial DVDs, RealDVD would not be the way to do it. Fair Use advocates might also argue that there are certain conditions under which archival copies are allowed and, therefore, technology must exist to create such copies. Those supporting the Digital Millennium Copyright Act might counter that the DMCA trumps Fair Use. And that's what makes this case so important and interesting--once you purchase a hunk of media, is it or is it not yours to do with as you legally please? I fear, however, that we won't learn the answer from this trial. I suspect that one reason we continue to see cases that focus on narrow issues such as whether Company X breached License Y is that no one really wants a final judgment on Fair Use versus the DMCA. There's a lot at stake. If Fair Use triumphs, the media companies fear they'll go out of business because their wares will be pirated from one end of the world to the other. And if the DMCA wins the day, the Fair Use crowd believes they'll be ground under The Man's heel. Will one San Francisco judge be willing to dip a toe in this legal morass? In the case of Kaleidescape v. DCCA it's happened before. I, for one, hope to see it happen again. My archived copy of Mary Poppins depends on it. From rforno at infowarrior.org Fri Apr 24 20:43:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Apr 2009 16:43:05 -0400 Subject: [Infowarrior] - Yahoo closing Geocities web hosting service Message-ID: <5F3E7AE9-F9AD-484F-96A7-DFA3E89D27C8@infowarrior.org> Yahoo closing Geocities web hosting service http://www.vnunet.com/vnunet/news/2241092/yahoo-closing-geocities Rosalie Marshall vnunet.com, 24 Apr 2009 Yahoo will close Geocities, the free web hosting service it paid $4bn for 10 years ago. ?Sorry, new Geocities accounts are no longer available,? read a message on the homepage on Friday. Advertisement In 1999, when Yahoo purchased Geocities, it was the third most visited site on the web behind AOL and Yahoo, with 19 million unique visitors in December 1998, according to a Comscore Media Metrix report. Now Geocities is slightly outdated in the current Web 2.0 era, giving users no way to integrate their sites with third-party applications. The closure is also evidence that the revenue model for hosting free web sites is difficult to sustain, especially in the current economic climate. Yahoo has encouraged Geocities members to start upgrading to the company?s subscription-based Web Hosting service, although it assured them in a statement that they will still be able to access their sites and Geocities services until ?later this year?. Subscription to the Web Hosting service - which offers a personalised domain name, email, site building tools and premium customer support ? costs around $114 (?78) a year for a 12-month contract. The announcement follows a similar decision by Google to shut down Page Creator in June 2009 and migrate users to Google Sites. Competing web hosting sites, such as Jimdo, are vying for both Google and Yahoo customers. Jimdo offers both a free service, as well as a professional version called JimdoPro, which costs ?60 a year. ?Come to Jimdo! We're hard at work on an easy way for Geocities users to migrate over to Jimdo accounts,? the company said in a statement today. ?Yahoo hasn?t said when the last day is so jump ship while you can!? Yahoo has promised to release more details about the Geocities date of closure and how users can save their site data soon. From rforno at infowarrior.org Fri Apr 24 20:43:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Apr 2009 16:43:45 -0400 Subject: [Infowarrior] - Facebook To Adopt New Governing Documents Message-ID: Facebook To Adopt New Governing Documents Ian Paul Apr 24, 2009 11:22 am http://www.pcworld.com/article/163802/facebook_to_adopt_new_governing_documents.html Facebook intends to adopt two new governing documents following a four- day vote on the documents that was open to all Facebook users. Preliminary results indicate that approximately 74.4 percent of Facebook users who voted support the new documents. More than 600,000 users voted on the new Facebook Principles and Statement of Rights and Responsibilities, according to a blog post by Ted Ullyot, Facebook's general counsel. Not binding, but we'll adopt anyway However, Facebook had said that for the vote to be binding, 30 percent of Facebook's 200 million active users would have to participate. Since voter turnout failed to meet that benchmark, Facebook was required only to consider the new documents as "advisory" guidelines. Regardless, Ullyot says that if an outside auditor confirms the preliminary count, then Facebook will adopt "the Principles and Statement of Rights and Responsibilities as the governing documents for the Facebook site." Facebook will also consider lowering the 30 percent threshold to make it easier for future votes on the governing documents to be binding. User Backlash The new Facebook Principles and the Statement of Rights and Responsibilities were developed to calm a user revolt over a change to Facebook's Terms of Service in February. The backlash came after the Consumerist Website published a blog alleging the now-defunct TOS gave Facebook complete control over user-contributed data, such as photos and videos, even if a user deleted her or his account and left the service. Facebook CEO Mark Zuckerberg tried to confront those allegations by explaining the site's rationale for the new TOS, but quickly backtracked after the Electronic Privacy Information Center (EPIC) threatened to launch a federal complaint with the Federal Trade Commission over the new TOS. Facebook then reverted to its old TOS before presenting the two new governing documents to Facebook users for a 30-day review period. The review process ended on March 29 and the vote on the new documents began on April 20 and closed after four days of voting on Thursday morning at 11:59 AM PDT. Third-party support Despite the low voter turnout, Ullyot believes the documents satisfy the privacy concerns raised in February. Ullyot also said the new governing documents have wide support of "informed third parties" and previous critics of Facebook's old TOS, including the Consumerist; Jonathan Zittrain, co-director of Harvard's Berkman Center for Internet & Society; and Julius Harper and Anne Kathrine Petteroe, co- founders of the Facebook group People Against the New Terms of Service, which Ullyot calls "the first and largest Facebook group against the previous change to the terms." Harper and Petteroe now oversee the group Facebook Bill of Rights and Responsbilities along with three Facebook employees, including Facebook CEO Mark Zuckerberg. EPIC Battle EPIC has not released a statement on Facebook's decision to adopt the two governing documents, and the advocacy group was not available for comment at the time of this writing. When Facebook announced in February that it would introduce the two governing documents, EPIC executive director Mark Rotenberg said EPIC supported "the effort to establish a 'principles' and also a statement of rights and responsibilities." Any future changes to Facebook's new governing documents will require a process of ratification with periods of notification, public comments followed by a member-wide vote. From rforno at infowarrior.org Fri Apr 24 20:45:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Apr 2009 16:45:02 -0400 Subject: [Infowarrior] - Hearing on Deep Packet Inspection Message-ID: <075DE4C8-E9AB-4007-BF81-5EA72C5EFA0D@infowarrior.org> Cable: DPI is good for us; Congressman: it's frightening By Nate Anderson | Last updated April 24, 2009 12:02 PM CT http://arstechnica.com/tech-policy/news/2009/04/cable-dpi-is-good-for-us-congressman-its-frightening.ars It takes a certain chutzpah for the cable industry to tell Congress that deep packet inspection (DPI) gear is "pro-consumer" because it can block viruses and spam on the network, help ISPs plan their capacity upgrades, and help law enforcement wiretaps?all while avoiding mention of Comcast's "TCP reset packet" blocking of BitTorrent connections or Cox's plan to decide what priority its users' traffic should have. But that's just what National Cable & Telecommunications Association (NCTA) head Kyle McSlarrow told Congress at a hearing yesterday, despite the hearing's focus on consumer issues arising from DPI technology. Perhaps he didn't need to say much about these far more controversial uses of DPI, since Free Press policy director Ben Scott was also testifying at the hearing. Scott made sure to point out the examples of both Cox and Comcast, and threw in a few more (like NebuAd) to bolster his case that Congress might like to take a closer look at how the technology is being used. The amazing thing about the hearing wasn't the fact that McSlarrow and Scott could sit only feet from one another without canceling each other out in some kind of matter/antimatter reaction; it was that Congress now cares about topics like DPI at all. Congress has been taking an unusual interest in the Internet, due in large part to groups like Free Press and to grassroots uprisings like the one that occurred last week in response to Time Warner Cable's data cap plans. Sen. Chuck Schumer (D-NY) helped to end the TWC program, and Representatives like Ed Markey (D-MA) have used their committee positions to investigate companies like NebuAd and to discuss issues like net neutrality. DPI, the technology used in many throttling/blocking schemes (and deployed at all the major Canadian ISPs) has now captured Congress' fickle attention. Predictable metaphors Since Congress doesn't tend to understand such issues all that well, just about everyone in attendance trotted out the dreaded "postal system" analogy. Traditional routers look only at a packet's "envelope," while DPI gear opens up the packet and reads the "letter" inside. (Read our DPI primer for extensive background on the technology.) The witnesses also stressed that it wasn't DPI itself that is evil, only the uses to which it might be put that could be bad. Scott said that "the technology itself is not necessarily problematic," while a network engineer said that "technologies are neither good nor bad, it's the uses we put them to use that matter." McSlarrow laid down a harmony track: "any technology can be used for either benign or nefarious purposes." Consensus! Well, almost. Leslie Harris of the Center for Democracy & Technology (CDT) sounded a strong dissenting note, saying at the start of her remarks, "it is important to stress at the outset that all applications of DPI raise serious privacy concerns because all applications of DPI begin with the interception and analysis of Internet traffic." Harris went on to make the case that Congress should jump directly into the debate, collecting information on DPI practices at the major ISPs, developing tech-neutral Internet privacy legislation, and passing network neutrality rules. Who needs rules when you can hold hearings? While Congress is unlikely to mull any sort of DPI-specific rules, general data privacy and protection legislation may be coming later this year. Rep. Rick Boucher (D-VA) chairs the Subcommittee on Communications, Technology, and the Internet. In remarks opening the hearing, he announced his "intention for the Subcommittee this year to develop legislation extending to Internet users that assurance that their online experience is more secure." But even the mere fact of Congressional attention causes companies to take action and change policies. Last year's NebuAd hearings helped push the company into a new line of work, for instance. The Congressional emphasis on DPI, coupled with the FCC's own ruling against Comcast last year, are both likely to constrain certain uses of the technology even without new laws or regulations. In other words, when Boucher says that DPI's "privacy intrusion potential is nothing short of frightening," those using DPI take notice, even without new rules. From rforno at infowarrior.org Fri Apr 24 20:47:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Apr 2009 16:47:49 -0400 Subject: [Infowarrior] - Hathaway at RSA: Obama Admin's Missed Opportunity Message-ID: <3DB480EC-B30C-432D-9BE0-FB7AA9B92A92@infowarrior.org> April 24, 2009 3:11 PM Hathaway at RSA: Obama Admin's Missed Opportunity http://securitywatch.eweek.com/exploits_and_attacks/hathaway_at_rsa_obama_admins_missed_opportunity.html Based on what we've seen from our new President thus far, one of the Obama Administration's top priorities is, and will be, taking advantage of ready opportunities to foster stronger relationships with important constituencies that can help the United States advance its interests across many different domains. No matter what side of the aisle you may, or may not, align with in regards to U.S. politics, it probably would have been shocking for you to read that any U.S. President was in Latin America shaking hands with Venezuelan President Hugo Chavez last week, who had famously characterized President George W. Bush as a living incarnation of the devil before his colleagues at the United Nations in late 2006. However, that's exactly what we saw happen. And whether you agree with President Obama's decision to make an effort at repairing U.S. relations with some of its more outspoken neighbors in such a public, forgiving fashion, it would seem that his team's overarching mandate is to get out and be as proactive as possible in cultivating stronger ties with those people it views as centrally important to advancing its political cause. The timing and nature of Obama's physical outreach to Chavez might have struck many Americans as controversial, but, it was an important if only symbolic act in forwarding the process of making geopolitical change as swiftly as possible, our Commander In Chief said in defending his actions. The 44th Admin's obvious predisposition toward such an open philosophy of communication is precisely why so many members of the IT security industry gathered for this week's RSA Conference 2009 were roundly disappointed by the lack of substantive results offered in acting Cyber Czar Melissa Hathaway's keynote address at the annual industry confab in San Francisco. The truth of the matter, by all estimates, would seem to be that the Obama Admin had yet to find sufficient time to analyze Hathaway and her team's work in performing their recently completed 60 day review of the nation's cyber-security standing to allow her to reveal those results to the industry. But, in doing so, it would seem that the Administration fundamentally failed to realize what a unique opportunity it had created to use RSA as a launching pad for turning its cyber-security plans into a national and industry-wide cause by sending Hathaway out to deliver her speech. The way that the event went down was so surprising specifically because improving U.S. cyber-security posture was a platform plank of the 2008 Obama Presidential election campaign, and since one of the most impressive elements of Obama's approach to the issue so far was his choice of Hathaway, a former Bush intelligence advisor, as acting Cyber Czar in a move to lend continuity to our national efforts in this arena, and keep the best people on the job no matter whom they supported. RSA is THE seminal annual industry meeting of the IT security market, and there won't be a chance for the President and his appointees to gain the spotlight, and the concentrated attention of the market again for another twelve months. You could also argue that this year's show had a far greater emphasis on government policy work, based on the reality of the cybercrime landscape, and the many related presentations offered at this year's show, than any one of its kind before. As a colleague of mine said when I saw her outside the Moscone shortly after Hathaway's speech on Wednesday - which basically just outlined the process and goals of the 60 day review, versus sharing its findings - she was profoundly surprised and disappointed both as an American and a member of the IT security community that the 44th Admin hadn't had the foresight to realize the opportunity that it had just missed. So many of us in the community had lined up to go into that room for the keynote ready to be challenged and inspired to be part of something special, a historic chance to affect change in improving national cyber-security policy at a time when we are being overwhelmed by electronic attacks from outsiders, including those backed by both organized overseas criminals and foreign states themselves. But most of us walked out of the room a scant 30 minutes later shaking our heads at the lack of direction we'd been given, openly disappointed by the Administration's inability to realize the moment, and feeling sort of sorry for Hathaway for having been put up on stage with nothing to tell us that we didn't already know. If the Obama Administration is truly serious about its good faith desire to enact significant change in the realm of cyber-security in the four short years of its only guaranteed term, they are going to need to work hard to make the most of any and all opportunities with which they are presented. Perhaps even more so, now, since they just allowed a really big one to pass them by. #### Matt Hines has been following the IT industry for over a decade as a reporter and blogger, and has been specifically focused on the security space since 2003, including a previous stint writing for eWeek and contributing to the Security Watch blog. Hines is currently employed as marketing communications manager at Core Security Technologies, a Boston-based maker of security testing software. The views expressed herein do not necessarily represent the views of Core Security, and neither the company, nor its products and services will be actively discussed in the blog. Please send news, research or tips to SecurityWatchBlog at gmail.com. From rforno at infowarrior.org Fri Apr 24 22:12:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Apr 2009 18:12:01 -0400 Subject: [Infowarrior] - NSA Chief to Head New Cyber Command Message-ID: <5D7132C1-53AA-409B-B602-AF592BE240C1@infowarrior.org> Gates to Nominate NSA Chief to Head New Cyber Command By SIOBHAN GORMAN http://online.wsj.com/article/SB124060266381953839.html WASHINGTON -- Defense Secretary Robert Gates plans to nominate the director of the National Security Agency to head a new Pentagon Cyber Command, which will coordinate computer-network defense and direct U.S. cyber-attack operations, according to a draft memo by Mr. Gates. The move comes amid rising concern in the government about attacks on U.S. networks. The command will run military cybersecurity operations and provide support to civil authorities, according to the memo reviewed by The Wall Street Journal. NSA Director Keith Alexander, a three-star general, is expected to earn a fourth star when he moves to his new job at the Cyber Command. The memo doesn't state that directly, but says that his deputy at the new command will be of a three-star rank. It isn't clear who will succeed him at the NSA. The Department of Homeland Security is charged with securing the government's nonmilitary networks, and cybersecurity experts said the Obama administration will have to better define the extent of this military support to Homeland Security. "It's a fine line" between providing needed technical expertise to support federal agencies improving their own security and deeper, more invasive programs, said Amit Yoran, a former senior cybersecurity official at the Homeland Security Department. The new command is necessary, the memo says, because "our increasing dependency on cyberspace, alongside a growing array of cyber threats and vulnerabilities, adds a new element of risk to our national security." At least initially, it will be part of U.S. Strategic Command, which is currently responsible for securing the military's networks and waging attacks on the Internet. An announcement of the new command is expected after the Obama administration finishes its recommendations for cybersecurity policy, which could come as soon as next week. Pentagon spokesman Geoff Morrell said Mr. Gates is "planning to make changes to our command structure to better reflect the increasing threat posed by cyber warfare," but "we have nothing to announce at this time." The NSA referred calls to the Pentagon. Mr. Morrell said cybersecurity is a major priority for Mr. Gates and his 2010 budget proposal calls for hiring hundreds more cybersecurity experts. Gen. Alexander sought to quell concerns about NSA's role in domestic cybersecurity in a speech Tuesday at a computer-security conference in San Francisco. "We need to dispel the rumors," he said, adding that NSA didn't want to run all the government's cybersecurity operations but would help Homeland Security secure government civilian networks. NSA has "tremendous