From rforno at infowarrior.org Thu Oct 1 00:37:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Sep 2009 20:37:28 -0400 Subject: [Infowarrior] - Americans Reject Tailored Advertising and Three Activities that Enable It Message-ID: <182771CE-9429-45AF-829C-4D96FBD6185F@infowarrior.org> http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1478214 Americans Reject Tailored Advertising and Three Activities that Enable It Joseph Turow University of Pennsylvania - Annenberg School for Communication Jennifer King Berkeley Center for Law & Technology; University of California, Berkeley - School of Law Chris Jay Hoofnagle University of California, Berkeley - School of Law, Berkeley Center for Law & Technology Amy Bleakley Annenberg Public Policy Center Michael Hennessy Annenberg Public Policy Center September 29, 2009 Abstract: This nationally representative telephone (wire-line and cell phone) survey explores Americans' opinions about behavioral targeting by marketers, a controversial issue currently before government policymakers. Behavioral targeting involves two types of activities: following users' actions and then tailoring advertisements for the users based on those actions. While privacy advocates have lambasted behavioral targeting for tracking and labeling people in ways they do not know or understand, marketers have defended the practice by insisting it gives Americans what they want: advertisements and other forms of content that are as relevant to their lives as possible. Contrary to what many marketers claim, most adult Americans (66%) do not want marketers to tailor advertisements to their interests. Moreover, when Americans are informed of three common ways that marketers gather data about people in order to tailor ads, even higher percentages - between 73% and 86% - say they would not want such advertising. Even among young adults, whom advertisers often portray as caring little about information privacy, more than half (55%) of 18-24 years-old do not want tailored advertising. And contrary to consistent assertions of marketers, young adults have as strong an aversion to being followed across websites and offline (for example, in stores) as do older adults. This survey finds that Americans want openness with marketers. If marketers want to continue to use various forms of behavioral targeting in their interactions with Americans, they must work with policymakers to open up the process so that individuals can learn exactly how their information is being collected and used, and then exercise control over their data. We offer specific proposals in this direction. An overarching one is for marketers to implement a regime of information respect toward the public rather than to treat them as objects from which they can take information in order to optimally persuade them. Keywords: Behavioral advertising, online advertising, privacy, transparency, consumer protection JEL Classifications: D12, D18 Working Paper Series From rforno at infowarrior.org Thu Oct 1 12:24:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Oct 2009 08:24:17 -0400 Subject: [Infowarrior] - Comcast Rumored to Buy NBC Message-ID: <90A01904-662F-4514-BE00-FEE55F8B5284@infowarrior.org> "Now that'd be just Comcastic!!!" *facepalm* Comcast, GE Said to Discuss NBC Universal Stake Sale (Update2) http://www.bloomberg.com/apps/news?pid=20601087&sid=a8MKvCrGl5hc By Rachel Layne, Andy Fixmer and Brett Pulley Oct. 1 (Bloomberg) -- Comcast Corp., the largest U.S. cable network, is in talks with General Electric Co. to buy a stake in NBC Universal Inc., said three people with knowledge of the discussions. Negotiations for Comcast to buy about 50 percent of NBC Universal have been under way for at least two months and a deal would depend in part on Vivendi SA making a decision to sell its 20 percent holding, said one of the people, who declined to be identified because the talks are private. GE, based in Fairfield, Connecticut, controls 80 percent of NBC Universal, owner of the NBC television network, a film studio, theme parks, and cable channels including USA Network, CNBC, MSNBC and Bravo. No agreement is certain, the people said. NBC Universal offers cable content that Comcast Chief Executive Officer Brian Roberts has targeted as a priority for future acquisitions. GE said in November it had no plans to sell NBC Universal. In his letter to shareholders in March, Chief Executive Officer Jeffrey Immelt described a ?reset? following the financial crisis and recession. Analysts value NBC Universal at $21 billion to $35 billion including debt. Jean-Bernard Levy, CEO of Paris-based Vivendi, has described NBC Universal as a ?non-core? asset and has made acquisitions in other businesses. The company has the right to sell its holding and may make a decision at an Oct. 14 board meeting, a person with knowledge of the situation said on Sept. 21. GE has the right of first refusal. No Deal Philadelphia-based Comcast slid 50 cents, or 2.9 percent, to $16.88 yesterday in Nasdaq Stock Market trading and is little changed this year. GE fell 29 cents to $16.42 in New York Stock Exchange composite trading, and has gained 1.4 percent this year. Vivendi rose 1 percent to 21.36 euros at 9:57 a.m. in Paris, valuing the company at about 26.3 billion euros ($38.4 billion). The talks were reported yesterday by the Los Angeles-based Web site The Wrap. Comcast denied the Wrap?s later report that a deal had been reached to sell NBC Universal for $35 billion. The story cited two unidentified individuals who had been informed of the matter. ?While we don?t comment on M&A rumors, the report that Comcast has a deal to purchase NBC Universal is inaccurate,? D?Arcy Rudnay, a spokeswoman for Philadelphia-based Comcast, said in an e-mail. Credit Thaw Gary Sheffer, a spokesman for Fairfield, Connecticut-based GE, declined to comment, as did Vivendi spokespeople in Paris and New York. Media companies including Comcast have used the thawing of credit markets to raise money through debt sales. Comcast has $4 billion in cash, and the company has said it is interested in adding to cable channels that include Golf Channel, E! Entertainment and Style Network. In 2004, CEO Roberts? $54.1 billion hostile bid for Walt Disney Co. was rejected. Chief Operating Officer Stephen Burke said at a Sept. 9 investor conference that content companies are Comcast?s first acquisition priority. The company isn?t looking to make a $50 billion purchase, he said. Content channels ?are really good businesses,? Burke said. ?We wouldn?t be doing our job if we didn?t try to figure out a way to get bigger in those businesses.? Comcast serves about 25 percent of U.S. cable customers. It reported 23.9 million video customers as of Aug. 6, down 2.7 percent from a year earlier. Revenue growth was 5 percent in the most recent period, the smallest in more than three years. NBC?s Value Vivendi, owner of the world?s largest music company, may choose to sell its stake because NBC Universal isn?t performing as well as the company?s majority-owned operations, according to the person who spoke on Sept. 21. The business?s enterprise value may be $21 billion to $23 billion, including an estimated $5.1 billion in debt, Sanford C. Bernstein & Co. said last month. Stephen Tusa, a JPMorgan Chase analyst, estimated NBC Universal?s total value at $30 billion to $35 billion in a Sept. 8 research note. NBC Universal posted a 41 percent drop in second- quarter profit on lower earnings from broadcast television and its film studio. Broadcast revenue slid 9 percent to $1.4 billion, while the cable unit?s profit climbed 7 percent on a 3 percent increase in revenue. Operating profit at New York-based NBC Universal tumbled to $539 million from $909 million a year earlier, parent GE reported in a July 17 statement. Revenue at the division, led by Chief Executive Jeff Zucker, fell 8.2 percent to $3.57 billion. Vivendi Pledge Vivendi has pledged to maintain its dividend and credit rating even as it expands into emerging markets through acquisitions. Last month the company said it would buy Brazilian telecom operator GVT (Holding) SA for about $3 billion. For the NBC stake sale, ?they might wait until the ad market is a bit stronger next year,? said Conor O?Shea, an analyst at Kepler Capital Markets in Paris. ?On the other hand, they?ve got four to five billion to find? to cover acquisitions and dividends. Vivendi obtained the NBC stake with the sale of its media assets to GE in 2004. Every year between Nov. 15 and Dec. 10, the Paris-based company may notify GE of its intent to sell the shares in the market, which could lead to a public offering, according to Vivendi?s annual report. That option extends through 2016. GE can preempt an IPO by buying the holding, the report says. GE Rights GE may use its right of first refusal and buy the stake, Vivendi may sell the shares in the public market with the process controlled by GE, Vivendi may agree to sell in a private placement to a third party or the contract may be restructured for an initial public offering of all of NBC, the Sanford C. Bernstein analysts wrote. ?I would assume that from the Vivendi side, they would be very interested in finding a deal where they participate in the change of control premium,? said Claudio Aspesi, a Bernstein analyst in London. ?Vivendi don?t want to be seen to sell, and then have GE turn around a couple of months later and sell for more.? Analysts including Citigroup?s Jeffrey Sprague and Sterne Agee & Leach Inc.?s Nicholas Heymann have for years called for GE to split off NBC Universal, saying it doesn?t fit with the parent company?s other divisions. Immelt Moves GE?s businesses include the world?s biggest makers of jet engines, locomotives and medical imaging machines. Its power- generation equipment produces about one-third of the world?s electricity. The company is shrinking its GE Capital finance division and boosting its investments in what Immelt has labeled infrastructure units. Immelt sold the plastics division in 2008 and exited insurance over several years this decade. ?GE?s broad technical portfolio positions us as a natural partner as the role of government increases in the current crisis,? Immelt, 53, wrote in the letter to shareholders. ?Over the past decade, we have positioned GE to lead in the ?big themes.? These include emerging market growth, clean energy, and sustainable health care.? NBC?s cable properties are growing and should be broken off from the network, Tusa said in last month?s note. ?This could either be done by GE, or by making the asset more attractive for a strategic player who could buy NBCU whole and fund/ execute a transaction,? he said. To contact the reporters on this story: Rachel Layne in Boston at rlayne at bloomberg.net ; Andy Fixmer in Los Angeles at afixmer at bloomberg.net; Brett Pulley in New York at bpulley at bloomberg.net Last Updated: October 1, 2009 04:50 EDT From rforno at infowarrior.org Thu Oct 1 12:26:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Oct 2009 08:26:28 -0400 Subject: [Infowarrior] - OT: Leave the Medal of Honor Alone Message-ID: <61992C92-8795-4D28-90AF-6D15DBA3BBE9@infowarrior.org> Leave the Medal of Honor Alone By Ed Hooper Thursday, October 1, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/09/30/AR2009093004204_pf.html On Sept. 17 President Obama presented the Medal of Honor to the parents of Army Staff Sgt. Jared C. Monti for "conspicuous gallantry." Monti, 30, was serving with the 10th Mountain Division when he was killed June 21, 2006, in a battle at Gowardesh, Afghanistan. This was the sixth occasion since Sept. 11, 2001, that the nation's highest military award has been bestowed. Unfortunately, some are pushing for this decoration to be awarded more generously because they believe the number of recipients is too low. More than a dozen groups and lawmakers are lobbying the Defense Department to award this honor more frequently -- in effect, to lower its standards -- and to upgrade to the Medal of Honor other decorations that soldiers have received. In debate over the National Defense Authorization Act for 2010, the Pentagon was criticized for setting decoration standards too high. The "low numbers" led Rep. Duncan Hunter (R-Calif.) to insert a conference report in the authorization act "to review the current trends in awarding the Medal of Honor to identify whether there is an inadvertent subjective bias amongst commanders that has contributed to the low numbers of awards of the Medal of Honor." It directs Defense Secretary Robert M. Gates to report back to the House and Senate Armed Services Committees next March. The Defense Department's definition of "hero" has stood the test of time. And the standards for this nation's highest military award are appropriately strict. The Medal of Honor is the least-understood U.S. military decoration. In 1916, a committee under the leadership of a medal recipient, Gen. Nelson Miles, reviewed each instance of award, set up investigative standards and rules, and strengthened the requirements (including specifying that recipients must be actively enrolled in U.S. armed forces at the time of their act of bravery). The "Purge of 1917" stripped 911 Medals of Honor from those not deemed worthy of having received them; the most well known of these are 864 awarded during the Civil War to the soldiers of the 27th Maine, who received the medal simply for reenlisting. Sadly, amid political pressure, some of the medals taken away were later returned. The Medal of Honor is presented ceremoniously by the president of the United States in the name of Congress, but the Defense Department chooses the candidates. The department has historically based its decisions on soldiers' actions and merit. Most of those calling for the medal to be bestowed more frequently couldn't name any of the 95 recipients who are still living or the remarkable actions that led to their awards. The Medal of Honor is a combat decoration not limited to a past battle or present circumstances; it is also about how succeeding generations will view the individuals on whom it was bestowed and why. Most Medals of Honor have been posthumously awarded, and the citations justifying its presentation are Homeric stories of bravery that centuries from now are likely to stand unrivaled beside the stories of great warriors and citizen-soldiers throughout history. The uniformed men and women of the U.S. Air Force, Army, Coast Guard, Marines and Navy will tell you that the Medal of Honor is a warrior's award and that it is their decoration to present only to those whom they regard as fit to wear it. Politicians, pundits and civilian organizations -- however well-meaning -- should have little say in who receives it. Nor is our Defense Department unique in bestowing its highest combat decoration sparingly. More than 50,000 British troops have served in Iraq and Afghanistan, and 360 have been killed in combat. The British Secretary of State for Defence, however, has awarded only two of that nation's highest decoration, the Victoria Cross, for actions under fire. The United States has fielded three times as many troops and awarded three times the number of our highest decoration since Sept. 11, 2001. Yet this honor is not about quotas or statistics; nor does the number of presentations reflect on the modern soldier's valiant service on the battlefield. The Bronze Star, the Silver Star and the Distinguished Service Cross are prestigious decorations of valor, not to be taken lightly or dismissed. The strict standards for the Medal of Honor are meant to keep it credible. It is wrong to pressure the Defense Department to lower its standards of individual courage, nobility and self-sacrifice on a battlefield. The department should make its own decisions on this award so Americans will know that when it lauds someone as a "hero," we should all take notice. Ed Hooper is an author and journalist from Knoxville, Tenn., who has reported on military affairs and assembled educational programs on the Medal of Honor. A version of this column was distributed by History News Service. From rforno at infowarrior.org Thu Oct 1 18:22:56 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Oct 2009 14:22:56 -0400 Subject: [Infowarrior] - TSA to expand use of body scanners Message-ID: TSA to expand use of body scanners Updated 4h 54m ago | Comments 74 | Recommend 15 http://www.usatoday.com/tech/news/surveillance/2009-09-30-backscatter-body-scanners_N.htm By Thomas Frank, USA TODAY WASHINGTON ? The Transportation Security Administration plans to install 150 security machines at airport checkpoints that enable screeners to see under passengers' clothes. The installation will vastly expand the use of the controversial body scanners, which can reveal hidden bombs and knives. But the devices have been labeled as intrusive by some lawmakers. The House of Representatives in June overwhelmingly passed a measure that would restrict their use by the TSA to passengers flagged by other types of screening, such as metal detectors. The measure is pending in the Senate. TULSA: Passengers try out body scan TSA spokeswoman Kristin Lee said the machines are "critical" to stopping terrorists with homemade bombs that may elude metal detectors. The agency hasn't decided which airports will get the machines, Lee said. The $100,000 scanners shoot low-intensity X-rays that penetrate clothing, bounce off a person's skin and create images that show solid objects as dark areas. The TSA machines have privacy additions to create images that look like etchings. Screeners view them on a monitor in a locked room near a checkpoint and delete them immediately after viewing. "Body imaging is a total invasion of privacy," said Rep. Jason Chaffetz, R-Utah, who proposed the restriction. "You don't need this kind of scrutiny." Although the machines use X-rays, a 2003 report by the National Council on Radiation Protection & Measurements, which Congress created to develop radiation guidelines, said people can safely be scanned by the machines up to 2,500 times a year. "Imaging technology is safe," Lee said. The TSA used $25 million from the federal stimulus package to buy the scanners from California-based Rapiscan Systems. The agency is using an additional $22 million to buy 500 upgraded machines that scan bottles for liquid explosives. The TSA has been testing scanners since early 2007, mostly on passengers who set off a metal-detector alarm and are taken aside for additional screening. The new scanners will be installed beginning early next year and will be used in place of metal detectors at checkpoints. Passengers may choose to avoid the scanners and be screened by a metal detector, but those who do will be pulled aside for a pat-down, Lee said. American Civil Liberties Union lawyer Christopher Calabrese said using the scanners in place of metal detectors "is unquestionably a step in the direction of having these machines be mandatory." From rforno at infowarrior.org Thu Oct 1 23:21:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Oct 2009 19:21:12 -0400 Subject: [Infowarrior] - U.S Cyber Command Goes Online Message-ID: <221A9E99-A5EC-4244-AD32-5DF78C818795@infowarrior.org> U.S Cyber Command Goes Online Posted by The Editors http://www.democracyarsenal.org/2009/10/us-cyber-command-goes-online-.html Today, several Cyber Security experts including NSN Advisory Board member Richard Clarke, released the following memo on the launch of U.S Cyber Command, or USCYBERCOM: Beginning today, the U.S Cyber Command, or USCYBERCOM, is supposed to go online. But the Pentagon has not yet revealed what the scope of Cyber Command?s mission will be. Even in the most basic terms, we do not know whom the Cyber Command will defend nor what sorts of cyber threats they will defend against. For instance, in the event of a cyber attack on U.S. infrastructure, such as the electrical grid, would Cyber Command help to repel the attack? Or will the Cyber Command only be concerned with defending military networks from cyber attacks? We do not know the answers to these critical questions and others because even basic information on the Cyber Command has not been released to the public. These are the publicly known facts about the Cyber Command: ? Cyber Command will exist as a subordinate, unified command under the Strategic Command. ? The head of Cyber Command will be the Director of the NSA (currently Lt. Gen. Keith Alexander), who will receive a promotion from 3-stars to 4-stars. Anything else about the Cyber Command, its mission, and how it will execute its mission is conjecture at this point for anyone not privy to the discussion going on behind closed doors. Despite the veil of secrecy, the creation of Cyber Command does seem to signify the relevance of cyberspace as a new domain for fighting wars, making it at least equal in importance to land, sea, air and space. The Pentagon has considered cyberspace as a domain, however, since at least December 2006, when the Chairman of the Joint Chiefs of Staff issued a then-classified National Military Strategy for Cyberspace Operations (NMS-CO). Yet the NMS-CO is not quite a strategy for the use of cyberspace operations, but more of an appreciation for the importance of them. It defines cyberspace as ?a domain characterized by the use of electronics and the electromagnetic spectrum to store, modify, and exchange data via networked systems and physical infrastructures.? Cyberspace is thus imagined as a broad field of potential military action that stretches from personal desktop computers to corporate data systems to fighter pilots? dashboards. Despite the obvious challenges of dominating every nook and node of cyberspace, the ?strategy? speaks reverently of the importance of cyberspace to military operations, stating ?the United States must have cyberspace superiority to ensure our freedom of action and deny the same to our adversaries.? It correctly points out that the U.S. risks parity with its adversaries in cyberspace if a ?significant effort? is not made. As words should be matched with deeds, grand ambitions of ?cyberspace superiority? should be matched with a careful articulation of the means to achieve them. But the document, like the creation of Cyber Command, only begs the question: is it smart policy for the U.S. to signal to the rest of the world an intent to build offensive cyber capabilities without establishing a coherent defensive plan detailing which ?significant efforts? are required to secure our cyber-based infrastructures and assets at home? Because so many facets of our society, economy and military depend upon Internet technologies, the U.S. is one of the most vulnerable nations to cyber attack, and therefore an attitude that considers ?good offense as the best defense? might not necessarily be the best defense strategy in the case of cyber warfare. This is just one of the many outstanding issues that arise from the creation of the Cyber Command. The following questions also need public discussion: ? Do the advantages of having a cyber offensive capability outweigh the disadvantages of potentially initiating a cyber arms race? ? Should the U.S., because of its vulnerabilities to cyber attack, initiate international negotiations on limiting the use of cyber weapons? ? Should the U.S. adopt a ?No First Use? policy on the use of cyber weapons? ? How can the U.S. develop a credible cyber deterrence strategy? ? Will deterrence work if our cyber capabilities are kept secret and/ or have not been demonstrated? ? Under what circumstances and how would the Cyber Command work with the private sector in the event of a cyber attack on civilian critical infrastructure systems? ? With the Director of the NSA dual-hatted as the head of Cyber Command, how will he balance his roles as chief of a major intelligence agency and the nation?s highest-ranking cyber warrior? It was a few months ago, at the end of June, that Secretary of Defense Robert Gates ordered the creation of Cyber Command to oversee military operations in cyberspace. In a memorandum to Pentagon officials, Gates said that the nation?s increasing dependence on cyberspace, coupled with an increase in cyber threats and vulnerabilities, required a new command with the technical capabilities and a clear mission to secure the U.S. military?s freedom of action in cyberspace. He also ordered that the Cyber Command should achieve initial operating capability by October. It is now the first of October and, though the Cyber Command will soon come online, details are still scarce, particularly in regards to what its mission will be. We are therefore justified in wondering whether this latest initiative from the Pentagon will indeed make us safer or only arouse suspicions and fear that might provoke other nations to develop cyber warfare capabilities. From rforno at infowarrior.org Thu Oct 1 23:54:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Oct 2009 19:54:35 -0400 Subject: [Infowarrior] - DUH...Lawmakers Cave to FBI in Patriot Act Debate Message-ID: <30129547-6BDD-443D-9964-B6387463B576@infowarrior.org> Like we didn't see this one coming a mile away...... --rf Lawmakers Cave to FBI in Patriot Act Debate ? By David Kravets ? October 1, 2009 | ? 4:55 pm | http://www.wired.com/threatlevel/2009/10/patriot-act-debate/ ? Powerful Senate leaders on Thursday bowed to FBI concerns that adding privacy protections to an expiring provision of the Patriot Act could jeopardize ?ongoing? terror investigations. In an about-face, Sen. Patrick Leahy removed privacy protections in a key Patriot Act provision up for renewal before the Senate Judiciary Committee, which the Democrat of Vermont chairs. The Patriot Act was adopted six weeks after the 2001 terror attacks, and greatly expanded the government?s power to intrude into the private lives of Americans in the course of anti-terror and criminal investigations. Three provisions are expiring at year?s end. During a Senate Judiciary Committee hearing, Sen. Patrick Leahy, the committee chairman, and Sen. Dianne Feinstein (D-California) introduced last-minute changes (.pdf) that would strip away some of the privacy protections Leahy had espoused just the week before. The Vermont Democrat said his own, original proposal of last week could jeopardize ongoing terror investigations. ?All of us are mindful that threats against American safety are real and continuing,? Leahy said at the hearing . ?I?m trying to introduce balances on both sides.? Sen. Dianne Feinstein sides with FBI on Patriot Act. He was discussing one of the most controversial provisions of the Patriot Act ? Section 215. That allows a secret court ? known as the Foreign Intelligence Surveillance Act Court or FISA court ? to authorize broad warrants for most any type of records, including those held by banks, libraries and doctors. The Leahy-Feinstein amendment, which is likely to be adopted by the committee and sent to the full Senate next week, does not require the government show a connection between the items sought under a Section 215 warrant and a suspected terrorist or spy. Just last week, however, Leahy touted an amendment that required a connection to terrorism. Under the Leahy-Feinstein amendment, the standard would allow secret-court warrants to be issued if the information sought pertains to an ?authorized investigation.? That?s roughly the same language already in the Patriot Act. Feinstein, also chairwoman of the Senate Select Committee on Intelligence which often is briefed on key classified activities, said the last-minute change was needed to keep America safe. ?The biggest investigation since 9/11 is ongoing,? Feinstein said. ?My concern was that nothing we do here interfere with an investigation that is going on.? Two weeks ago, the authorities said they cracked an al-Qaida cell that was planning a terror attack in the United States. At least three were arrested, including an airport shuttle driver who the authorities said had handwritten notes on how to build bombs. Democratic senators Benjamin Cardin (Maryland), Sheldon Whitehouse (Rhode Island) and Edward Kaufman (Delaware), also had their names attached to Thursday?s Leahy-Feinstein amendment. Sen. Russ Feingold (D-Wisconsin) was not so sure of the amendment, although the panel unanimously adopted it for consideration. ?We must not continue to kick this can down the road. The rights and freedoms of Americans are at stake,? he said. The government?s Section 215 power is riddled with ?rampant misuse and abuse,? he said, but would not elaborate because the information was classified. An amendment (.pdf) by Sen. Richard Durbin (D-Illinois) to repeal the Leahy-Feinstein amendment was swiftly defeated on a 4-15 vote. ?[Section] 215 orders without any connection to a suspected terrorist or spy, this could lead obviously to a government fishing expedition,? Durbin argued. Sen. Jeff Sessions (R-Alabama) countered that Durbin?s amendment is unworthy of consideration. ?I think it will impact the operation of what we are doing,? he said. Feinstein added: ?I think Senator Sessions is correct.? She said the FBI does not support Durbin?s proposal. ?It would end several classified and critical investigations,? she said. A saving grace to the Leahy-Feinstein amendment is a provision that library records are subject to a higher standard, that they must be relevant to a terror investigation to be subject to a Section 215 warrant. The government reported that as many as 220 warrants under Section 215 had been authorized since 2004. The government has also said there?s a classified government operation that relies on those orders. While the bulk of Thursday?s hearing surrounded Section 215, two other expiring provisions received scant attention. One is the so-called ?lone-wolf? measure that allows FISA court warrants for the electronic monitoring of a person even without showing that the suspect is an agent of a foreign power or a terrorist. The government has said it has never invoked that provision, but said it wants to keep the authority to do so. The other expiring measure is the so-called ?roving wiretap? provision. It allows the FBI to obtain wiretaps without identifying the target or what method of communication is to be tapped. The FISA court grants about 22 such warrants annually. ?It has been suggested that roving wiretaps can be used against anyone. The roving wiretap authority can only be used after a court order has been obtained with probable cause that the target is an agent of a foreign power,? Feinstein said. ?There are no known abuses of this authority.? The Judiciary Committee is expected to vote on a final package next Thursday. The Leahy-Feinstein plan also requires publication of audits, including how many times the government has used the Patriot Act?s provisions, including the number of targets. Much of the government?s public reporting on the topic has been voluntary, and very little is known about how often each power has been used and why. Feingold, meanwhile, is likely to introduce two more amendments to the package before next week?s vote, he said. One concerns limiting the government?s power to issue so-called National Security Letters. The letters allow the FBI, without a court order, to obtain telecommunication, financial and credit records relevant to a government investigation. The FBI issues about 50,000 of them annually and an internal watchdog has repeatedly found abuses of the powers. The new standard would authorize those records if the investigation concerned terrorism or spy activities. A 2007 Inspector General Report showed that the FBI circumvented that law to acquire access to records that weren?t relevant to any authorized FBI investigation. The other Feingold amendment focuses on withdrawal of telecom immunity legislation. That legislation, signed by President George W. Bush and backed by then Sen. Barack Obama, killed federal lawsuits claiming the telcos illegally assisted the Bush administration in funneling Americans? electronic communications to the National Security Agency without warrants. The American Civil Liberties Union said Leahy and Feinstein had offered a ?watered-down? version. ?The bill, as it stands now, falls far short of including civil liberties protections shown to be necessary by the results of oversight and audits of the Patriot Act that have been made public to date,? said Michael Macleod-Ball, the acting director of the ACLU?s legislative office in Washington. The Electronic Frontier Foundation brought the telco litigation. Here is the take on Thursday?s developments by Kevin Bankston, an EFF privacy attorney. From rforno at infowarrior.org Fri Oct 2 12:15:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Oct 2009 08:15:10 -0400 Subject: [Infowarrior] - WH and journo shield protections Message-ID: <8664C7C4-7135-421D-A60B-8F294AC1B8C1@infowarrior.org> Ahem. Define "significant" in specific non-political, non- overreaching, non-fishing-for-leaks terms, please. Change we can believe in, right?? Riiiiiiight. -rf White House Proposes Changes in Bill Protecting Reporters? Confidentiality By CHARLIE SAVAGE Published: September 30, 2009 http://www.nytimes.com/2009/10/01/us/01shield.html?_r=2 WASHINGTON ? The Obama administration has told lawmakers that it opposes legislation that could protect reporters from being imprisoned if they refuse to disclose confidential sources who leak material about national security, according to several people involved with the negotiations. The administration this week sent to Congress sweeping revisions to a ?media shield? bill that would significantly weaken its protections against forcing reporters to testify. The bill includes safeguards that would require prosecutors to exhaust other methods for finding the source of the information before subpoenaing a reporter, and would balance investigators? interests with ?the public interest in gathering news and maintaining the free flow of information.? But under the administration?s proposal, such procedures would not apply to leaks of a matter deemed to cause ?significant? harm to national security. Moreover, judges would be instructed to be deferential to executive branch assertions about whether a leak caused or was likely to cause such harm, according to officials familiar with the proposal. The two Democratic senators who have been prime sponsors of the legislation, Charles E. Schumer of New York and Arlen Specter of Pennsylvania, said on Wednesday that they were disappointed by the administration?s position. Mr. Specter called the proposed changes ?totally unacceptable,? saying they would gut meaningful judicial review. And in a statement, Mr. Schumer said: ?The White House?s opposition to the fundamental essence of this bill is an unexpected and significant setback. It will make it hard to pass this legislation.? But Ben LaBolt, a White House spokesman, called the proposed changes appropriate and argued that the administration was making a significant concession by accepting some judicial review. He noted that the Bush administration had strongly opposed such a bill as an incursion into executive power. ?The president believes the courts should have the power to review whether administrations appropriately conclude that the disclosure of information is necessary because maintaining confidentiality could cause significant harm to our national security,? Mr. LaBolt said. The administration informed Congress of its proposal after an Oval Office meeting Monday between Mr. Obama and several top members of his national security team, including Attorney General Eric H. Holder Jr.; the F.B.I. director, Robert S. Mueller III; and Homeland Security Secretary Janet Napolitano, according to people involved with the negotiations. Military and intelligence officials have also expressed concerns about the bill. Several advocates for reporting groups reacted with dismay. They noted that as a senator, Mr. Obama had co-sponsored an earlier version of the ?media shield? bill and that Mr. Holder had testified in favor of such legislation. ?This is the question I would have to ask, ?Do they really want a bill?? ? said Lucy Dalglish, executive director of the Reporters Committee for Freedom of the Press. ?It doesn?t appear that they do.? Proponents of a shield law argue that it is in the public interest to allow reporters to protect confidential sources in order to bring important information to light. Opponents note that the unauthorized disclosure of classified information is illegal and argue that members of the news media should not be allowed to decide whether exposing national security secrets is justified. About three dozen states have some form of a reporter-shield law, Ms. Dalglish said. In a recent letter calling for a vote on the shield bill, Mr. Specter said that at least 19 journalists had been subpoenaed by federal prosecutors for information about confidential sources since 2001 and that four had been imprisoned for refusing to comply. Among them was Judith Miller, who as a reporter for The New York Times was subpoenaed in connection to the Valerie Wilson C.I.A. leak case. Prosecutors also threatened two San Francisco Chronicle reporters with jail over reporting based on leaked grand jury information about steroid use by professional athletes. The House has already approved a version of the shield bill, but it has stalled in the Senate Judiciary Committee. Mr. Specter said lawmakers should vote the bill out and let the Obama administration, which has not taken an official stance on the bill, deal with it openly. ?If the president wants to veto it, let him veto it,? Mr. Specter said. ?I think it is different for the president to veto a bill than simply to pass the word from his subordinates to my subordinates that he doesn?t like the bill.? From rforno at infowarrior.org Fri Oct 2 12:17:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Oct 2009 08:17:17 -0400 Subject: [Infowarrior] - Google strips Pirate Bay homepage from search results Message-ID: Google strips Pirate Bay homepage from search results http://www.theregister.co.uk/2009/10/02/google_removes_pirate_bay_homepage/ Mountain View executes DMCA takedown By Kelly Fiveash Posted in Music and Media, 2nd October 2009 11:36 GMT The Pirate Bay?s homepage and seven other pages relating to the BitTorrent tracker website have been removed from Google?s search engine, following a DMCA complaint. Anyone attempting to locate thepiratebay.org via Google will be greeted with some results to access the website, but none that point directly at its homepage. We?ve asked Google if it could tell us more about removing some of the site?s pages from its search engine, but at the time of writing it hadn?t got back to us with comment. The Pirate Bay mouthpiece, Peter Sunde - who actually quit his position as the website?s main spokesman a few months back - asked on his Twitter account this morning ?why is 'thepiratebay.org' (the frontpage) removed from your [Google?s] index?? A DMCA notice at the bottom of a ?thepiratebay.org? search query via Google reveals that Mountain View has simply reacted to a takedown request. ?In response to a complaint we received under the US Digital Millennium Copyright Act, we have removed 8 result(s) from this page. If you wish, you may read the DMCA complaint that caused the removal(s) at ChillingEffects.org,? reads a notice. Interestingly, Microsoft?s Bing returns the correct result on its search engine, so it?s clearly not been slapped with a similar DMCA notice yet. We'll update this story if Google offers us any further insight. Its policy on the Digital Millennium Copyright Act is here. ? From rforno at infowarrior.org Sun Oct 4 15:00:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Oct 2009 11:00:28 -0400 Subject: [Infowarrior] - The Cybersecurity Myth Message-ID: I don't agree with Cringley very often, but IMHO he's spot-on with this assessment, and it echoes what I've been hearing since that "1000" announcement was made the other day. -rick The Cybersecurity Myth http://www.cringely.com/2009/10/the-cybersecurity-myth/ The Department of Homeland Security (DHS) said this week it will hire up to 1,000 cybersecurity experts over the next three years to help protect U.S. computer networks. This was part of National Cybersecurity Awareness Month and the announcement was made by DHS Secretary Janet Napolitano, who also said they probably won?t need to hire all 1,000 experts, which is good because I am pretty sure THERE AREN?T ONE THOUSAND CIVILIAN CYBERSECURITY EXPERTS IN THE ENTIRE FRIGGIN? WORLD!!!! So I polled six old friends who ARE cybersecurity experts and they kinda-sorta agreed with me. More on this below. But first I have to marvel that I even know six cybersecurity experts and ? even more amazing ? I?m pretty sure they don?t know each other. They seem to be like badgers, solitary creatures who only come out to mate. They are cynics, too. One questioned the term ?cybersecurity? as being inappropriate. ?(It) depends on your definition of expert,? said expert number one, who works deep in the military-industrial complex. ?If you mean someone who can spell ?cyber? then sure (there are 1,000). If you mean those who know that ?cyber? is short for ?cybernetics? and has little to do with computers then probably not. I still occasionally use the title ?Cybernetic Psychophysicist.?? Sure enough, there?s a very detailed definition of cybernetics here and it doesn?t intrinsically have very much to do with computers or networks, though don?t tell that to the DHS without first taking off your shoes and placing the definition in a one quart plastic bag. ?Duh!? said expert number two who has spent his career at telcos and cable companies. ?Of course. You got it right. I doubt there are 1000 in the world. There are a lot of wannabees, or folks who think they are?? ?Define ?expert,? said another friend from behind Door Number Three, who comes from the security software business. ?(An expert is) a person with a high degree of skill in or knowledge of a certain subject. Great, but the question is all about scope. I may be an expert cook ? but can I run a kitchen? Same thing with security there are tons of experts ? in specific areas. I was an expert in AV, IDS, and other areas. But I was not the all knowing security guru. (even though my knowledge base was very broad). This is where we run into unintended actuated consequences. An expert will make a choice and take an action. The end result may not be what they had anticipated because of other factors beyond the realm of their expertise caused an unanticipated consequence. ?Example: I am forced to use low sulfur gas because the experts say it produces 20 percent less harmful emissions. Too bad they did not notice it has a lower power quotient then a normal gas blend. As a result I use 30 percent more gas that is 30 percent more expensive (and puts four percent more sulfur into the air). ?So I believe there to be less then 30 real experts in security, but there may be well over 500 subject matter experts and perhaps another 1000 sous-security people.? Now I brought in the big gun ? expert number four, an independent security consultant to foreign governments: ?My bet is that they are going to just pull the bodies from the Department of Defense and Department of Energy,? he said. ?DoD has established a number of credentials required to be classified as a security specialist like CompTIA Security+, CISSP, etc. None of this stuff has any practical application because it is hardware/software neutral. ?Even if a government agency, (over 550 or them) allows you to sniff their network, are they going to let you evaluate the applications for bugs? I don?t think so. Without scrubbing the software with products like Ounce Labs (owned by IBM), what is the point of evaluating the network? ?Another item of great importance is a security clearance to do the work. This is where you will get only one brand of thinking; DoD or DoE clearance. This will prohibit the security ?black hat? types from ever being involved in the project without coming from the DoD or Energy. ?So you will end up with 1,000 Security Managers in the government with Sec+, and CISSP certifications, talking to cisco, Juniper, CheckPoint, Tipping Point, Microsoft, Oracle, Ounce Labs, etc. security professionals at $300 an hour doing the actual work. That?s 1,000 jobs for window dressing, releasing reports that end up on Drudge Report listing the number of breaches in Federal Government Agencies. ?When you look at the private sector protection of data standards for items like credit cards you have real teeth in your regulations. You don?t have to take credit cards, but if you do then you need to be PCI compliant. Don?t want to be PCI? No problem we won?t allow you to use our credit cards. Where will that type of enforcement be with the wall of 2,000 eyes protecting the USA?? No there won?t be (this is Bob again) because governments are required to provide services to their citizens. Even the DHS can?t shut down the government to cure a security breach, though I am beginning to believe they haven?t yet figured that part out. ?I?m not sure there are even a handful (of experts) with any sort of broad experience,? said expert number five, who is usually associated with security hardware. ?There probably are pockets of them, with specialized narrow experience, e.g. in banking, virus or DOS attacks, military networks, etc.. And even if there were 1,000, what would they be doing on behalf of Uncle Sam?? That?s a great question given that we as a nation can?t seem to hire and keep a national cybersecurity czar. So what are we doing hiring 1,000 experts given there is no boss? While it is great to have a Cybersecurity Awareness Month, whatever that is, and it might be great to add a thousand ?experts? to protect our nation, if you look deeper into this story it is for the most part BS or HS and, I fear, CS to boot. Look, the number of CCIE?s with security as a certification is 2,300 for the entire world. Subtract the 50 percent who work for cisco, then 50 percent again for those not working in the field any longer, and you get 500 cisco CCIE Security Experts worldwide. The only way to get another thousand in three years is by training them. But in the last four months with 800 available seats to sit for the cisco CCIE Security exam only one person has passed! The DHS is extremely unlikely to be able to find and train 1,000 cybersecurity experts in three years. Maybe they?ll come up with 100 (more likely 5-10), but the DHS environment will make it unlikely ? very unlikely ? that all of those 100 will stick around. Secretary Napolitano says she might not need all 1,000, which to me says she is really looking for 3-5 people. And frankly that ought to be enough if they are truly experts and are both properly led and supported (which they probably won?t be). So this is the wrong approach entirely. It won?t work, the DHS probably knows it won?t work (if they don?t know that, well God help us all) but they see it as better than nothing. That doesn?t worry me so much, though. What really worries me is the point brought up by cybersecurity expert number six, who himself came in from the cold: ?Sure there are 1,000 (cybersecurity experts),? he said, ? but they are already employed? as hackers.? From rforno at infowarrior.org Mon Oct 5 13:09:46 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Oct 2009 09:09:46 -0400 Subject: [Infowarrior] - NYC Surveillance Will Expand To Midtown, Mayor Says Message-ID: <7B79D95A-822E-40C7-8A00-A71B4D50127C@infowarrior.org> Surveillance Will Expand To Midtown, Mayor Says By KAREEM FAHIM Published: October 4, 2009 http://www.nytimes.com/2009/10/05/nyregion/05security.html?_r=1 A network of private and public surveillance cameras, license plate readers and weapons sensors already established in Lower Manhattan as an electronic bulwark against terrorist attacks will soon expand to a large patch of Midtown Manhattan, Mayor Michael R. Bloomberg and Police Commissioner Raymond W. Kelly said Sunday as they announced the allocation of $24 million in Homeland Security grants toward the effort. Mr. Bloomberg said the expanded monitoring network would cover the areas between 30th and 60th Streets, from the Hudson to the East River. ?We cannot afford to be complacent,? he said, noting that Midtown includes landmarks like Grand Central Terminal, the Empire State Building and the United Nations. Like the system downtown, the expanded surveillance network would feed streams of data for analysis to a coordination center at 55 Broadway. Mr. Bloomberg, who made the announcement at the center with Mr. Kelly, said work on the Midtown system would begin next year and be completed in 2011. Behind the mayor, a 40-foot video wall displayed maps, incoming data from a police precinct and more than a dozen video streams, many of them showing tourists taking photographs on a sunny day. The plan devised to protect downtown Manhattan, known as the Lower Manhattan Security Initiative, was introduced by Mr. Kelly in 2005. That raised concern among civil liberties groups, which have called for more public discussion as the police peer, with greater intensity, at more corners of the city. Asked Sunday about criticism of the increased surveillance, Mr. Bloomberg said: ?We live in a world where we have to have a balance. We can?t just say everybody can go everyplace and do anything they want.? He added, ?Do you really want to work in a building that doesn?t have security?? From rforno at infowarrior.org Mon Oct 5 13:10:32 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Oct 2009 09:10:32 -0400 Subject: [Infowarrior] - Police chiefs endorse anti-terror community watch Message-ID: Police chiefs endorse anti-terror community watch By EILEEN SULLIVAN and P. SOLOMON BANDA (AP) ? 