From rforno at infowarrior.org Sun Mar 1 01:06:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Feb 2009 20:06:33 -0500 Subject: [Infowarrior] - Data on Obama's helicopter breached via P2P? Message-ID: <9F847F39-EDDF-4162-9338-EEFD65189163@infowarrior.org> (c/o dissent) Data on Obama's helicopter breached via P2P? by Charles Cooper http://news.cnet.com/8301-1009_3-10184558-83.html An Internet security company claims that Iran has taken advantage of a computer security breach to obtain engineering and communications information about Marine One, President Barack Obama's helicopter, according to a report by WPXI, NBC's affiliate in Pittsburgh. Tiversa, headquartered in Cranberry Township, Pa., reportedly discovered a security breach that led to the transfer of military information to an Iranian IP address, according to WPXI. The information is said to include planned engineering upgrades, avionic schematics, and computer network information. The channel quoted the company's CEO, Bob Boback, who said Tiversa found a file containing the entire blueprints and avionics package for Marine One. "What appears to be a defense contractor in Bethesda, Md., had a file- sharing program on one of their systems that also contained highly sensitive blueprints for Marine One," Boback told WPXI. Tiversa makes products that monitor the sharing of files online. A representative for the company was not immediately available for comment. Boback believes that the files probably were transferred through a peer-to-peer file-sharing network such as LimeWire or BearShare, then compromised. Charles Cooper has covered technology and business for more than 25 years. Before joining CNET News, he worked at the Associated Press, Computer From rforno at infowarrior.org Sun Mar 1 17:32:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Mar 2009 12:32:07 -0500 Subject: [Infowarrior] - RIAA suing tech investors now? Message-ID: <4DB02214-7A80-4D38-AFB1-2F1DD1FD6C7F@infowarrior.org> Sad how such lawsuits by these Hollywood cartels never get seen as "frivilous" by those arguing for tort reform. --rf Stop suing tech investors over copyright! Posted by Richard Koman @ February 27, 2009 @ 9:02 AM Ray Beckerman throws down the gauntlet on the music industry?s latest attack on technology and innovation - suing investors in tech companies, which if successful would cast a chill on the lifeblood of technology. EMI and its associated companies recently sued Seeqpod and Favtape ? and its management investors ? in a case alleging direct, vicarious, contributory copyright infringement, as well as inducing copyright infringement. < - > http://government.zdnet.com/?p=4384 From rforno at infowarrior.org Sun Mar 1 19:21:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Mar 2009 14:21:22 -0500 Subject: [Infowarrior] - You're the Star! Message-ID: <75DB6A09-686F-4A77-91BD-8AF51FA947CE@infowarrior.org> A creative, if not creepy, use of surveillance footage for profit purposes. http://www.boingboing.net/2009/02/28/amusement-park-offer.html Ehrich sez, "Alton Towers, the UK theme park and gardens (where, fun fact, my father was stationed during WWII), has an exciting offering for the whole family. They're offering to track you via RFID and sell you (what I'm assuming is) CCTV footage of your day at the park, both on and off rides. They do say 'We delete any unclaimed footage at the end of your visit so, if you don't buy your personalised DVD before you leave, the moment will be gone forever.' The program is voluntary, but it strikes me as strange that they'd ask you to pay for tracking your movements through the park. I understand that much of the footage you pay for is prerecorded. I'm not sure how much of 'you' one actually gets to see on the DVD." From rforno at infowarrior.org Sun Mar 1 19:22:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Mar 2009 14:22:38 -0500 Subject: [Infowarrior] - RIAA Sued for Fraud, Abuse and Legal Sham Message-ID: Finally!!! -rick RIAA Sued for Fraud, Abuse and Legal Sham Written by Ernesto on March 01, 2009 http://torrentfreak.com/riaa-sued-for-fraud-abuse-and-legal-sham-090301/ It?s been a rough week for the RIAA as massive layoffs are about to cost many employees their job. On top of that, the anti-piracy outfit is being sued for abusing the legal system for its war on piracy, civil conspiracy, deceptive trade practices, trespassing and computer fraud. Covering the progress in the various RIAA cases has never been one of our top priorities here at TorrentFreak. The legalese and numerous cases seem to drag on forever, or end up in a settlement where the alleged ?pirate? pays the record labels a few thousand dollars. Today?s coverage at both P2Pnet and Ray Beckerman?s blog, however, caught our eye. In what seems to be a classic David versus Goliath story, Shahanda Moursy from North Carolina has demanded a trial against three major record labels and the RIAA. Also among the defendants is Mediasentry, the company that harvests IP- addresses of alleged copyright infringers. Previously, Mediasentry?s investigation tactics were deemed illegal in several states because it operated without the appropriate and required paperwork. This is one of the many offenses being used in the present claim. Moursy is suing the RIAA and others for several offenses, but what really caught our eye is the description of the RIAA?s practices. According to the complaint the RIAA and record labels: ?[through] concerted efforts and cartels, control or attempt to control the channels of creation, distribution, and sale of musical works throughout the United States and the world. They are not artists, songwriters, or musicians. They did not write or record the songs. For a number of years, a group of large, multinational, multi- billion dollar record companies, including these [record labels], have been abusing the federal court judicial system for the purpose of waging a public relations and public threat campaign targeting digital file sharing activities. To us, this indeed seems to be a fairly accurate description, but it?s only the start. As we?ve outlined before, the RIAA tends to target the weak, and aim for an early settlement of a few thousand dollars. As part of this campaign of their sham litigation program, the [record labels] enhance the intimidation factor by actually filing suit in a number of instances with no prior warning. These suits are designed to attract media attention, and often do, as stories emerge of [record labels'] suits against the elderly, disabled, technologically clueless, and other vulnerable victims. Many of these victims have no idea how to operate a computer, let alone how to install and use peer-to-peer networking software to exchange music they would not likely be listening to anyway. But actual innocence is rarely a consideration to the [record labels]. And on top of that.. [The record labels?] litigation campaign, its preceding demands, and illegal investigations, are part of a concerted pattern of sham litigation. The [record labels'] true purpose is not to obtain the relief claimed in its sham litigation, but to intimidate, harass, and oppress the defendant targets and other users of computer networks. To many, this will all sound very familiar and it?s good to see Mrs. Moursy?s legal representatives describing the tactics of these outfits so vividly. Over the years, tens of thousands have been harassed and threatened because they allegedly downloaded music illegally, exclusively based on shoddy evidence. Justice is calling. From rforno at infowarrior.org Tue Mar 3 14:48:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Mar 2009 09:48:25 -0500 Subject: [Infowarrior] - Secret anti-terror Bush memos made public by Obama Message-ID: Secret anti-terror Bush memos made public by Obama Mar 2 04:11 PM US/Eastern By DEVLIN BARRETT Associated Press Writer http://www.breitbart.com/article.php?id=D96M4N682&show_article=1 WASHINGTON (AP) - The Justice Department on Monday released a long- secret legal document from 2001 in which the Bush administration claimed the military could search and seize terror suspects in the United States without warrants. The legal memo was written about a month after the Sept. 11 terror attacks. It says constitutional protections against unlawful search and seizure would not apply to terror suspects in the U.S., as long as the president or another high official authorized the action. Even after the Bush administration rescinded that legal analysis, the Justice Department refused to release its contents, prompting a standoff with congressional Democrats. The memo was one of nine released Monday by the Obama administration. Another memo showed that, within two weeks of Sept. 11, the administration was contemplating ways to use wiretaps without getting warrants. The author of the search and seizure memo, John Yoo, did not immediately return a call seeking comment. In that memo, Yoo wrote that the president could treat terrorist suspects in the United States like an invading foreign army. For instance, he said, the military would not have to get a warrant to storm a building to prevent terrorists from detonating a bomb. Yoo also suggested that the government could put new restrictions on the press and speech, without spelling out what those might be. "First Amendment speech and press rights may also be subordinated to the overriding need to wage war successfully," Yoo wrote, adding later: "The current campaign against terrorism may require even broader exercises of federal power domestically." While they were once important legal pillars of the U.S. fight against al-Qaida, all of the memos were withdrawn in the final days of the Bush administration. In one of his first official acts as president, Barack Obama also signed an order negating the memos' claims until his administration could conduct a thorough review. In a speech Monday, Obama's attorney general, Eric Holder said that too often in the past decade the fight against terrorism has been put in opposition to "our tradition of civil liberties." That "has done us more harm than good," he declared. "I've often said that the test of a great nation is whether it will adhere to its core values not only when it is easy but when it is hard." From rforno at infowarrior.org Tue Mar 3 14:53:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Mar 2009 09:53:30 -0500 Subject: [Infowarrior] - Government Keeping Its .Gov Domain Names Secret Message-ID: <16384F5C-8005-4A45-848D-C55CC6091353@infowarrior.org> Government Keeping Its .Gov Domain Names Secret http://www.informationweek.com/news/showArticle.jhtml?articleID=215600330 Despite a presidential promise of openness in government, GSA officials decline to release the full list for fear of cyberattack. By Thomas Claburn InformationWeek March 2, 2009 05:40 PM President Obama in January promised "an unprecedented level of openness in government." But the government has yet to get the memo. Asked in a Freedom of Information Act (FOIA) request to provide a list of the .gov domains, including the agency registering the domain, the General Services Administration declined, citing 2007 Department of Justice FOIA guidelines. The GSA claims that "release of the requested sensitive but unclassified information presents a security risk to the top level Internet domain enterprise." The decision comes despite an explicit directive by the president to agency heads in January that FOIA requests should be decided in favor of openness. "All agencies should adopt a presumption in favor of disclosure, in order to renew their commitment to the principles embodied in FOIA, and to usher in a new era of open government," the president's memo states. "The presumption of disclosure should be applied to all decisions involving FOIA." In January, there were 4,657 .gov domains, a number that, according to the GSA, has been growing at a rate of about 10% annually for the past few years. Some 1,724 of the domains are associated with federal agencies and 2,424 are associated with cities and counties. Native American tribes have about 107. A list of .gov domains from 2002 contains 1,491 domain names. Karl Auerbach, CTO of at InterWorking Labs, an attorney, and former member of the board of directors of ICANN, characterized the government's claim that it needs to withhold the list of .gov names to protect them from cyberattack as utter nonsense. "That's the same logic that would withhold the government manual containing all the governmental people, their jobs, and phone numbers on the grounds that they might be subjected to phone calls or postal letters that contain dangerous contents," he said in an e-mail. "The proper answer is that the government should armor itself against attacks and not to try to hide from its citizens." Auerbach added that if the government believes public awareness of domain names represents a security risk, it also should be concerned about attacks on private domain names. Yet, he said, the government requires everyone in the United States who buys an Internet domain to have his or her name, address, phone number, and e-mail published in the Whois database, which is accessible to people all over the world. "It's a puzzling argument, and maybe also an insulting one," said Steven Aftergood, director of the Federation of American Scientists' Project on Government Secrecy, in an e-mail. "Withholding a list of .gov domains does nothing to diminish the threat of cyberattacks. Instead, it tends to concentrate that threat on domains that are publicly known." Cricket Liu, VP of architecture at Infoblox, an Internet infrastructure management company, agrees that security through obscurity won't work. "DNS is a public, worldwide naming system," he said in an e-mail. "If a subdomain of .gov is used at all on the Internet, there's some evidence of it. Even if the subdomain isn't visible at all on the Internet, the fact that it's hidden doesn't improve the security of hosts in that subdomain." Frank Hayes, senior VP of marketing at Nitro Security, said security through obscurity "is not necessarily something that we'd recommend to implement solely." He added, "A lot of times, it's just policy to try to keep those things secret." He speculated that some .gov sites might only allow traffic from whitelisted sites and that publication of those domain names might undermine that strategy. Another possible reason for the government's reluctance to reveal the list of .gov domains might be that the GSA, which administers the .gov domain, has come under fire for allowing government domains to be politicized and for allowing exceptions to the naming policy for .gov domains. Aftergood said he thinks there's a good chance that a court would overturn the GSA's decision. "But the move illustrates the temptation of secrecy for some government officials," he said. "It's their first instinct." From rforno at infowarrior.org Tue Mar 3 15:11:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Mar 2009 10:11:57 -0500 Subject: [Infowarrior] - OT: AMEX, Chase Cut Card Limits, Lowering Credit Scores Message-ID: Talk about a catch-22 with the consumer (many of whom are responsible) in the middle. --rf American Express, Chase Cut Card Limits, Lowering Credit Scores http://www.bloomberg.com/apps/news?pid=20601087&sid=adCwmmkzFI3U&refer=home By Alexis Leondis March 3 (Bloomberg) -- Wayne Brown has a dilemma. If he reduces his credit-card balance, American Express Co. will cut his credit limit to the amount of the new balance, he said. If he doesn?t make a big payment, his interest rate may skyrocket. The credit limits on Brown?s cards have been lowered, which has raised his debt relative to his available credit. This so- called utilization rate is a key factor in determining credit scores. Brown, a 58-year- old construction company owner in San Diego, has seen his credit score drop to 650 from 760 over the past 13 months. ?Interest rates on all of my cards are going up now and my minimum payments are almost doubling because it looks like I?ve maxed out my cards,? said Brown, who uses credit cards to fund his home-building company. ?It?s a Catch-22.? About 45 percent of U.S. banks reduced credit limits for new or existing credit-card customers in the fourth quarter of 2008, according to a Federal Reserve January survey of senior loan officers. Financial institutions may slash $2 trillion in credit- card lines in the next 18 months, Meredith Whitney, a former Oppenheimer & Co. analyst, wrote in a Nov. 30 report. ?You?re no longer immune if you have good credit,? said Curtis Arnold, the founder of CardRatings.com, a Web site that reviews credit cards. ?The issuers hold the cards, literally.? Credit-card issuers such as New York-based American Express, Citigroup Inc. and JPMorgan Chase & Co. have cut credit limits to guard against risk and prevent delinquency and charge- off rates from increasing, said Arnold, who is based in Little Rock, Arkansas. Charge-offs are loans the banks don?t expect to be repaid and were 7.1 percent on average in January compared with 4.6 percent a year earlier, according to data compiled by Bloomberg. Pay Off Balances If credit-card limits are decreased, consumers should pay off balances as quickly as possible, consider making online payments before the monthly statement arrives to reduce debt and weigh transferring balances to a card with a lower rate, said Jeff Blyskal, a senior editor of Consumer Reports. Blyskal, who is based in San Francisco, said consumers should beware of teaser rates and high fees when transferring balances. ?Don?t cancel the card to spite the card company because you?ll just hurt your own credit,? said Emily Peters, San Francisco-based personal finance expert at consumer Web Site credit.com. Cardholders will damage their credit history if they cancel an older account and lose the available credit on that card, she said. Credit- score companies look at the total amount of debt relative to credit limits on all credit cards when evaluating scores. $300 Offer American Express, the largest U.S. credit-card company by purchases, is offering $300 to some customers if they pay their balances in full by April 30 to reduce the risk of defaults. Chase increased the minimum payment to 5 percent from 2 percent for certain borrowers with large balances, Capital One Financial Corp. increased the rates for new customers on fifteen cards and Citigroup and Bank of America Corp. began charging a 3 percent fee for all transactions made outside the U.S. in U.S. dollars, according to Bill Hardekopf, chief executive officer of LowCards.com, a Web site that compares the rates of almost 1,100 credit cards. Consumers are falling behind on credit-card payments as U.S. unemployment reached 7.6 percent in January, the highest rate since 1992. Charge-Off Rates American Express?s charge-off rates of loans rose to 8.29 percent in January from 7.23 percent a month earlier, a 15 percent increase, based on Bloomberg data. Chase?s charge-off rates increased to 5.94 percent from 5.32 percent, a 12 percent jump. Desiree Fish, a spokeswoman for American Express, said consumers? overall debt levels relative to their financial resources is the primary factor for any credit-limit reduction. She declined to comment on the specifics of Brown?s case. Citigroup is lowering credit limits because of the market environment and deterioration of consumer credit, said Samuel Wang, a spokesman for Citigroup. Gordon Smith, JPMorgan?s chief executive officer of card services, said at an investor-day presentation on Feb. 26 Chase decreased credit lines or closed accounts in 2008 totaling $129 billion. Credit lines to new and existing customers were increased by $107 billion in 2008, Smith said. Cardholders most likely to see credit limits slashed have large balances, delinquent payments or recent dips in credit scores, said Arnold of CardRatings.com. Consumers who don?t use their cards very often may also see limits cut because they aren?t profitable for issuers, said Peters of credit.com. No Advance Notice Critz George, a retired nuclear engineer and physicist in Albuquerque, New Mexico, said he had three Chase cards and one Citibank card closed because of inactivity, without advance notice. George, 71, said he fears having four lines of credit closed will lower his credit score. ?I feel like it was an arbitrary and capricious decision because I have paid in full and on-time for the last 20 years,? he said. Brown, who is a mortgage broker is addition to his construction business, said he was always careful to keep his balance at one-third of the limit. He said the reduced credit limits on his American Express and Bank of America cards have made that impossible. ?I?m angry because I?ve always been proud of my credit history and now it?s gone to hell, not because of something I?ve done.? To contact the reporter on this story: Alexis Leondis in New York aleondis at bloomberg.net . From rforno at infowarrior.org Tue Mar 3 19:44:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Mar 2009 14:44:50 -0500 Subject: [Infowarrior] - EFF's SSD project Message-ID: <3F724899-3C10-44EB-8110-0CA1C3E5AC5E@infowarrior.org> The SSD Project https://ssd.eff.org/ The Electronic Frontier Foundation (EFF) has created this Surveillance Self-Defense site to educate the American public about the law and technology of government surveillance in the United States, providing the information and tools necessary to evaluate the threat of surveillance and take appropriate steps to defend against it. Surveillance Self-Defense (SSD) exists to answer two main questions: What can the government legally do to spy on your computer data and communications? And what can you legally do to protect yourself against such spying? After an introductory discussion of how you should think about making security decisions ? it's all about risk management ? we'll be answering those two questions for three types of data: First, we're going to talk about the threat to the data stored on your computer posed by searches and seizures by law enforcement, as well as subpoenas demanding your records. Second, we're going to talk about the threat to your data on the wire ? that is, your data as it's being transmitted ? posed by wiretapping and other real-time surveillance of your telephone and Internet communications by law enforcement. Third, we're going to describe the information about you that is stored by third parties like your phone company and your Internet service provider, and how law enforcement officials can get it. In each of these three sections, we're going to give you practical advice about how to protect your private data against law enforcement agents. In a fourth section, we'll also provide some basic information about the U.S. government's expanded legal authority when it comes to foreign intelligence and terrorism investigations. Finally, we've collected several articles about specific defensive technologies that you can use to protect your privacy, which are linked to from the other sections or can be accessed individually. So, for example, if you're only looking for information about how to securely delete your files, or how to use encryption to protect the privacy of your emails or instant messages, you can just directly visit that article. Legal disclaimer: This guide is for informational purposes only and does not constitute legal advice. EFF's aim is to provide a general description of the legal and technical issues surrounding you or your organization's computer and communications security, and different factual situations and different legal jurisdictions will result in different answers to a number of questions. Therefore, please do not act on this legal information alone; if you have any specific legal problems, issues, or questions, seek a complete review of your situation with a lawyer licensed to practice in your jurisdiction. < - > https://ssd.eff.org/ From rforno at infowarrior.org Wed Mar 4 01:15:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Mar 2009 20:15:32 -0500 Subject: [Infowarrior] - Genachowski Nominated to Chair FCC Message-ID: Julius Genachowski Nominated to Chair FCC Cecilia Kang http://voices.washingtonpost.com/posttech/?hpid=topnews President Obama announced today the nomination of his technology adviser and law school friend Julius Genachowski to head the Federal Communications Commission, the government's regulatory body in charge of telecommunications, media, and Internet policy. Genachowski will take over the FCC at a time of sweeping technological change with the convergence of high-speed Internet, wireless technology, media and entertainment. The FCC is also poised to take on a greater role with the administration's plans to pour $8 billion into new high-speed Internet networks in rural areas. In a prepared statement, Obama highlighted Genachowski's business experience. He is a venture capitalist and has served as an executive to Barry Dillar's IAC/InterActive. "He will bring to the job diverse and unparalleled experience in communications and technology, with two decades of accomplishment in the private sector and public service," Obama said. The president also highlighted Genachowski's personal experiences. "I know him as the son of immigrants who carries a deep appreciation for this country and the American dream; and as the proud father of three children working with his wife Rachel to be responsible parents in this digital age." Genachowski was widely expected to be named FCC chairman, having had a key role in writing Obama's technology plan that included high-speed Internet availability to rural and underserved areas. From rforno at infowarrior.org Thu Mar 5 13:44:15 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Mar 2009 08:44:15 -0500 Subject: [Infowarrior] - Fed Refuses to Release Bank Lending Data Message-ID: <38A4C0E5-544D-4BA4-BE3B-FF72E0963023@infowarrior.org> Fed Refuses to Release Bank Lending Data, Insists on Secrecy By Mark Pittman http://www.bloomberg.com/apps/news?pid=washingtonstory&sid=aG0_2ZIA96TI March 5 (Bloomberg) -- The Federal Reserve Board of Governors receives daily reports on loans to banks and securities firms, the institution said in response to a Freedom of Information Act lawsuit filed by Bloomberg News. The Fed refused yesterday to disclose the names of the borrowers and the loans, alleging that it would cast ?a stigma? on recipients of more than $1.9 trillion of emergency credit from U.S. taxpayers and the assets the central bank is accepting as collateral. The bank provides ?select members and staff of the Board of Governors with daily and weekly reports? on Primary Dealer Credit Facility borrowing, said Susan E. McLaughlin, a senior vice president in the markets group of the Federal Reserve Bank of New York in a deposition for the Fed. The documents ?include the names of the primary dealers that have borrowed from the PDCF, individual loan amounts, composition of securities pledged and rates for specific loans.? The Board of Governors contends that it?s separate from its member banks, including the Federal Reserve Bank of New York which runs the lending programs. Most documents relevant to the Bloomberg suit are at the Federal Reserve Bank of New York, which the Fed contends isn?t subject to FOIA law. The Board of Governors has 231 pages of documents, which it is denying access to under an exemption under trade secrets. ?I would assume that information would be shared by the Fed and the New York Fed,? said U.S. Representative Scott Garrett, a New Jersey Republican. ?At some point, the demand for transparency is paramount to any demand that they have for secrecy.? Bloomberg sued Nov. 7 under the U.S. Freedom of Information Act requesting details about the terms of 11 Fed lending programs. ?Financial Crisis? The Bloomberg lawsuit said the collateral lists ?are central to understanding and assessing the government?s response to the most cataclysmic financial crisis in America since the Great Depression.? The Fed stepped into a rescue role that was the original purpose of the Treasury?s $700 billion Troubled Asset Relief Program. The central bank loans don?t have the oversight safeguards that Congress imposed upon the TARP. Total Fed lending exceeded $2 trillion for the first time Nov. 6 after rising by 138 percent, or $1.23 trillion, in the 12 weeks since Sept. 14, when central bank governors relaxed collateral standards to accept securities that weren?t rated AAA. Fed lending as of Feb. 25 was $1.92 billion. Posted Collateral Bloomberg News, a unit of New York-based Bloomberg LP, on May 21 asked the Fed to provide data on collateral posted from April 4 to May 20. The central bank said June 19 that it needed until July 3 to search documents and determine whether it would make them public. Bloomberg didn?t receive a formal response that would let it file an appeal within the legal time limit. On Oct. 25, Bloomberg filed another request, expanding the range of when the collateral was posted. It sued Nov. 7. In response to Bloomberg?s request, the Fed said the U.S. is facing ?an unprecedented crisis? in which ?loss in confidence in and between financial institutions can occur with lightning speed and devastating effects.? Fed Chairman Ben S. Bernanke and then Treasury Secretary Henry Paulson said in September they would meet congressional demands for transparency in a $700 billion bailout of the banking system. The Freedom of Information Act obliges federal agencies to make government documents available to the press and public. The Bloomberg lawsuit, filed in New York, doesn?t seek money damages. Bank Opposition Banks oppose any release of information because that might signal weakness and spur short-selling or a run by depositors, the Fed argued in its response. ?You could make everything a trade secret,? said Lucy Dalglish, executive director of the Arlington, Virginia-based Reporters Committee for Freedom of the Press. The case is Bloomberg LP v. Board of Governors of the Federal Reserve System, 08-CV-9595, U.S. District Court, Southern District of New York (Manhattan). To contact the reporters on this story: Mark Pittman in New York at mpittman at bloomberg.net . Last Updated: March 5, 2009 00:01 EST From rforno at infowarrior.org Thu Mar 5 14:58:08 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Mar 2009 09:58:08 -0500 Subject: [Infowarrior] - NSW to allow secret searches, hacking Message-ID: NSW to allow secret searches, hacking Posted Wed Mar 4, 2009 11:34am AEDT Updated Wed Mar 4, 2009 3:09pm AEDT http://www.abc.net.au/news/stories/2009/03/04/2507007.htm New South Wales Police are being given sweeping new powers to search people's homes and hack into their computers for up to three years without their knowledge. The State Government admits police have already used the measures, even though the Supreme Court ruled the practices unlawful in 2006. The Government says new legislation, to be introduced into Parliament today, will ensure police evidence collected using the practices will hold up in court. Police Minister Tony Kelly says the reforms will allow police to collect enough evidence for a prosecution without tipping off criminals. Mr Kelly says all applications for the covert search warrant will have to go before a Supreme Court judge. He says a judge would initially authorise the search to be kept secret for up to six months but police could apply for notification to be delayed for up to 18 months, or three years in exceptional circumstances. "For particularly anybody who's involved in crime or criminal activity, the police will now be able to undertake investigations and gather evidence before you know it," he said. "So anybody who's involved in serious crime, the police will now be able to get on to you, even go into your computer." Police have welcomed the new laws but Australian Council for Civil Liberties president Terry O'Gorman says they are open to abuse. "Clearly, if the police are able to search a person's home without anyone being present, the police will be in the position to plant evidence," he said. "That's a big worry. This particular announcement today extends police powers hugely without putting in any checks and balances against those powers being abused." The laws will apply to offences punishable by at least seven years' jail, including drugs and firearms offences, homicide, kidnapping, assault, money laundering, hacking, organised theft and corruption. From rforno at infowarrior.org Fri Mar 6 01:36:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Mar 2009 20:36:57 -0500 Subject: [Infowarrior] - Obama Names Federal CIO Message-ID: <648B84AD-895A-47A3-99EA-DB750DE386A2@infowarrior.org> President Obama Names Vivek Kundra Chief Information Officer http://www.whitehouse.gov/the_press_office/President-Obama-Names-Vivek-Kundra-Chief-Information-Officer/ WASHINGTON, DC ? Today, President Barack Obama named Vivek Kundra the Federal Chief Information Officer (CIO) at the White House. The Federal Chief Information Officer directs the policy and strategic planning of federal information technology investments and is responsible for oversight of federal technology spending. The Federal CIO establishes and oversees enterprise architecture to ensure system interoperability and information sharing and ensure information security and privacy across the federal government. The CIO will also work closely with the Chief Technology Officer to advance the President?s technology agenda. President Obama said, "Vivek Kundra will bring a depth of experience in the technology arena and a commitment to lowering the cost of government operations to this position. I have directed him to work to ensure that we are using the spirit of American innovation and the power of technology to improve performance and lower the cost of government operations. As Chief Information Officer, he will play a key role in making sure our government is running in the most secure, open, and efficient way possible." The following announcement was made today: Vivek Kundra, Federal Chief Information Officer Vivek Kundra formerly served in Mayor Fenty's cabinet as the Chief Technology Officer (CTO) for the District of Columbia, responsible for technology operations and strategy for 86 agencies. He has been recognized among the top 25 CTO's in the country and as the 2008 IT Executive of the Year for his pioneering work to drive transparency, engage citizens and lower the cost of government operations. Kundra is also recognized for his leadership in public safety communications, cyber security and IT portfolio management. Before Kundra came to the District, Governor Timothy M. Kaine appointed him Assistant Secretary of Commerce and Technology for the Commonwealth of Virginia, the first dual cabinet role in the state's history. Kundra's diverse record also includes technology and public policy experience in private industry and academia. He is a graduate of the University of Virginia's Sorensen Institute for Political Leadership and holds a MS in Information Technology from the University of Maryland. ## From rforno at infowarrior.org Sun Mar 8 22:16:06 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Mar 2009 18:16:06 -0400 Subject: [Infowarrior] - DHS CyberSecurity Czar Quits Amid Fears of NSA Takeover Message-ID: <54B2F45F-0BFF-4A33-BE27-0FD2D816FFED@infowarrior.org> Cyber-Security Czar Quits Amid Fears of NSA Takeover By Noah Shachtman March 06, 2009 | 11:52:14 AM http://blog.wired.com/defense/2009/03/breaking-cyber.html Rod Beckstr?m, the Department of Homeland Security's controversial cyber-security chief, has suddenly resigned amid allegations of power grabs and bureaucratic infighting. Beckstr?m ? a management theorist, entrepreneur and author ? was named last year to head up the new National Cybersecurity Center, or NCSC. To some, it seemed an odd choice since Beckstr?m isn't an expert in security. But the hope was that he could use his management skills to help coordinate the nation's often-dysfunctional network defenses. Part of the Department of Homeland Security ? for now, the government's lead agency for cyber protection ? the Center was supposed to be the one place where the defense of civilian, military and intelligence networks could all be marshaled together. At least, that was the idea. But the Center never had a chance to even start doing its job, Beckstr?m complained in a resignation letter to DHS Secretary Janet Napolitano that has been obtained by Danger Room. The Center "did not receive appropriate support" from the Department of Homeland Security to help coordinate network defenses, he said. "During the past year the NCSC received only five weeks of funding, due to various roadblocks engineered within the department and by the Office of Management and Budget." What's more, Beckstr?m said, it is a fiction that DHS is in charge of the country's cyber security. That power, he asserts, is held by the National Security Agency ? the supersecret signals intelligence service ? that "currently dominates most national cyber efforts." And that, he says, is not a good idea. *While acknowledging the critical importance of NSA to our intelligence efforts, I believe this is a bad strategy on multiple grounds. The intelligence culture is very different than a network operations of security culture. In addition, the threat to our democratic processes are significant if all top government network security and monitoring are handled by any one organization (either directly of indirectly). During my term as Director we have been unwilling to subjugate the NSCS underneath the NSA.* Last Thursday, the new Director of National Intelligence told Congress that the NSA, not Homeland Security, should be put in charge of network defense. A week and a day later, Beckstr?m told his bosses that he was through. "Rod [was] trying to get over NSA's power grab," a cyber-security source with deep government ties tells Danger Room. But in the end, Beckstr?m couldn't. "He jumped nanoseconds before being pushed." From rforno at infowarrior.org Mon Mar 9 03:21:04 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Mar 2009 23:21:04 -0400 Subject: [Infowarrior] - RAND Study Links Piracy to Gangs and Terrorists Message-ID: <2892647E-23BF-40C1-8034-ABE5EB6C4C89@infowarrior.org> MPAA Study Links Piracy to Gangs and Terrorists Written by Ben Jones on March 04, 2009 A new study by the RAND corporation has attempted to put the focus on ?movie piracy? squarely on the shoulders of terrorist groups and criminal gangs. The report, which claims to have been ?peer reviewed?, seems to show that no matter which gang, thug, or terrorist ? they all pirate movies. < - > http://torrentfreak.com/mpaa-study-links-film-piracy-to-gangs-and-terrorists-090304/ Report PDF: http://www.rand.org/pubs/monographs/2009/RAND_MG742.pdf .....from the preface on Page iii: "The study was made possible by a grant from the Motion Picture Association (MPA)" This is pretty surprising coming from RAND. :( -rick From rforno at infowarrior.org Mon Mar 9 03:23:08 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Mar 2009 23:23:08 -0400 Subject: [Infowarrior] - Google's DMCA takedowns leaving Blogger users high and dry Message-ID: Google's DMCA takedowns leaving Blogger users high and dry The Digital Millennium Copyright Act is supposed to balance the rights of copyright holders and online authors, while protecting Internet service providers from getting caught in the crossfire. But Google's policy for handling DMCA notices seems to leave bloggers with scant hope of getting improperly removed content restored. By Julian Sanchez | Last updated March 8, 2009 7:40 PM CT < - > http://arstechnica.com/tech-policy/news/2009/03/kafka-in-bloggerland-the-mysterious-world-of-the-dmca.ars From rforno at infowarrior.org Mon Mar 9 03:31:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Mar 2009 23:31:50 -0400 Subject: [Infowarrior] - Docs seek gag orders to stop patients' reviews Message-ID: Docs seek gag orders to stop patients' reviews (AP) http://tech.yahoo.com/news/ap/20090304/ap_on_hi_te/med_gagging_patients CHICAGO - The anonymous comment on the Web site RateMDs.com was unsparing: "Very unhelpful, arrogant," it said of a doctor. "Did not listen and cut me off, seemed much too happy to have power (and abuse it!) over suffering people." Such reviews are becoming more common as consumer ratings services like Zagat's and Angie's List expand beyond restaurants and plumbers to medical care, and some doctors are fighting back. They're asking patients to agree to what amounts to a gag order that bars them from posting negative comments online. "Consumers and patients are hungry for good information" about doctors, but Internet reviews provide just the opposite, contends Dr. Jeffrey Segal, a North Carolina neurosurgeon who has made a business of helping doctors monitor and prevent online criticism. Some sites "are little more than tabloid journalism without much interest in constructively improving practices," and their sniping comments can unfairly ruin a doctor's reputation, Segal said. Segal said such postings say nothing about what should really matter to patients ? a doctor's medical skills ? and privacy laws and medical ethics prevent leave doctors powerless to do anything it. His company, Medical Justice, is based in Greensboro, N.C. For a fee, it provides doctors with a standardized waiver agreement. Patients who sign agree not to post online comments about the doctor, "his expertise and/or treatment." "Published comments on Web pages, blogs and/or mass correspondence, however well intended, could severely damage physician's practice," according to suggested wording the company provides. Segal's company advises doctors to have all patients sign the agreements. If a new patient refuses, the doctor might suggest finding another doctor. Segal said he knows of no cases where longtime patients have been turned away for not signing the waivers. Doctors are notified when a negative rating appears on a Web site, and, if the author's name is known, physicians can use the signed waivers to get the sites to remove offending opinion. RateMd's postings are anonymous, and the site's operators say they do not know their users' identities. The operators also won't remove negative comments. Angie's List's operators know the identities of users and warn them when they register that the site will share names with doctors if asked. Since Segal's company began offering its service two years ago, nearly 2,000 doctors have signed up. In several instances, he said, doctors have used signed waivers to get sites to remove negative comments. John Swapceinski, co-founder of RateMDs.com, said that in recent months, six doctors have asked him to remove negative online comments based on patients' signed waivers. He has refused. "They're basically forcing the patients to choose between health care and their First Amendment rights, and I really find that repulsive," Swapceinski said. He said he's planning to post a "Wall of Shame" listing names of doctors who use patient waivers. Segal, of Medical Justice, said the waivers are aimed more at giving doctors ammunition against Web sites than against patients. Still, the company's suggested wording warns that breaching the agreement could result in legal action against patients. Attorney Jim Speta, a Northwestern University Internet law specialist, questioned whether such lawsuits would have much success. "Courts might say the balance of power between doctors and patients is very uneven" and that patients should be able to give feedback on their doctors' performance, Speta said. Angie Hicks, founder of Angie's List, said her company surveyed more than 1,000 of its consumer members last month, and most said they had never been presented with a waiver; 3 percent said they would sign one. About 6,000 doctors reviewed on the Angie's List site also were asked to comment. Only 74 responded, and about a fifth of them said they would consider using them. Lenore Janecek, who formed a Chicago-based patient-advocacy group after being wrongly diagnosed with cancer, said she opposes the waivers. "Everyone has the right to speak up," she said. While she's never posted comments about her doctors, she said the sites are one of the few resources patients have to evaluate physicians. The American Medical Association has taken no position on patient waivers, but President Dr. Nancy Nielsen has said previously that online doctor ratings sites "have many shortcomings." Online doctor reviews "should be taken with a grain of salt, and should certainly not be a patient's sole source of information when looking for a new physician," she said. Dr. Lauren Streicher, a Chicago gynecologist, got a glowing recent review on Angie's List, but also remembers a particularly snarky rating from a patient angry about getting brisk treatment after arriving 30 minutes late to her appointment. She said she sympathizes with doctors who ask patients to sign a waiver. Streicher said she has seen shoddy doctors praised online who she would not trust "to deliver my mail much less my baby." Conversely, bad reviews can destroy good doctors' careers, she said. "Are there bad doctors out there? Absolutely, but this is not a good way to figure it out," Streicher said. From rforno at infowarrior.org Mon Mar 9 13:06:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Mar 2009 09:06:18 -0400 Subject: [Infowarrior] - IBM Patent Whackiness Message-ID: <31E724A0-C0AA-42CC-ADC6-9397ED9F3A21@infowarrior.org> What's next? IBM going to patent a process to keep meeting rooms at a comfortable temperature? I'm a fan of IBM, butt his is just bizzare. --rf (c/o /.) "Within exemplary embodiments of the present invention repeating calendar event scheduling application options are implemented to support the implementation of a distraction-free meeting event. This aspect is accomplished by the calendar event invitation specifically stating that the meeting is expected to be distraction free, and as such, the acceptance of a meeting invitation would require that the meeting invitee submit to the computing system suspension requirements that are necessitated to initiate a distraction-free meeting. This meeting policy is enforced by the calendar event scheduling application being configured to effectively suspend the local activity of a computing system or incoming and outgoing communication requests that are received at the computing system. " http://appft1.uspto.gov/netacgi/nph-Parser?Sect1=PTO1&Sect2=HITOFF&d=PG01&p=1&u=%2Fnetahtml%2FPTO%2Fsrchnum.html&r=1&f=G&l=50&s1=%2220090063996%22.PGNR.&OS=DN/20090063996&RS=DN/20090063996 From rforno at infowarrior.org Mon Mar 9 13:30:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Mar 2009 09:30:01 -0400 Subject: [Infowarrior] - US forgot how to make Trident missiles Message-ID: <183C89C1-040B-46E4-9743-2FE8C3EDBD7F@infowarrior.org> source: http://www.sundayherald.com/news/heraldnews/display.var.2494129.0.0.php How the US forgot how to make Trident missiles Inquiry cites loss of files and key staff as reason for $69m repair delay By Rob Edwards, Environment Editor PLANS TO refurbish Trident nuclear weapons had to be put on hold because US scientists forgot how to manufacture a component of the warhead, a US congressional investigation has revealed. The US National Nuclear Security Administration (NNSA) "lost knowledge" of how to make a mysterious but very hazardous material codenamed Fogbank. As a result, the warhead refurbishment programme was put back by at least a year, and racked up an extra $69 million. According to some critics, the delay could cause major problems for the UK Trident programme, which is very closely tied to the US programme and uses much of the same technology. The US and the UK are trying to refurbish the ageing W76 warheads that tip Trident missiles in order to prolong their life, and ensure they are safe and reliable. This apparently requires that the Fogbank in the warheads is replaced. Neither the NNSA nor the UK Ministry of Defence would say anything about the nature or function of Fogbank. But it is thought by some weapons experts to be a foam used between the fission and fusion stages of a thermonuclear bomb. US officials have said that manufacturing the material requires a solvent cleaning agent which is "extremely flammable" and "explosive". The process also involves dealing with "toxic materials" hazardous to workers. Over the last year the Government Accountability Office (GAO), which reports to the US Congress, has been investigating the W76 refurbishment programme. An unclassified version of its final report was released last week. The GAO report concluded: "NNSA did not effectively manage one of the highest risks of the programme - the manufacture of a key material known as Fogbank - resulting in $69m in cost over-runs and a schedule delay of at least one year that presented significant logistical challenges for the navy." For the first time, the report described the difficulties faced by the NNSA in trying to make Fogbank. A new production facility was needed at the Y-12 National Security Complex at Oak Ridge, Tennessee, because an old one had been demolished in the 1990s. But vital information on how Fogbank was actually made had somehow been mislaid. "NNSA had lost knowledge of how to manufacture the material because it had kept few records of the process when the material was made in the 1980s, and almost all staff with expertise on production had retired or left the agency," the report said. The GAO report also accused the NNSA of having an inconsistent approach to costing the W76 refurbishment programme. The total cost was put at $2.1 billion in 2004, $6.2bn in 2005 and $2.7bn in 2006. To John Ainslie, the co-ordinator of the Scottish Campaign for Nuclear Disarmament, it was "astonishing" that the Fogbank blueprints had been lost. "This is like James Bond destroying his instructions as soon as he has read them," he said. "Perhaps the plans for making Fogbank were so secret that no copies were kept. The British warhead is similar to the American version, and so the problems with Fogbank may delay Aldermaston's plans for renewing or replacing Trident." The NNSA's principal deputy administrator, William Ostendorff, said that the agency "generally agrees" with the findings of the GAO report. He stressed that NNSA was strengthening its management procedures. He added: "As with many processes that implement increased rigour, there is a need for identification of increased funding in order to increase the fidelity in project risk assessment." UK sources suggested, though, that the US and UK designs were not identical. All the details of exactly how nuclear weapons are put together are classified as top secret in both countries. A spokesman for the Ministry of Defence told the Sunday Herald: "It is MoD policy not to comment on nuclear warhead design. To do so would, or would be likely to, prejudice national security." From rforno at infowarrior.org Mon Mar 9 16:19:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Mar 2009 12:19:49 -0400 Subject: [Infowarrior] - Finally, CNBC gets called out Message-ID: (I don't watch CNBC much anymore for this is the kind of antics they've been doing for a few years now.) CNBC Thrives as Hosts Deliver News With Attitude http://www.nytimes.com/2009/03/09/business/media/09cnbc.html?_r=2&pagewanted=all CNBC made itself an easy target for Jon Stewart http://www.marketwatch.com/news/story/cnbc-easy-target-jon-stewarts/story.aspx?guid= {EAB2CEB9-0F7A-444A-B131-4821D7C59315}&dist=msr_1 ...and Jon Stewart's brilliant take on CNBC http://www.youtube.com/watch?v=cTAk54c8tFQ From rforno at infowarrior.org Tue Mar 10 00:06:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Mar 2009 20:06:39 -0400 Subject: [Infowarrior] - BSIMM: The Building Security In Maturity Model Message-ID: (Free PDF/HTML download of the Model @ the site) http://www.bsi-mm.com/ The Building Security In Maturity Model The Building Security In Maturity Model (BSIMM) described on this website is designed to help you understand and plan a software security initiative. BSIMM was created through a process of understanding and analyzing real-world data from nine leading software security initiatives. Though particular methodologies differ (think OWASP CLASP, Microsoft SDL, or the Cigital Touchpoints), many initiatives share common ground. This common ground is captured and described in BSIMM. As an organizing feature, we introduce and use a Software Security Framework (SSF), which provides a conceptual scaffolding for BSIMM. Properly used, BSIMM can help you determine where your organization stands with respect to real-world software security initiatives and what steps can be taken to make your approach more effective. BSIMM is not a complete "how to" guide for software security, nor is it a one size fits all model. Instead, BSIMM is a collection of good ideas and activities that are in use today. Software security is the result of many activities. People, process, and automation are all required. The SSF and BSIMM together allow us to discuss the myriad activities without becoming mired in details. To that end, we believe a simple approach that gets to the heart of the matter trumps an exhaustive approach with a Byzantine result. A maturity model is appropriate because improving software security almost always means changing the way an organization works?something that doesn't happen overnight. BSIMM provides a way to assess the state of an organization, prioritize changes, and demonstrate progress. We understand that not all organizations need to achieve the same security goals, but we believe all organizations can be measured with the same yardstick. http://www.bsi-mm.com/ From rforno at infowarrior.org Tue Mar 10 17:20:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Mar 2009 13:20:23 -0400 Subject: [Infowarrior] - Markle Report on National Security Message-ID: <92510241-44FB-4A60-9E86-75C82A0EDD19@infowarrior.org> March 10, 2009 Markle Task Force Releases, "Nation At Risk: Policy Makers Need Better Information to Protect the Country" The latest report from the Markle Task Force urges the President and Congress to take swift action to ensure that policy makers have the best information available to confront a stark set of 21st century national security challenges. http://www.markletaskforce.org/ From rforno at infowarrior.org Tue Mar 10 17:40:04 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Mar 2009 13:40:04 -0400 Subject: [Infowarrior] - Google bug shared private online documents Message-ID: <6E75CBEB-B0F7-4A09-B50E-B3ADEF02F82C@infowarrior.org> Google software bug shared private online documents Mar 10 07:39 AM US/Eastern http://www.breitbart.com/article.php?id=CNG.54c3200989573ae4c9282658f91276df.481&show_article=1 Google has confirmed that a software bug exposed documents thought to be privately stored in the Internet giant's online Docs application service. The problem was fixed by the weekend and is believed to have affected only .05 percent of the digital documents at a Google Docs service that provides text-handling programs as services on the Internet. "We've identified and fixed a bug where a very small percentage of users shared some of their documents inadvertently," Google Docs Product Manager Jennifer Mazzon wrote in a message at the firm's website on Saturday. "We're sorry for the trouble this has caused. We understand our users' concerns (in fact, we were affected by this bug ourselves) and we're treating this very seriously." The problem occurred in cases where people had chosen to collaborate on multiple documents and adjusted settings to allow access to others, according to Google. Collaborators were unintentionally given permission to access documents aside from the ones intended. "As part of the fix, we used an automated process to remove collaborators and viewers from the documents that we identified as having been affected," Mazzon said. "We then emailed the document owners to point them to their affected documents in case they need to re-share them." The slip comes as Google and other Internet firms entice people to rely on applications offered online as services "in the cloud" instead of buying software then installing and maintaining it on their own machines. While the trend toward cloud services is growing, some still worry about the privacy of data kept online and whether it is shrewd to rely on the Internet for access to information and applications. Copyright AFP 2008, AFP stories and photos shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium Click here to buy text ads on Breitbart From rforno at infowarrior.org Wed Mar 11 12:31:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Mar 2009 08:31:05 -0400 Subject: [Infowarrior] - Cyber-equivalent of Monroe Doctrine Message-ID: <10B872DF-B152-44BA-BEF4-E8B76A792E6B@infowarrior.org> http://lastwatchdog.com/cyber-equivalent-monroe-doctrine-needed-repel/ Cyber-equivalent of Monroe Doctrine needed to repel Internet attacks on Internet security by Byron Acohido March 10, 2009 President Obama ought to invoke the cyber equivalent of the Monroe Doctrine to repel rising Internet attacks against America. So testified Oracle's tough-talking Chief Security Officer, Mary Ann Davidson, at a Congressional hearing today. History refresher: Back in 1823, President James Monroe decreed that any attempt to extend foreign political systems onto U.S. soil would be considered an act of aggression requiring U.S. intervention. Simple as that. Monroe sought to repel European imperialists bent on colonizing chunks of the tenuously-governed Americas. It worked. The Monroe Doctrine became a key tenet of U.S. foreign policy invoked by Calvin Coolidge, Herbert Hoover and John F. Kennedy. Substitute foreign cybercrime lords bent on colonizing U.S. computers and networks -- and the tenuous state of cyber defenses -- and the parallel is riveting "We are in a conflict, some would call it war," Davidson testified before the House Subcommittee on Emerging Threats, Cybersecurity, Science & Technology. "Let's call it what it is. Given the diversity of potentially hostile entities building cadres of cyberwarriors, probing our systems for weakness, infiltrating government networks and making similar attempts against businesses and critical industries, including our defense systems, is there any other conclusion to be reached?" A call to defend U.S `cyberturf ` The hearing was held to get a mid-way status report of a 60-day review of U.S. cybersecurity policy being conducted by management collaboration expert, Melissa Hathaway. "The advantages of invoking a Monroe-like Doctrine in cyberspace would be to put the world on notice that the US has cyberturf, and that we will defend our turf," Davidson testified. "We need to do both -- now." Davidson's call to arms was reinforced by testimony from David Powner, GAO's director of IT management issues; Scott Charney, Microsoft Vice President of Trustworthy Computing; Jim Lewis, director of the Center for Strategic and International Studies; and Amit Yoran CEO of security firm NetWitness. The experts delivered a wide range of proof points showing how the U.S. citizens, businesses and governments have been under rising cyberattacks for several years. Yoran, a former senior official in the Department of Homeland Security, testified that the the U.S. has been "experiencing a 9/11 in cyber attacks" for a number of years. "Because there is no visible catastrophic outcome, we lie in bed at night asleep without realizing how much damage is being done." Underscoring this Last Watchdog investigation of corporate intrusions, the GAO's Powner noted that foreign nations and criminals are targeting organizations "to gain a competitive advantage and potentially disrupt or destroy them," and also pointed out "that terrorist groups have expressed a desire to use cyberattacks as a means to target the United States." Truly comprehensive plan needed The experts agreed that there is a dire need for a truly comprehensive cyber security plan - one that involves public/private partnerships and global cooperation. One of the top recommendations of the CSIS bi-partisan committee that spend more than a year culling cybersecurity ideas to deliver to the 44th president was a call for regulation. The private sector "will never deliver adequate security and the government must establish regulatory thresholds for critical infrastructure," testified Lewis, CSIS director and senior fellow. Charney, the Microsoft executive and a co-chair of the CSIS