technical capabilities," he said. "What we need to do now is learn how to use that." Gen. Alexander also catalogued a few of the "things that are broken" in the government's efforts to protect its networks. The government can't monitor intrusions on its networks in a timely manner. It detects compromises of private-sector networks but sometimes can't disclose the problem because its information is classified. The new command will be located in Maryland at Fort Meade, which is home to the NSA's headquarters just outside of Washington. It will open by October, according to the memo, and will be at full strength the following year. Write to Siobhan Gorman at siobhan.gorman at wsj.com Carson T. Checketts carsonchecketts at mac.com 202.279.0579 1111 Arlington Blvd. #207 Arlington, VA 22209 From rforno at infowarrior.org Mon Apr 27 00:13:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 26 Apr 2009 20:13:10 -0400 Subject: [Infowarrior] - Rapidshare Shares Uploader Info with Rights Holders Message-ID: <972E4A80-FC2F-4347-9E47-DE927F0C0097@infowarrior.org> Rapidshare Shares Uploader Info with Rights Holders Written by Ernesto on April 25, 2009 http://torrentfreak.com/rapidshare-shares-uploader-info-with-rights-holders-090425/ In Germany, the file-hosting service Rapidshare has handed over the personal details of alleged copyright infringers to several major record labels. The information is used to pursue legal action against the Rapidshare users and at least one alleged uploader saw his house raided. Like many new releases, Metallica?s latest album ?Death Magnetic? was uploaded to the popular file hosting service Rapidshare one day prior to its official release date last year. Since users don?t broadcast their IP-address or distribute files to the public directly though Rapidshare, it came as a surprise when the police raided the house of an uploader a few weeks ago. At first it was unclear how the identity of the uploader was revealed, but today German news outlet Gulli said it had found out that this was likely to be accomplished by creative use of paragraph 101 of German copyright law. It turns out that several record labels are using this to take legal action against those who share music on Rapidshare. Previously the paragraph was only used by rights holders to get the personal details of those who share copyrighted works on file-sharing networks. It basically enables the copyright holders to get ?permission? from a civil judge to ask ISPs to disclose the personal details of a user behind a certain IP. Now, however, this also seems to be the case for file-hosting services such as Rapidshare, which is based in Germany. This of course opens up the possibility for rights holders to go after a wide range of file-hosting services and potentially even BitTorrent sites. Indeed, everyone who now uploads a torrent file to a site hosted in Germany is at risk of having his personal details revealed. Although it will be impossible to prove that the uploader actually seeded the file it might be seen as assisting in copyright infringement. Pretty much all torrent sites keep track of the IP-addresses of their (.torrent) uploaders, and if the rights holders can get the IP-address of people who upload to file-hosting services such as Rapidshare, they can easily extend this to BitTorrent sites hosted in Germany. A dream come true for copyright holders, but a nightmare for the privacy of Internet users. Too bad for Metallica?s Lars Ulrich who only just started sharing files himself. From rforno at infowarrior.org Mon Apr 27 01:16:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 26 Apr 2009 21:16:02 -0400 Subject: [Infowarrior] - Lawyer podcast on "Everyone Hates DRM" Message-ID: Lawyer podcast on "Everyone Hates DRM" Posted by Cory Doctorow, April 24, 2009 10:31 PM | permalink The Intellectual Property Colloquium, a podcast for lawyers, has a one- hour show up about the reasons that DRM is the most reviled consumer technology in the market today. It includes interviews with Ed Felten and Randy Picker, testimony from the FTC's DRM hearings, and is hosted by UCLA Law's Doug Lichtman. Fascinating listening that makes a good stab at unpicking the tech and the law of DRM. http://www.boingboing.net/2009/04/24/lawyer-podcast-on-ev.html From rforno at infowarrior.org Mon Apr 27 13:53:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Apr 2009 09:53:20 -0400 Subject: [Infowarrior] - =?windows-1252?q?IBM_Program_to_Take_On_=91Jeopar?= =?windows-1252?q?dy!=92?= Message-ID: <24DDA6A6-EF23-4D84-8D50-EFA8BB0BABDE@infowarrior.org> April 27, 2009 Computer Program to Take On ?Jeopardy!? By JOHN MARKOFF http://www.nytimes.com/2009/04/27/technology/27jeopardy.html?_r=1&hp=&pagewanted=print YORKTOWN HEIGHTS, N.Y. ? This highly successful television quiz show is the latest challenge for artificial intelligence. What is ?Jeopardy?? That is correct. I.B.M. plans to announce Monday that it is in the final stages of completing a computer program to compete against human ?Jeopardy!? contestants. If the program beats the humans, the field of artificial intelligence will have made a leap forward. I.B.M. scientists previously devised a chess-playing program to run on a supercomputer called Deep Blue. That program beat the world champion Garry Kasparov in a controversial 1997 match (Mr. Kasparov called the match unfair and secured a draw in a later one against another version of the program). But chess is a game of limits, with pieces that have clearly defined powers. ?Jeopardy!? requires a program with the suppleness to weigh an almost infinite range of relationships and to make subtle comparisons and interpretations. The software must interact with humans on their own terms, and fast. Indeed, the creators of the system ? which the company refers to as Watson, after the I.B.M. founder, Thomas J. Watson Sr. ? said they were not yet confident their system would be able to compete successfully on the show, on which human champions typically provide correct responses 85 percent of the time. ?The big goal is to get computers to be able to converse in human terms,? said the team leader, David A. Ferrucci, an I.B.M. artificial intelligence researcher. ?And we?re not there yet.? The team is aiming not at a true thinking machine but at a new class of software that can ?understand? human questions and respond to them correctly. Such a program would have enormous economic implications. Despite more than four decades of experimentation in artificial intelligence, scientists have made only modest progress until now toward building machines that can understand language and interact with humans. The proposed contest is an effort by I.B.M. to prove that its researchers can make significant technical progress by picking ?grand challenges? like its early chess foray. The new bid is based on three years of work by a team that has grown to 20 experts in fields like natural language processing, machine learning and information retrieval. Under the rules of the match that the company has negotiated with the ?Jeopardy!? producers, the computer will not have to emulate all human qualities. It will receive questions as electronic text. The human contestants will both see the text of each question and hear it spoken by the show?s host, Alex Trebek. The computer will respond with a synthesized voice to answer questions and to choose follow-up categories. I.B.M. researchers said they planned to move a Blue Gene supercomputer to Los Angeles for the contest. To approximate the dimensions of the challenge faced by the human contestants, the computer will not be connected to the Internet, but will make its answers based on text that it has ?read,? or processed and indexed, before the show. There is some skepticism among researchers in the field about the effort. ?To me it seems more like a demonstration than a grand challenge,? said Peter Norvig, a computer scientist who is director of research at Google. ?This will explore lots of different capabilities, but it won?t change the way the field works.? The I.B.M. researchers and ?Jeopardy!? producers said they were considering what form their cybercontestant would take and what gender it would assume. One possibility would be to use an animated avatar that would appear on a computer display. ?We?ve only begun to talk about it,? said Harry Friedman, the executive producer of ?Jeopardy!? ?We all agree that it shouldn?t look like Robby the Robot.? Mr. Friedman added that they were also thinking about whom the human contestants should be and were considering inviting Ken Jennings, the ?Jeopardy!? contestant who won 74 consecutive times and collected $2.52 million in 2004. I.B.M. will not reveal precisely how large the system?s internal database would be. The actual amount of information could be a significant fraction of the Web now indexed by Google, but artificial intelligence researchers said that having access to more information would not be the most significant key to improving the system?s performance. Eric Nyberg, a computer scientist at Carnegie Mellon University, is collaborating with I.B.M. on research to devise computing systems capable of answering questions that are not limited to specific topics. The real difficulty, Dr. Nyberg said, is not searching a database but getting the computer to understand what it should be searching for. The system must be able to deal with analogies, puns, double entendres and relationships like size and location, all at lightning speed. In a demonstration match here at the I.B.M. laboratory against two researchers recently, Watson appeared to be both aggressive and competent, but also made the occasional puzzling blunder. For example, given the statement, ?Bordered by Syria and Israel, this small country is only 135 miles long and 35 miles wide,? Watson beat its human competitors by quickly answering, ?What is Lebanon?? Moments later, however, the program stumbled when it decided it had high confidence that a ?sheet? was a fruit. The way to deal with such problems, Dr. Ferrucci said, is to improve the program?s ability to understand the way ?Jeopardy!? clues are offered. The complexity of the challenge is underscored by the subtlety involved in capturing the exact meaning of a spoken sentence. For example, the sentence ?I never said she stole my money? can have seven different meanings depending on which word is stressed. ?We love those sentences,? Dr. Nyberg said. ?Those are the ones we talk about when we?re sitting around having beers after work.? From rforno at infowarrior.org Mon Apr 27 14:00:08 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Apr 2009 10:00:08 -0400 Subject: [Infowarrior] - World Privacy Forum's Top Ten Opt Outs Message-ID: <82936010-742E-4870-B478-A10BC1DC8B97@infowarrior.org> As privacy experts, we are frequently asked about ?opting out,? and which opt outs we think are the most important. This list is a distillation of ideas for opting out that the World Privacy Forum has developed over the years from responding to those questions. The list below does not contain all opt outs that are available. Rather, it contains the opt outs that we believe are the most important and will be the most useful to the most consumers. Many people have told us that they think opting out is confusing. We agree. Opting out can range from the not-too-difficult (the FTC?s Do Not Call list is a fairly simple opt out) to the challenging (the National Advertising Initiative opt out can be tricky). Our hope is that this list will clarify which opt out does what, and how to go about opting out. In this list, some opt outs can be done by phone, some have to be sent in a letter via postal mail, and some can be accomplished online. Some opt outs last forever, some have time limits, and others can be changed at will. If an opt out is on this list, it is because we thought it might be important enough to be worth whatever annoyance it may pose. Not every opt out is right for everyone, and not everyone will necessarily want to opt out. It is a personal choice. Take a look at the list below, and see if any of the opt outs appeal to you, or might make a difference to you in some way. And if you know of an opt out that has been important to you that we didn?t include here, please send us your personal ?top opt outs.? We?ll consider them for the next revision of this list. < - > http://www.worldprivacyforum.org/toptenoptout.html From rforno at infowarrior.org Mon Apr 27 14:04:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Apr 2009 10:04:13 -0400 Subject: [Infowarrior] - =?windows-1252?q?G=2EE=2E=92s_Breakthrough_Can_Pu?= =?windows-1252?q?t_100_DVDs_on_a_Disc?= Message-ID: April 27, 2009 G.E.?s Breakthrough Can Put 100 DVDs on a Disc By STEVE LOHR http://www.nytimes.com/2009/04/27/technology/business-computing/27disk.html?hpw=&pagewanted=print General Electric says it has achieved a breakthrough in digital storage technology that will allow standard-size discs to hold the equivalent of 100 DVDs. The storage advance, which G.E. is announcing on Monday, is just a laboratory success at this stage. The new technology must be made to work in products that can be mass-produced at affordable prices. But optical storage experts and industry analysts who were told of the development said it held the promise of being a big step forward in digital storage with a wide range of potential uses in commercial, scientific and consumer markets. ?This could be the next generation of low-cost storage,? said Richard Doherty, an analyst at Envisioneering, a technology research firm. The promising work by the G.E. researchers is in the field of holographic storage. Holography is an optical process that stores not only three-dimensional images like the ones placed on many credit cards for security purposes, but the 1?s and 0?s of digital data as well. The data is encoded in light patterns that are stored in light- sensitive material. The holograms act like microscopic mirrors that refract light patterns when a laser shines on them, and so each hologram?s recorded data can then be retrieved and deciphered. Holographic storage has the potential to pack data far more densely than conventional optical technology, used in DVDs and the newer, high- capacity Blu-ray discs, in which information is stored as a pattern of laser-etched marks across the surface of a disc. The potential of holographic technology has long been known. The first research papers were published in the early 1960s. Many advances have been made over the years in the materials science, optics and applied physics needed to make holographic storage a practical, cost-effective technology. And this year, InPhase Technologies, a spinoff of Bell Labs of Alcatel-Lucent, plans to introduce a holographic storage system, using $18,000 machines and expensive discs, for specialized markets like video production and storing medical images. To date, holographic storage has not been on a path to mainstream use. The G.E. development, however, could be that pioneering step, according to analysts and experts. The G.E. researchers have used a different approach than past efforts. It relies on smaller, less complex holograms ? a technique called microholographic storage. A crucial challenge for the team, which has been working on this project since 2003, has been to find the materials and techniques so that smaller holograms reflect enough light for their data patterns to be detected and retrieved. The recent breakthrough by the team, working at the G.E. lab in Niskayuna, N.Y., north of Albany, was a 200-fold increase in the reflective power of their holograms, putting them at the bottom range of light reflections readable by current Blu-ray machines. ?We?re in the ballpark,? said Brian Lawrence, the scientist who leads G.E.?s holographic storage program. ?We?ve crossed the threshold so we?re readable.? In G.E.?s approach, the holograms are scattered across a disc in a way that is similar to the formats used in today?s CDs, conventional DVDs and Blu-ray discs. So a player that could read microholographic storage discs could also read CD, DVD and Blu-ray discs. But holographic discs, with the technology G.E. has attained, could hold 500 gigabytes of data. Blu-ray is available in 25-gigabyte and 50- gigabyte discs, and a standard DVD holds 5 gigabytes. ?If this can really be done, then G.E.?s work promises to be a huge advantage in commercializing holographic storage technology,? said Bert Hesselink, a professor at Stanford and an expert in the field. The G.E. team plans to present its research data and lab results at an optical data storage conference in Orlando next month. Yet, analysts say, the feasibility of G.E.?s technology remains unproved and the economics uncertain. ?It?s always well to remember that the most important technical specification in any storage device, however impressive the science behind it, is price,? said James N. Porter, an independent analyst of the storage market. When Blu-ray was introduced in late 2006, a 25-gigabyte disc cost nearly $1 a gigabyte, though it is about half that now. G.E. expects that when they are introduced, perhaps in 2011 or 2012, holographic discs using its technology will be less than 10 cents a gigabyte ? and fall in the future. ?The price of storage per gigabyte is going to drop precipitously,? Mr. Lawrence said. G.E. will first focus on selling the technology to commercial markets like movie studios, television networks, medical researchers and hospitals for holding data-intensive images like Hollywood films and brain scans. But selling to the broader corporate and consumer market is the larger goal. To do that, G.E. will have to work with partners to license its holographic storage technology and expertise, and the company is already talking with major electronics and optical storage producers, said Bill Kernick, who leads G.E.?s technology sales unit. The holographic research was originally related to G.E.?s plastics business, which it sold two years ago to the Saudi Basic Industries Corporation for $11.6 billion. From rforno at infowarrior.org Mon Apr 27 17:21:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Apr 2009 13:21:42 -0400 Subject: [Infowarrior] - Way to go, NYC. Message-ID: duh. ---rf Low-Flying Military Planes Cause NYC Panic Some military aircraft flying over lower Manhattan, including a Boeing 747 from the Air Force One fleet, caused a brief scare for residents, workers, and pedestrians on Monday, but CBS 2 has learned the jets were part of a Department of Defense photo shoot and that there was no threat to the city. According to many callers who flooded CBS 2 with their concerns, at about 10 a.m. the aircraft were seen flying at low altitudes over the Statue of Liberty and parts of lower Manhattan. The Federal Aviation Administration confirmed that two F-16s escorting a Boeing 747 -- which CBS 2 confirmed is also used as an Air Force One -- were part of the Department of Defense photo shoot. Most witnesses who called and wrote to CBS 2 HD and WCBSTV.com were furious that local authorities hadn't notified anyone about the fly- over. The FAA, however, says they contacted the NYPD, Mayor Michael Bloomberg's Office, New Jersey state police and other local authorities were told ahead of time about the shoot. < - > http://wcbstv.com/breakingnewsalerts/military.jets.nyc.2.995375.html From rforno at infowarrior.org Mon Apr 27 18:33:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Apr 2009 14:33:12 -0400 Subject: [Infowarrior] - End the University as We Know It Message-ID: <323CADA4-C3D1-4565-9DB4-A13BB123B12A@infowarrior.org> April 27, 2009 Op-Ed Contributor End the University as We Know It By MARK C. TAYLOR http://www.nytimes.com/2009/04/27/opinion/27taylor.html?pagewanted=print GRADUATE education is the Detroit of higher learning. Most graduate programs in American universities produce a product for which there is no market (candidates for teaching positions that do not exist) and develop skills for which there is diminishing demand (research in subfields within subfields and publication in journals read by no one other than a few like-minded colleagues), all at a rapidly rising cost (sometimes well over $100,000 in student loans). Widespread hiring freezes and layoffs have brought these problems into sharp relief now. But our graduate system has been in crisis for decades, and the seeds of this crisis go as far back as the formation of modern universities. Kant, in his 1798 work ?The Conflict of the Faculties,? wrote that universities should ?handle the entire content of learning by mass production, so to speak, by a division of labor, so that for every branch of the sciences there would be a public teacher or professor appointed as its trustee.? Unfortunately this mass-production university model has led to separation where there ought to be collaboration and to ever- increasing