1 day ago http://www.google.com/hostednews/ap/article/ALeqM5jjBtFzn5wwzu39fUZGs9MfHJmyUgD9B3TH801 DENVER ? A store clerk's curiosity about why Najibullah Zazi was buying large quantities of beauty supply products indicated that something about the transaction wasn't quite right ? and it's an example of the kind of citizen vigilance that can combat terror, a police commander said Saturday. Los Angeles police Cmdr. Joan McNamara cited this summer's incident as police chiefs meeting in Denver adopted a model for a nationwide community watch program that teaches people what behavior is truly suspicious and encourages them to report it to police. Federal authorities allege Zazi, 24, tried to make a homemade explosive using ingredients from beauty supplies purchased at Denver- area stores. He has been jailed in New York on charges of conspiracy to detonate a weapon of mass destruction in a plot that may have targeted New York City. Zazi has denied the charges. Zazi reportedly told an inquisitive clerk he needed a large amount of cosmetic chemicals because he had "lots of girlfriends." While his purchases weren't reported to authorities because suppliers often buy large quantities, the police chiefs hope a coordinated publicity effort will make people think differently about such encounters. Los Angeles police Chief William Bratton, who developed the iWatch program with McNamara, called it the 21st century version of Neighborhood Watch. The Major Cities Chiefs Association, headed by Bratton and composed of the chiefs of the 63 largest police departments in the U.S. and Canada, endorsed iWatch at the group's conference Saturday. iWatch would have provided an easy way for that Colorado store clerk and others to report suspicious activity so police could launch investigations earlier, McNamara said. "That clerk had a gut instinct that something wasn't right," she said. Using brochures, public service announcements and meetings with community groups, iWatch is designed to deliver concrete advice on how the public can follow the oft-repeated post-Sept. 11 recommendation, "If you see something, say something." Program materials list nine types of suspicious behavior that should compel people to call police, and 12 kinds of places to look for it. Among the indicators: _If you smell chemicals or other fumes. _If you see someone wearing clothes that are too big and too heavy for the season. _If you see strangers asking about building security. _If you see someone purchasing supplies or equipment that could be used to make bombs. The important places to watch include government buildings, mass gatherings, schools and public transportation. The program also is designed to ease reporting by providing a toll- free number and Web page the public can use to alert authorities. Los Angeles put up its Web site this weekend. "It's really just commonsense types of things," Bratton said, adding that his department is providing technical assistance to other agencies that want to adopt the program. But American Civil Liberties Union policy counsel Mike German, a former FBI agent who worked on terrorism cases, said the indicators are all relatively common behaviors. He suspects people will fall back on personal biases and stereotypes of what a terrorist looks like when deciding to report someone to the police. "That just plays into the negative elements of society and doesn't really help the situation," German said. After the Sept. 11 attacks, the Bush administration proposed enlisting postal carriers, gas and electric company workers, telephone repairmen and other workers with access to private homes in a program to report suspicious behavior to the FBI. Privacy advocates condemned this as too intrusive, and the plan was dropped. Bratton and McNamara said privacy and civil liberties protections are built into this program. "We're not asking people to spy on their neighbors," McNamara said. If someone reports something based on race or ethnicity, the police will not accept the report, and someone will explain to the caller why that is not an indicator of suspicious behavior, McNamara said. The iWatch program isn't the first to list possible indicators of suspicious behavior. Some cities, like Miami, have offered a public list of seven signs of possible terrorism. Federal agencies also have put out various lists. Other efforts encourage the public and law enforcement to report such signs through dozens of state-run "fusion centers" across the country. One such center, the Colorado Information Analysis Center, has a form on its Web site to report suspicious activity. Bratton hopes the iWatch program becomes as successful and as well known as the Smokey Bear campaign to prevent wildfires. "There he is with his Smokey the Bear hat, similarly here, we hope that this program, even though it's in its birthing stages right now, in a few years will become that well known to the American public." Associated Press Writer Eileen Sullivan reported from Washington, D.C. On the Net: ? Major chiefs: http://www.majorcitieschiefs.org ? Los Angeles Police Department: http://www.lapdonline.org ? Los Angeles iWatch Web site: http://www.iWatchLA.org Copyright ? 2009 The Associated Press. All rights reserved. From rforno at infowarrior.org Mon Oct 5 14:17:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Oct 2009 10:17:51 -0400 Subject: [Infowarrior] - Federal Register relaunches Message-ID: <456F2C9D-AC54-431B-B91C-33C31FE700CB@infowarrior.org> A More Web-Friendly Register With Federal Data in XML Form, Users Have New Options By Ed O'Keefe Washington Post Staff Writer Monday, October 5, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/10/04/AR2009100402533_pf.html Lawyers, lobbyists, librarians and concerned citizens, rejoice: As of Monday, it is much easier to access the Federal Register. The de facto daily newspaper of the executive branch publishes approximately 80,000 pages of documents each year, including presidential disaster declarations, Medicare reimbursement rates, and thousands of agency rulings on policies ranging from banking to fishing to food. It's a must-read for anyone with business before the federal government or concerned about inside-the-Beltway decisions, including academics, good-government advocates and Register junkies (yes, they do exist). Starting Monday, issues dating back to 2000 will be available at Data.gov in a form known in the Web world as XML, which allows users to transport data from a Web site and store it, reorganize it or customize it elsewhere. Officials suggested that the move puts readers, rather than the government, in charge of deciding how to access the Register's reams of information. "In much the same way that newspapers have looked at making content more accessible by changing the print and typeface, we can now do the same thing by making the Federal Register available such that people can manipulate it and customize it and reuse the content to make the information even more accessible," said Beth Noveck, director of the White House Open Government Initiative. Monday's launch is the outgrowth of President Obama's first executive order, which mandated greater transparency in federal government. The Office of the Federal Register publishes the Register each business day. The first issue, in 1936, had 11 pages; Friday's had 157. According to the White House, the Register totaled 79,435 pages in fiscal 2008, with 31,879 documents, its largest year ever. Online readers downloaded more than 200 million Register documents in fiscal 2009, the White House said. The Register may be the ultimate record of the business of the executive branch, but it is universally recognized as a difficult document to navigate. Monday's release should make it easier for users to find their specific topic without having to wade through volumes of unrelated material. Government officials expect information-hungry users -- be they good-government groups, news organizations or the college student pulling an all-nighter -- to make the most of the new access. The technology will allow users, including Web site designers, to quickly gather data and manipulate the information with tools such as mapping software, word clouds, spreadsheets and e-mail alert systems, White House officials and government observers said. Lawyers and activists tracking Environmental Protection Agency policies might subscribe to an e-mail alert system built by a good- government group that will notify them of updates published in the Register. A Maryland resident monitoring the impact of federal regulations on his neighborhood might visit a Web site that allows him to search the Register's items by state, county and Zip code. "It makes it much easier to follow a specific topic area or look at specific regulations from a specific agency or search within a geographic area," said John Wonderlich, policy director of the Sunlight Foundation, an open-government advocacy group. "It's not going to be useful for everyone, but if you're looking at making government processes more efficient, this view across the government will be very useful," Wonderlich said. Noveck, her White House colleagues and staffers at the Federal Register and Government Printing Office have been working on the details of Monday's launch since Obama signed the executive order. Mary Alice Baish, director of government relations for the American Association of Law Libraries, said members are "delighted" about the move. "This is a win-win situation for business, the regulatory community and consumers," she said. "We see law libraries being able to use the data for empirical research by law professors who want to track agency activities. For being able to track trends in the regulated industries. Even for studies of semantics and language," she added. It cost the government approximately $100,000 to convert the issues dating to 2000, according to Ray Mosley, director of the Federal Register, which is part of the National Archives and Records Administration. The Register went online in 1994, and converting issues from '94 to 2000 will cost at least another $150,000, Mosley said. He anticipated little effect on his 59-member staff of editors, technical experts and lawyers. He also noted, however, that the changes online may inspire someone to find the next best way to publish, display and distribute the Register. "Someone could demonstrate something to us, and we could start the wheels rolling," Mosley said. From rforno at infowarrior.org Mon Oct 5 18:37:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Oct 2009 14:37:34 -0400 Subject: [Infowarrior] - France May Put Warning Labels on Airbrushed Photos Message-ID: Monday, Oct. 05, 2009 France May Put Warning Labels on Airbrushed Photos By Bruce Crumley / Paris http://www.time.com/time/printout/0,8816,1927227,00.html Like many Western countries, France requires health warnings on tobacco and alcohol and similar labels on processed food containing genetically modified ingredients. France's regulators are also notoriously tough on marketing campaigns that make false product claims. Now some French legislators want to take consumer protection to an unprecedented level, requiring that advertisements, product labels and even campaign posters carry a warning when they feature a photograph that's been digitally enhanced. The drive against airbrushed photos is being headed by conservative parliamentarian Val?rie Boyer, who says the widespread use of digital technology to alter images is feeding the public a steady visual diet of falsified people, places and products. This artificial reality leads people to expect perfection from themselves and the world in an impossible way, she says. "When writers take a news item or real event and considerably embellish it, they are required to alert readers by calling the work fiction, a novel or a story based on dramatized facts. Why should it be any different for photographs?" Boyer asks. "Rules on food labeling let consumers know the origins of the contents and the presence of things like additives and preservatives. What's wrong with ... informing them when photographs have also been modified from their original form?" (See pictures of doctored photos.) Advertisers would argue that doing so undermines the allure of perfectly photographed people and places in marketing campaigns, which, in many cases, is what sells. A svelte model with perfect skin, for example, is likely to make you want to eat high-fiber cereal more than a model with visible imperfections. Perhaps, says Boyer, but she believes that passing enhanced imagery off as the real thing is misleading. Her proposed legislation would require doctored photos meant for public distribution to carry the warning "Photograph retouched to modify the physical appearance of a person." Anyone violating the rule could be fined about $55,000. Since she presented her draft to parliamentary committees in September, Boyer has been joined by more than 50 other legislators who want to see it introduced as formal legislation and voted on in the coming months. Boyer's effort is not only motivated by a fear that consumers are being taken for a ride. She also feels the idealized beauty in such photos is giving people false expectations of how the world should look ? and how they should look as well. Because digitally enhanced photos are often used in mass-marketing campaigns for everything from soft drinks to luxury cars to travel packages, Boyer says the images are gradually leading to a standardization of what is considered beautiful ? and by extension, what isn't. (Read "In the Paris M?tro, Even Dead Legends Can't Smoke.") "It's creating parallel worlds: one in which everything in ads and photos is gorgeous, slim, chic and what we aspire to, and our daily reality of imperfection, normality and frustration that we can't be like those other people who ? literally ? don't exist," she says. The advertising and marketing industries would clearly be the most affected by Boyer's proposed law. But her draft also calls for warnings on art photography, press releases and even political posters that have been similarly digitally enhanced. The French media have had fun with the possibility of warnings being placed on political ads, recalling the 2007 vacation photograph of a shirtless President Nicolas Sarkozy in Paris Match magazine in which his bulging love handles were erased to give him a hunkier form. Boyer ? a member of Sarkozy's party ? meets such sniggering with a swipe of her own. "President Sarkozy was dragged through the mud about that by media that routinely alter photographs without anyone knowing about it, and by politicians who don't hesitate to have their own pictures modified to remove wrinkles, bags or hanging skin," she says. (See pictures of Sarkozy in the U.K.) Boyer has also authored a pending law awaiting upper house approval that calls for prison terms and fines for people who encourage and promote anorexia, like those who run so-called "pro-ana" websites and blogs. However, she says her new proposal was written less out of concern that perfect figures in doctored photos were driving women to develop eating disorders and more out of a fear that enhanced images were giving the public an intentionally fabricated picture of reality. (Read "Study: Is Vegetarianism a Teen Eating Disorder?") If Boyer's proposal does happen to pass in Parliament, how likely is it that the warnings will gain acceptance in France? In a country where beauty is revered, it's hard to say how people will feel about defacing it with a large black and white warning label. From rforno at infowarrior.org Mon Oct 5 19:10:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Oct 2009 15:10:53 -0400 Subject: [Infowarrior] - FTC: Bloggers must disclose payments for reviews Message-ID: <30E5678D-D750-4A49-BDAE-F3BE3A8C22E1@infowarrior.org> FTC: Bloggers must disclose payments for reviews FTC: Bloggers must disclose any freebies or payments they get for writing product reviews ? By Deborah Yao, AP Business Writer ? On Monday October 5, 2009, 2:47 pm EDT http://finance.yahoo.com/news/FTC-Bloggers-must-disclose-apf-468964868.html?x=0&.v=2 The Federal Trade Commission will try to regulate blogging for the first time, requiring writers on the Web to clearly disclose any freebies or payments they get from companies for reviewing their products. The FTC said Monday its commissioners voted 4-0 to approve the final Web guidelines, which had been expected. Violating the rules, which take effect Dec. 1, could bring fines up to $11,000 per violation. Bloggers or advertisers also could face injunctions and be ordered to reimburse consumers for financial losses stemming from inappropriate product reviews. The commission stopped short of specifying how bloggers must disclose conflicts of interest. Rich Cleland, assistant director of the FTC's advertising practices division, said the disclosure must be "clear and conspicuous," no matter what form it will take. Bloggers have long praised or panned products and services online. But what some consumers might not know is that many companies pay reviewers for their write-ups or give them free products such as toys or computers or trips to Disneyland. In contrast, at traditional journalism outlets, products borrowed for reviews generally have to be returned. Before the FTC gave notice last November it was going to regulate such endorsements, blogs varied in the level of disclosures about these potential conflicts of interest. The FTC's proposal made many bloggers anxious. They said the scrutiny would make them nervous about posting even innocent comments. To placate such fears, Cleland said the FTC will more likely go after an advertiser instead of a blogger for violations. The exception would be a blogger who runs a "substantial" operation that violates FTC rules and already received a warning, he said. Existing FTC rules already banned deceptive and unfair business practices. The final guidelines aim to clarify the law for the vast world of blogging. Not since 1980 had the commission revised its guidelines on endorsements and testimonials. Cleland said a blogger who receives a freebie without the advertiser knowing would not violate FTC guidelines. For example, someone who gets a free bag of dog food as part of a promotion from a pet shop wouldn't violate FTC guidelines if he writes about the product on his blog. Blogger Linsey Krolik said she's always disclosed any freebies she's received on products she writes about, but has stepped up her efforts since last fall. She said she adds a notice at the end of a post, "very clear in italics or bold or something -- this is the deal. It's not kind of buried." From rforno at infowarrior.org Tue Oct 6 02:22:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Oct 2009 22:22:03 -0400 Subject: [Infowarrior] - FBI Investigated Coder for Liberating Paywalled Court Records Message-ID: <6D448252-7450-47C5-8B9A-70A8D45DFD52@infowarrior.org> Threat Level Privacy, Crime and Security Online FBI Investigated Coder for Liberating Paywalled Court Records ? By Ryan Singel ? October 5, 2009 | ? 8:48 pm | http://www.wired.com/threatlevel/2009/10/swartz-fbi/ When Aaron Swartz, a 22 year-old programmer, decided last fall to help an open government activist amass a public and free copy of millions of federal court records, he did not expect he?d end up with an FBI agent trying to surveil his house. But that?s what happened, as Swartz found out this week when got his FBI file through a Freedom of Information Act request. A partially- redacted FBI report shows the feds mounted a serious investigation of Swartz for helping put public documents onto the public web. The FBI ran Swartz through a full range of government databases starting in February, and drove by his home, after the U.S. court system told the feds he?d pilfered some 18 million pages of documents worth $1.5 million dollars. That?s how much the public records would have cost through the federal judiciary?s paywalled PACER record system, which charges eight cents a page for most legal filings. ?I think its pretty silly they go after people who use the library to try to get access to public court documents,? Swartz said. ?It is pretty silly that instead of calling me up, they sent an FBI agent to my house.? The feds also checked Swartz?s Facebook page, ran his name against the Department of Labor to figure out his work history, looked for outstanding warrants and prior convictions, checked to see if his mobile phone number had ever come up in a federal wiretap or pen register, and checked him against the records in a private data broker?s database. The Great Court Records Caper began last year when the judiciary and the Government Printing Office experimented with giving away free access to PACER at 17 select libraries around the country. Swartz decided to use the trial to grab as many of the public court records as he could and, perversely, release them to the public. He visited one of the libraries ? the 7th U.S. Circuit Court of Appeals library in Chicago ? and installed a small PERL script he?d written. The code cycled sequentially through case numbers, requesting a new document from PACER every three seconds. In this manner, Swartz got nearly 20 million pages of court documents, which his script uploaded to Amazon?s EC2 cloud computing service. Or, as the FBI report put it, the public records were ?exfiltrated.? The script ran for a couple of weeks ? from September 4 to 22, until the court system?s IT department realized something was wrong. Someone was downloading everything. None of the records, of course, were private or sealed, and Lexis Nexis has a copy of of PACER?s database that it sells a high markup. But Swartz wasn?t paying anything. The Government Printing Office abruptly shut down the free trial and reported to the FBI that PACER was ?compromised,? the FBI file reveals. The Administrative Office of the U.S. Courts told the FBI in March that Swartz had gained unauthorized access to the free PACER account. ?AARON SWARTZ would have known his access was unauthorized because it was with a password that did not belonged [sic] to him,? reads the FBI report summarizing the judiciary?s position. Swartz says his script only ran on the library computer. It didn?t use a password at all, but used the PACER authentication cookie set in the PC?s browser. He donated the 19,856,160 pages to public.resource.org, an open government initiative spearheaded by Carl Malamud as part of a broader project make public as many government databases as Malamud can find. It was Malamud who previously shamed the SEC into putting all its EDGAR filings online in the 90s, and he used $600,000 in donations to buy 50 years of documents from the nation?s appeals court, which he promptly put on the Internet for anyone to download in bulk. The Washington bureau of the FBI opened their investigation of Swartz just a week or so before the New York Times published its account of the caper. The bureau didn?t contact him then, but in April, the FBI asked to interview the code jock? saying it needed his help to close the ?security hole? he?d exploited. When Swartz declined, on the advice of counsel, the feds dropped the investigation after the Justice Department?s Computer Crime and Intellectual Property Section closed the case. Swartz, an early employee of Reddit - a sister company of Wired.com ? requested his FBI file in August, and describes it as the ?usual mess of confusions that shows the FBI?s lack of sense of humor.? (Threat Level notes that the FBI?s filled Swartz?s FOIA request at an admirable speed that would have been unheard of as recently as last year.) That?s how Swartz leaned that a Chicago-based FBI agent got Swartz?s driver?s license photo, and considered a stakeout of his home. But any surveillance, the agent concluded, would be conspicuous, since so few cars were parked on Swartz?s dead end street in Highland Park, Illinois. The feds evidently identified Swartz in the first place by approaching Amazon, which provided his name, phone number and address. It?s not clear if the feds got a subpoena to learn his identity, but they may not have needed one; Amazon?s user agreement for its cloud computing solutions gives it the right to turn over customer information to the government on request. Amazon did not reply to a call and online request for comment. Two months after opening an investigation, the feds finally called Swartz on April 14. He declined to speak to them, and demured again through his lawyer two days later. The investigation was closed on April 20. PACER records still cost eight cents a page, but now Pacer users running the Firefox browser can donate their downloads to the public domain with a simple plug-in called RECAP. Use of the plug-in is not likely to start an investigation of you. But then again, who knows. From rforno at infowarrior.org Tue Oct 6 12:10:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Oct 2009 08:10:23 -0400 Subject: [Infowarrior] - Bank Botnet Serves Fake Info to Thwart Researchers Message-ID: Threat Level Privacy, Crime and Security Online Bank Botnet Serves Fake Info to Thwart Researchers ? By Kim Zetter ? October 6, 2009 | ? 12:49 am | http://www.wired.com/threatlevel/2009/10/urlzone-trojan/ Researchers tracking a gang of online bank thieves found that the criminals have deployed a devious means to thwart law enforcement and anyone else trying to monitor their activities. The gang behind the URLZone trojan, which siphons money from online bank accounts and then alters a victim?s online bank statement to hide the fraud, have also devised a method to hide the accounts of mules they use to launder the siphoned funds. Researchers at RSA?s FraudAction Research Labs say the gang was aware that their malware was being tracked by investigators, so they programmed their command and control server to generate non-mule accounts to make it more difficult for law enforcement and fraud investigators to halt laundering through the real accounts. The URLZone is a Trojan that has been targeting customers of several top German banks. The victims? computers are infected with the Trojan after visiting compromised legitimate web sites or rogue sites set up by the hackers. Once a victim is infected, the malware detects when a user is logged into a bank account, then contacts a control center hosted on a machine in Ukraine to initiate a money transfer from the victim?s account, without the victim?s knowledge. The control center tells the Trojan how much money to wire transfer from the victim?s online bank account and which mule account should receive the transfer. The money gets transferred to the legitimate bank accounts of unsuspecting money mules who?ve been recruited online for work-at-home gigs, never suspecting that the money they?re allowing to flow through their account is being laundered. The mules then transfer the money to the thieves? chosen account. Researchers, hoping to extract a list of mule accounts from the command and control center, infected honeypot computers with the URLZone Trojan. But when the computers contacted the command and control center to collect a mule account, the command center fed them ?fake? accounts. The fraudsters developed a series of tests to check infected computers to determine if they?re ?legitimate? URLZone-infected machines. For example, every infected computer is assigned a unique identification code by the Trojan. If the ID is not a valid Trojan ID known by the server, the fake computer gets fed one of 400 non-mule accounts. The non-mule accounts are legitimate bank accounts, just not ones the criminals are using to launder money. ?Interestingly, when generating a non-mule account in order to dupe anti-fraud security researchers,? RSA researchers write on their blog, ?the Trojan does not display random names and account numbers. Instead, it displays real bank account details that were previously entered by URLZone victims as the payees of legitimate transactions.? The RSA researchers call this the ?most unique attribute? of the botnet, which ?speaks to its operators? caution against having their criminal pipelines compromised.? From rforno at infowarrior.org Tue Oct 6 12:29:47 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Oct 2009 08:29:47 -0400 Subject: [Infowarrior] - Apple Isn't Even Bothering To Lie Anymore Message-ID: Apple Isn't Even Bothering To Lie Anymore Michael Arrington TechCrunch.com Monday, October 5, 2009 11:52 PM http://www.washingtonpost.com/wp-dyn/content/article/2009/10/06/AR2009100600470_pf.html I mean, seriously. Apple's chief complaint against the Google Voice application was "The application has not been approved because, as submitted for review, it appears to alter the iPhone?s distinctive user experience by replacing the iPhone?s core mobile telephone functionality and Apple user interface with its own user interface for telephone calls?" And that's ok, because we all know that the real reason Apple won't let Google Voice through is that they are scared out of their mind that Android and Google Voice will eat their iPhone lunch over the long term. Apple can't win the fight over the long term, but they sure are willing to say and do anything in the short term to stop the advance of Google. But you'd think they'd at least be consistent and apply the same arguments to other third party apps. At least until this whole FCC thing blows over. But Skype's calling app, which uses Wifi, is totally fine. And yesterday, the Vonage iPhone app, which seems to be just as much of an issue as Google Voice based on that quote at the top, got the green light, too. Users can use Wifi or cellular minutes, and have to open the Vonage application to make calls. They'll save a bundle on international calling. Of course, it's hard to argue that Vonage doesn't "alter the iPhone?s distinctive user experience by replacing the iPhone?s core mobile telephone functionality and Apple user interface with its own user interface for telephone calls." But really, I'm not even sure anyone is paying attention at this point. If you care, the truth is this ? Apple isn't threatened by Vonage. The smart thing would have been to reject their app anyway, to stay consistent. But unless someone actually forces Apple to play by the rules, why should they? Yeah, I know. Apple Fanboys can unleash hell on us now in the comments. ? 2009 TechCrunch From rforno at infowarrior.org Tue Oct 6 17:31:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Oct 2009 13:31:31 -0400 Subject: [Infowarrior] - MoD security manual leaked on web Message-ID: <40F6ABCC-4896-4F8F-B60F-E884F98EDD08@infowarrior.org> MoD's security manual leaked on web MoD excels itself By Nick Farrell Tuesday, 6 October 2009, 17:03 http://www.theinquirer.net/inquirer/news/1557599/mod-security-manual-leaked-web THE UK MINISTRY OF LEAKS, er, Defence (MoD), has seen its manual of how to avoid leaks, leaked onto the world wide web. The MoD, which has a habit of leaving all kinds of classified documents laying about where they can be nicked, apparently wrote a 560,000-word Defence Manual of Security in 2001 that told its would-be James and Jamie Bonds how to avoid leakage of secret or possibly embarrassing data. Somehow the document ended up on Wikileaks and it makes for rather amusing reading, actually. It seems that the MoD is particularly concerned about information getting into the hands of investigative journalists as much as the ever feared "subversive or terrorist organisations". Chinese agents are "expert flatterers and are well aware of the softening effect of food and alcohol", according to the document. Chinese spies are very different from the portrayal of 'Moscow Rules' in the novels of John Le Carre, the manual reads. "The Chinese make no distinction between information and intelligence. Their appetite for information, particularly in the scientific and technical field, is vast and indiscriminate. "They do not run agents, they make friends. Although there are Chinese intelligence officers, both civilian and military, these fade into insignificance behind the mass of ordinary students, businessmen and locally employed staff who are working (at least part-time) on the orders of various parts of the State intelligence-gathering apparatus," the manual further warns. Chinese spooks employ telephone and electronic bugs in hotels and restaurants. They have also been known to search hotel rooms and to use surveillance techniques against visitors of particular interest. You should never shag anyone, deal in black-market currency or Chinese antiques and artifacts, stray into 'forbidden' areas or make injudicious use of a camera or video recorder. The same advice applies to going to Russia. Apparently the FSB [the Russian security service and successor to the legendary KGB] makes extensive use of sophisticated technical devices. "In the main hotels, all telephones can be tapped and in some rooms visual or photographic surveillance can be carried out, if necessary using infra-red cameras to take photographs in the dark." The MoD is fairly laid back about its documents ending up on the net, apparently. It was only marked 'restricted'. MoD policy is to keep security policies and procedures private, as an MoD spokesman has been quoted as having said. Policy it might be, but obviously it hasn't worked. The MoD manual dates from 2001 and apparently it's out of date and things are so different now that it's no loss that the UK's useless Government's security guidance is plastered up on the web for all to see. ? From rforno at infowarrior.org Wed Oct 7 00:53:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Oct 2009 20:53:53 -0400 Subject: [Infowarrior] - Threat of next world war may be in cyberspace: UN Message-ID: Threat of next world war may be in cyberspace: UN Oct 6 12:47 PM US/Eastern http://www.breitbart.com/article.php?id=CNG.d8b45ac8e22de08986da7ef67ae96151.431&show_article=1 "Cyber war!" flashes on the screen at an Internet security conference. The ... The next world war could take place in cyberspace, the UN telecommunications agency chief warned Tuesday as experts called for action to stamp out cyber attacks. "The next world war could happen in cyberspace and that would be a catastrophe. We have to make sure that all countries understand that in that war, there is no such thing as a superpower," Hamadoun Toure said. "Loss of vital networks would quickly cripple any nation, and none is immune to cyberattack," added the secretary-general of the International Telecommunications Union during the ITU's Telecom World 2009 fair in Geneva. Toure said countries have become "critically dependent" on technology for commerce, finance, health care, emergency services and food distribution. "The best way to win a war is to avoid it in the first place," he stressed. As the Internet becomes more linked with daily lives, cyberattacks and crimes have also increased in frequency, experts said. Such attacks include the use of "phishing" tools to get hold of passwords to commit fraud, or attempts by hackers to bring down secure networks. Individual countries have started to respond by bolstering their defences. US Secretary for Homeland Security Janet Napolitano said Thursday that she has received the green light to hire up to 1,000 cybersecurity experts to ramp up the United States' defenses against cyber threats. South Korea has also announced plans to train 3,000 "cyber sheriffs" by next year to protect businesses after a spate of attacks on state and private websites. Warning of the magnitude of cybercrimes and attacks, Carlos Solari, Alcatel-Lucent's vice-president on central quality, security and reliability, told a forum here that breaches in e-commerce are now already running to "hundreds of billions." But one of the most prominent victims in recent years has been the small Baltic state of Estonia, which has staked some of its post Cold War development on new technology. In 2007 a spate of cyber attacks forced the closure of government websites and disrupted leading businesses. Estonian Minister for Economic Affairs and Communications Juhan Parts said in Geneva that "adequate international cooperation" was essential. "Because if something happens on cyberspace... it's a border crossing issue. We have to have horizontal cooperation globally," he added. To this end, several countries have joined forces in the International Multilateral Partnership against Cyber Threats (IMPACT), set up this year to "proactively track and defend against cyberthreats." Some 37 ITU member states have signed up, while another 15 nations are holding advanced discussions, said the ITU. Experts say that a major problem is that the current software and web infrastructure has the same weaknesses as those produced two decades ago. "The real problem is that we're putting on the market software that is as vulnerable as it was 20 years ago," said Cristine Hoepers, general manager at Brazilian National Computer Emergency Response Team. "If you see the vulnerabilities that are being exploited today, they are still the same," she underlined. She suggested that professionals needed to be trained to "design something more resilient." "Universities are not teaching students to think about that. We need to change the workforce, we need to go to the universities..., we need to start educating our professionals," she said. Pointing out the infrastructure weakness, Carlos Moreira, who founded and runs the Swiss information security firm Wisekey, said legislation is needed to bring cybersecurity up to international standards. Copyright AFP 2008, AFP stories and photos shall not be published, broadcast, rewritten for broadcast or publication From rforno at infowarrior.org Wed Oct 7 10:50:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Oct 2009 06:50:01 -0400 Subject: [Infowarrior] - US to export riot-roasting raygun Message-ID: <8087AC06-0A5A-444F-964B-3C533410775D@infowarrior.org> US to export riot-roasting raygun http://www.theregister.co.uk/2009/10/07/silent_guardian_export/ 'Oops,' giggles Raytheon after commercially apt leak By Lewis Page ? Get more from this author Posted in Science, 7th October 2009 10:29 GMT Free whitepaper ? Power and Cooling Capacity Management for Data Centers The United States is to export its crowd-grilling "less lethal" microwave cannon, the Silent Guardian - which has never been deployed by US forces due to worries over bad publicity - to an unnamed foreign ally. Aviation Week reports today that executives from American arms megacorp Raytheon, makers of the famous yet seldom-used riot-roaster weapon, have disclosed a sale of four containerised Silent Guardians to "a US ally". The revelations were described as an "oops" by the corporate types, as the Pentagon had forbidden the firm to make the sale public. The Silent Guardian works by playing a wide-angle beam of microwave energy on its targets - generally assumed to be something on the order of a hostile mob. The effect of the weapon on humans is to heat up the outer layers of human skin, causing a painful burning sensation and forcing people to disperse. The idea of the microwave cannon is to offer US troops, perhaps heavily outnumbered by angry crowds overseas, an alternative to opening fire or being overrun/compelled to retreat. Weapons of this sort were formerly termed "non lethal", but this was objected to on the grounds that rubber bullets, clubs, tasers etc do sometimes leave their targets dead - even if perhaps from some indirect cause like falling down and hitting their heads. As a result, people tend to say "less lethal" now. Perhaps bizarrely, however, the Silent Guardian in particular has attracted massive negative commentary from its earliest development days, and repeated requests for it from US commanders overseas have thus been denied - the Pentagon seemingly finding that it got less bad press by dealing with riots the old-fashioned way, by a mixture of blunt trauma and gunfire. There were also some technical issues with earlier Silent Guardian versions mounted on Humvees, as these lacked the cooling and associated power to function in the heat of an Iraqi summer. This has been sorted out for some time, however, with upgraded versions supplied in containerised form suitable for deployment on a lorry. The US government may find itself unable to deploy the microwave gun due to public pressure, then: but it appears that at least one foreign government has no such qualms. And, perhaps, that Raytheon is quite pleased to let the world know it has some customers at last for the Silent Guardian technology. ? From rforno at infowarrior.org Thu Oct 8 14:09:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Oct 2009 09:09:23 -0500 Subject: [Infowarrior] - BSIMM Begin released Message-ID: (Note: no compensation has been received for the posting of this release. ---rf) Software Security Self-Measurement with BSIMM Begin Introduced by Cigital and The SANS Institute Effort will broaden the understanding of organizations getting started with software security DULLES, VA, October 8, 2009-Cigital, Inc., the largest consulting firm specializing in software security and quality in the world, and The SANS Institute, the most trusted and by far the largest source for information security training and certification, announce the release of the BSIMM Begin . BSIMM Begin is a Web- based study focused on introductory activities covered in the full Building Security In Maturity Model (BSIMM) . BSIMM Begin will significantly broaden BSIMM data collection to include self-reported data from firms just starting software security initiatives. BSIMM was released in March 2009 based on data from nine firms. Since then, the size of the formally gathered data pool has nearly tripled and will soon be capable of providing back to the community statistically significant facts and guidance on how organizations are getting software security done. In addition to formal BSIMM efforts, BSIMM Begin aims to significantly broaden data collection. To keep the survey manageable, the scope has been limited to the BSIMM Level 1 activities. The goals of this survey are two-fold: to provide participants with a solid understanding of where they stand with respect to foundational software security activities; and to provide an understanding of where they stand relative to everyone else that participates. BSIMM Begin will broaden the collective understanding of what "keeping up" really means. The BSIMM Begin survey can be accessed from the landing site: http://bsi-mm.com/begin/ Dr. Gary McGraw, Cigital CTO and world-renowned software security authority said, "The BSIMM provides a new understanding of what is actually happening out in the world when it comes to software security initiatives. BSIMM Begin is exciting because it will broaden our data set to include small to medium size firms just getting started with software security. In BSIMM work we let the data speak for themselves and leave the pontification to others." "Software security is a critical issue for CSOs and CISOs today," said Derek Slater, CSO magazine editor in chief. "There is value in conducting this type of research, and value adding our audience's voice to research. We're looking forward to reviewing and sharing the results." The Software Assurance Forum for Excellence in Code (SAFECode), a non- profit organization exclusively dedicated to increasing trust in information and communications technology products and services through the advancement of effective software assurance methods supports BSIMM Begin. SAFECode executive director, Paul Kurtz stated, "BSIMM is unique in its data driven, observation-based nature. SAFECode supports BSIMM Begin as a constructive scientific initiative to improve software assurance." "The application layer is now that most significant attack vector for cyber criminals and other adversaries. The BSIMM Begin model has the potential to be an important source of information for software security initiatives," said Mason Brown, Director of SANS. "If you are serious about improving software security, you would be remiss if you didn't consider the information BSIMM provides." BSIMM Begin does not take the place of a full BSIMM assessment. For example, the full BSIMM expects an organization to have a formalized software security group (SSG) charged with carrying out or directing BSIMM activities. BSIMM Begin does not assume the existence of an SSG. In fact, it's of interest to find who is carrying out various introductory software security activities without an SSG. BSIMM Begin data will be segregated in a separate set of results and examined accordingly. The data will be published under the Creative Commons once they have been properly vetted and analyzed. t Cigital Cigital, Inc. is the largest software security and quality consulting firm in the world. Established in 1992, Cigital plans and implements initiatives that help organizations ensure their applications are secure and reliable while also improving how they build and deploy software. Our recognized experts apply a combination of proven methodologies, tools, and best practices to meet each client's unique requirements. Cigital has enabled some of the most well-known organizations in financial services, communications, insurance, hospitality, online gaming, e-commerce, and government to reduce their mission-critical software business risks. Cigital is headquartered outside Washington, D.C. with regional offices in the U.S., Europe, and India. About SANS SANS is the most trusted and by far the largest source for information security training and certification in the world. More than 95,000 security professionals have been trained by SANS. SANS also develops, maintains, and makes available at no cost, the largest collection of research documents about various aspects of information security, and it operates the Internet's early warning system - Internet Storm Center. SANS was established in 1989 as a cooperative research and education organization. Its programs now reach more than 215,000 security professionals around the world. Through SANS, a range of individuals from auditors and network administrators, to chief information security officers are sharing the lessons they learn and are jointly finding solutions to the challenges they face. At the heart of SANS are the many security practitioners in varied global organizations from corporations to universities working together to help the entire information security community. Contact: Terri Randolph Cigital 703-404-5757 trandolph at cigital.com From rforno at infowarrior.org Thu Oct 8 14:27:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Oct 2009 09:27:37 -0500 Subject: [Infowarrior] - Ralph Lauren, meet Streissand Effect Message-ID: <18C1DA68-9890-4445-A8D1-17193FE83D93@infowarrior.org> Image of ultra-thin Ralph Lauren model sparks outrage ? by Brett Michael Dykes, 17 hours ago http://shine.yahoo.com/event/fallbeauty/image-of-ultra-thin-ralph-lauren-model-sparks-outrage-521480/ In recent years an ongoing debate has brewed over advertisers and fashion magazines using photographs, particularly photographs of women, that have seemingly been altered, or "retouched," by airbrushing and photo editing software such as Photoshop. The latest such image to cause an uproar is one featured in a new Ralph Lauren advertisement that shows a model, Filippa Hamilton, so emaciated that her waist actually appears to be smaller than her head. On September 29th, Boing Boing's Xeni Jardin posted the ad, which originally appeared on a blog dedicated to pointing out suspected retouched images called Photoshop Disasters, with the comment, "Dude, her head's bigger than her pelvis." Ralph Lauren responded by filing a Digital Millennium Copyright Act (DMCA) complaint against Boing Boing and Photoshop Disasters, claiming that their use of the image was a copyright infringement that fell outside of the Fair Use laws which allow the media to reproduce creative content for the purposes of commentary and criticism. The Internet service provider hosting Photoshop Disasters (Google Blogspot) deleted the post containing the image, while Boing Boing's (Canada's Priority Colo.) did not. In response, Boing Boing editor Cory Doctorow issued a stern warning to Ralph Lauren yesterday on the website, saying that the company's attempt to silence their criticism has only inspired them to step up their efforts in the future: "Copyright law doesn't give you the right to threaten your critics for pointing out the problems with your offerings. You should know better. And every time you threaten to sue us over stuff like this, we will: a) Reproduce the original criticism, making damned sure that all our readers get a good, long look at it, and; b) Publish your spurious legal threat along with copious mockery, so that it becomes highly ranked in search engines where other people you threaten can find it and take heart; and c) Offer nourishing soup and sandwiches to your models." The U.S. isn't the only place where advertisers are feeling the public backlash over retouching claims. Overseas, a recent Olay ad featuring a virtually wrinkle-free 59-year-old Twiggy caused such an uproar in the UK that the British Parliament