bi-partisan committee, cautioned that regulation must be carefully "tailored." "Finding the required balance will be difficult," said Charney. "But if we fail to use regulation to improve our national cybersecurity, if we do not identify mandatory actions to secure the digital infrastructure, the Obama administration will have no more success than any of its predecessors." The experts also were unanimous about there being a singular entity best-suited to shaping and implementing such a plan: the White House. "Only the White House has the authority to bring many large and powerful agencies to follow a common agenda and to coordinate with each other," said Lewis. "The White House and only the White House can set strategy and policy, ensure that agencies are following them and resolve agency disputes." Beckstrom acknowledged Attending the hearing was Rod A. Beckstrom, who just resigned from a key cybersecurity post in the Department of Homeland Security. Co-author of a best-selling management book, The Starfish and the Spider, Beckstrom could not escape smothering controls put on him by the National Security Agency. Rep. Bennie Thompson D-Miss., and Rep. Yvette Clarke D-New York, acknowledged Beckstrom. Clarke called Beckstrom's resignation "an unfortunate loss." Thompson made note of "ineffective leadership, unclear organizational structure and poorly defined roles" demonstrated by federal agencies and corporations trying futilely to put up a cyber defense. "I along with many of my colleagues were optimistic when Mr. Beckstrom was brought on to lead the National Cyber Security Center," said Thompson. "He has organizational expertise. He has worked extensively with the private sector. But Mr. Beckstrom did not have experience working miracles. " -Byron Acohido From rforno at infowarrior.org Wed Mar 11 12:35:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Mar 2009 08:35:16 -0400 Subject: [Infowarrior] - Madoff set to plead guilty, could face 150 yrs in jail Message-ID: Madoff set to plead guilty, could face 150 yrs in jail AFP Published: Tuesday March 10, 2009 http://rawstory.com/news/afp/Madoff_set_to_plead_guilty_could_fa_03102009.html Fallen Wall Street baron Bernard Madoff has confirmed he is set to plead guilty to a massive multi-billion dollar fraud as prosecutors said he should spend the rest of his life in prison. Madoff, 70, said through his lawyer that he expects to plead guilty at a hearing Thursday to the 11 counts of fraud announced by prosecutors on Tuesday. "That is a fair expectation," defense lawyer Ira Sorkin said. The charges carry a maximum prison sentence of 150 years. Dressed in a dark suit and sporting gray swept-back hair, Madoff looked ahead without expression in a courtroom packed with dozens of journalists. He was arrested in December after allegedly confessing to a 50 billion dollar pyramid scheme, or Ponzi fraud, in which money is stolen from new investors to pay phony profits to existing clients. Prosecutors charged him with "a scheme to defraud the clients... by soliciting billions of dollars of funds under false pretenses." "There is no plea agreement," federal prosecutor Marc Litt told the court. "He must plead guilty to all 11 counts." Prosecutors say Madoff's scam started from at least the 1980s and lasted right up to his arrest. Victims' lawyers believe some three million people, including major banks, celebrities, charities and universities, lost money. So far Madoff is the only person charged. However, prosecutors say their investigation is continuing. The former chairman of the Nasdaq Stock Exchange and Wall Street trading guru has been holed up since his arrest under strict 10 million dollar bail in his luxury New York apartment. A guilty plea on Thursday would mean he gives up his right to a trial. Judge Denny Chin told the court that he would decide on Thursday whether Madoff should be taken into custody or be allowed to remain under house arrest until sentencing. "Sentencing would not take place for several months," Chin said. In a highly unusual move, victims of Madoff's alleged fraud are to be given the right to speak at Thursday's hearing -- provided they restrain their anger. "I understand emotions are high," Chin said, but those appearing must "conduct themselves in a manner appropriate to a court room." Tuesday's session was held to resolve a conflict-of-interest issue with Sorkin, whose family had invested with Madoff and who once represented two of his business associates in a separate case. Madoff, grim-faced and speaking in a subdued voice, told the judge he wished to keep Sorkin as his attorney. This was granted. The developments spelled the beginning of the end for a self-made man who rose from obscurity to become a key member of the ultra-wealthy echelons of the US Jewish community and a noted Wall Street innovator. Acting US Attorney Lev Dassin said in a statement that Madoff committed "an extraordinary array of crimes" over two decades. "While the alleged crimes are not novel, the size and scope of Mr Madoff's fraud are unprecedented." The criminal information outlining 11 felony charges -- including securities fraud, investment adviser fraud, mail fraud, wire fraud, and money laundering -- shed new light on the workings of the alleged scam. According to prosecutors, Madoff secured billions of dollars from investors, encouraging them with rock-solid profits and in some cases promises of "annual returns in varying amounts of up to approximately 46 percent per year." But instead of investing the money, he was recycling the funds "to meet the periodic redemption requests of other investors." Meanwhile, other funds were stolen "to purchase and maintain property and services for the personal use and benefit of Madoff, his family members, and associates," prosecutors said. To cover up his fraud, Madoff "repeatedly lied" to regulators and conned his clients with impressive-looking offices. In the two weeks before Madoff's arrest, his company claimed to serve 4,800 client accounts with a balance of 64.8 billion dollars, but the prosecution said Madoff's firm held only "a small fraction of that." Whether Madoff feels remorse was not yet known. Sorkin said it was impossible to know the number of victims because many clients had "received redemptions that exceeded the money they lost." Sorkin said he did not want "to suggest there were no victims," but that there is "difficulty to identify the real victims." From rforno at infowarrior.org Wed Mar 11 12:43:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Mar 2009 08:43:43 -0400 Subject: [Infowarrior] - Clues indicate P-I closure is near Message-ID: <024436F2-16D9-4A3B-BBC2-9C838843B2DA@infowarrior.org> Clues indicate P-I closure is near Online domain name renewed; cleanup bins coming By DAN RICHMAN P-I REPORTER http://seattlepi.nwsource.com/business/402994_pi11.html Despite The Hearst Corp.'s statement Tuesday morning that it hasn't decided whether to sell or shut down the Seattle P-I, clues emerged later in the day suggesting that Hearst plans to close the 146-year- old paper shortly and will continue operating a Web site. Staff members learned Tuesday afternoon that boxes and bins are scheduled to be delivered to the newsroom later this week -- some for materials to be taken home, others for notes that require shredding. Employees were told to file promptly to be reimbursed for their expenses. And they were told they can retain their cell phone numbers if they wish. Hearst said in January that it would put the paper up for sale for 60 days, closing it if no buyer emerged but possibly maintaining the P-I Web site. On Tuesday, another clue emerged as to Hearst's intentions: The company renewed the domain name "SeattlePI.com" through March 25, 2010, with registrar Network Solutions. It would have expired later this month. Monday marked the end of the 60-day sale period. But Hearst spokesman Paul Luthringer said Tuesday that the company hasn't decided how to proceed. "We are still evaluating our options," Luthringer said in an e-mail. "Timing of the decision is uncertain." When asked what decision he was referring to, he responded, "These options exist: 1) Seek buyer. If no buyer, then 2) Go digital, or 3) Close. No decision has been made." The paper's roughly 170 employees have been officially notified that their jobs will end between March 18 and April 1. But March 18 only marks the date through which Hearst must pay P-I employees. It is free to shut down any time. "It would be nice to have some clarity," business reporter Joseph Tartakoff said. "It's really hard to plan your work when you're not sure if you'll be around the next day." Last week, Hearst extended offers to some staff members for positions with an online-only operation. Hearst Senior Vice President Ken Riddick, who's in charge of determining what shape that operation might take and whom it might employ, didn't answer e-mails Monday and Tuesday asking detailed questions about the site. Separately, the largest union at the Hearst-owned San Francisco Chronicle reached a tentative agreement late Monday on contract concessions as part of Hearst's efforts to dramatically cut costs to prevent a sale or closure, though the deal still may not keep the 144- year-old daily from shuttering or being sold. And Hearst, which publishes 16 daily newspapers, is increasing subscription prices and has considered reducing the number of days it delivers newspapers to homes each week. "We are asking readers to pay more," Steven Swartz, who heads the company's newspaper division, said at a meeting Tuesday in New York. The publisher may cut the number of pages of its newspapers, Swartz said. Hearst will seek more readers on handheld devices such as Amazon.com Inc.'s Kindle and Apple Inc.'s iPhone. This report includes information from The Associated Press and Bloomberg News. P-I reporter Dan Richman can be reached at 206-448-8032 or danrichman at seattlepi.com. From rforno at infowarrior.org Wed Mar 11 12:47:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Mar 2009 08:47:33 -0400 Subject: [Infowarrior] - WalMart to market digital health records system Message-ID: <54B62670-EA8F-4A5D-9F8B-567DF2201CED@infowarrior.org> Wal-Mart plans to market digital health records system By Steve Lohr Wednesday, March 11, 2009 http://www.iht.com/bin/printfriendly.php?id=20745624 Wal-Mart Stores is striding into the market for electronic health records, seeking to bring the technology into the mainstream for physicians in small offices, where most of America's doctors practice medicine. Wal-Mart's move comes as the Obama administration is trying to jumpstart the adoption of digital medical records with $19 billion of incentives in the stimulus package. The company plans to team its Sam's Club division with Dell for computers and eClinicalWorks, a fast-growing private company, for software. Wal-Mart says its package deal of hardware, software, installation, maintenance and training will make the technology more accessible and affordable, undercutting rival health information technology suppliers by as much as half. "We're a high-volume, low-cost company," said Marcus Osborne, senior director of health care business development at Wal-Mart. "And I would argue that mentality is sorely lacking in the health care industry." The Sam's Club offering, to be made available this spring, will be under $25,000 for the first physician in a practice, and about $10,000 for each additional doctor. After the installation and training, the continuing annual costs for maintenance and support will be $4,000 to $6,500 a year, the company estimates. Wal-Mart says it had been exploring the opportunity in health information technology long before the recent presidential election. About 200,000 health care providers, mostly doctors, are among Sam Club's 47 million members. And the company's research showed the technology was becoming less costly and rising interest among small physician practices, according to Todd Matherly, vice president of health and wellness at Sam's Club. The financial incentives in the administration plan ? more than $40,000 per physician over a few years, to install and use electronic health records ? could accelerate adoption. When used properly, most health experts agree, the migration from paper to digital records can curb costs and improve care. But especially among physicians in small offices, many doubt the wisdom of switching to electronic health records, given their cost and complexity. Only about 17 percent of the nation's physicians are using computerized patient records, according to a government-sponsored survey published last year in The New England Journal of Medicine. The use of electronic health records is widespread in large physician groups, but three-fourths of the nation's doctors work in small practices, of 10 physicians or fewer. But Wal-Mart has the potential to bring not only lower costs but an efficient distribution channel to cater to small physician groups. Traditional health technology suppliers, experts say, have tended to shun the small physician offices because it has been costly to sell to them ? a large market in total, but scattered. "If Wal-Mart is successful, this could be a game-changer," observed Dr. David Brailer, former national coordinator for health information technology in the Bush administration. In the package, Dell is offering either a desktop or a tablet personal computer. Many physicians prefer the tablet PC because it more closely resembles their familiar paper note-taking and makes for easier communication with the patient, since the doctor is not behind a desktop screen. eClinicalWorks, which is used by 25,000 physicians, mostly in small practices, will provide the electronic record and practice management software, for billing and patient registration, as a service over the Internet. This software-as-a-service model can trim costs considerably and make technical support and maintenance less complicated, because less software resides on the personal computer in a doctor's office. Dell will be responsible for the installation of the computers, while eClinicalWorks will handle the installation, training and maintenance for the software. Wal-Mart is using its buying power for discounts on both the hardware and software. Wal-Mart's role, according to Osborne, is to put the bundle of technology into an affordable and accessible offering. "We're the systems integrator, an aggregator," he said. The company's test bed for the technology it will soon offer physicians has been its own health care clinics, staffed by third- party physicians and nurses. Started in September 2006, Wal-Mart now has 30 such clinics in stores in eight states. Those clinics make use of the technology the company will be offering physicians. "That's where the learning came from, and they were the kernel of this idea," Osborne said. From rforno at infowarrior.org Wed Mar 11 12:49:13 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Mar 2009 08:49:13 -0400 Subject: [Infowarrior] - Advertisers Get a Trove of Clues in Smartphones Message-ID: <64DF3785-D983-4A03-AC7D-39E55FF57E17@infowarrior.org> March 11, 2009 Advertisers Get a Trove of Clues in Smartphones By STEPHANIE CLIFFORD http://www.nytimes.com/2009/03/11/business/media/11target.html?_r=1&hp=&pagewanted=print The millions of people who use their cellphones daily to play games, download applications and browse the Web may not realize that they have an unseen companion: advertisers that can track their interests, their habits and even their location. Smartphones, like the iPhone and BlackBerry Curve, are the latest and potentially most extensive way for advertisers to aim ads at certain consumers. Advertisers already tailor ads for small groups of consumers on the Web based on personal information. But cellphones have a much higher potential for personalized advertising, especially when they use applications like Yelp or Urbanspoon with GPS to identify a person?s location, right down to the street corner where they are standing. Advertisers will pay high rates for the ability to show, for example, ads for a nearby restaurant to someone leaving a Broadway show, especially when coupled with information about the gender, age, finances and interests of the consumer. Eswar Priyadarshan, the chief technology officer of Quattro Wireless, which places advertising for clients like Sony on mobile sites, says he typically has 20 pieces of information about a customer who has visited a site or played with an application in his network. ?The basic idea is, you go through all these channels, and you get as much data as possible,? he said. The capability for collecting information has alarmed privacy advocates. ?It?s potentially a portable, personal spy,? said Jeff Chester, the executive director of the Center for Digital Democracy, who will appear before Federal Trade Commission staff members this month to brief them on privacy and mobile marketing. He is particularly concerned about data breaches, advertisers? access to sensitive health or financial information, and a lack of transparency about how advertisers are collecting data. ?Users are going to be inclined to say, sure, what?s harmful about a click, not realizing that they?ve consented to give up their information.? For now, advertisers are using a wide lens to survey people?s behavior on phones, aiming at people by city rather than by specific neighborhood or street. And while they collect specifics about how someone behaves on the mobile Web ? for instance, that someone bought a ?Hot N Cold? ring tone after seeing an ad for it, then watched a Miley Cyrus video on TMZ.com ? they use that information to categorize that person as a pop- culture fan, and then show a movie ad. Advertisers are eager to use the information for much more specific targeting, however. An advertising system could know, for instance, that someone is 27 years old, male, a New England Patriots fan (which NFL.com can track), plays Blackjack, travels frequently between Boston and New York on weekdays (which applications using GPS can track) and uses a 3G iPhone. That would make him attractive to a host of advertisers, like the Delta Shuttle or a Las Vegas hotel, whose ads would appear while the consumer was browsing the Web on his phone. ?Everyone?s in an arms race to find out more and more about their users,? said Eric Bader, the managing partner of the mobile advertising firm Brand in Hand. Even application developers are handing over information about their customers to marketers. Dockers San Francisco, a brand of Levi Strauss, for instance, is beginning a campaign this week that will run on applications like iBasketball and iGolf. It will show a model wearing khakis, and the iPhone customer can shake the phone to see the model dance. Dockers will start by tracking how long people shake the ad, and then ?if it does make sense to do follow-up with these consumers, we?ll do that,? said Jonathan Haber, the United States director of Ignition Factory at OMD, the media agency directing the campaign. ?We dig in, specifically, with these application developers and owners to get information about usage behavior.? It?s not just behavior, but also data about income, or even whether you have children, that mobile advertisers consider. A company called Acuity Mobile, whose clients include the MGM Mirage and Harrah?s Entertainment, lets clients use consumer data, including, potentially, income, to determine what kind of offers clients should see. ?Someone who does not spend a lot of money with your brand might get a lower-value offer, like a free dessert in Vegas, versus a free buffet? for a high roller, said Alan R. Sultan, the president and founder of Acuity Mobile. Applications that use GPS can offer even more specificity, including Loopt, Yelp, Urbanspoon, Where and almost any iPhone application that shows the pop-up box saying it ?would like to use your current location.? Several firms are experimenting with a program called AisleCaster that can offer specials based on a person?s exact location in a supermarket aisle or mall. Advertising systems can track not only the location of the phone, but also that person?s travel pattern: uptown New York to Nob Hill in San Francisco, for instance. For now, systems like Quattro are using broad city-level categories while trying to sell to advertisers like Amtrak. ?You don?t want to necessarily go down to location-level stuff like specific street corners, because it wanders over into really creeping out the user privacy-wise,? Mr. Priyadarshan said. For now, there are not enough people using smartphones to make it worthwhile for advertisers to use highly specific criteria. But as more people switch to smartphones, that will happen more frequently. The smartphone market in North America increased 69 percent in 2008, according to the research firm Gartner. Google, Palm and BlackBerry are all introducing their own application stores. Despite the amount of data in the market, as long as advertisers don?t use personally identifiable information, there is no current regulation or law that governs how closely advertisers and application developers can track mobile phone users. Opting out of mobile targeted advertising is difficult, and that?s assuming consumers are even aware how closely they are being tracked. ?I didn?t know they were doing that, although I?m not surprised to hear it,? said Jordan Penn, 32, an affordable-housing developer in San Diego who has downloaded about 12 apps to his iPhone. ?It doesn?t really concern me any more than all of the other tracking that goes on when you access the Internet.? Paul M. Schwartz, a law professor at the University of California, Berkeley, and an information privacy law expert, said tracking by advertisers was problematic. ?People should be allowed to trade most kinds of information for value as long as the terms are fair,? he said. ?They?re not fair now.? Mike Wehrs, the chief executive of the Mobile Marketing Association, said the trade group was updating some of its self-regulatory principles, for example, suggesting that applications e-mail their privacy policies to subscribers rather than asking them to read a policy on the small mobile screen. ?I agree there?s more that can be done,? he said. ?One thing about mobile, it?s an amazingly fast-moving industry.? From rforno at infowarrior.org Wed Mar 11 14:55:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Mar 2009 10:55:50 -0400 Subject: [Infowarrior] - Google to monitor surfing behaviour Message-ID: <61E54584-6189-4AE7-B051-D3EB1B81BCF2@infowarrior.org> Google to base ads on surfing behaviour 11 Mar 2009 11:09 http://www.zdnet.co.uk/misc/print/0,1000000169,39625962-39001105c,00.htm The web giant is to start tracking users as they surf across sites that use Google AdSense, so it can serve more targeted advertising Google is to start serving advertisements to its users based on their browsing habits, the web giant announced on Wednesday. The company already offers advertising related to the site being surfed ? so long as that site is a Google AdSense partner or YouTube. But the beta test of what Google calls "interest-based" advertising will take a wider view of the user's surfing habits to target served ads even more accurately. The service will launch on 8 April. "These ads will associate categories of interest ? say sports, gardening, cars, pets ? with your browser, based on the types of sites you visit and the pages you view," Google's vice president of product management, Susan Wojcicki, wrote on the official Google blog. "We may then use those interest categories to show you more relevant text and display ads." The new ad-serving system works by downloading a DoubleClick cookie to the user's browser to track their path through various AdSense-using sites. DoubleClick is an ad-serving company that was acquired by Google last year. As with any other cookie, this tracking file can be cleared by the user at any time. By visiting Google's ad-preferences page, the user can opt out of having their surfing habits tracked, or input their own preferences for the subject matter of ads they would like to see. However, as clearing the browser's cookies would effectively remove the opt-out cookie itself, Google has also released a plug-in for browsers that provides a permanent opt-out from the service. Google is keen to stress the transparency of its approach. "We already clearly label most of the ads provided by Google on the AdSense partner network and on YouTube," Wojcicki wrote. "You can click on the labels to get more information about how we serve ads, and the information we use to show you ads. This year we will expand the range of ad formats and publishers that display labels that provide a way to learn more and make choices about Google's ad serving." A spokesman for Google told ZDNet UK on Wednesday morning that the company had "gone beyond the industry standard" for privacy in contextual advertising. "We were never going to be comfortable doing it unless we could offer this choice for the users," the spokesman said. Asked whether there were any comparison to be made with Phorm, the ad- serving company that drew protests when it conducted user-monitoring trials with BT without first informing the subjects, the spokesman said Google had "been open and transparent from the start". "The ads won't start being served across the network until 8 April," Google's spokesperson said. "Our AdSense partners are being given a month's notice. With all our AdSense partners, if they want to opt out of this sort of technology, they can. We hope that the more relevant ads are, the more advertisers would be prepared to pay for them at auction." He added that Google hopes publishers will be as positive about this technology as the advertisers themselves. In a statement, Google also addressed the opt-out nature of the service, which means users need to make a conscious decision to stop being tracked. "Offering an opt-in would go against the very economic model of the majority of content on the internet," Google's statement read. "Consumers prefer to see more relevant advertising, which in turn fuels many of the services on the internet. We don't want to go against a model that is giving consumers the benefits they need out of it. If certain users prefer not to receive interest-based ads, we believe that we give them clear information and tools to make that choice." The Information Commissioner's Office also released a statement, in which it said it had spoken to Google about the service and was satisfied the company was giving users enough control over their data. "Transparency and choice are important elements when addressing any consumer concerns about privacy and the monitoring of browser activity," the ICO's statement read. "In light of this, we are pleased that the preference manager feature allows users a high level of control over how their information is used, and that the method by which users can choose to opt out is saved permanently." Story URL: http://news.zdnet.co.uk/internet/0,1000000097,39625962,00.htm Copyright ? 1995-2009 CNET Networks, Inc. All rights reserved ZDNET is a registered service mark of CNET Networks, Inc. ZDNET Logo is a service mark of CNET Networks, Inc. From rforno at infowarrior.org Wed Mar 11 15:56:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Mar 2009 11:56:44 -0400 Subject: [Infowarrior] - Social Networking Sites Critical In Disasters Message-ID: <78D28A8E-9DCA-47C3-A162-75818BDAF1FC@infowarrior.org> Researchers: Social Networking Sites Critical In Disaster Situations Emergency Managers Urged To Embrace Facebook, Twitter Christin Ayers, 7NEWS Reporter http://www.thedenverchannel.com/news/18893493/detail.html#- POSTED: 10:27 pm MDT March 9, 2009 BOULDER, Colo. -- Emergency managers say social networking sites like Facebook, MySpace, Twitter and Flickr are changing the way disaster situations are handled. Dr. Jeannette Sutton of CU Boulder?s Natural Hazards Center has been conducting joint research with the school?s Department of Computer Science. The center's research found that, increasingly, when disaster strikes, the Web-savvy are seeking out and sending out information via social networking sites. Sutton said one of the first documented signs of the phenomenon came in the hours after the shootings on the Virginia Tech campus in April 2007. Some crucial news about the shootings came not through law enforcement or the news media, but through Facebook. ?People who were distributed across these networks were able to identify all of the names of the deceased before the official announcement came out about who was deceased,? said Sutton. Sutton said emergency management specialists risk irrelevance if they don?t embrace social networking. Boulder County has already developed a Twitter account that it used extensively after the Olde Stage Coach fire broke out in January. ?By the end of that fire we had 100 new followers that were following us on Twitter and other organizations were re-tweeting us, including FEMA,? said Boulder County Commission spokeswoman Patricia Demchak. Sutton said FEMA, which has started its own YouTube channel, is an exception. Many federal agencies remain skeptical about social networking, fearing that the sites foster more rumor than reality. But Sutton?s research found that people are often extremely cautious about fact-checking their information before disseminating it. Sophia B. Liu, a graduate student in computer science, is a perfect example. Liu tracks social networking during disaster situations as part of the Alliance for Technology, Learning and Society at CU Boulder. A Boulder resident, she was evacuated after the Olde Stage Coach fire broke out and immediately started Twittering to keep track of the information she was hearing. ?That local knowledge of citizens who live in the area can be key in terms of providing quick information," said Liu. Liu said many of the firefighters who were staged throughout her neighborhood as evacuations were under way shortly after the fire broke out were brought in from elsewhere and could not tell her the best route out of her neighborhood. Liu wound up Twittering that and other crucial information. Boulder police spokeswoman Sarah Huntley said that in some cases, Liu?s information came out quicker than law enforcement?s. Sutton said there is always a danger that rumor or gossip could have a negative impact, but she said the benefits of social networking in disaster situations far outweigh the risks. ?It's a way to tune in and find out, 'How is my warning being perceived?' and 'How is the info actually coming across to the public?'" Sutton said. Some federal agencies like the Centers for Disease Control and Prevention are already tuning in to social networking. The city of Castle Rock has a Twitter account and Commerce City is in the process of developing one. Boulder County is developing a social networking policy. If it is approved, the county will open Facebook and MySpace accounts as well. TheDenverChannel.com has two Twitter feeds: one for breaking news @breakingnewskmgh and one for news headlines and updates @denverchannel. From rforno at infowarrior.org Wed Mar 11 16:07:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Mar 2009 12:07:30 -0400 Subject: [Infowarrior] - Terrorist watch list hits 1 million Message-ID: <3D984CCD-611E-41BA-A2FD-AC8501B97F5C@infowarrior.org> http://www.usatoday.com/news/washington/2009-03-10-watchlist_N.htm Terrorist watch list hits 1 million By Peter Eisler, USA TODAY WASHINGTON ? The government's terrorist watch list has hit 1 million entries, up 32% since 2007. Federal data show the rise comes despite the removal of 33,000 entries last year by the FBI's Terrorist Screening Center in an effort to purge the list of outdated information and remove people cleared in investigations. It's unclear how many individuals those 33,000 records represent ? the center often uses multiple entries, or "identities," for a person to reflect variances in name spellings or other identifying information. The remaining million entries represent about 400,000 individuals, according to the center. The new figures were provided by the screening center and the Office of the Director of National Intelligence in response to requests from USA TODAY. "We're continually trying to improve the quality of the information," says Timothy Edgar, a civil liberties officer at the intelligence director's office. "It's always going to be a work in progress." People put on the watch list by intelligence and law enforcement agencies can be blocked from flying, stopped at borders or subjected to other scrutiny. About 95% of the people on the list are foreigners, the FBI says, but it's a source of frequent complaints from U.S. travelers. In the past two years, 51,000 people have filed "redress" requests claiming they were wrongly included on the watch list, according to the Department of Homeland Security. In the vast majority of cases reviewed so far, it has turned out that the petitioners were not actually on the list, with most having been misidentified at airports because their names resembled others on it. There have been 830 redress requests since 2005 where the person was, in fact, confirmed to be on the watch list, and further review by the screening center led to the removal of 150, or 18% of them. Without specific rules for who goes on the list, it's too bloated to be effective, says Tim Sparapani, a lawyer with the American Civil Liberties Union. A 2007 audit by the Government Accountability Office said more needed to be done to ensure the list's accuracy, but still found that it has "enhanced the U.S. government's counterterrorism efforts." Find this article at: http://www.usatoday.com/news/washington/2009-03-10-watchlist_N.htm From rforno at infowarrior.org Wed Mar 11 17:48:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Mar 2009 13:48:39 -0400 Subject: [Infowarrior] - Economists: IP laws re killing innovation Message-ID: <56878C71-5A50-449C-99C2-DE2FEE3ECDCC@infowarrior.org> Economists Say Copyright and Patent Laws Are Killing Innovation; Hurting Economy http://www.newswise.com/p/articles/view/549822/ Newswise ? Abolishing patent and copyright law sounds radical, but two economists at Washington University in St. Louis say it's an idea whose time has come. Michele Boldrin and David K. Levine see innovation as a key to reviving the economy. They believe the current patent/copyright system discourages and prevents inventions from entering the marketplace. The two professors have published their views in a new book, Against Intellectual Monopoly, from Cambridge University Press. "From a public policy view, we'd ideally like to eliminate patent and copyright laws altogether," says Levine, John H. Biggs Distinguished Professor of Economics. "There's plenty of protection for inventors and plenty of protection and opportunities to make money for creators. It's not that we see this as some sort of charitable act that people are going to invent and create things without earning money. Evidence shows very strongly there are lots of ways to make money without patents and copyright." Levine and Boldrin point to students being sued for 'pirating' music on the internet and AIDS patients in Africa dying because they cannot afford expensive drugs produced by patent holders as examples of the failure of the current system. Boldrin, the Joseph Gibson Hoyt Distinguished Professor in Arts & Sciences and Chair of the economics department says, "Intellectual property is in fact an intellectual monopoly that hinders rather than helps the competitive free market regime that has delivered wealth and innovation to our doorsteps." The authors argue that license fees, regulations and patents are now so misused that they drive up the cost of creation and slow down the rate of diffusion of new ideas. Levine explains, "Most patents are not acquired by innovators hoping to protect their innovations from competitors in order to get a short term edge over the rest of the market. Most patents are obtained by large corporations who have built portfolios of patents for defense purposes, to prevent other people from suing them over patent violations." Boldrin and Levine promote a drastic reform of the patent system in their book. They propose the law should be restored to match the intent of the U.S. Constitution which states: Congress may "promote the progress of science and useful arts, by securing for limited times to authors and inventors the exclusive right to their respective writing and discoveries." They call on Congress to reverse the burden of the proof on patent seekers by granting patents only to those capable of proving that: ? their invention has social value ? a patent is not likely to block even more valuable innovations ? the innovation would not be cost-effective absent a patent The authors acknowledge that such drastic reform is unlikely and outline an incremental approach for Congress to gradually reduce the scope of patents, regulation and licensing. Nevertheless, their call for changing the system is urgent. The economists compare intellectual monopoly (patents) to medieval trade monopolies which were proven to be economically detrimental. They write, "For centuries, the cause of economic progress has identified with that of free trade. In the decades to come, sustaining economic progress will depend, more and more, on our ability to progressively reduce and eventually eliminate intellectual monopoly." Professors Boldrin and Levine maintain a blog on this topic: www.Againstmonopoly.org . From rforno at infowarrior.org Thu Mar 12 03:00:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Mar 2009 23:00:03 -0400 Subject: [Infowarrior] - DHS Appoints MSFT Exec to Secure Government Computers Message-ID: DHS Appoints Microsoft Executive to Secure Government Computers By Kim Zetter March 11, 2009 | 7:35:01 PMCategories: Cybersecurity http://blog.wired.com/27bstroke6/2009/03/dhs-appoints-mi.html You might not think it's newsworthy when the Department of Homeland Security fills a job vacancy. But it's news when a department that has security in its name actually appoints someone with security in his background. Unfortunately, in this case, the security background comes courtesy of Microsoft, which might cause some to ponder the phrase "unclear on the concept." DHS Secretary Janet Napolitano announced today that she was appointing Philip Reitinger to the position of deputy undersecretary of the department's National Protections Program Directorate. The job requires Reitinger to oversee the protection of the government's computer networks and work with the private sector to help secure critical infrastructures. Reitinger comes to DHS from his job as chief trustworthy infrastructure strategist for Microsoft, a job that required him in part to help develop and implement strategies for enhancing the security of critical infrastructures. But since many people in the security industry feel that Microsoft has played a large role in the lack of security (.pdf) with government and infrastructure systems, his appointment might be considered what some would call ironic (.pdf). A DHS spokeswoman indicated that the appointment is a signal of how seriously Napolitano takes the issue of computer security. Dan Geer, vice president and chief scientist at computer security firm Verdasys and one of Microsoft's chief critics in the past, said, "The theory is that the best security program managers are sadder but wiser -- that nothing focuses the mind like having been really close to the really ugly. As number 2 in security at Microsoft, Phil has been far closer to far uglier than anyone else on the planet, so we'll soon see if the theory is correct." Reitinger, who served during the Bush Administration on the Industry Executive Subcommittee of the President?s National Security Telecommunications Advisory Committee, is an improvement over Scott Charbo, who held the DHS job last year after being promoted from his position as chief information officer of the DHS -- a promotion that was criticized on Capitol Hill. Charbo had come to DHS from the Department of Agriculture, where, as CIO, his focus was on integrating networks, not securing them. Reitinger at least has a background and an understanding of computer security issues. He also has a strong background in computer crime issues. Prior to joining Microsoft in 2003, he was executive director of the Department of Defense's Cyber Crime Center, which includes a computer forensic lab and computer investigations training program. And before that, he was a federal criminal prosecutor for the Department of Justice where he served as deputy chief of its Computer Crime and Intellectual Property Section. One of Reitinger's first tasks in his new job will be deciding what to do with the job that Rod Beckstrom will vacate this Friday. Beckstrom resigned last week from his position as director of DHS's National Cyber Security Center, where he was, essentially, the government's cybersecurity czar. Beckstrom expressed frustration in his resignation letter that DHS wasn't taking cybersecurity seriously, and he wasn't being given the resources to do his job. He also complained that the National Security Agency was moving to take over DHS's cybersecurity role. A DHS spokeswoman wouldn't respond to those criticisms directly, but told Threat Level that Beckstrom wasn't a team player. "He was not really doing what he needs to do and working with people," she said. "The secretary wanted to bring someone in who was more a team player and was good at their job and knew what was going on. She has brought in someone who will really do something with this issue." From rforno at infowarrior.org Thu Mar 12 03:04:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Mar 2009 23:04:07 -0400 Subject: [Infowarrior] - Obama Broadband Plan Short on Details Message-ID: Obama Broadband Internet Plan Short on Details, First Wave of Grants In April http://voices.washingtonpost.com/posttech/2009/03/obama_broadband_internet_plan.html?wprss=posttech ?hpid=sec-tech The Obama administration yesterday unveiled the first steps of its plan to pour $8 billion into the construction of new broadband Internet networks around the nation. And while many details haven't been finalized on how the stimulus money will be spent and who will qualify for the grants, interest in the high-speed Internet plan was high. Long lines stretched outside the Commerce Department building, where the three federal agencies in charge of the broadband stimulus plan hosted the first of seven public meetings. Lobbyists, telecommunications service providers from as far as Arizona and community organizers from Seattle stood in lines that stretched outside the building. They later filled the 400-person auditorium and two overflow rooms. "I don't think we've had this many people in the Commerce Department since it was built," said Bernadette McGuire-Rivera, associate administrator of the department's telecommunications policy office, the National Telecommunications & Information Administration. The NTIA said it plans to have three rounds of funding for broadband grants, with the first funds available as early as next month through June. The grants must be awarded by Sept. 30, 2010, and the government must ensure projects are mostly complete within two years. Applicants must also show the project would not have occurred but for the stimulus funding. Obama has touted the stimulus provision for broadband Internet networks as a way to generate jobs right away; workers will be needed to dig more trenches to lay down fiber and put up more cell towers. He's also focused on broadband as a key to creating valuable high- paying jobs in the future that can help lift troubled economies. "Without ubiquitous broadband, our citizens -- our country -- will lack the competitive tools necessary for success in the 21st century," said Michael Copps, acting chairman of the Federal Communications Commission. For carriers and consumers, the funds represent a potential business boon amid the economic drought that has dried up credit markets to fund new projects. The three agencies in charge of broadband plans include the NTIA, which will oversee $4.7 billion in stimulus funds. The U.S. Department of Agriculture will distribute $2.5 billion in grants and loans. The FCC has been given $350 million to create a better data collection system with a mapping program showing what services are provided in every geography of the nation. The FCC is also supposed to come up with a plan within one year to bring broadband Internet to all Americans. The remainder of the $8 billion will go to administration costs, subsidy programs for low-income users, and audits of the grants. But before doling out the money, the agencies said they will host a series of public meetings to get comments about how best to implement the program. The next meetings in Washington D.C. will be March 16, 19, 23 and 24. Field hearings will be held on March 17 and 18, respectively. Mark Seifert, a senior adviser for the NTIA said the agency decided to host the public meetings after receiving more than 2,000 requests for private meetings from telecom companies and other interested parties. At the hearings and on the NTIA's public comments Web site, interested parties can make recommendations. The stimulus plan was broadly worded in a way that can include wireless, fiber optic and cable networks and the agencies said they will take into consider which technologies make the most sense from an economic and technological perspective for the area served. From rforno at infowarrior.org Thu Mar 12 11:45:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Mar 2009 07:45:11 -0400 Subject: [Infowarrior] - Google's Brin investing in Parkinson's research Message-ID: <4FAC1038-B30A-4587-94B2-ADB6D0638F97@infowarrior.org> Sergey Brin starts study after finding he has Parkinson's mutation http://www.theaustralian.news.com.au/story/0,25197,25175520-2703,00.html Mark Henderson | March 12, 2009 Article from: Times Online SERGEY Brin, the co-founder of Google, is to spend millions of dollars on an innovative genetic study of Parkinson's disease after learning that he has a mutation that confers a high risk of the incurable brain condition. The program will invite 10,000 Parkinson's patients to have their DNA analysed for a token fee to investigate inherited and environmental factors that contribute to the disease and to advance research into new treatments. Genetic data from the patients will be compared with information from healthy customers of 23andMe, a company that charges £290 ($620) for DNA scans that assess people's chances of developing 105 diseases, from breast cancer to baldness. The donation by Mr Brin, 35, who is married to Anne Wojcicki, the co- founder of 23andMe, means that the Parkinson's patients will pay just 18 for the company's service. The goal is to identify DNA variations that are more common among people who have Parkinson's than among healthy controls, which could be linked to its development. Both Parkinson's patients and 23andMe's customers will be asked to fill in detailed lifestyle questionnaires, which could reveal how environmental triggers interact with genes to cause the disease. Mr Brin's mother has the disease, and when he took 23andMe's test last year he learnt that he has inherited a mutation of a gene called LRRK2, which raises his risk of developing the condition to between 20 and 80 per cent. Ms Wojcicki gave birth to the couple's first child, a son, in December, and though they have had him tested for the LRRK2 mutation, they do not yet know the results. "We are highly motivated about this disease because of Sergey, but also potentially because of our child," Ms Wojcicki told The Times. Mr Brin will announce the study Thursday in a speech to the US Parkinson's Institute in Santa Fe, California. "We can make significant progress in understanding Parkinson's disease if individuals join together and contribute their personal experiences to scientific research," Mr Brin said. "Individually, our genes and experiences are lost in a sea of statistical noise. But, taken together they become a high-power lens on our inner workings." The project is the first to use data from customers who have paid to have their genomes read in research into the genetic origins of a particular disease, opening a valuable new resource for medical genetics. Ms Wojcicki said that the model would be particularly powerful because it combined genetic and environmental data, and might thus tease out how these work together in Parkinson's. Any discoveries will be published and made freely available to other researchers. The small fee charged to the Parkinson's patients, however, will be controversial because it is not usual for people to pay to participate in medical research. Ms Wojcicki said that the rationale was to recruit patients who were fully committed to the research and who would be more likely to take part in follow-up investigations that were a key element of it. "We want to screen individuals who take an interest, so having some sort of barrier where they pay a nominal amount should weed out the individuals who just pick it up because it's free," she said. "We want to make sure it's a community of individuals who are really vested. "Basic discoveries can definitely lead to new treatments, and we hope any information we find gets used for new therapies. "Secondly, if there is a genetic component to Parkinson's, nothing is more profitable to individuals than helping out their children." Mr Brin's donation will underwrite most of the cost of testing the Parkinson's patients, and the comparison with the same data from the healthy controls. Though 23andMe would not disclose its value, it would normally make dollars $US4 million from testing 10,000 people. Google has invested dollars $US3.9 million in 23andMe. The Parkinson's patients will be invited through the Parkinson's Institute and the Michael J Fox Foundation, a research charity founded by the actor, who has the disease. British patients can participate only if registered with one of these charities, though 23andMe plans to start collaborations with European Parkinson's groups. Peter Donnelly, director of the Wellcome Trust Centre for Human Genetics at the University of Oxford, said that the study offered an interesting opportunity, but that its value would depend on the details of its design. "You would worry that recruiting patients who pay, and controls who have paid for genotyping, might introduce selection biases," he said. "The interaction of genes and the environment is a key question, but you also have to be careful with questionnaire data because we know people suffer from recall bias." Katie Hood, chief executive of the Michael J Fox Foundation, said that the initiative held the potential to accelerate discoveries that enhanced our understanding of Parkinson's disease. William Langston, chief executive of the Parkinson's Institute, said that patients would benefit from the opportunity to know more about their personal genetic background. From rforno at infowarrior.org Thu Mar 12 11:47:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Mar 2009 07:47:43 -0400 Subject: [Infowarrior] - Do Breach Notification Laws Work? Message-ID: <657A0107-3133-42E5-AB58-B571F0862ED8@infowarrior.org> Do Breach Notification Laws Work? By Kim Zetter EmailMarch 09, 2009 | 9:00:00 AM http://blog.wired.com/27bstroke6/2009/03/experts-debate.html Consumers caught in a national epidemic of data spills are growing numb, discarding breach notification letters as junk mail rather than acting to protect their identity, experts say. And though most states now have laws requiring companies to warn breach victims, some serious breaches are still showing up on customer credit and bank statements before any official warning has been issued. It all begs the question: are the notification laws working? This was the question that a number of speakers at the Security Breach Notification seminar held in Berkeley on Friday (at right) tried to answer. When California passed the first data breach notification law in 2003, it quickly became the defacto standard for the rest of the country. A total of 44 states now have breach notification laws, which vary only slightly in their definitions of what constitutes a breach that requires notification and what companies must do when they experience a breach. It's clear that the laws have made the public more aware of breaches and the vulnerability of their data, and have exposed poor security practices at many businesses. A 2005 study by the FBI showed that in the absence of a legal requirement to report breaches, only 20 percent of firms would report serious breaches to law enforcement. But beyond this transparency benefit, speakers said, it's unclear what other benefits the laws have had. There are even suggestions that the laws have had some detrimental effects on consumers and companies. Breach notifications should, theoretically, reduce the number of incidents of identity theft or fraudulent charges to credit cards if consumers take proper precautions once they receive a notification -- such as placing a fraud alert or freeze on their credit account and monitoring their account bills and statements for suspicious transactions. But in some cases, customers discover fraudulent charges on their cards or become victims of identity theft before a company is even aware its computers have been breached, making the breach notification redundant for those consumers. There's also the "cry-wolf" effect. As notifications have become more ubiquitous -- 55 percent of respondents in a survey by the Ponemon Institute last year said they'd received two or more notices within 24 months -- many consumers have become inured to them, simply tossing them in the trash rather than acting on them to protect their identity. When the Choicepoint datamining company was breached in 2004 -- the breach that put California's breach notification law on the map -- the company offered credit protection and monitoring services to those whose information had been compromised. But the company later said that fewer than 10 percent of 163,000 people called Choicepoint to take advantage of the offer. Consumers have often complained that notification letters provide no clear instructions for what they can or should do to protect themselves after their information has been breached and therefore many take no action to protect themselves after being notified that their information was breached. According to a study (.pdf) conducted by Alessandro Acquisti, professor of information technology and public policy at Carnegie Mellon University, and his grad student Sasha Romanosky, there are arguments to be made both in support of and against breach laws. On the one hand, data breach laws are helpful in leading companies to install encryption and to devise new access controls and auditing measures on their networks. They also lower consumer losses and damages in terms of time and money, although the researchers offered no statistics on this. On the other hand, they said, the laws cause firms and consumers to incur what could be deemed unnecessary costs in the face of unclear risks. They pointed to the Ponemon survey, which found that only 2 percent of respondents who said their information had been breached experienced identity theft as a result of the breach. This would mean that money spent on credit monitoring services in these cases would do little but enrich the monitoring services. [It's worth noting that this low rate of identity theft was touted heavily by the Ponemon Institute when it released its study last year. But the same survey also found that 64 percent of respondents were unsure if they'd been a victim of identity theft -- showing how unreliable surveys on identity theft can be. Most victims don't know they're victims until they try to take out a loan or find themselves placed in collection for failure to pay a bill. And sometimes criminals hold onto data a year or more after a breach before they use it, meaning that consumers whose data is stolen may report that the breach didn't result in identity theft for them when in fact it may show up at a later date.] When it comes to reducing identity theft rates, it's hard to know what effect the laws are having. The researchers examined statistics from the U.S. Federal Trade Commission for identity theft rates between 2002 -- before breach laws were passed -- and 2007, and found only about a 2 percent reduction in identity theft incidents related to data breaches in 2005. But they cautioned that the data is inconclusive, particularly because it's often difficult to correlate an incident of identity theft with a specific breach for the reasons I mentioned above -- that criminals will sometimes hold on to stolen data a year or more before trying to use it, making the rate of identity theft appear to go down when it's really only delayed. There's also a problem with the FTC data itself, since it represents only incidents of identity theft that consumers report to the FTC, not actual incidents of identity theft. There are additional questions worth asking about what effect breach notifications have on the relationship between customers and the breached entity. Consumers often express anger and mistrust toward companies that lose their data, but it's unclear how often that anger translates to action. According to Deirdre Mulligan, a professor of information technology law and policy at UC Berkeley's School of Information, a Ponemon study found that about 20 percent of respondents claimed to have terminated their relationship with a company after discovering that the company experienced a breach. But a separate survey of companies found that the percentage of customers who actually do terminate their relationship with a company is less than 7 percent. Both numbers should be taken with a grain of salt, , however. Consumers, Mulligan told Threat Level, have a tendency to say they're going to do one thing when they actually do another, and companies also can't be relied on to honestly report the numbers of customers they lose from a breach. All of this leads to the main takeaway from Friday's seminar -- data on breach notifications and their after-effects is still very poor and unreliable. In fact, this seemed to be the refrain from most of the speakers. There just isn't enough evidence to show definitively one way or another yet whether notification laws have been a boon or a bain. From rforno at infowarrior.org Thu Mar 12 16:11:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Mar 2009 12:11:01 -0400 Subject: [Infowarrior] - Classic DHS.... Message-ID: <0705B7FA-88DE-4E5D-9B57-FBD6494885CE@infowarrior.org> DHS wants to use human body odor as biometric identifier, clue to deception Published: March 9, 2009 at 3:35 PM By SHAUN WATERMAN UPI Homeland and National Security Editor http://www.upi.com/Emerging_Threats/2009/03/09/DHS_wants_to_use_human_body_odor_as_biometric_identifier_clue_to_deception/UPI-20121236627329/ WASHINGTON, March 9 (UPI) -- The U.S. Department of Homeland Security plans to study the possibility that human body odor could be used to tell when people are lying or to identify individuals in the same way that fingerprints can. In a federal procurement document posted Friday on the Web, the department's Science and Technology Directorate said it would conduct an "outsourced, proof-of-principle study to determine if human odor signatures can serve as an indicator of deception. ? As a secondary goal, this study will examine ? human odor samples for evidence to support the theory that an individual can be identified by that individual's odor signature." Officials said that the work was at a very early stage, but the announcement brought criticism from civil liberties advocates who said it showed the department's priorities were misplaced. The procurement notice said the department is already "conducting experiments in deceptive behavior and collecting human odor samples" and that the research it hopes to fund "will consist primarily of the analysis and study of the human odor samples collected to determine if a deception indicator can be found." "This research has the potential for enhancing our ability to detect individuals with harmful intent," the notice said. "A positive result from this proof-of-principle study would provide evidence that human odor is a useful