specialization. In my own religion department, for example, we have 10 faculty members, working in eight subfields, with little overlap. And as departments fragment, research and publication become more and more about less and less. Each academic becomes the trustee not of a branch of the sciences, but of limited knowledge that all too often is irrelevant for genuinely important problems. A colleague recently boasted to me that his best student was doing his dissertation on how the medieval theologian Duns Scotus used citations. The emphasis on narrow scholarship also encourages an educational system that has become a process of cloning. Faculty members cultivate those students whose futures they envision as identical to their own pasts, even though their tenures will stand in the way of these students having futures as full professors. The dirty secret of higher education is that without underpaid graduate students to help in laboratories and with teaching, universities couldn?t conduct research or even instruct their growing undergraduate populations. That?s one of the main reasons we still encourage people to enroll in doctoral programs. It is simply cheaper to provide graduate students with modest stipends and adjuncts with as little as $5,000 a course ? with no benefits ? than it is to hire full- time professors. In other words, young people enroll in graduate programs, work hard for subsistence pay and assume huge debt burdens, all because of the illusory promise of faculty appointments. But their economical presence, coupled with the intransigence of tenure, ensures that there will always be too many candidates for too few openings. The other obstacle to change is that colleges and universities are self-regulating or, in academic parlance, governed by peer review. While trustees and administrations theoretically have some oversight responsibility, in practice, departments operate independently. To complicate matters further, once a faculty member has been granted tenure he is functionally autonomous. Many academics who cry out for the regulation of financial markets vehemently oppose it in their own departments. If American higher education is to thrive in the 21st century, colleges and universities, like Wall Street and Detroit, must be rigorously regulated and completely restructured. The long process to make higher learning more agile, adaptive and imaginative can begin with six major steps: 1. Restructure the curriculum, beginning with graduate programs and proceeding as quickly as possible to undergraduate programs. The division-of-labor model of separate departments is obsolete and must be replaced with a curriculum structured like a web or complex adaptive network. Responsible teaching and scholarship must become cross-disciplinary and cross-cultural. Just a few weeks ago, I attended a meeting of political scientists who had gathered to discuss why international relations theory had never considered the role of religion in society. Given the state of the world today, this is a significant oversight. There can be no adequate understanding of the most important issues we face when disciplines are cloistered from one another and operate on their own premises. It would be far more effective to bring together people working on questions of religion, politics, history, economics, anthropology, sociology, literature, art, religion and philosophy to engage in comparative analysis of common problems. As the curriculum is restructured, fields of inquiry and methods of investigation will be transformed. 2. Abolish permanent departments, even for undergraduate education, and create problem-focused programs. These constantly evolving programs would have sunset clauses, and every seven years each one should be evaluated and either abolished, continued or significantly changed. It is possible to imagine a broad range of topics around which such zones of inquiry could be organized: Mind, Body, Law, Information, Networks, Language, Space, Time, Media, Money, Life and Water. Consider, for example, a Water program. In the coming decades, water will become a more pressing problem than oil, and the quantity, quality and distribution of water will pose significant scientific, technological and ecological difficulties as well as serious political and economic challenges. These vexing practical problems cannot be adequately addressed without also considering important philosophical, religious and ethical issues. After all, beliefs shape practices as much as practices shape beliefs. A Water program would bring together people in the humanities, arts, social and natural sciences with representatives from professional schools like medicine, law, business, engineering, social work, theology and architecture. Through the intersection of multiple perspectives and approaches, new theoretical insights will develop and unexpected practical solutions will emerge. 3. Increase collaboration among institutions. All institutions do not need to do all things and technology makes it possible for schools to form partnerships to share students and faculty. Institutions will be able to expand while contracting. Let one college have a strong department in French, for example, and the other a strong department in German; through teleconferencing and the Internet both subjects can be taught at both places with half the staff. With these tools, I have already team-taught semester-long seminars in real time at the Universities of Helsinki and Melbourne. 4. Transform the traditional dissertation. In the arts and humanities, where looming cutbacks will be most devastating, there is no longer a market for books modeled on the medieval dissertation, with more footnotes than text. As financial pressures on university presses continue to mount, publication of dissertations, and with it scholarly certification, is almost impossible. (The average university press print run of a dissertation that has been converted into a book is less than 500, and sales are usually considerably lower.) For many years, I have taught undergraduate courses in which students do not write traditional papers but develop analytic treatments in formats from hypertext and Web sites to films and video games. Graduate students should likewise be encouraged to produce ?theses? in alternative formats. 5. Expand the range of professional options for graduate students. Most graduate students will never hold the kind of job for which they are being trained. It is, therefore, necessary to help them prepare for work in fields other than higher education. The exposure to new approaches and different cultures and the consideration of real-life issues will prepare students for jobs at businesses and nonprofit organizations. Moreover, the knowledge and skills they will cultivate in the new universities will enable them to adapt to a constantly changing world. 6. Impose mandatory retirement and abolish tenure. Initially intended to protect academic freedom, tenure has resulted in institutions with little turnover and professors impervious to change. After all, once tenure has been granted, there is no leverage to encourage a professor to continue to develop professionally or to require him or her to assume responsibilities like administration and student advising. Tenure should be replaced with seven-year contracts, which, like the programs in which faculty teach, can be terminated or renewed. This policy would enable colleges and universities to reward researchers, scholars and teachers who continue to evolve and remain productive while also making room for young people with new ideas and skills. For many years, I have told students, ?Do not do what I do; rather, take whatever I have to offer and do with it what I could never imagine doing and then come back and tell me about it.? My hope is that colleges and universities will be shaken out of their complacency and will open academia to a future we cannot conceive. Mark C. Taylor, the chairman of the religion department at Columbia, is the author of the forthcoming ?Field Notes From Elsewhere: Reflections on Dying and Living.? From rforno at infowarrior.org Mon Apr 27 23:43:08 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Apr 2009 19:43:08 -0400 Subject: [Infowarrior] - Military enlists open source community Message-ID: <398792BF-A968-4CD0-BA7C-5172FB51883A@infowarrior.org> http://www.networkworld.com/news/2009/042709-military-open-source.html Military enlists open source community U.S. Defense Department is adopting a collaborative approach to speed software development, reduce cost By Carolyn Duffy Marsan , Network World , 04/27/2009 Sponsored by: The U.S. Defense Department is enlisting an open source approach to software development -- an about-face for such a historically top-down organization. In recent weeks, the military has launched a collaborative platform called Forge.mil for its developers to share software, systems components and network services. The agency also signed an agreement with the Open Source Software Institute to allow 50 internally developed workforce management applications to be licensed to other government agencies, universities and companies. Taken together, the two developments show how the Defense Department is trying to take advantage of Web-based communities to speed up software development and reduce its costs. Dave Mihelcic, CTO of the Defense Information Systems Agency, says the military believes in the core Web 2.0 philosophy of the power of collaboration. Related Content "The Web is a platform for harvesting collective intelligence," Mihelcic said in a recent interview. He pointed to "remixable data sources, services in perpetual beta and lightweight programming models" as some of the aspects of open source software development that are applicable to the Defense Department. One example of the Defense Department's new community-based approach to software development is Forge.mil, which was made generally available for unclassified use within the department in April. The Defense Information Systems Agency (DISA) has issued version two of SoftwareForge after a three-month trial that grew to 1,300 users. SoftwareForge provides software version control, bug tracking, requirements management and release packaging for software developers, along with collaboration tools such as wikis, discussion forums and document repositories, DISA said. DISA said it will deploy a cloud computing-based version of the SoftwareForge tools for classified environments. DISA also plans to add software testing and certification services to Forge.mil. Mihelcic says Forge.mil is similar to the "Web 2.0 paradigm of putting services on the Web and making them accessible to a large number of users to increase the adoption of capabilities. We're using the same collaboration approach to speed the development of DOD systems." Meanwhile, DISA has licensed its Corporate Management Information System (CMIS) to the Open Source Software Institute to develop an open source version of the 50-odd applications that DISA uses to manage its workforce. The CMIS applications support human resources, training, payroll and other personnel management functions that meet federal regulations. CMIS has 16,000 users, including DISA employees and military contractors. Originally written in 1997, CMIS was revamped in January 2006 using the latest Web-based tools including an Adobe Cold Fusion front-end and a Microsoft SQL Server 2005 back-end. Richard Nelson, chief of personnel systems support at DISA, says CMIS is easy to use because it takes advantage of modern Web-based interfaces including drop-down lists for data input. "We've been able to cut down on help desk support so substantially," Nelson says. "With the old version, we were running anywhere from 75 to 100 help desk calls and e-mails a day. Now our average is less than five e-mails and calls. It's not because people are using it less but because it has fewer problems." Nelson says a key driver for CMIS is that it needs to be so intuitive that users don't need training. Related Content "If the customer requires instruction on the product, we have failed and we will do it over," Nelson says. "The reason that we're able to do that so successfully is that we take a somewhat different approach to the way most software is designed. Most software is designed so that business logic and processes need to follow software logic and process. Therefore it requires substantial training. We do it exactly opposite." The Open Software Services Institute will make CMIS available in two different licenses: a regular open source license for government agencies and companies, and a free license for academia. Nelson says CMIS has a cutting-edge approach to learning management, handling everything from training course sign-up to approvals and payment. Another unusual feature of CMIS is its telework management application. Nelson says he hopes many organizations will license CMIS and start adding new capabilities so DISA can take advantage of a vibrant CMIS community of developers. Within three years, "I would hope that a number of others inside government and beyond are using it," Nelson said. "I'm hoping we all have ready access to qualified developers. I?m hoping that DISA gets access to a substantial number of additional applications?without having to build them ourselves." All contents copyright 1995-2009 Network World, Inc. http://www.networkworld.com From rforno at infowarrior.org Mon Apr 27 23:45:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Apr 2009 19:45:44 -0400 Subject: [Infowarrior] - BBC Rehashes MPAA Propaganda Message-ID: <633C6A39-5619-4C9F-A588-A30D66E6CB0D@infowarrior.org> The BBC Rehashes MPAA Propaganda Written by Ben Jones on April 25, 2009 As a government owned corporation the BBC has a duty to educate, and be evenhanded in its dealings with subjects. Yet in a recent segment on their long-running ?Film? program, currently hosted by Jonathon Ross, the BBC ran a biased segment straight from the MPAA. The BBC on the other hand, believes it was fair and balanced. bbcLet?s get things straight from the off, we know that as a major television producer the BBC has a vested interest in the goings on of copyright policy. However, the BBC also has a mission to ?inform, educate and entertain?, so when the March 31st edition of ?Film 2009 with Jonathon Ross? featured a section talking about piracy, it was worth investigating. The 5 minute segment focused on an MPAA funded study by a group called the RAND corporation. The study - which was widely criticized early last month - is back with a new coat of paint. This time though, it?s being broadcast to the movie-going British public with the appearance of solid fact, and has addressed none of the questions we brought up just after the study was released. Perhaps the choice of interviewees might shed some light on ?why?? a bit better. * Keiron Sharp ? Director General, Federation Against Copyright Theft. * John Woodward ? CEO, UK Film Council. * Gregory Treverton ? Director of RAND, the study?s authors. * Callum McDougall ? Executive Producer for Quantum of Solace. This selection seems to be a bit one sided to say the least. If you?re wondering what?s so special about the last name, it might be because you didn?t go to see that film at the cinema. Just before the film was played, a short advert voiced by Quantum star Daniel Craig, talked about how ?piracy was costing people jobs?. McDougall also gave a speech last winter to a UK copyright industry lobby group saying how the industry will fall ?like a house of cards? if downloading continues at current levels. This same group, the Industry Trust for IP Awareness, tried to push much the same message on terrorism and piracy almost 5 years ago. One of our readers was angered by the bias of the segment and wrote a complaint to the BBC. After a few weeks of waiting a reply came back from BBC Complaints, and it was none too satisfying. < - > http://torrentfreak.com/the-bbc-rehashes-mpaa-propaganda-090425/ From rforno at infowarrior.org Tue Apr 28 10:44:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Apr 2009 06:44:14 -0400 Subject: [Infowarrior] - U.S. Plans Attack and Defense in Cyberspace Warfare Message-ID: <053CB521-45B4-4BC7-9B2B-25487E2CB1B6@infowarrior.org> April 28, 2009 U.S. Plans Attack and Defense in Cyberspace Warfare By DAVID E. SANGER, JOHN MARKOFF and THOM SHANKER http://www.nytimes.com/2009/04/28/us/28cyber.html?_r=1&hp=&pagewanted=print This article was reported by David E. Sanger, John Markoff and Thom Shanker and written by Mr. Sanger. When American forces in Iraq wanted to lure members of Al Qaeda into a trap, they hacked into one of the group?s computers and altered information that drove them into American gun sights. When President George W. Bush ordered new ways to slow Iran?s progress toward a nuclear bomb last year, he approved a plan for an experimental covert program ? its results still unclear ? to bore into their computers and undermine the project. And the Pentagon has commissioned military contractors to develop a highly classified replica of the Internet of the future. The goal is to simulate what it would take for adversaries to shut down the country?s power stations, telecommunications and aviation systems, or freeze the financial markets ? in an effort to build better defenses against such attacks, as well as a new generation of online weapons. Just as the invention of the atomic bomb changed warfare and deterrence 64 years ago, a new international race has begun to develop cyberweapons and systems to protect against them. Thousands of daily attacks on federal and private computer systems in the United States ? many from China and Russia, some malicious and some testing chinks in the patchwork of American firewalls ? have prompted the Obama administration to review American strategy. President Obama is expected to propose a far larger defensive effort in coming days, including an expansion of the $17 billion, five-year program that Congress approved last year, the appointment of a White House official to coordinate the effort, and an end to a running bureaucratic battle over who is responsible for defending against cyberattacks. But Mr. Obama is expected to say little or nothing about the nation?s offensive capabilities, on which the military and the nation?s intelligence agencies have been spending billions. In interviews over the past several months, a range of military and intelligence officials, as well as outside experts, have described a huge increase in the sophistication of American cyberwarfare capabilities. Because so many aspects of the American effort to develop cyberweapons and define their proper use remain classified, many of those officials declined to speak on the record. The White House declined several requests for interviews or to say whether Mr. Obama as a matter of policy supports or opposes the use of American cyberweapons. The most exotic innovations under consideration would enable a Pentagon programmer to surreptitiously enter a computer server in Russia or China, for example, and destroy a ?botnet? ? a potentially destructive program that commandeers infected machines into a vast network that can be clandestinely controlled ? before it could be unleashed in the United States. Or American intelligence agencies could activate malicious code that is secretly embedded on computer chips when they are manufactured, enabling the United States to take command of an enemy?s computers by remote control over the Internet. That, of course, is exactly the kind of attack officials fear could be launched on American targets, often through Chinese-made chips or computer servers. So far, however, there are no broad authorizations for American forces to engage in cyberwar. The invasion of the Qaeda computer in Iraq several years ago and the covert activity in Iran were each individually authorized by Mr. Bush. When he issued a set of classified presidential orders in January 2008 to organize and improve America?s online defenses, the administration could not agree on how to write the authorization. A principal architect of that order said the issue had been passed on to the next president, in part because of the complexities of cyberwar operations that, by necessity, would most likely be conducted on both domestic and foreign Internet sites. After the controversy surrounding domestic spying, Mr. Bush?s aides concluded, the Bush White House did not have the credibility or the political capital to deal with the subject. Electronic Vulnerabilities Cyberwar would not be as lethal as atomic war, of course, nor as visibly dramatic. But when Mike McConnell, the former director of national intelligence, briefed Mr. Bush on the threat in May 2007, he argued that if a single large American bank were successfully attacked ?it would have an