recently proposed outlawing retouching in advertisements aimed at teenagers. The movement was initiated by the nation's Liberal Democrats, whose leader on the issue, Jo Swinson, said: "Today's unrealistic idea of what is beautiful means that young girls are under more pressure now than they were even five years ago. Airbrushing means that adverts contain completely unattainable images that no one can live up to in real life. We need to help protect children from these pressures and we need to make a start by banning airbrushing in adverts aimed at them. The focus on women's appearance has got out of hand - no one really has perfect skin, perfect hair and a perfect figure, but women and young girls increasingly feel that nothing less than thin and perfect will do." In the U.S., many retouched images featuring celebrities have been the subject of recent scorn, including a L'Oreal ad that lightened Beyonce's skin, an image of Jessica Alba airbrushed to feature a slimmer waist in a Campari ad, and an ad for London Fog featuring Gisele Bunchen in which her "baby bump" was removed. In response to the growing concern over retouching, a website called About-Face, whose stated mission is to arm "women and girls with tools to understand and resist harmful media messages that affect their self- esteem and body image," has sprung up. The site features a "Gallery of Offenders" as well as a "Gallery of Winners" to highlight who the site's editors feel are the advertising industry's best and worst in regards to improving and harming the image of the modern woman. Site visitors can also contribute money to help offset its operating costs as well as expand programs designed to educate young women on beauty and self-image. Another website to garner attention for its dedication to exposing photo retouching offenses is Jezebel.com. Speaking on the subject of retouching, Jezebel editor-in-chief Anna Holmes told Yahoo!, "I don't see any point in retouching anymore ... The cat's out of the bag." She added, "I think Americans in particular are sick of having the wool pulled over their eyes ... even if it's regarding fashion models and actresses. The more they do this sort of retouching -- and then try to justify it, as the editor of SELF magazine recently did -- the less anyone believes anything else they have to say, or show. They are, in a sense, digging their own (shallow) graves." Whether or not Holmes is right about the digging of "shallow graves" remains to be seen, but companies like Ralph Lauren certainly don't appear to be helping their cause by attempting to silence their critics, as doing so has only increased the amount of negative attention to their already controversial ad. From rforno at infowarrior.org Thu Oct 8 18:22:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Oct 2009 13:22:43 -0500 Subject: [Infowarrior] - New DoD Website Fosters Secret Scienc Message-ID: <8F5BACE9-B508-4153-BF3F-EC31565CA619@infowarrior.org> New DoD Website Fosters Secret Science [Oct. 8th, 2009|04:36 pm] fassecrecynews http://www.fas.org/blog/secrecy/2009/10/secret_science.html http://www.fas.org/blog/secrecy/?p=2840 The Pentagon?s Defense Technical Information Center (DTIC) last month announced the creation of a new password-protected portal where authorized users may gain access to restricted scientific and engineering publications. ?DTIC Online Access Controlled? provides a gateway to Department of Defense unclassified, controlled science and technology (S&T) and research and engineering (R&E) information,? according to a September 21, 2009 news release (pdf). ?As defense S&T information advances, so does the unique community to which it belongs,? said DTIC Administrator R. Paul Ryan. The cultivation of controlled but unclassified scientific research by DTIC seems to represent a departure from a longstanding U.S. government position that scientific research should either be classified, if necessary, or else unrestricted. (There have always been exceptions for export controlled information and for proprietary information.) ?It is the policy of this Administration that, to the maximum extent possible, the products of fundamental research remain unrestricted,? wrote President Reagan in the 1985 National Security Decision Directive 189. ?It is also the policy of this Administration that, where the national security requires control, the mechanism for control of information? is classification.? ?The key to maintaining U.S. technological preeminence is to encourage open and collaborative basic research,? wrote then-National Security Advisor Condoleezza Rice in 2001. ?The linkage between the free exchange of ideas and scientific innovation, prosperity, and U.S. national security is undeniable.? In response to a request 5 days ago, DTIC was not able to provide a comment on the matter. From rforno at infowarrior.org Thu Oct 8 18:23:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Oct 2009 13:23:18 -0500 Subject: [Infowarrior] - DoD Suppressed Critique of Military Resea Message-ID: <87DEE59C-974A-4F0C-9502-CE5A62B11675@infowarrior.org> DoD Suppressed Critique of Military Research [Oct. 8th, 2009|04:41 pm] fassecrecynews http://www.fas.org/blog/secrecy/2009/10/dod_suppressed.html http://www.fas.org/blog/secrecy/?p=2842 ?Important aspects of the DOD basic research programs are ?broken?,? according to an assessment performed by the JASON defense science advisory panel earlier this year, and ?throwing more money at the problems will not fix them.? But that rather significant conclusion was deliberately suppressed by Pentagon officials who withheld it from public disclosure when a copy of the JASON report was requested under the Freedom of Information Act. Instead, it was made public this week by Congress in the conference report on the FY 2010 defense authorization act, which quoted excerpts from the May 2009 JASON report, ?Science and Technology for National Security.? ?Basic research funding is not exploited to seed inventions and discoveries that can shape the future,? the JASONs also determined, as quoted in the congressional report (large pdf, in discussion of the act?s section 213). Instead, ?investments tend to be technological expenditures at the margin.? Furthermore, ?the portfolio balance of DOD basic research is generally not critically reviewed by independent, technically knowledgeable individuals,? and ?civilian career paths in the DOD research labs and program management are not competitive to other opportunities in attracting outstanding young scientists and retaining the best people.? These dismal findings, and the large bulk of the unclassified 60 page JASON report, were withheld under the Freedom of Information Act by the Office of Director of Defense Research and Engineering. They constitute ?subjective evaluations, opinions and recommendations which are currently being evaluated as to their impact on the planning and decision-making process,? according to the August 31, 2009 FOIA denial letter (pdf). The few paragraphs of the study that were released (pdf) nevertheless including some interesting observations. Citing a 2008 report in Science magazine, for example, the JASONs noted that ?Peking and Tsinghua Universities have now overtaken Berkeley and Michigan as the largest undergraduate alma maters of PhD recipients in the U.S.? The DoD research laboratories should be abolished, the late Gen. William Odom suggested some years ago. ?Few of them have invented anything of note in several decades, and many of the things they are striving to develop are already available in the commercial sector,? he wrote. ?Sadly, these laboratories not only waste money on their own activities; they also resist the purchase of available technologies from the commercial sector. Because they are generally so far behind the leading edges in some areas, they cause more than duplication; they also induce retardation and sustain obsolescence,? Odom wrote (?America?s Military Revolution,? American University Press, 1993, p. 159). But Don J. DeYoung of the National Defense University argued that the decline of the military laboratories should be reversed, not accepted. ?The loss of in-house scientific and engineering expertise impairs good governance, poses risks to national security, and sustains what President Dwight Eisenhower called ?a disastrous rise of misplaced power?.? See ?Breaking the Yardstick: The Dangers of Market- Based Governance? (pdf), Joint Forces Quarterly, 4th Quarter, 2009. From rforno at infowarrior.org Thu Oct 8 21:20:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Oct 2009 16:20:36 -0500 Subject: [Infowarrior] - RAND: Cyberdeterrence and Cyberwar Message-ID: RAND: Cyberdeterrence and Cyberwar Martin C. LibiCki Monograph @ http://www.rand.org/pubs/monographs/2009/RAND_MG877.pdf From rforno at infowarrior.org Fri Oct 9 22:47:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Oct 2009 17:47:07 -0500 Subject: [Infowarrior] - US IC ugov.gov shutting down Message-ID: <14250FF7-AF97-4171-AF94-B64D4D3556D2@infowarrior.org> Shutdown Of Intelligence Community E-mail Network Sparks E-Rebellion http://politics.theatlantic.com/2009/10/shutdown_of_intelligence_community_e-mail_network_raises_concerns.php The intelligence community's innovative uGov e-mail domain, one of its earliest efforts at cross-agency collaboration, will be shut down because of security concerns, government officials said. The decision, announced internally last Friday to the hundreds of analysts who use the system, drew immediate protests from intelligence agency employees and led to anxiety that other experimental collaborative platforms, like the popular Intellipedia website, are also in the target sights of managers. It follows reports that another popular analytic platform called "Bridge," which allows analysts with security clearances to collaborate with people outside the government who have relevant expertise but no clearances, is being killed, and indications that funding for another capability, the DoDIIS Trusted Workstation, which allows analysts to look at information at a variety of clearance levels -- Secret, Top Secret, Law Enforcement Sensitive-- is being curtailed. uGov, rolled out in 2005, is an open source server designed to allow analysts and intelligence collectors from across the 16 different agencies to collaborate with ease and security. More prosaically, it processes unclassified e-mail for ODNI employees, contains an open- source contact and calendar management system, and allows employees to access less sensitive collaboration platforms from computers outside their offices. UGov has been especially popular among the large tranche of analysts who joined the community after 9/11. The Office of the Director of National Intelligence (ODNI) runs the network. Already, analysts have contributed to a "save uGov" wiki on a community-wide network which, unless you're got access to the secret network, you can't access at this url: https://www.intelink.gov/wiki/Save_uGov . According to several who have seen the site, it includes anecdotes about how uGOV has been essential to performing critical national security tasks. Such a show of force -- a protest petition -- is unprecedented in the annals of the intelligence community. "In order to improve security and enhance collaboration, the decision was made to phase out the "ugov.gov" unclassified web-based email system currently in use by a limited number of Intelligence Community personnel," said Wendy Morigi, the ODNI's spokesperson. "This transition will be executed in an orderly manner that sustains functionality and minimizes the impact on individual users. Access to Intel-link, Intellipedia, and similar services will not be affected. The ODNI remains committed to investing in and providing high-quality enterprise services for the Intelligence Community." An ODNI official said that security concerns prompted the termination decision but would not go into details. uGov and Intellipedia are part of a philosophical approach to intelligence called "Analytic Transformation," which former National Intelligence Director Mike McConnell emphasized as a top priority during his tenure. Recently, Adm. Dennis Blair (ret), the current DNI, appointed former FBI public affairs director John Miller as head of the office's analytic transformation efforts. "Since major new systems are not in procurement the legacy systems are not being turned off," said Bob Gourley, a former chief technology officer at the Defense Intelligence Agency. "That puts the new, innovative, small, agile programs like uGov [and] intellipedia]... at greater risk. In fact, in some cases we are seeing IT departments cancel everything associated with innovation-- which would be a sign of a dying organization in the private sector." A spokesperson said that Blair fully supports analytic transformation. Current intelligence community analysts, and former senior officials say that uGov has proved essential for their jobs. They use their uGov user name and password to edit the Intellipedia, a Wikipedia-like repository created for collaborative analysis that transcends the biases of individual agencies. Recently, a twitter-like service called "Chirp" premiered on the uGOV platform. Users can access the unclassified version of Intellipedia from any computer. ODNI frequently stands up temporary analytical groups that take in analysts from agencies like the Central Intelligence Agency (CIA), the DIA and the National Security Agency (NSA); the uGov domain made it easy to give all of them a common platform. John Hale, the former chief of solutions delivery at ODNI, tweeted on Saturday: "Question has to be asked, if DNI can shut down the ugov.gov service with no alternative, what is the future of Intellipedia?" Lewis Shepherd, a former senior Defense Intelligence Agency official who now works in the private sector, tweeted his agreement. "Decision to kill the uGOV network: [Did] we negotiate a reciprocal takedown by adversaries? Course not: unilateral disarament." An current analyst at a three-letter intelligence agency said his colleagues were "shocked and confused" by the uGov announcement. The implication, here, is that DNI, which manages the analytical product for consumers of intelligence like the president and policy makers, may have soured on these initial, inexpensive collaborative, open-source, efforts and instead deferred to long-time -- and discredited -- intelligence community practice of trying to speak with one voice, and to limit information sharing and gathering under the pretext of operational security. This "need to know" mentality is said to limit the damage that individual ne'erdowells can do; a "need to share" culture, by contrast, may enhance the analytic product but might also heighten the risk of security violations. More sensitively, UGov was also a testbed for collaboration platforms that could one day be migrated to the JWICS network, which the intelligence community and Department of Defense use to share information at the TOP SECRET/SCI level. In 2008, the DNI rolled out a platform for users with TOP SECRET/SCI clearance called "A-Space," and described it publicly as an intelligence community version of Facebook or Myspace. By most accounts, A-Space is a success. A DNI spokesperson said that uGov would be replaced, and that the migration plan will include a process for moving emails and data to the replacement system. The DoDiis work station is especially popular at the Defense Intelligence Agency, and about 20,000 terminals across the intelligence community use the software. The Bridge program was developed by the intelligence community's in-house research shop as a respond to a request from the DNI in 2008. According to its website, Bridge " ... provides a mechanism for companies with interesting technologies to evaluate their technologies in the context of intelligence community mission challenges and for an ability to work in the intelligence community enterprise" as well as a platform for secure public-private collaboration on intelligence matters. "Big enterprises can be good at change and the [intelligence community] has dramatically adjusted over the last decade. But big enterprises sometimes don't see the right path and it can take exogenous input to bring about the positive change," Gourley said. From rforno at infowarrior.org Sat Oct 10 03:05:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Oct 2009 22:05:17 -0500 Subject: [Infowarrior] - A Library to Last Forever Message-ID: October 9, 2009 Op-Ed Contributor A Library to Last Forever By SERGEY BRIN Mountain View, Calif. http://www.nytimes.com/2009/10/09/opinion/09brin.html?pagewanted=print ?THE fundamental reasons why the electric car has not attained the popularity it deserves are (1) The failure of the manufacturers to properly educate the general public regarding the wonderful utility of the electric; (2) The failure of [power companies] to make it easy to own and operate the electric by an adequate distribution of charging and boosting stations. The early electrics of limited speed, range and utility produced popular impressions which still exist.? This quotation would hardly surprise anyone who follows electric vehicles. But it may be surprising to hear that in the year when it was written thousands of electric cars were produced and that year was nearly a century ago. This appeared in a 1916 issue of the journal Electrical World, which I found in Google Books, our searchable repository of millions of books. It may seem strange to look back a hundred years on a topic that is so contemporary, yet I often find that the past has valuable lessons for the future. In this case, I was lucky ? electric vehicles were studied and written about extensively early in the 20th century, and there are many books on the subject from which to choose. Because books published before 1923 are in the public domain, I am able to view them easily. But the vast majority of books ever written are not accessible to anyone except the most tenacious researchers at premier academic libraries. Books written after 1923 quickly disappear into a literary black hole. With rare exceptions, one can buy them only for the small number of years they are in print. After that, they are found only in a vanishing number of libraries and used book stores. As the years pass, contracts get lost and forgotten, authors and publishers disappear, the rights holders become impossible to track down. Inevitably, the few remaining copies of the books are left to deteriorate slowly or are lost to fires, floods and other disasters. While I was at Stanford in 1998, floods damaged or destroyed tens of thousands of books. Unfortunately, such events are not uncommon ? a similar flood happened at Stanford just 20 years prior. You could read about it in The Stanford-Lockheed Meyer Library Flood Report, published in 1980, but this book itself is no longer available. Because books are such an important part of the world?s collective knowledge and cultural heritage, Larry Page, the co-founder of Google, first proposed that we digitize all books a decade ago, when we were a fledgling startup. At the time, it was viewed as so ambitious and challenging a project that we were unable to attract anyone to work on it. But five years later, in 2004, Google Books (then called Google Print) was born, allowing users to search hundreds of thousands of books. Today, they number over 10 million and counting. The next year we were sued by the Authors Guild and the Association of American Publishers over the project. While we have had disagreements, we have a common goal ? to unlock the wisdom held in the enormous number of out-of-print books, while fairly compensating the rights holders. As a result, we were able to work together to devise a settlement that accomplishes our shared vision. While this settlement is a win-win for authors, publishers and Google, the real winners are the readers who will now have access to a greatly expanded world of books. There has been some debate about the settlement, and many groups have offered their opinions, both for and against. I would like to take this opportunity to dispel some myths about the agreement and to share why I am proud of this undertaking. This agreement aims to make millions of out-of-print but in-copyright books available either for a fee or for free with ad support, with the majority of the revenue flowing back to the rights holders, be they authors or publishers. Some have claimed that this agreement is a form of compulsory license because, as in most class action settlements, it applies to all members of the class who do not opt out by a certain date. The reality is that rights holders can at any time set pricing and access rights for their works or withdraw them from Google Books altogether. For those books whose rights holders have not yet come forward, reasonable default pricing and access policies are assumed. This allows access to the many orphan works whose owners have not yet been found and accumulates revenue for the rights holders, giving them an incentive to step forward. Others have questioned the impact of the agreement on competition, or asserted that it would limit consumer choice with respect to out-of- print books. In reality, nothing in this agreement precludes any other company or organization from pursuing their own similar effort. The agreement limits consumer choice in out-of-print books about as much as it limits consumer choice in unicorns. Today, if you want to access a typical out-of-print book, you have only one choice ? fly to one of a handful of leading libraries in the country and hope to find it in the stacks. I wish there were a hundred services with which I could easily look at such a book; it would have saved me a lot of time, and it would have spared Google a tremendous amount of effort. But despite a number of important digitization efforts to date (Google has even helped fund others, including some by the Library of Congress), none have been at a comparable scale, simply because no one else has chosen to invest the requisite resources. At least one such service will have to exist if there are ever to be one hundred. If Google Books is successful, others will follow. And they will have an easier path: this agreement creates a books rights registry that will encourage rights holders to come forward and will provide a convenient way for other projects to obtain permissions. While new projects will not immediately have the same rights to orphan works, the agreement will be a beacon of compromise in case of a similar lawsuit, and it will serve as a precedent for orphan works legislation, which Google has always supported and will continue to support. Last, there have been objections to specific aspects of the Google Books product and the future service as planned under the settlement, including questions about the quality of bibliographic information, our choice of classification system and the details of our privacy policy. These are all valid questions, and being a company that obsesses over the quality of our products, we are working hard to address them ? improving bibliographic information and categorization, and further detailing our privacy policy. And if we don?t get our product right, then others will. But one thing that is sure to halt any such progress is to have no settlement at all. In the Insurance Year Book 1880-1881, which I found on Google Books, Cornelius Walford chronicles the destruction of dozens of libraries and millions of books, in the hope that such a record will ?impress the necessity of something being done? to preserve them. The famous library at Alexandria burned three times, in 48 B.C., A.D. 273 and A.D. 640, as did the Library of Congress, where a fire in 1851 destroyed two-thirds of the collection. I hope such destruction never happens again, but history would suggest otherwise. More important, even if our cultural heritage stays intact in the world?s foremost libraries, it is effectively lost if no one can access it easily. Many companies, libraries and organizations will play a role in saving and making available the works of the 20th century. Together, authors, publishers and Google are taking just one step toward this goal, but it?s an important step. Let?s not miss this opportunity. Sergey Brin is the co-founder and technology president of Google. From rforno at infowarrior.org Mon Oct 12 13:21:06 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Oct 2009 09:21:06 -0400 Subject: [Infowarrior] - RFC: Smart Grid Cyber Security Strategy and Requirements Message-ID: 12 October 2009 DEPARTMENT OF COMMERCE National Institute of Standards and Technology [Docket No. 0909301329-91332-01] Draft NIST Interagency Report (NISTIR) 7628, Smart Grid Cyber Security Strategy and Requirements; Request for Comments AGENCY: National Institute of Standards and Technology (NIST), Department of Commerce. SUMMARY: The National Institute of Standards and Technology (NIST) seeks comments on draft NISTIR 7628, Smart Grid Cyber Security Strategy and Requirements. This initial draft of the document contains the overall security strategy for the Smart Grid. Contents include: Development of vulnerability classes, identification of well- understood security problems that need to be addressed, selection and development of security-relevant use cases, initial privacy impact assessment, identification and analysis of interfaces identified in six functional priority areas, advanced metering infrastructure (AMI) security requirements, and selection of a suite of security documents that will be used as the base for determining and tailoring security requirements. This is the first draft of NISTIR 7628; NIST plans to post a subsequent draft of this report for additional public comments. DATES: Comments must be received on or before December 1, 2009. http://cryptome.org/0001/nist100909.htm From rforno at infowarrior.org Mon Oct 12 13:26:10 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Oct 2009 09:26:10 -0400 Subject: [Infowarrior] - Admin Note: Away Messages Message-ID: <25F27BEC-8F11-4ECD-866D-F389EFD1B495@infowarrior.org> Please note that my repeated away messages and/or those reporting errors/delays in delivering list traffic may result in your being dropped from the list automatically. Ye have been warned. Incidentally, from a security perspective, away messages are a great way to know when someone's out of town and/or who their "close network" is when we're told to contact someone else in your absence. Very useful in advesary targetting for anything, including social engineering attempts. Thanks. -rick From rforno at infowarrior.org Mon Oct 12 14:13:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Oct 2009 10:13:38 -0400 Subject: [Infowarrior] - Why Email No Longer Rules Message-ID: <65C1B46B-7BB7-44E7-B7B9-06C5E27160E4@infowarrior.org> Why Email No Longer Rules? And what that means for the way we communicate By JESSICA E. VASCELLARO http://online.wsj.com/article/SB10001424052970203803904574431151489408372.html Email has had a good run as king of communications. But its reign is over. In its place, a new generation of services is starting to take hold? services like Twitter and Facebook and countless others vying for a piece of the new world. And just as email did more than a decade ago, this shift promises to profoundly rewrite the way we communicate?in ways we can only begin to imagine. We all still use email, of course. But email was better suited to the way we used to use the Internet?logging off and on, checking our messages in bursts. Now, we are always connected, whether we are sitting at a desk or on a mobile phone. The always-on connection, in turn, has created a host of new ways to communicate that are much faster than email, and more fun. Why wait for a response to an email when you get a quicker answer over instant messaging? Thanks to Facebook, some questions can be answered without asking them. You don't need to ask a friend whether she has left work, if she has updated her public "status" on the site telling the world so. Email, stuck in the era of attachments, seems boring compared to services like Google Wave, currently in test phase, which allows users to share photos by dragging and dropping them from a desktop into a Wave, and to enter comments in near real time. Little wonder that while email continues to grow, other types of communication services are growing far faster. In August 2009, 276.9 million people used email across the U.S., several European countries, Australia and Brazil, according to Nielsen Co., up 21% from 229.2 million in August 2008. But the number of users on social-networking and other community sites jumped 31% to 301.5 million people. "The whole idea of this email service isn't really quite as significant anymore when you can have many, many different types of messages and files and when you have this all on the same type of networks," says Alex Bochannek, curator at the Computer History Museum in Mountain View, Calif. So, how will these new tools change the way we communicate? Let's start with the most obvious: They make our interactions that much faster. Into the River Years ago, we were frustrated if it took a few days for a letter to arrive. A couple of years ago, we'd complain about a half-hour delay in getting an email. Today, we gripe about it taking an extra few seconds for a text message to go through. In a few months, we may be complaining that our cellphones aren't automatically able to send messages to friends within a certain distance, letting them know we're nearby. (A number of services already do this.) The Journal Report Read the full Technology report . These new services also make communicating more frequent and informal? more like a blog comment or a throwaway aside, rather than a crafted email sent to one person. No need to spend time writing a long email to your half-dozen closest friends about how your vacation went. Now those friends, if they're interested, can watch it unfold in real time online. Instead of sending a few emails a week to a handful of friends, you can send dozens of messages a day to hundreds of people who know you, or just barely do. Consider Twitter. The service allows users to send 140-character messages to people who have subscribed to see them, called followers. So instead of sending an email to friends announcing that you just got a new job, you can just tweet it for all the people who have chosen to "follow" you to see. You can create links to particular users in messages by entering @ followed by their user name or send private "direct messages" through the system by typing d and the user name. Facebook is part of the trend, too. Users post status updates that show up in their friends' "streams." They can also post links to content and comment on it. No in-box required. Dozens of other companies, from AOL and Yahoo Inc. to start-ups like Yammer Inc., are building products based on the same theme. David Liu, an executive at AOL, calls it replacing the in-box with "a river that continues to flow as you dip into it." But the speed and ease of communication cut both ways. While making communication more frequent, they can also make it less personal and intimate. Communicating is becoming so easy that the recipient knows how little time and thought was required of the sender. Yes, your half- dozen closest friends can read your vacation updates. But so can your 500 other "friends." And if you know all these people are reading your updates, you might say a lot less than you would otherwise. Too Much Information Another obvious downside to the constant stream: It's a constant stream. That can make it harder to determine the importance of various messages. When people can more easily fire off all sorts of messages? from updates about their breakfast to questions about the evening's plans?being able to figure out which messages are truly important, or even which warrant a response, can be difficult. Information overload can lead some people to tune out messages altogether. Such noise makes us even more dependent on technology to help us communicate. Without software to help filter and organize based on factors we deem relevant, we'd drown in the deluge. Enter filtering. In email land, consumers can often get by with a few folders, if that. But in the land of the stream, some sort of more sophisticated filtering is a must. On Facebook, you can choose to see updates only from certain people you add to certain lists. Twitter users have adopted the trend of "tagging" their tweets by topic. So people tweeting about a company may follow their tweet with the # symbol and the company name. A number of software programs filter Tweets by these tags, making it easier to follow a topic. The combination of more public messages and tagging has cool search and discovery implications. In the old days, people shared photos over email. Now, they post them to Flickr and tag them with their location. That means users can, with little effort, search for an area, down to a street corner, and see photos of the place. Tagging also is creating the potential for new social movements. Instead of trying to organize people over email, protesters can tweet their messages, tag them with the topic and have them discovered by others interested in the cause. Iranians used that technique to galvanize public opinion during their election protests earlier this year. It was a powerful example of what can happen when messages get unleashed. Who Are You? Perhaps the biggest change that these email successors bring is more of a public profile for users. In the email world, you are your name followed by a "dot-com." That's it. In the new messaging world, you have a higher profile, packed with data you want to share and possibly some you don't. Such a public profile has its pluses and minuses. It can draw the people communicating closer, allowing them to exchange not only text but also all sorts of personal information, even facial cues. You know a lot about the person you are talking to, even before you've ever exchanged a single word. Take, for example, Facebook. Message someone over the site and, depending on your privacy settings, he may be a click away from your photos and your entire profile, including news articles you have shared and pictures of that party you were at last night. The extra details can help you cut to the chase. If you see that I am in London, you don't need to ask me where I am. They can also make communication feel more personal, restoring some of the intimacy that social-network sites?and email, for that matter?have stripped away. If I have posted to the world that I am in a bad mood, you might try to cheer me up, or at least think twice about bothering me. Email is trying to compete by helping users roll in more signals about themselves. Yahoo and Google Inc. have launched new profile services that connect to mail accounts. That means just by clicking on a contact, one can see whatever information she has chosen to share through her profile, from her hobbies to her high school. But a dump of personal data can also turn off the people you are trying to communicate with. If I really just want to know what time the meeting is, I may not care that you have updated your status message to point people to photos of your kids. Having your identity pegged to communication creates more data to manage and some blurry lines. What's fine for one sort of recipient to know about you may not be acceptable for another. While our growing digital footprints have made it easier for anyone to find personal information about anyone online if they go search for it, new communications tools are marrying that trail of information with the message, making it easier than ever for the recipient to uncover more details. A Question of Time Meanwhile, one more big question remains: Will the new services save time, or eat up even more of it? Many of the companies pitching the services insist they will free up people. Jeff Teper, vice president of Microsoft Corp.'s SharePoint division, which makes software that businesses use to collaborate, says in the past, employees received an email every time the status changed on a project they were working on, which led to hundreds of unnecessary emails a day. Now, thanks to SharePoint and other software that allows companies to direct those updates to flow through centralized sites that employees can check when they need to, those unnecessary emails are out of users' in-boxes. "People were very dependent on email. They overused it," he says. "Now, people can use the right tool for the right task." Perhaps. But there's another way to think about all this. You can argue that because we have more ways to send more messages, we spend more time doing it. That may make us more productive, but it may not. We get lured into wasting time, telling our bosses we are looking into something, instead of just doing it, for example. And we will no doubt waste time communicating stuff that isn't meaningful, maybe at the expense of more meaningful communication. Such as, say, talking to somebody in person. ?Ms. Vascellaro is a staff reporter in The Wall Street Journal's San Francisco bureau. She can be reached at jessica.vascellaro at wsj.com From rforno at infowarrior.org Mon Oct 12 14:32:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Oct 2009 10:32:49 -0400 Subject: [Infowarrior] - 100 years of Big Content fearing technology Message-ID: 100 years of Big Content fearing technology?in its own words For the last hundred years, rightsholders have fretted about everything from the player piano to the VCR to digital TV to Napster. Here are those objections, in Big Content's own words. By Nate Anderson | Last updated October 11, 2009 10:00 PM CT http://arstechnica.com/tech-policy/news/2009/10/100-years-of-big-content-fearing-technologyin-its-own-words.ars From rforno at infowarrior.org Tue Oct 13 14:05:17 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Oct 2009 10:05:17 -0400 Subject: [Infowarrior] - Registry / Registrar: Does Separation matter? Message-ID: <4ACAC5EB-D5F0-4205-8ED8-0A2A510B8F7C@infowarrior.org> (the perennial question we faced 10 years ago still exists....-rick) www.internetnews.com/government/article.php/3843406 Registry / Registrar: Does Separation matter? By Sean Michael Kerner October 12, 2009 At the dawn of the Internet age the domain registry and registrar were one and the same. The registry managed the domain space and also sold domains as a registrar to anyone that wanted one. It's a practice that disappeared in 1998 with the creation of ICANN and the break-up of the integrated Network Solutions Registry/Registrar. While domain registrars and registries have now been separated for a decade, with a new generation of Top Level Domains (TLDs) soon to be approved, integrated registries may soon return. Opponents of the integrated registry registrar argue that they restrict competition, while advocates argue that it will increase competition. "Network Solutions is supportive of the current ICANN requirements for existing TLDs which requires that registrars and registries maintain their legal separation," Jon Nevett, senior vice president of Policy & Ethics for Network Solutions told InternetNews.com. "With respect to new TLDs, Network Solutions has advocated a middle-ground" position between those who argue that registrars may not sell new TLDs of affiliated registries and those who argue that the separation requirement be eliminated altogether." In Network Solutions middle-ground position, registrars would be permitted to sell new TLDs of affiliated registries up to a certain amount of perhaps up to 100,000. Nevett added that once the allocated number of names has been registered, the affiliated registrar would not be able to accept new registrations. "This proposal would generate more competition by allowing smaller registries to get distribution through an affiliated registrar and would maintain certain safeguards," Nevett said. Opponents of the integrated registry/registrar approach include domain infrastructure vendor Afilias. Afilias does the technical management for multiple domains including .org, .info and .mobi. While Afilias could financially benefit from being both the registry and the registrar for a TLD, Brian Cute, VP Discovery Services at Afilias told InternetNews.com, the company is not in favor of such a setup. From Afilias' point of view, enabling a registry to act as a registrar and then sell their own domains is the equivalent of selling direct to the public. The current system doesn't allow for that and enforces a separation between the registry and registrars. An argument against registry/registrar According to Cute, there were solid reasons back in 1998 why ICANN divided up the Network Solutions monopoly and in his view the same reasons exist today. "The registry gets access to a lot of data about domain names, who is looking them up, traffic and other unique and commercially sensitive data that a registrar could use to its advantage," Cute said. "So ICANN originally figured they should prohibit the registry to selling its own TLD because if it did it could discriminate against other registrars and use that data to identify high value domains and raise prices, and that's not the competitive effect that ICANN was looking for." An ICANN spokesperson was not available for comment by press time. For its part, Network Solutions doesn't see the same issues about changing cross ownership rules increasing bad acts by registries. "While that may be a concern, recent history does not prove the concern," Nevett said. "For example, Hostway Corporation operates the .PRO registry and also operates a leading .PRO registrar. Even with these affiliations, there have never been any allegations of domain tasting, front running, or other improper conduct. "Similar situations exist for .CAT, .MUSEUM, .COOP, and .ME. Certainly, if abusive practices were to occur, this would be an issue for ICANN to address from a compliance standpoint." ICANN is currently scheduled to provide an update on its next round of TLDs at its meeting in Seoul, Korea at the end of October. The meeting will be the first major ICANN event since the new Affirmation deal with the US government that has ICANN operating without direct US oversight. For opponents of the integrated registrar registries the meeting will be key to get their point across. At the core, they argue it's about maintaining the checks and balances that have helped the Internet for the last ten years. "What we're saying is that by taking away a long standing policy of separation and allowing a vertically integrated registrar to sell domains, what you are doing is you are removing the checks and balances that have been in place to mitigate and minimize the abuses that already take place," Alexa Raad CEO of the .org registry told InternetNews.com. "Without the checks and balances it will be hard to discern the abuse because you don't have anything to check the data against." From rforno at infowarrior.org Tue Oct 13 18:44:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Oct 2009 14:44:21 -0400 Subject: [Infowarrior] - Fwd: [Dataloss] Has "Data Loss" Jumped The Shark? References: Message-ID: <314B0859-4882-4456-A4F4-C83B6456163D@infowarrior.org> Begin forwarded message: > From: lyger > Date: October 13, 2009 2:00:33 PM EDT > To: dataloss , dataloss-discuss > > Subject: [Dataloss] Has "Data Loss" Jumped The Shark? > > > http://datalossdb.org/incident_highlights/38-has-data-loss-jumped-the-shark > > For those who aren't familiar with it, the phrase "jump the shark" > originates with an episode of the American TV series "Happy Days", > where > one of the primary characters, Fonzie, literally (at least in the > show) > jumps over a shark while on water skis. The episode was designed as a > desperate attempt to draw in viewers since the overall content of > the show > had become rather, well, "bleh". Things were never the same after that > episode, and it was generally concluded that once Fonzie "jumped the > shark", the show really had nowhere else to go but up. > > But it never did. > > About six weeks ago, I reposted a question sent to the Data Loss > mail list > from an earlier post made over two years prior asking the same > question. > To date, the replies we have received can be counted on one hand, > but the > evidence shown at the top of the main DataLossDB page is somewhat > clear: > for the last several months, we (meaning OSF) have received less > reports > and have seen less news about breaches involving personally > identifying > information. One or two people have questioned why, and the answer is > simple: we don't know. We still look for news, we still post what we > find, > but the decrease in events since the beginning of the year... well, we > just don't know. > > [...] > _______________________________________________ > Dataloss Mailing List (dataloss at datalossdb.org) From rforno at infowarrior.org Tue Oct 13 22:18:19 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Oct 2009 18:18:19 -0400 Subject: [Infowarrior] - Bloomberg buys BusinessWeek Message-ID: <3CAA5B11-3D8D-4A63-B6BD-2A68393E23CC@infowarrior.org> Bloomberg Wins Bidding For BusinessWeek Posted by: Tom Lowry on October 13 http://www.businessweek.com/innovate/FineOnMedia/archives/2009/10/bloomberg_wins.html Bloomberg LP, the global financial data and news empire created by New York City Mayor Michael R. Bloomberg, is the winning bidder for BusinessWeek. Terms of the offer will not be disclosed by Bloomberg and BusinessWeek parent McGraw-Hill Cos. But knowledgeable sources say that Bloomberg?s cash offer is in the $2 million to $5 million range and that it has agreed to assume liabilities, including potential severance payments. It remains to be seen how much of the magazine?s 400-plus staff Bloomberg plans to cut, but reports of a planned scorched earth campaign are overblown, say sources. BusinessWeek editor-in-chief Steve Adler told his staff shortly after the deal was announced Tuesday that part of the deal guaranteed that McGraw-Hill benefits would be extended to employees for one year after the deal closes. If the deal closes as anticipated by Dec. 1, it will be unprecedented for both buyer and seller. For Bloomberg, buying BusinessWeek will be its first major acquisition ever and a significant departure for a 28- year-old company nurtured on a ?build, don?t buy? culture. ?The BusinessWeek acquisition will yield huge benefits for users of the Bloomberg terminal, for our television, online and mobile properties,? says Daniel L. Doctoroff, president of Bloomberg LP and a former deputy mayor of New York City appointed by Mayor Bloomberg. ?We couldn?t be more excited?We are not buying BusinessWeek to gut it. We are buying it to build it.? The deal also signals a shift by Bloomberg into more consumer-focused media. ?The reporting and analytical resources of Bloomberg and BusinessWeek are unparalleled in their ability to deliver timely, distinctive and credible content to an influential and highly sought- after audience,? says Bloomberg LP Chairman Peter Grauer. BusinessWeek, launched 80 years ago, will give Bloomberg entr?e to a much larger business audience of corporate executives and senior government officials, beyond what has been its sweet spot of catering to Wall Street and the professional investor community. And by broadening that reach, it will allow Bloomberg to deliver a new breadth of information that will help make its main business ? data terminals ? even more attractive to potential subscribers of those terminals. ?We are uniquely positioned to preserve and build the market presence of BusinessWeek,? says Norman Pearlstine, Bloomberg chief content officer and a former editor-in-chief of Time Inc. and executive editor of The Wall Street Journal. ?Our shared values and complementary resources give us the editorial and technological expertise, data, analysis and depth of reporting to create a new model for the business weekly.? Pearlstine will become chairman of BusinessWeek and serve as liaison between the magazine and the Bloomberg news staffs. A BusinessWeek publisher and editor-in-chief will report to Pearlstine. BusinessWeek, whose logo will eventually incorporate the Bloomberg name in some still-undetermined way, will continue to publish weekly in print and around the clock online. The goal will be to substantially boost the magazine?s editorial pages. It still hasn?t been decided whether Bloomberg and BusinessWeek will maintain separate Web sites or be morphed together as one. The sites combined attract more than 20 million unique visitors monthly and log roughly 100 million page views. Combined revenues of the sites alone are $60 million. What's more, the BusinessWeek brand will be used aggressively to bolster Bloomberg TV, radio and mobile operations. Andy Lack, a former president of NBC News and more recently chairman of Sony BMG Music Entertainment, was recruited last year to oversee those multimedia businesses. For McGraw-Hill, shedding BusinessWeek means parting with one of the most prominent brands in its stable of businesses. The transaction comes at a tumultuous time when much of McGraw-Hill's senior management is focused on the heavy scrutiny of its Standard & Poor?s credit rating unit. The magazine, for generations coveted as a company jewel by the founding McGraw family, first began publishing a month before the stock market crash of 1929. ?I am very