indicator for certain human behaviors and, in addition, that it may be used as a biometric identifier." DHS spokeswoman Amy Kudwa told United Press International that "proof of concept" work was the very earliest stage of technological development. The directorate "is trying to determine what factors of human behavior and chemistry can provide clues to the intent to deceive," she said, adding that the work would be carried out by the Federally Funded Research and Development Center run by the non-profit Mitre Corp., which conducts cutting-edge research for U.S. military, homeland security and intelligence agencies. Barry Steinhardt, director of the ACLU's technology and liberty project, told UPI that the plan showed the department had "misplaced priorities." "The history of DHS' deployment of these technologies has been one colossal failure after another," he said. "There is no lie detector. This research has been a long, meandering journey, which has taken us down one blind alley after another." Steinhardt added that even well-established biometric-identity technologies like fingerprinting have resulted in individuals being inaccurately identified, like Oregon lawyer Brandon Mayfield, who got an apology from the FBI after being wrongfully accused of having had a hand in the 2004 Madrid rail bombings. "None of the biometrics for identity have worked very well, with the possible exception of DNA," he said, adding that even fingerprint evidence was "increasingly being challenged in courts around the country." "This shows the misplaced priorities (of DHS)," he said. "The government doesn't need to take us down another blind alley." Recent scientific research shows that so-called volatile organic compounds present in human sweat, saliva and urine can be analyzed using a technique known as gas chromatography-mass spectrometry. Research published by the Royal Society in London in 2006 found "a substantial number of marker compounds (in human sweat) that can potentially differentiate individuals or groups." Researchers took five samples each from 179 individuals over a 10-week period and analyzed them, finding hundreds of chemical markers that remained more or less constant for each individual over time. An analysis of these compounds "found strong evidence for individual (odor) fingerprints," the researchers concluded. However, they warned that some individuals appear to have less distinctive odors than others, adding that "the reason for the variation in distinctiveness is unclear." More importantly, some individuals' odors changed during the course of the study. "Not all subjects had consistent marker compounds over time, which might be due to physiological, dietary or other changes," the researchers concluded. The researchers also cautioned that some of these marker compounds might be "exogenous chemical contaminants" from skin-care or perfume products or tobacco smoke and other substances present in an individual's environment. About a quarter of the 44 apparently distinctive marker compounds they were able to analyze appeared to be artificial contaminants, the researchers said. "Determining the origins of individual and sex-specific odors -- and controlling exogenous chemical contaminants -- may provide the most important challenge for future ? studies," the researchers said. Those challenges are likely to be significant, and they will multiply if the techniques are deployed in the field. "While some of these sensors perform well in the lab, the real world may be different," technology consultant and author John Vacca said. "The technology is still in its infancy." From rforno at infowarrior.org Thu Mar 12 17:48:19 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Mar 2009 13:48:19 -0400 Subject: [Infowarrior] - CRS Report on CNCI Message-ID: <8383242A-BF98-4954-B3E1-8FB5AC6AC9D7@infowarrior.org> ?Comprehensive National Cybersecurity Initiative: Legal Authorities and Policy Considerations,? March 10, 2009. http://www.fas.org/sgp/crs/natsec/R40427.pdf From rforno at infowarrior.org Fri Mar 13 12:41:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Mar 2009 08:41:39 -0400 Subject: [Infowarrior] - Jon Stewart v. Jim Cramer Message-ID: Stewart is the first quasi-MSM figure to challenge the tripe put on CNBC and called the network out for their poor journalistic integrity. Sure, Cramer has some of the blame (even if some of his commentaries on-air are dead-on) but it was interesting that for most of the interview, Cramer was silent and let Stewart blast away -- I wonder if CNBC told him to just go on the air, shut up, and take one for the team. I view this as Stewart-v-CNBC more than Stewart-v-Cramer. ---rf Jon Stewart creams Jim Cramer on the Daily Show By John Amato Thursday Mar 12, 2009 9:46pm Jon Stewart made Jim Cramer look like a wounded puppy tonight as the CNBC host joined The Daily Show after a full week of back-and-forth. It all started when Cramer got perturbed by a segment TDS did on CNBC's financial network (Jon Stewart Eviscerates CNBC and Rick Santelli ). He was so mad that he showed up on a bunch of NBC shows crying about the way he was portrayed. Stewart really just said what all of America wanted to say to Wall Street: F*&K You! Tonight we had the big face-off, the heavyweight bout, the Super Bowl square-off between CNBC's Jim Cramer and Comedy Central's Jon Stewart. Cramer was especially upset about being included in a segment TDS produced on the horrible and almost criminal reporting CNBC has been airing as THE go-to business network after CNBC's Rick Santelli attacked average working-class people who got caught up in the sub- prime mortgage crisis. Santelli dubbed them as "losers." Well, the only loser tonight was Cramer and CNBC. < - > http://crooksandliars.com/john-amato/jon-stewart-creams-jim-cramer-daily-sho From rforno at infowarrior.org Fri Mar 13 13:41:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Mar 2009 09:41:07 -0400 Subject: [Infowarrior] - Obama: IP Treaty docs are state secrets Message-ID: Obama Administration Rules Texts of New IPR Agreement are State Secrets We have been seeking access to documents relating to negotiations on an important new intellectual property enforcement treaty. The agreement, misleadingly named the Anti-Counterfeiting Trade Agreement, or ACTA, is thought to cover a wide range of intellectual property enforcement issues -- including standards for granting injunctions for alleged infringement of patents or copyrights, damages, seizures of goods in transit, surveillance of Internet digital file transfers, searches of personal property, and a dozen other topics. There are number of outstanding Freedom of Information Act (FOIA) requests for key documents, by groups like EFF, Public Knowledge, and KEI. In one of our FOIA requests, we asked for 7 specific documents, referenced by the exact title and date of the documents. These documents are the proposals for the text of the agreement. The texts are available to the Japanese government. They are available to the 27 member states of the European Union. They are available to the governments of Canada, Mexico, New Zealand, Australia. They are available to Morocco, and many other countries. They are available to "cleared" advisers (mostly well connected lobbyists) for the pharmaceutical, software, entertainment and publishing industries. But they are a secret from you, the public. Today we received this letter from the White House, Office of the United States Trade Representative. Our FOIA request was denied on the grounds that the documents are "information that is properly classified in the interest of national security pursuant to Executive Order 12958." < - > http://www.huffingtonpost.com/james-love/obama-administration-rule_b_174450.html From rforno at infowarrior.org Fri Mar 13 18:50:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Mar 2009 14:50:33 -0400 Subject: [Infowarrior] - Fingerprinting Blank Paper Using Commodity Scanners Message-ID: Fingerprinting Blank Paper Using Commodity Scanners By Ed Felten - Posted on March 13th, 2009 at 7:30 am Today Will Clarkson, Tim Weyrich, Adam Finkelstein, Nadia Heninger, Alex Halderman and I released a paper, Fingerprinting Blank Paper Using Commodity Scanners. The paper will appear in the Proceedings of the IEEE Symposium on Security and Privacy, in May 2009. Here's the paper's abstract: This paper presents a novel technique for authenticating physical documents based on random, naturally occurring imperfections in paper texture. We introduce a new method for measuring the three-dimensional surface of a page using only a commodity scanner and without modifying the document in any way. From this physical feature, we generate a concise fingerprint that uniquely identifies the document. Our technique is secure against counterfeiting and robust to harsh handling; it can be used even before any content is printed on a page. It has a wide range of applications, including detecting forged currency and tickets, authenticating passports, and halting counterfeit goods. Document identification could also be applied maliciously to de-anonymize printed surveys and to compromise the secrecy of paper ballots. More: http://freedom-to-tinker.com/blog/felten/fingerprinting-blank-paper-using-commodity-scanners From rforno at infowarrior.org Fri Mar 13 18:52:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Mar 2009 14:52:09 -0400 Subject: [Infowarrior] - The Fair Use Massacre Continues Message-ID: <81CB55B8-D924-443F-89C5-9FFBE29CF795@infowarrior.org> http://www.eff.org/deeplinks/2009/03/fair-use-massacre-continues-now-warner-s-going-aft March 12th, 2009 The Fair Use Massacre Continues: Now Warner?s Going After the Babies Commentary by Corynne McSherry First they came for the teenagers. Could toddlers be far behind? Nope. Thanks to the good folks at YouTomb, we?ve learned that Warner Music?s automated takedown net has now caught two videos of little kids being little kids. Of course we can?t show you the videos since they?re, well, censored, but the YouTomb snapshots tell most of the story. One showed a 4 year old lip-syncing to the old Foreigner hit, ?Juke Box Hero.? The other apparently showed a baby smacking its lips to the tune of ?I Love My Lips??a song originally sung by a cucumber in an episode of ?Veggie Tales.? Both videos are obvious fair uses (these are transformative, noncommercial videos that are not substitutes for the original songs, and there is no plausible market for "licensing" parents before they video their own children singing) and perfectly legal?just like the video of a baby dancing to a Prince song that Universal Music Group took down in 2007. These are just a few of the thousands of videos Warner has instructed YouTube to block in the past few months. According to statistics kept by YouTomb, there were twice as many videos removed from YouTube in January 2009 as in the entire previous year combined. The numbers are all more appalling because, thanks to Warner's reliance on YouTube?s automated, censorship-friendly Content I.D. tool, there is no reason to think that Warner even bothered to watch these videos to decide whether it actually objects them before blocking them. We?ve said it before, and we?ll keep saying it until the folks at Warner come to their senses: it?s time to stop the censorship. The Content ID system should be set to flag possible infringing works and then Warner should have a human review those works before they are taken down. And if Warner won?t reverse course altogether, it should at least promise that no one will be sued for simply disputing a Content I.D. removal. Warner loses nothing by this: even after a user files Content I.D. dispute, Warner still has the option of using a DMCA takedown notice to target videos to which it really objects. By publicly committing to using the DMCA process, Warner will reassure fair users that they can raise the red flag without fear of finding themselves in the middle of an expensive and unexpected lawsuit. For more details on what YouTube users can do when their videos are removed, read our "Guide to YouTube Removals" page. From rforno at infowarrior.org Sat Mar 14 03:24:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Mar 2009 23:24:11 -0400 Subject: [Infowarrior] - E-Bombs Could Go Mainstream Message-ID: E-Bombs Could Go Mainstream Mar 11, 2009 By David Hambling http://www.aviationweek.com/aw/generic/story_generic.jsp?channel=dti&id=news/EBOMB031109.xml E-bombs, weapons that destroy electronics with an intense pulse of electromagnetic radiation, have been discussed for decades. But despite years of research and development, there is little sign of their deployment. The prospect of knocking out communications and other electronic systems is attractive, but commanders prefer proven weapons with known effects. Now the U.S. Army is developing technology to provide the best of both worlds, by creating munitions that combine conventional and e-bomb effects in one package. Explosive munitions rely on blast, fragmentation and sometimes armor- piercing shaped charges for their effects. Researchers want to add an electromagnetic pulse (EMP) damage mechanism as well. This is in contrast to previous e-bomb projects that were intended to be nonlethal so they could destroy materiel without causing casualties. The Army program seeks to enhance existing warheads, adding the feature without affecting blast, fragmentation or armor penetration, and with minimal extra weight. The power supply in traditional e-bomb design is a magnetic flux compression generator with metal coils carrying current. The coils rapidly compress in an explosion, producing an intense pulse of energy. The generator is bulky and cannot easily be integrated into existing munitions. An alternative approach explored by the Army is a shockwave ferromagnetic generator. This is a magnet that blows up and spontaneously demagnetizes, releasing energy as a pulse of power. The effect is known as pressure-induced magnetic phase transition, and only occurs with some types of magnets in certain situations. In 2005, researchers from the U.S. Army Aviation and Missile Research Development and Engineering Center (Amrdec), working with contractor Loki and scientists from Texas Tech University, demonstrated an explosive pulsed-power source based on neodymium alloy magnets, a type used in speakers and headphones. Having proven that the principle works, the researchers moved on to more exotic lead zirconate titanate magnets. This enabled them to reduce the volume of the power generator from 50 cu. cm. (3 cu. in.) to 3 cu. cm., excluding explosives. Army requirements call for assembly of the power generator, power conditioning and aerial in a 1- in. space. Power output will be measured in hundreds of megawatts for microseconds. The aerial needed to shape and direct the electromagnetic energy is an engineering challenge, due to the intense force of the explosion and the size required. Allen Stults of Amrdec is working on a ?conducting aerosol plasma warhead.? A flame conducts electricity due to the presence of charged particles in it. By altering the chemical mixture of a fireball produced by an explosion, Stults aims to turn it into an electrically conductive aerial, a ?plasma antenna.? This builds on previous Army work with explosively generated plasma antennas. Stults is working with military explosives and ensuring that other blast effects like armor piercing are not compromised by the changes. Previous work has also shown that the composition of the fireball needs to be matched to the frequency of the desired output. An explosion takes the shape of a roughly spherical fireball, but a plasma antenna needs to be more cylindrical. This is why Stults works with shaped charges that produce more linear explosions. An earlier project looked at using the jet of metal produced by a shaped charge as an antenna, but this has been dropped for the plasma antenna. An enhanced warhead could knock out a tank even if it did not penetrate. The vehicle would be left without ignition, communications or other electronics. A warhead would also knock out other electronic systems, including mobile phones used by insurgents to detonate bombs and circuitry in rocket-propelled grenades. There is one big question with an EMP weapon: How to tell if it works. Carlo Kopp, an assistant professor at Monash University of Melbourne, Australia, and cofounder of the Air Power Australia think tank, is an authority in this field. He wrote papers that shaped strategic thinking on electromagnetic pulse weapons in the 1990s, and coined the term ?e-bomb.? ?Damage assessment for all electromagnetic weapons, be they e-bombs or beam weapons, is problematic,? Kopp says. ?Unless the attack fries the power supply and you observe related electrical breakdown symptoms, you will never know whether you fried the target or the victim intentionally shut down. The expectation that such weapons should provide easy-to-observe bomb damage assessment mechanisms is not realistic.? The multifunction munition provides more signs of its effects than the traditional e-bomb, whose effects are invisible. It is possible to determine whether a target has been hit, and a target within the radius of blast and fragment damage will also have suffered EMP effects. But these are variable, depending on the angle between the target and the pulse, the nature of the electronic component and the amount of shielding. Effects range from temporary disruption and forced rebooting to permanent damage or electrical burnout of components similar to that of a lightning strike. With their comparatively low power output, the Army?s new small multifunction munitions are for point targets. Two candidate munitions for upgrade are the Tow missile and 2.75-in. rockets fired by helicopter. This is unlike previous e-bomb efforts, which have focused on large air-delivered bombs or unitary artillery munitions that cover a large area, what Kopp terms ?weapons of electrical mass destruction.? A small e-bomb will be qualitatively different than larger versions. Radiated power falls off with the square of distance, so a target 3 meters (10 ft.) away receives 100 times the effect of one 30 meters away. An EMP-enhanced Tow missile would produce a pulse strong enough to destroy what it hits, but should not disrupt electronics over a wide area. The possibilities of electronic ?friendly fire? rule out more powerful tactical e-bombs, but Kopp warns that even smaller versions may cause unpredictable collateral damage. If urban electrical power or telephone wiring picks up the pulse, damage could extend over a wide area. The smallest weapon that the Army is looking to upgrade is the M77 bomblet fired by the Multiple Launch Rocket System (MLRS). A bomblet has a shaped-charge warhead and throws out antipersonnel fragments. Bomblets cover a wide area?one launcher can fire a 12-rocket salvo blanketing an area the size of six football fields?and are used against soft targets. An EMP-enhanced version would cover the same area, providing even destruction over the target zone. If the M77 can be upgraded, shoulder-launched rockets and similar weapons could be modified to produce an EMP. Small infantry rockets have limited effectiveness against modern armor. An EMP-enhanced round might not penetrate but could provide a ?soft kill? capability that immobilizes a vehicle. This damage is hard to repair and would probably require the replacement of electronic systems. The U.S. Air Force has an interest in this area, but few details are available. Air-to-air missiles might gain considerably with EMP capabilities, if they could be modified without affecting performance. Antiradiation missiles that target air-defense radar would be another market. The U.S. Naval Surface Warfare Center?s Indian Head Div. wants to build a warhead that knocks out improvised explosive devices (IEDs) with a plasma fireball. The aim would be to produce a controlled explosion, destroying the IED without detonating it, and so minimizing collateral damage. Tests in 2007 used explosively generated plasma against artillery and mortar rounds, which are often the basis for IEDs. Information about the project has been removed from the Indian Head web site and no details are being released. This suggests the work is at an advanced stage, possibly field-testing. Multifunction warheads may finally bring e-bombs into the mainstream of armaments, by making a munition effective against all targets as well as electronic ones. From rforno at infowarrior.org Sat Mar 14 03:31:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Mar 2009 23:31:50 -0400 Subject: [Infowarrior] - Post-9/11 Reforms Don't Stop Faked Passports Message-ID: Post-9/11 Reforms Don't Stop Faked Passports http://www.wusa9.com/news/local/story.aspx?storyid=82790&catid=158 WASHINGTON (AP) -- Using phony documents and the identities of a dead man and a 5-year-old boy, a government investigator obtained U.S. passports in a test of post-9/11 security. Despite efforts to boost passport security since the 2001 terror attacks, the investigator fooled passport and postal service employees on four separate applications, according to a new report. The ruses are detailed in a report being issued this week by the Government Accountability Office. A draft summary of the findings was obtained by The Associated Press. In one instance, the investigator used the Social Security number of a man who died in 1965, a fake New York birth certificate and fake Florida driver's license. He received a passport four days later. In another attempt, the investigator used a 5-year-old boy's information but identified himself as 53 years old on the passport application. He received that passport seven days later. In another test, the investigator used fake documents to get a genuine Washington D.C. identification card. He then used the card to apply for a passport and received it the same day. In a fourth test, the investigator used a fake New York birth certificate and a fake West Virginia driver's license and got the passport eight days later. Criminals and terrorists place a high value on illegally obtained travel documents, U.S. intelligence officials have said. Currently, poorly faked passports are sold on the black market for $300, while top-notch fakes go for around $5,000, according to Immigration and Customs Enforcement investigations. The State Department has known about this vulnerability for years. On February 26, the State Department's deputy assistant secretary of passport services issued a memo to Passport Services directors across the country stating that the agency is reviewing its processes for issuing passports because of "recent events regarding several passport applications that were approved and issued in error." In the memo, obtained by The Associated Press, Brenda Sprague said that in 2009 passport services would focus on the quality, not the quantity, of its passport issuance decisions. Typically, passport services officials are evaluated on how many passports they issue. Instead, Sprague said, the specialists should focus all their efforts on improving the integrity of the process, including "a renewed emphasis for Passport Specialists on recognizing authentic documents and fraud indicators on applications." Over the past seven years, U.S. officials have tried to increase passport security and make it more difficult to apply with fake documents. But these tests show the State Department -- which processes applications and issues passports -- does not have the ability to ensure that supporting documents are legitimate, said Janice Kephart, an expert on travel document security who worked on the 9/11 Commission report. Kephart said this is the same problem that enabled some of the 9/11 hijackers to use fake documents to get Virginia driver's licenses, which they used to board airplanes. Since 2001, states have taken measures to make driver's licenses more secure. "We have to address the ... document issue in a very big way, and we have yet to do that across the board," Kephart said. A State Department spokesman declined comment, saying agency officials had not seen the report. Two members of the Senate Judiciary terrorism and homeland security subcommittee requested the investigation. "It's very troubling that in the years since the September 11 attacks someone could use fraudulent documents to obtain a U.S. passport," Sen. Jon Kyl, R-Ariz., said in a statement. Sen. Dianne Feinstein, D-Calif., said the report confirmed her fears that U.S. passports aren't secure. "These passports can be used to purchase a weapon, fly overseas, or open a fraudulent bank account," Feinstein said. "This puts our nation in grave danger." From rforno at infowarrior.org Sat Mar 14 15:08:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Mar 2009 11:08:49 -0400 Subject: [Infowarrior] - =?windows-1252?q?U=2ES=2E_Won=92t_Label_Terror_Su?= =?windows-1252?q?spects_as_=91Combatants=92?= Message-ID: <4BC2FDA0-816B-4D01-8373-C793E9E3766B@infowarrior.org> U.S. Won?t Label Terror Suspects as ?Combatants? By WILLIAM GLABERSON Published: March 13, 2009 http://www.nytimes.com/2009/03/14/us/politics/14gitmo.html?_r=1&hp The Obama administration said Friday that it would abandon the Bush administration?s term ?enemy combatant? as it argues in court for the continued detention of prisoners at Guant?namo Bay, Cuba, in a move that seemed intended to symbolically separate the new administration from Bush detention policies. But in a much anticipated court filing, the Justice Department argued that the president has the authority to detain terrorism suspects there without criminal charges, much as the Bush administration had asserted. It provided a broad definition of those who can be held, which was not significantly different from the one used by the Bush administration. The filing signaled that, as long as Guant?namo remains open, the new administration will aggressively defend its ability to hold some detainees there. ?The president has the authority to detain persons? who planned or aided the 2001 terrorist attacks as well as those ?who were part of, or substantially supported, Taliban or Al Qaeda forces,? administration lawyers wrote. The Obama administration said it was relying on existing principles of the international law of war. A public statement indicated that the government was moving away from claims of expansive executive power often used by the Bush administration to justify Guant?namo. The new administration took pains to try to point out that it was taking a different approach. It said the new definition ?does not rely on the president?s authority as commander in chief? beyond the powers authorized by Congress. The filing, in Federal District Court in Washington, was meant to provide a definition of those detainees who can be held and bitterly disappointed critics of Guant?namo, who said it seemed to continue the policies they have criticized for more than seven years. It was the latest example of the Obama administration?s taking ownership of Guant?namo, even after having announced it would close the prison, where 241 men remain. ?This seems fundamentally consistent with the positions of the prior administration,? said Steven A. Engel, who was a senior lawyer responsible for detainee issues in the Justice Department?s Office of Legal Counsel until the final day of the Bush administration. Mr. Engel added that the term ?enemy combatant? was not the issue. ?The important point is that they recognize that we can detain members of the enemy? during a war, he said. The new administration?s position had been the subject of wide speculation before a court deadline Friday for the administration to tell federal judges what definition it believes the courts should use in the habeas corpus cases reviewing detainees? cases. Some detainees? lawyers had hoped for a much narrower definition, perhaps one that would have eliminated simply ?supporting? the Taliban or Al Qaeda as a ground for detention. Such a change, some of the detainees? lawyers had predicted, could have undercut the government?s justification for holding as many as half of the remaining prisoners, including jihadists captured in Afghanistan who never fought the United States and others who the government has indicated may have had only tangential ties to Al Qaeda or the Taliban. The new definition did add a requirement that to justify detention a detainee would have to have ?substantially supported? Al Qaeda, the Taliban or forces associated with them. But the administration did not define ?substantial,? and the detainees? lawyers said they doubted that the change would help many of their clients. The filing, which was made in some 40 habeas corpus cases of detainees? challenging their imprisonment, is expected to be the government?s position in more than 200 such cases and to govern a separate review of all cases outside of court that has been ordered by President Obama. Some critics of Guant?namo said that Friday?s filing fitted a pattern of recent moves by the administration that seemed intended to undercut continued criticism of Guant?namo but did not make significant changes in detention policy. They noted that after Attorney General Eric H. Holder Jr. visited the detention camp last month, he proclaimed it ?well run.? They said they had been stung as well by a Pentagon report commissioned by the new administration that said last month that the detention camp on the naval base at Guant?namo Bay meets the humane-treatment requirements of the Geneva conventions. Ramzi Kassem, a detainees? lawyer who teaches at Yale Law School, said Friday that the new administration had yet to deal effectively either with efforts to release many of the detainees or to improve the conditions at the camp. Mr. Kassem said the filing Friday was an additional indication that the new administration had yet to grapple with the complexities of Guant?namo or the detainees? cases. ?I think they may be very much under the influence of the rhetoric of the outgoing administration,? he said. But the Department of Justice filing portrayed the adjustment of the government?s position in expansive terms. In a public statement accompanying its filing, the department said the government?s position had been devised to adhere closely to the requirements of the international law of war, longstanding principles that permit enemy fighters to be held until the completion of hostilities. The Bush administration made those arguments as well, but it also often included extensive assertions of broad executive authority. Obama administration officials have repeatedly argued in recent months that they intend to make decisions about detention policy that they see as more rooted in legal principles than their predecessors. Although the term ?enemy combatant? had been used in a World War II Supreme Court case, critics of the Bush administration said officials used it to permit detentions that would not have been authorized under the international rules of warfare. In their court filing, Justice Department lawyers repeatedly cited the international law of war and its principle that ?capture and detention of enemy forces? is authorized. But the filing made it clear that the Obama administration rejected arguments of detainees? lawyers that it should sharply depart from many policies of the last seven years. The government lawyers noted that some detainees? lawyers had argued that only those detainees who have been alleged to have directly participated in hostilities against American forces should be detained. The law of warfare does not limit the United States? authority to hold only those with such direct involvement in fighting Americans, the filing said. From rforno at infowarrior.org Sat Mar 14 22:36:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Mar 2009 18:36:40 -0400 Subject: [Infowarrior] - 'Privacy' doesn't matter to those seeking to control you Message-ID: 'Privacy' doesn't matter to those seeking to control you Taylor Armerding http://www.newburyportnews.com/puopinion/local_story_072223542.html?keyword=secondarystory The right to privacy is a very big deal in this country. Well, at least when it comes to abortion. In other areas, not so much. Call it the selective right to privacy. Privacy was the primary justification cited by the U.S. Supreme Court to make abortion legal. The court couldn't find in the actual Constitution any "right to privacy" that would extend to abortion, so it had to imagine that it existed in a "penumbra" of the document. This was, of course, long ago ? way back in 1972. But, the decision stands. Privacy is still the holy grail, regarding abortion, for the party that now controls the White House, both houses of Congress and soon the Supreme Court, since President Obama has made it clear he will not nominate a justice to the high court who does not first and forever pledge allegiance to abortion. You know, because personal privacy is so, so important. All of which makes me wonder why it is that the advocates for privacy concerning the bedroom and the inevitable results of the bedroom aren't expressing similar outrage over the erosion of privacy in other areas. In fact, it is not that they are simply silent about it ? some of the most liberal states in the country are promoting that erosion. It goes well beyond the cameras that are already taking video of us every time we drive through a toll booth, eat at a restaurant, buy gas, shop at the mall or even walk down the street. That is disturbing, but you can make a credible argument that if you are on public property or somebody else's property, you can't have the expectation of privacy. It is also is much different from government invading your private space, as is in the works with the so-called "enhanced driver's license" that Janet Napolitano, new head of Homeland Security, favors. It would put a radio chip in your license. Whenever you were carrying your license, you could be tracked anywhere and everywhere. Closer to home, New Hampshire is considering a bill proposing that it join a half-dozen other states, including liberal Maine and Vermont, in banning smoking in cars where children are present. State Rep. Mary Griffin, R-Windham, is one of the sponsors. She says it is not aimed at fining drivers, but simply at protecting the children. Interesting how a law that is not "aimed" at fining drivers will, in fact, fine drivers. But, of course it is about "the children." The children have for decades been the most convenient, most compelling catch-all justification for the erosion of liberty and privacy that is available. Which is ironic, since right up to the day that "the children" are born, they are legally as disposable as a tumor if they are not wanted. They provide an automatic, thought-free guilt trip: If you oppose this invasion of your privacy, you want children to DIE!! So, in an increasing number of states, it is not about how you drive. It is about what you are doing when you drive. And I wonder, how big a step is it from your car to your home? So what if you don't smoke in the car? If you smoke when you get home, your kids are breathing secondhand smoke. Don't they need protection from that? Do you want more children to die? How big a step is it from cigarettes to food? Newburyport has already banned parents from putting candy in their kids' lunch boxes. Why shouldn't the school department step into the home and control what they eat there, too? You know, "it takes a village ..." and all that. I'm all for protecting children. I tried my best to protect my own and am thankful they all made it to adulthood. I never smoked, in the car, at home or anywhere else. I agree that smoking is not good for you or your children, although Rep. Griffin takes it too far when she asserts that a child who lives with a smoker is "not going to live to be old." The risk goes up, but it is not an automatic death sentence. I've known chain smokers who made it into their 90s. But when government reaches into your private space to punish you for using a legal product, it has crossed a line that even "the children" cannot justify. If elected officials don't want people smoking in cars, they should outlaw tobacco outright. They won't do that, of course, because tobacco brings in so much money, and money is much more important than the children or the right to privacy. Maybe none of this sounds like a big deal. But little deals, collectively, become very big deals. If the Democrats now in power are serious about privacy, they should demonstrate it in areas other than abortion. ??? Taylor Armerding is a staff columnist. He may be reached at 978-946-2213 or at tarmerding at eagletribune.com. From rforno at infowarrior.org Sat Mar 14 22:37:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Mar 2009 18:37:48 -0400 Subject: [Infowarrior] - ACLU Comprehensive Report On Patriot Act Abuses Message-ID: <9EE4F42D-3296-458C-8FA9-DE02F465E193@infowarrior.org> ACLU Releases Comprehensive Report On Patriot Act Abuses (3/11/2009) FOR IMMEDIATE RELEASE CONTACT: (202) 675-2312; media at dcaclu.org http://www.aclu.org/safefree/patriot/38979prs20090311.html WASHINGTON ? The American Civil Liberties Union released a comprehensive report today examining widespread abuses that have occurred under the USA Patriot Act, a law that was rushed through Congress just 45 days after September 11. In the almost eight years since the passage of the controversial national security law, the Patriot Act has led to egregious government misconduct. ?From the gagging of our nation?s librarians under the national security letter statute to the gutting of time-honored surveillance laws, the Patriot Act has been disastrous for Americans? rights,? said Caroline Fredrickson, Director of the ACLU Washington Legislative Office. ?In the panic following the events of 9/11, our nation?s lawmakers hastily expanded the government?s authority to a dangerous level and opened a Pandora?s box of surveillance.? The American Civil Liberties Union?s report, ?Reclaiming Patriotism,? authored by policy counsel Michael German and legislative counsel Michelle Richardson, was delivered to congressional offices on Capitol Hill, as well as posted to the newly re-launched site www.reformthepatriotact.org . The report is being released in anticipation of the upcoming congressional debate surrounding three Patriot Act provisions due to expire on December 31, 2009. The ACLU has been working within the halls of Congress and the courts to introduce Patriot Act reform legislation. In December of 2008, as a result of an ACLU lawsuit, the gag order contained in the Patriot Act?s National Security Letter (NSL) provision was struck down. ?Reclaiming Patriotism? reveals that in the years since its passage, the Patriot Act has paved the way for the expansion of government- sponsored surveillance including the gutting of the Foreign Intelligence Surveillance Act (FISA) and a recent revamping of the Attorney General Guidelines to allow law enforcement to conduct physical surveillance without suspicion. Indeed, over the last eight years, numerous expansions of executive authority have worked in tandem to infringe upon our rights. Only by understanding the larger picture of the combined effects of Patriot Act, the amendments to FISA, the guidelines for physical surveillance and other expansions of power can Congress make an informed, consistent and principled decision about whether and how to amend all of these very powerful surveillance tools. ?The fallout we?ve seen from the Patriot Act being rushed through the legislative process is a dramatic example of the dire need for proper and deliberative congressional oversight,? said Fredrickson. ?Congress should use this year?s Patriot Act reauthorization as an opportunity to reexamine all of our surveillance laws. Our lawmakers have, over time, built a massive surveillance mechanism bit by bit. Now is the time take it apart, examine each piece and develop wiser policies.? To read the ACLU?s report ?Reclaiming Patriotism? and learn more about the three Patriot Act provisions up for expiration this year, go to: www.reformthepatriotact.org From rforno at infowarrior.org Sun Mar 15 01:08:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Mar 2009 21:08:12 -0400 Subject: [Infowarrior] - More AIG hypocracy Message-ID: <3E799B09-27F8-431A-B8EB-E123C55255AA@infowarrior.org> ....weren't these the same "best and brightest talent" that got the firm into this mess to begin wtih? WTF are we giving them bonuses with taxpayer money? If the USG doesn't force AIG to renegotiate these things downward, it really will show how impotent it has become in inflicting penalties (of a sort) on these guys. -rf AIG Paying Millions in Bonuses Despite Receiving Federal Bailout http://www.washingtonpost.com/wp-dyn/content/article/2009/03/14/AR2009031401394_pf.html By David Cho Washington Post Staff Writer Saturday, March 14, 2009; 5:25 PM Despite receiving $170 billion in federal aid and recording a staggering loss for the last quarter, insurance giant American International Group is doling out tens of million of dollars in bonuses this week to senior employees. While AIG agreed to pay the bonuses months before the government's rescue of the company began, the matter still is a source of anger for government officials. In a phone call on Wednesday, Treasury Secretary Timothy F. Geithner told AIG Chairman and chief executive Edward M. Liddy that the payments were unacceptable and needed to be renegotiated, according to an administration source. The company has since agreed to change the terms of some of these payments. But in a letter to Geithner, Liddy wrote that the bonuses could not be cancelled altogether because the firm would risk a lawsuit for breaching employment contracts. Liddy also expressed concerns about whether changing the bonuses would lead to an exodus of talented employees who are needed to turn the company around. "We cannot attract and retain the best and brightest talent to lead and staff the AIG businesses -- which are now being operated principally on behalf of the American taxpayers -- if employees believe that their compensation is subject to continued and arbitrary adjustment by the U.S. treasury," Liddy wrote. AIG has agreed to restructure the $9.6 million in bonuses it would have paid to the firm's top 50 officers. AIG's top seven executives, including Liddy, have already agreed to forgo this payment altogether. The next 43 highest ranking officers would still receive half of their bonuses now. A quarter would be dispersed on July 15 and the rest on Sept. 15, but these last two payments would be contingent on whether the company makes progress on its restructuring plan. Other bonus payments to thousands of employees, which total in the hundreds of millions of dollars, are still on track to be paid out. From rforno at infowarrior.org Mon Mar 16 17:57:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Mar 2009 13:57:07 -0400 Subject: [Infowarrior] - Search Tool for Uncovered Government Documents Message-ID: <802A2F57-1DBA-44BA-A9EC-77CAD13EE1AE@infowarrior.org> March 16th, 2009 EFF Launches Search Tool for Uncovered Government Documents http://www.eff.org/press/archives/2009/03/16 New Search Engine Highlights EFF's Transparency Efforts During Sunshine Week San Francisco - In celebration of Sunshine Week, the Electronic Frontier Foundation (EFF) today launched a sophisticated search tool that allows the public to closely examine thousands of pages of documents the organization has pried loose from secretive government agencies. The documents relate to a wide range of cutting-edge technology issues and government policies that affect civil liberties and personal privacy. EFF's document collection -- obtained through requests and litigation under the Freedom of Information Act (FOIA) -- casts light on several controversial government initiatives, including the FBI's Investigative Data Warehouse and DCS 3000 surveillance program, and the Department of Homeland Security's Automated Targeting System and ADVISE data-mining project. The documents also provide details on Justice Department collection of communications routing data, Pentagon monitoring of soldiers' blogs, mismatches in the Terrorist Screening Center's watchlist, and FBI misuse of its national security letter subpoena authority. The new search capability enables visitors to EFF's website to conduct keyword searches across the universe of government documents obtained by EFF, maximizing the value of the material. "Until recently, documents obtained under FOIA often gathered dust in filing cabinets," said David Sobel, EFF Senior Counsel and director of the organization's FOIA Litigation for Accountable Government (FLAG) Project. "We believe that government information should be widely available and easy to research, and our new search engine makes that a reality." EFF is launching the tool during national Sunshine Week, an annual, non-partisan event that promotes government transparency. The celebration is particularly significant this year, because it comes after eight years of a presidential administration that was widely criticized for its secrecy and two months into a new administration that has promised "unprecedented" openness. "We welcomed President Obama's declaration -- on his first full day in office -- that he will work to make the federal government more open and participatory," EFF Staff Attorney Marcia Hofmann said. "There's certainly a lot of work to do -- so much government activity has been hidden from public view in the name of 'national security' and the 'war on terror.'" For the new FOIA document search tool: http://www.eff.org/issues/foia/search For more on EFF's FLAG Project: http://www.eff.org/issues/foia Contacts: Marcia Hofmann Staff Attorney Electronic Frontier Foundation marcia at eff.org David Sobel Senior Counsel Electronic Frontier Foundation sobel at eff.org From rforno at infowarrior.org Mon Mar 16 19:05:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Mar 2009 15:05:09 -0400 Subject: [Infowarrior] - The FixCNBC petition Message-ID: <3AB8435A-062B-45F3-9979-EE5C553B532C@infowarrior.org> (c/o boingboing) We need CNBC to practice responsible journalism. Will you please take a few moments to sign this open letter to CNBC? http://fixcnbc.com/ (Yes, I did sign.) From rforno at infowarrior.org Tue Mar 17 13:20:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Mar 2009 09:20:39 -0400 Subject: [Infowarrior] - Sci-Fi channel changing its name Message-ID: <302A9150-3FAA-4393-B64A-8881B4612038@infowarrior.org> Harumpf. --rf Source: http://www.tvweek.com/news/2009/03/sci_fi_channel_aims_to_shed_ge.php "In some universe, the name ?Syfy? is less geeky than the name ?Sci Fi.? Dave Howe, president of the Sci Fi Channel, is betting it?s this one....To that end, the 16-year-old network?owned by NBC Universal? plans to announce that Syfy is its new name March 16 at its upfront presentation to advertisers in New York." < - > ...but here's the REAL reason, I suspect, for the change, according to the article: ?It gives us a unique word and it gives us the opportunities to imbue it with the values and the perception that we want it to have,? he said." *cough* A term you can copyright, perhaps??? No, you wouldn't be that obvious, would you? .....oh, right: "?We need an umbrella brand we can attach to new businesses: Sci Fi games, Sci Fi kids. It does no use to attach ?Sci Fi? because there?s hundreds of sci-fi Web sites and sci-fi publications. So it?s changing your name without changing your name,? Mr. Howe said." Owell - with BSG off the air after this week, there's nothing else on SciFi that interests me there anyway @ the moment. From rforno at infowarrior.org Tue Mar 17 13:48:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Mar 2009 09:48:44 -0400 Subject: [Infowarrior] - Apple claims no DRM protection on Shuffle controls Message-ID: <73511EAB-3A82-4979-94D0-0DE46E80DC09@infowarrior.org> Either way, AAPL could use this as leverage over third party vendors either via DMCA or its MFI licensing program. Still a sledgehammer in the hands of a giant who says "trust me I won't hit you with it." Riiiight. Apple claims no DRM protection on Shuffle controls http://www.ipodnn.com/articles/09/03/16/apple.refutes.drm.claims/ Apple has refuted recent claims that the new iPod shuffle integrates DRM technology to prevent third-party companies from making compatible products without paying fees. iLounge and the Electronic Frontier Foundation noted the presence of a chip behind the buttons on the in- line controls, leading to the presumption that the component provided authentication for the signal. The EFF argued that an authentication chip would serve as a method to prevent third-party companies from reverse engineering the technology. The report described a potential "nightmare scenario" where Apple controlled all aspects of iPods and accessories, using DRM and the DMCA laws to drive profits. Apple provided more details of the system to Boing Boing, claiming that there is no encryption on the "control chip", which would leave the door open for third-party manufacturers to produce clones. The company has a licensing option, however, that offers to sell developers the chip and microphone in a bundle, as part of the Made for iPod program. It remains unclear if the manufacturers would be prohibited from using unlicensed parts in the Made for iPod accessories. From rforno at infowarrior.org Tue Mar 17 14:42:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Mar 2009 10:42:31 -0400 Subject: [Infowarrior] - Cybersecurity at midpoint of federal review Message-ID: http://arstechnica.com/tech-policy/news/2009/03/all-eyes-on-cybersecurity-at-midpoint-of-federal-review.ars All eyes on cybersecurity at midpoint of federal review With a comprehensive 60-day review of the US cybersecurity situation half completed, an array of public and private sector experts weigh in with advice for the new administration. By Julian Sanchez | Last updated March 16, 2009 9:20 PM CT Last week was a busy one for cybersecurity mavens as the 60-day review ordered by President Obama reached its halfway point. The House Committee on Homeland Security held hearings on the state of efforts to protect the nation's data infrastructure, even as the Congressional Research Service released a report highlighting the shaky legal foundations of the Comprehensive National Cybersecurity Initiative. The Department of Homeland Security, which came in from many House witnesses, appointed a former Microsoft executive to lead the charge on cybersecurity. And at the annual FOSE conference, former FBI head Louis Freeh weighed in with a contrarian warning that centralization provided an "illusory" solution to the problem. The trouble with DHS The Department of Homeland Security, home to the National Cyber Security Center, proved a popular punching bag at last Tuesday's hearing before the House of Representatives. David Powner of the Government Accountability Office was relatively restrained, noting that the department "has not met expectations and has not provided the high-level leadership needed to raise cybersecurity to a national focus." Amit Yoran of security vendor NetWitness was more blunt, blasting DHS' "inefficiency," and its "consistent track record for tolerating political infighting, individual egos and shenanigans over prioritizing and executing its cyber responsibilities in a mature fashion." Yet few faulted NCSC head Rod Beckstrom, who resigned last week, complaining of inadequate support and funding within DHS, and meddling from without by the National Security Agency. (On Wednesday, DHS Secretary Janet Napolitano named former Microsoft executive Phil Reitinger as the new head of the National Protection and Programs Directorate, which houses the NCSC.) Rep. Bennie Thompson (D-MS) argued that the previous administration had placed Beckstrom in a "no win situation" without "clear authority or budget." The neglected private sector A report released last week by the Congressional Research Service, however, suggests that the solution to those problems may lie with Congress rather than the White House. Their review of the legal basis for the (still largely secret) Comprehensive National Cybersecurity Initiative found only patchy statutory authority for the CNCI?little surprise, given that Congress itself had been largely left in the dark about the initiative. CRS concluded that President Bush had relied largely on his inherent Article II powers in launching the initiative, but questioned whether these provided an adequate basis for an ambitious project requiring intimate collaboration with the private sector. Several witnesses at Tuesday's hearing echoed James Lewis of the Center for Strategic and International Studies, who argued that the "greatest failing" of the CNCI was that the initiative "despite its name, was not comprehensive." In part because it was launched under a veil of secrecy and without statutory support, the CNCI focused primarily on securing the dot-gov domain. But as a report sent to Congress last month by the Institute for Information Infrastructure Protection stressed, 85 percent of the nation's critical infrastructure is privately owned and operated. That report stressed the special security problems posed by the process control systems that manage vital flows of oil, gas, and electricity?systems often comprising a patchwork accretion of legacy components, which are particularly difficult to secure because they must operate continuously and respond extremely rapidly, with little leeway for any processing overhead that add-on security measures might add. Lewis suggested that the recent stimulus package had actually compounded this problem by providing billions for high-tech infrastructure upgrades, such as "smart" power grids, without a clear security plan in place. Microsoft executive Scott Charney zeroed in on insular advisory committees as another lost opportunity for greater interaction with the private sector. He singled out the Joint Telecommunications Resources Board and the National Cyber Response Coordination Group, which are charged with coordinating responses to "cyber-based" crises, but which serve as forums for government agencies to talk to each other, rather than to the operators of the networks that would actually be targeted in any such crisis. Charney and Lewis also made the case that regulation, as well as collaboration, was needed to fill "market gaps" in cybersecurity?among these the need for stronger authentication systems and "harmonized" security requirements across sectors. Charney stressed, however, that regulation should also be narrowly tailored and technology-neutral to the extent possible. Among the concerns about cybersecurity regulation advanced in last month's I3P report was that rules focused on process rather than outcome tended to cultivate "checkbox mentality" rather than encouraging innovation. The model for security regulation, that report suggested, should be the clean-air rules that place limits on emissions without specifying the technological means by which industry should meet those limits. Learning to share The secrecy surrounding the CNCI, most agreed, has seriously hampered cooperation with private network owners?who are themselves loath to reveal security breaches. Even within the federal government itself, the refrain of many witnesses at the House hearing?seconded by former FBI Director Louis Freeh in his remarks at the annual FOSE conference Friday?was that cybersecurity strategy had become "stovepiped" or "siloed," with coordination across agencies haphazard at best. One consequence of this, emphasized by Charney and Yoran, has been a disconnect between the approach of system designers, who tend to see cybersecurity through the lens of defense and prevention, and that of intelligence and law enforcement, which place a high premium on attribution of attacks. The Markle Foundation's Task Force on National Security in the Information Age provided one model for improved information sharing in a report released last week. At the core of the proposal is an "authorized use" standard, implementable using commercial off-the- shelf technology, designed to "break down agency stovepipes" by enabling "discovery without disclosure." On this model, data would be relatively easy to locate across agencies in anonymized indices, but access would be strictly limited and monitored based on each individual's specific purpose and clearance level?ideally encouraging agencies to loosen their piranha-grip on information somewhat. Who's in charge? That still, of course, leaves the question of where primary responsibility for cybersecurity should be located. The witnesses at Tuesday's hearing, along with former FBI director Freeh, may have been critical of DHS to varying extents, but all rejected Director of National Intelligence Dennis Blair's suggestion that the NSA?whose track record on that all-important public-private collaboration might kindly be described as spotty?should take the lead. While some saw a continuing operational role for DHS?which also plays host to the US Computer Emergency Readiness Team (US-CERT)?most argued that a dedicated executive branch agency within the White House would be needed to handle macro-level policy making and intra-agency coordination. That was among the more prominent recommendations of a cybersecurity report issued late last year by the Center for Strategic and International Studies, to which many of Tuesday's witnesses contributed The idea is not without its critics, however. In his Friday remarks, former FBI head Freeh argued that the problem of cybersecurity "is too large and too complicated to relegate it into a typical bureaucratic or statutory pigeonhole." Calling the idea of an independent agency dedicated to cybersecurity "illusory," Freeh suggested that protecting critical information infrastructure was like "trying to deal with weather: where in the United States should we put the responsibility to anticipate and control weather? It can't be done." The solution, he argued, was to break down agency "silos" so that expertise dispersed throughout the government could be brought to bear without excessive centralization. Probably the most important determinant of the approach the administration ultimately adopts will be the findings of Melissa Hathaway, who is slated to complete her comprehensive review in just under a month. Should that review conclude that a more centralized, White House-led approach is the way to go, Hathaway herself is widely seen as the most likely candidate to head the effort. From rforno at infowarrior.org Tue Mar 17 16:43:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Mar 2009 12:43:03 -0400 Subject: [Infowarrior] - OT: Vets Rap WH Plan on Paying for Care Message-ID: <129C806F-3FAE-4C3C-9E0A-5A62444C81E8@infowarrior.org> DOA or not, the fact such a plan was even brought up by the WH is more than a little disturbing.... --rf http://www.military.com/news/article/vets-rap-wh-plan-on-paying-for-care.html Vets Rap WH Plan on Paying for Care March 17, 2009 Kansas City Star WASHINGTON - The Obama administration is considering making veterans use private insurance to pay for treatment of combat and service- related injuries. The plan would be an about-face on what veterans believe is a longstanding pledge to pay for health care costs that result from their military service. But in a White House meeting Monday, veterans groups apparently failed to persuade President Barack Obama to take the plan off the table. "Veterans of all generations agree that this proposal is bad for the country and bad for veterans," said Paul Rieckhoff, executive director of Iraq and Afghanistan Veterans of America. "If the president and the OMB (Office of Management and Budget) want to cut costs, they can start at AIG, not the VA." Under current policy, veterans are responsible for health care costs that are unrelated to their military service. Exceptions in some cases can be made for veterans without private insurance or who are 100 percent disabled. The president spoke Monday at the Department of Veterans Affairs to commemorate its 20th anniversary and said he hopes to increase funding by $25 billion over the next five years. But he said nothing about the plan to bill private insurers for service-related medical care. Few details about the plan have been available and a VA spokesman did not provide additional information. But the reaction on Capitol Hill to