order-of-magnitude greater impact on the global economy? than the Sept. 11, 2001, attacks. Mr. McConnell, who left office three months ago, warned last year that ?the ability to threaten the U.S. money supply is the equivalent of today?s nuclear weapon.? The scenarios developed last year for the incoming president by Mr. McConnell and his coordinator for cybersecurity, Melissa Hathaway, went further. They described vulnerabilities including an attack on Wall Street and one intended to bring down the nation?s electric power grid. Most were extrapolations of attacks already tried. Today, Ms. Hathaway is the primary author of White House cyberstrategy and has been traveling the country talking in vague terms about recent, increasingly bold attacks on the computer networks that keep the country running. Government officials will not discuss the details of a recent attack on the air transportation network, other than to say the attack never directly affected air traffic control systems. Still, the specter of an attack that could blind air traffic controllers and, perhaps, the military?s aerospace defense networks haunts military and intelligence officials. (The saving grace of the air traffic control system, officials say, is that it is so old that it is not directly connected to the Internet.) Studies, with code names like Dark Angel, have focused on whether cellphone towers, emergency-service communications and hospital systems could be brought down, to sow chaos. But the theoretical has, at times, become real. ?We have seen Chinese network operations inside certain of our electricity grids,? said Joel F. Brenner, who oversees counterintelligence operations for Dennis Blair, Mr. McConnell?s successor as national intelligence director, speaking at the University of Texas at Austin this month. ?Do I worry about those grids, and about air traffic control systems, water supply systems, and so on? You bet I do.? But the broader question ? one the administration so far declines to discuss ? is whether the best defense against cyberattack is the development of a robust capability to wage cyberwar. As Mr. Obama?s team quickly discovered, the Pentagon and the intelligence agencies both concluded in Mr. Bush?s last years in office that it would not be enough to simply build higher firewalls and better virus detectors or to restrict access to the federal government?s own computers. ?The fortress model simply will not work for cyber,? said one senior military officer who has been deeply engaged in the debate for several years. ?Someone will always get in.? That thinking has led to a debate over whether lessons learned in the nuclear age ? from the days of ?mutually assured destruction? ? apply to cyberwar. But in cyberwar, it is hard to know where to strike back, or even who the attacker might be. Others have argued for borrowing a page from Mr. Bush?s pre-emption doctrine by going into foreign computers to destroy malicious software before it is unleashed into the world?s digital bloodstream. But that could amount to an act of war, and many argue it is a losing game, because the United States is more dependent on a constantly running Internet system than many of its potential adversaries, and therefore could suffer more damage in a counterattack. In a report scheduled to be released Wednesday, the National Research Council will argue that although an offensive cybercapability is an important asset for the United States, the nation is lacking a clear strategy, and secrecy surrounding preparations has hindered national debate, according to several people familiar with the report. The advent of Internet attacks ? especially those suspected of being directed by nations, not hackers ? has given rise to a new term inside the Pentagon and the National Security Agency: ?hybrid warfare.? It describes a conflict in which attacks through the Internet can be launched as a warning shot ? or to pave the way for a traditional attack. Early hints of this new kind of warfare emerged in the confrontation between Russia and Estonia in April 2007. Clandestine groups ? it was never determined if they had links to the Russian government ? commandeered computers around the globe and directed a fire hose of data at Estonia?s banking system and its government Web sites. The computer screens of Estonians trying to do business with the government online were frozen, if they got anything at all. It was annoying, but by the standards of cyberwar, it was child?s play. In August 2008, when Russia invaded Georgia, the cyberattacks grew more widespread. Georgians were denied online access to news, cash and air tickets. The Georgian government had to move its Internet activity to servers in Ukraine when its own servers locked up, but the attacks did no permanent damage. Every few months, it seems, some agency, research group or military contractor runs a war game to assess the United States? vulnerability. Senior intelligence officials were shocked to discover how easy it was to permanently disable a large power generator. That prompted further studies to determine if attackers could take down a series of generators, bringing whole parts of the country to a halt. Another war game that the Department of Homeland Security sponsored in March 2008, called Cyber Storm II, envisioned a far larger, coordinated attack against the United States, Britain, Canada, Australia and New Zealand. It studied a disruption of chemical plants, rail lines, oil and gas pipelines and private computer networks. That study and others like it concluded that when attacks go global, the potential economic repercussions increase exponentially. To prove the point, Mr. McConnell, then the director of national intelligence, spent much of last summer urging senior government officials to examine the Treasury Department?s scramble to contain the effects of the collapse of Bear Stearns. Markets froze, he said, because ?what backs up that money is confidence ? an accounting system that is reconcilable.? He began studies of what would happen if the system that clears market trades froze. ?We were halfway through the study,? one senior intelligence official said last month, ?and the markets froze of their own accord. And we looked at each other and said, ?Our market collapse has just given every cyberwarrior out there a playbook.? ? Just before Mr. Obama was elected, the Center for Strategic and International Studies, a policy research group in Washington, warned in a report that ?America?s failure to protect cyberspace is one of the most urgent national security problems facing the new administration.? What alarmed the panel was not the capabilities of individual hackers but of nations ? China and Russia among them ? that experts believe are putting huge resources into the development of cyberweapons. A research company called Team Cymru recently examined ?scans? that came across the Internet seeking ways to get inside industrial control systems, and discovered more than 90 percent of them came from computers in China. Scanning alone does no damage, but it could be the prelude to an attack that scrambles databases or seeks to control computers. But Team Cymru ran into a brick wall as soon as it tried to trace who, exactly, was probing these industrial systems. It could not determine whether military organizations, intelligence agencies, terrorist groups, criminals or inventive teenagers were behind the efforts. The good news, some government officials argue, is that the Chinese are deterred from doing real damage: Because they hold more than a trillion dollars in United States government debt, they have little interest in freezing up a system they depend on for their own investments. Then again, some of the scans seemed to originate from 14 other countries, including Taiwan, Russia and, of course, the United States. Bikini Atoll for an Online Age Because ?cyberwar? contains the word ?war,? the Pentagon has argued that it should be the locus of American defensive and offensive strategy ? and it is creating the kind of infrastructure that was built around nuclear weapons in the 1940s and ?50s. Defense Secretary Robert M. Gates is considering proposals to create a Cyber Command ? initially as a new headquarters within the Strategic Command, which controls the American nuclear arsenal and assets in space. Right now, the responsibility for computer network security is part of Strategic Command, and military officials there estimate that over the past six months, the government has spent $100 million responding to probes and attacks on military systems. Air Force officials confirm that a large network of computers at Maxwell Air Force Base in Alabama was temporarily taken off-line within the past eight months when it was put at risk of widespread infection from computer viruses. But Mr. Gates has concluded that the military?s cyberwarfare effort requires a sharper focus ? and thus a specific command. It would build the defenses for military computers and communications systems and ? the part the Pentagon is reluctant to discuss ? develop and deploy cyberweapons. In fact, that effort is already under way ? it is part of what the National Cyber Range is all about. The range is a replica of the Internet of the future, and it is being built to be attacked. Competing teams of contractors ? including BAE Systems, the Applied Physics Laboratory at Johns Hopkins University and Sparta Inc. ? are vying to build the Pentagon a system it can use to simulate attacks. The National Security Agency already has a smaller version of a similar system, in Millersville, Md. In short, the Cyber Range is to the digital age what the Bikini Atoll ? the islands the Army vaporized in the 1950s to measure the power of the hydrogen bomb ? was to the nuclear age. But once the tests at Bikini Atoll demonstrated to the world the awesome destructive power of the bomb, it became evident to the United States and the Soviet Union ? and other nuclear powers ? that the risks of a nuclear exchange were simply too high. In the case of cyberattacks, where the results can vary from the annoying to the devastating, there are no such rules. The Deterrence Conundrum During the cold war, if a strategic missile had been fired at the United States, screens deep in a mountain in Colorado would have lighted up and American commanders would have some time to decide whether to launch a counterattack. Today, when Pentagon computers are subjected to a barrage, the origin is often a mystery. Absent certainty about the source, it is almost impossible to mount a counterattack. In the rare case where the preparations for an attack are detected in a foreign computer system, there is continuing debate about whether to embrace the concept of pre-emption, with all of its Bush-era connotations. The questions range from whether an online attack should be mounted on that system to, in an extreme case, blowing those computers up. Some officials argue that if the United States engaged in such pre- emption ? and demonstrated that it was watching the development of hostile cyberweapons ? it could begin to deter some attacks. Others believe it will only justify pre-emptive attacks on the United States. ?Russia and China have lots of nationalistic hackers,? one senior military officer said. ?They seem very, very willing to take action on their own.? Senior Pentagon and military officials also express deep concern that the laws and understanding of armed conflict have not kept current with the challenges of offensive cyberwarfare. Over the decades, a number of limits on action have been accepted ? if not always practiced. One is the prohibition against assassinating government leaders. Another is avoiding attacks aimed at civilians. Yet in the cyberworld, where the most vulnerable targets are civilian, there are no such rules or understandings. If a military base is attacked, would it be a proportional, legitimate response to bring down the attacker?s power grid if that would also shut down its hospital systems, its air traffic control system or its banking system? ?We don?t have that for cyber yet,? one senior Defense Department official said, ?and that?s a little bit dangerous.? From rforno at infowarrior.org Tue Apr 28 11:18:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Apr 2009 07:18:43 -0400 Subject: [Infowarrior] - DARPA blimp reaches Phase 3 Message-ID: DARPA at Phase 3 on solar powered surveillance strato-ship By Lewis Page Posted in Science, 28th April 2009 10:15 GMT http://www.theregister.co.uk/2009/04/28/darpa_isis_phase_3/ The famed Pentagon Q-branch boffinry hothouse, DARPA, has unveiled another ambitious plan to further US military-technical dominance. It has given $400m to American weapons globocorp Lockheed to develop a solar-powered robot radar airship, able to lurk in the stratosphere for a year at a time, potentially tracking individual people walking about on the ground across areas 1200km wide. DARPA concept of the ISIS radar airship The government spooks didn't need numberplate tracking any more. Yesterday's contract announcement was for Phase 3 of DARPA's Integrated Sensor Is Structure (ISIS) project, in which a flying sub- scale demonstrator will be built to prove that the concept can work as planned. Phases 1 and 2 consisted mostly of design studies and materials work. The idea of ISIS is to hugely improve on what a normal airship can do, by using the ship itself as a radar antenna rather than carrying a separate piece of machinery - hence the name. DARPA believe this will hugely increase the size of radar antenna a stratospheric airship can carry, which in turn means the radar would deliver much better sensor resolution for much less power. The lowered power requirements of the ISIS radar-ship, DARPA believes, will mean it can run on solar power. Excess energy generated during the day will be stored by cracking water into hydrogen: at night, this will be burned in fuel cells to keep the ship flying and its radar shining even in darkness. DARPA calculate that the ship should be able to cruise at 60 knots or sprint at 100, which will let it deploy from the US to a global troublespot in 10 days. It will then be able to hold station easily in the stratospheric "wind bucket" found at 65,000 to 70,000 feet, scanning the ground beneath it with its all-seeing radar mega-eye. The performance of the massive scanner, according to DARPA, should be such that it can track unobscured "dismounts [people walking] across the entire line of sight" - in other words out to the horizon, which at operational height will be 600km away. That said, the contract announcement suggests a slight bit of neck- winding, referring to an ability to track "all ground targets" to 300km. Closer in, the Pentagon boffins think, it will be capable of tracking such small objects even through overhanging foliage. Performance against easier airborne targets - planes, missiles etc. - would definitely be right out to the horizon at 600km. If the ISIS can do all that DARPA suggest, it will handily trump most of the other aerial scanners in use by the US forces, including AWACS sky-scanner planes, the smaller E-2 Hawkeye AWACS that flies from US carriers, Joint STARS ground-sweeping tank sniffers, and the JLENS moored-balloon radar plan. The potential would be there perhaps to do without all these things, simply assigning a single ISIS ship in place of the several AWACS or whatever you formerly needed so as to keep one up on patrol. An ISIS airship would potentially be vulnerable to enemy action, but at 70,000 feet only quite serious enemies - the sort who could also threaten AWACS or JSTARS aircraft - would have any chance of hitting it. And those planes carry large crews, whereas the ISIS is unmanned. So this is potentially big news for the US military, the more so in that ISIS has now made it to Phase 3 - we're no longer talking just about design studies here. The privacy/surveillance issues - the chance that ISIS spy-ships might lurk one day above US or allied territory, tracking every vehicle or even every person walking about - could be even more significant. Forget about numberplate cameras or face tracking; you'd have to live underground to avoid this sort of thing. For those who'd like to know more, there's a pdf on ISIS from DARPA here. ? From rforno at infowarrior.org Tue Apr 28 11:45:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Apr 2009 07:45:09 -0400 Subject: [Infowarrior] - Proposal Would Shore Up Govt. Cyber Defenses Message-ID: (draft bill @ http://voices.washingtonpost.com/securityfix/COE09406_xml.pdf) http://voices.washingtonpost.com/securityfix/2009/04/proposal_would_shore_up_uncle.html?hpid=sec-tech Proposal Would Shore Up Govt. Cyber Defenses While cyber attacks have evolved dramatically since the beginning of this decade, the regulations governing how federal agencies defend against digital intruders haven't been updated since 2002. Legislation expected to be introduced Tuesday in the Senate would seek to correct that imbalance. The "U.S. Information and Communications Enhancement Act of 2009," which would update the Federal Information Security Management Act, or FISMA, calls for the creation of hacker squads to test the defenses of federal agency networks. In addition, agencies would be required to show that they can effectively detect and respond to the latest cyber attacks on their information systems. Critics of the current law say it merely requires agencies to show they have the proper cyber security policies in place, but not necessarily demonstrate that those policies are helping to block or mitigate real-world attacks. From rforno at infowarrior.org Tue Apr 28 14:15:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Apr 2009 10:15:42 -0400 Subject: [Infowarrior] - Trademarks to Privatizate the English Language Message-ID: Feel the Fear and Do It Anyway (or, the Privatization of the English Language) Post written by Leo Babauta. http://zenhabits.net/2009/04/feel-the-fear-and-do-it-anyway-or-the-privatization-of-the-english-language/comment-page-8/#comment-67819 Today I received an email from the lawyers of author Susan Jeffers, PhD., notifying me that I?d infringed on her trademark by inadvertently using the phrase ?feel the fear and do it anyway? in my post last week, A Guide to Beating the Fears That Hold You Back. The phrase, apparently, is the title of one of her books ? a book I?d never heard of. I wasn?t referring to her book. I?m not using the phrase as a title of a book or product or to sell anything. I was just referring to something a friend said on Twitter. Her lawyers asked me to insert the (R) symbol after the phrase, in my post, and add this sentence: ?This is the registered trademark of Susan Jeffers, Ph.D. and is used with her permission.? Yeah. I?m not gonna do that. I find it unbelievable that a common phrase (that was used way before it was the title of any book) can be trademarked. We?re not talking about the names of products ? we?re talking about the English language. You know, the words many of us use for such things as ? talking, and writing, and general communication? Perhaps I?m a little behind the times, but is it really possible to claim whole chunks of the language, and force people to get permission to use the language, just in everyday speech? What if this were taken to an extreme? What if some billionaire (say, Bill Gates) decided to start trademarking thousands and thousands of phrases, so that he could charge us for each use, or so that we?d have to link back to the Microsoft homepage with each reference? The language, in this scenario, could be entirely privatized if we allow this sort of thing. So, while this post is probably ill-advised (and yes, I realize that I?m actually giving publicity to Ms. Jeffers), I have to object. I think we have a duty, as writers and bloggers and speakers of the English language, to defend our rights to ? words. Free speech is a bit of an important concept, I think. As an aside, I think the idea of jealously protecting copyright and trademarks, in this digital age, is outdated and ignorant. You want your ideas to spread, and you should encourage people to spread your ideas, not put up all kinds of boundaries and restrictions and obstacles to that being done. This blog, for example, is Uncopyrighted, and will always be free, because I want people to spread my posts and ideas. I think it?s actually good for me as a writer, and it?s (not insignificantly) better for the writing community in general if we can share each others? work freely. I?m hoping that with posts like this, and the good work of thousands of other like-minded people, the old mindset of fencing off ideas and language will slowly change. So, no, I will not be adding a Registered Trademark symbol to the previous post. And no, I won?t be adding a phrase of legalese to the post. And no, I won?t even attribute