proud of the tremendous contributions BusinessWeek has made to The McGraw-Hill Cos. throughout its rich history," says Harold ?Terry? McGraw III, CEO of McGraw Hill. "It is a truly outstanding franchise and the best source of business reporting in the world. We are pleased that we have reached an agreement for BusinessWeek to be acquired by Bloomberg, which shares the same high standards for editorial independence, integrity and excellence that have long defined BusinessWeek." It is not clear how directly involved Mayor Bloomberg was in the sales process. When first elected in 2001, he vowed to maintain an arms- length relationship with his business. But sources say he is briefed on all major decisions at Bloomberg LP. A spokesman for the mayor declined comment and referred all questions about the sale to Bloomberg LP. The mayor is known to be a big a fan of BusinessWeek, as well as Aviation Week, another McGraw Hill publication (Bloomberg is a licensed pilot). Bloomberg, who faces a re-election bid for a third term on Nov. 3, is a friend of McGraw?s, leaving one to wonder how often over the years they discussed potential deals between their respective companies. The two own houses not far from each other in Bermuda. McGraw-Hill approached Bloomberg about buying the magazine as early as February, according to sources, but Bloomberg passed. Even after formal presentations were made to numerous interested parties, Bloomberg re- emerged as a surprise contender. Started in 1981, the privately held Bloomberg continues to derive nearly all of its $6.3 billion in annual revenues from leasing data terminals to major investment firms. Subscribers rent the terminals for $1,500 a month and up. The company has 280,000 terminal leases across the globe. Since Bloomberg created a news service in 1990, under the tutelage of Wall Street Journal alumnus Matthew Winkler, it has continued to hire journalists, despite economic downturns, including most recently high profile editors and reporters from The Wall Street Journal and Time Inc. It now employs about 2,200 journalists globally at a news service, magazine, radio and TV stations. Bloomberg Markets magazine will continue to publish as its own stand-alone publication, say sources. BusinessWeek will present Bloomberg with the rare challenge of having to integrate an outside operation. The company?s only other acquisition was in 1987 when it acquired a three-person operation in Princeton, N.J. called Sinkers, which published arcane bond data. BusinessWeek staff will be moved across town and into Bloomberg?s Manhattan headquarters by May 1. Officials from Bloomberg will begin meeting with the BusinessWeek staff in the coming weeks. (Bloomberg was advised by investment bank The Quadrangle Group. The sale was conducted for McGraw-Hill by Evercore Partners. The code name for the deal was Opera.) Even though BusinessWeek has posted losses for several years, McGraw- Hill continued to invest in the magazine, including new redesigns and most recently by betting heavily on a social networking venture called the Business Exchange. McGraw-Hill has invested more than $20 million into the site over the past two years, but BX has fallen far short of revenue and online traffic goals. At the same time, BusinessWeek was particularly hard hit by the Great Recession. Its losses this year are projected to be in excess of $40 million (a figure that includes certain overhead costs like rent). Revenues for this year are expected to be about $130 million. At its peak in 2000, BusinessWeek had a record 6,000 ad pages and operating profits of $100 million. Some analysts at the time valued the magazine at $1 billion. As recently as this spring, BusinessWeek management presented the parent company plans to reduce costs drastically, including large staff reductions. But CEO McGraw and his board of directors made the decision to put the magazine up for sale instead. McGraw?s mantra to his investors has been that he wants businesses with ?consistent, sustainable, earnings growth.? In the end, he clearly didn?t think BusinessWeek?s problems could reverse themselves as part of the parent, prompting a difficult decision for the CEO since he and other family members loved the cachet of owning BusinessWeek. Some analysts, however, have projected that by shedding the losses from BusinessWeek, McGraw-Hill could add as much as a dime to its earnings per share in 2010. The sale of BusinessWeek also raises questions as to how committed McGraw-Hill will remain to the media business. In addition to BusinessWeek and several trade publications, the company owns four local TV stations affiliated with ABC and five Spanish-language channels. If those businesses are divested, the remaining major businesses will be S&P and textbook publishing. How long before the Street may wonder why these two businesses need to be together? (This blog post was edited by senior editor Robin Ajello) TrackBack URL for this entry: http://blogs.businessweek.com/mt/mt-tb.cgi/15785.1361614132 From rforno at infowarrior.org Wed Oct 14 11:53:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Oct 2009 07:53:59 -0400 Subject: [Infowarrior] - Court denies USG motion to withold telco records again Message-ID: <026AF256-A353-49D4-BD54-71443BDB69B2@infowarrior.org> Federal Court Denies Government Attempt to Delay Release of Telecom Records. Again. News Update by Kurt Opsahl http://www.eff.org/deeplinks/2009/10/federal-court-denies-goverment-attempt-delay-relea Today a federal district court denied the government's latest emergency motion asking for a 30-day stay in last Friday's deadline to release records relating to telecom lobbying over last year's debate over immunity for corporate participation in government spying. The new deadline is October 16, at 4 p.m. Pacific time. We sought the records pursuant to the Freedom of Information Act. On September 24, Judge Jeffrey White had ordered the Director of National Intelligence and Department of Justice to turn over many of the records we requested by Friday, October 9, 2009. Last week, the agencies asked him to postpone his order while the government decided whether or not to appeal, which EFF opposed. Judge White denied the motion. On October 8, the day before the documents were due, the DOJ and ODNI filed an emergency motion asking the Court of Appeals for a 30-day stay while the agencies continue to contemplate an appeal. Around noon on October 9, the Ninth Circuit denied their emergency motion, telling the government it had to file for a motion for a stay pending appeal in the district court first. Later that afternoon, the government filed again in the federal district court, but once again did not seek a stay pending an actual appeal. Instead, for the third time, the government insisted it could delay the release of telecom lobbying records while it considered the pros and cons of appealing. Briefing was complete by noon today, and Judge White denied the third attempt at delay this afternoon. Judge White also noted that, even if the government had actually appealed, "in order to obviate the need for the parties to appear once again before this Court before seeking the same redress on appeal, the Court has addressed the pertinent factors it would analyze in denying a motion to stay this action pending appeal," and found the "equities weigh in favor of denial of a stay." In particular, the Court noted the "current administration?s pointed directive on transparency in government, and the public?s renewed interest in the question of legal immunity for the telecommunications companies that participated in the warrantless wiretapping program while considering currently pending legislation repealing the amendments to FISA, the Court finds that the public interest lies in favor of disclosure." From rforno at infowarrior.org Wed Oct 14 12:38:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Oct 2009 08:38:41 -0400 Subject: [Infowarrior] - Google: Show Me the Malware! Message-ID: (Nifty and community-centric 'offering' here, eh? --rf) Show Me the Malware! Monday, October 12, 2009 3:53 PM written by Lucas Ballard on behalf of the Anti-Malware, Anti-Malvertising, and Webmaster Tools teams http://googleonlinesecurity.blogspot.com/2009/10/show-me-malware.html As part of Cyber Security Awareness Month, we're highlighting cyber security tips and features to help ensure you're taking the necessary steps to protect your computer, website, and personal information. For general cyber security tips, check out our online security educational series or visit http://www.staysafeonline.org/. To learn more about malware detection and site cleanup, visit the Webmaster Tools Help Center and Forum. To help protect users against malware threats, Google has built automated scanners that detect malware on websites we've indexed. Pages that are identified as dangerous by these scanners are accompanied by warnings in Google search results, and browsers such as Google Chrome, Firefox, and Safari also use our data to show similar warnings to people attempting to visit suspicious sites. While it is important to protect users, we also know that most of these sites are not intentionally distributing malware. We understand the frustration of webmasters whose sites have been compromised without their knowledge and who discover that their site has been flagged. We proactively offer help to these webmasters: we send email to site administrators when we encounter suspicious content, we provide a list of infected pages in Webmaster Tools, and we maintain a service that allows webmasters to notify us when they have cleaned their sites. Read more about this process in the previous post on this blog. We're happy to announce that we've launched a feature that enables Google to provide even more detailed help to webmasters. Webmaster Tools now provides webmasters with samples of the malicious code that Google's automated scanners detected on their sites. These samples ? which typically take the form of injected HTML tags, JavaScript, or embedded Flash files ? are available in the "Malware details" Labs feature in Webmaster Tools. Registered webmasters (registration is free) of infected sites do not need to specially enable the feature ? they will find links to it on the Webmaster Tools dashboard. Webmasters will see a list of their pages that we found to be involved in malware distribution and samples of the malicious content that Google's scanners encountered on each infected page. In certain situations we can identify the underlying cause of the malicious code, and we'll provide these details when possible. We hope that the additional information will assist webmasters and help prevent their visitors from being exposed to malware. Malware details for your site Malware details for a particular page While we're excited to offer this feature, we caution webmasters to use the tool only as a starting point in their site clean-up process. Google's scanners may not be able to provide malware samples in all cases, and the malware samples may not be a complete list of all the malware on the page. More importantly, we advise against simply removing the examples that are displayed in Webmaster Tools. If the underlying vulnerability is not identified and patched, it is likely that the site will be compromised again. In addition to helping the webmasters of sites with malware warnings, this new detail is also designed to promote the general health of the web. In some cases, our automatic scanners find questionable content on a site but do not have enough data to add it to the malware list. The new "Malware details" feature will highlight these instances to webmasters early on to help them identify and address security vulnerabilities more quickly. We hope you never have cause to use this feature, but if you do, it should help you quickly purge malware from your site and help protect its visitors. We plan to improve our algorithms in the upcoming months to provide even greater coverage, more accurate vulnerability identification, and faster delivery to webmasters. From rforno at infowarrior.org Wed Oct 14 19:24:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Oct 2009 15:24:35 -0400 Subject: [Infowarrior] - I love stupid criminals.... Message-ID: <931465AF-10C9-42B0-A3D5-C8E0DCBAB464@infowarrior.org> ....nominee for Criminal Darwin Award, anyone??? ---rf Fraud fugitive in Facebook trap Maxi Sopo said he was born to party in his Facebook status updates A man on the run, wanted for fraud by US authorities, inadvertently revealed where he was hiding through a series of extravagant Facebook updates. Cameroon-born Maxi Sopo's messages made it clear he was living the high life in the Mexican resort of Cancun. He also added a former US justice department official to his friend list who ended up helping to track him down. < - > http://news.bbc.co.uk/2/hi/americas/8306032.stm From rforno at infowarrior.org Thu Oct 15 12:57:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Oct 2009 08:57:05 -0400 Subject: [Infowarrior] - Bamford: Who's in Big Brother's Database? Message-ID: <1C2E3727-5B4C-4EF7-95A8-BD94DD211514@infowarrior.org> http://www.nybooks.com/articles/23231 Volume 56, Number 17 ? November 5, 2009 Who's in Big Brother's Database? By James Bamford The Secret Sentry: The Untold History of the National Security Agency by Matthew M. Aid Bloomsbury, 423 pp., $30.00 On a remote edge of Utah's dry and arid high desert, where temperatures often zoom past 100 degrees, hard-hatted construction workers with top-secret clearances are preparing to build what may become America's equivalent of Jorge Luis Borges's "Library of Babel," a place where the collection of information is both infinite and at the same time monstrous, where the entire world's knowledge is stored, but not a single word is understood. At a million square feet, the mammoth $2 billion structure will be one-third larger than the US Capitol and will use the same amount of energy as every house in Salt Lake City combined. Unlike Borges's "labyrinth of letters," this library expects few visitors. It's being built by the ultra-secret National Security Agency ?which is primarily responsible for "signals intelligence," the collection and analysis of various forms of communication?to house trillions of phone calls, e-mail messages, and data trails: Web searches, parking receipts, bookstore visits, and other digital "pocket litter." Lacking adequate space and power at its city-sized Fort Meade, Maryland, headquarters, the NSA is also completing work on another data archive, this one in San Antonio, Texas, which will be nearly the size of the Alamodome. Just how much information will be stored in these windowless cybertemples? A clue comes from a recent report prepared by the MITRE Corporation, a Pentagon think tank. "As the sensors associated with the various surveillance missions improve," says the report, referring to a variety of technical collection methods, "the data volumes are increasing with a projection that sensor data volume could potentially increase to the level of Yottabytes (1024 Bytes) by 2015."[1] Roughly equal to about a septillion (1,000,000,000,000,000,000,000,000) pages of text, numbers beyond Yottabytes haven't yet been named. Once vacuumed up and stored in these near-infinite "libraries," the data are then analyzed by powerful infoweapons, supercomputers running complex algorithmic programs, to determine who among us may be?or may one day become?a terrorist. In the NSA's world of automated surveillance on steroids, every bit has a history and every keystroke tells a story. In the near decade since September 11, the tectonic plates beneath the American intelligence community have undergone a seismic shift, knocking the director of the CIA from the top of the organizational chart and replacing him with the new director of national intelligence, a desk-bound espiocrat with a large staff but little else. Not only surviving the earthquake but emerging as the most powerful chief the spy world has ever known was the director of the NSA. He is in charge of an organization three times the size of the CIA and empowered in 2008 by Congress to spy on Americans to an unprecedented degree, despite public criticism of the Bush administration's use of the agency to conduct warrantless domestic surveillance as part of the "war on terror." The legislation also largely freed him of the nettlesome Foreign Intelligence Surveillance Court (FISA). And in another significant move, he was recently named to head the new Cyber Command, which also places him in charge of the nation's growing force of cyber warriors. Wasting no time, the agency has launched a building boom, doubling the size of its headquarters, expanding its listening posts, and constructing enormous data factories. One clue to the possible purpose of the highly secret megacenters comes from the agency's British partner, Government Communications Headquarters. Last year, the British government proposed the creation of an enormous government-run central database to store details on every phone call, e-mail, and Internet search made in the United Kingdom. Click a "send" key or push an "answer" button and the details of the communication end up, perhaps forever, in the government's data warehouse to be scrutinized and analyzed. But when the plans were released by the UK government, there was an immediate outcry from both the press and the public, leading to the scrapping of the "big brother database," as it was called. In its place, however, the government came up with a new plan. Instead of one vast, centralized database, the telecom companies and Internet service providers would be required to maintain records of all details about people's phone, e-mail, and Web-browsing habits for a year and to permit the government access to them when asked. That has led again to public anger and to a protest by the London Internet Exchange, which represents more than 330 telecommunications firms. "We view...the volume of data the government now proposes [we] should collect and retain will be unprecedented, as is the overall level of intrusion into the privacy of citizenry," the group said in August.[2] Unlike the British government, which, to its great credit, allowed public debate on the idea of a central data bank, the NSA obtained the full cooperation of much of the American telecom industry in utmost secrecy after September 11. For example, the agency built secret rooms in AT&T's major switching facilities where duplicate copies of all data are diverted, screened for key names and words by computers, and then transmitted on to the agency for analysis. Thus, these new centers in Utah, Texas, and possibly elsewhere will likely become the centralized repositories for the data intercepted by the NSA in America's version of the "big brother database" rejected by the British. Matthew M. Aid has been after the NSA's secrets for a very long time. As a sergeant and Russian linguist in the NSA's Air Force branch, he was arrested and convicted in a court-martial, thrown into prison, and slapped with a bad conduct discharge for impersonating an officer and making off with a stash of NSA documents stamped Top Secret Codeword. He now prefers to obtain the NSA's secrets legally, through the front door of the National Archives. The result is The Secret Sentry: The Untold History of the National Security Agency , a footnote-heavy history told largely through declassified but heavily redacted NSA reports that have been slowly trickling out of the agency over the years. They are most informative in the World War II period but quickly taper off in substance during the cold war. Aid begins his study on the eve of Pearl Harbor, a time when the entire American cryptologic force could fit into a small, half-empty community theater. But by war's end, it would take a football stadium to seat the 37,000 military and civilian "crippies." On August 14, 1945, as the ink dried on Japan's instruments of surrender, the linguists and codebreakers manning the thirty-seven key listening posts around the world were reading more than three hundred diplomatic code and cipher systems belonging to sixty countries. "The American signals intelligence empire stood at the zenith of its power and prestige," notes Aid. But within days, the cryptanalysts put away their well-sharpened pencils and the intercept operators hung up their earphones. By the end of December 1945, America's crypto world had shrunk to 7,500 men and women. Despite the drastic layoffs, the small cadre of US and British codebreakers excelled against the new "main enemy," as Russia became known. The joint US-British effort deciphered tens of thousands of Russian army and navy messages during the mid-to-late 1940s. But on October 29, 1948, as President Truman was about to deliver a campaign speech in New York, the party was over. In what became known within the crypto world as "Black Friday," the Russian government and military flipped a switch and instantly converted to new, virtually unbreakable encryption systems and from vulnerable radio signals to buried cables. In the war between spies and machines, the spies won. The Soviets had managed to recruit William Weisband, a forty-year-old Russian linguist working for the US Army, who informed them of key cryptologic weaknesses the Americans were successfully exploiting. It was a blow from which the codebreakers would never recover. NSA historians called it "perhaps the most significant intelligence loss in US history." In the 1970s, when some modest gains were made in penetrating the Russian systems, history would repeat itself and another American turncoat, this time Ronald Pelton, would again give away the US secrets. Since then, it has largely been a codemaker's market not only with regard to high-level Russian ciphers, but also those of other key countries, such as China and North Korea. On the other hand, the NSA has made significant progress against less cryptologically sophisticated countries and, from them, gained insight into plans and intentions of countries about which the US has greater concerns. Thus, when a Chinese diplomat at the United Nations discusses some new African venture with a colleague from Sudan, the eavesdroppers at the NSA may be deaf to the Chinese communications links but they may be able to get that same information by exploiting weaknesses in Sudan's communications and cipher systems when the diplomat reports the meeting to Khartoum. But even third-world cryptography can be daunting. During the entire war in Vietnam, writes Aid, the agency was never able to break the high-level encryption systems of either the North Vietnamese or the Vietcong. It is a revelation that leads him to conclude "that everything we thought we knew about the role of NSA in the Vietnam War needs to be reconsidered." Because the book is structured chronologically, it is somewhat difficult to decipher the agency's overall record. But one sees troubling trends. One weakness that seems to recur is that the agency, set up in the wake of World War II to prevent another surprise attack, is itself frequently surprised by attacks and other serious threats. In the 1950s, as over 100,000 heavily armed North Korean troops surged across the 38th parallel into South Korea, the codebreakers were among the last to know. "The North Korean target was ignored," says a declassified NSA report quoted by Aid. "North Korea got lost in the shuffle and nobody told us that they were interested in what was going on north of the 38th parallel," exclaimed one intelligence officer. At the time, astonishingly, the Armed Forces Security Agency (AFSA), the NSA's predecessor, didn't even have a Korean-language dictionary. Unfortunately for General Douglas MacArthur, the codebreakers were able to read the communications of Spain's ambassador to Tokyo and other diplomats, who noted that in their discussions with the general, he made clear his secret hope for all-out war with China and Russia, including the use of nuclear weapons if necessary. In a rare instance of secret NSA intercepts playing a major part in US politics, once the messages were shown to President Truman, MacArthur's career abruptly ended. Another major surprise came in the 1960s when the Soviet Union was able to move large numbers of personnel, large amounts of equipment, and many ballistic missiles to Cuba without the NSA hearing a peep. Still unable to break into the high-level Soviet cipher systems, the agency was unaware that the 51st Rocket Division had packed up and was encamped in Cuba. Nor did it detect the move of five complete medium- range and intermediate-range missile regiments from their Russian bases to Cuba. And it had no knowledge that Russian ballistic missiles were on Cuban soil, being positioned in launchers. "Soviet communications security was almost perfect," according to an NSA historian. The first clues that something unusual was happening had come in mid- July 1962, when NSA analysts noticed record numbers of Soviet cargo and passenger ships heading for Cuba. Analysis of their unencrypted shipping manifests led the NSA to suspect that the ships were delivering weapons. But the nuclear-armed ballistic missiles were not detected until mid-October, a month after their arrival, and not by the NSA; it was the CIA, acting on information from its sources in Cuba and Florida, that ordered the U-2 reconnaisance flight that photographed them at launch sites on the island. "The crisis," Aid concludes, "was in fact anything but an intelligence success story." This is a view shared by the agency itself in a candid internal history, which noted that the harrowing events "marked the most significant failure of SIGINT [signals intelligence] to warn national leaders since World War II." More recently, the NSA was unaware of India's impending nuclear test in 1998, the 1993 attack on the World Trade Center, the attack on the USS Cole in 2000, and the 1998 bombing of two of America's East African embassies. The agency first learned of the September 11 attacks on $300 television sets tuned to CNN, not its billion-dollar eavesdropping satellites tuned to al-Qaeda. Then there is the pattern by which the NSA was actually right about a warning, but those in power chose to ignore it. During the Korean War, the AFSA picked up numerous indications from low-level unencrypted Chinese intercepts that the Chinese were shifting hundreds of thousands of combat troops to Manchuria by rail, an obvious signal that China might enter the war. But those in charge of Army intelligence simply refused to believe it; it didn't fit in with their plans. Then, by reading the dispatches between India's well-connected ambassador to Beijing and his Foreign Office, it became clear that China would intervene if UN forces crossed the 38th parallel into North Korea. But again, says Aid, the warning "was either discounted or ignored completely by policymakers in Washington," and as the UN troops began crossing the divide, Chinese troops crossed the Yalu River into North Korea. Even when intercepts indicated that the Chinese were well entrenched in the North, officials in Washington and Seoul remained in a state of disbelief, until both South Korean and US forces there were attacked by the Chinese forces. The pattern was repeated in Vietnam when NSA reporting warned on January 25, 1968, that a major coordinated attack would occur "in the near future in several areas of South Vietnam." But neither the White House, the CIA, nor General William Westmoreland at US military headquarters in Saigon believed it, until over 100,000 North Vietnamese and Vietcong troops launched their Tet offensive in the South five days later on January 30. "The [NSA] reports failed to shake the commands in Washington and Saigon from their perception," says an NSA history. Tragically, Aid notes, at the end of the war, all of the heroic Vietnamese cryptologic personnel who greatly helped the NSA were left behind. "Many," the NSA report reveals, "undoubtedly perished." It added, "Their story is yet untold." Then again in 1973, as in Korea and Vietnam, the NSA warned that Egypt and Syria were planning "a major offensive" against Israel. But, as Aid quotes an official NSA history, the CIA refused to believe that an attack was imminent "because [they thought] the Arabs wouldn't be 'stupid enough' to attack Israel." They were, they did, and they won. Everything seemed to go right for the NSA during the Soviet invasion of Afghanistan, which the agency had accurately forecast. "NSA predicted on December 22 [1979], three full days before the first Soviet troops crossed the Soviet?Afghan border, that the Russians would invade Afghanistan within the next seventy-two hours," writes Aid, adding, "Afghanistan may have been the 'high water mark' for NSA." The agency also recorded the words of the Russian fighter pilot and his ground controllers as he shot down Korean Airlines Flight 007 in 1983. Although the agency knew that the Russians had accidently mistaken the plane for a potentially hostile US military aircraft, the Reagan administration nevertheless deliberately spun the intercepts to make it seem that the fighter pilot knew all along that it was a passenger jet, infuriating NSA officials. "The White House's selective release of the most salacious of the NSA material concerning the shootdown set off a firestorm of criticism inside NSA," writes Aid. It was not the first time, nor would it be the last, that the NSA's product was used for political purposes. The most troubling pattern, however, is that the NSA, through gross incompetence, bad intelligence, or deliberate deception through the selective release of information, has helped to push the US into tragic wars. A prime example took place in 1964 when the Johnson administration claimed that two US Navy destroyers in the Gulf of Tonkin, one on an eavesdropping mission for the NSA, were twice attacked by North Vietnamese torpedo boats. Those attacks were then used to justify the escalation of American involvement in the Vietnam War. But Aid cites a top-secret NSA analysis of the incident, completed in 2000, which concluded that the second attack, the one used to justify the war, never took place. Instead, NSA officials deliberately withheld 90 percent of the intelligence on the attacks and told the White House only what it wanted to hear. According to the analysis, only intelligence "that supported the claim that the communists had attacked the two destroyers was given to administration officials." Not having learned its lesson, in the lead-up to the war in Iraq the NSA again told the administration only what it wanted to hear, despite the clearly ambiguous nature of the evidence. For years beforehand, the agency's coverage of Iraq was disastrous. In the late 1990s, the Iraqis began shifting much of their high-level military communications from radio to buried fiber optic networks, and at the same time, Saddam Hussein banned the use of cell phones. That left only occasional low-level troop communications. According to a later review, Aid writes, NSA had "virtually no useful signals intelligence on a target that was one of the United States' top intelligence priorities." And the little intelligence it did have pointed away from Iraq possessing weapons of mass destruction. "We looked long and hard for any signs," said one retired NSA official. "We just never found a 'smoking gun' that Saddam was trying to build nukes or anything else." That, however, did not prevent the NSA director, Lieutenant Gen. Michael V. Hayden, from stamping his approval on the CIA's 2002 National Intelligence Estimate arguing that Iraq's WMDs posed a grave danger, which helped prepare the way for the devastating war. While much of the terrain Aid covers has been explored before, the most original areas in The Secret Sentry deal with the ground wars in Afghanistan and Iraq, where the NSA was forced to marry, largely unsuccessfully, its super-high-tech strategic capabilities in space with its tactical forces on the ground. Before the September 11 attacks, the agency's coverage of Afghanistan was even worse than that of Iraq. At the start of the war, the NSA's principal listening post for the region did not have a single linguist proficient in Pashto or Dari, Afghanistan's two principal languages. Agency recruiters descended on Fremont, California, home of the country's largest population of Afghan expatriates, to build up a cadre of translators? only to have most candidates rejected by the agency's overparanoid security experts. On the plus side, because of the collapse of the Taliban regime's rudimentary communications system, its leaders were forced to communicate only by satellite phones, which were very susceptible to NSA monitoring. Other NSA tactical teams, Aid explains, collaborated on the ground with Special Forces units, including in the mountains of Tora Bora. But it was a new type of war, one the NSA was not prepared for, and both Osama bin Laden and Taliban leader Mullah Omar easily slipped through its electronic net. Eight years later, despite billions of dollars spent by the agency and dozens of tapes released by bin Laden, the NSA is no closer to capturing him or Mullah Omar than it was at Tora Bora in 2001. Disappointingly, the weakest section of the book, mostly summaries of old news clips, deals with what may be the most important subject: the NSA's warrantless eavesdropping and its targeting of American communications. There is no discussion, for example, of the agency's huge data-mining centers, mentioned above, currently being built in Utah and Texas, or to what extent the agency, which has long been confined to foreign and international communications, is now engaged in domestic eavesdropping. It is a key question and we have no precise answer. By installing its intercept rooms in such locations as AT&T's main switching station in downtown San Francisco, the agency has physical access to domestic as well as international communications. Thus it is possible that the agency scans all the e-mail of both and it may also eavesdrop on the telephone calls of both for targets on its ever-growing watch lists. According to a recent Justice Department report, "As of December 31, 2008, the consolidated terrorist watchlist contained more than 1.1 million known or suspected terrorist identities."[3] Aid's history becomes thin as it gets closer to the present day and the archival documents dwindle, especially since he has no substantial first-person, on-the-record interviews. Beyond a brief mention, he also leaves other important aspects of the NSA's history unaddressed, including the tumultuous years in the mid-1970s when it was investigated by the Senate's Church Committee for decades of illegal spying; Trailblazer, the nearly decade-long failure to modernize the agency; and the NSA's increasingly important role in cyberwarfare and its implications in future wars. Where does all this leave us? Aid concludes that the biggest problem facing the agency is not the fact that it's drowning in untranslated, indecipherable, and mostly unusable data, problems that the troubled new modernization plan, Turbulence, is supposed to eventually fix. "These problems may, in fact, be the tip of the iceberg," he writes. Instead, what the agency needs most, Aid says, is more power. But the type of power to which he is referring is the kind that comes from electrical substations, not statutes. "As strange as it may sound," he writes, "one of the most urgent problems facing NSA is a severe shortage of electrical power." With supercomputers measured by the acre and estimated $70 million annual electricity bills for its headquarters, the agency has begun browning out, which is the reason for locating its new data centers in Utah and Texas. And as it pleads for more money to construct newer and bigger power generators, Aid notes, Congress is balking. The issue is critical because at the NSA, electrical power is political power. In its top-secret world, the coin of the realm is the kilowatt. More electrical power ensures bigger data centers. Bigger data centers, in turn, generate a need for more access to phone calls and e-mail and, conversely, less privacy. The more data that comes in, the more reports flow out. And the more reports that flow out, the more political power for the agency. Rather than give the NSA more money for more power?electrical and political?some have instead suggested just pulling the plug. "NSA can point to things they have obtained that have been useful," Aid quotes former senior State Department official Herbert Levin, a longtime customer of the agency, "but whether they're worth the billions that are spent, is a genuine question in my mind." Based on the NSA's history of often being on the wrong end of a surprise and a tendency to mistakenly get the country into, rather than out of, wars, it seems to have a rather disastrous cost-benefit ratio. Were it a corporation, it would likely have gone belly-up years ago. The September 11 attacks are a case in point. For more than a year and a half the NSA was eavesdropping on two of the lead hijackers, knowing they had been sent by bin Laden, while they were in the US preparing for the attacks. The terrorists even chose as their command center a motel in Laurel, Maryland, almost within eyesight of the director's office. Yet the agency never once sought an easy-to- obtain FISA warrant to pinpoint their locations, or even informed the CIA or FBI of their presence. But pulling the plug, or even allowing the lights to dim, seems unlikely given President Obama's hawkish policies in Afghanistan. However, if the war there turns out to be the train wreck many predict, then Obama may decide to take a much closer look at the spy world's most lavish spender. It is a prospect that has some in the Library of Babel very nervous. "It was a great ride while it lasted," said one. Notes [1] The MITRE Corporation, "Data Analysis Challenges" (December 2008), p. 13. [2] David Leppard, "Internet Firms Resist Ministers' Plan to Spy on Every E-mail," The Sunday Times , August 2, 2009. [3] "The Federal Bureau of Investigation's Terrorist Watchlist Nomination Practices," US Department of Justice, Office of the Inspector General, Audit Division, Audit Report 09-25, May 2009. From rforno at infowarrior.org Thu Oct 15 14:12:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Oct 2009 10:12:59 -0400 Subject: [Infowarrior] - In a Generation That Friends and Tweets, They Don't Message-ID: In a Generation That Friends and Tweets, They Don't By Ian Shapira Washington Post Staff Writer Thursday, October 15, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/10/14/AR2009101403961_pf.html Tomek Kott is so stubborn about not joining his friends -- in truth, nearly his entire generation -- on any social networking site that his wife launched a mini-crusade against him. Exploiting a tactic surely befitting our times, she whipped up a Facebook group last year called "Tomek Kott Must Join Facebook." So far, it hasn't worked. Her husband, a 25-year-old physics graduate student who considers social networking a time-wasting cesspool of pseudo-communication, remains blithely unconnected. "I am old-school in the personal touch way," said Tomek Kott, who lives in Silver Spring and has outsourced many of his digital communication duties to his wife, Anne. "All my friends from high school have also met my wife, and they're friends with her; my wife 'friended' them or whatever it's called." Kott and others like him are social networking refuseniks: people in their 20s or early 30s who have gone off the grid, eschewing the ecology of Facebook, Twitter, MySpace and the like. In Washington, refuseniks are not exactly operating in isolated, Luddite worlds: One is in a dance company, another is a rapper/hip-hop singer, another is a Georgetown undergraduate. Kott grew up in Redmond, Wash., where his father is a software engineer for Microsoft. All of them, given their ages, qualify as exotic life forms. The vast majority of their peers in the millennial generation are social networking pros: About 85 percent of all Internet users 18 to 34 visited Facebook, MySpace or Twitter in August, according to ComScore, a Reston-based Internet data research company. And about 84 percent of 18- to 29-year-olds check social networking sites at least once a week, according to a May study by the Pew Research Center for the People and the Press. In the DCypher Dance company, friends of Natasha Hawkins, 28, consider her digital abstinence a nuisance. They labor to send e-mails to share photographs, reexplain personal news that has been publicized on a Facebook news feed and wonder whether she knows about upcoming auditions or performances of other companies. "Maybe I should pressure her to get on it," said Vikki Weinberger, 27, a fellow DCypher dancer who's been hesitant to do so because she doubts Hawkins will budge. "She's a very strong person in her morals and beliefs." Hawkins, who eons ago joined and later left the social networking site BlackPlanet, views such realms as potential for drama and rumor. She believes in forging bonds the old way and preserving a tight circle of quality relationships. "I have close friends -- and I know how to reach them," she said. "People create arguments, actual arguments or disagreements as a result of Facebook. I am like, 'Really? It's a computer network?' We need to stop." She knows not everyone approves of her boycott. "I probably have 20 e- mail requests to join Facebook, and I have not accepted," Hawkins, a risk analyst for the federal government, said with a half-chuckle. "My friends hate me." Social networking holdouts can be ironclad about their beliefs. Kiran Gandhi, a junior at Georgetown University, has one lone laggard friend who refuses to join to protect her privacy. "When someone tells you that they don't have Facebook, it's untouchable. It's a sign of disrespect to try to convince them" to join, Ghandi said. Gandhi's friend, a senior in Georgetown's foreign service school, agreed to be interviewed but only on the condition that her name be withheld. (She's serious about her privacy.) "I don't feel the need to go to the most trendy party because everyone found it on Facebook," she said. "Not having Facebook allows me to focus on things I really care about." On a broad level, there might be differences between those who tweet or issue status updates and those who don't. Pew researchers point to a new but very small study they conducted to show that resisters and adopters 18 to 29 have demographic differences: Social networkers are more likely to have an annual income of $75,000 or more, and nonusers are more likely to have only a high school education. Yet even as the refuseniks assert a lofty stance on privacy and cling to precious -- perhaps enviable -- face-to-face communication, they inevitably rely on friends or relatives who are members of the very sites they protest. Anne Kott said she is happily married to the man she met at Bucknell University, where she first joined Facebook. However, she cannot help but feel as though she is in his employ. "I am his Facebook secretary," she complained. "His friends will send me a Facebook message, 'Do you have Tomek's number?' And, 'What's Tomek doing?' He occasionally looks over my shoulder to see what photos are up, but he has never shown interest in starting his own account." Ricardo Thomas, 23, who works at a photo restoration shop in Prince George's County, didn't go to college and is the only person he knows not on Facebook. His hip-hop band has pages on YouTube and MySpace, but he rarely checks them and doesn't have a personal site anywhere because he hates typing and computers. He leans on his friends to keep him up to speed, even about the doings of his ex-girlfriend. "Last week, I was over at a friend's house, and he showed me a picture on Facebook of a girl I used to" date, Thomas said. And? "I didn't know she had a kid!" he said. His friend "showed me her pictures, and I started looking at her status -- she was single." "I told my friend to write her a message for me, saying, 'Ricardo is right here and he said hi,' " Thomas recounted. "But Facebook is funny because they've got this thing called a 'wall,' and she deals with a lot of guys on the site. She says she's single, but I know she's dating." His lack of membership on Facebook has other disadvantages. Sometimes Thomas doesn't find out about parties being touted on the site until the last minute. Last week he almost missed a gathering at Johana's nightclub in Petworth. "We knew about this on Monday!" said bandmate Nicholas Hewitt, 20, who goes by Booka Wildboy Hewitt on Facebook, standing outside the club Thursday night. "Yeah, you really bring me all the Facebook stuff to my attention," Thomas said sheepishly. "I know eventually I'm going to have to do it. It will make stuff much smoother." It might be just a matter of time for Thomas and his ilk. Technological innovations -- from hybrid corn in the first half of the 20th century to cellphones in the latter part -- can take years for most to adopt. But social networking sites are seducing laggards at supersonic speeds. Although MySpace's monthly traffic dropped to about 64 million unique monthly U.S. visitors in August, Facebook's has soared to 92 million, and Twitter's has exploded to more than 20 million -- up from 1 million last year. In the past year, the fastest-growing age group on Twitter is the demographic that initially rejected it: those 12 to 24, according to ComScore. Facebook, which just announced that it has 300 million members, might never win over Tomek Kott. His wife realizes that. The "Tomek Kott Must Join Facebook" page, which has 19 members (including this reporter), does allay some of Anne's frustration. On the group's message board, a Baltimore friend wrote supportive words to the beleaguered wife: "This is awesome. Well done Anne. Take it to that weird tall guy." And although Anne was kind enough to make the group's page accessible by invitation only, she couldn't resist having a bit more fun at her husband's expense. "I loaded," she said, laughing, "a somewhat ridiculous photo of him." From rforno at infowarrior.org Thu Oct 15 19:47:55 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Oct 2009 15:47:55 -0400 Subject: [Infowarrior] - More 'PATRIOT' Act nuttiness Message-ID: <5B54B8B2-A4B4-4406-A43E-D2A7885C6274@infowarrior.org> http://www.politico.com/click/stories/0910/bass_disrupts_flight.html David Bass ? the Washington P.R. executive charged with a federal felony for alleged drunken behavior on a flight into Washington Reagan National Airport ? says he was ?out of it? on allergy medication and did nothing more than demand a glass of wine. ?They refused to serve me wine because they said I appeared drunk,? Bass told POLITICO Thursday morning as news that he?d been charged under the U.S. Patriot Act rolled through Washington. Bass said he wasn?t drunk on the flight, but rather had been taking Benadryl for an allergic reaction. ?I didn?t see any reason why I couldn?t get a glass of wine,? he said. ?I was extremely sleep deprived. I have a bad history of traveling south.? ?The last thing I would ever be is a threat to anyone on a plane,? Bass said. Police met Bass?s flight when it landed at Reagan. In a sworn affidavit filed in the U.S. District Court for the Eastern District of Virginia, FBI Agent David Wiegand said that Bass had appeared drunk and abusive on the flight, demanding alcohol and refusing flight attendants? orders to sit down. According to Wiegand, a flight attended ?stated that Bass refused to obey the instructions issued by the flight attendants and ?disrupted everyone? in as much as he entered the aircraft's galley several times and crawled over the person seated next to him in order to access the overhead storage compartments and the aircraft's lavatory. [The flight attendant] said that Bass?s behavior was so disruptive that [she] moved the passenger seated next to Bass to a different seat.? Among other things, the affidavit stated that Bass made ?mean faces? at flight attendants. ?I don?t know what a ?mean face? is,? Bass told POLITICO. ?I make mean faces to my five-year-old all the time.? Bass was questioned at the airport and subsequently charged with a provision of the Patriot Act that equates interfering with flight crews with a terrorist act ? a felony punishable by as much as 20 years in federal prison. Bass appeared in court Tuesday and was allowed to remain free pending further proceedings. His next court date is Oct. 27. In a telephone interview with POLITICO, Bass said he had been in Honduras on a business trip and hadn?t slept for three days before boarding a Continental Airlines flight from Houston to Washington on Friday. ?I was groggy . . . have you ever been sleep-deprived? It makes you kind of wacky,? Bass said. While the FBI agent?s affidavit said that Bass had assumed an ?aggressive posture? with police at the airport, Bass said the incident was not confrontational at all. ?The officers were actually very nice. I had been joking a little bit, talking to them,? he said. ?It didn?t seem like reality to me.? Bass said he offered to take a blood-alcohol test when he got off the plane, but he said officers declined. In a statement attached to the FBI agent?s affidavit, one of the flight attendants said that Bass ?stared at me the whole flight . . . didn?t listen to anyone and argued everything and appeared unsteady on his feet, upsetting everyone in first class, including me.? Another flight attendant said the crew agreed that Bass should not be served alcohol on the flight. ?I told Mr. Bass to take his seat as he was interrupting the [flight attendants] from their duties by [repeatedly] getting up, standing in the aisle . . . asking for drinks, staring at [the other flight attendant], making mean faces. Even on landing, he was staring at her. I could see she was intimidated by his stares.? Bass, whose criminal case was first reported in the Washington Examiner, appears frequently as a political commentator on television and recently founded Raptor Strategies, a public relations firm with energy, media and insurance clients. The firm?s slogan: ?New Times Demand New Strategies.? ?My clients know me better than this,? Bass said. ?