the idea has been swift and harsh. "Dead on arrival" is how Democratic Sen. Patty Murray of Washington described the idea. " ... when our troops are injured while serving our country, we should take care of those injuries completely," Murray, a member of the Senate Veterans' Affairs Committee, told a hearing last week. "I don't think we should nickel and dime them for their care." In separate comments, Republican Sen. Kit Bond of Missouri said the nation "owes a debt to the veterans who fought and paid for our freedom." Secretary of Veterans Affairs Eric Shinseki said at the hearing where Murray spoke that the plan was "a consideration." He also acknowledged that the VA's proposed budget for next year included it as a way to increase revenue. But Shinseki told the Senate Veterans' Affairs Committee that "a final decision hasn't been made yet." For veterans, that was little comfort.... < - > http://www.military.com/news/article/vets-rap-wh-plan-on-paying-for-care.html From rforno at infowarrior.org Wed Mar 18 12:04:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2009 08:04:30 -0400 Subject: [Infowarrior] - IBM in talks to buy Sun Microsystems Message-ID: <10AE370F-0334-4CD2-A9A6-41FB1DCD2878@infowarrior.org> Report: IBM in talks to buy Sun Microsystems IBM reportedly in talks to buy Sun Microsystems for at least $6.5B Wednesday March 18, 2009, 7:59 am EDT http://finance.yahoo.com/news/Report-IBM-in-talks-to-buy-apf-14674333.html NEW YORK (AP) -- A published report says International Business Machines Corp. is in preliminary talks to buy Sun Microsystems Inc. for at least $6.5 billion in cash. The Wall Street Journal, which cited unnamed people familiar with the matter, said Wednesday the deal could occur as early as this week. IBM, of Armonk, N.Y., and Sun Microsystems of Santa Clara, Calif., both make computer systems for corporate customers, and the newspaper says a purchase of Sun Micro would help IBM in the finance and telecommunications markets. The Journal says both companies declined to comment on the report. From rforno at infowarrior.org Wed Mar 18 12:06:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2009 08:06:54 -0400 Subject: [Infowarrior] - OpEd: The infosec industry is a fraud Message-ID: <8A705E4E-4381-46E8-976B-3F1B55167FE2@infowarrior.org> The infosec industry is a fraud Metlstorm takes the infosec industry to task for its failures... By metlstorm Join the discussion 2 Comments March 18, 2009 -- http://risky.biz/news_and_opinion/metlstorm/2009-03-18/infosec-industry-fraud I want to believe I'm wrong; that the infosec industry isn't a fraud, fleecing the chumps of their cash. "Surely, Metl," you say. "Surely its not 1994 any more, you don't just NFS mount .mil boxen any more, you don't roll with slammer or blaster or code-red. You don't get thousands of open ports when you nmap an corporate Internet perimeter, things are better." Sure, maybe its not 1994AD any more. But let me posit this, which I culpably dub Metlstorm's Assertion: The cost of owning a corporation is a fraction of a percent of their annual infosec spend. Lets go with 0.1%. Can you think of any organisation you've worked for, or on, or with, or pwned that you couldn't own for the sales margin on a single Check Point device? Let's assert the value of owning a corporation -- if you're any good at the order-fulfillment bits of crime, which I'm not -- is proportional to its market cap. The ratio of cost-of-ownership to value-of-ownership is so low as to have an ROI to an attacker that is nearly infinite. Stated more concisely (unusual for me, I know); the incremental cost to an attacker between not hacking you and hacking you is so close to zero we have to assume they actually do. Which means you should proceed on the assumption that your corp is already owned. We live in a world where our desktop machines get USB autorun worms, where a garden or variety botnet worm owns entire Ministries of Health, where insider attacks are commonplace, where biometrics doesn't work, where routers are backdoored by offshore manufacturers with various political goals, where we pay janitorial services staff minimum wage because they've only got physical access to, well, everything via their trivially clonable RFID proxcards running on building management software off a crappy old NT4 box in the basement. Ok Metl. Breathe. You see where I'm going with this. There is no infosec industry. We're just doomsayers who take the chumps money while they've still got it, and when they don't we just scare the next lot senseless until someone pays up. We don't actually improve anything. The infosec industry is a trinity; the boxpushers (vendors), the chumps (the users), and the doomsayers (us, the pentesters). Boxpushers sell kit to the chumps, who've been goosed into thinking they need it. The doomsayers occasionally pity the chumps, but are generally stuck in io-wait, writing off the boxes being pushed as useless, impractically complex, and that highest criticism of all; boring. Us doomsayers take the chump's money, then tell them in excruciating and savage detail how much they and the boxes they got pushed suck. And they invariably do. When we're on a typical gig we sit around, amusing ourselves intellectually by doing something we'd all probably just do for fun anyway, call it work, and then tell the chumps in serious sounding language quite how poked they are today. There is doom. Unending grimness. Like the darkened frostbitten forests of Ukranian blackmetal album covers. Hell, in the case of boxpushers, they actually make it worse (Hi mail antivirus gateways! Hi IDS consoles, hi shatter-prone desktop asset management and patch deployment solutions, giving up localadmin like [security researcher] Brett Moore slipped you his best Mr December smile under the digital cyber eMistletoe.) I ask you again -- is there any corporation you've seen where the upper bound of cost to own them wasn't proportional to the janitor's hourly rate? We all know, deep in our guts, that we could own anyone. And we wouldn't be doing it with Ben Hawkes' heap technique -- that stuff's for impressing cons and talking shit in bars, not wasting on actual attacks. We'd just roll like it was 1994AD; and we'd win. Every time. You know it. And how much would it cost? To own a bank, a telco, an ISP, a critical infrastructure provider? Really, we all know the turgid, sodden, doomladen truth. How much would it cost? Yeah. Exactly. Fractions, my man. Fractions of a percent. Metlstorm is a New Zealand-based freelance security consultant. He's created several tools including Hai2IVR, Winlockpwn and SSH_Jack. He's also an organiser of the annual Kiwicon security conference in Wellington, New Zealand. From rforno at infowarrior.org Wed Mar 18 12:44:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2009 08:44:25 -0400 Subject: [Infowarrior] - Teens capture Earth images from space Message-ID: <37DEFD96-A713-41E0-B4B5-CFB023F849F6@infowarrior.org> Teens capture images of space with ?56 camera and balloon Teenagers armed with only a ?56 camera and latex balloon have managed to take stunning pictures of space from 20-miles above Earth. < - > http://www.telegraph.co.uk/news/newstopics/howaboutthat/5005022/Teens-capture-images-of-space-with-56-camera-and-balloon.html From rforno at infowarrior.org Wed Mar 18 14:46:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2009 10:46:37 -0400 Subject: [Infowarrior] - Cyber Debate: Which Way DISA Message-ID: Cyber Debate: Which Way DISA By Colin Clark Tuesday, March 17th, 2009 2:01 pm http://www.dodbuzz.com/2009/03/17/cyber-debate-which-way-disa/ There is one month left before the government-wide cyber review ends. Defense Secretary Robert Gates is expected to announce a four-star combatant commander to run cyber warfare soon after that review is finished. Our story about a cyber COCOM sparked a rollicking debate about the roles of DISA and, to a lesser degree, NSA and STRATCOM. While I can?t identify who the posts came from, I can tell you that several of them came from practitioners of these dark arts. In the hopes of driving the debate even further, here are some of the comments, with observations. John Schrader, a colonel, said the country does need a cyber COCOM, but it should be kept within the current organizational structure. Since the Unified Command plan places cyber under STRATCOM he proposes making the cyber COCOM ?a Sub-Unified Command of STRATCOM. It will be multi service and have its own component commands. The services will train and equip in order to present forces to the cyber commander who lives within the strategic context of STRATCOM with all the advantages of cross COCOM operational authority.? While I understand John?s commitment to the UCP, I think he ignores the very real chain of command concerns that having a four star report to another four star. While you can get anyone to do anything within reason, I think it would dangerously muddy the chain of command. He recommends taking DISA?s Joint Task Force-Global Network Operations and expanding it. He argues that this ?comes with a staff structure and one dimension of cyber built it.? But very few people I?ve spoke with in either the military or intelligence worlds believes that DISA is the right place to park such responsibilities, especially as long as NSA continues to throw its weight around. John argues that we should keep ?NSA doing what it does best?it becomes a force provider.? But, with all respect, to expect NSA to provide much of the muscle and therefore the money and expect the biggest chunk of the IC to just do what the regular military tells it to do is to ignore most of the last five years of conflict between these groups. Create an industry council as part of the command group that engages and involves industry. I?m afraid I?m more in line with Joe?s thinking on this one.. He says, ?DISA is a horrible choice for this. DISA is a bloated bureaucratic nightmare who cannot get any project of not completed without inflating the price tag beyond anything reasonable. They are shamed by any commercial counterpart, and a laughing stock everywhere else.? Sinlock also think DISA is ?a horrible choice. You need to ask yourselves this. If the 40 some odd security vendors and companies out there cannot solve the problem (detect rates) and they employ the best in the business how in the heck do you think the DOD or intel agencies can?? Caine weighs in, believing that ?the Intel and DoD communities have the cream of the security crop? but are ?hampered and hamstrung by horribly outdated and bureaucratic processes.? Take all this, compress it and I think you come up with several clear answers. One, we need a cyber COCOM with clear command responsibilities and his own troops. Forcing him to rely on NSA personnel will only prolong the already fatiguing fight between NSA, DoD and DHS. Make sure that whoever gets final civilian authority to lead cyber activities in the federal government is given clear lines of funding and operational authority. DoD has to be able to exercise its Title 10 responsibilities without getting mired in battles between it, the IC and DHS. I?m betting our readers know more about these issues than most because of your knowledge of the military and IC. Let?s hear your thoughts. From rforno at infowarrior.org Wed Mar 18 14:52:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2009 10:52:43 -0400 Subject: [Infowarrior] - First rule of Internet censorship: Hide the block list Message-ID: <36C617B5-AF86-403E-8B58-E61309401D1F@infowarrior.org> First rule of Internet censorship: Hide the block list Like many countries, Australia currently runs a blacklist of child porn sites. And like many countries, it doesn't want that list published. It doesn't even want other countries' lists published, and is in fact banning such links. By Nate Anderson | Last updated March 18, 2009 8:20 AM CT http://arstechnica.com/tech-policy/news/2009/03/first-rule-of-internet-censorship-hide-the-block-list.ars Australia's telecom regulator, the Australian Communications and Media Authority (ACMA), has the authority to blacklist Internet sites, authority used almost exclusively to address childhood sex pictures (children's rights groups don't like the "child porn" label, which suggests a degree of agency that children involved in the practice don't have). But it also came to light recently that ACMA is willing to blacklist pages that simply list the censored websites, even though they contain no offensive images. The Sydney Morning Herald noted today that ACMA's blacklist even includes certain Wikileaks pages, including a list of Denmark's censored websites (3,863 blocked). The page is apparently included on the theory that a massive list of sites with "lolita" and "youngyoung" in the their domain names is basically an invitation to Australians who might not otherwise know where to go to get an underage fix. If that's true, ACMA will have to keep blocking. Wikileaks also hosts the leaked blacklists from countries like Thailand (11,329 blocked) and Finland (797 blocked). All three of those lists are largely concerned with sex, but the size difference can be chalked up to the fact that Thailand appears to be banning all sorts of porn websites (along with proxy services), while the Nordic countries are exclusively concerned with sexual images of children. The ACMA blacklist will be used as the basis for the government's nationwide Internet filtering system?should that system ever be put into place (it's currently facing serious opposition from ISPs and even from the Australian Senate). For now, though, the blacklist can be used by ACMA to go after websites that link to the censored content; those that don't remove such links after a day or so face fines of $11,000 per day. The blacklist itself is secret, as it is in most countries that censor content. This angers some activists who believe that secrecy lends itself to abuse. In Finland, for instance, a man who runs a website arguing that the blacklist approach is ineffective was called in for questioning last year after publishing "a list of a few hundred censored sites." His own site was then placed on the blacklist, which means that visitors from Finland are greeted by a message saying that the site they are trying to reach contains illegal images. Those in favor of keeping the lists secret claim that publishing them is simply providing a centralized resource for those interested in child sex abuse, but without any real way to see what's on the list or to challenge its contents, the list makers will always invite charges of incompetence or arbitrariness (indeed, one Finnish site claims that most of the domains on the blacklist appear to be legal pornographic sites). This was the case recently in the UK where the censorship list creator (which is not a part of the government) added a Wikipedia image of an old Scorpions album cover to its block list and later retreated after protests. Right or wrong, the first worldwide rule of Internet censorship currently seems to be "you don't talk about what's being censored." From rforno at infowarrior.org Wed Mar 18 19:08:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2009 15:08:12 -0400 Subject: [Infowarrior] - Google provides DMCA takedown #s Message-ID: Google Provides Numbers On Just How Often DMCA Takedown Process Is Abused from the quite-frequently,-it-appears dept http://techdirt.com/articles/20090315/2033134126.shtml Some entertainment industry lawyers have been going around lately, pitching a fable that the DMCA isn't really that bad, since bogus takedown notices are somewhat rare. However, some new evidence from Google suggests quite a different story. Reader Slackr points us to some news about Google filing a comment on New Zealand's proposed new copyright law that would kick file sharers offline based on accusations rather than convictions. While New Zealand has agreed to hold off putting the law into place, while it hopes to work out a compromise, the government is accepting submissions from interested parties. While it's interesting alone that Google is participating in the process, even more interesting is what it has to say about its experience with DMCA takedown notices: In its submission, Google notes that more than half (57%) of the takedown notices it has received under the US Digital Millennium Copyright Act 1998, were sent by business targeting competitors and over one third (37%) of notices were not valid copyright claims. Google's point is that these types of laws are widely abused, and setting up such a system where punishment is handed out without any real due process is going to lead to an awful lot of mistakes. But, these stats are worth discussing just for what they say about the DMCA itself, and that myth that the process is rarely abused. From the numbers Google has seen, it's quite clear that the DMCA isn't just abused, it's regularly abused in ways that are both anti-competitive and chilling. From rforno at infowarrior.org Wed Mar 18 19:09:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2009 15:09:20 -0400 Subject: [Infowarrior] - DNA cryptography Message-ID: The emerging science of DNA cryptography If DNA computing can be used to break codes, then the machinery of life can be exploited to encrypt data too Wednesday, March 18, 2009 Molecular biologists have long thought of DNA as an information storage device. The body processes this information with an impressive array of computing machinery which, since the 1990s, we've exploited to carry out a few of our own calculations. DNA computing may not be fast but it is massively parallel. With the right kind of setup, it has the potential to solve huge mathematical problems. It's hardly surprising then, that DNA computing represents a serious threat to various powerful encryption schemes such as the Data Encryption Standard (DES). But if DNA can be used to break codes then it can also be exploited to encrypt data. Various groups have suggested using the sequence of nucleotides in DNA (A for 00, C for 01, G for 10, T for 11) for just this purpose. One idea is to not even bother encrypting the information but simply burying it in the DNA so it is well hidden, a technique called DNA steganography. But that all sounds to simple for Nang King, an independent researcher who today puts forward an entirely new approach based on the way in which information from DNA is processed inside cells. The processing works in two stages called transcription and translation. < - > http://www.technologyreview.com/blog/arxiv/23167/ From rforno at infowarrior.org Wed Mar 18 19:13:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2009 15:13:00 -0400 Subject: [Infowarrior] - Hiding Behind Terrorism Law Message-ID: (c/o Schnierblog) March 10, 2009 Updated March 12, 2009, 3:10 PM EDT Safety Board Retreats Citing antiterrorism law, Bayer pressures Chemical Safety Board to cancel public meeting on fatal accident http://pubs.acs.org/cen/news/87/i11/8711news6.html IN EARLY FEBRUARY, the Chemical Safety & Hazard Investigation Board (CSB) was deep into planning for a March 19 public meeting in Institute, W.Va. The meeting would give the board and community a chance to discuss events surrounding a deadly accident at the Bayer CropScience facility in the Kanawha Valley. It would be similar to many meetings held in the past by the independent board and is part of CSB's process to investigate and find the root cause of chemical accidents. At that time, the board was about halfway through its investigation of the Aug. 28, 2008, fire and explosion at the Bayer plant that killed two workers and shut down the plant's production of Larvin, an insecticide, which has been reported in detail by West Virginia's Charleston Gazette. CSB had intended to hear community concerns, gather more information on the accident, and inform residents of the status of its investigation. However, Bayer attorneys contacted CSB Chairman John Bresland and set up a Feb. 12 conference at the board's Washington, D.C., headquarters. There, they warned CSB not to reveal details of the accident or the facility's layout at the community meeting. "This is where it gets a little strange," Bresland tells C&EN. To justify their request, Bayer attorneys cited the Maritime Transportation Security Act of 2002, an antiterrorism law that requires companies with plants on waterways to develop security plans to minimize the threat of a terrorist attack. Part of the plans can be designated as "sensitive security information" that can be disseminated only on a "need-to-know basis." Enforcement of the act is overseen by the Coast Guard and covers some 3,200 facilities, including 320 chemical and petrochemical facilities. Among those facilities is the Bayer plant. Bayer argued that CSB's planned public meeting could reveal sensitive plant-specific security information, Bresland says, and therefore would be a violation of the maritime transportation law. The board got cold feet and canceled the meeting. Bresland contends that CSB wasn't agreeing with Bayer, but says it was better to put off the meeting than to hold it and be unable to answer questions posed by the public. The board then met with Coast Guard officials, Bresland says, and formally canceled the community meeting. The outcome of the Coast Guard meeting remains murky. It is unclear what role the Coast Guard might have in editing or restricting release of future CSB reports of accidents at covered facilities, the board says. "This could really cause difficulties for us," Bresland says. "We could find ourselves hemming and hawing about what actually happened in an accident." Lisa K. Novak, a Coast Guard spokeswoman, tells C&EN that a review of CSB's reports is not being considered at this time and the Coast Guard will continue to work with CSB to reach a process by which "transparency can be sustained without undue compromise of national security information." BRESLAND PREDICTS that this will be sorted out as CSB prepares and releases the Bayer report this summer. Among the 49 investigations that the board has completed, this is the first public meeting canceled for security reasons or due to company pressure. It raises questions about whether terrorism fears can be used to blunt CSB accident investigations. Although the board has no regulatory authority, its accident reports and videos have had wide influence on companies, encouraging them to improve their safety performance, eliminate dangerous practices, and better control use of toxic chemicals. In this case, Bayer's history of use and storage of toxic reactive chemicals has galvanized community concern, says Maya Nye, a spokeswoman for People Concerned About MIC, a West Virginia community group made up of residents living near the Kanawha Valley plant. Nye and the group want Bayer to phase out its use of methyl isocyanate (MIC). The community group selected its name when it was formed more than 20 years ago, after the 1984 Union Carbide accident involving MIC at a plant in Bhopal, India, that killed some 5,000 people and injured 200,000. At that time, the facility in Institute was also owned by Union Carbide and was a sister to the Bhopal plant. Both stored large quantities of MIC. Over the years, the Institute plant changed hands several times and in 2002 was purchased by Bayer. Throughout this time, MIC was stored at the facility. According to Bayer plant data filed with the Environmental Protection Agency, the company stores up to 1.4 million lb of chlorine and ammonia, 19,000 lb of phosgene, and 240,000 lb of MIC on-site. Of the total MIC stored, the data show that up to 40,000 lb can be stored for use in the same process line that exploded last year. Bayer's total storage of MIC at this 50-year-old plant greatly exceeds what was leaked at Bhopal, and the amount stored in the Larvin process is quite near Bhopal levels. That makes community residents, chemical engineers, emergency responders, and plant workers nervous. A public CSB meeting, Nye says, would give the community information on the accident and what CSB has learned. "We want to know what is going on. Are we safe or not?" she says. Of particular concern, she adds, are the contents of a plume residents saw emerge from the accident site. WITHIN WEEKS of the accident, Nye says her group organized a community forum in which local and federal officials participated, but representatives of Bayer did not appear; instead the company submitted a statement. Nye says Bayer has held one meeting to explain the accident, but it was closely controlled by a public relations firm hired by the company. She calls Bayer's secrecy "absolutely phenomenal." In a letter to CSB, Nye and a dozen community groups urged the board to hold the public meeting. The letter charges that the postponement is a "political act" and represents a voluntary exit by CSB in the national debate to encourage chemical companies to shift to inherently safer design technologies. Despite repeated requests, Bayer would not respond to direct questions about the accident from C&EN, nor would the company discuss its storage and use of MIC. Instead, Greg Coffee, a company spokesman, offered a statement, saying Bayer has and will continue to cooperate fully with CSB regarding the August accident at Institute. "All decisions concerning the public meeting were made entirely by the CSB, and Bayer has no influence on the content or the timing of the board's activities," Coffee said. "The safe operation of the facility and the safety of our employees and the community remain our highest priority, and as such we intend to fully comply with all laws and regulations such as those administered by the federal Department of Homeland Security and the Coast Guard. "MIC was not involved in the August incident, and inventory of the material is kept to a minimum, and the site contains multiple layers of safeguards to ensure safety and security of MIC," Coffee said. The company also said it has worked with local emergency responders to improve emergency communications. INSPECTORS Bresland (left) and John Vorderbrueggen, CSB supervisory investigator and leader of the Bayer investigation, survey an accident site. Chemical Safety Board INSPECTORS Bresland (left) and John Vorderbrueggen, CSB supervisory investigator and leader of the Bayer investigation, survey an accident site. Bresland explains that the accident occurred during a process start-up in a tank holding methomyl and a mix of other chemicals. Methomyl along with MIC is reformulated to make Larvin. The CSB investigation, Bresland says, is examining MIC's use and the location of an MIC storage tank near the tank that exploded. "As it turns out," he says, "there wasn't a release from the MIC tank, but there could have been. So the question that comes up is, what was the potential for a release of MIC?" CSB is also concerned with two other matters, Bresland adds. The first is finding the root cause of the explosion, which is part of the board's charge. The second issue is Bayer's unwillingness to supply specific accident information to emergency responders when the accident occurred. The accident took place at about 10:30 PM, and a tape of the 911 calls between plant officials and emergency responders shows that a plant guard would not identify where in the facility the accident had occurred or which chemicals or processes were involved. Even when calling for an ambulance, the guard refused to reveal the extent of the accident despite repeated questions from an exasperated county emergency services official. Eventually county officials called for shelter-in-place for several thousand people living near the plant. As a result of Bayer's unwillingness to aid emergency responders, the West Virginia Legislature is considering a new law that would require companies to immediately report accident details to emergency responders. Heightening concern among the Institute community and area emergency responders alike is the storage of large quantities of MIC and fears of a Bhopal-like tragedy. FOLLOWING THE Bhopal accident, many companies phased out MIC storage and shifted to a process that formulates and uses MIC immediately in other processes, notes Trevor Kletz, who is considered the father of inherently safer process design. After working as a manager and chemical engineer for 38 years with Imperial Chemical Industries, he now writes and lectures on the topic. The goal for inherently safer design, Kletz notes, is to reduce stored quantities or eliminate use of toxic materials, such as phosgene, ethylene oxide, chlorine, or MIC. Kletz explains that their reactive nature makes these chemicals invaluable as chemical production intermediates, but they should be created and used as quickly as possible. "If you make an intermediate and immediately send it down the pipeline to another process, the worst that can happen is a break in a pipeline and that can be stopped by closing one valve. In the case of Bhopal, it would have been a leak measured in kilograms rather than tons," he says. Since the 9/11 attacks, Kletz believes the case for eliminating storage and use of toxic materials is even stronger. "Now we are worried about terrorists being able to place a bomb in a factory where it can have maximum effect," he adds. Kletz notes that toxic and reactive chemicals cannot always be eliminated?it depends on the particular production process. He is supported in this view by other chemical engineers interviewed by C&EN. However, as Daniel A. Crowl, Herbert H. Dow Professor for Chemical Process Safety at Michigan Technological University, notes, "If companies didn't have this inventory, they wouldn't have the terrorist concern." In many cases, Crowl says, on-site storage of large quantities of toxic chemicals is due to "sloppy inventory keeping." "If a company runs a tight plant and has a rigorous and disciplined management system, it can literally produce MIC and use it up on the spot," Crowl says. "They could have done this in Bhopal. The technology has been around since the 1960s." ONE COMPANY that has done so is DuPont. Within months of the Bhopal accident, DuPont ended on-site MIC storage at its facility in LaPorte, Texas, that makes the insecticide Lannate. Until that time, the DuPont plant had been buying MIC from Union Carbide's Institute plant and transporting the material to LaPorte for storage and use. According to a DuPont report, its engineers developed and deployed an "inherently safe, point-of-use process" to create MIC based on air oxidation of monomethyl formamide (MMF), a nonhazardous material that was made in a DuPont facility in West Virginia and shipped to Texas. The MIC unit sits next to the Lannate unit, the engineers wrote, and the only MIC on-site is in a short transfer line. DuPont accomplished this shift within six months, including creating an MMF production line. For this effort, DuPont's team of chemical engineers received a 2003 Industrial Innovation Award from the American Chemical Society. CSB will push ahead with its accident report, Bresland says, and expects to issue it by summer. He is unsure what role the Coast Guard may play in reviewing it. The accident has brought the Bayer plant onto the radar screen of at least one other federal agency. The Occupational Health & Safety Administration issued a $143,000 fine on Feb. 26 based on its examination of the conditions that led to the accident. One day later, EPA fined Bayer $112,000 and announced a $900,000 agreement to settle a wide range of violations that were revealed in inspections conducted between 1999 and 2001. An EPA spokeswoman said the agency had been negotiating with Bayer over the years and the timing of the fines and settlement was a "coincidence." With reporting by Rochelle F. H. Bohaty. From rforno at infowarrior.org Thu Mar 19 03:09:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Mar 2009 23:09:51 -0400 Subject: [Infowarrior] - WH: Constitution Does Not Protect Cell-Site Records Message-ID: Obama Administration: Constitution Does Not Protect Cell-Site Records By David Kravets EmailMarch 17, 2009 | 2:21:35 PM http://blog.wired.com/27bstroke6/2009/03/obama-administr.html The Obama administration says the Fourth Amendment prohibition against unreasonable searches and seizures does not apply to cell-site information mobile phone carriers retain on their customers. The position is being staked out in a little-noticed surveillance case pending before the 3rd U.S. Circuit Court of Appeals in Philadelphia. The case has wide-ranging implications for Americans, as most citizens have or will carry a mobile phone in their lifespan. At issue is whether the government can require federal judges to order mobile phone companies to release historical cell-tower information of a phone number without probable cause ? the standard required for a search warrant. While judges have varied on the issue, the resulting evidence can be used in a criminal prosecution. Mobile phone providers keep such information for up to 18 months. Historical cell-site location information includes the tower connected at the beginning of a call and at the end of the call. "Because wireless carriers regularly generate and retain the records at issue, and because these records provide only a very general indication of a user's whereabouts at certain times in the past, the requested cell-site records do not implicate a Fourth Amendment privacy interest," the Obama administration wrote (.pdf) Feb. 13 to the federal appeals court. The court filing underscores that the Obama administration is continuing to maintain the Bush administration's hard-line position when it comes to supporting warrantless surveillance. The latest surveillance case is believed to be the only one of its kind to reach the federal appellate level, said Jennifer Granick, the civil liberties director for the Electronic Frontier Foundation. "Almost everybody in the United States carries or will carry a cell phone," she said. "This tracking ability is a means where the government can find out the location of pretty much everybody without much effort or expense." The EFF and the American Civil Liberties Union on Tuesday urged (.pdf) the federal appeals court to side against the Obama administration. The case on appeal concerns the government's ongoing investigation into "large-scale narcotics trafficking and various related crimes." A Philadelphia federal judge denied requiring the disclosure of the cell- site information until the government provided an application for a search warrant. The government refused. The appeals court did not indicate when it would rule. From rforno at infowarrior.org Thu Mar 19 15:22:55 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Mar 2009 11:22:55 -0400 Subject: [Infowarrior] - Violating Terms of Use by Default Message-ID: Here's another case of some idiot firm trying to declare who can lnk to them via their ToS: Violating Terms of Use by Default http://www.boingboing.net/2009/03/19/violating-terms-of-u.html Buried in the Terms of Use of a very interesting and potentially valuable site called Newssift, a just-launched service from the Financial Times: "You may be granted a limited, nonexclusive right to create a hyperlink to Newssift.com Web provided (i) you give FT Search Inc. notice of such link by writing to privacyofficer at newssift.com...." Two items of lunacy here: 1) They want this on a link-by-link basis? 2) The address they want you to "request permission" to link to them is their privacy officer. Does that mean this person is going to be doing nothing more than responding yay or nay to link requests under this policy? And why the privacy officer? Granted it probably goes to their legal folks, but is "privacy" that somehow synonymous with "IP rights management" now? -rf From rforno at infowarrior.org Thu Mar 19 16:14:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Mar 2009 12:14:05 -0400 Subject: [Infowarrior] - Computer Experts Unite to Hunt Worm Message-ID: Computer Experts Unite to Hunt Worm By JOHN MARKOFF Published: March 18, 2009 http://www.nytimes.com/2009/03/19/technology/19worm.html An extraordinary behind-the-scenes struggle is taking place between computer security groups around the world and the brazen author of a malicious software program called Conficker. The program grabbed global attention when it began spreading late last year and quickly infected millions of computers with software code that is intended to lash together the infected machines it controls into a powerful computer known as a botnet. Since then, the program?s author has repeatedly updated its software in a cat-and-mouse game being fought with an informal international alliance of computer security firms and a network governance group known as the Internet Corporation for Assigned Names and Numbers. Members refer to the alliance as the Conficker Cabal. The existence of the botnet has brought together some of the world?s best computer security experts to prevent potential damage. The spread of the malicious software is on a scale that matches the worst of past viruses and worms, like the I Love You virus. Last month, Microsoft announced a $250,000 reward for information leading to the capture of the Conficker author. Botnets are used to send the vast majority of e-mail spam messages. Spam in turn is the basis for shady commercial promotions including schemes that frequently involve directing unwary users to Web sites that can plant malicious software, or malware, on computers. Botnets can also be used to distribute other kinds of malware and generate attacks that can take commercial or government Web sites off- line. One of the largest botnets tracked last year consisted of 1.5 million infected computers that were being used to automate the breaking of ?captchas,? the squiggly letter tests that are used to force applicants for Web services to prove they are human. The inability of the world?s best computer security technologists to gain the upper hand against anonymous but determined cybercriminals is viewed by a growing number of those involved in the fight as evidence of a fundamental security weakness in the global network. ?I walked up to a three-star general on Wednesday and asked him if he could help me deal with a million-node botnet,? said Rick Wesson, a computer security researcher involved in combating Conficker. ?I didn?t get an answer.? An examination of the program reveals that the zombie computers are programmed to try to contact a control system for instructions on April 1. There has been a range of speculation about the nature of the threat posed by the botnet, from a wake-up call to a devastating attack. Researchers who have been painstakingly disassembling the Conficker code have not been able to determine where the author, or authors, is located, or whether the program is being maintained by one person or a group of hackers. The growing suspicion is that Conficker will ultimately be a computing-for-hire scheme. Researchers expect it will imitate the hottest fad in the computer industry, called cloud computing, in which companies like Amazon, Microsoft and Sun Microsystems sell computing as a service over the Internet. Earlier botnets were devised so they could be split up and rented via black market schemes that are common in the Internet underground, according to security researchers. The Conficker program is built so that after it takes up residence on infected computers, it can be programmed remotely by software to serve as a vast system for distributing spam or other malware. Several people who have analyzed various versions of the program said Conficker?s authors were obviously monitoring the efforts to restrict the malicious program and had repeatedly demonstrated that their skills were at the leading edge of computer technology. For example, the Conficker worm already had been through several versions when the alliance of computer security experts seized control of 250 Internet domain names the system was planning to use to forward instructions to millions of infected computers. Shortly thereafter, in the first week of March, the fourth known version of the program, Conficker C, expanded the number of the sites it could use to 50,000. That step made it virtually impossible to stop the Conficker authors from communicating with their botnet. ?It?s worth noting that these are folks who are taking this seriously and not making many mistakes,? said Jose Nazario, a member of the international security group and a researcher at Arbor Networks, a company in Lexington, Mass., that provides tools for monitoring the performance of networks. ?They?re going for broke.? Several members of the Conficker Cabal said that law enforcement officials had been slow to respond to the group?s efforts, but that a number of law enforcement agencies were now in ?listen? mode. ?We?re aware of it,? said Paul Bresson, an F.B.I. spokesman, ?and we?re working with security companies to address the problem.? A report scheduled to be released Thursday by SRI International, a nonprofit research institute in Menlo Park, Calif., says that Conficker C constitutes a major rewrite of the software. Not only does it make it far more difficult to block communication with the program, but it gives the program added powers to disable many commercial antivirus programs as well as Microsoft?s security update features. ?Perhaps the most obvious frightening aspect of Conficker C is its clear potential to do harm,? said Phillip Porras, a research director at SRI International and one of the authors of the report. ?Perhaps in the best case, Conficker may be used as a sustained and profitable platform for massive Internet fraud and theft.? ?In the worst case,? Mr. Porras said, ?Conficker could be turned into a powerful offensive weapon for performing concerted information warfare attacks that could disrupt not just countries, but the Internet itself.? The researchers, noting that the Conficker authors were using the most advanced computer security techniques, said the original version of the program contained a recent security feature developed by an M.I.T. computer scientist, Ron Rivest, that had been made public only weeks before. And when a revision was issued by Dr. Rivest?s group to correct a flaw, the Conficker authors revised their program to add the correction. Although there have been clues that the Conficker authors may be located in Eastern Europe, evidence has not been conclusive. Security researchers, however, said this week that they were impressed by the authors? productivity. ?If you suspect this person lives in Kiev,? Mr. Nazario said, ?I would look for someone who has recently reported repetitive stress injury symptoms.? From rforno at infowarrior.org Fri Mar 20 00:38:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Mar 2009 20:38:17 -0400 Subject: [Infowarrior] - CDT: Domestic Intelligence System Grows without Controls Message-ID: A Briefing on Public Policy Issues Affecting Civil Liberties Online from the Center for Democracy & Technology This Policy Post is online: http://cdt.org/publications/policyposts/2009/1 Domestic Intelligence System Grows without Controls 1) Vast Domestic Intelligence System Grows without Adequate Civil Liberties Protections 2) Nationwide Information Sharing Networks Magnify Risks to Privacy 3) Abuses Have Already Occurred 4) Closer Oversight, More Detailed and Stringent Guidelines Needed _______________________________________________ 1) Vast Domestic Intelligence System Grows without Adequate Civil Liberties Protections Without a definitive decision to do so, and without adequate guidelines or limits, government agencies at the federal, state and local level are creating a vast domestic intelligence apparatus. The concerns long posed by domestic spying are magnified by the digital revolution, which makes it easier than ever to collect, store, exchange and retrieve personally identifiable information, making it available far removed from the context in which it was collected and creating a high risk that information will be misinterpreted and used to the detriment of innocent persons. Homeland security intelligence, as it is sometimes called, is not statutorily defined, but the loosely structured system that is being created does not distinguish between information regarding foreign terrorist organizations and information regarding domestic terrorist groups. It includes information collected under criminal investigative powers, ?foreign intelligence? or counterintelligence collected under the national security powers, and information collected under regulatory or administrative authorities or from open sources. Indeed, there is a new effort to collect information with no real predicate at all, based solely on a broadly defined notion of "suspicious activity." The system includes information collected by federal agencies and information collected by state and local governments. To some degree, counter-terrorism intelligence gathering and dissemination must be broad in scope, since one of the reasons why the planning of the 9/11 attacks went undetected is that agencies observed various artificial distinctions that prevented information sharing and collaboration. However, with such an all-encompassing definition, the cycle of collecting, sharing and using homeland security intelligence clearly poses risks to constitutional values of privacy, free expression, free association and democratic participation. There are also questions of effectiveness: the security ?bang per byte? of information gathered may be diminishing. While ?stove piping? was yesterday?s problem, tomorrow?s problem may be ?pipe clogging,? as huge amounts of information are being gathered without apparent focus. CDT Testimony on Homeland Security Intelligence: http://www.cdt.org/testimony/20090318nojeim.pdf (March 18, 2009) ______________________________________________________ 2) Nationwide Information Sharing Networks Magnify Risks to Privacy Multiple agencies at the federal level collect and analyze information that fits under the homeland security intelligence umbrella. Within the Department of Homeland Security alone, there is a departmental Office of Intelligence and Analysis and there are intelligence units within several of the Department?s components as well, including the U.S. Citizenship and Immigration Service, the Coast Guard, Customs and Border Protection, Immigration and Customs Enforcement, and the Transportation Security Administration. Outside the DHS, federal agencies collecting or analyzing homeland security intelligence include the FBI, the CIA, the Drug Enforcement Administration, the Department of Energy, the Treasury Department, and entities within the Department of Defense, including the National Security Agency and the National Reconnaissance Office, whose satellites are available for domestic collection. Outside of the federal government, state, local, and tribal police forces of varying sizes also engage in the collection of homeland security intelligence. The level of sophistication of these efforts varies widely. For example, the New York City Police Department has a sophisticated intelligence operation, which operates with little public oversight. Likewise, the Los Angeles Police Department has a very sophisticated intelligence gathering and integration program. Until recently, collection, analysis and dissemination efforts have been disjointed and uncoordinated, which may have offered some comfort to civil libertarians. Now, a variety of efforts are underway to integrate the information that is being collected and to share it more widely. They include: * Information Sharing Environment: The ISE, created by Congress and housed in the Office of the Director of National Intelligence, is intended to facilitate sharing of terrorism, law enforcement and homeland security information across federal agencies and among state, local and tribal police forces. The ISE is scheduled to go operational this summer. * National Counterterrorism Center: The NCTC employs more than 500 people, drawn from 16 federal departments and agencies, to integrate and analyze counterterrorism intelligence, much of which fits under the homeland security intelligence umbrella. The NCTC has access to more than 30 intelligence, military and law enforcement networks; it also takes in copies of data from other agencies, creating its own depository of data that is analyzed and shared. Among other functions, the NCTC maintains the repository of information about terrorists from which is derived the watchlist used to screen airline passengers. * E-Guardian: E-Guardian is an FBI system for sharing unclassified information relating to terrorism with 18,000 entities, including state and local law enforcement entities. According to a DOJ Inspector General?s report, a related system, Guardian, which contains terrorism tips and reports by federal agencies, suffers from numerous data integrity failures. * Fusion Centers: State and local governments have created at least 58 fusion centers. Each fusion center is different, but there continue to be questions about their mission and effectiveness and they face significant challenges. * Joint Terrorism Task Forces: JTTFs are comprised of federal, state and local law enforcement officers and specialists. The JTTF concept pre-dated 9/11 by several decades but was expanded after 9/11 and there are now 100 JTTFs, including one in each of the FBI?s 56 field offices nationwide. Sixteen other federal law enforcement and intelligence agencies are involved in one or more JTTFs. The goal, of course, is laudable: to collect and connect the dots that might reveal a terrorist scheme. However, there is no overall theme to this collection and sharing effort, no guiding principles. DOJ Inspector General?s report: http://www.usdoj.gov/oig/reports/FBI/a0902/final.pdf ___________________________________________ 3) Abuses Have Already Occurred Despite the secrecy surrounding domestic intelligence activities, instances have been uncovered where homeland intelligence efforts classified legitimate political activity as ?terrorism? and monitored peaceful activists. Example include. * Undercover Maryland State Police officers conducted surveillance on war protesters and death penalty opponents from March 2005 until May 2006. The state police classified 53 nonviolent activists as terrorists and entered their names in state and federal terrorism databases. * At least as of 2006, the Intelligence Branch of the Federal Protective Service in DHS was compiling a ?Protective Intelligence Bulletin,? mainly by using a ?media reporting service? available on the Internet. The 17-page, March 3, 2006 bulletin, lists dozens of events such as a ?Three Years Is Too Many Demonstration? by the Central Vermont Peace and Justice Center to be held at 1400 hours on the sidewalk in front of Main Street Park in Rutland. Also, there is a trend toward the collection of huge quantities of information with little or no predicate, through ?Suspicious Activity Reports.? State, local, tribal and federal entities are collaborating to develop a nationwide SARs system that is just getting off the ground. So far, the standards for the program suggest that much innocent activity will be tracked. For example, photographing bridges is described as a suspicious activity, even though such sites are regularly photographed by tourists, journalists and photography buffs. DHS ICE "Civil Activists and Extremists Action Calendar" bulletin http://www.defendingdissent.org/ICECalendar.pdf (March 3, 2006) ______________________________________________________________ 4) Closer Oversight, More Detailed and Stringent Guidelines Needed Remarkably, there does not seem to be a set of intelligence guidelines for the Department of Homeland Security or for any of its intelligence- collecting components. Moreover, the guidelines that have been issued so far fail to provide adequate guidance. Guidelines for the FBI, issued by the Attorney General last year, permit intelligence collection without any suspicion of wrong-doing. Guidelines issued for the ISE provide generic, unhelpful guidance, stating that ?all agencies shall, without exception, comply with the Constitution and all applicable laws and Executive Orders.? In a recent report, the Markle Foundation Task Force on National Security in the Information Age called on the President and Congress to develop government-wide privacy policies for information sharing to match the increased technological capabilities to collect, store and analyze information. The Task Force, which senior CDT staff participate in, stressed that these policies must be detailed and must address the hard questions not answered by current law -- who gets what information for what purpose, under what standard of justification. In our March 18, 2009 testimony, CDT recommended a number of additional steps that should be taken to focus domestic intelligence operations: * Require DHS entities to follow the principles of fair information practice (FIPs), including the minimization principle. The well-known FIPs are not perfect, but they provide probably the best framework available for designing a focused and limited information system. * Adhere to the criminal predicate where appropriate. Probably the single most effective civil liberties protection that could be imposed on the collection and sharing of homeland security intelligence that includes personally identifiable information would be to require criminal predication. This means that information, unless it pertains to a terrorist, spy or another agent of a foreign power and was collected under the Foreign Service Intelligence Act, is collected or shared only because it has some degree of relevance to a potential violation of the law. * Conduct comprehensive oversight of homeland security intelligence collection. Congress, in exercising its oversight role, should sample intelligence products developed by DHS components to more fully ascertain what is being collected, how it is used, and whether it is useful in preventing terrorism. Oversight Committees should consider whether more targeted collection efforts would be more effective. Also, they should review the training materials that DHS entities use. * Conduct an independent assessment of the value of SARs reporting. SARs reporting may or may not be the best way to collect the ?dots? that need to be connected to head off terrorist attacks; whether it is or is not should be tested. This may involve commissioning a GAO study or conducting an independent staff level assessment. CDT?s analysis of the Attorney General Guidelines: http://cdt.org/publications/policyposts/2008/16 (Oct. 29, 2008) Our analysis of the ISE guidelines: http://www.cdt.org/security/20070205iseanalysis.pdf (Feb. 2, 2007) Markle Task Force report, Nation at Risk: http://www.markle.org/downloadable_assets/20090304_mtf_report.pdf (March 2009) _______________________________________________ Detailed information about online civil liberties issues may be found at http://www.cdt.org/. This document may be redistributed freely in full or linked to: http://cdt.org/publications/policyposts/2009/1 Excerpts may be re-posted with the prior permission of brock at cdt.org Policy Post 15.1 Copyright 2009 Center for Democracy and Technology From rforno at infowarrior.org Fri Mar 20 12:10:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Mar 2009 08:10:02 -0400 Subject: [Infowarrior] - New DOJ Guidelines on FOIA Released Message-ID: <279F49AB-3336-4B60-8341-CCC522D7CB49@infowarrior.org> (c.o M.S.) http://www.gwu.edu/~nsarchiv/news/20090319/index.htm New Attorney General Guidelines on FOIA Released Holder Memo Encourages Discretionary Releases, Accountability of FOIA Programs; DOJ Will Only Defend if Harm from Release is Reasonably Foreseeable For More Information Contact: Meredith Fuchs, General Counsel, National Security Archive (202) 994-7000 Thomas Blanton, Director, National Security Archive (202) 994-7000 Washington, D.C., March 19, 2009 - Attorney General Eric Holder today released new guidelines for federal agencies on the Freedom of Information Act (FOIA) that reinforce the presumption of disclosure articulated by President Obama in his day one Memorandum on FOIA, issued January 21, 2009. http://www.gwu.edu/~nsarchiv/news/20090319/foia-memo-march2009.pdf http://www.gwu.edu/~nsarchiv/news/20090121/2009_FOIA_memo.pdf Attorney General Holder's memorandum provides practical guidance for implementing the presumption of disclosure, including by encouraging discretionary releases of records and releasing portions of records even when other portions are being withheld. It states that the Department of Justice will only defend withholdings in court when there is a reasonably foreseeable risk of harm to an interest protected by one of the FOIA exemptions or the law requires the information to be withheld. It states that this policy will be applied to pending litigation "if practicable" and "where there is a substantial likelihood that application of the guidance would result in a material disclosure of additional information." "We are delighted," remarked the Archive's General Counsel, Meredith Fuchs. "The new Attorney General guidelines read as if there is a new show in town and for the first time in eight years everyone is welcome to come see it." With regard to the Department's role defending government agencies in FOIA cases, Ms. Fuchs commented, "Not only do we think this should have an impact on several pending cases, including our own case seeking Justice Department memoranda authorizing warrantless surveillance of Americans, we also hope that is not the end of the progress. We hope the Department of Justice will counsel its federal agency clients in a manner that reduces litigation and resolves disputes, including through mediation by the Office of Government Information Services that is being established at the National Archives." In addition to the presumption of disclosure, the memorandum recognizes that the responsibility for FOIA administration runs throughout each agency and instructs that the memorandum be shared with all FOIA personnel. It encourages the use of technology, proactive posting of records of interest to the public without the requirement of a FOIA request, and tracking of FOIA requests. "We are very pleased to see Attorney General Holder encouraging agencies to use common sense and good management to do their work in a manner that advances government transparency and efficiency, rather than clinging to old practices that used up resources without advancing the democratic principles underlying FOIA," said Ms. Fuchs. "We hope the Attorney General's strong direction will correct the course of the federal government which has, for eight years, followed the path of secrecy." From rforno at infowarrior.org Fri Mar 20 12:47:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Mar 2009 08:47:53 -0400 Subject: [Infowarrior] - Australia's Web blacklist leaked Message-ID: <348F9D83-9661-40D5-857F-5F4C4394F92B@infowarrior.org> Australia's Web blacklist leaked Data reveals government has blocked legitimate businesses Darren Pauli 19/03/2009 12:57:00 http://www.computerworld.com.au/article/296161/australia_web_blacklist_leaked?fp=16&fpid=1 The secretive Internet filter blacklist held by the communications watchdog ACMA has been leaked, revealing the government has understated the amount of banned Web pages by more than 1000. Multiple legitimate businesses and Web sites have been banned including two bus companies, online poker sites, multiple Wikipedia entries, Google and Yahoo group pages, a dental surgery and a tour operator. Betfair CEO Andrew Twaits was furious the government has potentially annexed tens of millions of dollars in revenue after its Betfair.com gambling site was blacklisted. The blacklists were reportedly leaked by a Web filter operator to wikileaks which has published the full list of banned URLs. Outraged privacy advocates say the government has effectively lied about the amount of URLs included in the blacklists, totalling more than 2300, and the type of content which it would ban. Electronic Frontiers Association (EFA) spokesman Geordie Guy said the list, dated August last year, would now be far more extensive in both the amount of URLs banned and the type of content included. ?The list is quite a bit bigger than what we have been led to believe; we were told it contained about 1600 pages in its current incarnation, and ACMA reports have claimed as low as 1300,? Guy said. ?Because this is a secret that has been leaked, everyone will be after it.? ?Every Australian will want to know what they were not they were considered so irresponsible to not leave alone.? Guys said the leakage is proof that the list will be continually leaked if the Internet content filters are enforced, which he said will completely undermine its effectiveness. Users republishing the banned Web sites will effectively break the law and risk an $11,000 fine from the watchdog. From rforno at infowarrior.org Fri Mar 20 12:50:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Mar 2009 08:50:12 -0400 Subject: [Infowarrior] - Government 2.0 Meets Catch 22 Message-ID: March 17, 2009, 11:24 am Government 2.0 Meets Catch 22 By Saul Hansell Policy and Law http://bits.blogs.nytimes.com/2009/03/17/government-20-meets-catch-22/ ?Do I need to P.I.A. Facebook?? said the perplexed bureaucrat squished into a narrow basement hotel conference room in Washington DC. P.I.A. stands for Privacy Impact Assessment, a procedure that federal agencies must go through every time they create a new computer system. It was one of many questions about how the government can use the tools of Web 2.0 raised in a session of a privacy conference last week. Organizations of all sorts have been trying to figure out how they can adapt social networks, blogs, wiki?s and other Web tools to their traditional operating methods in order to connect to customers and partners. But it is tough. ?We have a Facebook page,? said one official of the Department of Homeland Security. ?But we don?t allow people to look at Facebook in the office. So we have to go home to use it. I find this bizarre.? There are many other procedures at government agencies that aren?t just tradition, they are the law. For example, the mostly harmless feature of Facebook that allows users to specify their religious and political views, may run afoul of the Privacy Act. That law prevents the government from using the site because a provision in the Privacy Act bans it from keeping records related to how people exercise their first amendment rights. ?We are stodgier? than the private sector, said Alex Joel, the civil liberties protection officer for the Office of the Director of National Intelligence, who moderated the session at the annual meeting of the International Association of Privacy Professionals, the trade group for corporate and government privacy officers. ?We have our own way of doing things.? Speaking of the First Amendment, one person asked, does the government have the right to remove offensive comments on a blog or social network page? And if it does, must it keep copies of the deleted material under the Federal Records Act and provide them to people making Freedom of Information Act Requests? Yes, it can remove comments that violate posted policies about decency and so on, and yes, it must keep them for a specified time, other participants said. Private companies are considering whether they should look at someone?s Facebook and MySpace profiles before deciding whether to hire them. Some government participants wondered if doing so would require that the government file a notice under a provision of the Privacy Act that requires it to disclose all of the ?systems of records? it uses to keep track of information about people. Peter Swire, a former government privacy official who now teaches law at Ohio State University, raised another question: anti-corruption law prevents federal officials from receiving gifts of goods and services. Does that prevent an agency from using software or services available free on the Web? Mr. Swire also pointed to legal pitfalls: federal computer systems must be made accessible to the disabled. For example, they must have captions on videos. Many commercial sites don?t meet these standards. Moreover, the government generally isn?t allowed to endorse commercial products. Mr. Swire said this could be interpreted to mean it can?t use any sites that include advertising. So far, these issues have not prevented at least some agencies from experimenting with many forms of social media, although some have had to ask sites to modify their formats. The Federal Trade Commission, for example, does not allow advertising on its YouTube channel. (Craig Newmark, founder of CraigsList, wrote Tuesday about government officials organizing to use social media.) The Central Intelligence Agency uses Facebook to recruit employees. The State Department uses it as part of its ?public diplomacy? efforts, such as a page for the embassy in Jakarta. But there are at least as many pages created on Facebook that are about the agencies that are not officially sanctioned. ?For every Facebook page that represents itself as an official State Department page, there is another unofficial page,? one participant said. The government already maintains a list of all federal blogs, and some wondered if it should do the same for social networking pages. Officials at the session said they feel urgent pressure to get hip to social networks, Wikis and such because of the open government agenda of the Obama administration. But clearly there are a lot of rules and regulations that need to be adjusted for this to work. From rforno at infowarrior.org Fri Mar 20 12:51:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Mar 2009 08:51:36 -0400 Subject: [Infowarrior] - NBCU: When lawyers have no business sense Message-ID: NBC Universal Shuts Down Battlestar Galactica Fan Charity Event In Toronto from the not-very-nice dept And here we have yet another case where the copyright holder is certainly within its rights, but that hardly means that its decision made any business sense at all. Michael_S alerts us to the news that some fans of the TV show Battlestar Galactica tried to set up a showing of the finale in a movie theater in Toronto as a charity event. They spoke to someone at NBC Universal, who basically agreed to look the other way and let the event happen... but then the lawyers found out and they shut the event down, because how dare the biggest fans of one of your biggest shows all get together to celebrate the show and raise money for charity at the same time. Yes, it is absolutely within NBC Universal's legal right to block such a public performance, but it makes the company look like a massive, charity- hating bully, for no good reason (and, before someone says it, the need to enforce applies to trademarks, not copyright). It wouldn't have been hard for NBC Universal to set up a simple license to allow the showing to happen, but when you live in a world where lawyers and control are more important than actual business sense, this is what you get. http://techdirt.com/articles/20090319/1844414186.shtml From rforno at infowarrior.org Fri Mar 20 18:32:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Mar 2009 14:32:57 -0400 Subject: [Infowarrior] - Infowarcon 2009 Message-ID: (Disclosure: I am chairing a panel on US cybersecurity @ the event....