the phrase or link to her book, as I wasn?t referring to the book. And no, I won?t remove the phrase. I?d rather be sued. Oh, and I?m not going to change the title of this post either. You?ll have to remove it from my cold, dead iMac. ? On a side note: You may feel free to use the title of my book, The Power of Less, in any of your blog posts, on Twitter or even (gasp) everyday conversation. From rforno at infowarrior.org Tue Apr 28 14:43:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Apr 2009 10:43:39 -0400 Subject: [Infowarrior] - White House Apologizes for Air Force Flyover Message-ID: <090F7398-08F2-45CF-A0AD-97DB833731F8@infowarrior.org> April 27, 2009, 10:36 am White House Apologizes for Air Force Flyover By A. G. Sulzberger AND Matthew L. Wald http://cityroom.blogs.nytimes.com/2009/04/27/air-force-one-backup-rattles-new-york-nerve/?pagemode=print An Air Force One lookalike, the backup plane for the one regularly used by the president, flew low over parts of New York and New Jersey on Monday morning, accompanied by two F-16 fighters, so Air Force photographers could take pictures high above the New York harbor. But the exercise ? conducted without any notification to the public ? caused momentary panic in some quarters and led to the evacuation of several buildings in Lower Manhattan and Jersey City. By the afternoon, the situation had turned into a political fuse box, with Mayor Michael R. Bloomberg saying that he was ?furious? that he had not been told in advance about the flyover. At 4:39 p.m. Monday, the White House issued an apology for the flyover. Louis E. Caldera, director of the White House Military Office, who served in the Clinton administration as secretary of the Army, said in a statement: Last week, I approved a mission over New York. I take responsibility for that decision. While federal authorities took the proper steps to notify state and local authorities in New York and New Jersey, it?s clear that the mission created confusion and disruption. I apologize and take responsibility for any distress that flight caused. The mission on Monday, officials said, was set up to create an iconic shot of Air Force One, similar to one that was taken in recent years over the Grand Canyon. When President Obama learned of the episode on Monday afternoon, aides said, he, too, was furious. Senior administration officials conveyed the president?s anger in a meeting with Mr. Caldera on Monday afternoon. A senior administration official said that an F.A.A. official notified Mayor Bloomberg?s office last week about the flyover. She said that Marc Mugnos, the director of operations in the office of citywide event coordination and management, was the official notified about the Air Force operation. The flyover, which began around 10 a.m., resulted in widespread confusion and a flood of calls to emergency hot lines. Perplexed officials at the Port Authority of New York and New Jersey and other authorities were inundated with calls from anxious ferry passengers, office workers and residents. The mayor said the Police Department and someone in his administration ? he did not say who ? received an e-mail from the Federal Aviation Administration late on Thursday, informing them that there would be ?a fly-by for a photo-op, as they described it.? However, Mr. Bloomberg said he was not apprised of the flyover until his BlackBerry started buzzing this morning with messages from people asking if he knew what was going on. He characterized it as a breakdown in communication that ?will never happen again.? ?First thing is, I?m annoyed ? furious is a better word ? that I wasn?t told,? he said at a City Hall news conference held to discuss the swine flu cluster in Queens. In unusually harsh language, the mayor criticized the Defense Department for conducting the exercise and the Federal Aviation Administration for being secretive about it. Jim Peters, an F.A.A. spokesman, said ?the photo op was approved and coordinated with everyone.? Notification was made in advance to the mayor?s office, ?including its 911 and 311 operation centers,? the New York City Police Department, the New Jersey State Police, the United States Park Police and other agencies, he said. The Police Department confirmed that it had been notified about the event but said it had been barred from alerting the public. ?The flight of a VC-25 aircraft and F-16 fighters this morning was authorized by the F.A.A. for the vicinity of the Statue of Liberty with directives to local authorities not to disclose information about it but to direct any inquiries to the F.A.A. Air Traffic Security Coordinator,? the Police Department said in a statement. The mayor criticized the secrecy around the flyover. The e-mail notification ?did have the normal language of saying this is sensitive information, should be distributed on a need-to-know basis, that they did not plan to have any publicity about it, which I think is ridiculous and just poor judgment,? Mr. Bloomberg said. He added: Why the Defense Department wanted to do a photo-op right around the site of the World Trade Center catastrophe defies imagination. Poor judgment would be a nice ways to phrase it, but they did. I also think that once they had told us, we should have done a better job. Had I known about it, I would have called them right away and asked them not to. It is the federal government and they can do in the end what they please, but I would have tried to stop it. I don?t know there?s a lot else to say other than they shouldn?t have done it. Robert Gibbs, the White House press secretary, said Monday afternoon that he was unaware of the flyover. At his daily press briefing, Mr. Gibbs initially referred questions to the F.A.A. and the Air Force. When told that those government offices were referring questions to the White House, Mr. Gibbs said: ?I have no information on this other than what I saw.? Mr. Gibbs, pressed by reporters, said he had seen news reports of the flyover, but declared: ?I was working on other things. You might be surprised to know that I don?t know every movement of Air Force One.? Later, he added that he would look into the matter. The flyover was scheduled for 10 to 10:30 a.m. The plane is designated by the Defense Department as a VC-25 but is recognizable to the public as a Boeing 747. Dan Kohn A reader, Dan Kohn, took this picture of planes flying low over the harbor on Monday morning. At the rear is the Goldman Sachs tower in Jersey City. Unaware of the planned exercise, scores of office workers flooded out of buildings, worried about the prospect of terrorism. ?People came pouring out of the buildings, the American Express Building, all the buildings in the financial district by the water,? said Edward Acker, a photographer who was at the building, 3 World Financial Center. ?And even the construction guys over by 100 North End Avenue area, they all got out of their buildings. Nobody knew about it. Finally some guy showed up with a little megaphone to tell everyone it was a test, but the people were not happy. The people who were here 9/11 were not happy.? Mr. Acker added: ?New York City police were standing right there and they had no knowledge of it. The evacuations were spontaneous. Guys from the floor came out, and one guy I talked to was just shaking.? Even the markets dipped shortly after 10 a.m., though it was unclear if the alarm over the planes was a factor. Starting at 10:02 a.m., three main market indexes started dropping precipitously. The Dow Jones industrial average dropped 40 points in 10 minutes, starting 10:15 a.m., before it rebounded more than 50 points. In Jersey City, construction workers were evacuated from a condominium tower under construction at 77 Hudson Street. The workers, who were on the 32nd floor of the construction site, said the plane circled three times past the Goldman Sachs tower, the tallest building in New Jersey. On the second pass, they said, the jet appeared to be only a few dozen feet from the building ? close enough to clip the side of the skyscraper. A fighter followed right behind, mirroring its moves. The construction site as were other buildings in downtown Jersey City, including offices in the Exchange Place financial complex. Carlina Rivera, 25, who works at an educational services company on the 22nd floor of 1 Liberty Plaza, said her co-workers were spooked in part because their offices are so close to the site of the 9/11 attack. ?As soon as someone saw how close it got to the buildings, people literally ran out,? she said. ?Probably about 80 percent of my office left within two minutes of seeing how close it got to our building.? Ms. Rivera, who was a high school student in the East Village when the 9/11 attack occurred, added, ?I did feel a little bit foolish for staying in the office while everyone left.? Ms. Rivera said eventually there was a message made over the public announcement system that the plane was an advertisement for a movie ? which she said that did not coincide with what they were reading online about the plane taking pictures of the Statue of Liberty. ?It was a little confusing. What was the truth?? she said. Ms. Rivera continued: ?Of course, everyone had to take out their cellphones and say, ?You can come back, it?s O.K.? Eventually they returned with some sort of comfort food. We feel like we should have at least been warned.? At 1 Liberty Plaza, according to another person who works in Lower Manhattan, a loudspeaker announcement said at 10:55 a.m., ?Planes were observed flying low over Lower Manhattan, but were part of an approved federal action.? Johnny Villafane, 42, of the Upper West Side, said, ?The plane did a 360. There was a vibration. The glass in the skyscrapers was shivering.? He added, ?It sounded like the building were cracking, everything started shaking. I thought the plane was coming down.? Sidney Bordley, a floor director in an office building at 1 Battery Park Place, said, ?People were running out of the office, claiming they saw a commercial flight being pursued by F-16?s.? He added, ?There was some confusion and a little excitement.? A group of financial services workers, who were gathered outside the same building but declined to give their names, described their reactions. ?I saw the landing gear and I was out of here,? one said. Another said: ?There were people in my elevator, sweating and shaking. There were women crying. It was not an experience to be taken lightly.? Andrew Burke, 49, a T-shirt vendor from Crown Heights, Brooklyn, said: ?People panicked and ran into the streets thinking the worst.? He added, ?It?s a real shame they couldn?t tell the city what they were going to do.? Notify NYC, a pilot electronic service intended to quickly provide emergency alerts to New Yorkers who sign up for them, did not prove particularly effective. Text messages and e-mail messages explaining the flyover were sent out at 10:38 a.m., after the exercise was already scheduled to end. ?The community was startled, and would have preferred advance warning,? said Catherine McVay Hughes, vice chairwoman of Community Board 1 in Lower Manhattan. Steve Coleman, a spokesman for the Port Authority, which runs the region?s three major airports, said the low-flying planes prompted confusion. ?This has nothing to do with any of our airports,? he added. The Staten Island Advance reported that the Federal Aviation Administration had authorized the flights and that the flights were ?pre-planned.? President Obama was not aboard the plane, nor was he in the New York area. He gave a speech at 9 a.m. at the National Academy of Sciences in downtown Washington. It was not the first time that flyovers had left anxiety in Lower Manhattan. In February 2002, two Air Force F-16 fighters flew low over Manhattan as they made their way back to Atlantic City after a regular patrol. Officials later acknowledged that ?the timing and location? of the flyover were ?poorly coordinated.? And in May 2003, a Continental Airlines flight carrying American troops returning from Iraq received permission to fly low around the city, a decision that also rattled nerves. Jessica Bagdorf, Sewell Chan, Jennifer 8. Lee, Colin Moynihan, Fernanda Santos, Daniel E. Slotnik and Jeff Zeleny contributed reporting. From rforno at infowarrior.org Wed Apr 29 02:29:56 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Apr 2009 22:29:56 -0400 Subject: [Infowarrior] - Google Public Data Message-ID: <043248A2-3582-4A9F-BAB5-A95C0E5F9181@infowarrior.org> Google Unveils New Tool To Dig for Public Data By Kim Hart Washington Post Staff Writer Wednesday, April 29, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/04/28/AR2009042802280_pf.html Google launched a new search tool yesterday designed to help Web users find public data that is often buried in hard-to-navigate government Web sites. The tool, called Google Public Data, is the latest in the company's efforts to make information from federal, state and local governments accessible to citizens. It's a goal that many Washington public interest groups and government watchdogs share with President Obama, whose technology advisers are pushing to open up federal data to the public. The company plans to initially make available U.S. population and unemployment data from the Census Bureau and the Bureau of Labor Statistics, respectively. Other data sets, such as emissions statistics from the Environmental Protection Agency, will roll out in the coming months. Google is one of a number of Internet properties, including Wikipedia and Amazon, that has been trying to make it easier to find government information on the Web. Wikipedia founder Jimmy Wales has urged agencies to write their own "wikis," or self-edited entries, that can make government information and processes more accessible to the public. Amazon created an open data repository so developers and researchers can share data and collaborate on sifting through it. Google's Washington employees have spent the past two years visiting government agencies to urge them to make their Web sites, records and databases more searchable. The E-Government Act of 2002 required government agencies to make information more accessible electronically, but users have complained that many agencies do not organize their Web sites so they can be easily indexed by search engines. And some agencies, Google has said, embed codes in their sites that make certain pages invisible to search engines. "Information from government sources has been one of the thornier areas," said David Girouard, president of Google Enterprise, which includes the federal team. The new tool "is taking data, reformatting it so it's immediately consumable . . . so people don't have to go through rows and rows of data." With Google's new tool, a Web user can search for a specific piece of data -- unemployment rates in Maryland, for example -- and a box appears at the top of the search results displaying the available relevant public data. Clay Johnson, director of Sunlight Labs, a project within the Sunlight Foundation that uses technology to improve government transparency, said he's encouraged by Google's new tool, although he has not yet used it. He cautioned, however, that there is no guarantee that government data is free of typographical and other errors. He added that specific pieces of data could be misleading without a full understanding of how it fits with other information that may not be visible. For example, a Google searcher may not know enough about campaign contribution laws to spot inaccurate data entries or statistics. Data tools should allow user feedback, Johnson said, to alert agencies to flawed data. Sunlight Labs is urging Federal Chief Information Officer Vivek Kundra to implement a feedback loop on Data.gov, a site he has proposed that would catalog public data. "There's a lot to be wary about," Johnson said. "We don't live in a world free of typos." From rforno at infowarrior.org Wed Apr 29 02:34:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Apr 2009 22:34:53 -0400 Subject: [Infowarrior] - Warner invokes DMCA against Lessig Message-ID: <1AFA376D-4C52-4184-B106-C276A1649BC9@infowarrior.org> Oh this is going to be fun to watch......what drugs are they on over @ Warner?? -rf Not Smart: Warner Music Issues DMCA Takedown On Larry Lessig Presentation from the this-is-going-to-hurt dept If there were anyone out there to whom you would not want to send a random takedown notice for an online video, it would probably be Larry Lessig. Given that Lessig has become the public face for those who feel that copyright has been stretched too far, as well as being a founder of Stanford's Fair Use Project, and who's written multiple books on these issues, you would think (just maybe) that any copyright holder would at least think twice before sending a DMCA takedown on a Larry Lessig presentation. Apparently, you'd be wrong. Lessig has announced that Warner Music issued a DMCA takedown on one of Lessig's own presentations, in which his use is almost certainly fair use. Lessig, of course, is a lawyer, and a big supporter of fair use, so it's no surprise that he's also said he's going to be fighting this. http://www.techdirt.com/articles/20090428/1738424686.shtml From rforno at infowarrior.org Wed Apr 29 12:36:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Apr 2009 08:36:39 -0400 Subject: [Infowarrior] - DickensURL Message-ID: <3E79FE54-A1AA-494F-BF78-A9243A99DA4B@infowarrior.org> Forget TinyURL, this converts long URLs into verses by Charles Dickens! http://dickensurl.com/ From rforno at infowarrior.org Wed Apr 29 12:44:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Apr 2009 08:44:51 -0400 Subject: [Infowarrior] - Cyberpanic: It Sells Message-ID: Cyberpanic: It Sells * By Sharon Weinberger * April 28, 2009 | http://www.wired.com/dangerroom/2009/04/cyberpanic-it-sells/ If you are the kind of person who isn?t going to buy bacon because of the swine flu scare, then you should definitely not read up on the latest story on cyber threats to national security, at least not if you want to avoid trashing all of your tech gear. To the cynic this is the government-industrial complex at its worst: federal bureaucracies doing their best to jockey for the most resources and authorities; and defense contractors doing their best to sell products and services to the government. That system isn?t going to change and I could argue that on a fundamental level it shouldn?t. What we should be concerned about is that although cyber threats have been an issue for decades, all the president?s horses and all of Wall Street?s men still haven?t produced a national information infrastructure that can withstand a hatchet, much less a malicious attack by a determined adversary. Information warfare pioneer and impresario Winn Schwartau demonstrated just how little progress we have made in this arena in a recent briefing to a large audience of military and intelligence types. At the end of the briefing, as everyone was about to congratulate him on a job well done, he revealed that the deep, insightful briefing he had just delivered was ten years old. He?d recycled it because the problems of 1998 still existed in 2008. For the more technically inclined, there is my friend Gunnar Peterson?s graphic that illustrates how cyber threat vectors have evolved over the years, while defenses . . . not so much. The system isn?t going to change but it doesn?t have to. The bottom line is that there are still plenty of ways to acquire a lot of bureaucratic power and make a lot of money actually defending government or national networks. That we continue to do the same thing over and over again is a reflection of both governmental and commercial laziness. Given that, during a period of significant economic turmoil, we are about to drop $17 billion dollars on improving the nation?s cyber security capabilities, wouldn?t it be smart if we did so in a fashion totally unlike what we?ve been doing to date?A real cyber security capability would start out by embracing and co-opting the government- contractor system to get what we need, not the tired and failed solutions of the past. Insist on comprehensive solutions and deliverables that are demonstrably functional, not simply hardware and software glued together with buzz-words. We could determine the best solutions to pursue if we injected external thinking - and a lot of it - into the debate. There is nothing new about cyber-based threats; there is nothing secret about what external powers are doing to government networks. Keeping the development of solutions secret made sense when the problem was atomic in nature and the government had more or less a monopoly on people with the physics chops. The number of people who know computer security outside of government today is several orders of magnitude larger than the number of civilian scientists who could