[My friends] would probably say ?Bass was joking a little more than he should have been.?? Bass provided some consulting services for POLITICO?s parent company, Allbritton Communications, during the publication?s start-up phase. From rforno at infowarrior.org Thu Oct 15 23:16:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Oct 2009 19:16:30 -0400 Subject: [Infowarrior] - Court rules ASCAP can't seek ringtone royalties Message-ID: <486F904B-D100-4CED-853A-45EF3C07A6FC@infowarrior.org> Court rules ASCAP can't seek ringtone royalties updated 03:45 pm EDT, Thu October 15, 2009 Ringtones not considered performances http://www.electronista.com/articles/09/10/15/ringtones.not.considered.performances/ A Southern District of New York federal court yesterday ruled (PDF) that ringtones don't constitute performances and so are exempt from separate royalties. The decision by Judge Denise Cote rejects beliefs by royalty group ASCAP that the carrier is responsible for royalties for any ringtone played in public and grants the complainant Verizon a summary judgment that the only valid royalty is the original for the music file itself. Judge Cote concludes in the ruling that the only role of a cellular service like Verizon is to transfer the file to the phone and that it can't be held responsible for where and when the ringtone is played. Customers for the ringtones are also exempt as they never profit from playing their ringtones in public. The finding potentially sets the groundwork for a reversal of $5 million in payments Verizon has made to ASCAP to temporarily resolve their dispute and also sets a legal precedent that may thwart attempts by ASCAP to collect royalties on song samples under similar conditions. ASCAP has tried to significantly expand its reach in recent months by contending that any digital audio playback in public constitutes a performance. Critics, including representatives for Apple and other music store operators, have accused the association of 'double dipping' by trying to collect royalties twice on every song; they have also challenged that ASCAP is trying to compensate for a perceived shift away from broadcasts and concerts towards personal listening at home and in MP3 players. From rforno at infowarrior.org Fri Oct 16 11:55:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Oct 2009 07:55:38 -0400 Subject: [Infowarrior] - Ozzie clubs get it right on music Message-ID: <7DDFCAD9-D3A6-40F3-BE26-626BE1056D90@infowarrior.org> Australian Clubs Looking To Play Independent Music To Avoid Insane New Royalties from the send-them-some-indie-music dept We've been discussing how collections societies around the globe have been making a mad dash to get governments to tax more things or to simply massively expand existing collection taxes on music. One stunning example we gave was how the Phonographic Performance Company of Australia (PPCA) was pushing to increase fees by ridiculous amounts (in one example from $125/year to $19,344). Apparently, part of the setup is that clubs and restaurants have to pay a much higher per patron fee, and the number of patrons is based not on the actual number of patrons -- but on capacity. PPCA and others like them continue to insist that all of the value in a restaurant or club comes from the music, and thus those places should pay these extortionate rates, even if actual human beings don't come to fill up the place (so much for the music actually bringing in the crowds). But it looks like at least some clubs in Australia are pushing back. Sambo points us to the news that many are trying to build support for a protest effort where these clubs will only play independent music and avoid all music licensed to the PPCA. Of course, in the US, we've seen ASCAP and BMI tell clubs that do similar things that it doesn't matter -- since they might accidentally play their music. Still, it looks like these kinds of moves, that often would bankrupt these clubs and restaurants, are having an unintended consequence of helping to promote non-PPCA music. So, if you're a musician and you want to get heard in Australia, try licensing your songs under a Creative Commons license or something and highlight that anyone can play the music without having to pay a ridiculous PPCA tax. http://techdirt.com/articles/20091013/0205396505.shtml From rforno at infowarrior.org Fri Oct 16 13:18:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Oct 2009 09:18:57 -0400 Subject: [Infowarrior] - OT OpEd: Goldman Sachs Is Robbing Us Blind Message-ID: <0ACF766E-8A7A-4A5D-98B3-9B57063C2CF4@infowarrior.org> (Note: Good op-ed by Ratigan, who used to anchor CNBC 'Fast Money' before quitting and moving over to MSNBC as a daytime anchor/pundit. I think he also switched to decaf as well. --rf) Goldman Sachs Is Robbing Us Blind Dylan Ratigan| Oct. 15, 2009, 5:22 PM In a world where real competition, modern technology and lack of special government standing means most American businesses have no choice but to adapt and innovate -- Wall Streets wimps only apparent skill is rigging the game. In fact, on Wall Street there have always been only two basic ways to make money. The first and most difficult: Be a great investor -- to the best investors go the profits, rewarding those who are best at picking winning businesses for America and punishing those who fail through the loss of their money. The second, and seemingly preferred method, exploit those who know less than you -- and take their money, even if you have to change the laws to do so. Now, this second business was much easier to pull off prior to the internet and 24-hour exchanges etc. as technology is the enemy of any business that makes its living overcharging customers who don't know better or are given no other choice. So bankers, facing an onslaught of web-driven transparency and reduced profitability during the last decade along with an increasingly educated customer-base became anxious to change the laws in 2000 and are even more anxious to protect those changes now. While things like stock and bond trading became a very low margin business because of modern information -- the legalization in 2000 of a secretive market for crooked insurance with no transparency or accountability has been an absolute boon. They called it credit derivatives -- where banks and insurers offer to effectively "insure" financial assets. For instance, they were used to insure much of the real estate and pension liabilities in America the past 10 years. To make money, the banks exploit two loopholes. The first -- overcharge customers by depriving them of the type of competitive pricing only possible on an exchange like the New York Stock Exchange or Chicago Mercantile Exchange. And the second, exploit the lack of transparency to hide the fact that you are keeping little or no money to pay claims while selling insurance and collecting fees on every house and pension payment in America. The key to success here is that when there is a default or claim against that so-called credit insurance -- the banks keep all the past payment -- and the taxpayer under threat of collapse pays off the claims while getting nothing in return. This quite simply, is a brilliant way to steal our money. Now this method of "business" is only possible if the government continues to allow these crooked insurance contracts to be written in secret, allows them to hold little or no money in reserve for payment and allows them to sell enough coverage on enough vital national assets that if there is a default -- the taxpayer has no choice but to pay. Needless to say, J.P. Morgan & Co. has never had more revenue and the Goldman Sachs bonus pool has never been bigger. Considering the $23.7 trillion of taxpayer money being used to support these Corporate Communists one would hope they could at least make a few billion in profits with it. In context, making a few billion risking a few trillion is a rather pathetic return after all. As we talked about last week - allowing these outdated banks to take control of our government and change the rules so they are protected from the natural competition and reward systems that have created so many innovations in our country, you not only steal from the citizens on behalf of the least worthy but you also doom them by trapping the capital that would have been used to generate new innovation and, most tangibly in our current situation, jobs. We don't want a government commandeered by those in our banking system who have failed and been passed over by technological advancements, innovation and flat out smarts. The government's job is to restore the rules of investment, not indulge those who want to unfairly sustain their wealth and power at our nation's expense. What we want, is a Wall Street that would attract men and women who would seek to be the next Warren Buffett, or great venture capitalist. Men and women competing to analyze the countless ideas of our best and brightest - investing in those who will best be able to bring their innovations to America and the world. To tell your congressman, go to dylan.msnbc.com and heed the call. ... there's a previous comment as well located @ http://www.huffingtonpost.com/dylan-ratigan/turn-goldman-anger-into-g_b_321730.html From rforno at infowarrior.org Fri Oct 16 16:34:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Oct 2009 12:34:53 -0400 Subject: [Infowarrior] - EU signs up new cyber-security boss Message-ID: <3B9016B6-8873-4737-A4CA-ACD87D1B77AB@infowarrior.org> EU signs up new cyber-security boss Udo Helmbrecht wants more co-operation between States and businesses By Ian Williams Friday, 16 October 2009, 15:49 http://www.theinquirer.net/inquirer/news/1558893/eu-signs-cyber-security-boss THE EUROPEAN UNION has appointed Dr Udo Helmbrecht as the executive director of the European Network and Information Security Agency (ENISA). Helmbrecht was born in Germany in 1955 and since 2003 has been president of the Federal Office for Information Security in Bonn. "I am very pleased, privileged and humbled to have gained the Management Board's trust to become the Executive Director of ENISA. I proudly and readily assume this position, working for Europe," he said. Helmbrecht wants to help the EU cyber-security outfit work more closely with other related European institutions and Member States to enhance electronic security throughout the region. He also wants to ensure that ENISA lives beyond its current 2012 'sunset clause' by creating a permanent mandate for the organisation. "The clear and permanent mandate is necessary to manage the increasing, fundamental role of security for economic and financial matters; for business and consumers alike," he said. "Ultimately, the economy of Europe is at stake if we do not manage security matters properly and adequately. At the same time, we should promote the benefits of security to the citizens, so they gain trust in the advantages of information and communication technology to safely enjoy life in cyber space." Helmbrecht did not go into any specific details around hot topics such as electronic border surveillance and monitoring or cyber-warfare, but he called for "more cooperation and dialogue with all security stakeholders." He concluded by stressing that ENISA should be a trusted, independent body able to dispense "expert advice in security matters" and a key part of the European Parliament's security decision making process. "The Agency's advice should have a lasting impact on the laws and regulation of the Commission and the Member States," he said. From rforno at infowarrior.org Fri Oct 16 16:36:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Oct 2009 12:36:16 -0400 Subject: [Infowarrior] - BSA Dirty Tricks Update Message-ID: <94D7BC8C-998E-479E-B034-FA6E189C382C@infowarrior.org> This story appeared on Network World at http://www.networkworld.com/columnists/2009/091014-gaskin.html Business Software Alliance Dirty Tricks Update The ?Bully? Software Alliance still abusing small businesses By James E. Gaskin , Network World , 10/14/2009 As this column winds down (my last one will by 10/28), I've been thinking about the most important issues I've covered over the past years. I rate the Business Software Alliance and its use of extortion tactics based on tips from disgruntled employees at the top of the despicable list. Dangling a cash reward of up to one million dollars encourages a lot of story telling. It makes me mad every time I hear about another small company bludgeoned by these bullies. Let's be clear that I'm not excusing people in companies small and large who willfully copy software illegally. I'm not giving a pass to pirates pumping out thousands of copies of pirated software that looks legit down to the smallest detail. Those people deserve to be punished. I'm concerned about how the BSA bullies small companies that lose paperwork, or are victimized by angry employees who destroy the single piece of evidence the BSA considers acceptable. What evidence is that? Want to guess? If you guess wrong, you pay a fine. Is the original software packaging enough? Pay a fine. The Certificate of Authenticity on the computer? Pay a fine. The original disks holding the software? Pay a fine. When I spoke to the BSA director several years ago, I asked her what she considers proof of legal software. She told me to ask the software vendors. So I asked the Microsoft person in charge of compliance. She told me to ask the BSA. Can you spell Catch-22? What is proof, according to Rob Scott, attorney, of Scott and Scott LLP in Dallas: ?A proof of purchase for the software, usually a packing slip or completed invoice from the seller. The name on the invoice must match exactly the name of the company being audited to be acceptable.? Do you have your proof of purchase documents? Packing slips? If not, when the BSA comes knocking in the guise of your local Microsoft reseller offering a free software audit, you could be putting your business in danger of serious fines. Besides disgruntled former employees, the rat of choice by the BSA is your Microsoft reseller. The Microsoft SAM (Software Asset Management) program pays resellers to do ?free? audits of customer software. When finished, the audit results go back to Microsoft. They didn't tell you that, did they? If you don't read the tiny fine print pages and pages deep in the agreement, you'll never know until the BSA and Microsoft come knocking on your door. When your Microsoft reseller offers this free audit, bar the door quickly. According to Scott, Microsoft remains the largest supporter of the BSA, but the company is much more likely to negotiate than sue. AutoDesk, another BSA member company, loves to file suit in federal courts leveraging the DMCA (Digital Millennium Copyright Act) to make things more expensive for the small companies attacked by the BSA. No court cases have gone completely through trial to judgement, so there is no case law to guide targeted businesses. Why no finished court cases? Imagine you watch a poker tournament, and see one player with six chips facing a player with 4,000 chips. Who will win? That's the way the deck is stacked against small businesses when the BSA comes calling. Adobe, another BSA founding member, has started a program to audit companies for font abuse. Yes, fonts. Each font includes a copyright and you need a license. If someone sends you a Word document with a licensed font, and that font gets used by anyone in your company, it becomes a federal case. Literally. One of the BSA tricks Scott really hates is its unbundling tactic. Say you have a copy of Microsoft Office you can't prove is yours. Perhaps the shipping clerk stole the invoice as he left your company to call the BSA and get a reward (it happens all the time). The BSA comes, and charges you not for one piece of software, Office, but individually for each application within Office, like Word, Excel, PowerPoint, etc. Each one brings a fine for illegal use. The BSA trick I hate the most is its demands to prove software you purchased with hardware is legally yours. How many times do you order desktops or laptops with a few applications, like Office? Most companies do that as a matter of course. But if the hardware vendor doesn't list each piece of software separately on the invoice and packing slip, you're no longer legal. It doesn't matter what the Web site or sales brochure says, it only matters what the proof of purchase says. If your laptop's proof of purchase doesn't specifically list every piece of software, get ready to bend over for the BSA. Ever asked someone to buy software for the company, then expense it? If the sales receipt lists the person rather than the company, the BSA claims software piracy. Pay the fine. More warnings from Scott: ?The BSA is up to their same old dirty tricks, and continue to represent primarily Microsoft. They're the only group that does significant Microsoft matters. Companies from ten to five hundred employees using Microsoft software are significantly at risk for a BSA audit. Any IT turnover or layoffs create a greater chance of audit. Layoffs and mergers create more people looking for reward money.? Want to hear a clip from an Australian news radio story that includes a direct appeal to unhappy employees to turn in their company? Listen here. Notice the poor Australian rats only get offered a $5,000 reward. The news team called Rob Scott for comment, because he's done over 130 BSA cases for his clients already. Watch a video clip of mine called ?Beware the BSA? here. Go right now to your software license drawer and verify you have what you need to survive an audit. Make copies of all those invoices and packing slips. If you buy software from a big vendor, sign up for their license compliance program. Don't let a Microsoft reseller give you a ?free? audit for any reason, ever. Software theft and piracy? Bad. Bullying small companies that don't understand all the rules, lose their paperwork, or have proof stolen by a reward-hungry disgruntled employee? Worse. All contents copyright 1995-2009 Network World, Inc. http://www.networkworld.com From rforno at infowarrior.org Fri Oct 16 18:22:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Oct 2009 14:22:51 -0400 Subject: [Infowarrior] - ACTA treaty can't be shown to public, Message-ID: <5F343E81-8645-41B2-8013-7009E6120E7C@infowarrior.org> Secret ACTA treaty can't be shown to public, just 42 lawyers As the secret Anti-Counterfeiting Trade Agreement rolls forward, it's clear that some kind of Internet "enforcement" will end up in the text; but what kind? Thirty-eight corporate lawyers and 4 public interest lawyers are the only ones with a say. By Nate Anderson | Last updated October 15, http://arstechnica.com/tech-policy/news/2009/10/these-42-people-are-shaping-us-internet-enforcement-policy.ars Turns out that the Anti-Counterfeiting Trade Agreement (ACTA) will include a section on Internet "enforcement procedures" after all. And how many people have had input on these procedures? Forty-two. ACTA has worried outside observers for some time by threatening to delve into issues not normally covered by "trade agreements." Topping the list are concerns about ACTA's possible use as a Trojan horse to shove tough Internet controls onto countries like the US at the behest of Big Content. It's been hard to tell exactly what ACTA will include, though, because the process has taken place in such secrecy and even when information has been released, the section relating to the Internet has been empty. But the secrecy wasn't total. Knowledge Ecology International (KEI) found out in September that the US Trade Representative's office had actually been secretly canvassing opinions on the Internet section of the agreement from 42 people, all of whom had signed a nondisclosure agreement before being shown the ACTA draft text. After filing a Freedom of Information Act request (the names of the 42 people were considered a matter of "national security" and were not released voluntarily), KEI yesterday revealed the list of people who have had access to the ACTA Internet provisions. Here are the first 32 names, all of them people outside of USTR: ? Emery Simon, Business Software Alliance (BSA) ? Jesse Feder, Business Software Alliance (BSA) ? Bill Patry, Google ? Daphne Keller, Google ? Johanna Shelton, Google ? Lisa Pearlman, Wilmer Hale ? Robert Novick, Wilmer Hale ? Bob Kruger, Consultant to eBay ? Brian Bieron, eBay ? Hillary Brill, eBay ? Sarah Deutch, Verizon ? David Weller, Wilmer Hale ? Steve Metalitz, International Intellectual Property Alliance (IIPA), Mitchell Silberberg & Knupp LLP ? Veronica O'Connell, Consumer Electronics Association (CEA) ? Jim Burger, Dow Lohnes, Counsel to Intel ? Jonathan Band, Jonathan Band PLLC ? Gigi Sohn, Public Knowledge ? Rashmi Rangnath, Public Knowledge ? Sherwin Siy, Public Knowledge ? Maritza Castro, Dell ? Jeff Lawrence, Intel ? Mathew Schruers, CCIA ? David Sohn, Center for Democracy and Technology (CDT) ? Michael Petricone, Consumer Electronics Association (CEA) ? Ryan Triplette, Intel ? Janet O'Callaghan, News Corporation ? Chris Israel, PCT Government Relations ? Alicia Smith, Sony Pictures Entertainment ? Cameron Gilreath, Time Warner ? Seth Greensten, Constantine Cannon LLP, for Consumer Electronics Association (CEA) ? Daniel Dougherty, eBay ? David Fares, News Corporation A further 10 people who have seen the draft are regular members of USTR advisory boards: ? Anissa S. Whitten, Motion Picture Association of America, Inc. ? Eric Smith, International Intellectual Property Alliance ? Neil I. Turkewitz, Recording Industry Association of America ? Sandra M. Aistars, Time Warner Inc. ? Steven D. Mitchell, Entertainment Software Association ? Thomas J. Thomson, Coalition for Intellectual Property Rights ? Timothy P. Trainer, Zippo Manufacturing Company ? Jacquelynn Ruff, Verizon Communications Inc. ? John P. Goyer, US Coalition of Service Industries ? Mark F. Bohannon, Software and Information Industry Association It's a motley collection. While the continued secrecy of the process remains troubling, the list actually represents a wide swath of views. Big Content is well-represented; if stakeholders like the RIAA and MPAA don't appear often on the first list, that's only because they have a permanent connection with USTR and regularly get to advise the agency on crafting its trade policies. But many of those on the top list don't support much in the way of Internet "enforcement" of IP law, not if that includes items like filtering or graduated response. Bill Patry, for instance, is Google's top copyright lawyer and has just written an entire book lambasting the content industries in no uncertain terms for their utter lack of innovation. Michael Petricone of CEA regularly appears at conferences opposing many content owner ideas, and Jonathan Band is a DC lawyer who regularly represents library associations in copyright proceedings. Public Knowledge and CDT both received invites, and lawyers for Dell, Intel, and eBay are generally not excited about content-owner-protection proposals. On the other hand, copyright's eminence grise, Steven Metalitz, is also on the list; Metalitz was last seen in these pages telling the Copyright Office that consumers have no right to be upset after buying DRMed music from a store that goes out of business and takes its DRM servers offline. According to Jamie Love of KEI, however, the whole thing smacks of corporatism. Sure, the corporations may be on different sides of the issue, but is the public actually being well-represented here? "We were told that everyone who needed to see the documents has seen them," he writes. "Outside of Public Knowledge and CDT, everyone who received the documents was representing a large corporate entity." ACTA negotiations resume in early November in Seoul, South Korea, where (in its own words) "USTR will be pressing for provisions that strengthen the ability of governments to deal with the serious issue of Internet piracy." From rforno at infowarrior.org Fri Oct 16 20:16:15 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Oct 2009 16:16:15 -0400 Subject: [Infowarrior] - DARPA, Microsoft, Lockheed team up to reinvent TCP/IP Message-ID: <0653E79D-0B23-4DCC-8D32-8D8C15A80C10@infowarrior.org> http://www.theregister.co.uk/2009/10/16/darpa_microsoft_reinvent_internet/ DARPA, Microsoft, Lockheed team up to reinvent TCP/IP 'This time it will actually be for the military, promise' By Lewis Page ? Get more from this author Posted in Data Networking, 16th October 2009 12:26 GMT Free whitepaper ? Deploying high-density zones in a low-density data center Arms globocorp Lockheed Martin announced today that it has won a $31m contract from the famous Pentagon crazy-ideas bureau, DARPA, to reinvent the internet and make it more suitable for military use. Microsoft will also be involved in the effort. The main thrust of the effort will be to develop a new Military Network Protocol, which will differ from old hat such as TCP/IP in that it will offer "improved security, dynamic bandwidth allocation, and policy-based prioritization levels at the individual and unit level". "New network threats and attacks require revolutionary protection concepts," said Lockheed cyber-arsenal chieftain John Mengucci. "Through this project, as well as our cyber Mission Maker initiatives, we are working to enhance cyber security and ensure that warfighters* can fight on despite cyber attacks." Lockheed will be partnered with Anagran, Juniper Networks, LGS Innovations, Stanford University and - of course - Microsoft in developing the MNP. Apart from that, Lockheed's own Information Systems & Global Services-Defense tentacle will work on amazing new hardware. According to the firm: Lockheed Martin's team will develop router technologies that include strong authentication and self configuration capabilities to improve security, reduce the need for trained network personnel and lower overall life cycle costs for network management. The original Arpanet, which turned into the TCP/IP internet we all know and love, was developed for DARPA's predecessor. It was at least nominally intended for military use, though in reality it took off first in academia. There is some mild irony in the sight of DARPA deciding to more or less repeat the process all over again at this late date. ? * Perhaps one might speak of "warfs" for short. From rforno at infowarrior.org Sat Oct 17 15:05:52 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Oct 2009 11:05:52 -0400 Subject: [Infowarrior] - Jeff Moss on cybersecurity, government's role Message-ID: <921573B2-1501-4951-91B3-0607A9E9998E@infowarrior.org> Q&A: Defcon's Jeff Moss on cybersecurity, government's role by Elinor Mills http://news.cnet.com/8301-27080_3-10376447-245.html As a hacker and organizer of Defcon, at event at which computer security vulnerabilities and exploits are routinely unveiled, Jeff Moss seemed an unusual choice when he was named to the Homeland Security Advisory Council in June. But his background and lack of government experience brings a fresh, outsider's perspective to a public sector plagued by a fast-changing threat landscape, perpetual turf wars, and bureaucratic inertia. With National Cyber Security Awareness Month under way, CNET News discussed with Moss his new role, his thoughts on the national ID card debate, and how the government wants to use social media sites for public emergency alerts. This edited interview is the first of two parts. Part two will run on Monday. Q: So, how's it going on the Homeland Security Advisory Council? Moss: It's going pretty well, it's pretty exciting actually. Recently we did a recommendation, I'm sure you read about it, the homeland security color codes. There are the five color codes. Normally the country is on like yellow or orange. I think we've only been to red once. But we've never been to the two lowest, blue and green. So the system was up for review. It turns out that the color codes work really well for industry and government. They have procedures in place. They do things automatically when the color codes are changed. It is actually successful for them but for the third group that uses them, civilians, it actually doesn't work well at all. Right. We don't understand it. We're like, what does it mean? Is it real? Moss: How does it give us any actionable information? How should we change our behavior based on it? That's what came out of the report was that it's very hard for civilians to do anything with it and it causes confusion, and it's the No. 1 source of ridicule. The system needs to stay because it's valuable for the other two groups, but it needs to change was the conclusion of the report. So they had a couple of recommendations and one was to just get rid of the two lowest colors because honestly we've never been at them; make the new normal orange. Three levels is probably more realistic than having five. The U.K. doesn't have five either, I think they have three. The other big thing was if something is happening in New York, you don't need to raise it for the whole country, so make them more applicable for a geographic location. Localize it more. And then some other recommendations I thought were reasonable were make it a default where the level is automatically lowered if nothing affirmative happens. So the onus is on the officials to constantly justify why it needs to stay at a higher level. They had some other really common- sensical recommendations. You should tell people without revealing any sensitive security information or sources why did it get raised? Why did it get lowered? Is the threat over or is this an ongoing threat that we just now think is less important? What if you could have a feed coming from DHS and other government agencies, say, to Twitter or Facebook or MySpace or whatever? ... End users would know it's still the official word, it hasn't been modified or changed. They want make it all much more transparent to the public. So if they say we intercepted these people trying to board a plane with these liquids so we're going to go got a higher level around airports...something like that, instead of a blanket generalization that's applied to the whole country without explaining when the threat goes away or is mitigated. I know some members of Congress agreed with the report and it was generally really well received. Now the Advisory Council, we all unanimously agreed with it, and now it's off to the secretary (of Homeland Security). I was expecting a lot more bureaucrat-ese but that report I couldn't find anything to nitpick with because it make a lot of sense. Two (reports) before that we were dealing with the Real ID versus Pass ID debate. (The Bush administration was) trying to create basically a national identity card and when that didn't happen they created this Real ID standard that would cause all the states to have standardized features on their driver's licenses. That's different from an enhanced driver's license which is used in place of your passport when crossing into Canada or Mexico. You need biometrics (and to) verify the information through approved two other sources. It's an attempt by the feds to make sure information getting into the DMVs is actually valid and there's a paper trail there and the information from one state can be easily shared with another state. It seemed fairly reasonable. But then you started looking at some of the provisions and it turns into another one of these giant unfunded mandates from the feds. A lot of the civil libertarians got up in arms over it and I'm not really pleased either. States started to rebel. The DHS was saying if you don't have one of these driver's licenses that is approved you're not going to be able to fly. So these governors got together and came up with an alternative plan called Pass ID. It removed it from being a state unfunded mandate, reduced the database requirements, reduced some of the ID requirements, made it much more feasible and reasonable, phased in on not such an immediate time table, didn't seem to have Big Brother issues. DHS is not going to want to go to war with these states. I think there's a realization you have to come to some compromise and Pass ID seems like a good compromise, but now you've got to convince Congress. Have you done much with cybersecurity? Moss: It is cybersecurity month, you know. One thing I wanted to point out, there's this realization that they want to enhance the alerting system and embrace the Web 2.0 technologies. It goes back to this theme I keep hearing from people there that they need to fully engage in the cyber area with distributing information. They want to be more transparent and they want to communicate information faster to broader audiences in different ways. The hangup seems to be, what are the best ways to do it? Let's say there's another (Hurricane) Katrina, a huge weather alert or a terrorist attack and you want to get the information out to everybody. Right now the only way to do that is to activate the whole emergency broadcast system or the emergency action system and have everybody's radio tell you, which they didn't even use during the World Trade Center attacks. Why not? Moss: I don't know. I was so frustrated. I have one of those emergency weather radios because we get a lot of storms (in Seattle) and my radio is constantly going off telling me about specific storms. It doesn't go off when there's a terrorist attacking my country. I just turned it off and threw it away. It's useless. So what if you could have a feed coming from DHS and other government agencies, say, to Twitter or Facebook or MySpace or whatever? And you subscribe to that channel or that feed, end users would know it's still the official word, it hasn't been modified or changed. There has to be some official ways of distributing this alert information in many different ways. The president started out with a strong cybersecurity speech and then things started to slow down. Then there was the big battle over what is the DHS going to do? What is NSA going to do? It turned into a lot of politics. Cell phones have this broadcast mode where it's possible for a cell tower to send a broadcast message out to everyone on the cell tower. They're wondering is there a way you could use these broadcast features to send out localized announcements? A university saying there's a school shooter on campus everybody leave. How do you communicate security sensitive information in a localized way? I think the technology group at DHS is spending a lot of time thinking about that. It was nice to see an acknowledgment in the report that we need to engage in social media or other media forms to communicate more than just on television or when someone gets up at the White House and makes an announcement. Now we're into Cyber Security Awareness Month and DHS got authority to hire up to 1,000 employees in the next three years in the cybersecurity area, everybody from analysts to secretaries to reverse engineers and network architects. I'm sure you saw the articles about are there even 1,000 skilled people available. What's your take on all that? Moss: I don't think there are. It's great when agencies and groups come up with these really grand statements, that's what you're shooting for. You'd love to have 100 of the best, but Cyber Command wants 100 of the best and Air force 10th Wing wants 100 of the best (and Microsoft and IBM want 100 of the best). At some point there's just not enough people left. But they say when you work for government you're not really working for the money. People tend to do it for different reasons. You either do it because you're patriotic or you do it because you get to play with some really cool stuff that wouldn't ever be possible in the civilian world. And I think they're trying to address the third thing, which is pay. The 60-day review released earlier this year concluded that the government is not prepared to respond adequately in the event of a cyberattack. Is it just a matter of having enough staff and having more trained staff? Moss: Well it's that and a lot of it is bureaucratic fiefdoms. Whose in charge of what? Cyber attacks just have never happened. That's why everyone paid so much attention to Estonia when they were being attacked. What's the best way to organize yourself to respond to one of these things? And nobody really knows, I don't think, what agency calls what other agency and who responds in what order. They've been gaming it for a while, but until it actually happens a few times I think it's all new. I've recently heard that there was the competition sort of between not so much DHS, it was Air Force and NSA over the Cyber Command and NSA won that so that big cyber turf war is over and dying down. Now the energy is being put into actually building that command and figuring it out. Sort of the same thing is going on with DHS. Who is actually going to be in charge of defending domestic government space? And they referred to it as the "Defend .gov Initiative." Who defends.gov? It's going to be the DHS and how do they do that and what does it mean? Because DHS, if they have this mission but they don't have the budget for it, can they really go to the Department of Agriculture, for example, and order them to change their systems but not really give them the resources or the budget to do it? It's not clear how much one agency will be able to go and dictate to another agency because everybody is just fantastically protective of their fiefdoms. It does seem like there has been some turf war, some struggle for the cyber security position or role. Moss: And there are some competing ideas. The current idea is you have these, in DHS lingo its called TICs, Trusted Internet Connections. It's sort of what the military did...where let's say you were on a military base somewhere and you wanted to go search Google, your connection would leave the military network and go off to the civilian network. And there were hundreds and hundreds of thousands of these connection points between the two networks and the DOD (Department of Defense) realized there was just too many to watch and they need to have a plan to reduce the number between the two networks. So they have this multiyear strategy to reduce the number, and I don't know what the end number is. DHS needs some of (the NSA's cybersecurity) talent and they need some of that expertise. So there's some sort of working arrangement being sorted out where until DHS can get their own talent pool sorted out, NSA will send people over. DHS is trying to do the same thing with the initiative to have more traffic pass through these TICs that can then be monitored and you can get an idea of what is going on. That spurred another debate which is, on one hand now your eggs are in less baskets and you can monitor your eggs and look for trends and do more intrusion detection but because your eggs are in less baskets there are less baskets to attack. There are fewer connection points to have to DOS (denial of service). I'm not in that camp. I like the idea of having less connections to monitor because the counter to having less things to attack is well you buy more bandwidth. Have you heard of this Einstein system? No. Moss: It's the civilian governments defensive. It's like their IDS (intrusion detection system). So there's a technology road map. If you go to a government system or leave a government system you would pass through this Einstein system and so the idea is once you have everything in these TICs you can start to analyze flows and look for interesting patterns. Can you talk a little bit about the leadership of the cybersecurity effort. When are we going to have a new cybersecurity czar? Who might it be? Seems like there's been a revolving door as far as the directorships. What's going on? Moss: Yeah. Without naming names nobody knows. And every time you have a conversation with a different agency everybody says, well what have you heard? What rumors have you heard? The rumor was always that in two weeks there would be an announcement and I've heard that for the last four or five months. And there are two theories. One I've heard is it's just really hard now. A lot of people who were potentially under consideration have taken themselves out or they're really hard to vet and they keep having issues because of all the scrutiny the czars have been getting. And the other one (theory) is that the longer you go without a czar the more they realize that maybe they don't need one, that what they envision what a czar doing, the role is changing. Maybe now this person is more important on a strategy level and a coordination level and maybe this person isn't going to lay down the blueprint for what technology to buy or what strategy to impose. I like that because I really think it needs to be a coordinator position. They need to work the intelligence, the military and civilians. And they need to have good visibility with the president and the national security staff. So it's probably more important to get the right person and explain the position so they don't end up with one of these "all the responsibilities and none of the authority" situations, which is what it sounded like, (a) multiple reporting structure with little budget and little staff and no real authority. That didn't sound like a recipe for success. That being said, DHS has had some turnover. Melissa Hathaway left (and Rod Beckstrom resigned). I don't know if it's the course of normal turnover or if it's frustration at the pace at which things are happening or resistance to change. Rod wanted to make some changes, everybody wanted to make some changes, and they're used to having an impact and I think things were moving very slowly. The president started out with a strong cybersecurity speech and then things started to slow down. Then there was the big battle over what is the DHS going to do? What is NSA going to do? It turned into a lot of politics. That's from an outsider perspective. All the people I've met at that level, (, director of the National Cybersecurity Center at DHS, and Rand Beers, (under secretary for the National Protection and Programs Directorate at DHS) are very impressive. I just don't know really what's underneath the surface. But those guys seem really on the ball. They're saying reasonable things. They don't have crazy inflated egos or trying to throw their weight around. So it's different from what I expected or the way it was portrayed. It makes you want to get involved more or participate more. It's actually been really refreshing for me. That's good to hear. So are we set as far as the domestic cybersecurity initiative and role and czar reporting to the White House and not being under the auspices of the NSA? Moss: I don't know. When you talk about what's the role of NSA with DHS for helping protect .gov, the way you hear people talking about it is, NSA has all this experience and they have a different structure when it comes to compensation so they can just woo everybody because they have much more authority for hiring. Historically, they had to hire academics and engineers and people with specialized skills used to higher salaries. So their hiring structure is built up around that so it's easier for them to lure computer and software guys than say it is (for) DHS. They generally usually win in the recruiting battles. They've got a lot of talent over there and DHS needs some of that talent and they need some of that expertise. So there's some sort of working arrangement being sorted out where until DHS can get their own talent pool sorted out, NSA will send people over. I have a feeling it's going to be something like an internal government loaner program. You have a unique perspective. Your background is very different from the others on the council. Has your background as a hacker helped you in your role advising the government and helping them think about things from a diff perspective? Is there a diff perspective? Moss: Yeah, there definitely is a different perspective but it's not very visible yet, I don't think. We haven't had enough meetings, we haven't had enough issues come up that are directly cyber related so I haven't gotten a chance to really shine yet just because there are a million ongoing things. Cyber is just one aspect. The big piece that's missing is what are the states doing? I don't hear a lot of statewide initiatives for cybersecurity--there's only a couple of states that are trying to be proactive about this and I can't remember them all. One is New York because they have to be with all the financial networks. Washington state. Louisiana, of all places. And I can't remember the fourth. All the attention seems to be on the federal side but at some point the states are going to have to get involved. From rforno at infowarrior.org Sat Oct 17 15:08:43 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Oct 2009 11:08:43 -0400 Subject: [Infowarrior] - More music licensing nuttiness Message-ID: (c/o Isaac P) Corner shop worker told to stop singing in her store - or pay for a performing licence By Daily Mail Reporter Last updated at 8:00 AM on 15th October 2009 http://www.dailymail.co.uk/news/article-1220423/Corner-store-worker-told-stop-singing-works--pay-licence.html Music police have told a grandmother to stop singing behind the counter of the corner shop where she works - or pay for a licence. Sandra Burt began serenading customers at the A & T Food Store in Clackmannan, near Stirling, after the owners were contacted by The Performing Right Society and told they would have to pay an ?80 annual fee to keep the radio on in the shop. They decided not to bother and now 56-year-old Sandra sings tracks 'from anyone from The Noisettes, to the Rolling Stones' as she stocks the shelves and weighs customers' purchases. A song and dance: Sandra Burt's musical outbursts at the A & T Food Store have been deemed 'live public performance' One delighted regular has even compared her voice to Amy Winehouse. More... ? Fed up homeowner builds dummy speed camera to scare drivers after motorist smashed into his garden wall Now, however, the PRS, which collects royalties on behalf of music industry bosses and artists, has told her that her 'spontaneous outbursts of joy' constitute live public performance, and she could have to pay annual fees of 'four figures'. Gareth Kelly, music sales advisor for PRS, said that Mrs Burt was getting up to 'mischief' to get round the radio licence fee. He said: 'Using any copyright material in your store, without paying for it, is illegal. 'It doesn't matter whether you're singing a Robbie Williams track, or listening to a Robbie Williams track, you still have to pay for it. 'She could be fined for not having a live performance licence, and if the fine isn't paid, then she could potentially be taken to court.' The PRS said that Mrs Burt could be judged to be giving daily performances, which would require individual daily licences, taking the annual cost up to 'four figures'. Mrs Burt, a Rolling Stones fan, said she was shocked by the attitude of the PRS. She said: 'I come from a very musical family. My husband is a drummer in a pipe band, and even my two-and-a-half year old grand-daughter is always singing. 'I sing all the time, and I often don't even know I'm doing it. It's just a spontaneous, happy thing. 'They'd have to put tape over my mouth to stop me singing these songs. Even if they threatened to take me to court, I don't think I could stop singing. I'm just a naturally happy person. 'Nobody that comes in the store complains about me singing. I love singing and think it's cruel that PRS would try and stop me from doing it.' Assistant manager of the store Dale Alexander said they had been contacted by the Performing Right Society to say their business could be fined if they were caught listening to a radio without a licence, so Sandra decided to entertain the staff and customers instead. Mr Alexander, 29, said: 'Sometimes you can go half an hour without seeing anyone in the shop so the radio was a wee bit of company. 'It was really just for the staff. It is not like we were putting on a concert. The rules have been in for a while but the PRS have been targeting small shops recently, and with the recent huge increase in the drinks licence to stump up it is just too much to pay extra for. 'It helps that Sandra actually likes singing the oldies from the sixties and that sort of thing, and she is quite a good singer.' Mrs Burt, who has worked in the store for four years, added: 'I have always sung in the shop but it is so quiet now without the radio on, that I'm singing all the time. 