- rick) INFOWARCON 2009 www.infowarcon.com Alexandria, VA ? The Association of Old Crows (AOC) will host InfowarCon 2009 on April 22-24 at the Gaylord National Resort and Convention Center, National Harbor, MD. The event brings together experts, military and government leaders, and warfighters to discuss the numerous theoretical and practical changes to and uses of Information Operations (IO), Strategic Communications, and Public Diplomacy, based on experiences learned in Iraq, Afghanistan, China, and Georgia-Russia. The AOC welcomes the Honorable James Glassman, Former Under Secretary of State for Public Diplomacy and LTG Thomas Metz, US Army, Director of the Joint IED Defeat Organization (JIEDDO). InfoWarCon features many cutting-edge demonstrations, debates, educational courses, and networking opportunities, including: Computer Network Attack/Defense Live Fire Exercise Cyberwarfare ? 2008 Russian Invasion of Georgia session Chinese Delegation Panel & Keynote Address The New Arab Information Environment session The AOC knows that IO is dynamic and changing, and all parts of the government, military, academia and industry are struggling to accurately prepare for the future. InforwarCon 2009 provides attendees the opportunity to interact with the experts, warriors, technologists and specialists, regarding the significant changes in worldwide and domestic events. It?s the opportunity to find out what is happening, why, and how current events will impact the future. The AOC guarantees that InfowarCon will provide the right network to share challenges, identify opportunities, and plan for future success. Thanks to the generous support of InfowarCon 2009 corporate sponsors (Honeywell, SAIC, Northrop Grumman, White Wolf Security, Booz/Allen/Hamilton, S4, SOS International, and SRC), the AOC is honoring warfighters by offering FREE admission to U.S. and allied nations uniformed military personnel. Free admission is also extended military and civilian students presenting proper ID. Furthermore, discounts are available for industry and civilian government attendees. Groups of three or more receive a discount of $100 on each individual registration. Group registrations must be faxed collectively. To take advantage of these special offers, you must pre-register by Friday, April 3. See below for registration information. The AOC facilitates the development and maturity of knowledge within the fields of Electronic Warfare (EW) and Information Operations (IO) on an international basis. To do this, the AOC acts as advocates and provides a forum for the sharing of ideas and information across a wide range of disciplines. Visit www.infowarcon.com for more information and to register. From rforno at infowarrior.org Fri Mar 20 23:34:46 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Mar 2009 19:34:46 -0400 Subject: [Infowarrior] - You can't make this up... Message-ID: Pub is closed by Monty Python grenade Tony Bassett 19.03.09 BUILDINGS were evacuated, a street was cordoned off and a bomb disposal team called in after workmen spotted a suspicious object. But the dangerous-looking weapon turned out to be the Holy Hand Grenade of Antioch, made famous in the 1975 film Monty Python And The Holy Grail. Police and a fire crew were first on the scene in Shoreditch, east London, when water company workers found a copy of the film prop under a fire hydrant cover. They evacuated a pub and another building in Tabernacle Street, while office staff in another building were stopped from leaving. But when the bomb squad arrived, they quickly established there was no danger and the street was declared safe. In the film, the grenade was used to slaughter a killer rabbit. Python actor Eric Idle had filmgoers in stitches as he said: "Oh Lord. Bless this hand grenade, that with it thou mayest blow thine enemies to tiny bits, in thy mercy." Alberto Romanelli, who owns the Windmill pub nearby, said the police action in ordering his pub to be evacuated had been as ridiculous as the film scene. "They evacuated the pub while they were doing X-rays and stuff," he said. "It all lasted about 45 minutes before they decided it was nothing - which I thought was pretty obvious from the start. I lost a good hour's worth of business." Emma Eve, a training centre receptionist, said: "It was scary. They wouldn't let us out of the building." Office worker Graham White said: "The situation was nearly as crazy as the film." < - > http://www.thisislondon.co.uk/standard/article-23664399-details/article.do?ito=newsnow& From rforno at infowarrior.org Sun Mar 22 01:53:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Mar 2009 21:53:07 -0400 Subject: [Infowarrior] - A bill to shift cybersecurity to White House Message-ID: March 20, 2009 6:00 PM PDT A bill to shift cybersecurity to White House by Stephanie Condon http://news.cnet.com/8301-13578_3-10200710-38.html Forthcoming legislation would wrest cybersecurity responsibilities from the U.S. Department of Homeland Security and transfer them to the White House, a proposed move that likely will draw objections from industry groups and some conservatives. CNET News has obtained a summary of a proposal from Senators Jay Rockefeller (D-W.V.) and Olympia Snowe (R-Maine) that would create an Office of the National Cybersecurity Advisor, part of the Executive Office of the President. That office would receive the power to disconnect, if it believes they're at risk of a cyberattack, "critical" computer networks from the Internet. "I regard this as a profoundly and deeply troubling problem to which we are not paying much attention," Rockefeller said a hearing this week, referring to cybersecurity. Giving the White House cybersecurity responsibility was one of the top recommendations of a commission that produced a report last year to advise President Obama on cybersecurity issues. However, the Homeland Security Department, which currently has jurisdiction over cybersecurity, hasinsisted the reshuffling of duties is not needed. Given the enormity of cybersecurity threats, the responsibility is a natural fit for the White House, said James Lewis, a director and senior fellow at the Center for Strategic and International Studies, which issued last year's commission report. "The Obama administration has an adviser on energy and climate change, and that's good and important," Lewis said, "but we're still in the mode that cyber is less important." While the bill is still in draft form and thereby subject to change, it would put the White House National Cybersecurity Advisor in charge of coordinating cyber efforts within the intelligence community and within civilian agencies, as well as coordinating the public sector's cooperation with the private sector. The adviser would have the authority to disconnect from the Internet any federal infrastructure networks--or other networks deemed to be "critical"--if found to be at risk of a cyberattack. The private sector will certainly speak out if this provision is included in the final draft of the bill, a representative of the technology industry who spoke on condition of anonymity said. "You can be assured that if that idea is put into legislation we would certainly have views on it," he said. "It's not trivial." While the person did not take a stance on whether the White House is the appropriate place to put cybersecurity jurisdiction, he said, "cybersecurity is a cross-cutting issue, across all government agencies, so leadership at the top is useful." The bill could also make the proposed cyber adviser responsible for conducting a quadrennial review of the country's cybersecurity program, as well as for working with the State Department to develop international standards for improving cybersecurity. The draft version of the bill also establishes a clearinghouse for the public and private sectors to share information about cyberthreats and vulnerabilities. It also creates a Cybersecurity Advisory Panel consisting of outside experts from industry, academia, and nonprofit groups to advise the president. Because many federal contracting officers do not currently include security provisions into federal procurements, the bill could also establish a "Secure Products and Services Acquisitions Board" to review and approve all federal acquisitions. At Thursday's hearing, Edward Amoroso, AT&T's senior vice president and chief security officer, said the federal procurement process "needs to be upgraded to implement sufficient security protections." Some industry groups are warning, however, that adding customized requirements to the government's procurement process may inhibit the government's ability to take advantage of the innovations and cost benefits available from commercial technology. "Simply put, the government cannot reach its security goals by compromising its access to commercial solutions and processes, nor can it technologically or financially afford it," the Business Software Alliance wrote in a memoto Melissa Hathaway, the acting senior director for cyberspace at the White House National and Homeland Security Councils, who is conducting a 60-day review of cybersecurity programs for President Obama. "Rather than imposing overbroad security requirements, government needs to be selective and limit them to high- criticality systems." The bill may also subject both government and private sector networks to cybersecurity standards established by the National Institute of Standards and Technology. It may also provide for a professional licensing and certification program for cybersecurity professionals. The senators also want to create greater general awareness of the importance of cybersecurity, so the legislation would expand scholarships for students studying cybersecurity, create an annual cybersecurity competition and prize for students, and initiate a cybersecurity awareness campaign. It would also increase cybersecurity research and development funding for the National Science Foundation. Lewis said he is very pleased with the Senate's work on this bill so far. "Having a knowledgeable and powerful group of senators that are willing to pick up the ball and run with it is really encouraging," he said. Given the broad nature of the legislation--which spans intelligence and homeland security issues, as well as commerce issues--Rockefeller may have to work with the leaders of the Senate Homeland Security Committee and other leaders in the Senate to shape the final version. An industry representative said, though, that Rockefeller's previous experience chairing the Select Committee on Intelligence will improve the bill's chances of advancing. "His personal credibility and experience allow him to play a role that another chairman might necessarily have been able to play," the industry representative said. From rforno at infowarrior.org Sun Mar 22 01:58:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Mar 2009 21:58:30 -0400 Subject: [Infowarrior] - Pew Report: State of the News Media 2009 Message-ID: <27CA7073-E468-4F1A-ABA9-F15C4B34F689@infowarrior.org> http://www.stateofthemedia.org/2009/index.htm The State of the News Media 2009 is the sixth edition of our annual report on the health and status of American journalism. Our goals are to take stock of the revolution occurring in how Americans get information and provide a resource for citizens, journalists and researchers to make their own assessments. To do so we gather in one place as much data as possible about all the major sectors of journalism, identify trends, mark key indicators, note areas for further inquiry. For each area we have produced original research and aggregated existing data into a narrative on the state of journalism that we hope is the most comprehensive anywhere. Statistical data also exists in an interactive format (see our index of charts), which allows users to customize their own graphics. The report also includes A Year in the News, a comprehensive content analysis of media performance based on more than 70,000 stories from 48 news outlets across five media sectors, as well as a special look at Hispanic and African American media and an Interactive Topline that lets users explore the data for themselves. This year?s study also includes special reports on Lessons of the Election, New Ventures online, a content analysis of Citizen Media in 46 communities. And coming soon: a Survey of Online Journalists and a look back at Campaign Coverage. This report is the work of the Pew Research Center?s Project for Excellence in Journalism, a nonpolitical, nonpartisan research institute. The study is funded by the Pew Charitable Trusts and was produced with the help of a number of authors and collaborators , including Rick Edmonds of the Poynter Institute and a host of industry readers. The full report is comprehensive, totaling nearly 180,000 words. http://www.stateofthemedia.org/2009/index.htm From rforno at infowarrior.org Mon Mar 23 00:46:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Mar 2009 20:46:50 -0400 Subject: [Infowarrior] - New Treasury Toxic Asset Plan Message-ID: Treasury's toxic asset plan could cost $1 trillion Mar 22, 5:03 PM (ET) By MARTIN CRUTSINGER http://apnews.myway.com/article/20090322/D973AFAO0.html WASHINGTON (AP) - The Obama administration's latest attempt to tackle the banking crisis and get loans flowing to families and businesses will create a new government entity, the Public-Private Investment Program, to help purchase as much as $1 trillion in toxic assets on banks' books. The new effort, to be unveiled Monday, will be followed the next day with release of the administration's broad framework for overhauling the financial system to ensure that the current crisis - the worst in seven decades - is not repeated. A key part of that regulatory framework will give the government new resolution authority to take over troubled institutions that would pose a threat to the entire financial system if they failed. Administration officials believe this new power will save taxpayers money and avoid the type of controversy that erupted last week when insurance giant American International Group paid employees of its troubled financial products unit $165 million in bonuses even though the company had received more than $170 billion in support from the federal government. Under the new powers being sought by the administration, the treasury secretary could only seize a firm with the agreement of the president and the Federal Reserve. Once in the equivalent of a conservatorship, the treasury secretary would have the power to limit payments to creditors and to break contracts governing executive compensation, a power that was lacking in the AIG case. The plan on toxic assets will use the resources of the $700 billion bank bailout fund, the Federal Reserve and the Federal Deposit Insurance Corp. The initiative will seek to entice private investors, including big hedge funds, to participate by offering billions of dollars in low- interest loans to finance the purchases. The government will share the risks if the assets fall further in price. When Geithner released the initial outlines of the administration's overhaul of the bank rescue program on Feb. 10, the markets took a nosedive. The Dow Jones industrial average plunged by 380 points as investors expressed disappointment about a lack of details. Christina Romer, head of the Council of Economic Advisers, said Sunday that it's important for investors to know that the administration is bringing a full array of programs to confront the problem. "I don't think Wall Street is expecting the silver bullet," she said on CNN's "State of the Union.""This is one more piece. It's a crucial piece to get these toxic assets off, but it is just part of it and there will be more to come." But private economists said investors may still have doubts about whether the government has adequate resources to properly fund the plan and whether private investors will be attracted to participate, especially after last week's uproar concerning the AIG bonuses, which has added to the anti-Wall Street feelings in the country. Romer said the new toxic asset program would utilize around $100 billion from the $700 billion bailout fund, leaving the fund close to being tapped out. Mark Zandi, an economist at Moody's Economy.com, estimated that the government will need an additional $400 billion to adequately deal with the toxic asset problem, seen by many analysts as key to finally resolving the banking crisis. Zandi said the administration has no choice but to rely heavily on government resources because of the urgency of getting soured real estate loans and troubled asset-backed securities off the books of banks so that they can resume more normal lending to consumers and businesses. "This is a start and we will see how far it goes, but I believe they will have to go back to Congress for more money," he said. The Public-Private Investment Program that will be created was viewed as performing the same functions - selling bonds to finance purchases of bad assets - as a similar organization did for the Resolution Trust Corp., which was created to dispose of bad real estate assets in the savings and loan crisis of the 1980s. According to administration and industry officials, the toxic asset program will have three major parts: _A public-private partnership to back private investors' purchases of bad assets, with government support coming from the $700 billion bailout fund. The government would match private investors dollar for dollar and share any profits equally. _Expansion of a recently launched Fed program that provides loans for investors to buy securities backed by consumer debt as a way to increase the availability of auto loans, student loans and credit card debt. Under Geithner's plan for the toxic assets, that $1 trillion program would be expanded to support purchases of toxic assets. _Use of the FDIC, which insures bank deposits, to support purchases of toxic assets, tapping into this agency's expertise in closing down failed banks and disposing of bad assets. Some industry officials said hedge funds and other big investors are likely to be more leery of accepting the government's enticements to purchase these assets, fearing tighter government restraints in such areas as executive compensation. Administration officials, however, insisted Sunday that a distinction needed to be made between companies getting heavy support from the bailout programs and investors who are being asked to help dispose of troubled assets. Romer said the partnership with the private sector will help ensure that the government doesn't overpay for the toxic assets that it will be purchasing. "This isn't just another handout to banks," she said on CNN. "We very much have the taxpayers' interest in mind." The administration's revamped program for toxic assets is the latest in a string of banking initiatives which have also included efforts to deal with mortgage foreclosures, boost lending to small businesses and unfreeze the market for many types of consumer loans. In addition, the nation's 19 biggest banks are undergoing intensive examinations by regulators that are due to be completed by the end of April to determine whether they have sufficient capital reserves to withstand an even more severe recession. Those that do not will be able to get more support from the government. The overhaul of financial regulation will be revealed by Geithner in testimony he is scheduled to give Tuesday and Thursday before the House Financial Services Committee. In addition to the expanded authority to seize big institutions that pose a risk to the entire system, the administration is also expected to offer more general proposals on limiting excesses seen in executive compensation in recent years, where the rewards prodded extreme risk- taking. The regulatory plan is also expected to include a major change that gives the Federal Reserve more powers to oversee systemic risks to the entire financial system. The administration is working to unveil its proposed regulatory changes in advance of a meeting of the Group of 20 economic leaders, which Obama will attend on April 2 in London. European nations have complained that lax financial regulations in the United States set the stage for the current financial crisis. From rforno at infowarrior.org Mon Mar 23 01:07:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Mar 2009 21:07:57 -0400 Subject: [Infowarrior] - OT: Book Recommendation Message-ID: <134387A1-2D95-48F2-9261-B23C65F7BDDD@infowarrior.org> Tonight I finished William Cohan's new book on the demise of Bear Stearns called 'House of Cards' -- a rather disturbing but well written chronology of events leading to Bear's fall last year. From bad business decisions, out-and-out deceptions, some *very* out of touch management (many with strong, if not bull-headed personalities) and more, the book shed new light on what I already knew about the story, and revealed some new stuff too. FWIW saying, the first and third sections are absolute page-turners. For those interested, here's a Bloomberg link to a review: http://www.bloomberg.com/apps/news?pid=20601088&sid=aGyp3RIFdW1I&refer=muse FYI, Cohan also wrote the definitive history of Lazard Freres back in 2007....another great read entitled 'The Last Tycoons'. -rick From rforno at infowarrior.org Mon Mar 23 02:06:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Mar 2009 22:06:36 -0400 Subject: [Infowarrior] - Hotmail does POP3 for all now Message-ID: <96FD2733-6A07-4955-93B5-5B052C982046@infowarrior.org> First time i've heard of it (maybe I'm slow) but since last week apparently anyone can POP3 their Hotmail ... ie, not just their paying customers. Key info: POP server: pop3.live.com (Port 995) POP SSL required? Yes User name: Your Windows Live ID, for example yourname at hotmail.com Password: The password you usually use to sign in to Hotmail or Windows Live SMTP server: smtp.live.com (Port 25 or 587) Authentication required? Yes (this matches your POP username and password) TLS/SSL required? Yes Source: http://mailcall.spaces.live.com/blog/cns!CC9301187A51FE33!49799.entry From rforno at infowarrior.org Mon Mar 23 12:27:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Mar 2009 08:27:47 -0400 Subject: [Infowarrior] - US Unveils Toxic Assets Plan Message-ID: US Unveils Toxic Assets Plan U.S. TREASURY, GEITHNER, RECOVERY, SPENDING, STIMULUS, BAD BANKS, CREDIT CRISIS, TOXIC ASSETS CNBC.com | 23 Mar 2009 | 08:19 AM ET http://www.cnbc.com/id/29834595 The US Treasury Monday revealed details of a plan to set up public- private investment funds that will buy up to $1 trillion in troubled loans and securities at the heart of the financial crisis. Initial market reaction, however, was positive. US stock futures and Asian share markets climbed on Monday in anticipation of the plan. Currencies that were sold off heavily during bouts of market volatility, such as the Australian dollar or sterling , also rose. The Treasury?s complex plan to use private funds to purchase toxic assets uses low-cost government financing, government guarantees and government equity as incentives, people familiar with the matter say. The plan has two programs--one to purchase securities, the other to purchase loans from banks. The plan will launch with a $500-billion price tag, but the cost could reach $1 trillion, the government said. About $75 to $100 billion of the government funding will come from the second tranche of the TARP. The Obama administration's latest plan comes amid a growing taxpayer backlash about aid to Wall Street, as well as what many consdier exhorbitant executive pay. Administration offcials Monday addressed those concerns, emphasizing that public and prvate money was being used togteher. "We're sharing in a partnership form," said White House economist Austan Goolsbee on CNBC. "If the private sector profits, then the government profits." Two-Prong Approach In the first part of the plan, the government will create around five separate public-private partnerships, with the government investing dollar for dollar along side private capital. These partnerships will bid for the mortgage-backed securities and other assets weighing down the balance sheets of the banks, creating a price through competition. "We don't want the government to assume all the risk. We want the private sector to work with us," Treasury Secretary Timothy Geithner told Wall Street Journal in an interview. The Federal Reserve will open up its Term Asset-Backed Securities Loan Facility for non-recourse funding for these purchases. Additional funding will be available from the TARP for these purchase. The second part of the program uses government and private funds to purchase loans off the books of the banks. Under this program, the Federal Deposit Insurance Corp. will offer guarantees to lenders who finance the purchase of these assets. The government will also invest side-by-side with private capital in the purchases. A bank selling the assets could be likely to finance those assets, with government guarantees. Officials stressed the program is not a "silver bullet" and won?t solve the banking problem by itself. They said it?s part of the broader Financial Stability Plan, which includes a $75 billion foreclosure mitigation plan, the TALF, the capital access program and the bank stress tests. For example, banks that sell assets to the private partnerships for less than the current values on their books could be required to raise capital. The capital access program will make that capital available in the form of mandatory convertible preferred that can be turned into common shares as needed. Treasury spokesman Isaac Baker Saturday declined to comment until details of the plan are announced. Aspects of the plan, however, have been leaking out to various news organizations, including CNBC, over the past few days. U.S. Treasury Secretary Timothy Geithner said on Sunday that help from the private sector was critical to get toxic assets off banks' balance sheets and help resolve a credit crisis. "Our judgment is the best way to get through this is if we can work through the markets," Geithner said in an interview with the Wall Street Journal post to the Internet late Sunday. "We don't want the government to assume all the risk." When he first mentioned public-private investment funds in February, Geithner laid out the proposal in such scant detail that markets sank on fears there was no clear-cut plan for rescuing a banking system beset by poorly performing mortgage and other assets left over from a housing boom that went bust. # Wall Streeters Face Bitterness?And Shock Geithner said the plan could soak up as much as $1 trillion of toxic assets, which investors would buy at a discount in hope of selling at a future profit, and in the process help establish a market-driven method for pricing such assets. -- Reuters contributed to this article ? 2009 CNBC.com URL: http://www.cnbc.com/id/29834595/ From rforno at infowarrior.org Mon Mar 23 12:38:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Mar 2009 08:38:31 -0400 Subject: [Infowarrior] - Obama DOJ sides with RIAA Message-ID: <71DDF4BB-FFFB-4918-ADE8-2C596EC929FF@infowarrior.org> Obama's Justice Department intervenes on side of RIAA in SONY BMG Music Entertainment v. Tenenbaum In its first opportunity to demonstrate its position on the constitutionality of the Copyright Act's statutory damages provisions as applied to mp3 files having a market value of 99 cents or less, the Obama Justice Department -- staffed by RIAA lawyers in its 2nd and 3rd highest positions -- has filed a motion for intervention and brief in SONY BMG Music Entertainment v. Tenenbaum which attempts to support the RIAA's statutory damages theory. < - > http://recordingindustryvspeople.blogspot.com/ From rforno at infowarrior.org Mon Mar 23 18:23:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Mar 2009 14:23:09 -0400 Subject: [Infowarrior] - Fear and the Availability Heuristic Message-ID: (c/o Schneierblog) Mass Murder is Nothing to Fear By Joshua D. Foster on March 16, 2009 - 2:14pm in The Narcissus in All of Us http://blogs.psychologytoday.com/blog/the-narcissus-in-all-us/200903/mass-murder-is-nothing-fear Two terrible incidents of violence occurred last week. Michael McLendon went on a killing rampage in Alabama that took the lives of 10 people before he killed himself. Half a world away in Germany, at about the same time, Tim Kretschmer attacked a school and murdered 15 people before killing himself. All told, 27 people died in these two incidents of mass murder. The news media in the United States has spent enormous amounts of time covering both incidents. We have not watched the German media, but it too has probably focused a lot of attention on the two incidents. It is probably safe to assume that news watchers in both countries have received a healthy dose of mass murder during the past several days. It will be interesting to see what results from these two incidents. To the extent that the past is prologue, we should expect to see plenty of public fear and extreme reactions from officials and politicians. Both can be traced, at least to some degree, to a cognitive shortcut called the availability heuristic. We use the availability heuristic to estimate the frequency of specific events. For example, how often are people killed by mass murderers? Because higher frequency events are more likely to occur at any given moment, we also use the availability heuristic to estimate the probability that events will occur. For example, what is the probability that I will be killed by a mass murderer tomorrow? We are especially reliant upon the availability heuristic when we do not have solid evidence from which to base our estimates. For example, what is the probability that the next plane you fly on will crash? The true probability of any particular plane crashing depends on a huge number of factors, most of which you're not aware of and/or don't have reliable data on. What type of plane is it? What time of day is the flight? What is the weather like? What is the safety history of this particular plane? When was the last time the plane was examined for problems? Who did the examination and how thorough was it? Who is flying the plane? How much sleep did they get last night? How old are they? Are they taking any medications? You get the idea. The chances are excellent that you do not have access to all or even most of the information needed to make accurate estimates for just about anything. Indeed, you probably have little or no data from which to base your estimate. Well, that's not exactly true. In fact, there is one piece that evidence that you always have access to: your memory. Specifically, how easily can you recall previous incidents of the event in question? The easier time we have recalling prior incidents, the greater probability the event has of occurring - at least as far as our minds are concerned. In a nutshell, this is the availability heuristic. Of course, any rational person understands that this method of estimation is flawed. Just because you happened to see a clown get run over by a dump truck yesterday and you can now easily recall this event, this doesn't mean that this sort of thing happens all of the time. Likewise, just because a plane crashed recently or two mass murders occurred last week, this doesn't make these events any more likely either. Nevertheless, studies on the availability heuristic consistently show that we estimate the probability of events occurring based in large part on how easily these events come to mind. As this relates to the recent mass murders, it is likely that people will become, at least for a time, more fearful that they or someone they know will be the victims of the next shooting incident. Politicians, whose jobs depend upon being in tune with the concerns of their constituents, and who are likely themselves to overestimate the likelihood of the next mass murderer coming to their towns, will probably introduce heavy-handed policies, such as banning literature that might incite the next perpetrator (police in Alabama discovered a stash of videos in the home of the gunman that instructed how to, for example, shoot from a moving vehicle). While these interventions will likely have little to no effect on future occurrences of mass murder, they will make people feel like something is being done to protect them from the boogeyman that now seems certain to live in their neighborhood. Although there are many problems associated with the availability heuristic, perhaps the most concerning one is that it often leads people to lose sight of life's real dangers. Psychologist Gerd Gigerenzer, for example, conducted a fascinating study that showed in the months following September 11, 2001, Americans were less likely to travel by air and more likely to instead travel by car. While it is understandable why Americans would have been fearful of air travel following the incredibly high profile attacks on New York and Washington, the unfortunate result is that Americans died on the highways at alarming rates following 9/11. This is because highway travel is far more dangerous than air travel. More than 40,000 Americans are killed every year on America's roads. Fewer than 1,000 people die in airplane accidents, and even fewer people are killed aboard commercial airlines. The bottom line is that being a passenger on a plane being flown by trained professionals who are being guided by a team of professionals (i.e., air traffic control) is much safer than driving your own car on streets surrounded by other amateur drivers who may or may not follow the rules of the road (and whose cars may or may not be fit to drive). Nevertheless, I (JF) almost always worry that my plane will crash, but I rarely even consider the dangers of driving - and I teach the availability heuristic every semester! It just shows how powerful this cognitive shortcut really is. Back to the killings in Alabama and Germany...The probability that any of us or anyone we know will ever become the victim of mass murder is almost too low to imagine. If we focus too many resources on trying to prevent this from ever happening again, we will likely expose ourselves to more mundane but much higher probability dangers, such as accidental shootings (which take far more lives than all of the mass murders put together). And this goes for anything whose probability is influenced by the availability heuristic (which is just about everything). Consider, for example, that the 2009 budget for homeland security (the folks that protect us from terrorists) will likely be about $50 billion. Don't get us wrong, we like the fact that people are trying to prevent terrorism, but even at its absolute worst, terrorists killed about 3,000 Americans in a single year. And less than 100 Americans are killed by terrorists in most years. By contrast, the budget for the National Highway Traffic Safety Administration (the folks who protect us on the road) is about $1 billion, even though more than 40,000 people will die this year on the nation's roads. In terms of dollars spent per fatality, we fund terrorism prevention at about $17,000,000/fatality (i.e., $50 billion/3,000 fatalities) and accident prevention at about $25,000/fatality (i.e., $1 billion/40,000 fatalities). This huge imbalance tells us that our priorities are seriously out of whack. (And don't even get us started on bigger killers like heart disease!) The take-home message of all of this is that we should be a lot less afraid of many of the things that scare us. Yes, terrible things such as plane crashes, terrorism, and mass murder do happen. Likely each of these things will happen several more times before the year is finished. But the good news is that the chances that any of us will be affected by any of these events are so remote that we can safely relax and not worry about them. To the extent that we do try to prevent scary things from happening, we should put forth more effort to prevent real dangers like car accidents, heart attacks, and diabetes. Interestingly, many of the real dangers are things that we have a lot of control over (unlike mass murder). Therefore, to the extent that we try to prevent them, we might actually improve our quality of life. (This post was co-authored by Ilan Shrira) From rforno at infowarrior.org Mon Mar 23 18:28:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Mar 2009 14:28:03 -0400 Subject: [Infowarrior] - DMCA Public Hearings Message-ID: http://www.copyright.gov/1201/comment-forms/index.html The Copyright Office of the Library of Congress will be holding public hearings on the possible exemptions to the prohibition against circumvention of technological measures that control access to copyrighted works. In accordance with the Copyright Act, as amended by the Digital Millennium Copyright Act, the Office is conducting its triennial rulemaking proceeding to determine whether there are particular ?classes of works? as to which users are, or are likely to be, adversely affected in their ability to make noninfringing uses if they are prohibited from circumventing such technological measures. Public hearings will be held as follows: Palo Alto, California Moot Court Room Stanford Law School Crown Quadrangle Friday, May 1, 2009 9:00 AM Washington, D.C. Copyright Hearing Room, LM-408 James Madison Memorial Building Library of Congress, 101 Independence Ave, S.E. Washington, DC. Wednesday, May 6, 2009 Thursday, May 7, 2009 Friday, May 8, 2009 All D.C. hearings begin at 10:00 AM http://www.copyright.gov/1201/comment-forms/index.html Requests to testify must be received by 5:00 p.m. E.D.T. on Friday, April 3, 2009. Before making a request to testify, please read the notice of public hearings. Fill out all sections below. Required information is indicated in bold type. From rforno at infowarrior.org Mon Mar 23 18:36:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Mar 2009 14:36:58 -0400 Subject: [Infowarrior] - 25% of UK databases violate privacy or human rights Message-ID: Right to privacy broken by a quarter of UK's public databases, says report ? Rowntree Trust cites DNA database and ID register ? Whitehall told 11 systems out of 46 must be scrapped * Alan Travis, home affairs editor * The Guardian, Monday 23 March 2009 http://www.guardian.co.uk/politics/2009/mar/23/dna-database-idcards-children-index A quarter of all the largest public-sector database projects, including the ID cards register, are fundamentally flawed and clearly breach European data protection and rights laws, according to a report published today. Claiming to be the most comprehensive map so far of Britain's "database state", the report says that 11 of the 46 biggest schemes, including the national DNA database and the Contactpoint index of all children in England, should be given a "red light" and immediately scrapped or redesigned. The report, Database State by the Joseph Rowntree Reform Trust, says that more than half of Whitehall's 46 databases and systems have significant problems with privacy or effectiveness, and could fall foul of a legal challenge. Only six of the 46 systems, including those for fingerprinting and TV licensing, get a "green light" for being effective, proportionate, necessary and established - with a legal basis to guarantee against privacy intrusions. But even some of these databases have operational problems. A further 29 databases earn an "amber light", meaning they have significant problems including being possibly illegal, and needing to be shrunk or split, or be amended to allow individuals the right to opt out. This group includes the NHS summary care record, the national childhood obesity database, the national pupil database, and the automatic number-plate recognition system. The study is by members of the Foundation for Information Policy Research, including Ross Anderson, a Cambridge University professor. It says Britain is now the most invasive surveillance state and the worst at protecting privacy of any western democracy. It highlights the plight of people who have faced database problems, including a single mother anxious that social services would take her child if she talked to a GP about post-natal depression, and a13-year- old girl left with a criminal record for life because of a playground incident. The authors estimate that ?16bn a year is being spent on public sector IT, with a further ?105bn of expenditure planned for the next five years. Whitehall has admitted that only 30% of public-sector IT projects are successful. There are now thousands of databases operating in Whitehall. The Serious Organised Crime Agency inherited 500 when it was created, and is now attempting to rationalise them into 50 or 60. Anderson, the professor of security engineering at Cambridge, said: "Britain's database state has become a financial, ethical and administrative disaster, which is penalising some of the most vulnerable [in] society. It also wastes billions of pounds a year and often damages service delivery rather than improving it." Too often computerisation had been a substitute for public service reform, with little thought given to safety, privacy or value for money. "There must be urgent and radical change in the public-sector database culture so that the state remains our servant ,not our master ... we have to develop systems that put people first." The report says children in particular are placed at risk. Three of the largest databases set up to support the young are failing to achieve their aims, it says. Terri Dowty, of Action on Rights for Children, said young people had never been so measured, graded, monitored and discussed; the level of intrusion could not be "justified on the basis of good intentions". The report raises concerns about the Home Office system, ONSET, which gathers information from many sources to predict which children will offend. The report says children could be stigmatised by a system that contravenes the European convention on human rights. The Rowntree report says databases given an "amber" light should be assessed for their impact on privacy. Sensitive personal information should normally only be collected and shared with the subject's consent; and datasharing occur only in strictly defined circumstances. "The UK needs information systems that support citizens and professionals on a human scale, rather than multi-billion pound centralised databases used to stigmatise and snoop," said the report's co-author, Ian Brown, of the Oxford Internet Institute. From rforno at infowarrior.org Mon Mar 23 19:55:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Mar 2009 15:55:20 -0400 Subject: [Infowarrior] - Researchers unveil persistent BIOS attack methods Message-ID: March 19, 2009, 11:41 AM Researchers unveil persistent BIOS attack methods By Dennis Fisher http://threatpost.com/blogs/researchers-unveil-persistent-bios-attack-methods Apply all of the browser, application and OS patches you want, your machine still can be completely and silently compromised at the lowest level--without the use of any vulnerability. That was the rather sobering message delivered by a pair of security researchers from Core Security Technologies in a talk at the CanSecWest conference on methods for infecting the BIOS with persistent code that will survive reboots and reflashing attempts. Anibal Sacco and Alfredo Ortega (above) demonstrated a method for patching the BIOS with a small bit of code that gave them conplete control of the machine. And the best part is, the method worked on a Windows machine, a PC running OpenBSD and another running VMware Player. "It was very easy. We can put the code wherever we want," said Ortega. "We're not using a vulnerability in any way. I'm not sure if you understand the impact of this. We can reinfect the BIOS every time it reboots." Sacco and Ortega stressed that in order to execute the attacks, you need either root privileges or physical access to the machine in question, which limits the scope. But the methods are deadly effective and the pair are currently working on a BIOS rootkit to implement the attack. "We can patch a driver to drop a fully working rootkit. We even have a little code that can remove or disable antivirus," Ortega said. The work by the Core team follows on to research done on persistent rootkits by John Heasman of NGSS, who was able to devise a method for placing rootkits on PCs using the memory space on PCI cards. In a presentation at Black Hat DC in 2007, Heasman showed a completely working method for loading the malware on to a PCI card by using the flashable ROM on the device. He also had a way to bypass the Windows NT kernel and create fake stack pointers. In an interview at the time, he told me: "At that point it's game over. We're executing 32-bit code in ring zero." As application and operating system protection mechanisms continue to become more sophisticated and more difficult to evade, expect to see more and more attacks targeting the hardware and low-level software, where there are still opportunities for success. From rforno at infowarrior.org Tue Mar 24 12:25:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Mar 2009 08:25:14 -0400 Subject: [Infowarrior] - More MPAA-induced idiocy Message-ID: More idiotic MPAA shenanigans -- though the best line is this: In the RealNetworks litigation, the studios allege in heavily redacted court documents that RealNetworks trashed a senior project manager's "engineering notebooks," an archive containing "actual code files" and other documents, one of which might reveal "Real's products are based in part on the work of ? hackers." These idiots sound like the talking-points-spouting (and generally clueless) Secret Service agent from the movie "Hackers" (no pun intended). After all, 'hackers' are all evil, out for no good, and bad people, right? -rf http://blog.wired.com/27bstroke6/2009/03/realnetworks-we.html RealNetworks: 'We Didn't Think' MPAA Would Sue Over DVD Copying Software By David Kravets EmailMarch 23, 2009 | 6:52:18 PMCategories: Intellectual Property Dvd SAN FRANCISCO -- RealNetworks told a federal judge on Monday it didn't think it would be sued by the Motion Picture Association of America for marketing DVD copying software. Seattle-based RealNetworks made the argument in federal court here as part its defense against allegations it purposely trashed evidence in a copyright lawsuit brought by the MPAA in September. The suit claims RealNetworks' RealDVD software is illegal and allows users to circumvent technology designed to prevent the copying of DVDs. RealNetworks made its surprising claim Monday because, under rules of evidence, companies must retain records if they believe they are going to be sued. The MPAA claims RealNetworks destroyed a host of documents relating to RealDVD's production -- well before the MPAA sued it in September. "We didn't think litigation was probable," Leo Cunningham, a RealNetworks attorney, told U.S. District Judge Marilyn Hall Patel during a brief hearing. The MPAA, however, usually sues any and all companies and individuals connected to what it perceives as a threat to the DVD. Its litigation tactics have defeated every BitTorrent tracker in the United States. Its sister group, the Motion Picture Association, helped the Swedish authorities bring criminal charges against four founders of The Pirate Bay. In the RealNetworks litigation, the studios allege in heavily redacted court documents that RealNetworks trashed a senior project manager's "engineering notebooks," an archive containing "actual code files" and other documents, one of which might reveal "Real's products are based in part on the work of ? hackers." Regarding the notebooks, their disappearance is "a mystery," Cunningham told the judge during the brief hearing. He neither confirmed nor denied whether any other documentation was destroyed. Bart Williams, an MPAA attorney, told Patel that it was obvious the MPAA would sue RealNetworks. He said RealNetworks should have known as such, even from the time of the product's initial development two years ago. "This was not some theoretically possibility," Williams said. He also said, "They knew there would be a lawsuit." Patel did not hint at whether she would find RealNetworks violated rules requiring the retention of documents. The MPAA, which is known for its heavy hand at litigation, is seeking unspecified monetary sanctions and other penalties from RealNetworks as part of its lawsuit against the DVD copying software. A hearing on the lawsuit's merits is scheduled for next month. After days on the market and 3,000 copies of RealDVD sold, Patel blocked its distribution in October pending the outcome of the ongoing litigation. The MPAA alleges the product violates the Digital Millennium Copyright Act because it circumvents the content-scramble system license granted to RealNetworks by the DVD Copy Control Association. The Seattle company said its software does not circumvent encryption software in violation of the DMCA. The software allows users to store copies of movies on their hard drives, which the company says is a fair use allowed under the DMCA. A central dispute in the case concerns whether it is an circumvention violation for RealDVD to copy the DVD encryption into a computer hard drive that allows playback of the movie at any time absent the original disc. The MPAA says the content-scramble license requires that the keys to the encryption code must be read from the DVD while the DVD is inside the computer. From rforno at infowarrior.org Tue Mar 24 12:27:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Mar 2009 08:27:33 -0400 Subject: [Infowarrior] - OpEd: Swiss Banks and the End of Privacy Message-ID: <7B1B8E48-1C59-43D3-B5F1-DE2DEB6F7C5C@infowarrior.org> Swiss Banks and the End of Privacy Disclosure is the new social imperative. By L. GORDON CROVITZ http://online.wsj.com/article/SB123776401389908783.html Since the Middle Ages, Switzerland has stood for bank secrecy -- or bank privacy, as the Swiss would insist. In the past month, this foundation of Swiss banking has collapsed under calls for transparency, making Swiss banks seem as outdated as cuckoo clocks. The nearly universal condemnation of Swiss banking is a sign of how quickly our expectations about privacy have changed. Under pressure from the U.S., Germany, Britain and other high-tax countries, the Swiss agreed to abandon their longstanding protections for depositors accused by their home countries of tax evasion. Until now, countries had to present evidence of fraud, a more serious accusation, before Swiss banks would turn over information about their clients. Switzerland has long been the preferred location for private banking, with more than $2 trillion of the $7 trillion in all offshore deposits located in the country. The law that the Swiss authorities agreed to change was passed in 1934 but had codified generations of previous practice ensuring confidentiality. For many years, the global consensus was that the benefits of banking secrecy outweighed the clear vices. It took almost 50 years before Swiss bankers agreed to look into deposits left by Jews killed by the Nazis, eventually creating a $1.25 billion fund for their heirs. The Swiss have taken other steps, including against terrorists and money launderers, but the hard line against tax complaints from other countries was considered unmovable. Try as they did, the Swiss could not hold out in an era when the presumption is becoming that information once considered off-limits to others, including personal financial information, is fair game. Regulators such as the Securities and Exchange Commission mandate that compensation for top executives at public companies is made public. The bailouts of financial services firms have made transparency even greater for bankers and traders. More broadly, online services from LinkedIn to Facebook and MySpace are built on our newfound enthusiasm for disclosing details about ourselves. Hundreds of millions of people now use these services, creating an expectation of transparency. We expect to be able to learn details online about people we haven't met. We may be approaching a time when we become suspicious of those who don't contribute to these kinds of social media, wondering what they have to hide. In this environment, the Swiss adherence to confidentiality seems quaint. Lost in the rejection of financial privacy has been the important role Switzerland played for many years in the development of Europe. Bank secrecy gave citizens from countries such as France, Italy and Germany a safe haven for their earnings during times when their governments pursued policies of currency devaluations and controls, expropriation and confiscatory tax rates. No one supports tax fraud, and Swiss banks have also long been the refuge for tyrants and criminals. Still, Switzerland has been a public- policy safety valve, limiting the tax rates that countries could impose without their people finding ways to park their funds in confidential accounts in Switzerland. The head of the Swiss Bankers Association had argued that rather than blame private banks, governments should look in the mirror: "Chronic tax evasion is a symptom of illness in a state's relationship with its citizens." The U.S., where tax rates are high and going higher, lobbied hard alongside the Europeans for these changes. The largest Swiss bank, UBS, last month agreed to pay a fine and to disclose the names of several hundred American holders of Swiss accounts. Washington has now asked for many more names. Privacy got little respect in the debate over bank secrecy. The leader of Germany's Social Democrats threatened the Swiss, warning that "in the olden days, one would have sent in the troops." Swiss politicians lost their cool, with a lawmaker from St. Gallen saying that pressure from the German finance ministry reminded him of Germans "who walked the streets in leather coats, boots and armbands 60 years ago." The Swiss foreign minister twice summoned the German ambassador to complain about "insulting and aggressive" language by the German government and politicians lobbying for change. Confidentiality remains part of the Swiss ethic, even now. Opinion polls suggest the Swiss strongly oppose the changes, saying that lowering the bar on secrecy undermines the core of what makes Switzerland different. Swiss President Hans-Rudolf Merz had to assure his country that Swiss banks still have advantages. "Protecting the private sphere against unjustified government encroachment is deeply rooted," he said. Still, changes in Swiss banking are another sign that the increasingly free flow of information is redefining our view of fundamental concepts such as confidentiality. As the Swiss have learned, what was once considered a right to privacy seems to be transforming into a duty to disclose. We can know more, so we expect to know more. Write to informationage at wsj.com From rforno at infowarrior.org Tue Mar 24 12:29:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Mar 2009 08:29:10 -0400 Subject: [Infowarrior] - USTR to review transparency policies Message-ID: (Will this impact the suppressed ACTA documents being witheld due to "national security" purposes?? --rf) Obama trade officials promise thorough review of transparency policies By James Love, on March 20th, 2009 http://www.keionline.org/blogs/2009/03/20/ustr2review-transparency/ The following report was prepared by KEI, and reviewed by Daniel Sepulveda of USTR: Obama Administration To Undertake Review of Transparency of Trade Negotiations On Thursday, President Obama?s trade officials met with several civil society groups and promised a thorough review of the USTR policies regarding transparency. The review is expected to be completed within a few months. The process will include a meeting within a month to discuss initial specific proposals for openness and transparency. Citizens and NGOs are encouraged to think about the specific areas where openness and transparency can be enhanced and how. Among the specific proposals that will be evaluated are the following at the request of KEI: 1. Disclosure of all negotiating texts and policy papers 2. Disclosure of all meeting agenda (as soon as they are available), and participant lists, extending to plurilateral, regional and bilateral negotiations policies that are common at multilateral institutions. 