have built an atomic bomb during the cold war. Tap all the expertise you can because the other side is, and on most days they?re winning. Finally, break out of the ?legacy futures? mindset. We should respect the knowledge and service of our predecessors, but anyone who speaks in throw-back metaphors and spent a lot of time preparing for an attack through the Fulda Gap is only ever going to offer you a digital Maginot Line for a solution. There are serious problems associated with our national information infrastructure and real threats to it exist, but we are not going to solve these problems effectively or in a timely fashion by recycling rumor and pimping hyperbole. ? Michael Tanji, cross-posted at Half of the Spear From rforno at infowarrior.org Wed Apr 29 12:46:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Apr 2009 08:46:48 -0400 Subject: [Infowarrior] - Security salaries hold up during economic gloom Message-ID: <1F74E850-3615-4A79-899E-5DCF753944FF@infowarrior.org> Security salaries hold up during economic gloom By John Leyden ? Get more from this author Posted in InfoSec, 29th April 2009 12:21 GMT http://www.theregister.co.uk/2009/04/29/security_salary_survey/ Information security salaries are holding up well during the economic downturn but capital spending projects are feeling the axe, according to a pair of surveys from training organisation (ISC)2 and specialist recruitment consultant ISS. The survey of more than 600 respondents, contractors and permanent employees based in the UK, found that more than half (56 per cent) received a pay rise in the last 12 months. Respondents were members of organisations representing professionals in the field, including: (ISC)2, ISACA, British Computer Society, Business Continuity Institute, Council of Registered Ethical Security Testers (CREST), and MIS Training Institute. Nearly three quarters of survey participants (73 per cent) indicated their role to be senior professional, with seven or more years of experience. Almost a half were in charge of managing teams. John Colley, managing director of (ISC)2, told El Reg that contractors who saw their salaries cut and who struggled for work in the early stages of the credit crunch have subsequently been rehired. Jobs and prospects in the financial services industry, traditionally a major source of employment, have been hard hit, but this has been offset by work in the government sector. However, there continues to be big salary gaps between the public and private sectors. This is particularly true for those who work for local authorities, who earn about a third less than their counterparts in finance and telecoms. Day rates for contractors ranged from ?100 to ?1150 (with an average ?548). None of the contractor respondents had more than 40 unpaid days off in the last year. Traditionally London has always been the regional location with the highest salaries, but this has changed due to cut-backs in the city, leaving the South East as the location with the highest wages for security workers. The salary survey - which is designed to serve as a reference for information security pros and hiring managers - found that the average salary for the 566 permanent employees who responded was ?53,600. Nearly two thirds earned more than ?50,000, while nearly half received bonuses that contributed an average of ?10,000 to their basic salary. Benefits received by half contributed ?10,000 to their remuneration package. "Despite the doom and gloom of the economic situation, security continues to be a highly valued as a profession, and they continue to be paid well," said Iain Sutherland, founder of ISS. "The operational and administrative roles that used to be considered specialist to information security appear to be moving into IT," he added. While security salaries might be holding up well it's a different story in terms of capital expenditure. Seventy-two percent of more than 2,500 information security pros quizzed said their budgets were reduced the past six months due to the economic downturn. However half said they did not expect any additional cuts for the remainder of the year. Around a third of survey respondents occupied hiring roles. Two in five (43 per cent) of this sample expected to hire additional information security staff this year. Sought-after areas of expertise included information risk management, operations security, access control systems and methodology, security management practices, and applications and systems development security. The recruitment and spending findings are part of a web based survey by (ISC)2. The survey remains open to information security pros until May 15, when final results will be published. "While we are being affected, generally Information Security is a profession that is weathering the recession well, as companies continue to recognise that security competency is both a business imperative and a means to achieving cost ?cutting operational changes," said John Colley, managing director of (ISC)2 Europe. ?Budget cuts are definitely here and security isn't immune,? Colley said. ? But what we're seeing is projects are sacrificed in favour of people. Firms need to align security plans to biz strategy,? he added. The release of the two (ISC)2 surveys on Wednesday coincided with the Infosec conference in London. (ISC)2 is sponsoring Job Market Cafes for members and attendees of Infosec 2009. Representatives of three specialist recruiting firms ? Barclay Simpson, Acumin and Information Security Solutions ? will take part in the seminar on Wednesday afternoon. The Job Market Cafes form the London leg of workshops (ISC)2 is planning around the world to assist information security pros during the global downturn. ? From rforno at infowarrior.org Wed Apr 29 18:11:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Apr 2009 14:11:21 -0400 Subject: [Infowarrior] - Time Warner to Spin Off AOL Division Message-ID: Time Warner to Spin Off AOL Division By Mike Musgrove Washington Post Staff Writer Wednesday, April 29, 2009 11:38 AM http://www.washingtonpost.com/wp-dyn/content/article/2009/04/29/AR2009042902156_pf.html Time Warner Inc. announced this morning in a filing with the Securities and Exchange Commission that it intends to spin off its ailing AOL division. "Although the Company's Board of Directors has not made any decision," the company wrote in its latest quarterly report to investors, "the Company currently anticipates that it would initiate a process to spin off one or more parts of the businesses of AOL to Time Warner's stockholders, in one or a series of transactions." Time Warner's net income dropped 14 percent over the same period a year ago, mainly because of dropping revenues at AOL but also because of a suffering publishing business. Tech industry analysts had, for years, speculated that Time Warner would spin off AOL; the two companies merged in 2001 with the idea that AOL's strengths as a new media company could benefit an old media company like Time Warner, and vice versa. But few synergies ever arose from the marriage. Even AOL founder Steve Case, who is no longer with the company, has said that he believes the two companies should be separated. Talk of a split between the two companies was renewed in March when Time Warner ousted AOL's two top executives and placed former Google executive Tim Armstrong at the top of the company. In an all hands meeting with AOL staffers after he was named to the post, Armstrong exhorted the company to "get America back online" and said that AOL's Dulles office, the company's original headquarters, would be at the heart of a new wave of innovation. Meanwhile, tech pundits have continued to speculate that Armstrong had been brought on board to spin off the company. Earlier this month, Time Warner proposed to debtholders a change in terms of more than $12 billion in loans. Under the proposed revision, filed with the SEC, Time Warner would guarantee AOL's debt with assets from its HBO division instead of AOL. From rforno at infowarrior.org Wed Apr 29 18:47:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Apr 2009 14:47:14 -0400 Subject: [Infowarrior] - Surveillance Effort Draws Civil Liberties Concern Message-ID: <327DBE48-2AFD-49B3-82A8-EE4D403FC51B@infowarrior.org> April 29, 2009 Surveillance Effort Draws Civil Liberties Concern By ERIC SCHMITT http://www.nytimes.com/2009/04/29/us/29surveil.html?pagewanted=print LOS ANGELES ? A growing number of big-city police departments and other law enforcement agencies across the country are embracing a new system to report suspicious activities that officials say could uncover terrorism plots but that civil liberties groups contend might violate individual rights. Here and in nearly a dozen other cities, including Boston, Chicago and Miami, officers are filling out terror tip sheets if they run across activities in their routines that seem out of place, like someone buying police or firefighter uniforms, taking pictures of a power plant or espousing extremist views. Ultimately, state and federal officials intend to have a nationwide reporting system in place by 2014, using a standardized system of codes for suspicious behaviors. It is the most ambitious effort since the Sept. 11 attacks to put in place a network of databases to comb for clues that might foretell acts of terrorism. But the American Civil Liberties Union and other rights groups warn that the program pioneered by the Los Angeles Police Department raises serious privacy and civil liberties concerns. ?The behaviors identified by L.A.P.D. are so commonplace and ordinary that the monitoring or reporting of them is scarcely any less absurd,? the A.C.L.U. said in a report last July. ?This overbroad reporting authority,? the report adds, ?gives law enforcement officers justification to harass practically anyone they choose, to collect personal information and to pass such information along to the intelligence community.? Muslim-American groups here also view the program with suspicion, especially after the police department?s counterterrorism and criminal intelligence bureau proposed in November 2007 to create a map detailing the Muslim communities in the city, ostensibly as a step toward thwarting radicalization. Muslim leaders said the idea amounted to racial or religious profiling, and it was dropped. Cmdr. Joan T. McNamara, assistant commander of the counterterrorism bureau, said her department was vetting information from the some 1,500 reports so far in the year-old program. Commander McNamara said in an interview that police officers, intelligence analysts and top commanders were training in what kind of suspicious behavior to look for, based on a 65-item checklist that she and her staff created, as well as in privacy and civil liberties issues. The Los Angeles program has not foiled any terrorism plots, said Commander McNamara and Lt. Robert Fox, who runs the department?s suspicious reporting program. But they said 67 of the reports had been referred to the local Joint Terrorism Task Force, headed by the Federal Bureau of Investigation. About 20 reports have led to arrests in cases involving explosives, weapons, bomb threats and organized crime, they said, but they declined to give details because the cases are under investigation. ?We?re able to connect the dots like we were never able to before,? said Commander McNamara, a 26-year veteran and highly decorated former narcotics officer. The approach is based on experience showing that terrorists typically surveil their targets before an attack, conducting dry runs of their operations to note guard schedules, to gauge how emergency personnel react to false alarms or abandoned packages and to seek out security weaknesses. Some programs are in their infancy, but senior police officers in other cities said a searchable network of standardized databases could help with reporting and analyzing suspicious behavior possibly linked to terrorism that might previously have fallen through the cracks. ?This is the piece of the whole puzzle that?s been missing,? said Earl O. Perkins, a deputy superintendent with the Boston Police Department who oversees its intelligence center. Mr. Perkins said that his department had not detected any terror plots in the nine months the program had been operating but that it had led to arrests involving credit-card fraud and identify theft, crimes associated with terrorism cells in the past. A branch of the Office of the Director of National Intelligence is sponsoring the national pilot program that in addition to Boston and Los Angeles includes police departments in Chicago, Houston, Las Vegas, Miami, Phoenix, Seattle and Washington, as well as state intelligence fusion centers in Florida, New York and Virginia. Nearly two dozen other cities have expressed interest. The New York City Police Department has an extensive reporting system that works closely with the F.B.I., said Paul J. Browne, a department spokesman. After issuing the report critical of the Los Angeles program, A.C.L.U. lawyers have met in recent months with police and federal officials to try to work out tougher safeguards on vetting information that goes into the reports, police training and privacy and civil liberties protections. ?Our concern lies with the investigation of noncriminal, ordinary activity,? said Peter Bibring, a staff lawyer with the A.C.L.U. of Southern California, who met recently with Los Angeles police officials. ?It remains to be seen how much of my feedback they take.? Civil liberties advocates praise the transparency of the police efforts in Los Angeles and a few other cities. But they also cite problems in places where police or other law enforcement officials have overreached ? examples they say will multiply if the program to report suspicious activity expands. In September 2007, a 24-year-old Muslim-American journalism student at Syracuse University was stopped by a Veterans Affairs police officer in New York for taking photographs of flags in front of a V.A. building as part of a class assignment. The student was taken into an office for questioning, and the images were deleted from her camera before she was released. Also that year, a 54-year-old artist and fine arts professor at the University of Washington was stopped by Washington State police for taking photographs of electrical power lines as part of an art project. The professor was searched, handcuffed and placed in the back of a police car for almost half an hour before being released. Police officials acknowledge that problems need to be worked out. ?We want police officers to be aware of criminal activities with nexus to terrorism, but we don?t want them stopping everyone who takes a picture of the Golden Gate Bridge,? said Tom Frazier, a former Baltimore police commissioner who is executive director of the Major Cities Chiefs Association, which represents the nation?s 56 largest police departments. In Los Angeles, Deputy Chief Michael P. Downing, head of the police counterterrorism bureau, said the program should give law enforcement officials more warning to help avert an attack. ?We should be able to see something coming, harden the target and deploy resources to it,? Chief Downing said. From rforno at infowarrior.org Thu Apr 30 02:04:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Apr 2009 22:04:22 -0400 Subject: [Infowarrior] - Panel Warns U.S. on Cyberwar Plans Message-ID: <6CFCEFCE-9138-4DF9-AA60-A0C6ABE16635@infowarrior.org> Panel Warns U.S. on Cyberwar Plans By JOHN MARKOFF and THOM SHANKER http://www.nytimes.com/2009/04/30/science/30cyber.html?_r=1&hp=&pagewanted=print The United States has no clear military policy about how the nation might respond to a cyberattack on its communications, financial or power networks, a panel of scientists and policy advisers warned Wednesday, and the country needs to clarify both its offensive capabilities and how it would respond to such attacks. The report, based on a three-year study by a panel assembled by the National Academy of Sciences, is the first major effort to look at the military use of computer technologies as weapons. The potential use of such technologies offensively has been widely discussed in recent years, and disruptions of communications systems and Web sites have become a standard occurrence in both political and military conflicts since 2000. The report, titled ?Technology, Policy, Law, and Ethics Regarding U.S. Acquisition and Use of Cyberattack Capabilities,? concludes that the veil of secrecy that has surrounded cyberwar planning is detrimental to the country?s military policy. The report?s authors include Adm. William A. Owens, a former vice chairman of the joint chiefs of staff; William O. Studeman, former deputy director of the Central Intelligence Agency; and Walter B. Slocombe, former under secretary of defense for policy. Scientists and cyberspecialists on the panel included Richard L. Garwin, an I.B.M. physicist. Admiral Owens said during a news conference in Washington on Wednesday that the notion of ?enduring unilateral dominance in cyberspace? by the United States is not realistic in part because of the low cost of the technologies required to mount attacks. He also said the idea that offensive attacks wre ?nonrisky? military options was not correct. In the United States, the offensive use of cyberweapons is a highly classified military secret. There have been reports going back to the 1990s that United States intelligence agencies have mounted operations in which electronic gear was systematically modified to disrupt the activities of an opponent or for surveillance purposes. But these activities have not been publicly acknowledged by the government. The report concludes that the United States should create a public national policy regarding cyberattacks based on an open debate on the issues. The authors also call on the United States to find common ground with other nations on cyberattacks to avoid future military crises. The authors point to a Pentagon statement on military doctrine issued in 2004, indicating that the United States might respond to a cyberattack with the military use of nuclear weapons in certain cases. ?For example,? the Pentagon National Military Strategy statement says, ?cyberattacks on U.S. commercial information systems or attacks against transportation networks may have a greater economic or psychological effect than a relatively small release of a lethal agent.? Pentagon and military officials confirmed that the United States reserved the option to respond in any way it chooses to punish an adversary responsible for a catastrophic cyberattack. While the range of options could include the use of nuclear weapons, officials said, such an extreme counterattack was hardly the most likely response. ?The United States reserves the right to respond to intrusions into government, military and national infrastructure information systems and networks by nations, terrorist groups or other adversaries in a manner it deems appropriate,? said one senior Pentagon official. Another senior Pentagon official added, ?While the United States would always reserve the right to respond appropriately to defend the nation and its citizens, this kind of scenario is extremely speculative and requires an enormously vivid imagination.? The two officials spoke on the condition of anonymity because of the highly classified nature of planning for cyber and nuclear warfare. Both officials emphasized that in American military planning, there are only rare instances when any specific option would be declared off- limits in advance. This effort to specifically project a lack of clarity is viewed as important to keeping an adversary uncertain of the severity of an American counterattack. Introducing that uncertainty into the thinking of an adversary?s government and military has historically been an essential element of deterrence, whether traditional nuclear deterrence or today?s cyberwar planning. For example, during the cold war, when the Soviet Union and its Warsaw Pact allies stationed an overwhelming conventional force in Central Europe, American planners were never certain that NATO?s tanks and artillery could hold back the Soviet-led armor if an offensive was begun across the Fulda Gap in Germany. Thus, the United States never declared that it would be bound to respond to a Soviet and Warsaw Pact conventional invasion with only American and NATO conventional forces. The fear of escalating to a nuclear conflict was viewed as a pillar of stability and is credited with helping deter the larger Soviet-led conventional force throughout the cold war. Introducing the possibility of a nuclear response to a catastrophic cyberattack would be expected to serve the same purpose. From rforno at infowarrior.org Thu Apr 30 12:39:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Apr 2009 08:39:17 -0400 Subject: [Infowarrior] - Irish proposing crime of "blasphemous libel" Message-ID: <7121D058-BE9F-4BAB-B142-DE770F1C8514@infowarrior.org> Crime of blasphemous libel proposed for Defamation Bill http://www.irishtimes.com/newspaper/frontpage/2009/0429/1224245599892.html * Economy to shrink by 9.2% this year, says ESRI * Tests on four Irish negative as swine flu cases increase CAROL COULTER, Legal Affairs Editor A NEW crime of blasphemous libel is to be proposed by the Minister for Justice in an amendment to the Defamation Bill, which will be discussed by the Oireachtas committee on justice today. At the moment there is no crime of blasphemy on the statute books, though it is prohibited by the Constitution. Article 40 of the Constitution, guaranteeing freedom of speech, qualifies it by stating: ?The State shall endeavour to ensure that organs of public opinion, such as the radio, the press, the cinema, while preserving their rightful liberty of expression, including criticism of Government policy, shall not be used to undermine public order or morality or the authority of the State. ?The publication or utterance of blasphemous, seditious, or indecent material is an offence which shall be punishable in accordance with law.? Last year the Oireachtas Committee on the Constitution, under the chairmanship of Fianna F?il TD Se?n Ardagh, recommended amending this Article to remove all references to sedition and blasphemy, and redrafting the Article along the lines of article 10 of the European Convention on Human Rights, which deals with freedom of expression. The prohibition on blasphemy dates back to English law aimed at protecting the established church, the Church of England, from attack. It has been used relatively recently to prosecute satirical publications in the UK. In the only Irish case taken under this article, Corway -v- Independent Newspapers, in 1999, the Supreme Court concluded that it was impossible to say ?of what the offence of blasphemy consists?. It also stated that a special protection for Christianity was incompatible with the religious equality provisions of Article 44. Minister for Justice Dermot Ahern proposes to insert a new section into the Defamation Bill, stating: ?A person who publishes or utters blasphemous matter shall be guilty of an offence and shall be liable upon conviction on indictment to a fine not exceeding ?100,000.? ?Blasphemous matter? is defined as matter ?that is grossly abusive or insulting in relation to matters held sacred by any religion, thereby causing outrage among a substantial number of the adherents of that religion; and he or she intends, by the publication of the matter concerned, to cause such outrage.? Where a person is convicted of an offence under this section, the court may issue a warrant authorising the Garda S?och?na to enter, if necessary using reasonable force, a premises where the member of the force has reasonable grounds for believing there are copies of the blasphemous statements in order to seize them. Labour spokesman on justice Pat Rabbitte is proposing an amendment to this section which would reduce the maximum fine to ?1,000 and exclude from the definition of blasphemy any matter that had any literary, artistic, social or academic merit. This article appears in the print edition of the Irish Times From rforno at infowarrior.org Thu Apr 30 13:22:55 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Apr 2009 09:22:55 -0400 Subject: [Infowarrior] - XM gripe Message-ID: This past few days I've spent a fair amount of time on the road, and much of that was listening to XM-Sirius during the business day. The question is this --is it just me or has the XM "advertising" gotten horribly repetative, especially on news channels? I mean, how many times in an hour can a person listen to (the same) promo for Howard Stern or horribly-produced-and-read commercials from the Nevada Incorporation Company? (Yes, I know XM Sirus is hurting for money ... but still.) Wear-down advertisements, well-produced or not, tend to backfire as a result of their sheer ability to annoy listeners and drive them away. Just a midweek micro-rant. -rick From rforno at infowarrior.org Thu Apr 30 13:28:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Apr 2009 09:28:16 -0400 Subject: [Infowarrior] - WH S&T Advisory Council Announced Message-ID: http://www.whitehouse.gov/the_press_office/President-Obama-Announces-Members-of-Science-and-Technology-Advisory-Council/ THE WHITE HOUSE Office of the Press Secretary ____________________________________________________________________________ FOR IMMEDIATE RELEASE April 27, 2009 President Obama Announces Members of Science and Technology Advisory Council WASHINGTON ? Today, during remarks at the National Academy of Sciences, President Barack Obama announced the President?s Council of Advisors on Science and Technology (PCAST). The full membership of PCAST is below. PCAST is an advisory group of the nation?s leading scientists and engineers who will advise the President and Vice President and formulate policy in the many areas where understanding of science, technology, and innovation is key to strengthening our economy and forming policy that works for the American people. President Barack Obama said, "This council represents leaders from many scientific disciplines who will bring a diversity of experience and views. I will charge PCAST with advising me about national strategies to nurture and sustain a culture of scientific innovation." PCAST will be co-chaired by John Holdren, Assistant to the President for Science and Technology and Director of the White House Office of Science and Technology Policy; Eric Lander, Director of the Broad Institute of MIT and Harvard and one of the principal leaders of the Human Genome Project; and Harold Varmus, President and CEO of Memorial Sloan-Kettering Cancer Center, former head of the National Institutes of Health and a Nobel laureate. Dr. John Holdren, the Director of the Office of Science and Technology Policy said, "This PCAST is a group of exceptional caliber as well as diversity, covering a wide range of expertise and backgrounds across the relevant science, engineering and innovation fields and sectors. The President and I expect to make major use of this extraordinary group as we work to strengthen our country?s capabilities in science and technology and bring them more effectively to bear on the national challenges we face." The membership of the President?s Council of Advisors on Science and Technology is below: Rosina Bierbaum, a widely-recognized expert in climate-change science and ecology, is Dean of the School of Natural Resources and Environment at the University of Michigan. Her PhD is in evolutionary biology and ecology. She served as Associate Director for Environment in OSTP in the Clinton Administration, as well as Acting Director of OSTP in 2000-2001. She is a member of the American Academy of Arts and Sciences. Christine Cassel is President and CEO of the American Board of Internal Medicine and previously served as Dean of the School of Medicine and Vice President for Medical Affairs at Oregon Health & Science University. A member of the US Institute of Medicine, she is a leading expert in geriatric medicine and quality of care. Christopher Chyba is Professor of Astrophysical Sciences and International Affairs at Princeton University and a member of the Committee on International Security and Arms Control of the National Academy of Sciences. His scientific work focuses on solar system exploration and his security-related research emphasizes nuclear and biological weapons policy, proliferation, and terrorism. He served on the White House staff from 1993 to 1995 at the National Security Council and the Office of Science and Technology Policy and was awarded a MacArthur Prize Fellowship (2001) for his work in both planetary science and international security. S. James Gates Jr. is the John S. Toll Professor of Physics and Director of the Center for String and Particle Theory at the University of Maryland, College Park. He is the first African American to hold an endowed chair in physics at a major research university. He has served as a consultant to the National Science Foundation, the U.S. Departments of Energy and Defense, and the Educational Testing Service and held appointments at MIT, Harvard, California Institute of Technology and Howard University. John Holdren is serving as co-chair of PCAST in addition to his duties as Director of the Office of Science and Technology Policy in the Executive Office of the President and Assistant to the President for Science and Technology. Prior to this appointment Dr. Holdren was a Professor of Environmental Policy and Director of the Program on Science, Technology, and Public Policy at Harvard University?s Kennedy School of Government. He also served concurrently as Professor of Environmental Science and Policy in Harvard?s Department of Earth and Planetary Sciences and as Director of the independent, nonprofit Woods Hole Research Center. He is a member of the National Academy of Sciences, the National Academy of Engineering, and the American Academy of Arts and Sciences, as well as a former President of the American Association for the Advancement of Science and recipient of the MacArthur Foundation Prize Fellowship. Shirley Ann Jackson is the President of Rensselaer Polytechnic Institute and former Chair of the US Nuclear Regulatory Commission (1995-1999). She is the University Vice Chairman of the U.S. Council on Competitiveness, a member of the National Academy of Engineering, fellow of the Academy of Arts and Sciences, and past President of the American Association for the Advancement of Science. Dr. Jackson was the first African American woman to earn a doctorate from MIT and chairs the New York Stock Exchange Regulation Board. Eric Lander is serving as a co-chair of PCAST. He is the Director of the Broad Institute of MIT and Harvard and Professor of Biology at MIT, Professor of Systems Biology at Harvard Medical School and member of the Whitehead Institute for Biomedical Research. He was one of the principal leaders of the Human Genome Project, recipient of the MacArthur Foundation Prize Fellowship and is a member of both the National Academy of Sciences and Institute of Medicine. Richard Levin has served as President of Yale University since 1993 and is a distinguished economist with interests in industrial organization, the patent system, and the competitiveness of American manufacturing industries, including industrial research and development, intellectual property, and productivity. He is a leader in US-China cooperation, in research and education, and is a member of the American Academy of Arts and Sciences. Chad Mirkin is Professor of Materials Science and Engineering, Chemistry, and Medicine at Northwestern University, as well as Director of Northwestern's International Institute of Nanotechnology. He is a leading expert on nanotechnology, including nano-scale manufacturing and applications to medicine. Awarded the Feynman Prize in Nanotechnology in 2002, he is one of the top-cited researchers in nano-medicine, as well as one of the most widely cited chemists. Mario Molina is a Professor of Chemistry and Biochemistry at the University of California, San Diego and the Center for Atmospheric Sciences at the Scripps Institution of Oceanography, as well as Director of the Mario Molina Center for Energy and Environment in Mexico City. He received the Nobel Prize in Chemistry in 1995 for his role in elucidating the threat to the Earth's ozone layer of chlorofluorocarbon gases. The only Mexican-born Nobel laureate in science, he served on PCAST for both Clinton terms. He is a member of both the National Academy of Sciences and the Institute of Medicine. Ernest J. Moniz is a Professor of Physics and Engineering Systems, Director of the Energy Initiative, and Director of the Laboratory for Energy and the Environment at MIT. His research centers on energy technology and policy, including the future of nuclear power, coal, natural gas, and solar energy in a low-carbon world. He served as Under Secretary of the Department of Energy (1997-2001) and Associate Director for Science in the White House Office of Science and Technology Policy (1995-1997). Craig Mundie is Chief Research and Strategy Officer at Microsoft Corporation. He has 39 years of experience in the computer industry, beginning as a developer of operating systems. Dr. Mundie co-founded and served as CEO of Alliant Computer Systems. William Press is Professor of Computer Sciences at the University of Texas at Austin, has wide-ranging expertise in computer science, astrophysics, and international security. A member of the US National Academy of Sciences, he previously served as Deputy Laboratory Director for Science and Technology at the Los Alamos National Laboratory from 1998 to 2004. He is a Professor of Astronomy and Physics at Harvard University and a former member of the Harvard- Smithsonian Center for Astrophysics (1982-1998). Maxine Savitz is retired general manager of Technology Partnerships at Honeywell, Inc and has more than 30 years of experience managing research, development and implementation programs for the public and private sectors, including in the aerospace, transportation, and industrial sectors. From 1979 to 1983 she served as Deputy Assistant Secretary for Conservation in the US Department of Energy. She currently serves as vice-president of the National Academy of Engineering. Barbara Schaal is Professor of Biology at Washington University in St Louis. She is a renowned plant geneticist who has used molecular genetics to understand the evolution and ecology of plants, ranging from the US Midwest to the tropics. Dr Schaal serves as Vice President of the National Academy of Sciences, the first woman ever elected to that role. Eric Schmidt is Chairman and CEO of Google Inc. and a member of the Board of Directors of Apple Inc. Before joining Google, Dr. Schmidt served as Chief Technology Officer for Sun Microsystems and later as CEO of Novell Inc. Daniel Schrag is the Sturgis Hooper Professor of Geology in the Department of Earth and Planetary Sciences at Harvard University and Professor of Environmental Science and Engineering in the School of Engineering and Applied Sciences. He is also Director of the Harvard University-wide Center for Environment. He was trained as a marine geochemist and has employed a variety of methods to study the carbon cycle and climate over a wide range of Earth?s history. Awarded a MacArthur Prize Fellowship in 2000, he has recently been working on technological approaches to mitigating future climate change. David E. Shaw is the chief scientist of D. E. Shaw Research, LLC, where he leads an interdisciplinary research group in the field of computational biochemistry. He is the founder of D. E. Shaw & Co., a hedge fund company. Dr. Shaw is a former member of PCAST under President Clinton and a member of the executive committee of the Council on Competitiveness, where he co-chairs the steering committee for the Council?s federally funded High-Performance Computing Initiative. He is a fellow of the American Academy of Arts and Sciences and serves on the Computer Science and Telecommunications Board of the National Academies. Harold Varmus is the President and CEO of Memorial Sloan-Kettering Cancer Center and co-chair of PCAST. Dr. Varmus served as the Director of the National Institutes of Health from 1993 to 1999 and in 1989 was the co-recipient of the Nobel Prize for Physiology or Medicine for his pioneering studies of the genetic basis of cancer. He is a member of the National Academy of Sciences and Institute of Medicine and recipient of the National Medal of Science. Ahmed Zewail is Professor of Chemistry and Physics at Caltech and Director of the Physical Biology Center. Dr. Zewail was awarded the Nobel Prize in Chemistry in 1999 for his pioneering work that allowed observation of exceedingly rapid molecular transformations. He is an Egyptian-American, widely respected not only for his science but also for his efforts in the Middle East as a voice of reason. Dr. Zewail is a member of the National Academy of Sciences, and postage stamps have been issued to honor his contributions to science and humanity. From rforno at infowarrior.org Thu Apr 30 18:28:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Apr 2009 14:28:41 -0400 Subject: [Infowarrior] - Disney gets stake in Hulu Message-ID: <8A36E897-51E0-4602-9F58-58EFA3E3CC74@infowarrior.org> Disney gets stake in Hulu, adds shows http://www.electronista.com/articles/09/04/30/disney.joins.hulu/ Disney this morning said it has obtained an equity stake in Hulu. The deal, which puts three Disney executives on the Hulu board, gives the studio equal influence along with original founders NBC Universal and News Corp. (Fox) in addition to the ability to publish content on the streaming web video service. Most of its initial lineup will center on current and back-catalog TV shows from ABC and Disney, such as Lost and Dancing with the Stars, but should also include "popular library titles" from Walt Disney Studios. The deal represents the first instance of 3 major US TV studios offering full-length streaming content on a single site and comes just after Hulu has already become one of the top video sites online, taking third place behind YouTube and a Fox-specific site with 380 million clips viewed each month. CBS is the only major broadcaster not yet involved. Disney's step also serves as one of the first distinct moves to offer its TV lineup outside of its own ABC.com streaming site or else through pay-to-play services like iTunes. Apple chief Steve Jobs sits on Disney's board of directors and so has a potential conflict of interest, though it's not mentioned whether Jobs was at all involved in deciding on the Hulu stake. From rforno at infowarrior.org Thu Apr 30 18:58:19 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Apr 2009 14:58:19 -0400 Subject: [Infowarrior] - The Cyber Defense Perimeter Message-ID: The Cyber Defense Perimeter Defense contractors are receiving classified information on hacker threats to their computers. by Shane Harris Saturday, May 2, 2009 http://www.nationaljournal.com/njmagazine/id_20090502_5834.php In response to an unprecedented wave of attacks on the Defense Department's computer networks, and possible theft of information about U.S. weapons systems by foreign governments, the Pentagon has quietly begun sharing classified intelligence about hackers and online threats with the country's biggest defense contractors. The intelligence-sharing program began almost two years ago, after top Pentagon leaders realized that hackers were trying to steal information not just by breaking into government computers but also by going after corporations that contract with the government. These private computers and networks often contain the same sensitive and classified information found in the government's systems. The new intelligence partnership, which has not been previously reported, is known as the Defense Industrial Base initiative, or "the DIB." The department formally launched the program in September 2007, but it took a year to work out a legal arrangement by which the contractors and the government could confidentially share information. In mid-2008, the effort ramped up after what was described as a hair- raising meeting in a secured facility at the Pentagon in which officials gave temporary security clearances to chief executives from the biggest defense firms and delivered a no-holds-barred briefing on the range of successful cyberattacks launched against the government and their companies. The executives "went in with dark hair and came out with white hair," said James Lewis, a prominent cyber-security expert and a fellow at the Center for Strategic and International Studies, who is familiar with the meeting. "I think that was a shocker for most people." Weaknesses in corporate defenses can threaten top government secrets. Last month, The Wall Street Journal reported that cyber-spies targeted companies helping to build the Joint Strike Fighter and stole design information that could make it easier for adversaries to defend against the airplane. The paper reported that the breaches began as early as 2007 and perhaps continued into 2008, a period that generally coincides with the intelligence-sharing program's start-up. Since then, Pentagon leaders have met with "the highest levels of all the different companies" in the defense industrial base, a senior Defense official told National Journal. Former Deputy Defense Secretary Gordon England "took this as a top priority, and he made sure that we got the highest levels of all the companies aware of the cyber-threat and the whole circumstances around it," said Robert Lentz, the deputy assistant