'I'll basically just sing anything that comes into my head, and then Dale will start singing along with me, and people in the shop will say 'Oh I know that song too', and they'll start singing along too. It's a happy store. 'It's ridiculous. What's the world coming to when Big Brother wants to charge you for singing a wee tune?' The Performing Right Society said it was within its rights to charge for all copyright music played or performed outside of the home. The not-for-profit organisation distributes the royalties to the writers and publishers of the songs. From rforno at infowarrior.org Sun Oct 18 03:52:06 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Oct 2009 23:52:06 -0400 Subject: [Infowarrior] - Silent Install Firefox Plugin Backfires on Microsoft Message-ID: Silent Install Firefox Plugin Backfires on Microsoft posted by Kroc Camen on Sat 17th Oct 2009 05:27 UTC http://www.osnews.com/story/22358/Silent_Install_Firefox_Plugin_Backfires_on_Microsoft Whilst it's not okay in Microsoft's eyes for Google to install a plugin into Internet Explorer, increasing the potential surface area of attack, when Microsoft do it to Firefox, it's a different matter. Now a security hole has been found in a plugin that Microsoft have been silently installing into Firefox. Along with .NET Framework 3.5 SP1, Microsoft have been silently installing a Windows Presentation Foundation Plugin that allows the embedding of XAML applications (an XML-based UI technology) in web pages, called XBAP (XAML Web App). The exploit is drive-by, meaning that the victim only needs to be lured onto a web-page for the attack to be effective. The only safe thing to do until a patch is issued, is to open Firefox?s AddOn Manager and disable the WPF plugin. Microsoft were caught earlier this year silently installing a ?.NET Framework Assistant? plugin into Firefox, which could not initially be uninstalled. After some pressure from the press, Microsoft relented and provided an update to enable the uninstall button. That update then broke a number of other Firefox extensions. The only thing that surprises me more, is that I?m not surprised that Microsoft could be this incompetent when it comes to the safety of all users of the web using Windows, regardless if they?re using IE or not. With greater marketshare than ever before, and a firm position in the mainstream, every software vendor and their dog are wanting to integrate with Firefox. This has led to numerous unwanted, irritating and often uninstallable plugins to add themselves to Firefox. WPF is really only the tip of the iceberg. Silently installing software on your computer that you are unaware of, is called malware in my book. Mozilla have the capability to blacklist plugins and addons if they misbehave or pose a threat. Frankly, if I were Mozilla, I would ban Microsoft?s plugins from Firefox until they provide an opt-in interface. This also raises concerns with how Mozilla handle extensions and plugins being installed into the browser without the user?s permission. Whilst Firefox will bring up the AddOns Manager when a new extension is installed, the new extension is not disabled by default until you permit it (Mozilla are working on a proposal for this). External programs on the computer can install extensions into Firefox with nothing more than a registry key, and plugins that are added outside of Firefox itself will not be reported to the user (as in the case with WPF). With good timing, Mozilla have been working on a Plugin Check system to ensure that users are kept up to date with plugins, which pose a security threat and are a part of the browser users are often unaware of. This follows Mozilla alerting users to an out of date Flash Player version on their landing page for updated Firefox versions. HTML5 promises to reduce the need for plugins by providing much of the same functionality natively, in the browser via SVG, JavaScript and native video and audio elements. In my opinion, Mozilla need to take a hard stance and stop this plight of plugins as it may turn people off of using Firefox, not least lead to bad press as more plugins are used as exploit vectors in the face of growing Firefox marketshare. From rforno at infowarrior.org Mon Oct 19 18:35:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Oct 2009 14:35:36 -0400 Subject: [Infowarrior] - Bye Bye, Darl McBride Message-ID: SCO fires CEO Darl McBride, architect of litigation strategy SCO CEO Darl McBride has finally been let go by the serial litigator. In an SEC filing published today, SCO reveals that the controversial CEO has been ousted as part of the latest reorganization plan. By Ryan Paul http://arstechnica.com/open-source/news/2009/10/sco-fires-ceo-darl-mcbride-architect-of-litigation-strategy.ars?utm In an SEC filing published today, SCO revealed that CEO Darl McBride has been terminated and is no longer with the company. The decision to fire the controversial CEO is part of a restructuring plan that is based on recommendations made by the Chapter 11 trustee who was assigned to SCO by the justice department. McBride was the architect and public face of SCO's misguided campaign against Linux. He claimed that the open source operating system infringed on SCO's copyright and included a significant quantity of code stolen from UNIX System V. On the basis of this claim, SCO threatened to sue a multitude of corporate Linux users and demanded hefty licensing fees. During the ensuing litigation fiasco, an internal SCO memo was revealed which indicated that SCO's own internal code audits of Linux found no actual evidence of infringement. The courts eventually determined that SCO never even owned the relevant UNIX copyrights in the first place. Even after SCO's deception was exposed and the company effectively lost its case, Darl McBride continued to insist that the company has evidence of System V code in Linux. No such evidence has been presented and McBride's argument directly contradicts testimony given by other SCO executives. McBride's stubborn detachment from reality has made him a subject of ridicule in the Linux community. The SEC filing indicates that SCO COO Jeff Hunsaker and CFO Ken Nielsen will assume the responsibility of managing SCO in collaboration with the trustee. The company does not intend to name a new CEO. Additional details of the restructuring plan are said to be forthcoming, but the company says that it has undertaken several cost- cutting measures including a "a modest reduction in SCO's workforce" and the sale of additional assets. In a statement issued by SCO's new leadership, the company indicates that it plans to continue its litigation efforts and will move forward with the appeals process. The company also says that it plans to continue supporting its UNIX products. This potentially indicates that SCO has given up on trying to unload its UnixWare assets, a plan that has fallen through several times now as various proposed deals have evaporated. "These actions, while difficult, are essential to SCO becoming a more agile and efficient company, not just for this year, but for years to come," said Hunsaker in a statement. "This restructuring plan reinforces SCO's ability to continue to sell and support its products while servicing the needs of our customers and partners on a worldwide basis through the stabilization of our financial situation." SCO's numerous reorganization plans have consistently failed. It seems unlikely that the company is still capable of resurrecting itself. The courts are also growing impatient with the company's antics. Bankruptcy Judge Kevin Gross blocked SCO's last attempted asset sale and remarked in his ruling that the company's hopes for litigation success were like a bad remix of Waiting for Godot. Now that Darl has been axed, one wonders how long the rest of the company will continue its struggle for survival. From rforno at infowarrior.org Mon Oct 19 18:38:39 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Oct 2009 14:38:39 -0400 Subject: [Infowarrior] - In-q-Tel Buys Stake in Firm That Monitors Blogs, Tweets Message-ID: Exclusive: U.S. Spies Buy Stake in Firm That Monitors Blogs, Tweets ? By Noah Shachtman ? October 19, 2009 | http://www.wired.com/dangerroom/2009/10/exclusive-us-spies-buy-stake-in-twitter-blog-monitoring-firm/ America?s spy agencies want to read your blog posts, keep track of your Twitter updates ? even check out your book reviews on Amazon. In-Q-Tel, the investment arm of the CIA and the wider intelligence community, is putting cash into Visible Technologies, a software firm that specializes in monitoring social media. It?s part of a larger movement within the spy services to get better at using ?open source intelligence? ? information that?s publicly available, but often hidden in the flood of TV shows, newspaper articles, blog posts, online videos and radio reports generated every day. Visible crawls over half a million web 2.0 sites a day, scraping more than a million posts and conversations taking place on blogs, online forums, Flickr, YouTube, Twitter and Amazon. (It doesn?t touch closed social networks, like Facebook, at the moment.) Customers get customized, real-time feeds of what?s being said on these sites, based on a series of keywords. ?That?s kind of the basic step ? get in and monitor,? says company senior vice president Blake Cahill. Then Visible ?scores? each post, labeling it as positive or negative, mixed or neutral. It examines how influential a conversation or an author is. (?Trying to determine who really matters,? as Cahill puts it.) Finally, Visible gives users a chance to tag posts, forward them to colleagues and allow them to response through a web interface. In-Q-Tel says it wants Visible to keep track of foreign social media, and give spooks ?early-warning detection on how issues are playing internationally,? spokesperson Donald Tighe tells Danger Room. Of course, such a tool can also be pointed inward, at domestic bloggers or tweeters. Visible already keeps tabs on web 2.0 sites for Dell, AT&T and Verizon. For Microsoft, the company is monitoring the buzz on its Windows 7 rollout. For Spam-maker Hormel, Visible is tracking animal-right activists? online campaigns against the company. ?Anything that is out in the open is fair game for collection,? says Steven Aftergood, who tracks intelligence issues at the Federation of American Scientists. But ?even if information is openly gathered by intelligence agencies it would still be problematic if it were used for unauthorized domestic investigations or operations. Intelligence agencies or employees might be tempted to use the tools at their disposal to compile information on political figures, critics, journalists or others, and to exploit such information for political advantage. That is not permissible even if all of the information in question is technically ?open source.?? Visible chief executive officer Dan Vetras says the CIA is now an ?end customer,? thanks to the In-Q-Tel investment. And more government clients are now on the horizon. ?We just got awarded another one in the last few days,? Vetras adds. Tighe disputes this ? sort of. ?This contract, this deal, this investment has nothing to do with any agency of government and this company,? he says. But Tighe quickly notes that In-Q-Tel does have ?an interested end customer? in the intelligence community for Visibile. And if all goes well, the company?s software will be used in pilot programs at that agency. ?In pilots, we use real data. And during the adoption phase, we use it real missions.? Neither party would disclose the size of In-Q-Tel?s investment in Visible, a 90-person company with expected revenues of about $20 million in 2010. But a source familiar with the deal says the In-Q-Tel cash will be used to boost Visible?s foreign languages capabilities, which already include Arabic, French, Spanish and nine other languages. Visible has been trying for nearly a year to break into the government field. In late 2008, the company teamed up with the Washington, DC, consulting firm Concepts & Strategies, which has handled media monitoring and translation services for U.S. Strategic Command and the Joint Chiefs of Staff, among others. On its website, Concepts & Strategies is recruiting ?social media engagement specialists? with Defense Department experience and a high proficiency in Arabic, Farsi, French, Urdu or Russian. The company is also looking for an ?information system security engineer? who already has a ?Top Secret SCI [Sensitive Compartmentalized Information] with NSA Full Scope Polygraph? security clearance. The intelligence community has been interested in social media for years. In-Q-Tel has sunk money into companies like Attensity, which recently announced its own web 2.0-monitoring service. The agencies have their own, password-protected blogs and wikis ? even a MySpace for spooks. The Office of the Director of National Intelligence maintains an Open Source Center, which combs publicly available information, including web 2.0 sites. Doug Naquin, the Center?s Director, told an audience of intelligence professionals in October 2007 that ?we?re looking now at YouTube, which carries some unique and honest-to-goodness intelligence?. We have groups looking at what they call ?citizens media?: people taking pictures with their cell phones and posting them on the internet. Then there?s social media, phenomena like MySpace and blogs.? But, ?the CIA specifically needs the help of innovative tech firms to keep up with the pace of innovation in social media. Experienced IC [intelligence community] analysts may not be the best at detecting the incessant shift in popularity of social-networking sites. They need help in following young international internet user-herds as they move their allegiance from one site to another,? Lewis Shepherd, the former senior technology officer at the Defense Intelligence Agency, says in an e-mail. ?Facebook says that more than 70 percent of its users are outside the U.S., in more than 180 countries. There are more than 200 non-U.S., non-English-language microblogging Twitter-clone sites today. If the intelligence community ignored that tsunami of real-time information, we?d call them incompetent.? From rforno at infowarrior.org Tue Oct 20 16:47:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Oct 2009 12:47:23 -0400 Subject: [Infowarrior] - Virginia Gun Laws vs. Sudafed Message-ID: <0C661C71-AA59-4326-9895-874C0276F76F@infowarrior.org> In the New Normal, in the name of fighting the 'war' on drugs, we must fear running afoul of the Stuffed Nose Czar at the Department of Homeland Congestion. As some of you may know, this little gem was buried in the USA PATRIOT Act back in 2001.[1] The requirements, by the way, make buying Sudafed harder than buying a gun in most cases: Virginia Gun Laws vs. Sudafed http://museice.blogspot.com/2009/07/virginia-gun-laws-vs-sudafed.html When I get sick, I want medicine, not worry about whether or not Big Brother is going to come arrest me because I purchased more than my daily allottment of cold relief. But that's the name of the game, as recently as 2 weeks ago: Sudafed Head: Indiana Women Arrested for Buying Two Over-The-Counter Medicines Within a Week http://tinyurl.com/yac3eae To make matters worse, the Sudafed folks halved the dose-per-pill compared to the stuff I just ran out of. So, you have a set amount of meds you can buy per day/month and what you can buy is weakened so you may run into that limit sooner rather than later, and thus be viewed by the "system" as a criminal or drug merchant. (And no, the OTC substitute phenylephrine does NOT work as well as pseudoephedrine now available only behind-the-counter.) Thank you very much, Diane Feinstein. I feel so much safer now. [1] Patriot act makes it harder to get real Sudafed http://www.boingboing.net/2006/11/17/patriot_act_makes_it.html From rforno at infowarrior.org Wed Oct 21 01:38:33 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Oct 2009 21:38:33 -0400 Subject: [Infowarrior] - Fwd: Sequoia Voting Systems screws up, releases its SQL code accidentally References: <20091020232521.GA15889@gsp.org> Message-ID: <69129437-06B3-4358-B746-885887CBBA95@infowarrior.org> Begin forwarded message: > From: Rich Kulawiec > Date: October 20, 2009 7:25:21 PM EDT > To: Dave Farber , Paul Ferguson >, Richard Forno > Subject: Sequoia Voting Systems screws up, releases its SQL code > accidentally > > The gist may be found here: > > Sequoia Voting Systems hacks self in foot > http://www.dailykos.com/storyonly/2009/10/20/795343/-Sequoia-Voting-Systems-hacks-self-in-foot > > which quotes a message that appears to have transited the Open Voting > Consortium (OVC) mailing list earlier today. That message reads in > part: > > Folks, you'll love this. > > Sequoia blew it on a public records response. We (basically > EDA) have election databases from Riverside County that Sequoia > insisted on "redacting" first, for which we paid cold cash. > They appear instead to have just vandalized the data as valid > databases by stripping the MS-SQL header data off, assuming that > would stop us cold. > > They were wrong. > > The Linux "strings" command was able to peel it apart. Nedit was > able to digest 800meg text files. What was revealed was thousands > of lines of MS-SQL source code that appears to control or at > least influence the logical flow of the election, in violation > of a bunch of clauses in the FEC voting system rulebook banning > interpreted code, machine modified code and mandating hash checks > of voting system code. > > I've got it all organized for commentary and download in wiki > form at: > > http://studysequoia.wikispaces.com/ > > And sure enough that wiki is live and running, and I'll bet that as I > type this, Sequoia's lawyers are frantically trying to shut it > down...but > it's too late. By now, there are dozens if not hundreds of copies > of that > code all over the world, so they're powerless to stop the analysis > that's > already started. (And while I was typing this, apparently Slashdot > picked > up the story, so make that "thousands of copies".) > > The lesson for Sequoia: never underestimate the abilities of someone > who's > read ALL of section 1 of the Unix manual. > > ---Rsk > From rforno at infowarrior.org Wed Oct 21 11:57:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Oct 2009 07:57:21 -0400 Subject: [Infowarrior] - Alexander nominated to lead Cyber Command Message-ID: Alexander nominated to lead Cyber Command President picks intelligence veteran to oversee DOD cyber programs Defense Systems, 19 Oct 2009 William Welsh http://defensesystems.com/articles/2009/10/19/alexander-nomination-for-cyber-command.aspx Army Lt. Gen. Keith Alexander has been nominated for promotion to the rank of four-star general and also to the post of commander of the Defense Department?s new U.S. Cyber Command, DOD officials said Oct. 16. The official announcement, which comes from the Office of the Secretary of Defense, states that President Barack Obama submitted Alexander?s nomination both for the grade of four-star general and to serve as commander of the Cyber Command at Fort Meade, Md. Alexander also will continue serving as chief of the National Security Agency and Central Security Service, according to the announcement. The nomination comes as no surprise to those following first steps in the formation of a unified cyber command within the Defense Department. At the time Gates issued instructions for the creation of the organization, he indicated a preference for Alexander to lead it. The new cyber command, which Defense Secretary Robert Gates outlined in a June 23 memo, is expected to reach initial operating capabilities this month, and become fully operational by October 2010, according to media reports. The new command will be responsible for protecting military networks and conducting offensive operations against hostile forces. Alexander has extensive experience with intelligence operations. In addition to his NSA experience, he also has served as commander of the Army Intelligence and Security Command at Fort Belvoir, Va., and director of intelligence for the Central Command at MacDill Air Force Base, Fla. On the battlefront, he served as G-2 (intelligence officer) for the 1st Armored Division in Germany and in Operation Desert Shield/ Desert Storm. He holds multiple master's degrees in the areas of business administration, systems technology (electronic warfare), physics and national security strategy. From rforno at infowarrior.org Wed Oct 21 13:24:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Oct 2009 09:24:53 -0400 Subject: [Infowarrior] - Metasploit Project Sold To Rapid7 Message-ID: <99D8A55D-9CEA-4744-BFF5-0EF127172D60@infowarrior.org> Metasploit Project Sold To Rapid7 Open-source Metasploit penetration testing tool creator HD Moore joins Rapid7, commercial Metasploit products to come Oct 21, 2009 | 09:00 AM By Kelly Jackson Higgins http://www.darkreading.com/vulnerability_management/security/management/showArticle.jhtml?articleID=220800067 Vulnerability management vendor Rapid7 has purchased the popular open- source Metasploit penetration testing tool project and named Metasploit founder HD Moore as chief security officer of the company. Moore, who is synonymous with the Metasploit Project , will continue as chief architect of Metasploit in his new role at Rapid7, and with an initial team of five Rapid7 researchers dedicated to the open- source project, some of whom already have been regular contributors to Metasploit. Financial terms of the deal were not disclosed. Rapid7 plans to enhance its NeXpose vulnerability management product line and its own penetration testing services with Metasploit technology. The details on how Rapid7 -- which uses Metasploit in its penetration testing engagements -- will productize Metasploit are still being ironed out: Corey Thomas, vice president of products and operations at Rapid7, says he expects Rapid7 to keep Metasploit as a separate product with "high integration" with its existing products. "But this is all conjecture at this time," he says. The goal is to leverage Metasploit's exploit technology to help identify which vulnerabilities discovered by NeXpose are actually exploitable, according to Thomas. "One of the things our customers have been pushing us for is how to get better data and information about their risk," he says. "And exploits are the key to that." Either way, the potential for a commercial version of Metasploit represents a major shift in the penetration testing market, where vendors such as Core Security and Immunity Inc. have offered more user- friendly tools for enterprises. Moore says the Rapid7 acquisition of Metasploit gives the project full- time resources -- Moore and his co-developers of Metasploit traditionally have done their work on the tool after-hours, during lunch breaks, and over weekends. "We are pretty competitive with Core and Immunity based on exploit coverage and features. But this is a great way to push the project forward ... and kick ass in the commercial sector if we want to go in that direction," Moore says. This also will speed up turnaround of new features in Metasploit, he says. "It's night and day. I can now get a feature done in a business day, not over an entire weekend ... I'm excited to be able to work on this full-time." Metasploit will also now have Rapid7's vast lab resources, and the ability to get more exposure for the project, he says, and expand the opportunities for existing Metasploit contributors as well. Both Moore and Rapid7 say they are well aware of previous open-source and commercial marriages that have gone south, however, such as the Nessus scanning tool, which went from an open-source to a proprietary, closed-source license under Tenable Network Security. They say they are focusing on the open source community to leverage Metasploit. "Our goal is to make sure we improve the open-source" element, Thomas says. "Metasploit will remain open source." "My goal is if we decide to go commercial, all the features and components are going into open-source" Metasploit as well, Moore says. "We started talking to HD and the Metasploit Project folks a few months ago about how to tie in the exploit data [with our products and offerings]," Rapid7's Thomas says. "How could we invest and contribute to the Project over time for a more robust database [of exploits] at our disposal ... We want to use high-quality exploit data to help prioritize risk and get better insight into which attacks are most likely," for example, he says. Moore says the combination of Metasploit's exploits and Rapid7's vulnerability reports would go "a lot further than any tool in the market" today in vulnerability assessment and penetration testing. From rforno at infowarrior.org Wed Oct 21 19:05:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Oct 2009 15:05:45 -0400 Subject: [Infowarrior] - Pentagon used psychological operation on US public, documents show Message-ID: <8DB7268B-675B-46CD-B339-4EA92D74DCA3@infowarrior.org> Pentagon used psychological operation on US public, documents show By Brad Jacobson Wednesday, October 21st, 2009 -- 10:12 am http://rawstory.com/2009/10/bryan-whitman-2/ In Part I of this series, Raw Story revealed that Bryan Whitman, the current deputy assistant secretary of defense for media operations, was an active senior participant in a Bush administration covert Pentagon program that used retired military analysts to generate positive wartime news coverage. A months-long review of documents and interviews with Pentagon personnel has revealed that the Bush Administration's military analyst program -- aimed at selling the Iraq war to the American people -- operated through a secretive collaboration between the Defense Department's press and community relations offices. Raw Story has also uncovered evidence that directly ties the activities undertaken in the military analyst program to an official US military document?s definition of psychological operations -- propaganda that is only supposed to be directed toward foreign audiences. The investigation of Pentagon documents and interviews with Defense Department officials and experts in public relations found that the decision to fold the military analyst program into community relations and portray it as ?outreach? served to obscure the intent of the project as well as that office?s partnership with the press office. It also helped shield its senior supervisor, Bryan Whitman, assistant secretary of defense for media operations, whose role was unknown when the original story of the analyst program broke. Story continues below... In a nearly hour-long phone interview, Whitman asserted that since the program was not run from his office, he was neither involved nor culpable. Exposure of the collaboration between the Pentagon press and community relations offices on this program, however, as well as an effort to characterize it as a mere community outreach project, belie Whitman?s claim that he bears no responsibility for the program?s activities. These new revelations come in addition to the evidence of Whitman?s active and extensive participation in the program, as Raw Story documented in part one of this series. Whitman remains a spokesman for the Pentagon today. Whitman said he stood by an earlier statement in which he averred ?the intent and purpose of the [program] is nothing other than an earnest attempt to inform the American public.? In the interview, Whitman sought to portray his role as peripheral, noting that his position naturally demands he speak on a number of subjects in which he isn?t necessarily directly involved. The record, however, suggests otherwise. In a January 2005 memorandum to active members of both offices from then-Pentagon press office director, Navy Captain Roxie Merritt ? who now leads the community relations office -- she emphasized the necessary ?synergy of outreach shop and media ops working together? on the military analyst program. [p. 18-19] Merritt recommended that both the press and community relations offices develop a ?hot list? of analysts who could dependably ?carry our water? and provide them with ultra-exclusive access that would compel the networks to ?weed out the less reliably friendly analysts? on their own. ?Media ops and outreach can work on a plan to maximize use of the analysts and figure out a system by which we keep our most reliably friendly analysts plugged in on everything from crisis response to future plans,? Merritt remarked. ?As evidenced by this analyst trip to Iraq, the synergy of outreach shop and media ops working together on these types of projects is enormous and effective. Will continue to examine ways to improve processes.? In response, Lawrence Di Rita, then Pentagon public affairs chief, agreed. He told Merritt and both offices in an email, ?I guess I thought we already were doing a lot of this.? Several names on the memo are redacted. Those who are visible read like a who?s who of the Pentagon press and community relations offices: Whitman, Merritt, her deputy press office director Gary Keck (both of whom reported directly to Whitman) and two Bush political appointees, Dallas Lawrence and Allison Barber, then respectively director and head of community relations. Merritt became director of the office, and its de facto chief until the appointment of a new deputy assistant secretary of defense, after the departures of Barber and Lawrence, the ostensible leaders of the military analyst program. She remains at the Defense Department today. When reached through email, Merritt attempted to explain the function of her office's outreach program and what distinguishes it from press office activities. ?Essentially,? Merritt summarized, ?we provide another avenue of communications for citizens and organizations wanting to communicate directly with DoD.? Asked to clarify, she said that outreach?s purpose is to educate the public in a one-to-one manner about the Defense Department and military?s structure, history and operations. She also noted her office "does not handle [the] news media unless they have a specific question about one of our programs." Merritt eventually admitted that it is not a function of the outreach program to provide either information or talking points to individuals or a group of individuals -- such as the retired military analysts -- with the intention that those recipients use them to directly engage with traditional news media and influence news coverage. Asked directly if her office provides talking points for this purpose, she replied, ?No. The talking points are developed for use by DoD personnel.? Experts in public relations and propaganda say Raw Story's findings reveal the program itself was "unwise" and "inherently deceptive." One expressed surprise that one of the program's senior figures was still speaking for the Pentagon. ?Running the military analyst program from a community relations office is both surprising and unwise,? said Nicholas Cull, a professor of public diplomacy at USC?s Annenberg School and an expert on propaganda. ?It is surprising because this is not what that office should be doing [and] unwise because the element of subterfuge is always a lightening rod for public criticism.? Diane Farsetta, a senior researcher at the Center for Media and Democracy, which monitors publics relations and media manipulation, said calling the program ?outreach? was ?very calculatedly misleading? and another example of how the project was ?inherently deceptive.? ?This has been their talking point in general on the Pentagon pundit program,? Farsetta explained. ?You know, ?We?re all just making sure that we?re sharing information.?? Farsetta also said that it?s ?pretty stunning? that no one, including Whitman, has been willing to take any responsibility for the program and that the Pentagon Inspector General?s office and Congress have yet to hold anyone accountable. ?It?s hard to think of a more blatant example of propaganda than this program,? Farsetta said. Cull said the revelations are ?just one more indication that the entire apparatus of the US government?s strategic communications -- civilian and military, at home and abroad -- is in dire need of review and repair.? A PSYOPS Program Directed at American Public When the military analyst program was first revealed by The New York Times in 2008, retired US Army Col. Ken Allard described it as ?PSYOPS on steroids.? It turns out this was far from a casual reference. Raw Story has discovered new evidence that directly exposes this stealth media project and the activities of its participants as matching the US government?s own definition of psychological operations, or PSYOPS. The US Army Civil Affairs & Psychological Operations Command fact sheet, which states that PSYOPS should be directed ?to foreign audiences? only, includes the following description: ?Used during peacetime, contingencies and declared war, these activities are not forms of force, but are force multipliers that use nonviolent means in often violent environments.? Pentagon public affairs officials referred to the military analysts as ?message force multipliers? in documented communications. A prime example is a May 2006 memorandum from then community relations chief Allison Barber in which she proposes sending the military analysts on another trip to Iraq: ?Based on past trips, I would suggest limiting the group to 10 analysts, those with the greatest ability to serve as message force multipliers.? Nicholas Cull, who also directs the public diplomacy master?s program at USC and has written extensively on propaganda and media history, found the Pentagon public affairs officials? use of such terms both incriminating and reckless. ?[Their] use of psyop terminology is an ?own goal,?? Cull explained in an email, ?as it speaks directly to the American public?s underlying fear of being brainwashed by its own government.? This new evidence provides further perspective on an incident cited by the Times. Pentagon records show that the day after 14 marines died in Iraq on August 3, 2005, James T. Conway, then director of operations for the Joint Chiefs, instructed military analysts during a briefing to work to prevent the incident from weakening public support for the war. Conway reminded the military analysts assembled, ?The strategic target remains our population.? [p. 102] Same Strategy, Different Program Bryan Whitman was also involved in a different Pentagon public affairs project during the lead-up to the war in Iraq: embedding reporters. The embed and military analyst programs shared the same underlying strategy of ?information dominance,? the same objective of selling Bush administration war policies by generating favorable news coverage and were directed at the same target -- the American public. Torie Clarke, the first Pentagon public affairs chief, is often credited for conceiving both programs. But Clarke and Whitman have openly acknowledged his deep involvement in the embed project. Clarke declined to be interviewed for this article. Whitman said he was ?heavily involved in the process? of the embed program's development, implementation and supervision. Before embedding, reporters and media organizations were forced to sign a contract whose ground rules included allowing military officials to review articles for release, traveling with military personnel escorts at all times or remaining in designated areas, only conducting on-the-record interviews, and agreeing that the government may terminate the contract ?at any time and for any reason.? In May 2002, with planning for a possible invasion of Iraq already in progress, Clarke appointed Whitman to head all Pentagon media operations. Prior to that, he had served since 1995 in the Pentagon press office, both as deputy director for press operations and as a public affairs specialist. The timing of Whitman?s appointment coincided with the development stages of the embed and military analyst programs. He was the ideal candidate for both projects. Whitman had a military background, having served in combat as a Special Forces commander and as an Army public affairs officer with years of experience in messaging from the Pentagon. He also had experience in briefing and prepping civilian and military personnel. Whitman's background provided him with a facility and familiarity in navigating military and civilian channels. With these tools in hand, he was able to create dialogue between the two and expedite action in a sprawling and sometimes contentious bureaucracy. Buried in an obscure April 2008 online New York Times Q&A with readers, reporter David Barstow disclosed: ?As Lawrence Di Rita, a former senior Pentagon official told me, they viewed [the military analyst program] as the ?mirror image? of the Pentagon program for embedding reporters with units in the field. In this case, the military analysts were in effect ?embedded? with the senior leadership through a steady mix of private briefings, trips and talking points.? Di Rita denied the conversation had occurred in a telephone interview. ?I don?t doubt that?s what he heard, but that?s not what I said,? Di Rita asserted. Whitman said he'd never heard Di Rita make any such comparison between the programs. Barstow, however, said he stood behind the veracity of the quote and the conversation he attributed to Di Rita. Di Rita, who succeeded Clarke, also declined to answer any questions related to Whitman?s involvement in the military analyst program, including whether he had been involved in its creation. Clarke and Whitman have both discussed information dominance and its role in the embed program. In her 2006 book Lipstick on a Pig, Clarke revealed that ?most importantly, embedding was a military strategy in addition to a public affairs one? (p. 62) and that the program?s strategy was ?simple: information dominance? (p. 187). To achieve it, she explained, there was a need to circumvent the traditional news media ?filter? where journalists act as ?intermediaries.? The goal, just as with the military analyst program, was not to spin a story but to control the narrative altogether. At the 2003 Military-Media conference in Chicago, Whitman told the audience, ?We wanted to take the offensive to achieve information dominance? because ?information was going to play a major role in combat operations.? [pdf link p. 2] One of the other program?s objectives, he said, was ?to build and maintain support for U.S. policy.? [pdf link, p. 16 ? quote sourced in 2005 recap of 2003 mil- media conference] At the March 2004 ?Media at War? conference at UC Berkeley, Lt. Col. Rick Long, former head of media relations for the US Marine Corps, offered a candid view of the Pentagon?s engagement in ?information warfare? during the Bush administration. ?Our job is to win, quite frankly,? said Long. ?The reason why we wanted to embed so many media was we wanted to dominate the information environment. We wanted to beat any kind of propaganda or disinformation at its own game.? ?Overall,? he told the audience, ?we?re happy with the outcome.? The Appearance of Transparency On a national radio program just before the invasion of Iraq, Whitman claimed that embedded reporters would have a firsthand perspective of ?the good, the bad and the ugly.? But veteran foreign correspondent Reese Erlich told Raw Story that the embed program was ?a stroke of genius by the Bush administration? because it gave the appearance of transparency while ?in reality, they were manipulating the news.? In a phone interview, Erlich, who is currently covering the war in Afghanistan as a ?unilateral? (which allows reporters to move around more freely without the restrictions of embed guidelines), also pointed out the psychological and practical influence the program has on reporters. ?You?re traveling with a particular group of soldiers,? he explained. ?Your life literally depends on them. And you see only the firefights or slog that they?re involved in. So you?re not going to get anything close to balanced reporting.? At the August 2003 Military-Media conference in Chicago, Jonathan Landay, who covered the initial stages of the war for Knight Ridder Newspapers, said that being a unilateral ?gave me the flexibility to do my job.? [pdf link p. 2] He added, ?Donald Rumsfeld told the American people that what happened in northern Iraq after [the invasion] was a little ?untidiness.? What I saw, and what I reported, was a tsunami of murder, looting, arson and ethnic cleansing.? Paul Workman, a journalist with over thirty years at CBC News, including foreign correspondent reporting on the wars in Iraq and Afghanistan, wrote of the program in April 2003, ?It is a brilliant, persuasive conspiracy to control the images and the messages coming out of the battlefield and they've succeeded colossally.? Erlich said he thought most mainstream US reporters have been unwilling to candidly discuss the program because they ?weren?t interested in losing their jobs by revealing what they really thought about the embed process.? Now embedded with troops in Afghanistan for McClatchy, Landay told Raw Story it?s not that reporters shouldn?t be embedded with troops at all, but that it should be only one facet of every news outlet?s war coverage. Embedding, he said, offers a ?soda-straw view of events.? This isn't necessarily negative ?as long as a news outlet has a number of embeds and unilaterals whose pictures can be combined? with civilian perspectives available from international TV outlets such as Reuters TV, AP TV, and al Jazeera, he said. Landay placed more blame on US network news outlets than on the embed program itself for failing to show a more balanced and accurate picture. But when asked if the Pentagon and the designers of the embed program counted as part of their embedding strategy on the dismal track record of US network news outlets when it came to including international TV footage from civilian perspectives, he replied, ?I will not second guess the Pentagon?s motives.? Brad Jacobson is a contributing investigative reporter for Raw Story. Additional research was provided by Ron Brynaert. From rforno at infowarrior.org Wed Oct 21 19:41:26 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Oct 2009 15:41:26 -0400 Subject: [Infowarrior] - U.S. to Order Steep Pay Cuts at Firms That Got Most Aid Message-ID: <97E33FA7-BEA7-46AE-86B5-F6A7515FC74F@infowarrior.org> About time......if we're bailing you out for your idiocy, the least you can do is take a pay cut. --rf October 22, 2009 U.S. to Order Steep Pay Cuts at Firms That Got Most Aid By STEPHEN LABATON http://www.nytimes.com/2009/10/22/business/22pay.html?hp=&pagewanted=print WASHINGTON ? Responding to the growing furor over the paychecks of executives at companies that received billions of dollars in federal bailouts, the Obama administration will order the companies that received the most aid to deeply slash the compensation to their highest paid executives, an official involved in the decision said on Wednesday. Under the plan, which will be announced in the next few days by the Treasury Department, the seven companies that received the most assistance will have to cut the cash payouts to their 25 best-paid executives by an average of about 90 percent from last year. For many of the executives, the cash they would have received will be replaced by stock that they will be restricted from selling immediately. And for all executives the total compensation, which includes bonuses, will drop, on average, by about 50 percent. The companies are Citigroup, Bank of America, the American International Group, General Motors, Chrysler and the financing arms of the two automakers. At the financial products division of A.I.G., the locus of problems that plagued the large insurer and forced its rescue with more than $180 billion in taxpayer assistance, no top executive will receive more than $200,000 in total compensation, a stunning decline from previous years in which the unit produced many wealthy executives and traders. In contrast to previous years, an official said, executives in the financial products division will receive no other compensation, like stocks or stock options. And at all of the companies, any executive seeking more than $25,000 in special perks ? like country club memberships, private planes, limousines or company issued cars ? will have to apply to the government for permission. The administration will also warn A.I.G. that it must fulfill a commitment it made to significantly reduce the $198 million in bonuses promised to employees in the financial products division. The pay restrictions illustrate the humbling downfall of the once- proud giants, now wards of the state whose leaders? compensation is being set by a Washington paymaster. They also show how Washington in the last year has become increasingly powerful in setting corporate policies as more companies turned to the government for money to survive. The compensation schedules set by Kenneth R. Feinberg, the special master at Treasury handling compensation issues, comes as many other banks that received smaller but significant taxpayer assistance in the last year have been reporting huge year-end bonuses, setting off a new round of recrimination in Washington about the bailout of Wall Street. Since his appointment last June by Treasury Secretary Timothy F. Geithner, Mr. Feinberg has spent months in negotiations with the companies as he seeks to balance compensation concerns against fears at the companies that any huge restrictions in pay could prompt an exodus of executives. Under a law adopted earlier this year, the Treasury Department was instructed to examine the salaries and bonuses for the five most-senior executives and their 20 most highly paid employees at companies that have received extraordinary assistance. Mr. Feinberg has already achieved significant results at several companies. As a result of his discussions, Kenneth D. Lewis, the head of Bank of America who recently resigned, agreed to forgo his salary and bonus for 2009. (He will still receive a pension of $53.2 million, although Mr. Feinberg can issue an advisory opinion challenging it that would carry political weight.) And fearful of a political backlash over the pay of Andrew J. Hall, a successful energy trader who received nearly $100 million last year, Citigroup agreed two weeks ago to sell its Phibro unit that Mr. Hall heads to Occidental Petroleum. From rforno at infowarrior.org Thu Oct 22 13:29:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Oct 2009 09:29:11 -0400 Subject: [Infowarrior] - House Considers Limiting Patriot Act Spy Powers Message-ID: <276D3451-C8BE-4FF5-A98D-805D6F89BBEF@infowarrior.org> House Considers Limiting Patriot Act Spy Powers ? By David Kravets ? October 21, 2009 | ? 