3. Accreditation of civil society NGOs to attend meetings, including in plurilateral, regional and bilateral negotiations, as is common at multilateral institutions. 4. Public consultations and comment periods, including those that accept comments to web based forums. In addition, the United States Trade Representative (USTR) is welcoming groups to make other proposals. For example, we suggested making private sector meetings, contacts and written submissions to top trade officials more transparent. This review will be focused on making the recent statements by President Obama on transparency concrete and effective in the area of trade negotiations. The USTR encourages persons making proposals to address the practical concerns and needs of government trade negotiators to conduct internal debates on policy and to conduct diplomacy, as well as the public?s interest in access to information. For example, thoughtful discussions of the point at which communications with foreign governments should be disclosed and the extent of the disclosure required are more useful than broad high level statements on transparency. The meeting was chaired by Daniel Sepulveda, a former Obama Senate aide who is now Assistant U.S. Trade Representative for Congressional Affairs. Also attending from USTR were Timothy Reif, the recently appointed General Counsel of USTR, Catherine Field, USTR Chief Counsel for Legal Affairs, and Stanford McCoy, Assistant U.S. Trade Representative for Intellectual Property and Innovation. Civil society participants included James Love, Judit Rius and Malini Aisola, of Knowledge Ecology International, Chris Murray of Consumers Union, Marcia Carroll of Essential Action and Eddan Katz of EFF (by phone). KEI is very impressed with the USTR decision to undertake a review of USTR transparency efforts. They are taking this much further than simply reviewing policies on the Freedom of Information Act (FOIA), or recent controversies over the secrecy surrounding the Anti- Counterfeiting Trade Agreement (ACTA) negotiations. The review offers the possibility of more transformative changes, including pro-active measures to enhance transparency, covering all aspects of USTR operations, including multilateral, plurilateral, regional, bilateral and unilateral trade policies and negotiations. We are also grateful that USTR is offering to have a continuing dialogue on this issues. KEI will offer additional suggestions on transparency to USTR, and we encourage others to do so also. The USTR welcomes submissions of those suggestions to Daniel_Sepulveda at ustr.eop.gov From rforno at infowarrior.org Tue Mar 24 12:31:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Mar 2009 08:31:20 -0400 Subject: [Infowarrior] - Summary Paper: DMCA Takedown Notices Message-ID: <20120D41-BF90-4234-97FB-DEB4C223DC1B@infowarrior.org> Efficient Process or ?Chilling Effects?? Takedown Notices Under Section 512 of the Digital Millennium Copyright Act Summary Report Jennifer M. Urban Director, Intellectual Property Clinic University of Southern California and Laura Quilter Non-Resident Fellow, Samuelson Clinic University of California, Berkeley Summary: http://mylaw.usc.edu/documents/512Rep-ExecSum_out.pdf From rforno at infowarrior.org Tue Mar 24 12:56:46 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Mar 2009 08:56:46 -0400 Subject: [Infowarrior] - UK giving 60K citizens "terror" training Message-ID: Thousands getting terror training http://news.bbc.co.uk/2/hi/uk_news/7957431.stm Thousands of UK workers are being trained to help respond to a future terror attack as part of an updated counter-terror strategy, ministers say. Home Secretary Jacqui Smith said shop and hotel workers would be among 60,000 people able to deal with an incident. The updated approach, aimed at tackling immediate terrorist threats and the causes of extremism, would be the most comprehensive in the world, she added. But the Tories said not enough action was being taken against extremists. 'Closed doors' The Home Office's new counter-terrorism document - to be published on Tuesday - will go into more detail than ever before in the interests of public accountability. It will reflect intelligence opinion that the biggest threat to the UK comes from al-Qaeda-linked groups and will also take into account recent attacks on hotels in the Indian city of Mumbai. Ms Smith told BBC One's Politics Show: "What we're completely clear about is that if we're going to address the threat from terrorism, we need to do that alongside the 60,000 people that we're now training up to respond to a terrorist threat, in everywhere from our shopping centres to our hotels. ? Tens of thousands of men and women throughout Britain... have now been trained and equipped to deal with an incident ? Gordon Brown "We need to do it alongside the 3,000 police officers now working on counter-terror and we need to do it with international partners. "This is no longer something you can do behind closed doors and in secret." The paper - called Contest Two - will update the Contest strategy developed by the Home Office in 2003, which was later detailed in the Countering International Terrorism document released in 2006. Over the last six years the strategy has concentrated on preventing radicalisation of potential terror recruits to disrupting terrorist operations, reducing the UK's vulnerability and ensuring Britain is ready for the consequences of any terror attack. The updated strategy will increase the focus on challenging individuals and groups who undermine the UK's "shared values" - even if they are not breaking the law. 'Daily business' Gordon Brown said tens of thousands of civilians had already been trained in how to look out for suspicious behaviour in crowded places and to react in the event of an attack. The prime minister told the Observer: "Today, not only the police and security and intelligence officers and our armed forces, but also the emergency services, local councils, businesses and community groups are involved in state-of-the-art contingency planning. "Tens of thousands of men and women throughout Britain - from security guards to store managers - have now been trained and equipped to deal with an incident and know what to watch for as people go about their daily business in crowded places such as stations, airports, shopping centres and sports grounds." ? We have really got to do more to stop some of the fostering of hatred that is still visible and present in our society ? Chris Grayling, shadow home secretary While the paper will look into the lessons learned from the November attacks in Mumbai, it is not thought attacks are likely on hotels in the UK. The terrorism threat level, set by the Joint Terrorism Analysis Centre, has since July 2007 been "severe". Ms Smith said an attack was "highly likely" but stressed the UK was "much better" at identifying threats, particularly international ones, and foiling them than in the past. Shadow home secretary Chris Grayling welcomed some of the proposals but said too little was being done to tackle the "root causes of extremism". Earlier this week, the Tories claimed the government had failed to close down a single terror website since Tony Blair pledged action in 2005. "The government is not doing enough to deal with some of the groups who are potentially fostering extremism," Mr Grayling said. "We have really got to do more, I think, to stop some of the fostering of hatred that is still visible and present in our society." One terrorism expert said equipping people to react quickly to an attack in the workplace and in public areas was a "bold and imaginative" step. "There are thousands of people not only in the public sector but in the private sector also who have the necessary knowledge and skills to help in the constant vigilance that is needed against the terrorist threat," said Professor Paul Wilkinson, from St Andrew's University. By 2011, Britain will be spending ?3.5bn a year on counter-terrorism, the Home Office has said. The number of police working on counter-terrorism has risen to 3,000 from 1,700 in 2003. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/uk_news/7957431.stm Published: 2009/03/22 11:41:00 GMT ? BBC MMIX From rforno at infowarrior.org Tue Mar 24 12:59:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Mar 2009 08:59:23 -0400 Subject: [Infowarrior] - (PDF) New UK Antiterror strategy Message-ID: <1757F3B4-D509-492F-BF7E-ABC7C8C31509@infowarrior.org> The United Kingdom?s Strategy for Countering International Terrorism March 2009 Presented to Parliament by the Prime Minister and the Secretary of State for the Home Department by Command of Her Majesty http://www.homeoffice.gov.uk/about-us/news/taking-new-approach-ct From rforno at infowarrior.org Tue Mar 24 13:53:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Mar 2009 09:53:41 -0400 Subject: [Infowarrior] - More London security hysteria Message-ID: (The pictures @ the link are amusing. --rf) http://www.boingboing.net/2009/03/24/london-cops-reach-ne.html The London police have bested their own impressive record for insane and stupid anti-terrorism posters with a new range of signs advising Londoners to go through each others' trash-bins looking for "suspicious" chemical bottles, and to report on one another for "studying CCTV cameras." It's hard to imagine a worse, more socially corrosive campaign. Telling people to rummage in one another's trash and report on anything they don't understand is a recipe for flooding the police with bad reports from ignorant people who end up bringing down anti- terror cops on their neighbors who keep tropical fish, paint in oils, are amateur chemists, or who just do something outside of the narrow experience of the least adventurous person on their street. Essentially, this redefines "suspicious" as anything outside of the direct experience of the most frightened, ignorant and foolish people in any neighborhood. Even worse, though, is the idea that you should report your neighbors to the police for looking at the creepy surveillance technology around them. This is the first step in making it illegal to debate whether the surveillance state is a good or bad thing. It's the extension of the ridiculous airport rule that prohibits discussing the security measures ("Exactly how does 101 ml of liquid endanger a plane?"), conflating it with "making jokes about bombs." The British authorities are bent on driving fear into the hearts of Britons: fear of terrorists, immigrants, pedophiles, children, knives... And once people are afraid enough, they'll write government a blank check to expand its authority without sense or limit. What an embarrassment from the country whose level-headed response to the Blitz was "Keep Calm and Carry On" -- how has that sensible motto been replaced with "When in trouble or in doubt/Run in circles scream and shout"? http://www.boingboing.net/2009/03/24/london-cops-reach-ne.html From rforno at infowarrior.org Tue Mar 24 14:40:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Mar 2009 10:40:47 -0400 Subject: [Infowarrior] - Diebold official admits voting system is vulnerable References: <869041b1326ed480316819d429d3b76d@206.154.229.139> Message-ID: <93888184-9830-4E58-97E4-CFA977EC40F4@infowarrior.org> Begin forwarded message: > From: Dschell > > http://washingtontechnology.com/Articles/2009/03/23/Web-Diebold-admits-voting-system-flaws.aspx?s=wtdaily_240309&Page=2&p=1 > > Diebold official admits voting system is vulnerable > > Mar 23, 2009 > Critics of electronic voting systems have had their warnings > vindicated by two recent announcements. An official with Premier > Election Systems, formerly known as Diebold, admitted that its audit > log system was flawed enough that it would be possible to delete > votes undetected, and several elections officials in Kentucky were > arrested on charges related to election fraud, including changing > electronically recorded votes. > > Wired reported that officials from Premier admitted in a hearing > held March 17 in California that their tabulation software could > miss significant events, including the deletion of votes on Election > Day. They said the flaw is present in every version of the software. > > The California Secretary of State's office discovered that audit > logs from Diebold machines in Humboldt County, Calif., did not > record known ballot deletions, according to Wired. Justin Bales, > general sales manager for Premier's western region, told a state > investigator that the software does not record deletions and never > has. > > The office was originally investigating the deletion of 197 votes in > Humboldt County when its investigators discovered that the audit > logs provided no information on the event. > > The software also does not record timestamps on the events it does > document, and it includes a "clear" button that allows the easy > deletion of the audit logs, according to Wired and GovTech. > > Such audit logs have been at the heart of the electronic voting > machine controversy. Critics of the machines have long charged that > it would be possible to change the recorded votes undetected, and > they have urged that, at a minimum, the machines should generate a > paper receipt that the voter would confirm was an accurate record of > the vote. Elections officials would keep the paper records and use > them to verify the accuracy of the electronically tabulated results > in the event of a challenge. Voting machine makers have generally > responded to such criticisms by saying that the combination of audit > logs and capable elections officials following protocols would > prevent fraud. > > In Clay County, Ky., the FBI arrested several county elections > officials on a variety of election fraud charges, including changing > votes already recorded on the electronic voting machines, according > to a Lexington, Ky., NBC affiliate. They have pleaded not guilty, > the Associated Press reported. > > According to the indictment against the eight defendants, some of > the fraud also included instructing others on how to change votes on > the machines and identifying voters who had sold their votes. > -------------- next part -------------- An HTML attachment was scrubbed... URL: https://attrition.org/mailman/private/infowarrior/attachments/20090324/902be830/attachment.html From rforno at infowarrior.org Tue Mar 24 17:39:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Mar 2009 13:39:05 -0400 Subject: [Infowarrior] - =?windows-1252?q?Declass_Board_Tells_Obama_Openne?= =?windows-1252?q?ss_is_=93At_Risk=94?= Message-ID: <419FBFCF-CFE9-42AA-AF3E-A91C609E1E27@infowarrior.org> http://www.fas.org/blog/secrecy/2009/03/at_risk.html In a new letter to President Obama, the Public Interest Declassification Board warned that reliable public access to government information, the very foundation of representative democracy, may be in jeopardy. Although ?our Board was heartened by your early statements and actions on openness in Government,? wrote Board acting chairman Martin Faga to the President on March 6, ?we have to sound a note of alarm about how well the Government is doing in this area.? ?In fact, we have concluded that this fundamental principle of self- government? ? that is, citizen access to information about Government ? ?is at risk and, without decisive action, the situation is likely to worsen.? The Public Interest Declassification Board was established by Congress in 2000 to advise the president on declassification policy and practice. Board members are appointed by the White House and Congress. Mr. Faga, a former director of the National Reconnaissance Office, identified several structural and procedural factors that he said impede declassification, including inadequate resources, coordination and leadership, as well as poor management of digital records. ?Future historians may find that the paper records of early American history provide a more reliable historical account than the inchoate mass of digital communications of the current era.? Although the Board?s mission focuses on declassification of historical records, the Board has also taken an interest in classification policy and has called for a revision to the executive order on classification. ?Serious attention to the classification process itself is needed to ensure that it supports declassification and to address the particularly challenging and long-standing issue of over- classification,? the Board?s letter said. A presidential directive initiating a revision of the executive order on classification policy is believed to be imminent. From rforno at infowarrior.org Wed Mar 25 02:34:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Mar 2009 22:34:09 -0400 Subject: [Infowarrior] - Movie Cartels About To Punish Netflix? Message-ID: <5BCC50D4-36E6-4AFC-9224-C1D3318A67FD@infowarrior.org> Big Media Cartel About To Punish Netflix? http://www.deadlinehollywooddaily.com/big-media-cartel-about-to-punish-netflix/ The Wall Street Journal's astute Martin Peers warns tonight that Netflix "stock-price bubble may be close to bursting" because Hollywood studios and networks don't like the competition. The share price has doubled since November, "taking it to a rich valuation of 26 times estimated 2009 earnings -- a loftier multiple than either Google or Apple." But the DVD mail order business wasn't what juiced investors: it was Netflix's streaming service. And reports that rival Blockbuster could be facing bankruptcy didn't hurt. But now "Hollywood studios appear to be waking up to the threat posed by Netflix's instant-watch service, which the company says is being used by millions of its subscribers," Peers writes. "That almost guarantees that studios will look to renegotiate Netflix's content-supply deals on tougher terms. At the same time, some of the studios [like Disney] are pondering their own online movie- or TV-subscription services." The WSJ also notes competition coming from Amazon's IMDB, which is expanding a free ad-supported streaming service. Concludes Peers: "Netflix fans take note: A correction is looming." From rforno at infowarrior.org Wed Mar 25 02:36:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Mar 2009 22:36:49 -0400 Subject: [Infowarrior] - Don't call it DRM Message-ID: <94F1F438-2512-4ED4-90B5-3E3DF56DCC8F@infowarrior.org> Don't call it DRM: Microsoft explains new gaming piracy tech Microsoft sat down with Ars at GDC 2009 to announce its upcoming additions to the Games for Windows platform, along with more protection for publishers. They want you to know that this isn't DRM, and they don't think you're a bad person. They just want you to buy the games. By Ben Kuchera | Last updated March 24, 2009 5:17 PM CT http://arstechnica.com/gaming/news/2009/03/microsoft-1.ars Tuesday at GDC Microsoft announced a number of upcoming additions to Games for Windows, including stronger protection against piracy, as well as some nifty features to make playing your PC games simpler if you have multiple systems. There will also be storefront support added so publishers can add sales directly into their game. Drew Johnston, the product unit manager for the Windows Gaming Platform, and Dave Luehmann, GM for Microsoft Game Studios, described to Ars what these updates will entail. You can call it whatever you want?as long as you don't call it DRM. "What we have is anti-piracy measures we've put in place. I wouldn't quite categorize it as DRM," Johnston tells Ars. "We have zero-day piracy protection?this helps reduce the leakage of IP before release. The bits are encrypted, and there is a one-time activation that checks to see if the game has been released or not, and we'll send out a decrypt code so the game can be played." So if you download a leaked version of a game, or even have a boxed copy that was sold prematurely, you won't be able to play until the game is unlocked online. This doesn't help after the game is released; the technology will only keep early copies from being enjoyed. "We've heard from publishers that preauthorized release before streetdate can... they can lose half the sales, the revenue of the game. This is specifically aimed at helping reduce that for the publisher." Johnston is incredibly understanding when it comes to gamers downloading early versions of this game, which is a striking change from the demonizing you hear from most in the industry. "They want to buy the game, they're not pirates, these aren't evil people. They just really want to play the game. If we can just keep that excitement until street date, they'll actually buy. That's what we want to provide." The second part of this protection is making sure there is a license attached to each account, via server-side authentication. You can sign in and play your game on as many systems as possible, but you have to have a license attached to your account. Of course, this only works for online games, and is relatively useless for offline titles. "You can install on as many systems as you want... whereever you want to," Johnston says. The game simply authenticates whenever you log into the online servers. "This is really IP protection," he says, admitting that DRM is a dirty word. "Whereas traditionally DRM is really about copy protection, what we're trying to do is license protection," Johnston clarifies. "Make as many copies as you want!" Luehmann stresses. They tell the story of a publisher who says they'd be the first person to put the game on BitTorrent. "If you can't play the game without a license, it solves my distribution service, I don't care," they quote their source as saying. This again only works with online games, but it's funny to think of publishers encouraging gamers to get the game via BitTorrent, as long as they buy a key. Game saves will also soon be saved in the cloud, so you can play, save your game at one location, and pick it up at another. There will be the ability to sell in-game items directly through the games. Does this sound like any other PC gaming platform you know? "We obviously pay attention to what Steam is doing... in some cases we do compete with Steam, and in some areas we'd love to see them continue to do what they're doing." They both stress that Steam is great for the Windows Gaming ecosystem. "From a Windows platform perspective? Steam is fantastic." I ask about Games for Windows, and Games for Windows Live being more deeply integrated into Windows 7 to get gameplay entwined into the OS. "Say hello to my friend, the Department of Justice," Luehmann says, laughing darkly. From rforno at infowarrior.org Wed Mar 25 11:45:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Mar 2009 07:45:27 -0400 Subject: [Infowarrior] - New 'signs' of a militia member Message-ID: <5232D9F3-F6A4-4447-92C9-5595ED91EF8A@infowarrior.org> This is quite disturbing..... --rf http://www.foxnews.com/politics/first100days/2009/03/23/fusion-centers-expand-criteria-identify-militia-members/ 'Fusion Centers' Expand Criteria to Identify Militia Members Do you like Ron Paul or oppose abortion? You may be a member of a militia, according to a new report by a government information collection agency. By Joshua Rhett Miller FOXNews.com Monday, March 23, 2009 FILE: Rep. Ron Paul, a former 2008 Republican presidential candidate, joins third party candidates taking part in a news conference on Sept. 10, 2008, From left are: Paul, former Georgia Rep. Cynthia McKinney from the Green Party, Chuck Baldwin of the Constitution Party, and Ralph Nader. (AP Photo) If you're an anti-abortion activist, or if you display political paraphernalia supporting a third-party candidate or a certain Republican member of Congress, if you possess subversive literature, you very well might be a member of a domestic paramilitary group. That's according to "The Modern Militia Movement," a report by the Missouri Information Analysis Center (MIAC), a government collective that identifies the warning signs of potential domestic terrorists for law enforcement communities. "Due to the current economical and political situation, a lush environment for militia activity has been created," the Feb. 20 report reads. "Unemployment rates are high, as well as costs of living expenses. Additionally, President Elect Barrack [sic] Obama is seen as tight on gun control and many extremists fear that he will enact firearms confiscations." MIAC is one of 58 so-called "fusion centers" nationwide that were created by the Department of Homeland Security, in part, to collect local intelligence that authorities can use to combat terrorism and related criminal activities. More than $254 million from fiscal years 2004-2007 went to state and local governments to support the fusion centers, according to the DHS Web site. During a press conference last week in Kansas City, Mo., DHS Secretary Janet Napolitano called fusion centers the "centerpiece of state, local, federal intelligence-sharing" in the future. "Let us not forget the reason we are here, the reason we have the Department of Homeland Security and the reason we now have fusion centers, which is a relatively new concept, is because we did not have the capacity as a country to connect the dots on isolated bits of intelligence prior to 9/11," Napolitano said, according to a DHS transcript. "That's why we started this.... Now we know that it's not just the 9/11-type incidents but many, many other types of incidents that we can benefit from having fusion centers that share information and product and analysis upwards and horizontally." But some say the fusion centers are going too far in whom they identify as potential threats to American security. People who supported former third-party presidential candidates like Texas Rep. Ron Paul, Chuck Baldwin and former Georgia Rep. Bob Barr are cited in the report, in addition to anti-abortion activists and conspiracy theorists who believe the United States, Mexico and Canada will someday form a North American Union. "Militia members most commonly associate with 3rd party political groups," the report reads. "It is not uncommon for militia members to display Constitutional Party, Campaign for Liberty or Libertarian material." Other potential signals of militia involvement, according to the report, are possession of the Gagsden "Don't Tread on Me" flag or the widely available anti-income tax film "America: Freedom to Fascism." Barr, the 2008 Libertarian Party presidential nominee, told FOXNews.com that he's taking steps to get his name removed from the report, which he said could actually "dilute the effectiveness" of law enforcement agencies. "It can subject people to unwarranted and inappropriate monitoring by the government," he said. "If I were the governor of Missouri, I'd be concerned that law enforcement agencies are wasting their time and effort on such nonsense." Barr said his office has received "several dozen" complaints related to the report. Mary Starrett, communications director for the Constitution Party, said Baldwin, the party's 2008 presidential candidate, was "outraged" that his name was included in the report. "We were so astounded by it we couldn't believe it was real," Starrett told FOXNews.com. "It's painting such a large number of people with a broad brush in a dangerous light." Michael German, national security policy counsel for the American Civil Liberties Union, said the report "crosses the line" and shows a disregard for civil liberties. "It seems to implicate people who are engaging in First Amendment protected activities and suggest that something as innocuous as supporting a political candidate for office would mean that you're harboring some ill-intent," German told FOXNews.com. "It's completely inappropriate." German, who claims the number of fusion centers nationwide is closer to 70, said the centers present several troubling concerns, including their excessive secrecy, ambiguous lines of authority, the use of data mining and military participation. "No two are alike," German said. "And these things are expanding rapidly." But MIAC officials defended their report, saying it's not a basis for officers to take enforcement action. "These reports sometimes mention groups or individuals who are not the subject of the document, but may be relevant to describing tendencies or trends concerning the subject of the document," MIAC said in a statement. "For example, a criminal group may use a particular wire service to transfer funds, but the mention of that wire service does not imply that it is part of that group, or a criminal enterprise. Nor does it imply that all individuals who use that service are engaged in criminal activity." The statement continues, "We are concerned about the mischaracterizations of a document following its recent unauthorized release and we regret that any citizens were unintentionally offended by the content of the document." Donny Ferguson, a spokesman for the Libertarian Party, said he was concerned by the report's "poor choice of words," among other things. "Unfortunately it is so broadly worded it could be interpreted as saying millions of peaceful, law-abiding Americans are involved in dangerous activities. These mistakes happen and we hope Missouri officials will correct the report," Ferguson wrote in an e-mail. "The Libertarian Party promotes the common-sense policies of fiscal responsibility and social tolerance. We are the only party in America who makes opposition to initiating violence a condition of membership." Bob McCarty, a St. Louis resident who blogged about the MIAC report, said he's afraid he may be targeted, since he's previously sold Ron Paul-related merchandise. "[The report] described me, so maybe I need to get a gun and build a shack out in the woods," McCarty said facetiously. "It's certainly an attempt to stifle political thought, especially in Missouri. It definitely makes me pause, if nothing else. Maybe Missouri is just a test bed for squelching political thought." ACLU officials blasted a Texas fusion center last month for distributing a "Prevention Awareness Bulletin" that called on law enforcement officers to report activities of local lobbying groups, Muslim civil rights organizations and anti-war protest groups. From rforno at infowarrior.org Wed Mar 25 12:50:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Mar 2009 08:50:40 -0400 Subject: [Infowarrior] - Handling Of 'State Secrets' At Issue Message-ID: <5D74F296-64D5-4896-99D5-89FC7BC794D4@infowarrior.org> Handling Of 'State Secrets' At Issue Like Predecessor, New Justice Dept. Claiming Privilege http://www.washingtonpost.com/wp-dyn/content/article/2009/03/24/AR2009032403501_pf.html By Carrie Johnson Washington Post Staff Writer Wednesday, March 25, 2009; A01 Civil liberties advocates are accusing the Obama administration of forsaking campaign rhetoric and adopting the same expansive arguments that his predecessor used to cloak some of the most sensitive intelligence-gathering programs of the Bush White House. The first signs have come just weeks into the new administration, in a case filed by an Oregon charity suspected of funding terrorism. President Obama's Justice Department not only sought to dismiss the lawsuit by arguing that it implicated "state secrets," but also escalated the standoff -- proposing that government lawyers might take classified documents from the court's custody to keep the charity's representatives from reviewing them. The suit by the al-Haramain Islamic Foundation has proceeded further than any other in challenging the use of warrantless wiretaps, threatening to expose the inner workings of that program. It is the second time the new Justice Department has followed its predecessors in claiming the state-secrets privilege, which would allow the government to exclude evidence in a civil case on grounds that it jeopardizes national security. Attorneys for al-Haramain are seeking monetary damages from officials at the White House, the National Security Agency, the Treasury Department and the FBI, saying that the government's alleged illegal eavesdropping of the charity's board members and attorneys five years ago violated the charity's rights of due process and freedom of speech. Representatives of the charity, whose U.S. operations have gone out of business, say that its purpose was philanthropic and that authorities have no evidence that it funded terrorism. U.S. District Judge Vaughn R. Walker in San Francisco has resisted Justice Department attempts to claim the state-secrets privilege, making it one of the only cases to survive such a government challenge. Over the past eight years, authorities successfully invoked that argument dozens of times to prevent civil liberties groups from winning access to highly classified materials on a range of topics, including secret overseas prisons for terrorism suspects and warrantless wiretapping of U.S. citizens. In his campaign plan to "change Washington," Obama criticized the Bush administration, saying that it had "ignored public disclosure rules" and that it too often invoked the state-secrets privilege, according to his Web site. Now, Obama's claim of state secrets has prompted criticism. "There has to be other ways to protect secret information without having to block accountability," said Erwin Chemerinsky, a law professor at the University of California at Irvine. He said that "state secrets" has become a sort of "talismanic phrase" uttered by government officials who want to dispose of inconvenient or troubling challenges to their authority. Legal scholars say there are legitimate reasons for the state-secrets privilege, pointing out that it may be necessary to keep from disclosing government sources and methods of intelligence gathering. And Justice Department spokesman Matthew Miller countered the criticism, saying that "in just two months, the Justice Department has already moved on a number of fronts to ensure Americans have access to information about their government's actions, and with respect to state secrets, the attorney general has ordered a review of pending cases to ensure the privilege is only invoked when absolutely necessary." In the al-Haramain case, Obama has not only maintained the Bush administration approach, but the dispute has intensified, with the Justice Department warning that if the judge does not change his mind, authorities could spirit away the top-secret documents. "Any way you look at it, it's pretty remarkable," said Jon B. Eisenberg, an attorney for al-Haramain. "This is an executive branch threat to exercise control over a judicial branch function." Walker's ruling, which could come at any time, is unlikely to end the disagreement and, if challenged, could bring the matter before the U.S. Supreme Court for the first time in a generation. Last month, a bipartisan Senate group, including Judiciary Committee Chairman Patrick J. Leahy (D-Vt.) and ranking Republican Arlen Specter (Pa.), introduced legislation that would require judges to look at the classified evidence when the government makes the state-secrets claim, rather than rely only on its account of the sensitivity of the materials. Leahy noted that the state-secrets privilege effectively bars people who have experienced serious privacy violations or even torture from seeking justice in court. He expressed particular alarm over the case of Khaled al-Masri, a German citizen who said he was kidnapped and held for months in a CIA-run prison where he was tortured. A federal judge dismissed Masri's suit after the CIA director said it would harm national security. Said Leahy: "For the aggrieved parties, it means that the courthouse doors are closed -- forever -- regardless of the severity of their injury." Six weeks ago, Attorney General Eric H. Holder Jr. disappointed civil libertarians by invoking the state-secrets claim in a case against a Boeing Co. subsidiary accused of transporting five terrorism suspects to countries where they were tortured. Three Bush administration lawyers said they were not surprised that the new team had revived at least some of their arguments. Once in office, the lawyers said, White House officials -- regardless of political affiliation -- tend to support assertions of executive power to keep from tying their hands in future disputes. "If you want to protect state secrets, you've got to have a pretty broad doctrine," said Stewart Baker, a former top lawyer at the Department of Homeland Security and the NSA. The al-Haramain case began in early 2004 when the FBI quietly executed search warrants at the charity's headquarters in Ashland, Ore. The Treasury Department froze al-Haramain's assets the next day and ultimately concluded that the charity was a terrorist front. Later, government officials mistakenly sent the charity's attorneys a classified phone surveillance log -- buried in a stack of documents -- suggesting that al-Haramain board members and some of its attorneys had been wiretapped. Soon after the materials were sent, FBI agents raced to collect the sensitive pages. In 2006, lawyers and charity officials sued the government, pointing to the secret pages as evidence that their phone and e-mail communication had been monitored without court warrants. Walker, the San Francisco-based judge, found that anecdotal evidence of the eavesdropping program was sufficient and allowed the al- Haramain case to proceed. In the waning days of the Bush administration, the judge ordered the government to grant security clearances to al-Haramain lawyers, which it did. But Obama's Justice Department lawyers and NSA officials continue to resist the orders to draft a plan for how the case could move forward. In a Feb. 27 filing, Justice lawyers said the judge lacks authority "to order the government to grant counsel access to classified information when the executive branch has denied them such access." Both sides await Walker's next step. "At this point," said Eisenberg, the al-Haramain attorney, "I don't feel like I need to do anything. The outrage speaks for itself." From rforno at infowarrior.org Wed Mar 25 12:51:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Mar 2009 08:51:41 -0400 Subject: [Infowarrior] - 'Global War On Terror' Is Given New Name Message-ID: 'Global War On Terror' Is Given New Name Bush's Phrase Is Out, Pentagon Says http://www.washingtonpost.com/wp-dyn/content/article/2009/03/24/AR2009032402818_pf.html By Scott Wilson and Al Kamen Washington Post Staff Writers Wednesday, March 25, 2009; A04 The Obama administration appears to be backing away from the phrase "global war on terror," a signature rhetorical legacy of its predecessor. In a memo e-mailed this week to Pentagon staff members, the Defense Department's office of security review noted that "this administration prefers to avoid using the term 'Long War' or 'Global War on Terror' [GWOT.] Please use 'Overseas Contingency Operation.' " The memo said the direction came from the Office of Management and Budget, the executive-branch agency that reviews the public testimony of administration officials before it is delivered. Not so, said Kenneth Baer, an OMB spokesman. "There was no memo, no guidance," Baer said yesterday. "This is the opinion of a career civil servant." Coincidentally or not, senior administration officials had been publicly using the phrase "overseas contingency operations" in a war context for roughly a month before the e-mail was sent. Peter Orszag, the OMB director, turned to it Feb. 26 when discussing Obama's budget proposal at a news conference: "The budget shows the combined cost of operations in Iraq, Afghanistan and any other overseas contingency operations that may be necessary." And in congressional testimony last week, Craig W. Duehring, assistant secretary of the Air Force for manpower, said, "Key battlefield monetary incentives has allowed the Air Force to meet the demands of overseas contingency operations even as requirements continue to grow." Monday's Pentagon e-mail was prompted by congressional testimony that Lt. Gen. John W. Bergman, head of the Marine Forces Reserve, intends to give today. The memo advised Pentagon personnel to "please pass this onto your speechwriters and try to catch this change before statements make it to OMB." Baer said, "I have no reason to believe that ['global war on terror'] would be stricken" from future congressional testimony. The Bush administration adopted the phrase soon after the Sept. 11, 2001, attacks to capture the scope of the threat it perceived and the military operations that would be required to confront it. In an address to Congress nine days after the attacks, President George W. Bush said, "Our war on terror will not end until every terrorist group of global reach has been found, stopped and defeated." But critics abroad and at home, including some within the U.S. military, said the terminology mischaracterized the nature of the enemy and its abilities. Some military officers said, for example, that classifying al-Qaeda and other anti-American militant groups as part of a single movement overstated their strength. Early in Bush's second term, then-Defense Secretary Donald H. Rumsfeld promoted a change in wording to "global struggle against violent extremism," or GSAVE. Bush rejected the shift and never softened his position that "global war" accurately describes the conflict that the United States is fighting. Last month, the International Commission of Jurists urged the Obama administration to drop the phrase "war on terror." The commission said the term had given the Bush administration "spurious justification to a range of human rights and humanitarian law violations," including detention practices and interrogation methods that the International Committee of the Red Cross has described as torture. John A. Nagl, the former Army officer who helped write the military's latest counterinsurgency field manual, said the phrase "was enormously unfortunate because I think it pulled together disparate organizations and insurgencies." "Our strategy should be to divide and conquer rather than make of enemies more than they are," said Nagl, now president of the Center for a New American Security, a defense policy think tank in Washington. "We are facing a number of different insurgencies around the globe -- some have local causes, some of them are transnational. Viewing them all through one lens distorts the picture and magnifies the enemy." From rforno at infowarrior.org Wed Mar 25 18:51:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Mar 2009 14:51:09 -0400 Subject: [Infowarrior] - AT&T first to test RIAA antipiracy plan Message-ID: <2AC170B2-4080-4D37-9E93-B42162A1321F@infowarrior.org> AT&T first to test RIAA antipiracy plan by Greg Sandoval http://news.cnet.com/8301-1023_3-10203799-93.html Update: Wednesday, 9:00 a.m. PDT: To include quotes from AT&T and information about Comcast and Cox. Update: Wednesday 10:37 a.m. PDT: To include statement from AT&T spokeswoman who wished to correct what she had previously said. She says now that the company asserts in the letters that it has the right to terminate a policy.She said, however, the company has no intention of doing so. AT&T, one of the nation's largest Internet service providers, confirmed on Tuesday the company is working with the recording industry to combat illegal file sharing. At a digital music conference in Nashville, Tenn., Jim Cicconi, a senior executive for AT&T, told the audience that the ISP has begun issuing warning notices to people accused of pirating music by the Recording Industry Association of America, according to one music industry insider who was present. Early Wednesday morning, an AT&T spokeswoman confirmed that Cicconi made the statements. In December, the RIAA, the lobbying group of the four largest recording companies, announced the group would no longer pursue an antipiracy strategy that focused on suing individuals, but rather would seek the help of broadband providers to stem the flow of pirated content. The RIAA said an undisclosed number of ISPs had agreed to cooperate but declined to name them. In January, CNET News reported that AT&T and Comcast were among the group. Sources told CNET on Wednesday that a Comcast executive confirmed that the nation's second largest ISP is working with the RIAA. At the same Nashville conference where Cicconi spoke, the Comcast exec said the ISP has sent 2 million warning notices to customers accused of infringement by entertainment companies. The sources have also confirmed that Cox is a member. (You can read more about that here: "Comcast, Cox join RIAA antipiracy campaign.") Representatives of the RIAA could not be reached for comment. Cicconi told attendees of the Leadership Music Digital Summit that the notices, which are sent via e-mail, are part of a "trial." AT&T wants to test customer reaction, he said. It was unclear Tuesday evening if AT&T had included any threats to suspend or shut off service. The RIAA had said that under its "graduated response" plan, repeat offenders faced the possibility of their ISP suspending or terminating service--at least temporarily. Managers for the organization have also said they support due process to protect people from being falsely accused. Reached Wednesday morning, Claudio Jones, an AT&T spokeswoman, said the company's letters do include a mention that company retains the right to terminate service. She wanted to make it clear that AT&T has no intention of doing so, however. Jones also said the ISP never shares customers' names or any other personal information. What the company does do is send a "cover letter" to the accused customer along with the letter the ISP received from the RIAA stating that the person's IP address was flagged. AT&T goes on to tell the accused customer that the problem may be caused by a teenager in house may be illegally downloading or that the customer might have an insecure Internet connection and that someone could be using it to steal content. The ISP also informs the customer that downloading unauthorized copies is illegal and should be prevented. As for chronic offenders, Jones was less specific but said: "We can't assume that people are stealing. All we know is that they are using a lot of bandwidth. We can't be the police or the copyright enforcer...that's up to the content owner." All the activity going on with AT&T, Comcast, and Cox is likely the first stage in what promises to be a long and drawn out process of using ISPs to help protect copyright material. ISPs have traditionally tried to stay out of the fray between the big entertainment companies and those who download music illegally. They remain squeamish about the possibility of alienating customers, according to music industry sources. The ISPs also don't like plans that call for them to cut off access and chase away a source of income. Greg Sandoval covers media and digital entertainment for CNET News. He is a former reporter for The Washington Post and the Los Angeles Times. E-mail Greg. From rforno at infowarrior.org Wed Mar 25 18:56:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Mar 2009 14:56:54 -0400 Subject: [Infowarrior] - UK: Facebook could be monitored by the government Message-ID: <3CC00D56-D06C-4CA4-90B5-56815F083D2B@infowarrior.org> Facebook could be monitored by the government Facebook, Bebo, MySpace and other social networking websites could be monitored by the government in an attempt to tackle internet crime and terrorism. http://www.telegraph.co.uk/scienceandtechnology/technology/facebook/5046447/Facebook-could-be-monitored-by-the-government.html By Murray Wardrop Last Updated: 1:49PM GMT 25 Mar 2009 The Home Office is considering plans to force such sites to hold data about their users' movements to thwart criminals who use them to communicate. The information would then be stored on a central database as part of the government's proposed Intercept Modernisation Programme. The proposal follows plans to retain information about all telephone calls, emails, and internet visits made by everyone in Britain through a multi-billion pound system. A European Union statutory order, called the Data Retention Directive, already proposes that internet service providers in member states store communications and traffic data for one year. However, Vernon Coaker, Minister of State for policing, crime and security, has told MPs that it does not go far enough. Mr Coaker told a Commons Committee: "Social-networking sites, such as MySpace or Bebo, are not covered by the directive. "That is one reason why the government are looking at what we should do about the Intercept Modernisation Programme (IMP), because there are certain aspects of communications which are not covered by the directive." The news has outraged civil liberties groups who claim that the plans would excessively pry into the lives of law abiding citizens. Around 25 million people in Britain ? almost half the population ? are thought to use social networking sites, with Facebook boasting 17 million British users. Bebo, which is aimed predominantly at teenagers and young adults, is estimated to have a following of around 10 million Britons. The disclosure of the plans was made during exchanges between Mr Coaker and Liberal Democrat home affairs spokesman Tom Brake. Mr Coaker acknowledged the controversy surrounding the proposed database but confirmed that the plans "may include requiring the retention of data on Facebook, Bebo, MySpace, and all other similar sites". He added: "I accept this is an extremely difficult area. The interface between retaining data, private security and all such issues of privacy is extremely important. "It is absolutely right to point out the difficulty of ensuring we maintain a capability and a capacity to deal with crime and issues of national security and where that butts up against issues of privacy." Isabella Sankey, policy director of the civil rights pressure group Liberty, said: "Even before you throw Facebook and other social networking sites into the mix, the proposed telecommunications databas is a terrifying prospect. "It would allow the government to record every email, text message and phone call and would turn millions of innocent Britons into permanent suspects." The Home Office has defended the proposals, stressing that the government was not seeking the power to examine the content of messages sent via the sites. A spokesman said: "The Government has no interest in the content of people's social network sites and this is not going to be part of our forthcoming consultation. "We have been clear that communications revolution has been rapid in this country and the way in which we collect communications data needs to change so that law enforcement agencies can maintain their ability to tackle terrorism and gather evidence. "To ensure that we keep up with technological advances we intend to consult widely on proposals shortly. We have been very clear that there are no plans for a database containing the content of emails, texts, conversations or social networking sites." The IMP is a multi-billion pound project, which aims to build new databases capable of storing vast amounts of computer data as part of the fight against terrorism. From rforno at infowarrior.org Wed Mar 25 18:58:56 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Mar 2009 14:58:56 -0400 Subject: [Infowarrior] - UK using UAVs to target home energy efficiency Message-ID: <5D147509-96AA-4B70-97E8-2B692289C527@infowarrior.org> Council uses spy plane with thermal imaging camera to snoop on homes wasting energy By Andrew Levy Last updated at 2:40 AM on 24th March 2009 http://www.dailymail.co.uk/news/article-1164091/Council-uses-spy-plane-thermal-imaging-camera-snoop-homes-wasting-energy.html Our movements are already tracked by CCTV, speed cameras and even spies in dustbins. Now snooping on the public has reached new heights with local authorities putting spy planes in the air to snoop on homeowners who are wasting too much energy. Thermal imaging cameras are being used to create colour-coded maps which will enable council officers to identify offenders and pay them a visit to educate them about the harm to the environment and measures they can take. Enlarge Thermal imaging home A council has spent ?30,000 using a spy plane carrying a thermal camera to determine which homes are wasting energy. (File photo) A scheme is already under way in Broadland District Council in Norfolk, which has spent ?30,000 hiring a plane with a thermal imaging camera. It said the exercise has been so successful other local authorities are planning to follow suit. But critics have warned the crackdown was another example of local authorities extending their charter to poke their noses into every aspect of people's lives. Broadland, which covers towns including Aylsham, Reepham and Acle, hired the plane from a Leicestershire-based company for five days at the end of January. The aircraft took images of homes and businesses, with those losing the most heat showing up as red, while better insulated properties appear blue. The council's head of environmental services, Andy Jarvis, said the original plan was to target businesses but it was realised the scope could be extended to include residental properties. 'The project we put together was for a plane to go up on various nights flying strips of the district and taking pictures,' he said. 'Through those images, a thermal image photograph can be created in which you can pick out individual properties which are losing a lot of heat. 'We do a lot on domestic energy conservation already and realised it would be useful to see if any of the homes which were particularly hot were properties where people had not insulated their lofts. 'We were also able to look at very cold properties and think we might have picked up people on low incomes who are not heating their homes because they cannot afford to.' More than half the UK's carbon dioxide emissions come from the domestic sector, which includes property and transport. Almost 60 per cent of a household's heat is lost through uninsulated walls, lofts and windows, costing the average home ?380 a year. Insulation is estimated to reduce each home's carbon emissions by around two tonnes annually. The first city in the UK to make a heat-loss map was Aberdeen, while the first local authority in England was Haringey Council, in London - although environmental groups at that time said they viewed the practice as a 'gimmick' of little real value. The TaxPayers' Alliance has added concerns about the issue of privacy. Chief executive Matthew Elliott said: 'People are sick and tired of being heckled and spied on by local government and this council has shown an utter disregard for the man on the street.' He added: 'We're in a recession and you would have thought this council had better ways to spend ?30,000. 'Taxpayers are already footing the bill for innumerable advertising campaigns at a time when families are struggling to make ends meet.' But Conservative-led Broadlands insisted the heat-loss map would allow officers to pinpoint offenders and point out how to get help and grants to improve insulation to cut carbon emissions. Council leader Simon Woodbridge said the project would 'effectively pay for itself within a few weeks in terms of the amounts of money we can help people to save'. Lib Dem group leader Stuart Beadle added: 'Cameras are in place all over today and we have to accept them. So long as the right guidelines are in place and it will bring benefits, I think the scheme is a good thing.' Britain now has more than four million CCTV cameras - a fifth of those in use around the world - and around 8,000 speed cameras. Almost 500 local authorities have been using anti-terrorism powers brought in under the controversial Regulation of Investigatory Powers Act to launch a string of bizarre investigations. These have included checks on dog fouling, putting bins out on the wrong day and people trying to cheat school catchment area rules. From rforno at infowarrior.org Thu Mar 26 15:16:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Mar 2009 11:16:14 -0400 Subject: [Infowarrior] - Our tax dollars hard at work. Message-ID: <164B5BA4-A893-4DAE-B1C0-B449140B4DBD@infowarrior.org> Senate reviewing how college football picks No. 1 http://www.google.com/hostednews/ap/article/ALeqM5hV4mOJQgUsQthrydU_Vty4iVgC5gD9759GG00 By FREDERIC J. FROMMER ? 18 hours ago WASHINGTON (AP) ? Everyone from President Barack Obama on down to fans has criticized how college football determines its top team. Now senators are getting off the sidelines to examine antitrust issues involving the Bowl Champion Series. The current system "leaves nearly half of all the teams in college football at a competitive disadvantage when it comes to qualifying for the millions of dollars paid out every year," the Senate Judiciary's subcommittee on antitrust, competition policy and consumer rights said in a statement Wednesday announcing the hearings. Under the BCS, some conferences get automatic bids to participate in series, while others do not. Obama and some members of Congress favor a playoff-type system to determine the national champion. The BCS features a championship game between the two top teams in the BCS standings, based on two polls and six computer ratings. Behind the push for the hearings is the subcommittee's top Republican, Sen. Orrin Hatch of Utah. People there were furious that Utah was bypassed for the national championship despite going undefeated in the regular season. The title game pitted No. 1 Florida (12-1) against No. 2 Oklahoma (12-1); Florida won 24-14 and claimed the title. The subcommittee's statement said Hatch would introduce legislation "to rectify this situation." No details were offered and Hatch's office declined to provide any. Hatch said in a statement that the BCS system "has proven itself to be inadequate, not only for those of us who are fans of college football, but for anyone who believes that competition and fair play should have a role in collegiate sports." In the House, Rep. Joe Barton of Texas, the top Republican on the Energy and Commerce Committee, has sponsored legislation that would prevent the NCAA from calling a football game a "national championship" unless the game culminates from a playoff system. Copyright ? 