Defense secretary who oversees the intelligence-sharing partnership. According to a dozen industry and government officials interviewed by NJ, the pilot DIB has been running largely unnoticed. It is restricted to companies in the defense sector. But the White House has received a proposal to expand the program to other economic sectors that are at risk of cyberattack, such as the electrical power and financial services industries. In written recommendations to Melissa Hathaway, President Obama's cyber-security adviser, the Intelligence and National Security Alliance, a nonpartisan association of intelligence professionals, called the Pentagon's program a "fledgling effort" that "should be fully supported." The group's former chairman, John Brennan, is Obama's top counter-terrorism and homeland-security adviser. The Pentagon is working with the Homeland Security Department to broaden the model for other vital infrastructure sectors, Lentz said. The program has worked out a consistent, if not real-time, process for sharing cyber-intelligence. Every two weeks, the Defense Department briefs the 30 companies participating in the DIB on potential vulnerabilities in computer networks, as well as on specific threats that the government has found in the course of its regular scouting in cyberspace. Experts cull the data from a number of intelligence and military organizations, Lentz said, including the Joint Task Force- Global Network Operations, which is responsible for protecting military computer networks, and the National Security Agency's Threat Operations Center, which monitors global communications networks for threats to defense and intelligence agencies. The information comes in two forms, Lentz said: an unclassified report that executives can share with the technicians who manage their networks, and a classified report of "contextual information" that the firms can use to protect themselves. The Defense Department has a compelling interest in protecting the data on its contractors' systems. "This is DOD information that is at risk," Lentz said. The companies may own their networks, but the information traveling on them belongs to the government and is considered a vital national defense asset. Lentz declined to specify what threats have turned up or what attacks have occurred. But he said that the senior-level attention at the Pentagon was triggered by a notable increase in attacks. "In the past 18 months, we've seen a significant spike in cyber-criminal activity," he said. A significant portion of that activity appears to be cyber-espionage -- the theft of restricted information through the Internet. Senior defense and intelligence officials have been sounding the alarm for several months about -espionage by computers based in China. They've also singled out organized cyber-crime rings in Russia. In an interview with NJ last year, Joel Brenner, the nation's top counter- intelligence official, named both countries as major sources of sophisticated and relentless cyberattacks. Corporations are reluctant to confirm that they are part of the DIB initiative, and Lentz wouldn't give any names. But sources familiar with the membership say that it includes the top tier of defense contractors, and that smaller companies are joining the group as well. Officials with Raytheon and Northrup Grumman confirmed that their companies are members. It's not surprising that some contractors want to remain silent. Some executives fear that hackers will only try harder to breach their systems if they know that their networks contain information so valuable that the military and the intelligence community are helping to protect it, according to one industry official who works with the DIB. The program is not classified, but it has created a forum in which contractors feel safe enough to disclose weaknesses in their defenses without fear of inviting attack or drawing public attention. Historically, corporate leaders have been loathe to share this kind of information with the government for fear of negative press, or because they think it will limit their opportunities to win future business. For nearly a decade, cyber-security experts have warned that the lack of consistent information-flow between government and industry has weakened overall security. "This is all about trust," Lentz said of the DIB, "and all about a mutual understanding of the consequences of not taking immediate action to find out what's causing a particular event." The program is not a one-way street. In addition to the regular threat reports that contractors receive from government, they are expected to report any intrusions into their systems within 72 hours of the event, Lentz said. That information goes to a Defense Department cyber- forensics team that specializes in tracing the source of an attack and learning how it was done. "When we determine that someone is trying to attack our networks ... we'll report that very quickly," said Steve Hawkins, vice president of information security solutions at Raytheon. "The government in turn can then provide that information out to the other partners." Although participants say that the new partnership was not spawned by one particular incident, its birth closely followed a June 2007 attack on Pentagon computer systems that surprised senior officials for its breadth and severity. As first reported in September 2007 by the Financial Times, the Chinese military hacked into a Pentagon computer network three months earlier, in what U.S. officials called "the most successful cyberattack on the U.S. Defense Department." The attack showed an alarming level of sophistication and precision. "China had shown it could disrupt systems at critical times," the newspaper reported. In September 2007, Forbes reported, "the same spies may have been combing through the computer systems of major U.S. defense contractors for more than a year." That same month, the DIB initiative took shape. The Defense Department was not reacting to an isolated event, Lentz emphasized. "We've been very much concerned about ... the breadth of the cyber-movement in terms of their aggressiveness, their skills sets," he said, calling cyberspace "increasingly volatile" Lewis of CSIS, who directed a comprehensive cyber-security study for the Obama administration, agreed that the threat was, and is, pervasive and persistent. "It wasn't that we got wacked by a two-by- four; we were getting wacked by a two-by-four every week." From rforno at infowarrior.org Thu Apr 30 23:29:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Apr 2009 19:29:41 -0400 Subject: [Infowarrior] - How Powerful Are the Pentagon's Hackers? Message-ID: <7B79FB1B-6A6E-4EF2-AB33-F3C8D8F3A210@infowarrior.org> http://blogs.sciencemag.org/scienceinsider/2009/04/how-powerful-ar.html April 30, 2009 How Powerful Are the Pentagon's Hackers? The National Research Council stepped into the shadowy world of cyberwarfare this week, issuing a call for open discussion of the Pentagon's efforts to build computer viruses or other novel weapons to infect or destroy an adversary's computers. According to the NRC panel, the "cyberattack capabilities" of the United States are probably more powerful than "the most sophisticated cyberattacks perpetrated by cybercriminals." This is a good thing, says Admiral William Owens, a former vice chair of the Joint Chiefs of Staff, who co-chaired the NRC panel. According to Owens, attacking foreign computers is "a very important capability." But he also warned of dangers stemming from widespread secrecy and ignorance surrounding the nation's cyberarsenal. Most civilian policymakers and senior military leaders, he says, don't fully understand how attacks on computers are carried out and probably don't understand the risks involved. In the early stages of a conflict, he says, "it may be considered just a little too easy" to sabotage an adversary's power grid or telecommunications with software, instead of with explosives. But the risks, in fact, may be similar: "Cyberattacks are not of lesser significance simply because they target computers." He compared the current situation to the relative silence surrounding nuclear strategy in the 1950s. Herman Kahn set off a wider public discussion with his book On Thermonuclear War in 1960, which forced policymakers and military leaders to think more clearly about the consequences of using nuclear weapons. The country should be having a similar discussion, he says, about cyberwarfare. The report recommends that foundations and the U.S. government support academic research on cyberconflict, just as they have on nuclear, biological, and chemical warfare. It also recommends that Congress require a periodic accounting of cyberattacks that the nation's military and intelligence services have carried out. The Pentagon may be surreptitiously trying to enter computers in Iran and sabotage that country's uranium enrichment program. ?Dan Charles From rforno at infowarrior.org Thu Apr 30 23:32:15 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Apr 2009 19:32:15 -0400 Subject: [Infowarrior] - Cybersecurity Review Sets Turf Battle Message-ID: * MAY 1, 2009 Cybersecurity Review Sets Turf Battle http://online.wsj.com/article/SB124113159891774733.html By SIOBHAN GORMAN WASHINGTON -- President Barack Obama's cybersecurity review has ignited turf battles inside the White House, with economic adviser Lawrence Summers weighing in to prevent what he sees as a potential threat to economic growth, according to people familiar with the deliberations. During the presidential campaign, Mr. Obama said he would appoint a cybersecurity adviser who would report directly to him on efforts to secure U.S. computer networks against spies, criminals and terrorists. However, a White House review of cybersecurity policy has produced spirited debate on how high the adviser should rank and who should have veto power over his or her moves. Mr. Summers is arguing that his National Economic Council should "co- lead" the issue with the National Security Council, which was originally envisioned as housing the cybersecurity office, people familiar with the debate said. NSC officials, including Deputy National Security Adviser John Brennan, argue that cybersecurity is fundamentally a national-security issue. They say the cybersecurity post should be part of the NSC and have authority to make decisions after consulting with other White House branches. James Lewis, a cybersecurity specialist who has met with the review team, said the debate points to the trade-off between security and innovation. Mr. Summers's council, joined by the White House Office of Science and Technology Policy, worries that overactive regulation could tie companies in red tape and hamper an economic recovery. Melissa Hathaway, who is leading the White House review, has argued publicly for a strong White House role in cybersecurity, but has shied away from specifics. "The White House must lead the way forward with leadership that draws upon the strength, advice and ideas of the entire nation," she told a cybersecurity conference last week. A recent draft of the White House review team's report said the cyber policy adviser would coordinate efforts with the National Economic Council and the science and technology office, said one industry expert working with the government on cybersecurity. "Think of a car with three steering wheels," Mr. Lewis said. Mr. Summers's staff is also seeking to edit the report's language about vulnerabilities of financial institutions to play down the threat to banks, arguing that undue alarm would threaten economic growth, said one person close to the drafting. Officials in the science and technology office say it has the authority to protect communications infrastructure in an emergency and craft technology policy. Officials at the NSC and the science and technology office declined to comment. A representative of Mr. Summers referred questions to the NSC. "They're looking for a way to make sure economic concerns are met, but without diffusing authority the way it was" before, Mr. Lewis said. Congress is moving ahead on cybersecurity. On Thursday, the chairmen of the House and Senate homeland security committees introduced legislation to require the Federal Energy Regulatory Commission to set cybersecurity standards for power companies and to allow it to issue emergency orders if a cyber threat is imminent. The bill also mandates an investigation of federal electric infrastructure to see whether it has been compromised. That measure followed two others introduced earlier this week on the electric grid and a proposed White House cybersecurity office. Cybersecurity experts say they expect some version of these or related bills to become law. Write to Siobhan Gorman at siobhan.gorman at wsj.com From rforno at infowarrior.org Thu Apr 30 23:33:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Apr 2009 19:33:49 -0400 Subject: [Infowarrior] - Federal CISOs decry excessive paperwork Message-ID: <7582B0E7-0584-4AA5-BA68-D4093624C2FF@infowarrior.org> (something i've been arguing against for YEARS.....----rf) http://www.networkworld.com/news/2009/043009-fed-ciso-survey.html Federal CISOs decry excessive paperwork By Carolyn Duffy Marsan , Network World , 04/30/2009 Sponsored by: Unnecessary paperwork and too much focus on compliance reporting are two of the biggest distractions for federal Chief Information Security Officers trying to shore up government networks from external attacks, a new survey says. Federal CISOs say they feel empowered and that agencies act on their recommendations, according to a survey that was published on Thursday. The survey is entitled ``The 2009 State of Cybersecurity from the Federal Chief Information Security Officer?s Perspective.?? But CISOs say they face organizational hurdles in bolstering network security such as the reporting requirements stemming from the 2002 Federal Information Security Management Act (FISMA). FISMA requires agencies to adopt information security programs, conduct annual reviews of these programs, and report the results to the Office of Management and Budget. ``FISMA mandates the establishment of CISOs within each cabinet-level agency. The FISMA reporting if nothing else required senior management in the federal agencies to recognize the fact that?CISOs have an important role to play,?? says Lynn McNulty, director of government affairs for survey sponsor (ISC)2 and a former federal information security official. Related Content While CISOs say FISMA has had a positive effect on federal cybersecurity efforts by requiring the establishment of their positions, 40% of those surveyed said FISMA has ``become misdirected or is a time-wasting exercise,?? the survey said. When asked to characterize the FISMA process, only 9% of respondents called the law ``a great success.?? Nearly half of the respondents ? 48% -- said the law created real but uneven improvement. Around a quarter of respondents ? 24% -- called FISMA a ``paper exercise with little upside.?? The remaining 19% said FISMA?s costs exceed its benefits. ``FISMA is generally viewed as having a positive effect?? because it gives CISOs increased visibility and budget responsibility, says David Graziano, Cisco's manager for federal security solutions. ``But there?s a dichotomy because?the FISMA report card doesn?t help them improve the security of the organization.?? With FISMA report cards, an agency is either in compliance or not in compliance at a given point in time. Survey respondents said they would prefer an approach that focuses on managing security risks in an ongoing fashion. Federal CISOs say ``continuous monitoring would be a more effective way of managing the security posture of an agency rather than annual snapshots,?? McNulty says, adding that CISOs can now deploy software tools that give them an hourly or daily view of their network security posture. What federal CISOs worry most about are external attacks. Federal CISOs were upbeat about the progress they are making against these attacks through the deployment of Einstein intrusion detection systems for monitoring Internet access points. Another positive survey finding was that 75% of federal CISOs are in favor of mandatory professional certification for their staff, as is currently required by the Defense Department. The survey of 40 federal CISOs was conducted in March by (ISC)2 and sponsored by Cisco and consulting firm Government Futures. McNulty said the survey was the first of its kind. ``We thought it was appropriate and desirable to give CISOs an independent voice and an opportunity to express their opinions,?? he said. ``We hope this will be the first of an annual survey that follows.?? All contents copyright 1995-2009 Network World, Inc. http://www.networkworld.com From rforno at infowarrior.org Thu Apr 30 23:35:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Apr 2009 19:35:24 -0400 Subject: [Infowarrior] - Can the feds buy their way to better cyber security? Message-ID: April 29, 2009 - 12:58 P.M. Can the feds buy their way to better cyber security? http://blogs.computerworld.com/can_the_feds_buy_their_way_to_better_cyber_security_0 Among the suggestions for improving federal cyber security that were proposed at a hearing by the Senate Homeland Security Committee Tuesday, one that appeared to garner a fair amount of interest from lawmakers had to do with the use of government buying power to boost security. The suggestion from Alan Paller, director of research at the Bethesda, Md.-based SANS Institute is one that is shared by several others within government and outside it as well. The basic premise is that the government which purchases over $70 billion worth of IT products a year can use its enormous buying power to force vendors to make their products more secure. Most often, cyber criminals and foreign adversaries are able to penetrate systems and networks because of common programming errors and insecure configuration issues that are pretty well understood at this point but which vendors keep repeating all the same in their products. So getting them to fix these issues before they are permitted to sell into government is a surefire way to improve security and reduce costs, says Paller. An example of where this approach has worked is the U.S. Air Force which has deployed over 500,000 desktops with a secure, standard Windows desktop configuration, Paller says. "Dozens of customers had asked Microsoft for more secure configurations and all were refused or were asked to pay large amounts of money for consulting services to develop customized settings," Paller wrote in his testimony for the Senate hearing. But because the Air Force was about to spend $500 million on Microsoft software it was able to tell Microsoft what it wanted from a security standpoint and get the vendor to bake it into their products. The result has been much more secure software and substantially lower procurement and operational costs, for the Air Force he says. The Air Force model is now being replicated across other agencies as well and there's no reason why the same approach shouldn't be used for all technology procurement by the U.S. government. The Air Force procurement has also led Microsoft to bake similar security into the products it sells to many other buyers, Paller says. The idea of using procurement as leverage for better security appeared to appeal to Sen. Susan Collins (R-Maine) who is the ranking member of the Senate Homeland Security Committee and Sen. Joe Lieberman (Ind- Conn.) who is its chair. While Lieberman found the testimony "riveting", Collins found it "very compelling" that a federal official would have to literally beg software vendors such as Microsoft to provide more secure software. She sought specific recommendations on how federal purchasing power could be used to get vendors to incorporate more security into their products and implied that this is a topic she will be looking into going forward. That is something that a lot of people are likely going to want no doubt. As security consultant David Rice says in his book Geekonomics, software products in general have had largely detectable and preventable security defects for a long time now. Yet vendors have done little to address the problems, because they have had very little incentive to do so, he says. Unlike the auto industry, there is no formal safety rating system in the software industry which consumers can use when making purchasing decisions. There also isn't a whole lot of choice actually. So consumers and business by and large have had to live with whatever it is the vendors have given them, and then forced to patch and pray later. It's the reason why some are now advocating that the government step in and use its purchasing power as a weapon to get vendors to make more secure products. The question is will it work?