6:09 pm | http://www.wired.com/threatlevel/2009/10/conyers_bill/ Powerful House members are proposing sweeping reforms to U.S. surveillance law that puts them on a collision course with legislation in the Senate that favors domestic spying. Rep. John Conyers (D-Michigan), the chairman of the House Judiciary Committee, proposes limiting government's Patriot Act spy powers. The proposals (.pdf) come as key provisions of the Patriot Act are set to expire at year?s end. The act, hastily adopted six weeks after the 2001 terror attacks, greatly expanded the government?s ability to spy on Americans in the name of national security. Lawmakers are taking the expiration as an opportunity to revisit a number of surveillance provisions, including elements of the Patriot Act that aren?t set to expire, including a 2008 law that granted legal immunity to phone companies that cooperated with the Bush administration?s warrantless wiretapping of Americans. The proposals (.pdf) by House Judiciary Committee Chairman John Conyers Jr. (D-Michigan), Rep. Jerrold Nadler (D-New York) and Rep. Bobby Scott (D-Virginia) include a plan to alter the standard by which so-called National Security Letters are issued under the Patriot Act. Under a provision that is not set to expire, NSLs allow the FBI, without a court order, to obtain telecommunication, financial and credit records relevant to a government investigation. The FBI issues about 50,000 NSLs annually, and an internal watchdog has found repeated abuses of the NSL powers. The Conyers-Nadler-Scott package would restrict the government by only permitting NSLs in cases concerning terrorism or spy activities of an agent of a foreign power. If it became law, such a plan would vastly reduce whom the government could target. A virtually identical proposal by Sen. Richard Durbin (D-Illinois) failed to get out of the Senate Judiciary Committee on Oct. 8 after lawmakers caved to FBI concerns that the changeover would jeopardize terror investigations. Kevin Bankston, a privacy lawyer with the Electronic Frontier Foundation, applauded the latest NSL proposal. ?As currently written, NSLs can be used to obtain the records of somebody not suspected of a crime. It?s a suspicionless standard. Under the proposal they must relate to an agent of a foreign power, of somebody working for a foreign government or foreign terror organization, ? he said. ?That ensures that there is a particularized suspicion rather than allowing them to go on a fishing expedition.? Conyers, in a statement, said: ?Over the past eight years, Americans grew tired of the same old scare tactics, designed to fool the public into believing that we needed to give up freedom to be safe from terrorism.? Whether these and the other proposals unveiled Tuesday would survive the House Judiciary Committee is unclear. No hearing date has been set. But the FBI and other counterterrorism agencies are expected to pressure committee members to follow the Senate?s path and not substantially alter Patriot Act spy powers. The Obama administration, meanwhile, announced last month it was willing to consider ?modifications? to the Patriot Act ?provided that they do not undermine the effectiveness of these important authorities.? Another of the Conyers measures would nullify (.pdf) 2008 congressional legislation ? which is not part of the Patriot Act ? that immunized the nation?s telecommunication companies from lawsuits accusing them of siphoning Americans? electronic communications to the National Security Agency without warrants. The Electronic Frontier Foundation sued AT&T in a San Francisco federal court, which dismissed the case because of the immunity legislation, which President Barack Obama voted for as an Illinois senator. A similar immunity bill by Sen. Russ Feingold (D-Wisconsin) has not received consideration by a Senate committee. The House proposal would also renew, but weaken, a Patriot Act ?roving wiretap? provision expiring at year?s end. The law currently allows the FBI to obtain wiretaps from a secret court ? known as the Foreign Intelligence Surveillance Act Court or FISA court ? without having to identify the target or what method of communication is to be tapped. The Conyers proposal, while not requiring the government to disclose who is the target, requires the FBI to specify that a single person is being targeted. The House proposal would also do away with the so-called ?lone wolf? measure that expires at year?s end ? that allows FISA court warrants for the electronic monitoring of a person for whatever reason ? even without showing that the suspect is an agent of a foreign power or a terrorist. The government has said it has never invoked that provision, but that it wants to retain the authority to do so. A Feingold measure to do away with the ?lone wolf? concept was defeated two weeks ago by the Senate Judiciary Committee. Another proposal on the House table is similar to a measure the Senate Judiciary Committee sent to the full Senate two weeks ago. It concerns one of the more controversial provisions of the Patriot Act ? Section 215, the third and final expiring provision. The section allows the secret FISA court to authorize broad warrants for most any type of record, including those held by banks, libraries and doctors. Neither the Senate nor the House require the government to show a connection between the items sought under a Section 215 warrant and a suspected terrorist or spy. But the Senate version and the latest House proposal require such a connection when it comes to library records. From rforno at infowarrior.org Thu Oct 22 16:01:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Oct 2009 12:01:57 -0400 Subject: [Infowarrior] - Telecom firms face net-neutrality defeat Message-ID: Telecom firms face net-neutrality defeat LOBBYING BLITZ MAY FALL SHORT FCC expected to approve plan to develop Web access rules By Cecilia Kang Washington Post Staff Writer Thursday, October 22, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/10/21/AR2009102103944_pf.html Facing a major regulatory issue that could be worth a fortune in future business, AT&T has unleashed the kind of lobbying blitz that makes it one of the grand corporate players of the great Washington game. And yet, for all the money AT&T and other old-line telecom and cable companies have spent pushing their cause, they are poised to lose a key vote to a bunch of younger technology companies that never had anything to do with Washington until recently. If the Federal Communications Commission votes Thursday in favor of crafting rules to let the government oversee access to the Internet, it could be a sign of a fundamental shift of power under the Obama administration that may make K Street rethink its ways. "This is totally new in Washington, that opposed to only the old Goliaths like AT&T, or traditional public utilities commissions or large insurance companies at the table, they are now joined by others like tech growth companies," said Mark Heesen, president of the National Venture Capital Association, a trade group that represents the investors of Web giants such as Google, Facebook and Amazon. The vote is on a proposal that would begin a months-long process to formulate rules on how Internet service providers manage traffic on their networks while not blocking or unfairly slowing some content. The proposal, favored by Chairman Julius Genachowski, is expected to pass with three votes out of five. AT&T and other wireless and cable providers say the proposal amounts to giving the government control over the Internet, and that companies will lose the ability to reduce congestion on their networks. Web service providers such as Google and Skype counter that they need unfettered access to all Internet users because the carriers could decide to block services that compete with their own. A flood of calls, e-mails In recent weeks, large telecommunications and cable firms have been flooding the offices of Congress, blasting e-mails and calling aides to try to get them to sign onto letters sent to Genachowski in protest of his push for new "net neutrality" rules. Staffers on Capitol Hill and at the FCC say the most active lobbyists have been from AT&T -- a company that is historically the largest donor to the political campaigns of members of Congress It has spent more than $8 million in lobbying this year on a wide range of issues, including net neutrality, according to the Center for Responsive Politics. Last week, 72 Democratic members of Congress wrote the FCC in opposition to the net-neutrality proposals. Many of them, staffers said, had been encouraged to write by AT&T. And 52 of them received a total of $180,000 in campaign contributions from AT&T this year, according to the Center. Over the weekend, AT&T's chief lobbyist, Jim Cicconi, reached inside the company for lobbying support, asking its 300,000 employees to write the FCC that net neutrality would severely hurt their business. AT&T spokeswoman Claudia Jones declined to comment on the company's lobbying on the issue, saying, "Honestly, if you look at letters against net neutrality, they were sent because [lawmakers] had conviction and felt very strongly about it." Google, by contrast, hired its first Washington staffer in 2005 and opened its first permanent office here last year, with a staff of 20. It has spent $1.8 million in lobbying this year, compared with $6.8 million by Verizon and $6 million by Comcast. Dozens of venture capitalists and high-tech giants, including Amazon, eBay and Facebook, jumped into the debate this week, throwing their support behind Genachowski's proposal, which would benefit their firms. Burning bridges? Not all broadband network operators agree with AT&T's approach, saying such an aggressive approach on the first major item introduced by Genachowski may hurt the company down the road. "Why burn every bridge before this comes out?" said one industry source who spoke on the condition of anonymity because the proposal hasn't been made public. Marvin Ammori, general counsel at public interest group Free Press, said that if the FCC compromises on its proposal, that would be an indication that AT&T's tactics are effective. "This would send a clear signal that if you run as hard as you can and pay a bunch of lobbyists and sow confusion in the press, Julius Genachowski will buckle," Ammori said. Genachowski, a former FCC counsel, has roots in the Internet start-up world. He was an executive at IAC/Interactive, which owns a variety of Internet companies, such as Evite and Urbanspoon. Some staffers at the FCC and on the Hill say the voice of AT&T and other telecom companies is diminishing, and that Thursday's vote is likely to be a sign to those companies that the rules are changing. "They are playing the same game but they may not get the same outcomes that they are used to," said a staffer on the House Energy and Commerce Committee, which oversees telecommunications policy, who spoke on the condition of anonymity because the person was not authorized to speak publicly. "The issues and people have changed, from the Obama administration to new members down to new staff, who see things differently." Rep. Edward J. Markey (D-Mass.), a key member of the Energy Committee, said AT&T "wants to frame it as big companies against each other, but in fact millions of people online see net neutrality as the ability for great ideas by the next Steve Jobs, Bill Gates or Sergey Brin to get out without having to ask permission from companies like AT&T." From rforno at infowarrior.org Thu Oct 22 17:39:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Oct 2009 13:39:00 -0400 Subject: [Infowarrior] - FCC proposes network neutrality rules (and big exemptions) Message-ID: <7444F400-2E46-46B8-9A89-683D0FEDCBFD@infowarrior.org> FCC proposes network neutrality rules (and big exemptions) http://arstechnica.com/tech-policy/news/2009/10/fcc-proposes-network-neutrality-rules-and-big-exemptions.ars?utm_source=rss&utm_medium=rss&utm_campaign=rss The FCC unveiled its six network neutrality rules today, along with a pair of gaping exceptions. But does the agency even have the authority to regulate the 'Net? The Republicans and the EFF both say no. By Nate Anderson | Last updated October 22, 2009 11 As expected, the FCC laid out its draft network neutrality rules at an open meeting today. Despite the partial dissent of the two Republican commissioners, the pro-neutrality faction has won a major rhetorical battle; even its toughest opponents sing the praises of a "free and open Internet." The draft rules are short, taking up less than two pages of text. At their heart are the four existing "Internet freedoms" that the FCC approved back in 2005: ? Consumers are entitled to access the lawful Internet content of their choice ? Consumers are entitled to run applications and use services of their choice, subject to the needs of law enforcement ? Consumers are entitled to connect their choice of legal devices that do not harm the network ? Consumers are entitled to competition among network providers, application and service providers, and content providers. The proposed rules make the principles binding, but they also add two new items to the list: nondiscrimination and transparency. ? A provider of broadband Internet access service must treat lawful content, applications, and services in a nondiscriminatory manner ? A provider of broadband Internet access service must disclose such information concerning network management and other practices as is reasonably required for users and content, application, and service providers to enjoy the protections specified in this rulemaking Exceptional rules Are there exceptions? Of course there are, and the ways that the exceptions are put into practice will have a significant effect on US network design. First, all six principles are subject to "reasonable network management." No one's sure what that means, but the FCC staff have now developed guidance that is far more helpful than the previous (nonexistent) guidance. Network management is reasonable if it is used ? To manage congestion on networks ? To address harmful traffic (viruses, spam) ? To block unlawful content (child porn) ? To block unlawful transfers of content (copyright infringement) ? For "other reasonable network management practices" The ambiguity of that last item is striking, and we'll have to see what sorts of things the FCC allows in practice before understanding just how wide this exemption really is. The second exemption to the rules is for "managed services," another hazy area. FCC staff are defining managed services as offerings that are provided over the same networks as regular Internet access but that "differ from broadband Internet access service in ways that suggest a different policy approach." This includes things like voice services and telemedicine, but it's obviously a pretty broad category, and the FCC is asking for guidance on how to define it. It appears that the agency is looking for ways to let telcos and cable companies offer additional, prioritized services over a single line, things like analog and digital voice, cable TV, and low-latency connections for medical use. The rules apply to every Internet connection, wired and wireless, though what is "reasonable" may vary by connection type and even by network speed. As Commissioner Michael Copps put it in his supporting remarks, "What is reasonable today might be unreasonable tomorrow?and vice versa" as networks expand. There's nothing new here? Chairman Genachowski pitched the move as evolutionary rather than revolutionary, noting that the FCC in the past (and under Republican leadership) had already adopted the four Internet principles, slapped network neutrality conditions on the AT&T/BellSouth merger, and made the decision to sanction Comcast. And while he's willing to listen to everyone, people should know that "'anything goes' is not a serious argument" at the Genachowski-led FCC. He argued that proper rules are a spur to investment, not a barrier, and says that he remains fully aware of "the risk of unintended consequences." Hence, the rules are meant to be brief, and to be general, with several big exemptions so as not to bind the agency's hands in the future. The three Democratic commissioners also called out the scariest rhetoric surrounding network neutrality rules. Mignon Clyburn singled out the parties that prefer "radioactive rhetoric" and said it might yield headlines but not good results with her. Copps bashed the "Chicken Littles running around proclaiming the sky's falling" and called for facts, not fear. Even those who opposed the rules were limited in their criticism; both Robert McDowell and Meredith Baker applauded the process so far and the idea of the open Internet. Comcast's statement opened the same way: "We share and embrace the objective of an open Internet, as we always have." The cable lobby agrees, telling Ars, "To be clear, we regard this as a debate about means, not ends; we support a free and open Internet." Everyone loves openness, but the two Republican commissioners worry that FCC rules aren't the way to get there, and both claim that the agency did not have the authority to make such rules. In an odd twist, the Electronic Frontier Foundation agrees. Despite supporting neutrality, the group argues that "Congress has never given the FCC any authority to regulate the Internet for the purpose of ensuring net neutrality." (This is the basic argument being made now in federal court by Comcast.) The danger is that such authority over the Internet might today be used for good, but "it could just as easily be invoked tomorrow for any other Internet regulation that the FCC dreams up (including things we won?t like). For example, it doesn't take much imagination to envision a future FCC 'Internet Decency Statement'? And it's also too easy to imagine an FCC 'Internet Lawful Use Policy,' created at the behest of the same entertainment lobby that has long been pressing the FCC to impose DRM on TV and radio, with ISPs required or encouraged to filter or otherwise monitor their users to ensure compliance." But Genachowski is pushing ahead. Comments on the draft rules are due in January 2010, with reply comments due in March 2010; final rules could arrive by next summer. Whatever one thinks of the draft rules, it remains encouraging to see the FCC doing things the "right way." Under predecessor Kevin Martin, a "Notice of Proposed Rulemaking" might be issued without containing the actual draft text of the rule?a fact that several commissioners noted. And Genachowski has the FCC blogging (even liveblogging the meeting), is overhauling the agency website, and has ditched the horrible RealPlayer streaming setup in favor of Flash video that actually works the first time. From rforno at infowarrior.org Fri Oct 23 03:04:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Oct 2009 23:04:23 -0400 Subject: [Infowarrior] - Report: PRC Cyberwar & CNE Capability Message-ID: <79563491-2525-495D-840D-ADAD9897125E@infowarrior.org> Capability of the People?s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation Prepared for The US-China Economic and Security Review Commission PDF @ http://www.uscc.gov/researchpapers/2009/NorthropGrumman_PRC_Cyber_Paper_FINAL_Approved%20Report_16Oct2009.pdf From rforno at infowarrior.org Fri Oct 23 13:01:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Oct 2009 09:01:48 -0400 Subject: [Infowarrior] - Chamber of Commerce invokes DMCA Message-ID: EFF: Chamber of Commerce Takes Aim at Yes Men Business Group Tries to Take Down Parody Site After Embarrassing Prank http://www.eff.org/press/archives/2009/10/22 San Francisco - Attorneys for the U.S. Chamber of Commerce have issued a takedown notice in an attempt to silence a parody website that was posted in support of the Yes Men's embarrassing prank poking fun at the Chamber's stance on climate change legislation. In a letter sent to the Chamber's attorneys today, the Electronic Frontier Foundation (EFF) demands that the baseless claims be withdrawn immediately. "We are very disappointed the Chamber of Commerce decided to respond to political criticism with legal threats," said EFF Staff Attorney Corynne McSherry. "The site is obviously intended to highlight and parody the Chamber's controversial views, which have sparked political debate and led high-profile members to withdraw their support from the Chamber." The effort to take down the website -- currently located at www.chamber-of-commerce.us -- comes on the heels of a Yes Men prank that made international news this week. The group put out a press release and held a spoof news conference on Monday, claiming that the Chamber of Commerce had reversed its position and would stop lobbying against a climate bill currently in the Senate. Several news outlets reported the story before determining it was a prank. Yesterday afternoon, attorneys for the Chamber sent a Digital Millennium Copyright Act (DMCA) takedown notice to the site's upstream provider, Hurricane Electric Internet Services, claiming that the site constituted copyright infringement and demanding that the site be shut down immediately and that the creator's service be canceled. "Parody is a well-established right, protected under copyright law and the First Amendment," said EFF Senior Staff Attorney Matt Zimmerman. "Hopefully, the Chamber will reconsider its position and realize that such strong-arm tactics are inappropriate and counter-productive." For the full text of the letter: http://www.eff.org/files/filenode/ip_freespeech/yesmenletter.pdf For the full text of the DMCA takedown notice: http://www.eff.org/files/chamber-dmca-notice.pdf For the parody site: http://www.chamber-of-commerce.us Contacts: Corynne McSherry Staff Attorney Electronic Frontier Foundation corynne at eff.org Matt Zimmerman Senior Staff Attorney Electronic Frontier Foundation mattz at eff.org From rforno at infowarrior.org Fri Oct 23 16:40:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Oct 2009 12:40:35 -0400 Subject: [Infowarrior] - Rutkowska's Evil Maid attack Message-ID: <125F004C-5F65-4AF0-A591-721B54938AA0@infowarrior.org> Evil Maid goes after TrueCrypt! From time to time it?s good to take a break from all the ultra-low- level stuff, like e.g. chipset or TXT hacking, and do something simple, yet still important. Recently Alex Tereshkin and I got some spare time and we implemented the Evil Maid Attack against TrueCrypt system disk encryption in a form of a small bootable USB stick image that allows to perform the attack in an easy ?plug-and-play? way. The whole infection process takes about 1 minute, and it?s well suited to be used by hotel maids. < - > http://theinvisiblethings.blogspot.com/2009/10/evil-maid-goes-after-truecrypt.html From rforno at infowarrior.org Sun Oct 25 04:28:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Oct 2009 00:28:02 -0400 Subject: [Infowarrior] - Ever-Present Surveillance Rankles the British Public Message-ID: <00470720-CB2E-466E-88B2-96C7766B1250@infowarrior.org> October 25, 2009 Ever-Present Surveillance Rankles the British Public By SARAH LYALL http://www.nytimes.com/2009/10/25/world/europe/25surveillance.html?_r=1&pagewanted=print POOLE, England ? It has become commonplace to call Britain a ?surveillance society,? a place where security cameras lurk at every corner, giant databases keep track of intimate personal details and the government has extraordinary powers to intrude into citizens? lives. A report in 2007 by the lobbying group Privacy International placed Britain in the bottom five countries for its record on privacy and surveillance, on a par with Singapore. But the intrusions visited on Jenny Paton, a 40-year-old mother of three, were startling just the same. Suspecting Ms. Paton of falsifying her address to get her daughter into the neighborhood school, local officials here began a covert surveillance operation. They obtained her telephone billing records. And for more than three weeks in 2008, an officer from the Poole education department secretly followed her, noting on a log the movements of the ?female and three children? and the ?target vehicle? (that would be Ms. Paton, her daughters and their car). It turned out that Ms. Paton had broken no rules. Her daughter was admitted to the school. But she has not let the matter rest. Her case, now scheduled to be heard by a regulatory tribunal, has become emblematic of the struggle between personal privacy and the ever more powerful state here. The Poole Borough Council, which governs the area of Dorset where Ms. Paton lives with her partner and their children, says it has done nothing wrong. In a way, that is true: under a law enacted in 2000 to regulate surveillance powers, it is legal for localities to follow residents secretly. Local governments regularly use these surveillance powers ? which they ?self-authorize,? without oversight from judges or law enforcement officers ? to investigate malfeasance like illegally dumping industrial waste, loan-sharking and falsely claiming welfare benefits. But they also use them to investigate reports of noise pollution and people who do not clean up their dogs? waste. Local governments use them to catch people who fail to recycle, people who put their trash out too early, people who sell fireworks without licenses, people whose dogs bark too loudly and people who illegally operate taxicabs. ?Does our privacy mean anything?? Ms. Paton said in an interview. ?I haven?t had a drink for 20 years, but there is nothing that has brought me closer to drinking than this case.? The law in question is known as the Regulation of Investigatory Powers Act, or RIPA, and it also gives 474 local governments and 318 agencies ? including the Ambulance Service and the Charity Commission ? powers once held by only a handful of law enforcement and security service organizations. Under the law, the localities and agencies can film people with hidden cameras, trawl through communication traffic data like phone calls and Web site visits and enlist undercover ?agents? to pose, for example, as teenagers who want to buy alcohol. In a report this summer, Sir Christopher Rose, the chief surveillance commissioner, said that local governments conducted nearly 5,000 ?directed surveillance missions? in the year ending in March and that other public authorities carried out roughly the same amount. Local officials say that using covert surveillance is justified. The Poole Borough Council, for example, used it to detect and prosecute illegal fishing in Poole Harbor. ?RIPA is an essential tool for local authority enforcement which we make limited use of in cases where it is proportionate and there are no other means of gathering evidence,? Tim Martin, who is in charge of legal and democratic services for Poole, which is southwest of London, said in a statement. The fuss over the law comes against a backdrop of widespread public worry about an increasingly intrusive state and the growing circulation of personal details in vast databases compiled by the government and private companies. ?Successive U.K. governments have gradually constructed one of the most extensive and technologically advanced surveillance systems in the world,? the House of Lords Constitution Committee said in a recent report. It continued: ?The development of electronic surveillance and the collection and processing of personal information have become pervasive, routine and almost taken for granted.? The Lords report pointed out that the government enacted the law in the first place to provide a framework for a series of scattershot rules on surveillance. The goal was also to make such regulations compatible with privacy rights set out in the European Convention on Human Rights. RIPA is a complicated law that also regulates wiretapping and intrusive surveillance carried out by the security services. But faced with rumbles of public discontent about local governments? behavior, the Home Office announced in the spring that it would review the legislation to make it clearer what localities should be allowed to do. ?The government has absolutely no interest in spying on law-abiding people going about their everyday lives,? Jacqui Smith, then home secretary, said. One of the biggest criticisms of the law is that the targets of surveillance are usually unaware that they have been spied on. Indeed, Ms. Paton learned what had happened only later, when officials summoned her to discuss her daughter?s school application. To her shock, they produced the covert surveillance report and the family?s telephone billing records. ?As far as I?m concerned, they?re within their rights to scrutinize all applications, but the way they went about it was totally unwarranted,? Ms. Paton said. ?If they?d wanted any information, they could have come and asked.? She would have explained that her case was complicated. The family was moving from their old house within the school district to a new one just outside it. But they met the residency requirements because they were still living at the old address when school applications closed. At the meeting, Ms. Paton and her partner, Tim Joyce, pointed out that the surveillance evidence was irrelevant because the surveillance had been carried out after the deadline had passed. ?They promptly ushered us out of the room,? she said. ?As I stood outside the door, they said, ?You go and tell your friends that these are the powers we have.? ? Soon afterward, their daughter was admitted to the school. Ms. Paton began pressing local officials on their surveillance tactics. ?I said, ?I want to come in and talk to you,? ? she said. ? ?How many people were in the car? Were they men or women? Did they take any photos? Does this mean I have a criminal record?? ? No one would answer her questions, Ms. Paton said. Mr. Martin said he could not comment on her case because it was under review. But Ms. Paton said the Office of the Surveillance Commissioners, which monitors use of the law, found that the Poole council had acted properly. ?They said my privacy wasn?t intruded on because the surveillance was covert,? she said. The case is now before the Investigatory Powers Tribunal, which looks into complaints about RIPA. It usually meets in secret but has agreed, Ms. Paton said, to have an open hearing at the beginning of November. The whole process is so shrouded in mystery that few people ever take it this far. ?Because no one knows you have a right to know you?re under surveillance,? Ms. Paton said, ?nobody ever makes a complaint.? From rforno at infowarrior.org Mon Oct 26 17:16:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Oct 2009 13:16:28 -0400 Subject: [Infowarrior] - RFI: VOIP Message-ID: <6A41604F-7D67-4C85-B158-D1DB50F615A6@infowarrior.org> Thinking of dumping the landline and going to cellphone-only and/or VOIP. Probably the latter, since I despise cellphones.....and no, FIOS is not available here anytime soon. Any recommendations on 'good' VOIP providers? --rf From rforno at infowarrior.org Tue Oct 27 02:04:12 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Oct 2009 22:04:12 -0400 Subject: [Infowarrior] - Old Trick Threatens the Newest Weapons Message-ID: <0712FDAA-D1B5-47CA-A871-4733DAFDA6AC@infowarrior.org> October 27, 2009 Cyberwar Old Trick Threatens the Newest Weapons By JOHN MARKOFF http://www.nytimes.com/2009/10/27/science/27trojan.html?hpw=&pagewanted=print Despite a six-year effort to build trusted computer chips for military systems, the Pentagon now manufactures in secure facilities run by American companies only about 2 percent of the more than $3.5 billion of integrated circuits bought annually for use in military gear. That shortfall is viewed with concern by current and former United States military and intelligence agency executives who argue that the menace of so-called Trojan horses hidden in equipment circuitry is among the most severe threats the nation faces in the event of a war in which communications and weaponry rely on computer technology. As advanced systems like aircraft, missiles and radars have become dependent on their computing capabilities, the specter of subversion causing weapons to fail in times of crisis, or secretly corrupting crucial data, has come to haunt military planners. The problem has grown more severe as most American semiconductor manufacturing plants have moved offshore. Only one-fifth of all computer chips are now made in the United States, and just one-quarter of the chips based on the most advanced technologies are built here, I.B.M. executives say. That has led the Pentagon and the National Security Agency to expand significantly the number of American plants authorized to manufacture chips for the Pentagon?s Trusted Foundry program. Despite the increases, semiconductor industry executives and Pentagon officials say, the United States lacks the ability to fulfill the capacity requirements needed to manufacture computer chips for classified systems. ?The department is aware that there are risks to using commercial technology in general and that there are greater risks to using globally sourced technology,? said Robert Lentz, who before his retirement last month was in charge of the Trusted Foundry program as the deputy assistant defense secretary for cyber, identity and information assurance. Counterfeit computer hardware, largely manufactured in Asian factories, is viewed as a significant problem by private corporations and military planners. A recent White House review noted that there had been several ?unambiguous, deliberate subversions? of computer hardware. ?These are not hypothetical threats,? the report?s author, Melissa Hathaway, said in an e-mail message. ?We have witnessed countless intrusions that have allowed criminals to steal hundreds of millions of dollars and allowed nation-states and others to steal intellectual property and sensitive military information.? Ms. Hathaway declined to offer specifics. Cyberwarfare analysts argue that while most computer security efforts have until now been focused on software, tampering with hardware circuitry may ultimately be an equally dangerous threat. That is because modern computer chips routinely comprise hundreds of millions, or even billions, of transistors. The increasing complexity means that subtle modifications in manufacturing or in the design of chips will be virtually impossible to detect. ?Compromised hardware is, almost literally, a time bomb, because the corruption occurs well before the attack,? Wesley K. Clark, a retired Army general, wrote in an article in Foreign Affairs magazine that warns of the risks the nation faces from insecure computer hardware. ?Maliciously tampered integrated circuits cannot be patched,? General Clark wrote. ?They are the ultimate sleeper cell.? Indeed, in cyberwarfare, the most ancient strategy is also the most modern. Internet software programs known as Trojan horses have become a tool of choice for computer criminals who sneak malicious software into computers by putting it in seemingly innocuous programs. They then pilfer information and transform Internet-connected PCs into slave machines. With hardware, the strategy is an even more subtle form of sabotage, building a chip with a hidden flaw or a means for adversaries to make it crash when wanted. Pentagon executives defend the manufacturing strategy, which is largely based on a 10-year contract with a secure I.B.M. chipmaking plant in Burlington, Vt., reported to be valued as high as $600 million, and a certification process that has been extended to 28 American chipmakers and related technology firms. ?The department has a comprehensive risk-management strategy that addresses a variety of risks in different ways,? said Mitchell Komaroff, the director of a Pentagon program intended to develop a strategy to minimize national security risks in the face of the computer industry?s globalization. Mr. Komaroff pointed to advanced chip technologies that made it possible to buy standard hardware components that could be securely programmed after they were acquired. But as military planners have come to view cyberspace as an impending battlefield, American intelligence agency experts said, all sides are arming themselves with the ability to create hardware Trojan horses and to hide them deep inside the circuitry of computer hardware and electronic devices to facilitate military attacks. In the future, and possibly already hidden in existing weapons, clandestine additions to electronic circuitry could open secret back doors that would let the makers in when the users were depending on the technology to function. Hidden kill switches could be included to make it possible to disable computer-controlled military equipment from a distance. Such switches could be used by an adversary or as a safeguard if the technology fell into enemy hands. A Trojan horse kill switch may already have been used. A 2007 Israeli Air Force attack on a suspected partly constructed Syrian nuclear reactor led to speculation about why the Syrian air defense system did not respond to the Israeli aircraft. Accounts of the event initially indicated that sophisticated jamming technology was used to blind the radars. Last December, however, a report in an American technical publication, IEEE Spectrum, cited a European industry source in raising the possibility that the Israelis might have used a built-in kill switch to shut down the radars. Separately, an American semiconductor industry executive said in an interview that he had direct knowledge of the operation and that the technology for disabling the radars was supplied by Americans to the Israeli electronic intelligence agency, Unit 8200. The disabling technology was given informally but with the knowledge of the American government, said the executive, who spoke on the condition of anonymity. His claim could not be independently verified, and American military, intelligence and contractors with classified clearance declined to discuss the attack. The United States has used a variety of Trojan horses, according to various sources. In 2004, Thomas C. Reed, an Air Force secretary in the Reagan administration, wrote that the United States had successfully inserted a software Trojan horse into computing equipment that the Soviet Union had bought from Canadian suppliers. Used to control a Trans-Siberian gas pipeline, the doctored software failed, leading to a spectacular explosion in 1982. Crypto AG, a Swiss maker of cryptographic equipment, was the subject of intense international speculation during the 1980s when, after the Reagan administration took diplomatic actions in Iran and Libya, it was widely reported in the European press that the National Security Agency had access to a hardware back door in the company?s encryption machines that made it possible to read electronic messages transmitted by many governments. According to a former federal prosecutor, who declined to be identified because of his involvement in the operation, during the early ?80s the Justice Department, with the assistance of an American intelligence agency, also modified the hardware of a Digital Equipment Corporation computer to ensure that the machine ? being shipped through Canada to Russia ? would work erratically and could be disabled remotely. The American government began making a concerted effort to protect against hardware tampering in 2003, when Deputy Defense Secretary Paul D. Wolfowitz circulated a memorandum calling on the military to ensure the economic viability of domestic chipmakers. In 2005, the Defense Science Advisory Board issued a report warning of the risks of foreign-made computer chips and calling on the Defense Department to create a policy intended to stem the erosion of American semiconductor manufacturing capacity. Former Pentagon officials said the United States had not yet adequately addressed the problem. ?The more we looked at this problem the more concerned we were,? said Linton Wells II, formerly the principal deputy assistant defense secretary for networks and information integration. ?Frankly, we have no systematic process for addressing these problems.? From rforno at infowarrior.org Tue Oct 27 02:25:56 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Oct 2009 22:25:56 -0400 Subject: [Infowarrior] - SEC and Homeland Security need Web backup, GAO says Message-ID: <3481EABC-DF9D-476A-ABCB-D89A19D9C2A9@infowarrior.org> SEC and Homeland Security need Web backup, GAO says Mon Oct 26, 2009 6:53pm EDT By Maggie Fox, Health and Science Editor http://www.reuters.com/article/newsOne/idUSN2620750120091026 WASHINGTON (Reuters) - Securities exchanges have a sound network back- up if a severe pandemic keeps people home and clogging the Internet, but the Homeland Security Department has done little planning, Congressional investigators said on Monday. The department does not even have a plan to start work on the issue, the General Accountability Office said. But the Homeland Security Department accused the GAO of having unrealistic expectations of how the Internet could be managed if millions began to telework from home at the same time as bored or sick schoolchildren were playing online, sucking up valuable bandwidth. Experts have for years pointed to the potential problem of Internet access during a severe pandemic, which would be a unique kind of emergency. It would be global, affecting many areas at once, and would last for weeks or months, unlike a disaster such as a hurricane or earthquake. H1N1 swine flu has been declared a pandemic but is considered a moderate one. Health experts say a worse one -- or a worsening of this one -- could result in 40 percent absentee rates at work and school at any given time and closed offices, transportation links and other gathering places. Many companies and government offices hope to keep operations going as much as possible with teleworking using the Internet. Among the many problems posed by this idea, however, is the issue of bandwidth -- especially the "last mile" between a user's home and central cable systems. "Such network congestion could prevent staff from broker-dealers and other securities market participants from teleworking during a pandemic," reads the GAO report, available here "The Department of Homeland Security is responsible for ensuring that critical telecommunications infrastructure is protected." BLOCKING WEBSITES Private Internet providers might need government authorization to block popular websites, it said, or to reduce residential transmission speeds to make way for commerce. The Financial Services Sector Coordinating Council for Critical Infrastructure Protection and Homeland Security, a group of private- sector firms and financial trade associations, has been working to ensure that trading could continue if big exchanges had to close because of the risk of disease transmission. "Because the key securities exchanges and clearing organizations generally use proprietary networks that bypass the public Internet, their ability to execute and process trades should not be affected by any congestion," the GAO report reads. However, not all had good plans for critical activities if many of their employees were ill, the report reads. Homeland Security had done even less, it said. "DHS has not developed a strategy to address potential Internet congestion," the report said. It had also not even checked into whether the public or even other federal agencies would cooperate, GAO said. "The report gives the impression that there is potentially a single solution to Internet congestion that DHS could achieve if it were to develop an appropriate strategy," DHS's Jerald Levine retorted in a letter to the GAO. "An expectation of unlimited Internet access during a pandemic is not realistic," he added. (editing by Philip Barbara) From rforno at infowarrior.org Tue Oct 27 11:56:09 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Oct 2009 07:56:09 -0400 Subject: [Infowarrior] - Prepaid Providers Seek to Put Locks On Your Phone Message-ID: <38C447E0-9086-4B71-8234-DEB29C9412E8@infowarrior.org> Prepaid Providers Seek to Put Locks On Your Phone and Their Hands In Your Pocket Legislative Analysis by Jennifer Granick http://www.eff.org/deeplinks/2009/10/prepaid-providers-locks-your-phone-hands-pockets As the deadline nears for a decision from the Copyright Office on EFF's request for a renewal of the 2006 exemption from DMCA liability for handset unlocking, prepaid phone companies have opened a new front in the war on consumer choice with a bill called the Wireless Prepaid Access Device Enforcement Act of 2009. If passed, this legislation would make it a crime to purchase or "handle" a prepaid handset for the purpose of modifying the software that ties it to the network, or to sell the handset outside the U.S. EFF represents three phone recyclers in the DMCA rulemaking. These businesses take used handsets and, if possible, refurbish and resell them. The used handsets allow people around the globe to afford the benefits of mobile phones, while keeping functional technology out of landfills and the heavy metals they contain out of our water supply. But our clients are thwarted in finding homes for these perfectly good phones if the devices are locked to networks that purchasers do not want or cannot access, or if they cannot sell unfashionably old handsets in other countries. Moreover, the average mobile phone user wants to know that if she buys a handset and doesn't like her provider, she can switch to a company that gives better service. Customer choice drives quality and innovation. Over 8000 people signed EFF's petition in support of phone exemptions for exactly this reason. So, who would support a bill to prohibit unlocking? Prepaid providers like TracFone and Virgin Mobile subsidize the cost of the handsets they sell, and hope to make up the difference through monthly service fees. But some "bulk unlockers" buy up all the subsidized handsets they can find, unlock them, and sell them at market rates, pocketing the difference. Both prepaid companies have successfully brought a variety of unfair competition claims against bulk unlockers -- demonstrating that neither this bill nor the DMCA prohibitions that threaten phone recyclers and consumers are required to protect prepaid providers' interests. With this legislation, the prepaid wireless service companies would push the expense of protecting their business model onto the shoulders of the American taxpayer by making the FBI and the Justice Department investigate and prosecute handset unlocking for them. Moreover, the bill does nothing to distinguish bulk unlocking arbitragers from phone recyclers or from customers who simply want to switch providers or sell their phones. Here's the choice this bill presents: Congress can force taxpayers to pay the cops to help TracFone and Virgin collect their month-to-month contract fees, or Congress can reject the bill and allow the public to keep the right to unlock their mobile phones, switch their providers, and recycle their handsets. In our opinion, this should be an easy decision. EFF will be watching this bill closely to make sure that we keep prepaid providers' handsets out of landfill, and their hands out of your pocket. From rforno at infowarrior.org Tue Oct 27 12:04:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Oct 2009 08:04:01 -0400 Subject: [Infowarrior] - Probe of Homeland Security privacy office sought Message-ID: <13639C50-05ED-494B-BD8D-39A29CB5A8A0@infowarrior.org> Probe of Homeland Security privacy office sought Group says chief is enabling, not curbing, surveillance By Spencer S. Hsu Washington Post Staff Writer Tuesday, October 27, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/10/26/AR2009102602644_pf.html Privacy advocates have asked lawmakers to investigate the Department of Homeland Security office in charge of protecting Americans' privacy, saying it has shown "an extraordinary disregard" for its duty. In a letter sent Friday to the House Homeland Security Committee, 21 organizations and seven people belonging to the Privacy Coalition say the department's chief privacy officer has seen its role as enabling, rather than curbing, government surveillance and intelligence programs. "The job of Chief Privacy Officer is not to provide public relations for the Department of Homeland Security," stated the coalition letter, whose signers included the American Civil Liberties Union, Gun Owners of America, former congressman Robert L. Barr Jr. (R-Ga.) and libertarians inspired by Rep. Ron Paul (R-Tex.), a former presidential candidate. The Electronic Privacy Information Center, a public interest group in Washington, organized the coalition. Committee Chairman Bennie Thompson (D-Miss.) said the panel is aware of the issues raised by the letter. He added that it will review calls to investigate whether the agency has met the law's requirement of ensuring "that the use of technologies sustain, and do not erode, privacy protections," and if not, to create an independent oversight agency. DHS spokeswoman Sara Kuban said: "The letter reflects a lack of understanding about the role and responsibilities" of Chief Privacy Officer Mary Ellen Callahan and her office. "The Privacy Office is designed to serve as an integral part -- from the earliest stages -- of the policy-making process at the Department, and to ensure that privacy protections are proactively built into the Department's systems and technologies," Kuban said in an e-mail. A "European-style" independent officer would be unable to influence policies before they were enacted, she added. Specifically, critics said the DHS office in the past year has assessed privacy effects of practices such as suspicionless searches of travelers' laptop computers and other electronic devices at border checkpoints, and funding for state and local police intelligence analysis centers, but has done little to scale them back. DHS also apparently could not stop such practices as "whole body imaging" at airports. The government says such images cannot be recorded and are analyzed by security officers at remote locations who never see the passengers. Privacy advocates are skeptical that the technology will not be abused. The rebuke comes amid growing frustration among civil liberties groups that President Obama has not made greater changes to post-Sept. 11, 2001, security measures put in place by his predecessor, George W. Bush. In recent days, privacy advocates have criticized the White House's support for renewing the USA Patriot Act. From rforno at infowarrior.org Wed Oct 28 02:05:52 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Oct 2009 22:05:52 -0400 Subject: [Infowarrior] - Clarke: War From Cyberspace Message-ID: <02B487BE-F331-44D5-94F0-459722C52336@infowarrior.org> War From Cyberspace by Richard Clarke 10.27.2009 http://www.nationalinterest.org/Article.aspx?id=22340 From the November/December issue of The National Interest. ON OCTOBER 1, just beyond the Beltway inside Fort Meade, a four-star general became the first head of America?s new Cyber Command. Subordinate to General Keith Alexander are the Tenth Fleet and the Twenty-Fourth Air Force. The fleet has no ships, and the air-force unit has neither aircraft nor missiles. Their weapons are ones and zeroes. Their battlefield is cyberspace. The mission of Cyber Command is to protect the U.S. military?s networks and to be ready to launch offensive cyber attacks on a potential enemy. Those offensive cyber attacks have the potential to reach out from cyberspace into the physical dimension, causing giant electrical generators to shred themselves, trains to derail, high- tension power-transmission lines to burn, gas pipelines to explode, aircraft to crash, weapons to malfunction, funds to disappear and enemy units to walk into ambushes. Welcome to warfare in the twenty- first century. We have become accustomed to the pilots of Predator and Reaper drones driving a few miles to their homes in Virginia and dinner with their kids after having ?flown? aircraft all day on the other side of the globe, firing deadly Hellfire missiles into houses of terrorists in Pakistan. That looks like war as PlayStation: death by joystick, no risk of being shot down, no chance of capture. Now, with