2009 The Associated Press. All rights reserved. From rforno at infowarrior.org Thu Mar 26 18:01:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Mar 2009 14:01:07 -0400 Subject: [Infowarrior] - FBI Director Urges Renewal of Patriot Act Message-ID: <2F7CFC04-5E08-4271-892D-18CBBFA3A646@infowarrior.org> Director of FBI Urges Renewal of Patriot Act Portions of Law to Expire This Year http://www.washingtonpost.com/wp-dyn/content/article/2009/03/25/AR2009032501862.html?hpid=sec-nation By Carrie Johnson Washington Post Staff Writer Thursday, March 26, 2009; Page A08 FBI Director Robert S. Mueller III urged lawmakers yesterday to renew intelligence-gathering measures in the USA Patriot Act that are set to expire in December, calling them "exceptional" tools to help protect national security. The law, passed shortly after the Sept. 11, 2001, terrorist attacks, created divisions between proponents, who said it was necessary to deter terrorism, and privacy advocates warning that it tramples on Americans' civil liberties. Portions of the law are up for reauthorization this year. Mueller told members of the Senate Judiciary Committee he hopes that the reauthorization of two provisions would be far less controversial than in previous years. One of those provisions, which helps authorities secure access to business records, "has been exceptionally helpful in our national security investigations," he said. In response to a question from Sen. Benjamin L. Cardin (D-Md.), Mueller said that his agents had used the provision about 220 times between 2004 and 2007. Data for last year were not yet available, he said. The measure allows investigators probing terrorism to seek a suspect's records from third parties such as financial services and travel and telephone companies without notifying the suspect. The American Civil Liberties Union has criticized the provision, saying it violates the First Amendment rights of U.S. citizens. Another provision, permitting roving wiretaps of terrorism suspects, was used 147 times and has helped eliminate "an awful lot of paperwork," Mueller said. In the past, authorities had to seek court approval for each electronic device carried by a suspect, from a cellphone and a BlackBerry to a home computer. But under the provision, one warrant can cover all of those machines. The ACLU issued a report this month describing "widespread abuse" of government authority under the Patriot Act. "The Patriot Act has been disastrous for Americans' rights," said Caroline Frederickson, the director of the ACLU's Washington Legislative Office. "Congress should use this year's Patriot Act reauthorization as an opportunity to reexamine all of our surveillance laws." ad_icon Agents' use of the Patriot Act and other sensitive investigative tools has been a source of friction between FBI officials and Democratic lawmakers. Mueller said he has not had a chance to meet with new Justice Department or White House officials regarding their views on the Patriot Act. But at the Senate confirmation hearing for Attorney General Eric H. Holder Jr. in January, Mueller expressed at least moderate support for renewing the provisions that will sunset in December. David Kris, an expert on intelligence laws, won unanimous Senate confirmation yesterday as the new leader of the Justice Department's National Security Division. He will play an important role in the Patriot Act reauthorization and in supervising the FBI's national security operations. "It is important that [Congress] examine more specifics," Cardin told the FBI director. "We want to make sure you have the tools that you need and that you have appropriate oversight. There may need to be modifications . . . a fine-tuning of these provisions to make sure they are effective and used as intended by Congress." From rforno at infowarrior.org Thu Mar 26 18:50:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Mar 2009 14:50:31 -0400 Subject: [Infowarrior] - Humor (or truth?) -- UK Terror Poster Remixes Message-ID: (c/o BoingBoing) Yesterday's remix challenge -- to mock the ridiculous new "anti- terrorism" posters the London police have put up that tell you to spy on your neighbors -- was a smashing success. I've collected the 25 or so that came in to date below (sorry if I missed one or two -- I did it all by hand!) -- click through to see them all and prepare to laugh and weep and laugh and weep. http://www.boingboing.net/2009/03/26/remixes-of-the-paran.html#more From rforno at infowarrior.org Fri Mar 27 14:19:06 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Mar 2009 10:19:06 -0400 Subject: [Infowarrior] - Terrorist Identities Datamart Environment (TIDE) Message-ID: <502C3F9B-B509-41E3-996B-79412BECFC6F@infowarrior.org> http://www.nctc.gov/docs/Tide_Fact_Sheet.pdf National Counterterrorism Center Terrorist Identities Datamart Environment (TIDE) March 9, 2009 What is TIDE? The Terrorist Identities Datamart Environment (TIDE) is the US Government?s (USG) central repository of information on international terrorist identities as established by the Intelligence Reform and Terrorism Prevention Act of 2004. TIDE supports the USG?s various terrorist screening systems or ?watchlists? and the US Intelligence Community?s overall counterterrorism mission. The Terrorist Identities Group (TIG), located in NCTC?s Information Sharing & Knowledge Development Directorate (ISKD), is responsible for building and maintaining TIDE. The TIDE database includes, to the extent permitted by law, all information the U.S. government possesses related to the identities of individuals known or appropriately suspected to be or have been involved in activities constituting, in preparation for, in aid of, or related to terrorism, with the exception of Purely Domestic Terrorism information. What types of conduct warrant inclusion in TIDE? A non-exclusive list of types of conduct that will warrant both entry into TIDE and terrorist screening nomination includes persons who: ? Commit international terrorist activity; ? Prepare or plan international terrorist activity; ? Gather information on potential targets for international terrorist activity; ? Solicit funds or other things of value for international terrorist activity or a terrorist organization; ? Solicit membership in an international terrorist organization; ? Provide material support, i.e. safe house, transportation, communications, funds, transfer of funds or other material financial benefit, false documentation or identification, weapons, explosives, or training; ? Are members of or represent a foreign terrorist organization. Federal agencies nominate individuals for inclusion in TIDE based on evaluations of intelligence and law enforcement terrorism information. How is information from TIDE used for watchlists? Each day analysts create and enhance TIDE records based on their review of nominations received. Every evening, TIDE analysts export a sensitive but unclassified subset of the data containing the terrorist identifiers to the FBI?s Terrorist Screening Center (TSC) for use in the USG?s consolidated watchlist. This consolidated watchlist, which is a critical tool for homeland security, supports screening processes to detect and interdict known and suspected terrorists at home and abroad ? for example, the Transportation Security Administration?s ?No Fly? list and the Department of State?s visa database, among others. For more information see www.fbi.gov/terrorinfo/counterterrorism/ tsc.htm. How many names are in TIDE? As of January 2009, TIDE contained more than 564,000 names, but only about 500,000 separate "identities" because of the use of aliases and name variants. U.S. Persons (including both citizens and legal permanent residents) make up less than five percent of the listings. [>28,000.] Why are people without terrorist ties sometimes delayed when traveling? Both TIDE and many of the end user screening systems are names based, which means that people with names similar to those in the database may be stopped for additional screening by TSA or at a port of entry. The Department of Homeland Security (DHA) Traveler Redress Inquiry Program (DHS Trip) was launched in February 2007. Travelers can use this program to request resolution of possible watchlist misindentification issues with any of the component agencies at: http://www.dhs.gov/trip . Are names ever removed from TIDE? Yes. In 2008 more than 27,000 names were removed from TIDE when it was determined that they no longer met the criteria for inclusion. From rforno at infowarrior.org Fri Mar 27 14:45:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Mar 2009 10:45:17 -0400 Subject: [Infowarrior] - FAA wants to keep bird strike records confidential Message-ID: <8FEA0B69-0A7B-443A-A419-D10CBDEB3AB9@infowarrior.org> FAA wants to keep bird strike records confidential http://www.google.com/hostednews/ap/article/ALeqM5jY8-kkW9-PHtlRozIgDmYbO5aOcQD976DS4O0 WASHINGTON (AP) ? The Federal Aviation Administration has reversed itself after promising to disclose records about how frequently commercial planes are damaged by hitting flying birds. The agency now wants to keep those government records secret from air travelers because it fears that if the public found out the information then airports and air carriers wouldn't report damage from birds. The FAA had promised The Associated Press, in a conference call with senior FAA officials on Feb. 18, that it would turn over the data within days. Since then, the FAA has said only that the AP's request for the data under the Freedom of Information Act was "under review." The AP asked for the information in January. Last week, the FAA quietly proposed keeping the data secret. Copyright ? 2009 The Associated Press. All rights reserved. From rforno at infowarrior.org Fri Mar 27 19:31:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Mar 2009 15:31:26 -0400 Subject: [Infowarrior] - FTC: We'll "come calling" about deceptive DRM Message-ID: <29FDD50F-580F-4FDC-9177-6D0305B45100@infowarrior.org> FTC: We'll "come calling" about deceptive DRM http://arstechnica.com/tech-policy/news/2009/03/ftc-well-come-calling-about-deceptive-drm.ars The Federal Trade Commission kicked off its big DRM conference in Seattle Wednesday morning by saying that the goal was not to "take sides" over the question of whether DRM is good or bad?but the conference nevertheless opened with a warning. Mary Engle, an FTC Acting Deputy Director, began her remarks by warning that those who use DRM had better get serious about disclosing it and the limits that it places on products. She referenced the Sony BMG rootkit debacle, saying that "sellers who use DRM technology to enforce the terms of bargains with consumers need to be particularly careful to disclose in advance" what those bargains are. An executive vice president at the MPAA kicked things off by talking up the merits of DRM. Far from being a soul-crushing, computer- polluting, freedom-slaying hydra, DRM actually makes all sorts of great things possible. And just stuffing the disclosure into the fine print of an End User License Agreement (EULA) isn't good enough. "If your advertising giveth and your EULA taketh away," she said, "don't be surprised if the FTC comes calling." She stressed that it was not permissible for companies to play Lucy to consumers' Charlie Brown, holding the football and promising that this time she won't yank it away at the last minute. Promising "if you buy our DRM downloads, we won't shut down the authentication serves this time," she said, wasn't enough. No consensus The FTC wasn't using the conference to announce new policy initiatives or regulatory principles, so most of the event consisted of short presentations by speakers from across the spectrum. Not surprisingly, disagreement wasn't hard to find. Fritz Attaway, an executive vice president at the MPAA, kicked things off by talking up the merits of DRM. Far from being a soul-crushing, computer-polluting, freedom-slaying hydra, DRM actually makes all sorts of great things possible. "Without DRM technology, how could we provide consumers with choices?" he asked, referring to streaming, rental, and subscription models. Besides, "DRM technologies are for the most part transparent," Attaway added, pointing to DVDs as his example. DVDs just work; no one has to think about DRM, it gets out of the way and allows people to enjoy films while preventing them from making a copy for everyone on the block. Professor Salil Mehra flipped this around, saying that DRM wasn't quite fraud but that "something like fraud happens with the way in which DRM is implemented." While companies rarely lie about what a particular DRM scheme will do, plenty are willing to bury that information, knowing that consumers won't be happy about the limitations. This brought an almost incredulous response from Jason Schultz, who heads the Samuelson Law, Technology, and Public Policy Clinic at UC- Berkeley. Consumers certainly are befuddled and angered by DRM, even the relatively tame version found on DVDs, he said. Plenty of people don't understand why they can't copy a movie to an iPod or make a backup, and they don't understand why a DVD won't play when they take it to another country. Schultz even referenced the recent gift of DVD gift set from Barack Obama to UK Prime Minister Gordon Brown. When Brown returned home from his US visit and popped one of the discs in his player... region encoding prevented it from working. This sort of back-and-forth continued all morning. A lawyer who works with the MPAA and RIAA said that DRM wasn't just a "necessary evil" but was actually a "key enabling technology" for the reasons that Attaway also described. It's a "useful rhetorical device" to talk about how DRM blocks people's rights, he added, but it's basically deceptive. Professor Salil Mehra flipped this around, saying that DRM wasn't quite fraud but that "something like fraud happens with the way in which DRM is implemented." While companies rarely lie about what a particular DRM scheme will do, plenty are willing to bury that information, knowing that consumers won't be happy about the limitations. One thing that received general agreement from all parties was that better disclosure was essential. Even the pro-DRM side stressed that nothing is gained for an industry by angering its customers, and that customers get furious about things like the SonyBMG rootkit. But Corynne McSherry of the EFF threw a bit of cold water even on this idea, saying that disclosure alone is "not going to solve the problems with DRM." Copyright law is too often just about the rights of the copyright owners, she said, and the key to good law is finding balance; DRM "all too often can upset that balance," and just making this clear to consumers isn't good enough. The event continues Wednesday afternoon, and the FTC has made a live webcast available (and after-the-fact transcripts will follow). From rforno at infowarrior.org Fri Mar 27 20:02:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Mar 2009 16:02:27 -0400 Subject: [Infowarrior] - Longtime NBC newsman Irving R. Levine dies at 86 Message-ID: Longtime NBC newsman Irving R. Levine dies at 86 http://www.google.com/hostednews/ap/article/ALeqM5h-fQ-HruUlzJZ0n-m0Y6cTnc4F_wD976HDJO0 BOCA RATON, Fla. (AP) ? Irving R. Levine, the professorial NBC newsman who explained the fine points of economics to millions of viewers for nearly a quarter century, has died. He was 86. Levine died Thursday, announced Kevin M. Ross, president of Lynn University in Boca Raton. Levine taught at the school after leaving NBC. Further details of his death were not immediately available. Known for his dry, measured delivery and trademark bow ties, Levine was a presence at NBC since 1950 when he began covering the Korean War until his retirement in 1995. He had become the network's full-time economics correspondent in 1971 and in the last five years of his tenure also did weekly commentaries on CNBC. He also appeared on "Meet the Press" more than 100 times over the years. After retiring from NBC, Levine joined Lynn University as dean of the college of international communication. Born in Pawtucket, R.I., Levine began his career in 1940, writing obituaries for The Providence Journal. He also worked as a correspondent for the International News Service and The Times of London. After joining NBC, he covered assignments from Korea, Moscow and Vietnam to Algeria, Poland and South Africa. As NBC correspondent in the Soviet Union, he did a half-hour program in 1955 giving a tourist's eye view of Moscow, showing Cold War-era Americans that the Communist capital had "an amusement park not unlike Coney Island (and) another park in which old men played chess and mothers relaxed with their children," The New York Times reported. He explored similar themes in his 1959 book, "Main Street, U.S.S.R." In 1965, while in Rome, he interviewed the great film director Federico Fellini. In a 1995 New York Times interview, he recalled that he had hoped to cover the State Department after winding up his foreign correspondent days. But NBC bosses asked him early in 1971 to cover business news instead. "It was a barren time," Levine said. "Producers just weren't interested in those stories." By the time he retired, though, business news on television was a booming field ? though he noted in 1995 that something like the Oklahoma city bombing or the O.J. Simpson trial could still push it aside. At a welcoming ceremony at the Boca Raton school later that year, Levine said he didn't miss the daily grind but still read three or four newspapers every day, quipping, "Once a news junkie, always a news junkie." He retired from the school in 2004 but continued to be a prominent fixture on campus, a statement from the university said. He is survived by his wife, Nancy, and their three children, Jeffrey, Daniel and Jennifer. In a humorous 2001 essay in The New York Times, Levine welcomed the return of the middle initial as epitomized by then-new President George W. Bush. He recalled that producers trying to shorten a television news story of his "finally suggested I drop the R in my sign-off, Irving R. Levine. I held my ground." "`No,' I said, 'I'd rather drop the B in NBC.'" Associated Press writer Polly Anderson in New York contributed to this report. Copyright ? 2009 The Associated Press. All rights reserved. From rforno at infowarrior.org Sat Mar 28 00:02:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Mar 2009 20:02:37 -0400 Subject: [Infowarrior] - Fwd: [attrition] podcast: Risky Business #100 -- L0phtCrack is back, Jericho Speaks References: Message-ID: > > http://risky.biz/netcasts/risky-business/risky-business-100-l0phtcrack-back > > "In this week's sponsor interview, Tenable Network Security analyst > and > Open Security Foundation dude Brian "Jericho" Martin pops in for a > chat > about dataloss -- are you more likely to lose data through a USB > key, lost > laptop or an actual attack?" > > (lyger note: here we go again, what a freaking media whore... just > hire > an agent already and get over it.) > > > > ______________________________________________ > Attrition Mailing List (http://attrition.org) From rforno at infowarrior.org Sat Mar 28 00:04:06 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Mar 2009 20:04:06 -0400 Subject: [Infowarrior] - Ranum: The Anatomy of Security Disasters Message-ID: Introduction: Truth Since I started in security, 20 years ago, "they aren?t taking security seriously" has been the constant complaint of the security expert. Even in organizations where security is taken seriously, it has been at the expense of living in a constant relationship of opposing management or other business units. Some of us enjoy the strife; most don?t. In fact, most of us enjoy being employed more than we enjoy being right. So, what?s going on? We?ve finally managed to get security on the road- map for many major organizations, thanks to initiatives like PCI and some of the government IT audit standards. But is that true? Was it PCI that got security its current place at the table, or was it Heartland Data, ChoicePoint, TJX, and the Social Security Administration? This is a serious, and important, question because the answer tells us a lot about whether or not the effort is ultimately going to be successful. If we are fixing things only in response to failure, we can look forward to an unending litany of failures, whereas if we are improving things in advance of problems, we are building an infrastructure that is designed to last beyond our immediate needs. Our challenge, as security practitioners, has always been to balance risk ? the tradeoff between the danger of doing something and the opportunity it presents. Since we?re not working in a field where the probabilities are simple, like they are on a roulette wheel, we?ve had to resort to making guesses, and trying to answer unanswerable questions. I don?t know a single senior security practitioner who has not, at some point or other, had to defend an estimated likelihood of a bad thing happening against an estimated business benefit. In those cases, the result has less to do with security and more to do with whose meeting-organizational skills are superior, or who?s better at explaining their viewpoint. I?ve seen major security-critical business decisions get made based on whose golf buddy runs what business unit ? I?m very skeptical of the notion that "Risk Management" has any value beyond the butt-covering obviousness of having made an attempt.... < - > http://blog.tenablesecurity.com/2009/03/ranums-rants-the-anatomy-of-security-disasters.html From rforno at infowarrior.org Sat Mar 28 00:18:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Mar 2009 20:18:40 -0400 Subject: [Infowarrior] - MPAA Negotiates With ISPs to Disconnect or Penalize Copyright Offenders Message-ID: MPAA Negotiates With ISPs to Disconnect or Penalize Copyright Offenders By David Kravets EmailMarch 27, 2009 | 4:34:00 PMCategories: Intellectual Property http://blog.wired.com/27bstroke6/2009/03/mpaa-asking-isp.html Hollywood studios are negotiating with broadband providers to take action against customers caught downloading movies repeatedly. Penalties range from redirecting infringers' browsers to an anti- piracy message and disconnecting them entirely, a movie industry source familiar with the talks said Friday. The revelation came as the Recording Industry Association of America is talking with the same ISPs to get them to adopt a "three-strikes" plan and cut internet access to repeat infringers of music copyright. The RIAA proposal aims to make music fans stop trading pirated material, while limiting industry lawsuits that target individual offenders who face court damages of as much as $150,000 an infringement. A source familiar with Hollywood's negotiations says the movie industry's plans, which could be announced as early as next month, are still fluid and nothing has been finalized. The source, who requested anonymity, said the ISPs ultimately could decide on a range of proposed sanctions, including suspending service to those found sharing copyright material. "Our efforts are focused on educating consumers who receive infringement notifications for illegal downloading about where to find high-quality, legitimate content on the internet and on effective ways to deal with repeat infringers," the Motion Picture Association of America said in a statement. The association, which is the lobbying agency for the Hollywood studios, declined to elaborate. The major ISPs, however, have thus far balked at terminating their clients. The studios and ISPs are also discussing "browser redirect." The browser of a suspected copyright scofflaw would point to the internet service provider's terms of service agreement that informs users they risk losing internet access for illicit conduct. Violators who lose service potentially face reconnect fees as well. "Everybody," the source said, "is trying to figure out what the best approach is." From rforno at infowarrior.org Sat Mar 28 00:25:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Mar 2009 20:25:23 -0400 Subject: [Infowarrior] - UK cops identify 200 children as potential terrorists Message-ID: <4F51205A-F321-4B06-ABA5-BC2B353106C5@infowarrior.org> Police identify 200 children as potential terrorists Drastic new tactics to prevent school pupils as young as 13 falling into extremism Exclusive by Mark Hughes Crime correspondent Saturday, 28 March 2009 http://www.independent.co.uk/news/uk/crime/police-identify-200-children-as-potential-terrorists-1656027.html Two hundred schoolchildren in Britain, some as young as 13, have been identified as potential terrorists by a police scheme that aims to spot youngsters who are "vulnerable" to Islamic radicalisation. The number was revealed to The Independent by Sir Norman Bettison, the chief constable of West Yorkshire Police and Britain's most senior officer in charge of terror prevention. He said the "Channel project" had intervened in the cases of at least 200 children who were thought to be at risk of extremism, since it began 18 months ago. The number has leapt from 10 children identified by June 2008. The programme, run by the Association of Chief Police Officers, asks teachers, parents and other community figures to be vigilant for signs that may indicate an attraction to extreme views or susceptibility to being "groomed" by radicalisers. Sir Norman, whose force covers the area in which all four 7 July 2005 bombers grew up, said: "What will often manifest itself is what might be regarded as racism and the adoption of bad attitudes towards 'the West'. "One of the four bombers of 7 July was, on the face of it, a model student. He had never been in trouble with the police, was the son of a well-established family and was employed and integrated into society. "But when we went back to his teachers they remarked on the things he used to write. In his exercise books he had written comments praising al-Qa'ida. That was not seen at the time as being substantive. Now we would hope that teachers might intervene, speak to the child's family or perhaps the local imam who could then speak to the young man." The Channel project was originally piloted in Lancashire and the Metropolitan Police borough of Lambeth in 2007, but in February last year it was extended to West Yorkshire, the Midlands, Bedfordshire and South Wales. Due to its success there are now plans to roll it out to the rest of London, Thames Valley, South Yorkshire, Greater Manchester, Leicestershire, Nottinghamshire, and West Sussex. The scheme, funded by the Home Office, involves officers working alongside Muslim communities to identify impressionable children who are at risk of radicalisation or who have shown an interest in extremist material ? on the internet or in books. Once identified the children are subject to a "programme of intervention tailored to the needs of the individual". Sir Norman said this could involve discussions with family, outreach workers or the local imam, but he added that "a handful have had intervention directly by the police". He stressed that the system was not being used to target the Muslim community. "The whole ethos is to build a relationship, on the basis of trust and confidence, with those communities," said Sir Norman. "With the help of these communities we can identify the kids who are vulnerable to the message and influenced by the message. The challenge is to intervene and offer guidance, not necessarily to prosecute them, but to address their grievance, their growing sense of hate and potential to do something violent in the name of some misinterpretation of a faith. "We are targeting criminals and would-be terrorists who happen to be cloaking themselves in Islamic rhetoric. That is not the same as targeting the Muslim community." Nor was it criminalising children, he added. "The analogy I use is that it is similar to our well-established drugs intervention programmes. Teachers in schools are trained to identify pupils who might be experimenting with drugs, take them to one side and talk to them. That does not automatically mean that these kids are going to become crack cocaine or heroin addicts. The same is true around this issue." But Inayat Bunglawala of the Muslim Council of Britain said the police ran the risk of infringing on children's privacy. He warned: "There is a difference between the police being concerned or believing a person may be at risk of recruitment and a person actually engaging in unlawful, terrorist activity. "That said, clearly in recent years some people have been lured by terrorist propaganda emanating from al-Qa'ida-inspired groups. It would seem that a number of Muslim youngsters have been seduced by that narrative and all of us, including the Government, have a role to play in making sure that narrative is seen for what it is: a nihilistic one which offers no hope, only death and destruction." A Home Office spokesman said: "We are committed to stopping people becoming or supporting terrorists or violent extremists. The aim of the Channel project is to directly support vulnerable people by providing supportive interventions when families, communities and networks raise concerns about their behaviour." From rforno at infowarrior.org Sat Mar 28 14:43:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Mar 2009 10:43:01 -0400 Subject: [Infowarrior] - Melissa virus turns 10 Message-ID: March 28, 2009 6:00 AM PDT Melissa virus turns 10 by Elinor Mills http://news.cnet.com/8301-1009_3-10206275-83.html?part=rss&subj=news&tag=2547-1_3-0-20 A decade ago there was no Facebook, no iPhone, and no Conficker. There was dial-up and AOL and a nasty virus called Melissa that ended up being the fastest spreading virus at the time. CNET News talked to Dmitry Graznov, a senior research architect at McAfee Avert Labs who was among the researchers who worked to fight the Melissa outbreak and track down the creator. Q: How was Melissa discovered? Graznov: Avert as a whole discovered it as did some of the competitors. It was submitted to us by customers as it started to spread around the world (on March 26, 1999). What made Melissa different from previous viruses? Graznov: It was the first mass-mailing virus, which used e-mail to spread on a large scale. What harm did the virus do? Graznov: In some cases the load on the e-mail servers in some organizations was so high that the servers were effectively shut down. How many computers were affected and what did the virus do? Graznov: Hundreds of thousands of computers were affected. That's a guess...Melissa infected other documents a user opened in Microsoft Word. It also connected to Outlook if it was running and selected 50 entries in the address book and e-mailed an infected document to those addresses...including mailing lists...As a result, the virus was sent not just to 50 people, but to thousands of people easily. We didn't have any firm numbers to go by, but we did have reports from customers saying their Exchange servers were overwhelmed. How long did the outbreak last? Graznov: Several days, but the infections continued to be registered for a long time after that. It was just a macro virus and we were well equipped to provide detection and removal for people's computers even then...The fact that it was so widespread in the world already meant it took a long time to remove the infections. Security researcher Dmitry Graznov as he looked in 1999 when he was chasing down the creator of the Melissa virus for McAfee Avert Labs. (Credit: Dmitry Graznov) How did the virus writer get caught? Graznov: I was running, actually still am, a project called Usenet Virus Patrol, which scans Usenet articles for viruses. The author of Melissa posted the virus to a newsgroup called "alt.sex." It was zipped up and sent as if it was a list of passwords to like 80- something different porno sites...It was just bait to entice people into downloading it and opening it. Once it was opened, it started e- mailing itself around. It was relatively easy to go back and find the exact Usenet posting that started all this. In the header of the posting it was possible to find out not only the e-mail address from which it was sent but also the IP address of the computer from which it was sent. That IP was linked to an AOL account and from that the FBI subpoenaed AOL and they provided the dial-in logs...and found out what computer was assigned that IP address and from what telephone number the call was made. The AOL account was a compromised one...The phone call that used that account came from New Jersey and the FBI linked the phone number to a particular address. That is how they found the guy's computer...The data we provided them was the clue that led straight to the criminal. (David L. Smith pleaded guilty and was sentenced to 20 months in prison and $5,000 in fines.) What was the motivation behind Melissa? Graznov: There was no material gain. Back then, people didn't do it for money. They did it for mischief, for fame...Today there is huge money in computer crime...Back then, we had 200 times fewer pieces of malware than we have today. Any comments on Conficker and Melissa and how far we've come? Graznov: Conficker is a completely different type of thing. It's not a macro virus. It's an executable and a botnet, and it downloads lots of stuff on your computer. It's basically a network for sale. It can be rented out. It can be used for password stealing. Back in 1999 there wasn't such a thing as a business model for malware...Today, big money is involved in computer malware. You cannot even compare them. Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service, and the Associated Press. E-mail Elinor. From rforno at infowarrior.org Sat Mar 28 22:02:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Mar 2009 18:02:51 -0400 Subject: [Infowarrior] - Vast Spy System Loots Computers in 103 Countries Message-ID: Vast Spy System Loots Computers in 103 Countries By JOHN MARKOFF http://www.nytimes.com/2009/03/29/technology/29spy.html?pagewanted=print TORONTO ? A vast electronic spying operation has infiltrated computers and has stolen documents from hundreds of government and private offices around the world, including those of the Dalai Lama, Canadian researchers have concluded. In a report to be issued this weekend, the researchers said that the system was being controlled from computers based almost exclusively in China, but that they could not say conclusively that the Chinese government was involved. The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software, or malware. Their sleuthing opened a window into a broader operation that, in less than two years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama?s Tibetan exile centers in India, Brussels, London and New York. The researchers, who have a record of detecting computer espionage, said they believed that in addition to the spying on the Dalai Lama, the system, which they called GhostNet, was focused on the governments of South Asian and Southeast Asian countries. Intelligence analysts say many governments, including those of China, Russia and the United States, and other parties use sophisticated computer programs to covertly gather information. The newly reported spying operation is by far the largest to come to light in terms of countries affected. This is also believed to be the first time researchers have been able to expose the workings of a computer system used in an intrusion of this magnitude. Still going strong, the operation continues to invade and monitor more than a dozen new computers a week, the researchers said in their report, ?Tracking ?GhostNet?: Investigating a Cyber Espionage Network.? They said they had found no evidence that United States government offices had been infiltrated, although a NATO computer was monitored by the spies for half a day and computers of the Indian Embassy in Washington were infiltrated. The malware is remarkable both for its sweep ? in computer jargon, it has not been merely ?phishing? for random consumers? information, but ?whaling? for particular important targets ? and for its Big Brother- style capacities. It can, for example, turn on the camera and audio- recording functions of an infected computer, enabling monitors to see and hear what goes on in a room. The investigators say they do not know if this facet has been employed. The researchers were able to monitor the commands given to infected computers and to see the names of documents retrieved by the spies, but in most cases the contents of the stolen files have not been determined. Working with the Tibetans, however, the researchers found that specific correspondence had been stolen and that the intruders had gained control of the electronic mail server computers of the Dalai Lama?s organization. The electronic spy game has had at least some real-world impact, they said. For example, they said, after an e-mail invitation was sent by the Dalai Lama?s office to a foreign diplomat, the Chinese government made a call to the diplomat discouraging a visit. And a woman working for a group making Internet contacts between Tibetan exiles and Chinese citizens was stopped by Chinese intelligence officers on her way back to Tibet, shown transcripts of her online conversations and warned to stop her political activities. The Toronto researchers said they had notified international law enforcement agencies of the spying operation, which in their view exposed basic shortcomings in the legal structure of cyberspace. The F.B.I. declined to comment on the operation. Although the Canadian researchers said that most of the computers behind the spying were in China, they cautioned against concluding that China?s government was involved. The spying could be a nonstate, for-profit operation, for example, or one run by private citizens in China known as ?patriotic hackers.? ?We?re a bit more careful about it, knowing the nuance of what happens in the subterranean realms,? said Ronald J. Deibert, a member of the research group and an associate professor of political science at Munk. ?This could well be the C.I.A. or the Russians. It?s a murky realm that we?re lifting the lid on.? A spokesman for the Chinese Consulate in New York dismissed the idea that China was involved. ?These are old stories and they are nonsense,? the spokesman, Wenqi Gao, said. ?The Chinese government is opposed to and strictly forbids any cybercrime.? The Toronto researchers, who allowed a reporter for The New York Times to review the spies? digital tracks, are publishing their findings in Information Warfare Monitor, an online publication associated with the Munk Center. At the same time, two computer researchers at Cambridge University in Britain who worked on the part of the investigation related to the Tibetans, are releasing an independent report. They do fault China, and they warned that other hackers could adopt the tactics used in the malware operation. ?What Chinese spooks did in 2008, Russian crooks will do in 2010 and even low-budget criminals from less developed countries will follow in due course,? the Cambridge researchers, Shishir Nagaraja and Ross Anderson, wrote in their report, ?The Snooping Dragon: Social Malware Surveillance of the Tibetan Movement.? In any case, it was suspicions of Chinese interference that led to the discovery of the spy operation. Last summer, the office of the Dalai Lama invited two specialists to India to audit computers used by the Dalai Lama?s organization. The specialists, Greg Walton, the editor of Information Warfare Monitor, and Mr. Nagaraja, a network security expert, found that the computers had indeed been infected and that intruders had stolen files from personal computers serving several Tibetan exile groups. Back in Toronto, Mr. Walton shared data with colleagues at the Munk Center?s computer lab. One of them was Nart Villeneuve, 34, a graduate student and self- taught ?white hat? hacker with dazzling technical skills. Last year, Mr. Villeneuve linked the Chinese version of the Skype communications service to a Chinese government operation that was systematically eavesdropping on users? instant-messaging sessions. Early this month, Mr. Villeneuve noticed an odd string of 22 characters embedded in files created by the malicious software and searched for it with Google. It led him to a group of computers on Hainan Island, off China, and to a Web site that would prove to be critically important. In a puzzling security lapse, the Web page that Mr. Villeneuve found was not protected by a password, while much of the rest of the system uses encryption. Mr. Villeneuve and his colleagues figured out how the operation worked by commanding it to infect a system in their computer lab in Toronto. On March 12, the spies took their own bait. Mr. Villeneuve watched a brief series of commands flicker on his computer screen as someone ? presumably in China ? rummaged through the files. Finding nothing of interest, the intruder soon disappeared. Through trial and error, the researchers learned to use the system?s Chinese-language ?dashboard? ? a control panel reachable with a standard Web browser ? by which one could manipulate the more than 1,200 computers worldwide that had by then been infected. Infection happens two ways. In one method, a user?s clicking on a document attached to an e-mail message lets the system covertly install software deep in the target operating system. Alternatively, a user clicks on a Web link in an e-mail message and is taken directly to a ?poisoned? Web site. The researchers said they avoided breaking any laws during three weeks of monitoring and extensively experimenting with the system?s unprotected software control panel. They provided, among other information, a log of compromised computers dating to May 22, 2007. They found that three of the four control servers were in different provinces in China ? Hainan, Guangdong and Sichuan ? while the fourth was discovered to be at a Web-hosting company based in Southern California. Beyond that, said Rafal A. Rohozinski, one of the investigators, ?attribution is difficult because there is no agreed upon international legal framework for being able to pursue investigations down to their logical conclusion, which is highly local.? From rforno at infowarrior.org Sat Mar 28 23:36:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Mar 2009 19:36:49 -0400 Subject: [Infowarrior] - SRI Conficker Analysis Message-ID: <8405740A-3023-4F20-B540-D97905DB986D@infowarrior.org> SRI International Technical Reports An Analysis of Conficker's Logic and Rendezvous Points (4 FEB) Phillip Porras, Hassen Saidi, and Vinod Yegneswaran http://mtc.sri.com/Conficker Addendum: Conficker C Analysis (19 MAR) http://mtc.sri.com/Conficker/addendumC/index.html Computer Science Laboratory SRI International 333 Ravenswood Avenue Menlo Park CA 94025 USA From rforno at infowarrior.org Sun Mar 29 02:09:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Mar 2009 22:09:58 -0400 (EDT) Subject: [Infowarrior] - Is the UN attacking free speech? Message-ID: Published: March 27,2009 Send to a friend Free Expression Assault Continues at UN Human Rights Council http://newsblaze.com/story/20090327170413zzzz.nb/topstory.html Freedom House condemns the UN Human Rights Council for undermining the universal right to freedom of expression by once again passing a resolution that urges members to adopt laws outlawing criticism of religions. The "defamation of religions" resolution, introduced by Pakistan on behalf of the Organization for the Islamic Conference (OIC), passed today by a vote of 23-11, with 13 abstentions. Muslim nations have been introducing similar resolutions since 1999, arguing that Islam-the only religion specifically cited in the text-must be shielded from unfair associations with terrorism and human rights abuses. "These countries are using the UN to expand and bring legitimacy to their frontal assault on freedom of expression," said Paula Schriefer, Freedom House advocacy director. "This assault starts at the level of domestic blasphemy laws present in many OIC countries, which are routinely employed to harass and imprison religious minorities, political dissenters and human rights advocates, and is elevated to the international level through resolutions at the UN." Freedom House is especially disappointed that South Africa, a liberal democracy whose citizens' have a deep understanding of how such laws are used to punish dissenters, continues to back these resolutions. Similarly, strong democracies such as South Korea, Japan, India, Mexico and Brazil should have actively worked to defeat the resolution, instead of casting abstention votes. In contrast, Freedom House applauds the leadership shown by Chile in rejecting the resolution and hopes that Chile will work to persuade other Latin American countries to vote in a manner that accurately reflects the democratic nature of their region. Such an effort would send a message that freedom of expression is a universal right and not just a right to be enjoyed by the citizens of Western democracies. Text condemning "defamation of religions" was originally part of a draft declaration to be issued at the Durban II anti-racism conference in Geneva next month. But it was withdrawn after Western nations said they would pull out of the UN conference unless it was removed. In addition, supporters of "defamation of religions" are increasingly attempting to incorporate the concept into existing human rights law, such as the International Covenant on Civil and Political Rights (ICCPR). They claim that "defamation of religions" leads to "incitement of hatred or violence," which is a legitimate restriction under the ICCPR's Article 20. "It's preposterous to suggest that criticizing or satirizing a religion automatically leads to hatred or violence or in any way prevents its adherents from practicing their faith," said Schriefer. "In fact, the ability to question religious beliefs or tenets is not only a right of free expression, but a critical aspect to freedom of religion itself." Of the 14 OIC members on the council, only Indonesia is ranked Free in Freedom in the World, Freedom House's annual assessment of political rights and civil liberties. Four of these countries-Cameroon, Egypt, Qatar and Saudi Arabia-are ranked Not Free, demonstrating an absence of political rights and a systematic denial of basic civil liberties. A further analysis of Freedom in the World comparing levels of freedom of expression and belief within OIC countries to regional groupings finds that only the Middle East and North Africa would receive a lower score in these categories. image001 For more information on defamation of religion, visit: Freedom of Expression Under Fire Freedom House is an independent nongovernmental organization that supports the expansion of freedom in the world. Freedom matters. Freedom House makes a difference. www.freedomhouse.org From rforno at infowarrior.org Sun Mar 29 05:08:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Mar 2009 01:08:09 -0400 Subject: [Infowarrior] - Report: Tracking GhostNet (PDF) Message-ID: Tracking GhostNet: Investigating a Cyber Espionage Network http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network Description This report documents the GhostNet - a suspected cyber espionage network of over 1,295 infected computers in 103 countries, 30% of which are high-value targets, including ministries of foreign affairs, embassies, international organizations, news media, and NGOs. The capabilities of GhostNet are far-reaching. The report reveals that Tibetan computer systems were compromised giving attackers access to potentially sensitive information, including documents from the private office of the Dalai Lama. The report presents evidence showing that numerous computer systems were compromised in ways that circumstantially point to China as the culprit. But the report is careful not to draw conclusions about the exact motivation or the identity of the attacker(s), or how to accurately characterize this network of infections as a whole. The report argues that attribution can be obscured. The report concludes that who is in control of GhostNet is less important than the opportunity for generating strategic intelligence that it represents. The report underscores the growing capabilities of computer network exploitation, the ease by which cyberspace can be used as a vector for new do-it-yourself form of signals intelligence. It ends with warning to policy makers that information security requires serious attention. http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network From rforno at infowarrior.org Sun Mar 29 16:10:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Mar 2009 12:10:24 -0400 Subject: [Infowarrior] - =?windows-1252?q?OpEd=3A_Tell_Us_the_Future=2E_Th?= =?windows-1252?q?en_Again=2C_Don=92t=2E?= Message-ID: Tell Us the Future. Then Again, Don?t. By BEN STEIN Published: March 28, 2009 http://www.nytimes.com/2009/03/29/business/29every.html?_r=1&ref=media I AM bemused by the contretemps between Jon Stewart, of ?The Daily Show? on Comedy Central, and my longtime friend Jim Cramer of CNBC. As you may know, Mr. Cramer appeared earlier this month on ?The Daily Show,? where Mr. Stewart yelled and cursed at him, saying he did not let Americans know just how serious the problems were on Wall Street. Previously on his program, Mr. Stewart berated Mr. Cramer?s stock- picking; the criticism was especially sharp about his earlier optimistic talk about Bear Stearns. During the colloquy, Mr. Stewart lambasted Mr. Cramer as failing to anticipate events and inform his audience about those events. I am bemused because I have long noticed that almost all economic pundits and soothsayers ? whether on television, in newspapers, or at brokerage firms and conferences, are asked to tell the future. And most of them agree to try to do so, and the really successful ones actually say they can do it ? and they say it with extreme conviction. Some of them are stunningly well paid for their efforts, even though they are wrong decade after decade. And I would be remiss if I did not add that I have succumbed to this temptation to speak as if I could tell what the future holds. But the fact is that we as humans cannot tell the future. It does not matter whether you are Mr. Cramer or if you are Warren Buffett, an off- the-charts genius on a scale rarely seen. It does not matter if you are Milton Friedman or Paul Samuelson or James Tobin, all Nobel laureates. Human beings cannot tell the future, or at least cannot tell it in any consistent way. Humans can?t consistently pick the right stocks or call markets, foretell political or geopolitical events or successfully predict changes in interest rates or commodity prices. Life is far too complex and baffling for the minds of mortals to understand it as it happens, let alone to predict it accurately. (I am mindful of how Professor Friedman, a true supernova of brilliance, said of economic forecasting, ?If you?re going to predict, predict often.?) Some humans shine like dazzling stars when their predictions turn out to be true, but those same humans can?t ever be counted on to replicate the feats regularly. Yet, we cry out for someone to tell us the future, like children who want to hear the end of the story. When Mr. Cramer tries to satisfy that need, he is doing no more than answering a deep human wish. But he ? and everyone else in a similar situation ? should make it clear that these are no more than opinions and guesses, which could easily be wrong and often are. This is not just boilerplate. This is life. The way it is. I was reminded of that as I wrote this in my modest apartment in Washington. I took a stroll over to the Barnes & Noble on M Street NW. There was a large table of books about Barack Obama. There were two medium-size tables of books about how to thrive in a depressed economy and another display of books about the collapse of Wall Street (none by me). Two years ago, as I recall, the books were about getting rich quick, about the glamour and glory of Wall Street and about making your fortune by flipping houses. Just two years ago, how many people would have confidently predicted that we would elect our first African-American president in 2008? Who would have imagined that Citigroup would trade for a time under $1 or that General Electric would trade for a time under $6 or that Bear Stearns and Lehman Brothers would virtually vanish, or that a graduating class of law students would be unable to get jobs or that high-end M.B.A.?s would be unemployable? And who would have guessed that we would have a fall of more than 50 percent in the broad stock indexes or that oil would triple in price and then fall by more than $100 a barrel? Some people might have seen parts of this pattern, but all of it? Again, life is far too complex to be predicted with any consistency. I DON?T blame Mr. Cramer for trying to act as if he knows the future. That?s his gig. But the most that economic seers can do is apply broad, generally acceptable principles to current situations and try to go from there. When I stray far from that, I hope that thoughtful readers will call me to account. Life is deeply, terrifyingly uncertain. I applaud a comedy guy from Comedy Central for calling us all to account. Ben Stein is a lawyer, writer, actor and economist. E-mail: ebiz at nytimes.com . From rforno at infowarrior.org Sun Mar 29 17:09:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Mar 2009 13:09:24 -0400 Subject: [Infowarrior] - MHP retracts controversial report on militia activity Message-ID: <91798A48-F6AD-4ECF-9185-B6CFC1F75869@infowarrior.org> Missouri Highway Patrol retracts controversial report on militia activity By JASON NOBLE The Star?s Jefferson City correspondent http://www.kansascity.com/637/story/1109096.html JEFFERSON CITY | The Missouri Highway Patrol this week retracted a controversial report on militia activity and will change how such reports are reviewed before being distributed to law enforcement agencies. The Highway Patrol also will open an investigation into the origin of the report, which linked conservative groups with domestic terrorism and named former presidential candidates Ron Paul, Bob Barr and Chuck Baldwin. The Highway Patrol?s announcement followed a news conference in which Lt. Gov. Peter Kinder, a Republican, suggested putting the director of public safety on administrative leave and investigating how the report was produced. The uproar revolves around a report released last month by the Missouri Information Analysis Center, a ?fusion center? for local, state and federal law enforcement agencies to collaborate on domestic security issues. The report concerned militia movements in Missouri and across the U.S., and described how they had evolved over the last several years. But it suggested that domestic militias often subscribed to radical ideologies rooted in Christian views and opposition to immigration, abortion or federal taxes. The report also stated that it was ?not uncommon? for militia members to support third-party political candidates. The Highway Patrol?s superintendent, Col. James F. Keathley, released a memo saying the report did not meet the agency?s standard for quality and would not have been released if it had been seen by top officials. ?For that reason,? Keathley wrote, ?I have ordered the MIAC to permanently cease distribution of the militia report.? The memo noted the report was compiled by an employee of the information analysis center and reviewed only by the center director before being sent to law enforcement agencies across the state. In the future, Keathley wrote, reports from the center will be reviewed by leaders of the Highway Patrol and the Department of Public Safety. On Thursday, Gov. Jay Nixon, a Democrat, expressed support for Keathley?s order and distanced his administration from the process that allowed the report to be released. ?Under a previous system, MIAC would prepare and distribute these reports to law enforcement agencies without review or approval from the colonel of the Highway Patrol or the director of Public Safety,? Nixon said. ?That?s simply not acceptable.? Conservatives in Missouri and nationally have criticized the report for lumping people with conservative political views in with domestic terrorists and potentially opening them to harassment from law enforcement. Before Keathley?s memo was released Wednesday, Kinder criticized the report for suggesting that only issues championed by conservatives motivated domestic terrorists. The report ?slanders? opponents of abortion and critics of illegal immigration, he said. ?Under the guidance of the present director, who apparently must think it is Nixon?s secret service, the Department of Public Safety has taken on the new and sinister role of political profiling,? Kinder said. Also troubling Kinder said, the report makes no mention of Islamic terrorists or those who might subscribe to ideologies associated with liberals, such as environmental radicals. The state?s response to the conservative outcry over the report evolved over the last few weeks. In one early response, the information analysis center released a statement reaffirming its ?regard for the Constitutions of the United States and Missouri? and expressing regret that ?any citizens or groups were unintentionally offended by the content of the document.? Then earlier this week, Department of Public Safety Director John M. Britt retracted the portions that noted third party and Republican presidential candidates by name and sent letters of apology to the politicians. But even with the retraction and the investigation announced Wednesday, Britt should be suspended and the General Assembly should investigate how the report was prepared, Kinder said. ?Director Britt has still not answered any of the questions about what other reports may have been developed and the procedure behind these memos,? Kinder?s spokesman, Gary McElyea, said in a statement. ?Until those questions are answered Mr. Britt should be placed on immediate leave.? Britt had no comment. To reach Jason Noble, call 573-634-3565 or send e-mail to jnoble at kcstar.com . From rforno at infowarrior.org Mon Mar 30 01:04:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Mar 2009 21:04:33 -0400 Subject: [Infowarrior] - OpEd: Propaganda.com Message-ID: <2B833D73-5BF1-4B1D-A08F-9E5C66644722@infowarrior.org> Propaganda.com By EVGENY MOROZOV Published: March 29, 2009 http://www.nytimes.com/2009/03/30/opinion/30iht-edmorozov.html This year?s report on ?enemies of the Internet? prepared by Reporters Without Borders, the international press advocacy group, paints a very gloomy picture for the freedom of expression on the Web. It finds that many governments have stepped up their attacks on the Internet, harassing bloggers and making it harder to express dissenting opinions online. These are very disturbing trends. But identifying ?Internet enemies? only on the basis of censorship and intimidation, as Reporters Without Borders has done, obfuscates the fact that these are only two components of a more comprehensive and multi-pronged approach that authoritarian governments have developed to diffuse the subversive potential of online communications. Many of these governments have honed their Internet strategies beyond censorship and are employing more subtle (and harder to detect) ways of controlling dissent, often by planting their own messages on the Web and presenting them as independent opinion. Their actions are often informed by the art of online ?astroturfing,? a technique also popular with modern corporations and PR firms. While companies use it to engineer buzz around products and events, governments are using it to create the appearance of broad popular support for their ideology. Their ultimate ambition may be to transform the Internet into a ?spinternet,? the vast and mostly anonymous areas of cyberspace under indirect government jurisdiction. The spinternet strategy could be more effective than censorship ? while there are a plenty of ways to access blocked Web sites, we do not yet have the means to distinguish spin from independent comment. In China, the spinternet is being built by the ?50 cent party,? a loose online squad of tech-savvy operators loyal to the government who are paid to troll the Internet, find dissenting views and leave anonymous comments to steer all discussions in more ?harmonious? directions. The ?50 cents? in the name stands for their meager pay rates. Plenty of local technology companies are also eager to help the government with various data-mining programs that identify dissenting views early and dispatch ?50 cent party? operators to steer the discussion away from an antigovernment direction. In Iran, the Revolutionary Guards recently announced their ambition to build their own spinternet by launching 10,000 blogs for the Basij, a paramilitary force under the Guards. This comes at a time when the Internet has become a major force in exposing corruption in the highest ranks of the Iranian leadership. The Russian government may have found an even more ingenious way of suppressing the Internet?s democratizing potential: cost. Many Internet users in Russia are still billed on the basis of the frequency and duration of their browsing sessions, and the state-owned All-Russia State Television and Radio Company has floated the idea of building a ?social Internet,? where users would pay nothing for state- approved Web sites. Such an approach is already being tested in Belarus, where Internet users can browse the government?s favored mouthpiece, ?Belarus Today,? for free ? that is, without paying their ISPs for Internet traffic, as they must for the country?s few independent media outlets. The rise of the spinternet suggests that the threats that the Internet poses to authoritarian regimes are far from unambiguous; some of these governments have turned quite adept at exploiting it for their own purposes. So while it?s important to continue documenting the direct repression of online journalists and bloggers, as organizations like Reporters Without Borders are doing, it is important to remember that there are other ways to qualify as an ?enemy of the Internet.? From rforno at infowarrior.org Mon Mar 30 02:33:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Mar 2009 22:33:57 -0400 Subject: [Infowarrior] - Social sites dent privacy efforts Message-ID: Friday, 27 March 2009 Social sites dent privacy efforts http://news.bbc.co.uk/2/hi/technology/7967648.stm Greater use of social network sites is making it harder to maintain true anonymity, suggests research. By analysing links between users of social sites, researchers were able to identify many people in supposedly anonymous data sets. The anonymised data is produced by social sites who sell it to marketing firms to generate cash. The results suggest web firms should do more to protect users' privacy, said the researchers. Circle of friends Computer scientists Arvind Narayanan and Dr Vitaly Shmatikov, from the University of Texas at Austin, developed the algorithm which turned the anonymous data back into names and addresses. The data sets are usually stripped of personally identifiable information, such as names, before it is sold to marketing companies or researchers keen to plumb it for useful information. Before now, it was thought sufficient to remove this data to make sure that the true identities of subjects could not be reconstructed. The algorithm developed by the pair looks at relationships between all the members of a social network - not just the immediate friends that members of these sites connect to. Social graphs from Twitter, Flickr and Live Journal were used in the research. The pair found that one third of those who are on both Flickr and Twitter can be identified from the completely anonymous Twitter graph. This is despite the fact that the overlap of members between the two services is thought to be about 15%. The researchers suggest that as social network sites become more heavily used, then people will find it increasingly difficult to maintain a veil of anonymity. The results also had implications for the social sites themselves, wrote the researchers. "Social-network operators should stop relying on anonymisation as the 'get out of jail' card, insofar as user privacy is concerned," they said. "They should inform users when their information is disclosed to third parties, even if this information has been anonymised, and give them the opportunity to opt out," they added. Writing about their work, the two researchers said many different organisations might be interested in reconstructing the true identities. They suggest that the information might be useful to governments interested in large scale monitoring or unscrupulous marketing firms keen to reach certain individuals. Even phishing gangs might be interested, they speculate, to make their messages look more convincing. The pair will present a paper about their work to the IEEE Symposium on Security and Privacy taking place in California from 17-20 May. From rforno at infowarrior.org Mon Mar 30 02:34:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Mar 2009 22:34:48 -0400 Subject: [Infowarrior] - Paper: De-anonymizing Social Networks Message-ID: <84320EA7-DD5D-4A71-A75A-3F71E22D678A@infowarrior.org> (full paper @ link below) De-anonymizing Social Networks Operators of online social networks are increasingly sharing potentially sensitive information about users and their relationships with advertisers, application developers, and data-mining researchers. Privacy is typically protected by anonymization, i.e., removing names, addresses, etc. We present a framework for analyzing privacy and anonymity in social networks and develop a new re-identification algorithm targeting anonymized social-network graphs. To demonstrate its effectiveness on real-world networks, we show that a third of the users who can be verified to have accounts on both Twitter, a popular microblogging service, and Flickr, an online photo-sharing site, can be re- identified in the anonymous Twitter graph with only a 12% error rate. Our de-anonymization algorithm is based purely on the network topology, does not require creation of a large number of dummy ?sybil? nodes, is robust to noise and all existing defenses, and works even when the overlap between the target network and the adversary?s auxiliary information is small. < - > http://33bits.org/2009/03/19/de-anonymizing-social-networks/ From rforno at infowarrior.org Mon Mar 30 14:11:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Mar 2009 10:11:14 -0400 Subject: [Infowarrior] - Open Cloud Manifesto now signed and delivered Message-ID: <64D50D34-B40B-4FAD-9F3C-5D83F26F6828@infowarrior.org> Open Cloud Manifesto now signed and delivered by James Urquhart http://news.cnet.com/8301-19413_3-10206843-240.html?part=rss&subj=news&tag=2547-1_3-0-20 As widely discussed since Wednesday night's leak of its existence, the Open Cloud Manifesto--originally authored by IBM--has been released for public consumption. This had been a difficult weekend for the document, first outed by Microsoft's Steven Martin and then leaked in its entirety by my Overcast co-host, Geva Perry, the next day. The discussion of the document has been muted, in part because the document is not a standards declaration or contract attached to any action or entity. Instead, it serves as a simple statement of principles that almost any cloud participant would agree with--at least publicly. However, the process in which it was brought into existence has been debated ferociously and may signify a changing of the guard in the standards world. What is perhaps more interesting, however, is the list of signatories to the document. The list below is official as of Monday morning, according to my contact at IBM: IBM Sun Microsystems VMWare AT&T Telefonica Cisco Systems EMC SAP Advanced Micro Devices Elastra rPath Juniper Networks Red Hat Hyperic Akamai Novell Sogeti Rackspace RightScale GoGrid Aptana CastIron EngineYard Eclipse SOASTA F5 LongJump NC State Enomaly Nirvanix OMG Computer Science Corp. Boomi Reservoir Appistry Heroku Note that the "big four" of cloud computing, Amazon.com, Microsoft, Google and Salesforce.com, are not signatories. However, several major players are on it, including my employer, Cisco--as well as EMC, Sun, VMware, and a host of key start-ups and established vendors throughout the industry. There is a Cloud Computing Interoperability Forum meeting scheduled to be held Monday night in conjunction with Cloud Expo in New York City in which many, if not all of the signatories, and several that refused to sign (including Microsoft) will gather to talk about the future of cloud standards. This could either be a historic meeting--or the final nail in the Manifestogate coffin. The document itself is available on Scribd, or as a PDF from the official Opencloudmanifesto.org site or Perry's Thinking Out Cloud blog. From rforno at infowarrior.org Mon Mar 30 18:20:40 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Mar 2009 14:20:40 -0400 Subject: [Infowarrior] - Amanda Palmer: "Please Drop Me" Message-ID: <41276129-F18D-4579-9593-FAADBB68DC18@infowarrior.org> Brilliantt lyrics.....audio is NSFW. :) Amanda Palmer Asks Fans To Upload Her Anti-Record Label Song To YouTube You may recall (of course) that Warner Music and Google are in a fight over YouTube. Warner Music is demanding that Google pay more than Google thinks is reasonable, so now all Warner Music Group videos have been pulled from YouTube. Of course, this is actually pissing off numerous Warner Music musicians, who realize that YouTube (even if not paying directly for their videos) benefits their careers greatly. One such artist is Amanda Palmer -- who is signed to Roadrunner Records, a subsidiary of WMG. She was one of the first to complain about Warner pulling her videos from YouTube. Now she's going even further. Rose M. Welch sends in a link to a YouTube video of a recent Amanda Palmer concert where she first tells the camera operator to make sure he puts the video on YouTube so she can watch it, and then sings a song to her record label, demanding they drop her: < - > http://techdirt.com/articles/20090330/0021304299.shtml From rforno at infowarrior.org Mon Mar 30 23:15:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Mar 2009 19:15:09 -0400 Subject: [Infowarrior] - USG offering "emotional rescue kit" Message-ID: (c/o Drudge) NANNY STATE: GOVERNMENT WEBSITE TO WARN OF SADNESS/CRYING OVER ECONOMY Mon Mar 30 2009 18:43:56 ET The U.S. government is set to offer an online emotional rescue kit! "Getting Through Tough Economic Times" will launch Tuesday with a media push across all platforms. The site is meant to help people identify health concerns related to financial worries. The feds will warn of depression, suicidal thinking and other serious mental illnesses. It will raise warning flags for: Persistent sadness/ crying; Excessive anxiety; Lack of sleep/constant fatigue; Excessive irritability/anger. The guide will be available starting at midnight at http://www.samhsa.gov/economy . From rforno at infowarrior.org Tue Mar 31 01:29:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Mar 2009 21:29:42 -0400 Subject: [Infowarrior] - Conficker demonstrates complexity of IT security Message-ID: Conficker demonstrates complexity of IT security by Jon Oltsik http://news.cnet.com/8301-1009_3-10207427-83.html?part=rss&subj=news&tag=2547-1_3-0-20 With recent coverage in The New York Times, The Washington Post, and 60 Minutes, the sophisticated Conficker worm has become mainstream news. Yes, the underlying concepts may be a bit complex for John Q. Public, but I think this media attention is a great public service. Users need this type of education to better understand the risks associated with Internet connectivity. Plenty of people have written detailed descriptions about what Conficker is, where it may have come from, and future potential damage. I prefer to focus on the relationship between Conficker and overall IT security. Given its properties, Conficker goes well beyond malicious code and endpoint security. In my view, the Conficker worm provides a microcosm of the complexity of IT security and the pressing need for security best practices. Here are a few examples: 1. Conficker reinforces the link between IT security and operations. Organizations with strong asset, configuration, and patch management processes were probably able to patch vulnerable systems before Conficker first appeared in November 2008. 2. Conficker demonstrates the need for device authentication and port blocking. Conficker uses USB flash drives as a means for propagation. This should serve as a wake-up call to security professionals that USB drives can act as a modern-day "sneakernet" for spreading malicious code or stealing confidential data. Addressing these threats means limiting USB access to authorized drives (through means like the IEEE 1667 standard) while filtering all traffic that flows to or from USB drives. 3. Conficker contains a password-cracking program that can break simple passwords like "1234" or "password." This demonstrates the need for strong password enforcement, password management, and even multifactor authentication. 4. Finally, Conficker is an extremely aggressive worm that looks for open file shares on the network to create yet another propagation method. Detecting this activity demands network traffic analysis and an understanding of normal versus analogous behavior. It would be easy to simply blame Microsoft for Conficker since the worm exploits an operating system vulnerability. But to me, doing so would be a cop-out. In truth, Conficker exploits a number of technology, process, and human vulnerabilities. In my humble opinion, this is what makes it so dangerous. Jon Oltsik is a senior analyst at the Enterprise Strategy Group. He is not an employee of CNET. From rforno at infowarrior.org Tue Mar 31 01:35:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Mar 2009 21:35:10 -0400 Subject: [Infowarrior] - Tech Firms Seek to Get Agencies on Board With Cloud Computing Message-ID: Tech Firms Seek to Get Agencies on Board With Cloud Computing By Kim Hart Washington Post Staff Writer Tuesday, March 31, 2009; A13 http://www.washingtonpost.com/wp-dyn/content/article/2009/03/30/AR2009033002848_pf.html Consumers save their e-mail and documents on Google's data centers, put their photos on Flickr and store their social lives on Facebook. Now a host of companies including Amazon and Microsoft wants government agencies to similarly house data on their servers as a way to cut costs and boost efficiency. But federal officials say it's one thing to file away e-mailed jokes from friends, and another to store government data on public servers that could be vulnerable to security breaches. The push toward "cloud computing," so named because data and software is housed in remote data centers rather than on-site servers, is the latest consumer technology to migrate to the ranks of government. Companies such as Amazon and Salesforce, which do not typically sell services to the government, want a piece of the business. Google opened a Reston office last year to sell applications such as Google Docs to federal employees. Silicon Valley-based Salesforce, which has focused on selling to corporations, established a team dedicated to government contracting. Microsoft spent $2.3 billion in 2007 to build data centers for cloud computing, and IBM, Sun Microsystems and HP want to provide the government cloud. "We're all putting our lives on the Internet," said Zach Nelson, chief executive of online application provider NetSuite, which has shifted its focus to federal sales. "If it works for business, why not for government?" Instead of storing information on computers, an agency would store e- mail and other data on servers maintained by companies such as Amazon or IBM. Employees would access information through an Internet browser, and in many cases from outside the office, just like they would access a Hotmail account. Already, the Defense Department's technology arm has set up a cloud to let the military rent storage space or use remote software programs. But skeptics say information is not protected on public servers. Some worry that data may be impossible to remove after it has been socked away in commercial data centers. Unlike destroying hard drives to erase sensitive data, traces could remain on outside servers for years. The Electronic Privacy Information Center, a public interest group, two weeks ago asked the Federal Trade Commission to bar Google from offering its online tools to consumers until it takes necessary steps to safeguard consumer data. The complaint comes after reports that Google inadvertently shared access to users' documents stored online. Deniece Peterson, principal analyst for market research firm Input, said storing personal information such as health records or Social Security numbers in the "cloud" could spark concern for consumers. Many consumers, she said, think personal information should be housed on private government networks, rather than a larger one shared by a number of parties. Moving information "to the cloud" would mean that government agencies would have to trust third parties to provide security support, store and organize the information and make sure only authorized employees can access it. "The government may be outsourcing functions to contractors now, but this takes it to a whole new level," said Jimmy Lin, assistant professor of information studies at the University of Maryland, which has received funding from Google and IBM to research cloud computing. "And what happens if Google gets hacked by a third party?" he said. "The answer is, nobody knows." Storing information on servers run by Amazon or Google could prove to be safer than storing it on government-owned databases, said Peter Mell of the National Institute of Standards and Technology, which advises federal officials on technology. Large providers typically have more resources to ward off security threats because their business depends on it, Mell said. Agencies, on the other hand, often can't afford to hire as many employees to keep watch over the servers. If data storage, security and software services are handled by a third party, agencies can spend less on buying their own servers and hiring employees to maintain them. In addition, agencies can rent extra capacity on those servers when they need more computing power instead of buying extra equipment they only use every once in a while. Proponents say cloud computing could mean a big shift for traditional government IT providers, such as defense contractors SAIC and CACI. "We think this thing is going to fundamentally change the way we leverage, procure and utilize IT," said Michael Farber, a Booz Allen Hamilton vice president. "We're not looking to buy packaged software anymore -- we're downloading and subscribing to things." Acumen Solutions, a Vienna-based technology consulting firm, has launched a public-sector cloud-computing practice. Apptis, an IT services company in Chantilly, changed its strategy last year to focus on cloud computing rather than helping agencies integrate disparate software systems. The U.S. Census Bureau is using Salesforce's cloud to manage the activities of about 100,000 partner organizations around the country. But it will store personal information gathered from citizens on its own private servers. "People have to trust us, otherwise they won't give us the data," said J.R. Wycinsky, a Census program analyst. One major hurdle is that there are no uniform standards for cloud providers. NIST is working with six industry consortiums to develop requirements for how companies can handle government information and how the different "clouds" can share information. Yesterday, IBM spearheaded an effort with companies including Cisco and Rackspace to make their cloud computing technologies work together around common standards, in part to prevent agencies from being locked into working with a single cloud provider. "Whenever we see new technology, security people are very leery," Mell said. Firing up fewer servers is also more energy-efficient, IT companies say. "Getting rid of one server is the equivalent of taking one and a half cars off the road for a year," said Aileen Black, director of federal sales for Palo Alto, Calif.-based VMware. "Imagine the impact of taking 450 servers away." From rforno at infowarrior.org Tue Mar 31 01:45:42 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Mar 2009 21:45:42 -0400 Subject: [Infowarrior] - Official Conficker Working Group Message-ID: <0CF4F04E-C116-449E-8E8E-43AEC10790E0@infowarrior.org> (c/o Rich Perlotto) Official Conficker Working Group -- http://www.confickerworkinggroup.org From rforno at infowarrior.org Tue Mar 31 12:07:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Mar 2009 08:07:27 -0400 Subject: [Infowarrior] - Social network sites 'monitored' Message-ID: <8494F5CD-961E-4EF9-9317-6E27EA159399@infowarrior.org> Social network sites 'monitored' http://newsvote.bbc.co.uk/mpapps/pagetools/print/news.bbc.co.uk/2/hi/uk_news/politics/7962631.stm?ad=1 Social networking sites like Facebook could be monitored by the UK government under proposals to make them keep details of users' contacts. The Home Office said it was needed to tackle crime gangs and terrorists who might use the sites, but said it would not keep the content of conversations. It is part of a plan to store details of all phone calls, e-mails and websites visited on a central database. Civil liberties campaigners have called the proposals a "snoopers' charter". Tens of millions of people use sites like Facebook, Bebo and MySpace to chat with friends, but ministers say they have no interest in the content of discussions - just who people have been talking to. 'Overkill' Liberal Democrat MP Tom Brake said the websites contained sensitive personal details and he was concerned information could leak from any government-controlled database. The Independent newspaper quoted him as saying similar plans to store phone and email records threatened to be the "most expensive snooper's charter in history". "It is deeply worrying that they now intend to monitor social networking sites which contain very sensitive data like sexual orientation, religious beliefs and political views," he said. The newspaper also reported that Chris Kelly, Facebook's chief privacy officer, was considering lobbying ministers over the proposal, which he described as "overkill". ? It is right to point out the difficulty of ensuring that we maintain a capability to deal with crime and national security... where that butts up against issues of privacy ? Vernon Coaker, Home Office Phone companies are already required to store details of all calls, such as the time and date, location and who made them, for 12 months for possible use in criminal investigations or court cases. An EU directive ordering data on internet traffic to be stored in a similar way is due to come into effect in the UK on Monday, 6 April. The government is also considering proposals to store all communications data on a single database, which may be run by a private company. It has delayed legislation on the move amid concerns about civil liberties and is due to launch a consultation on the plan "shortly", which will set out privacy safeguards. The Home Office claims the new database is necessary to allow police and security services "keep up with technological advances" and that billing information is already stored by telecoms companies. A spokesman said: "The government has no interest in the content of people's social network sites and this is not going to be part of our upcoming consultation. "We have been clear that the communications revolution has been rapid in this country and the way in which we collect communications data needs to change, so that law enforcement agencies can maintain their ability to tackle terrorism and gather evidence." 'Browsing habits' Shami Chakrabarti, of campaign group Liberty, said she would be "flabbergasted" if the the police and security services were not monitoring social networking sites already and it was "permissible" on human rights grounds to examine the profile of suspects. But what she said was unacceptable was the government storing all communications data centrally, which she said would allow them to monitor the web browsing habits of ordinary citizens. "With websites, as opposed to traditional phone calls and e-mails and so on, the difference between what the website you're visiting and what you're doing there, is really blurred. "I mean just by my web browsing habits, just by which sites I'm visiting, you'll be able to build up... a pretty detailed picture of who I'm associated with, perhaps what my politics is, what my religious preference is and shopping habits are. "It's a pretty detailed bit of surveillance about a person, about all individual people, most of whom, let's be clear about it, are completely innocent." 'Difficult area' She added: "That's the difference between being a suspect and just an ordinary citizen, being part of the mainstream population and going about your business in a normal way." Details of the social website proposals were disclosed by Home Office minister Vernon Coaker earlier this month, at a Commons committee to examine draft EU directives. He said that the government was considering acting on social networking sites because they were not covered by the latest proposals from Brussels. Mr Coaker acknowledged that the plan would raise fresh concerns about the right to privacy, saying he accepted it was an "extremely difficult area". "It is absolutely right to point out the difficulty of ensuring that we maintain a capability and a capacity to deal with crime and issues of national security, and where that butts up against issues of privacy," he said. The Cabinet Office already monitors popular social network sites such as Facebook, Netmums, Fixmystreet and Mumsnet to see what users are saying about public services. Your comments: That's just what we need. The government having access to all this information. They have proven with alarming consistency that they cannot be trusted with sensitive information. Who knows whose hands these data will end up in when some bright spark leaves a hard drive on a train. Dave, Liverpool That the government is considering encroaching even further into people's private lives is horrifying, although hardly surprising. The move is yet another indicator of the government's seeming desire to spy on its own people, and the idea that criminal gangs would barefacedly announce what they're doing on a social networking site is somewhat unbelievable. It would definitely make me think twice before joining. Harry, Nottingham, UK I've got nothing to hide - go ahead! And if you do have highly personal information about yourself that you would like kept sectret, why is it on a social networking site in the first place? They are not secure. Amy Baker, Adelaide, Australia (but English) Any terrorist or criminal that currently uses social networking sites to plan their crimes (a scenario I find highly unlikely) will just stop using it. This will leave the innocent users under surveillance for no justifiable reason. The government is obsessed with monitoring and controlling the population. General Election soon, please Mark, Nottingham I work for the Police and I for one think this is a fantastic idea along with every other scheme that is or is threatened to be brought in ot fight this insidiuos and invisible fight against terrorism. I can't wait to change my title from Constable to Stasi Robert Pangborn, Surrey Ah, the inexorable rise of the security services. Ask a security expert what's needed and, guess what, their recommendation is 'more security'. How many people were killed by terrorists in the UK last year? Or the year before? Every loss of freedom is a massive victory for the enemy. The biggest threat to our way of life is actually our government and its agencies, scaring us into compliance and acceptance of hitherto unimaginable invasions of privacy. People, wake up. Robert Simmons, Dorking, Surrey In most cases a selection of your comments will be published, displaying your name and location unless you state otherwise in the box below. Story from BBC NEWS: http://news.bbc.co.uk/go/pr/fr/-/2/hi/uk_news/politics/7962631.stm Published: 2009/03/25 11:17:13 GMT ? BBC MMIX From rforno at infowarrior.org Tue Mar 31 12:09:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Mar 2009 08:09:59 -0400 Subject: [Infowarrior] - EU issues ultimatum on internet privacy Message-ID: EU issues ultimatum on internet privacy http://www.theregister.co.uk/2009/03/31/kuneva_behavioural/ By Chris Williams ? Get more from this author Posted in Telecoms, 31st March 2009 10:55 GMT The European Commission today delivered an ultimatum to internet firms - improve your approach to privacy online, or face a regulatory clampdown from Brussels. Meglena Kuneva, the consumer affairs Commissioner, told a gathering of ISPs, major websites and advertising firms they are violating "basic consumer rights in terms of transparency, control and risk", through data collection and behavioural targeting. "I want to send a warning signal today that we cannot afford foot dragging in this area," she said. "If we fail to see an adequate response to consumers concerns on the issue of data collection and profiling, as a regulator, we will not shy away from our duties nor wait for a cataclysm to wake us up." Officials are understood to be particularly concerned about ISPs' experiments using Deep Packet Inspection (DPI) technology to intercept and profile their customers' web use. The information society and media Commissioner Viviane Reding's department is still investigating the UK government's apparent failure to enforce European privacy law over BT and Phorm's secret trials of such a system in 2006 and 2007. Kuneva's initiative will also address behavioural targeting and data collection by websites. Google launched its own behavioural tracking network earlier this month, requiring consumers who do not want to be tracked to opt out. "We must establish the principles of transparency, clear language, opt- in or opt-out options that are meaningful and easy to use," Kuneva said. "I am talking about the right to have a stable contract and the right to withdraw." She will tell delegates that to avoid regulation they must agree rules to protect consumers' rights, in line with existing legislation. The UK's Internet Advertising Bureau recently published behavioural advertising guidelines in an attempt to ward off regulation. Privacy activists were not satisfied, however, particularly with the guidelines' onus on consumers to opt out. Proponents of behavioural targeting point to anonymising measures as a guarantee of privacy. Phorm identifies users only via a random token, but Kuneva will argue such steps do not completely mitigate privacy conerns. "The current work on privacy has concentrated on eliminating personally identifiable information such as name or IP addresses from the public domain," she said. "Consumer policy needs to go beyond that and address the fact that users have a profile and can be commercially targeted based on that profile, even if no one knows their actual name." Kuneva's department will also today begin an informal investigation of online privacy and data collection in preparation for potential regulatory action. At a recent Westminster event, British peers said the Information Commissioner's Office, responsible for enforcing EU privacy regulations, had failed in its duty to consumers over behavioural targeting. In separate news on Monday, Phorm officially announced a trial of its technology by Korea Telecom. ? From rforno at infowarrior.org Tue Mar 31 12:54:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Mar 2009 08:54:48 -0400 Subject: [Infowarrior] - Schneier: It's Time to Drop the 'Expectation of Privacy' Test Message-ID: <459E052E-3E11-497F-8E30-375D7022A08C@infowarrior.org> It's Time to Drop the 'Expectation of Privacy' Test Commentary by Bruce Schneier Email 03.26.09 http://www.wired.com/politics/security/commentary/securitymatters/2009/03/securitymatters_0326 In the United States, the concept of "expectation of privacy" matters because it's the constitutional test, based on the Fourth Amendment, that governs when and how the government can invade your privacy. Based on the 1967 Katz v. United States Supreme Court decision, this test actually has two parts. First, the government's action can't contravene an individual's subjective expectation of privacy; and second, that expectation of privacy must be one that society in general recognizes as reasonable. That second part isn't based on anything like polling data; it is more of a normative idea of what level of privacy people should be allowed to expect, given the competing importance of personal privacy on one hand and the government's interest in public safety on the other. The problem is, in today's information society, that definition test will rapidly leave us with no privacy at all. In Katz, the Court ruled that the police could not eavesdrop on a phone call without a warrant: Katz expected his phone conversations to be private and this expectation resulted from a reasonable balance between personal privacy and societal security. Given NSA's large- scale warrantless eavesdropping, and the previous administration's continual insistence that it was necessary to keep America safe from terrorism, is it still reasonable to expect that our phone conversations are private? Between the NSA's massive internet eavesdropping program and Gmail's content-dependent advertising, does anyone actually expect their e- mail to be private? Between calls for ISPs to retain user data and companies serving content-dependent web ads, does anyone expect their web browsing to be private? Between the various computer-infecting malware, and world governments increasingly demanding to see laptop data at borders, hard drives are barely private. I certainly don't believe that my SMSes, any of my telephone data, or anything I say on LiveJournal or Facebook -- regardless of the privacy settings -- is private. Aerial surveillance, data mining, automatic face recognition, terahertz radar that can "see" through walls, wholesale surveillance, brain scans, RFID, "life recorders" that save everything: Even if society still has some small expectation of digital privacy, that will change as these and other technologies become ubiquitous. In short, the problem with a normative expectation of privacy is that it changes with perceived threats, technology and large-scale abuses. Clearly, something has to change if we are to be left with any privacy at all. Three legal scholars have written law review articles that wrestle with the problems of applying the Fourth Amendment to cyberspace and to our computer-mediated world in general. George Washington University's Daniel Solove, who blogs at Concurring Opinions, has tried to capture the byzantine complexities of modern privacy. He points out, for example, that the following privacy violations -- all real -- are very different: A company markets a list of 5 million elderly incontinent women; reporters deceitfully gain entry to a person's home and secretly photograph and record the person; the government uses a thermal sensor device to detect heat patterns in a person's home; and a newspaper reports the name of a rape victim. Going beyond simple definitions such as the divulging of a secret, Solove has developed a taxonomy of privacy, and the harms that result from their violation. His 16 categories are: surveillance, interrogation, aggregation, identification, insecurity, secondary use, exclusion, breach of confidentiality, disclosure, exposure, increased accessibility, blackmail, appropriation, distortion, intrusion and decisional interference. Solove's goal is to provide a coherent and comprehensive understanding of what is traditionally an elusive and hard-to-explain concept: privacy violations. (This taxonomy is also discussed in Solove's book, Understanding Privacy.) Orin Kerr, also a law professor at George Washington University, and a blogger at Volokh Conspiracy, has attempted to lay out general principles for applying the Fourth Amendment to the internet. First, he points out that the traditional inside/outside distinction -- the police can watch you in a public place without a warrant, but not in your home -- doesn't work very well with regard to cyberspace. Instead, he proposes a distinction between content and non-content information: the contents for example. The police should be required to get a warrant for the former, but not for the latter. Second, he proposes that search warrants should be written for particular individuals and not for particular internet accounts. Meanwhile, Jed Rubenfeld of Yale Law School has tried to reinterpret (.pdf) the Fourth Amendment not in terms of privacy, but in terms of security. Pointing out that the whole "expectations" test is circular -- what the government does affects what the government can do -- he redefines everything in terms of security: the security that our private affairs are private. This security is violated when, for example, the government makes widespread use of informants, or engages in widespread eavesdropping -- even if no one's privacy is actually violated. This neatly bypasses the whole individual privacy versus societal security question -- a balancing that the individual usually loses -- by framing both sides in terms of personal security. I have issues with all of these articles. Solove's taxonomy is excellent, but the sense of outrage that accompanies a privacy violation -- "How could they know/do/say that!?" -- is an important part of the harm resulting from a privacy violation. The non-content information that Kerr believes should be collectible without a warrant can be very private and personal: URLs can be very personal, and it's possible to figure out browsed content just from the size of encrypted SSL traffic. Also, the ease with which the government can collect all of it -- the calling and called party of every phone call in the country -- makes the balance very different. I believe these need to be protected with a warrant requirement. Rubenfeld's reframing is interesting, but the devil is in the details. Reframing privacy in terms of security still results in a balancing of competing rights. I'd rather take the approach of stating the -- obvious to me -- individual and societal value of privacy, and giving privacy its rightful place as a fundamental human right. (There's additional commentary on Rubenfeld's thesis at ArsTechnica.) The trick here is to realize that a normative definition of the expectation of privacy doesn't need to depend on threats or technology, but rather on what we -- as society -- decide it should be. Sure, today's technology make it easier than ever to violate privacy. But it doesn't necessarily follow that we have to violate privacy. Today's guns make it easier than ever to shoot virtually anyone for any reason. That doesn't mean our laws have to change. No one knows how this will shake out legally. These three articles are from law professors; they're not judicial opinions. But clearly something has to change, and ideas like these may someday form the basis of new Supreme Court decisions that brings legal notions of privacy into the 21st century. --- Bruce Schneier is chief security technology officer of BT. His new book is Schneier on Security. From rforno at infowarrior.org Tue Mar 31 17:58:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Mar 2009 13:58:01 -0400 Subject: [Infowarrior] - Swedish antipiracy law stirs up political waters Message-ID: <4044D1EB-59CA-45B9-80D8-DA0DA0728F06@infowarrior.org> March 31, 2009 8:32 AM PDT Swedish antipiracy law stirs up political waters by Erik Palm http://news.cnet.com/8301-1023_3-10207718-93.html?part=rss&subj=news&tag=2547-1_3-0-20 File swappers in Sweden, land of the world's largest bittorrent sharing site, The Pirate Bay, are facing a tougher future. The so-called IPRED law, scheduled to go into effect Wednesday, will in some instances require Internet service providers to reveal subscribers' Internet Protocol addresses to copyright holders-- including the film, music, and game industries--that charge users with illegal file sharing. The Swedish law stipulates that property rights holders can take their grievances to a court, which will examine the evidence, including the extent of the file sharing, and decide whether the IP address will be released. The copyright holder then can send a warning letter to the ISP subscriber, and eventually file a civil case against the alleged pirate if the violation doesn't stop. The law takes effect just as a copyright infringement case against The Pirate Bay draws to a conclusion. The verdict in that trial, due to be announced April 17, will not be affected by the new law, since only file sharing done after Wednesday will be taken into account. In response to the new law, however, The Pirate Bay site recently launched IPREDator, a new paid service that lets users download "more anonymously." The service costs 5 euros a month. CNET has contacted The Pirate Bay for comment, but has not yet heard back. In the United States, major ISPs including AT&T and Comcast have recently begun working with the Recording Industry Association of America to target people suspected of pirating music. The steps involved could include suspension or termination of service for repeat offenders, in a determination made by the Internet provider. In Sweden, a country with one of the highest rates of Internet use in the world and a strong tradition of peer-to-peer networks, the IPRED law is proving to be a political hot button. Citizens in general, and young men in particular, oppose IPRED in large numbers, according to a recent survey for Swedish national newspaper SvD. For its part, the Antipiracy Agency, an organization formed by the film and game industries to fight Internet piracy in Sweden, is happy about the new law, which was passed by a large majority of the Swedish parliament on February 25. "Of course we'll use the law," Henrik Ponten, a lawyer for at the Antipiracy Agency told Swedish news agency TT. "We have not acted to get the law and then not use it." But in a sign of just how sensitive the law is, the center party in Sweden's ruling right alliance, which formulated the law, publicly debated its stricter aspects, a stance likely taken to appease a key voting demographic--young people for whom file sharing is one of the biggest political concerns. The leading party in the opposing left alliance party, the Social Democrats, did the same, even though it too voted for the law. A country of file sharers The once notorious file-sharing software Kazaa, the established peer- to-peer telephony software Skype, and similar offerings originated in Sweden. An estimated 1 out of 10 Swedes engage in file-sharing practices. File sharing is such a big issue in the Northern European country, in fact, that elected politicians write op-eds on emerging technologies for mainstream news outlets. And Pirateparty--which was formed in 2006 to reform copyright law and protect citizens' rights to privacy--after only three years has the one of the largest numbers of members among the youth wings of the country's political parties. The numbers related to IPRED bear that out. According to the survey by the newspaper SvD (article in Swedish), 79 percent of men ages 15 to 29 oppose IPRED. Only 32 percent of those polled support the law, while 48 percent say they oppose it adamantly. The law, based on the European antipiracy directive Intellectual Property Rights Enforcement Directive, is supposed to focus on file sharers who upload material and those who download a considerable numbers of files. Where the line will be drawn is not yet clear. Technically, it has also been questioned whether one can link the downloading of a certain file to a specific person. For instance, if a computer is shared in a family or the subscriber has been surfing with a wireless router, a pirate could be using that connection to download files illegally. The Left and Green parties in Sweden, which are in political opposition to the ruling right-wing alliance, voted against the law. They say it threatens democracy and personal integrity, since it gives large companies too much power to act as police and collect sensitive personal data. Whether the law has an effect remains to be seen. According to the survey in the newspaper SvD, only one out of four people who answered that they were sharing files said they would stop once the new legislation is in place. From rforno at infowarrior.org Tue Mar 31 18:01:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Mar 2009 14:01:35 -0400 Subject: [Infowarrior] - 'Cybercrime exceeds drug trade' myth exploded Message-ID: (I know Rick from his Gartner days ... he's one of the folks who "gets" security pretty well. --rf) 'Cybercrime exceeds drug trade' myth exploded http://www.theregister.co.uk/2009/03/27/cybercrime_mythbusters/ AT&T feeds Congress trillion-dollar FUD By John Leyden ? Get more from this author Posted in Crime, 27th March 2009 16:22 GMT A leading security researcher has unpicked the origins of the myth that revenues from cybercrime exceeds those from the global drug trade, regurgitated by a senior security officer at AT&T before Congress last week. Ed Amoroso, Senior Vice President and Chief Security Officer of AT&T, told a Congressional Committee on 20 March that cybercrime was a $1trn a year business. It'd be nice to think that Amoroso had been misquoted or made a slip of the tongue but written testimony from Amoroso repeats the amazing claim, made before a hearing of the Senate Commerce, Science, and Transportation Committee. The end of paragraph 5 of the written submission states: Last year the FBI announced that revenues from cyber-crime, for the first time ever, exceeded drug trafficking as the most lucrative illegal global business, estimated at reaping more than $1 trillion annually in illicit profits. As Richard Stiennon points out the quoted figure would make cybercrime bigger than the entire IT industry. The top 10 Fortune 50 firms turned over $2trn last year. Put another way, revenues from cybercrime exceed those of AT&T itself ($119bn in 2008) by a factor of around eight. Estimates of the drug trade peg annual revenues at about $400bn. There's no figure on this from the FBI much less a comparative figure comparing cybercrime and drug trade revenues, despite what Amoroso said. Stiennon, chief research analyst at IT-Harvest, guesses that cybercrime profits might be worth about $1bn a year, which seems much more plausible. You'd have to be on something truly mindblowing to think that cybercrime revenues exceed the GDP of Saudi Arabia ($555bn in 2007), with all its oil income. How could anyone ever think such a thing? Stiennon comes up trumps in tracking down the origin of this meme. The idea that cybercrime revenue trumps that of the drug trade were first mentioned by Valerie McNiven, a consultant to the US Treasury Department in November 2005. The figure cited at the time was the still-implausible $105bn, Stiennon reports. The same figure, mentioned by a lawyer to a Reuters stringer and henceforth enshrined in clippings harvest by the PR departments of security firms, reappeared again in a September 2007 speech by the chief exec of McAfee, David DeWalt. Eighteen months later the meme has grown so that the figure cited is $1trn but, as Stiennon points out, the form of language is virtually identical. Earlier this week security firm Finjan published a press release ("Finjan confirms cybercrime revenues exceeding drug trafficking") supporting the myth, most recently relayed by Amoroso before Congress. We asked Finjan whether it wanted to rethink what it said. Not a bit of it, the security firm responded. "In our Q1 2009 report on cybercrime, for example, we revealed that one single rogueware network are raking in $10,800 a day, or $39.42 million a year," it said. "If you extrapolate those figures across the many thousands of cybercrime operations that exist on the internet at any given time, the results easily reach a trillion dollars." You can observe the ongoing capers of this implausible FUD-laden cybercrime revenues meme in Stiennon's posting on the ThreatChaos blog here. ? Bootnote We're aware that even leaving aside Finjan's head-spinning statistical assumptions its figures still don't stack up. When we called it to ask if it wanted to reconsider its earlier statement, contained in a press release but not published on its website, in light of Stiennon's criticism it answered that it was sticking by its guns. From rforno at infowarrior.org Tue Mar 31 18:05:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Mar 2009 14:05:03 -0400 Subject: [Infowarrior] - AT&T can remotely disable subsidized netbooks for nonpayment Message-ID: <98C70FAC-1D50-493E-802B-547A312D5F88@infowarrior.org> AT&T data cards can remotely disable subsidized netbooks for nonpayment 1 Comment by Doug Aamoth on March 31, 2009 http://www.crunchgear.com/2009/03/31/atampt-data-cards-able-to-remotely-disable-subsidized-netbooks-for-nonpayment/ New Ericsson-brand mobile 3G data modules apparently have something called a ?kill pill? that?s capable of disabling a computer remotely in the instance that a customer doesn?t pay his or her bill or cancels a credit card used to pay monthly charges. These chipsets will be found in netbooks subsidized by AT&T, although the AP seems to think that the wireless giant wouldn?t actually remotely disable anyone?s computer as a result of non-payment. I, however, wouldn?t put anything past any wireless company. AT&T charges $500 per gigabyte of data used past the 5GB monthly cap, so what?s to say they wouldn?t zap your netbook when you forget (or refuse) to pay? A more consumer-friendly feature of the technology is the ability to remotely disable your computer if it?s lost or stolen. The Ericcson chipset can also continue working while your computer is shut down, enabling your netbook or notebook to receive important e-mails or incoming VOIP calls without staying on all day. From rforno at infowarrior.org Tue Mar 31 18:11:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Mar 2009 14:11:41 -0400 Subject: [Infowarrior] - Senate Panel Approves Bill Limiting Credit-Card Rates Message-ID: <67F289EF-0A8B-45ED-9F2A-78BCE6F33585@infowarrior.org> Senate Panel Approves Bill Limiting Credit-Card Rates (Update1) Share | Email | Print | A A A http://www.bloomberg.com/apps/news?pid=20601087&sid=aEj6rf6ZYif8&refer=home By Jeff Plungis March 31 (Bloomberg) -- A Senate panel approved new restrictions on credit-card interest rates that are broader than those adopted by the Federal Reserve in December, brushing aside objections from Republicans and the banking industry. Senate Banking Committee Chairman Christopher Dodd said the measure was needed to protect consumers from having their interest rates raised on previous balances, unless certain conditions are met. The legislation would prevent credit-card companies from unilateral changes to the terms of an agreement. The bill, known as the ?credit card bill of rights,? also would require the signature of a parent for a borrower under age 21, unless there?s proof of independent income or completion of a financial education course. Universities that forge marketing deals with card companies would be subject to the rule. ?The list of troubling credit-card practices is as lengthy as it is disturbing,? said Dodd, a Connecticut Democrat. The measure passed on a 12-11 vote, with all the panel?s Republicans opposing it. The bill now goes to the full Senate. The House Financial Services Committee has scheduled a vote on its version of the legislation tomorrow. Dodd repeated criticism he voiced at a February hearing, saying banks were using lax rules to ?gouge? consumers. Lenders are hiking rates even on customers who pay their bills on time, he said today. Credit Access Senator Richard Shelby of Alabama, the panel?s senior Republican, said lawmakers hadn?t fully examined the bill. The committee rejected an amendment offered by Senator Jim Bunning, a Kentucky Republican, asking regulators to certify that the legislation wouldn?t restrict consumers? access to credit. The legislation also would require card companies to disclose how long it would take to pay off a balance when making a minimum monthly payment and require statements to be mailed at least 21 days before the payment due date, up from 14 days. It would also prohibit banks from charging interest on fees, such as those imposed for late payments or exceeding credit limits. The Senate bill is more sweeping than rules enacted in December by the Federal Reserve and other banking regulators, say consumer advocates. Those measures, which take effect in July 2010, would limit rate increases on existing balances. Lawmakers say legislation is needed to make permanent changes in the industry. First Step ?What the Fed did is a good first step,? said Travis Plunkett, legislative director of the Consumer Federation of America. ?This proposal is going to do more to protect consumers from unjustified fees and rate increases.? Banks are making it harder to get loans as they try to stem mounting losses and writedowns. Credit card charge-offs, which are loans banks aren?t expecting to be repaid, were 7.1 percent on average in January compared with 4.6 percent a year earlier, according to data compiled by Bloomberg. Consumers are falling behind on credit-card payments as U.S. unemployment reached 8.1 percent in February, the highest level in more than a quarter century. The American Bankers Association, which represents credit card issuers such as Bank of America Corp. and Citigroup Inc., sent a letter to Dodd and Shelby yesterday saying that the legislation would exacerbate problems in the U.S. economy ?by imposing serious restraints on card lenders? ability to serve consumers.? ?There is certainly a heightened concern over the impact of business practices,? said Ken Clatyon, the ABA?s senior vice president of card policy, in an interview. ?The regulators have already taken very dramatic action to address concerns in the marketplace.? Legislation is ?a blunt instrument,? Clayton said. ?It may be more negative than positive.? To contact the reporter on this story: Jeff Plungis in Washington at jplungis at bloomberg.net . Last Updated: March 31, 2009 12:39 EDT From rforno at infowarrior.org Tue Mar 31 23:33:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 Mar 2009 19:33:30 -0400 Subject: [Infowarrior] - New bill would tighten rules for National Security Letters Message-ID: http://arstechnica.com/tech-policy/news/2009/03/nsl-reform-legislation-reintroduced.ars New bill would tighten rules for National Security Letters National Security Letters, a controversial tool that lets investigators obtain records without a court order, has come under fire from civil libertarians, courts, and the government's own watchdogs. Now lawmakers have revived a proposal to rein in NSLs, the use of which has exploded under the PATRIOT Act. By Julian Sanchez | Last updated March 31, 2009 1:10 PM CT New bill would tighten rules for National Security Letters Of all the expanded investigative powers authorized by Congress since the terror attacks of September 11, 2001, few have proved as controversial?or as consistent a source of embarrassment to federal law enforcement?as National Security Letters. Though audits by the Inspector General have uncovered widespread improprieties in the use of the investigative tool which allows the FBI to demand certain telecommunications and financial records without the need for a court order, a 2007 effort to further constrain NSLs stalled in committee. Now, with a new administration and a sturdier Democratic majority in place, Rep. Jerrold Nadler (D-NY) and Rep. Jeff Flake (R-AZ) on Monday reintroduced the National Security Letters Reform Act. The bill would significantly tighten the rules for NSLs?which can currently be used to obtain records "relevant" to an investigation, whether or not they pertain to someone even suspected of wrongdoing?and the gag orders that typically accompany them. NSLs are not new, but their scope and prevalence were greatly expanded by the USA PATRIOT Act of 2007. In 2000, investigators issued some 8,500 NSL, according to a report by the Office of the Inspector General. In 2006?the last year for which figures were available, the number had risen to at least 49,425, down from a peak of at least 56,507?though no estimates are available for 2001 or 2002, and sloppy record-keeping found by the OIG means all figures are lowbound. The "overwhelming majority" of those are for phone or telecommunications records, and by 2006, the bulk of those for which a target's nationality was specified were issued in connection with investigations of US persons. The FBI hasn't coped terribly well with the increased volume: those OIG reports found an NSL process riddled with errors and policy violations?some of which appeared to have been flatly illegal. Agents sent "exigent letters" claiming an emergency when none existed, claimed grand jury subpoenas were pending when they weren't, and in some instances obtained information to which the statute did not entitle them. At hearings in 2007, a visibly angry Rep. Dan Lungren (R- CA), who had supported expanding NSL authority, said the OIG's findings sounded more appropriate to "a report about a first- or second-grade class" than college-educated FBI agents. Thus far, however FBI officials have successfully argued that they are aware of the problems and have already begun implementing reforms to prevent future errors. Since Nadler and Flake last sought to supplement those internal efforts with more robust statutory checks, federal appellate courts have added to the list of rationales for congressional action. Civil libertarians have attacked not only NSLs themselves, but the broad gag provisions typically attached to them, which prevent parties served with them from discussing the requests. Congress sought to mollify critics by modifying the PATRIOT Act in 2006 to permit NSL recipients to retain attorneys and challenge orders they regard as unreasonable. But late last year, the Second Circuit Court of Appeals ruled that the law still gave FBI officials too much power to silence speech, with court oversight too anemic to satisfy the First Amendment. The court was prepared to allow a mix of court reinterpretation and FBI policy to bring the review procedures up to constitutional muster, but also invited Congress to fix the defective provision. The National Security Letters Reform Act would do that, and a good deal more. While it would still permit high-ranking FBI officials to issue NSLs with temporary gag orders attached, the Bureau would have to petition a judge in order to extend that order beyond an initial 30 days. Instead of requiring NSL recipients to challenge such orders, showing there was "no reason" to think disclosure might harm public safety or the integrity of an investigation, the agency would have the burden of showing a court specific facts justifying each six-month extension of the gag. Perhaps most significantly, however, the law would radically narrow the scope of National Security Letters, which can currently be used to obtain financial or telecommunications transaction records that an FBI agent asserts are "relevant" to an ongoing investigation. Under the Nadler-Flake bill, NSLs would have to certify that the target to whom the information sought pertained was believed, on the basis of "specific and articulable facts," to be a "foreign power or agent of a foreign power." The bill also establishes strict "minimization" requirements, mandating the destruction of any wrongly obtained information. While intelligence agencies often rely on "minimization" to protect the privacy of US persons, this often means only that innocent information will be retained without being indexed in a log or database for the relevant case. Anyone whose records are obtained via an NSL without adequate factual basis, or in violation of the statutory restrictions, is entitled to sue the person responsible for issuing the letter, to the tune of $50,000.