cyber war, we have another means of launching attacks on the other side of the world, this time with only a keyboard. In Vietnam and Iraq, U.S. pilots were shot down while attempting to bomb enemy air-defense missiles. Now, a cyber warrior might simply shut off an air-defense network or cause missiles to explode on their launch rails, not by using a laser-guided missile, but by activating a logic bomb. Cyber war could well mean fewer casualties, less physical destruction. Surely then, it is a good idea. PERHAPS NOT. Much like sixty years ago when we first began to deal with strategic nuclear weapons, we have neither outlined a clear strategy nor had an open debate about how best to deal with this new capability and this new threat. As former?Secretary of Defense Robert McNamara discovered, without a real strategy for the use of strategic nuclear weapons, we risked annihilation of both ourselves and our enemies. The Strategic Air Command (SAC) had a simple plan: the United States would perceive when the Soviet Union was getting ready to attack us and then SAC would go first, launching all of its weapons against all of its possible targets in the Soviet Union, China and the Warsaw Pact nations of Eastern Europe. Horrified by that idea, McNamara commissioned work that developed a strategy of deterrence, including withholding attacks on cities, controlling escalation, minimizing crisis instability and initiating nuclear-arms control. Much of the development of that strategy was done in public, in speeches by then-President John F. Kennedy and McNamara, and in books by academics such as Herman Kahn, founder of the Hudson Institute, and MIT professor William Kaufmann. This is exactly the kind of discussion we need to have today. For it is not an overstatement to say that the body of work on atomic strategy initiated in the Kennedy administration probably prevented a nuclear war in which hundreds of millions may have died. We sit at a similar historical moment. War fighting is forever changed. Though it will never produce the kind of death toll of nuclear weapons, we can see echoes of these same risks and challenges in today?s newest cyber-war battlefield. We?ve developed a plethora of gee-whiz technological capabilities in the past few years, but cyber war is a wholly new form of combat, the implications of which we do not yet fully understand. Its inherent nature rewards countries that act swiftly and encourages escalation. AS IN the 1960s, the speed of war is rapidly accelerating. Then, long- range missiles could launch from the prairie of Wyoming and hit Moscow in only thirty-five minutes. Strikes in cyber war move at a rate approaching the speed of light. And this speed favors a strategy of preemption, which means the chances that people can become trigger- happy are high. This, in turn, makes cyber war all the more likely. If a cyber-war commander does not attack quickly, his network may be destroyed first. If a commander does not preempt an enemy, he may find that the target nation has suddenly raised new defenses or even disconnected from the worldwide Internet. There seems to be a premium in cyber war to making the first move. And much as in the nuclear era, there is a real risk of escalation with cyber war. Nuclear war was generally believed to be something that might quickly grow out of conventional combat, perhaps initiated with tanks firing at each other in a divided Berlin. The speed of new technologies created enormous risks for crisis instability and miscalculation. Today, the risks of miscalculation are even higher, enhancing the chances that what begins as a battle of computer programs ends in a shooting war. Cyber war, with its low risks to the cyber warriors, may be seen by a decision maker as a way of sending a signal, making a point without actually shooting. An attacker would likely think of a cyber offensive that knocked out an electric-power grid and even destroyed some of the grid?s key components (keeping the system down for weeks), as a somewhat antiseptic move; a way to keep tensions as low as possible. But for the millions of people thrown into the dark and perhaps the cold, unable to get food, without access to cash and dealing with social disorder, it would be in many ways the same as if bombs had been dropped on their cities. Thus, the nation attacked might well respond with ?kinetic activity.? Responding, however, assumes that you know who attacked you. And, one of the major differences between cyber war and conventional war?one that makes the battlefield more perilous?is what cyber warriors call ?the attribution problem.? Put more simply, it is a matter of whodunit. In cyberspace, attackers can hide their identity, cover their tracks. Worse, they may be able to mislead, placing blame on others by spoofing the source. In 2007, the Russian government denied that it had engaged in primitive cyber war against Estonia that took out such things as the financial-services sector, and in 2009 claimed it was not responsible for largely identical activity against Georgia; though Russia did concede that some of its citizens, outraged over the conflict in Abkhazia, might have launched the denial-of-service attacks. In July of this year, cyber attacks were launched against commercial and government websites in the United States and South Korea. The targets included the White House and Washington Post homepages. South Korean intelligence officials blamed the North. The attacks, however, seemed to originate inside South Korea. For years, masses of data have been stolen from sensitive U.S. government and defense-contractor computers in attacks that investigators have code-named ?Moonlight Maze? and ?Titan Rain.? Which nation?or nonstate actor?has repeatedly performed the brazen cyber espionage has never been clearly established. What is clear is that cyber warfare poses new risks that we have yet to fully grasp. THE UNITED States thinks that its cyber warriors are the best at offense, with the capability of shutting down enemy air defenses, electric-power grids, rail systems and telephony. The United States has probably already penetrated many such networks and laced them with trap doors (ways to get back in easily) and logic bombs (software that would wipe out everything on a network). Such offensive prowess does nothing to defend our own networks from similar attacks, however, and the current U.S. defense systems protect only parts of the federal government, and not civilian or private- sector infrastructure. No nation is as dependent on cyber systems and networks for the operation of its infrastructure, economy and military as the United States. Yet, few national governments have less control over what goes on in its cyberspace than Washington. And these major lapses in our defense present a threat we ignore at extremely high cost. The possibility of an electric-power grid being hit by a cyber attack is less far-fetched than one might think. A CIA official has admitted that at least one blackout outside the United States was already caused by a cyber attack. An Energy Department laboratory determined that a cyber attack from the Internet could weave its way into the digital control system of a generator and cause the device to self- destruct. Officials have privately confirmed media accounts that logic bombs have already been placed in America?s power-grid control systems, presumably by foreign cyber warriors. And this problem goes deeper still. The ?critical infrastructure? of the transportation, finance, energy and communications sectors are owned and operated by nongovernmental entities, corporations that have proven highly resistant to regulation. The Federal Energy Regulatory Commission (FERC) issued new cybersecurity guidelines to U.S. power companies in January 2008, requiring greater separation of the operations systems from the public Internet. But it took two years for these rules to go into effect (they start in January 2010), and many critics do not believe that the FERC has the ability to audit compliance. The leaders of those corporations, when asked about cybersecurity, almost uniformly believe that they should fund as much corporate cybersecurity as is necessary to maintain profitability and no more. They will defend themselves against cyber crime. Defending them against a cyber war, they all concur, is the job of the government. Unfortunately, the government has no cyber-defense strategy. While the cyber warriors of Fort Meade may take comfort in America?s reputation as having the most potent arsenal of cyber weapons, they may be members of the national cyber-war team with the lowest overall capability. Indeed, America?s ability to defend its vital systems from cyber attack ranks among the world?s worst. Some countries, like China, have implemented plans allowing them to shut the limited number of portals that connect their cyberspace to the outside world. Other nations, like North Korea, have such limited cyberspace and cyber dependence that there is almost nothing to defend. America?s connectivity to the rest of the world is unlimited and controlled by no plan or agency. If, as a result of a cyber-war attack, our power grids failed, trains stopped and the financial sector froze, the government?s response today would make former?FEMA Director Michael Brown?s performance after Katrina truly look like one ?hell of a job.? While we do have Cyber Command, it has a defensive mission largely limited to protecting the Defense Department. Cyber Command says someone else needs to defend civilian entities, specifically, the Department of Homeland Security (DHS). Unfortunately, DHS has neither a plan nor the capability to defend private-sector infrastructure from a cyber attack. Thus, electric power, gas pipelines, rail and air transport, banking, food-distribution networks and other key systems are defenseless against nation-state cyber attacks. This asymmetry, in which we are developing offensive capability but doing little to prevent a devastating cyber attack, began in the Bush administration. In the last year of his eight-year presidency, George W. Bush signed a national-security decision called PDD-54. That directive, still classified, ordered steps be taken to improve the security of the Department of Defense and other federal-government computer networks. Critics say it did almost nothing to address the weaknesses of the national infrastructure. President Obama launched a sixty-day review of cyber policy in March, but it resulted in no new major initiatives. He did announce the creation of a cybersecurity position within the staff of the National Security Council (NSC). But it has yet to be filled permanently. The new staffer will report not only to bosses in the NSC staff, but also to Director of the National Economic Council Lawrence Summers?who has vehemently criticized government cybersecurity efforts in the past as imposing costly burdens on U.S. companies, whose leaders supposedly know best what level and type of cybersecurity they need. When pressed about America?s lack of cyber defenses, several officials privately suggested that there was no nation today that would want to hurt us like that. If that philosophy were applied more broadly to the defense budget, the nation could save hundreds of billions annually? and be left entirely defenseless. THE FACT that legislators and policy makers do not understand the strategy issues surrounding cyber war may stem from the lack of public discussion, absence of academic contribution, minimal media coverage and insistence on unnecessary government secrecy. A multidepartment effort this year to develop a cyber-war-deterrence strategy produced a paper that is still labeled ?secret.? The last time someone thought a secret could deter an opponent was when 1960s movie character Dr. Strangelove yelled at the Soviet ambassador that a deterrent weapon only works ?if you tell us you have it.? America was not sufficiently deterred in that movie scenario (an air-force general launched an attack which resulted in escalation into global destruction). In the absence of a public cyber-war strategy, we do not know today whether an air-force general could launch an effective cyber war. We have not had the basic discussion of whether the United States is better-off with the advent of cyber-war capabilities, or whether it is we who will be deterred in the future by the threat of cyber attack on our vulnerable infrastructure. Although President Obama may not yet know it, his freedom to maneuver in the world is likely already restricted by those vulnerabilities. Perhaps in a crisis, someone will tell him. Or maybe he will learn it by looking out the window at a darkened city after he has ordered a bombing raid on Iran, or sent a carrier battle group to protect Taiwan, or done something to irritate the Dear Leader of Pyongyang. Maybe then he will ask policy questions such as: How does deterrence work in cyber war when our capabilities are secret and our weapons undemonstrated? Should we, because of our own vulnerabilities to cyber attack, initiate cyber-arms-limitation talks, instead of our current policy of opposing them? Can arms control work in cyberspace when verification is so difficult? Strategic defense was not possible in nuclear strategy, despite Ronald Reagan?s best efforts, but does that also apply to cyber war? Can public discussion, international norms and established lines of communication result in some sort of risk- reduction process to address the issues of crisis instability that seem to be inherent in cyber war? Are the generals and admirals at Cyber Command more thoughtful than SAC?s leaders were at the advent of the era of strategic nuclear war? We would like to think so, but in the absence of public-policy development, the American people cannot know the answer to that or to the many other questions that the possibility of cyber war raises. It is time for that public discussion. Richard Clarke was special adviser to the president for cybersecurity in the George W. Bush administration. He is now chairman of Good Harbor Consulting. His book Cyber War, coauthored with Robert Knake, will be published by HarperCollins in the spring. From rforno at infowarrior.org Wed Oct 28 02:06:29 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Oct 2009 22:06:29 -0400 Subject: [Infowarrior] - Camp Williams will be new federal cybersecurity home Message-ID: Camp Williams will be new federal cybersecurity home October 23, 2009 http://www.ksl.com/index.php?nid=481&sid=8421318 SALT LAKE CITY -- Federal officials have confirmed construction of a cybersecurity data center to open at Camp Williams in a couple years. It means thousands of construction jobs and a few hundred permanent jobs once it's done. According to Federal National Security Administration officials, the Internet is so essential to today's economy that cybersecurity is now a top priority. Any sabotage or interruption in the connection, or "Fedwire," and these officials say the damage would be catastrophic. NSA Deputy Director Glenn Gaffney explains the purpose of the new government cybersecurity data center "If somebody hacked in and took down the Fedwire, the economic impact would be greater than if an atomic bomb had gone off in downtown Manhattan," explains Utah Sen. Robert Bennett. Utah Sen. Orrin Hatch adds, "The threats to our digital infrastructure are real, and they're growing." To guard against attack, the National Security Agency plans to build a cybersecurity data center at Camp Williams. NSA Deputy Director Glenn Gaffney won't be specific about what the center will do, other than to say its mission is to protect America's cyber-infrastructure. "The reason we are doing the center is because of the deep level of technical expertise that's needed to understand the nature of the threat, and then how we use the information about that threat throughout the intelligence community," Gaffney says. Officials are quick to point out that operations will be carried out according to the Constitution, striking the balance between privacy and the need for security. The impact of the center will be huge. It will use at least 65 megawatts of power -- about the same as every home in Salt Lake City combined. It will require up to 10,000 construction jobs to build the center and 100 to 200 permanent jobs once it's up and running. Gov. Gary Herbert says he's tickled at the announcement. "The benefit on the economic development side cannot be overstated. It's a $1.5 billion project," Herbert says. Utah beat out a competitive analysis of 38 sites around the nation. Construction will begin after the first of the year, and the center should be open in two years. E-mail: rpiatt at ksl.com From rforno at infowarrior.org Wed Oct 28 02:14:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Oct 2009 22:14:07 -0400 Subject: [Infowarrior] - Facebook to keep profiles of the dead Message-ID: <2D2BC70C-0364-4129-A0B8-F039539A6F2D@infowarrior.org> http://www.google.com/hostednews/ap/article/ALeqM5h09shWF_3mDwwyw_EJQUWs_NJz2QD9BJF8983 Facebook to keep profiles of the dead By BARBARA ORTUTAY (AP) ? 12 hours ago NEW YORK ? Death doesn't erase the online footprints that people leave in life and Facebook won't either, though it will make some changes. The five-year-old social network will "memorialize" profiles of the dead if their friends or family request it. Such accounts will be different from regular Facebook profiles. For example, the site will remove any contact information and bar people from logging in. The person's profile also won't appear in the "suggestions" section of Facebook, and only the deceased person's confirmed friends will be able to find them in a search. The development comes as Facebook becomes an important social hub for its more than 300 million active users worldwide to keep up with friends and family. Copyright ? 2009 The Associated Press. All rights reserved. From rforno at infowarrior.org Wed Oct 28 23:45:50 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Oct 2009 19:45:50 -0400 Subject: [Infowarrior] - =?windows-1252?q?Feds=92_Smart_Grid_Race_Leaves_C?= =?windows-1252?q?ybersecurity_in_the_Dust?= Message-ID: Threat Level Privacy, Crime and Security Online Feds? Smart Grid Race Leaves Cybersecurity in the Dust ? By Kim Zetter ? October 28, 2009 | http://www.wired.com/threatlevel/2009/10/smartgrid Amid the government-funded rush to upgrade America?s aging electric system to a smart grid comes a strange confluence of press releases this week by the White House and the University of Illinois. Tuesday morning, President Obama, speaking at Florida Power and Light (FPL) facilities, announced $3.4 billion in grants to utility companies, municipal districts and manufacturers to spur a nationwide transition to smart-grid technologies and fund other energy-saving initiatives as part of the economic stimulus package. FPL will receive $200 million to install 2.6 million smart meters and other technologies that promise to reduce energy costs for customers. CenterPoint Energy in Houston, Texas, gets $200 million to install 2.2 million smart meters (.pdf) and more than 550 sensors and automated switches. Baltimore Gas and Electric in Maryland is another $200- million recipient. Strange, then, that another press release distributed Monday by the Information Trust Institute at the University of Illinois announces a grant of $18.8 million to four academic institutions to fund a five- year research project into securing the power grid. The project is supposed to make certain that the smart meters and other devices implemented by power companies can resist hackers and other attackers. The latter grant, from the U.S. Departments of Energy and Homeland Security, provides funding to the Institute, along with Dartmouth College, the University of California at Davis in California and Washington State University for a research program called Trustworthy Cyber Infrastructure for the Power Grid. ?It reflects a strong consensus that cybersecurity and resilience will be critical to the realization of a modernized, reliable, and efficient power grid, so that it will be able to guarantee delivery of electricity to consumers and maintain critical operations, even when malicious cyber attacks occur,? reads the press release. The only problem is, by the time the research project is completed, most of the nation will have already adopted untested and unsecured technologies. Richard Clarke How do we know they?re insecure? Earlier this year IOActive, a computer security firm in Washington state, was contracted to examine the security of smart meters deployed by an unnamed utility company in the northwest. Mike Davis, an IOActive security consultant, and his fellow researchers developed a malicious worm that, in a simulated attack, was able to spread from meter to meter to take out power in more than 15,000 homes in 24 hours. Davis says IOActive submitted his findings to the Department of Homeland Security. DHS, in response to a Threat Level FOIA request, said it can?t find the report in its files. ?Given the degree of seriousness that the Obama administration is applying to cybersecurity and the smart grid, we can look forward to the kind of things happening here that happened to Brazil, where hackers successfully brought down the power,? says Richard Clarke (at right), chairman of the Good Harbor security consulting firm and former special adviser to President George W. Bush on cybersecurity. Clarke is referring to veiled reports made last year by the CIA?s chief cybersecurity officer, Tom Donahue, that extortionists had taken down the power grid in multiple regions outside the United States. The location of those outages has never been publicly identified. ?Smart grid? refers to the transition from the current, outdated power- grid infrastructure to a more technologically advanced structure that allows expanded real-time monitoring and energy delivery that?s more efficient and cost effective for utilities and consumers. The technology promises to solve a number of problems, but it also (as the Illinois press release states) could ?introduce new problems, such as increasing the vulnerability to cyber attack as power grid resources become increasingly linked to the internet.? ?The concern is that the existing technologies can?t offer [security] guarantees, and that we could even open the door to new risks if we carelessly put together new systems that don?t have resilience and security guarantees built in from the ground up,? explained Ilesanmi Adesida, dean of the College of Engineering at Illinois, in the Information Trust Institute?s press release. So why would the federal government accelerate the adoption of insecure technologies at the same time it touts cybersecurity as one of the nation?s biggest national security concerns? According to the Department of Energy, the government has the smart- grid security issues under control. Spokeswoman Jen Stutsman said all the entities awarded smart-grid funds under Obama?s $3.4 billion stimulus grant were required to submit a cybersecurity plan with their proposal. ?Each application was examined by at least two interoperability and cybersecurity experts, and it was a central component to the selection criteria for each of the awards,? Stutsman said. Stutsman wouldn?t identify the experts who reviewed the cybersecurity plans or provide details about the plans applicants submitted. According to the grant-proposal requirements, each applicant was required to submit a summary of known cybersecurity risks (.pdf) and explain how the applicant would mitigate them. They also had to identify the cybersecurity criteria they used for selecting vendors and technologies and the cybersecurity standards or best practices they planned to follow. And they had to explain how they would adapt to new standards that might emerge ? such as those being developed by the National Institute of Standards and Technology. Stutsman, addressing why the government would urge the move to smart meters before researchers had fully examined them, said that DoE ?has spent years researching cybersecurity issues? and is ?constantly and on a continuing basis ? putting in place policies and programs that will help us gather more information.? While the department is modernizing the electrical grid and using knowledge it already has, she said it will continue to apply new information as it becomes known. The government, she said, will continue to monitor utilities and others ?to ensure that we are taking every step we can to secure the country?s electric grid.? Himanshu Khurana, principal scientist for the Information Trust Institute?s power-grid research project, noted that many of the grants to utility companies and municipalities are for a three-year period. ?So there is still time between something being announced and everything being deployed for making sure that the technologies? are evaluated, he said. Separate to his Institute?s research grant, Khurana belongs to a team that has been contracted by one of the utility companies that received a federal grant. His team?s job will be to help evaluate the utility company?s network and the technologies it plans to deploy and perhaps develop needed software. ?So people have reached out to cybersecurity experts and formed appropriate teams,? he said. ?Now, it?s hard to provide assurance right now that everything is going to go safe. But the plan is feasible and there has been a lot of weight given to cybersecurity in the administration?s grants.? Clarke is not so confident. ?We have no way of having any confidence that there?s any cybersecurity plans since we don?t know anything about the qualifications of the experts who examined them or the criteria they?re using to judge them,? he said. ?In the absence of someone like the NSA or the cybercenter at DHS [to certify every smart-grid proposal], there?s no reason to believe they?re taking security seriously.? More important than asking companies to submit a cybersecurity plan for future technologies, he says, is to require that utility companies and energy distributors pass an audit for their current state of security. He says he?s spoken with auditing firms that have examined utility companies and energy distributors and found that ? in every case ? they were able to infiltrate the company?s production SCADA system (Supervisory Control and Data Acquisition) from the public internet in less than an hour. ?No grant should be given to any company that doesn?t pass an audit today with its existing system,? he said. ?Paper audits are worthless. Real-world audits are what count. So if the company today has flagrantly bad performance with regard to cybersecurity, then it shouldn?t win an award for new technology until it fixes that problem.? Photo of U.S. grid courtesy U.S. Commerce Dept. Photo of Richard Clarke by John Earle; courtesy Good Harbor Consulting. From rforno at infowarrior.org Thu Oct 29 02:49:04 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Oct 2009 22:49:04 -0400 Subject: [Infowarrior] - Loosening of F.B.I. Rules Stirs Privacy Concerns Message-ID: October 29, 2009 Loosening of F.B.I. Rules Stirs Privacy Concerns By CHARLIE SAVAGE http://www.nytimes.com/2009/10/29/us/29manual.html?_r=1&hp=&pagewanted=print WASHINGTON ? After a Somali-American teenager from Minneapolis committed a suicide bombing in Africa in October 2008, the Federal Bureau of Investigation began investigating whether a Somali Islamist group had recruited him on United States soil. Instead of collecting information only on people about whom they had a tip or links to the teenager, agents fanned out to scrutinize Somali communities, including in Seattle and Columbus, Ohio. The operation unfolded as the Bush administration was relaxing some domestic intelligence-gathering rules. The F.B.I.?s interpretation of those rules was recently made public when it released, in response to a Freedom of Information lawsuit, its ?Domestic Investigations and Operations Guide.? The disclosure of the manual has opened the widest window yet onto how agents have been given greater power in the post-Sept. 11 era. In seeking the revised rules, the bureau said it needed greater flexibility to hunt for would-be terrorists inside the United States. But the manual?s details have alarmed privacy advocates. One section lays out a low threshold to start investigating a person or group as a potential security threat. Another allows agents to use ethnicity or religion as a factor ? as long as it is not the only one ? when selecting subjects for scrutiny. ?It raises fundamental questions about whether a domestic intelligence agency can protect civil liberties if they feel they have a right to collect broad personal information about people they don?t even suspect of wrongdoing,? said Mike German, a former F.B.I. agent who now works for the American Civil Liberties Union. But Valerie Caproni, the F.B.I.?s general counsel, said the bureau has adequate safeguards to protect civil liberties as it looks for people who could pose a threat. ?Those who say the F.B.I. should not collect information on a person or group unless there is a specific reason to suspect that the target is up to no good seriously miss the mark,? Ms. Caproni said. ?The F.B.I. has been told that we need to determine who poses a threat to the national security ? not simply to investigate persons who have come onto our radar screen.? The manual authorizes agents to open an ?assessment? to ?proactively? seek information about whether people or organizations are involved in national security threats. Agents may begin such assessments against a target without a particular factual justification. The basis for such an inquiry ?cannot be arbitrary or groundless speculation,? the manual says, but the standard is ?difficult to define.? Assessments permit agents to use potentially intrusive techniques, like sending confidential informants to infiltrate organizations and following and photographing targets in public. F.B.I. agents previously had similar powers when looking for potential criminal activity. But until the recent changes, greater justification was required to use the powers in national security investigations because they receive less judicial oversight. If agents turn up something specific to suggest wrongdoing, they can begin a ?preliminary? or ?full? investigation and use additional techniques, like wiretapping. But even if agents find nothing, the personal information they collect during assessments can be retained in F.B.I. databases, the manual says. When selecting targets, agents are permitted to consider political speech or religion as one criterion. The manual tells agents not to engage in racial profiling, but it authorizes them to take into account ?specific and relevant ethnic behavior? and to ?identify locations of concentrated ethnic communities.? Farhana Khera, president of Muslim Advocates, said the F.B.I. was harassing Muslim-Americans by singling them out for scrutiny. Her group was among those that sued the bureau to release the manual. ?We have seen even in recent months the revelation of the F.B.I. going into mosques ? not where they have a specific reason to believe there is criminal activity, but as ?agent provocateurs? who are trying to incite young individuals to join a purported terror plot,? Ms. Khera said. ?We think the F.B.I. should be focused on following actual leads rather than putting entire communities under the microscope.? Ms. Caproni, the F.B.I. lawyer, denied that the bureau engages in racial profiling. She cited the search for signs of the Somali group, Al Shabaab, linked to the Minneapolis teenager to illustrate why the manual allows agents to consider ethnicity when deciding where to look. In that case, the bureau worried that other such teenagers might return from Somalia to carry out domestic operations. Agents are trained to ignore ethnicity when looking for groups that have no ethnic tie, like environmental extremists, she said, but ?if you are looking for Al Shabaab, you are looking for Somalis.? Among the manual?s safeguards, agents must use the ?least intrusive investigative method that effectively accomplishes the operational objective.? When infiltrating an organization, agents cannot sabotage its ?legitimate social or political agenda,? nor lead it ?into criminal activity that otherwise probably would not have occurred.? Portions of the manual were redacted, including pages about ?undisclosed participation? in an organization?s activities by agents or informants, ?requesting information without revealing F.B.I. affiliation or the true purpose of a request,? and using ?ethnic/ racial demographics.? The attorney general guidelines for F.B.I. operations date back to 1976, when a Congressional investigation by the so-called Church Committee uncovered decades of illegal domestic spying by the bureau on groups perceived to be subversive ? including civil rights, women?s rights and antiwar groups ? under the bureau?s longtime former director, J. Edgar Hoover, who died in 1972. The Church Committee proposed that rules for the F.B.I.?s domestic security investigations be written into federal law. To forestall legislation, the attorney general in the Ford administration, Edward Levi, issued his own guidelines that established such limits internally. Since then, administrations of both parties have repeatedly adjusted the guidelines. In September 2008, Attorney General Michael B. Mukasey signed the new F.B.I. guidelines that expanded changes begun under his predecessor, John Ashcroft, after the Sept. 11 attacks. The guidelines went into effect and the F.B.I. completed the manual putting them into place last December. There are no signs that the current attorney general, Eric H. Holder Jr., plans to roll back the changes. A spokeswoman said Mr. Holder was monitoring them ?to see how well they work? and would make refinements if necessary. The F.B.I., however, is revising the manual. Ms. Caproni said she was taking part in weekly high-level meetings to evaluate suggestions from agents and expected about 20 changes. Many proposals have been requests for greater flexibility. For example, some agents said requirements that they record in F.B.I. computers every assessment, no matter how minor, were too time consuming. But Ms. Caproni said the rule aided oversight and would not be changed. She also said that the F.B.I. takes seriously its duty to protect freedom while preventing terrorist attacks. ?I don?t like to think of us as a spy agency because that makes me really nervous,? she said. ?We don?t want to live in an environment where people in the United States think the government is spying on them. That?s an oppressive environment to live in and we don?t want to live that way.? What the public should understand, she continued, is that the F.B.I. is seeking to become a more intelligence-driven agency that can figure out how best to deploy its agents to get ahead of potential threats. ?And to do that,? she said, ?you need information.? From rforno at infowarrior.org Thu Oct 29 12:10:28 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Oct 2009 08:10:28 -0400 Subject: [Infowarrior] - =?windows-1252?q?=93Useful_But_Prohibited=94=3A_A?= =?windows-1252?q?ir_Force_Openness_Lags?= Message-ID: <92048A55-D7AB-4100-ADD9-E70D00DEA7CE@infowarrior.org> http://www.fas.org/blog/secrecy/2009/10/useful_but_prohibited.html http://www.fas.org/blog/secrecy/?p=2882 Some of the steps that are favored by the Obama Administration to open up government to public access and participation may be ?useful? but they are nevertheless ?prohibited? on U.S. Air Force web sites, according to a new Air Force policy instruction. In a January 21, 2009 memorandum on transparency and open government, President Obama directed that ?Executive departments and agencies should harness new technologies to put information about their operations and decisions online and readily available to the public?. Executive departments and agencies should solicit public feedback to assess and improve their level of collaboration and to identify new opportunities for cooperation.? The U.S. Air Force has a different vision, however. A new Air Force policy on public communications (pdf) observed that ?web-based message boards, threaded chat rooms, and guest books? allow users to post opinions, messages, or information openly on a web site. They provide a useful means of creating two-way communication but are prohibited as part of public web site services (sec. 10)? Instead of the ?unprecedented level of openness? promised by the President, the Air Force prefers to follow precedent in other ways as well. Only content that ?is intended for a wide public audience? will be considered by the Air Force for publication online. All other materials ?should be posted on the [password-protected] Air Force Portal web site.? Moreover, ?all content on a public web site must be cleared for public release.? See ?Public Web Communications,? Air Force Instruction 35-107, October 21, 2009. Unfortunately, the Air Force?s mandatory pre-publication clearance process (pdf) for ?all content? is arduous, time-consuming and technologically primitive. Authors should allow ten days for Air Force review, or twenty days when approval is needed from the Department of Defense. Incredibly, materials for review can only be submitted in hardcopy (six paper copies for the Air Force and an additional four copies for DoD). Air Force Public Affairs says that it ?does not accept material for review via e-mail or any other electronic means? (sec. 8). On the other hand, ?theatrical reviews? and works of fiction that are not sourced from active-duty experience? are excused from the pre- publication review requirement. See ?Security and Policy Review Process,? Air Force Instruction 35-102, October 20, 2009. These new Air Force directives, and another Air Force Instruction on Public Affairs Policies and Procedures (pdf) that was modified last week, do not even mention the January 2009 Obama transparency memorandum, and certainly do not reflect its declared intent. The impact of the President?s January memorandum has been deferred because the implementing Open Government Directive that was originally due for release in May has still not been completed. [Correction: The May 2009 deadline was for development of "recommendations" for the Open Government Directive, not for release of the Directive itself.] But the Directive ?will come out this fall,? said Beth Noveck, White House deputy chief technology officer for open government, at a meeting organized by the Center for Democracy and Technology yesterday. The forthcoming Directive, to be issued by the Office of Management and Budget, will provide ?a framework for agencies to pursue their own transparency initiatives,? she said. From rforno at infowarrior.org Thu Oct 29 12:42:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Oct 2009 08:42:03 -0400 Subject: [Infowarrior] - RIAA Anti-Piracy Partner Clueless About BitTorrent Message-ID: RIAA Anti-Piracy Partner Clueless About BitTorrent Written by Ernesto on October 28, 2009 http://torrentfreak.com/riaa-anti-piracy-partner-clueless-about-bittorrent-091028/ The piracy tracking company DtecNet has made quite a name for itself in the past few months after partnering with the RIAA and several local governments to assist in the ?war on piracy?. One would think that these projects would require at least some basic knowledge of BitTorrent, but a recently published paper by DtecNet?s business intelligence unit proves the opposite. In January we introduced DtecNet as the RIAA?s new evidence collecting outfit, replacing MediaSentry whose evidence gathering techniques have been highly criticized by experts. The Danish company is not limiting its services to the RIAA though. It is also working with an Irish ISP to support their ?3 strikes? regime, and in Australia the company also conducted investigations against alleged pirates. Apart from their pirate tracking activities, DtecNet also has a business intelligence unit to help their entertainment industry clients ?Understand what?s happening and where, and to develop smarter strategies to guide their development, marketing, retailing, distribution and investment initiatives.? The intelligence unit utilizes its insights into the file-sharing community to help out, but unfortunately the unit is not that knowledgeable. In fact, the whitepaper (pdf) that was published by the DtecNet unit and mirrored all around the web during the last 24 hours, clearly shows that they have no clue about BitTorrent. In the paper that deals with the recent downtime of the Pirate Bay tracker and how this affects BitTorrent usage, they make several false claims, draw bogus conclusions and report inaccurate statistics. Bogus reports from anti-piracy companies are nothing new, but this is definitely one of the worst we?ve ever seen thus far, and it is already being cited by several respected news outlets. Let?s take a look at some of the things DtecNet claims and why these claims are bogus, inaccurate or just plain stupid. Claim: ? ?After Swedish authorities forced the Internet disconnection of The Pirate Bay, online piracy worldwide dropped substantially on BitTorrent networks as file traders scrambled to find replacement trackers.? This claim is based on a graph presented by DtecNet (see below) which shows that the number of infringements recorded by the company dropped significantly. This is of course a direct effect of the Pirate Bay tracker downtime. Companies like DtecNet use the tracker to find and report pirates and if it goes down there are less recorded infringements. However, there is no evidence that piracy went down. Most BitTorrent transfers were working fine due to the wonders of DHT (trackerless torrents), including the ones that were using only the Pirate Bay tracker. Claim: ? ?The impact of the shutdown is strongly obvious, [...] file trading on BitTorrent, easily the world?s most popular peer-to-peer protocol, dropped virtually overnight by nearly 80 percent.? This second claim is even more absurd because it suggests that BitTorrent usage dropped by 80 percent based on a graph of recorded infringements. Remember, DtecNet doesn?t track any BitTorrent traffic data. The only thing that their data proves is that, because of the tracker downtime, DtecNet was unable to connect to some of the trackers listed in their database of torrents. Again, the torrents might have worked just fine for users because of DHT. Recorded infringements per P2P network Claim: ? ?Over time, infringements through that network [BitTorrent] began to rise again as new trackers became available.? This seems to suggest that after the Pirate Bay trackers went down several new trackers have appeared, which is simply not true. In fact, DtecNet uses OpenBitTorrent and the Denis Stalker tracker as an example in their paper, two trackers that are hosted on the same network as The Pirate Bay tracker. The only reason the number of recorded infringements began to rise is that these trackers also suffered downtime from which they recovered. DtecNet however seems to be unaware of the relation between the three trackers. Claim: ? DtecNet has created a nice graph (below) that ?illustrates the chaos the shutdown caused among various BitTorrent tracker networks, and how more recently the situation appears to be clarifying itself as users find new favorite sites.? The only confusion we see here is at the DtecNet offices. The company apparently fails to understand that a tracker is something different than a site. There is absolutely no indication that BitTorrent users were looking for new sites (note that The Pirate Bay site was still up), but even if they were this does not mean that there will be any changes in the usage of the various trackers. Relative recorded infringements per BitTorrent tracker Claim: ? ?About two weeks after the Pirate Bay shutdown, two of the successor trackers ? OpenBitTorrent and DenisStalker ? temporarily shut down, possibly because they could not handle rising demand.? This claim is almost hilarious. As pointed out earlier, OpenBitTorrent and DenisStalker are hosted on the same network as The Pirate Bay. It takes no genius to figure this out, and this should be especially obvious for an outfit that deals with BitTorrent trackers on a daily basis, trying to catch pirates. So, the two successor trackers did not collapse under the increased load at all, they went down together with The Pirate Bay. We could go on for hours refuting pretty much every sentence in the report and we are not the only ones who dispute the know-how of DtecNet?s self-proclaimed business intelligence unit. P2P expert Dr. Pouwelse of the Tribler team at Delft University of Technology looked into the report as well and told TorrentFreak: ?They are completely technically incompetent, they are just trying to get sensational press coverage, or both.? ?Mixing up terms like trackers versus website and failure to do basic homework like DNS lookups means they would fail our master course in P2P. Their work suffers from a fundamental methodological error: what our company can?t see does not exist, thus we can make wild absolute claims on a complex global phenomena,? Pouwelse said. Companies such as DtecNet are earning millions of dollars from the entertainment industry thanks to their piracy tracking activities and the business intelligence they claim to offer. Considering this position it is striking to see how little they actually know about what?s going on, and we fear that this amateurish white paper might actually lose @DtecNetBI some customers, instead of adding new clients to their portfolio. Chances are, DtecNet will be responsible for gathering evidence against British file-sharers so that Peter Mandelson can have them kicked off the Internet in 2011. Nice to know that important job will be in safe hands. From rforno at infowarrior.org Fri Oct 30 00:18:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Oct 2009 20:18:53 -0400 Subject: [Infowarrior] - OT: What Now, Icarus? Message-ID: (Posted on behalf of friends and in support of efforts toward military acquisition reform.....-rick) What Now, Icarus? Is Western Combat Aviation Falling Out of the Sky? Read more at: http://www.huffingtonpost.com/winslow-t-wheeler/what-now-icarus-is-wester_b_337564.html Winslow T. Wheeler Director, Straus Military Reform Project, Center for Defense Information (Pierre M. Sprey, a long time military reformer and a designer of extraordinarily successful combat aircraft, helped me write this commentary. Both Pierre and I are contributors to the aforementioned anthology "America's Defense Meltdown: Pentagon Reform for President Obama and the New Congress.") Posted: October 28, 2009 05:16 PM http://www.huffingtonpost.com/winslow-t-wheeler/what-now-icarus-is-wester_b_337564.html The future of Western combat aviation today rests largely on one airplane: The Pentagon's F-35 Joint Strike Fighter. The Defense Department currently plans to buy 2,456 of these Lockheed aircraft for the Air Force, Navy, and Marine Corps. As a "multi-role" fighter-bomber, it will ultimately replace almost all tactical aircraft now in our inventory, except for the F-22, for which production beyond 187 aircraft was canceled this past summer. Major allies, including Britain and much of the rest of Western Europe, Canada, Australia, Japan, and Israel, plan to buy the aircraft. Sales to many others are postulated, and those who do not intend to buy the F-35 plan to copy it to the extent their treasuries, government bureaucracies, and technological development permit. There are, however, a few problems. The F-35 is unaffordable. It is a technological kluge that will be less effective than airplanes it replaces. And it will increase our own combat losses. That is not the consensus now; many will vociferously dispute each of the assertions stated above, and below. But, in time the finger pointing will start. That's when someone will have to pick up the pieces to give our pilots a war winning aircraft. The road between here and there will be neither smooth nor pretty, but it is time to take the first step. A financial disaster? How can that be? Visiting the F-35 plant in Fort Worth, Texas last August, Secretary of D Robert Gates assured us that the F-35 will be "less than half the price ... of the F-22." In a narrow sense, Gates is right. At a breathtaking $65 billion for 187 aircraft, the F-22 consumes $350 million for each plane. At $299 billion for 2,456, the F-35 would seem a bargain at just $122 million each. F-35 unit cost will ultimately be much higher. In 2001, the Pentagon had planned to buy 2,866 aircraft for $226.5 billion - $79 million per airplane. It was in 2007 that the expense increased and the quantity went down; resulting in the current - $122 million - unit cost. In the next few weeks, the program will have to admit to another increase. Gates and his Deputy Secretary, William Lynn, have re- convened a "Joint Estimating Team" (JET) to reassess F-35 cost and schedule. Last year, while a part of the Bush administration, Gates basically ignored the Team's recommendations, but the new JET is about to reconfirm them: the F-35 program will cost up to $15 billion more, and it will be delivered about two years late. Those findings address only the known problems; there's a huge iceberg floating just under the surface. With F-35 flight testing barely three percent complete, new problems - and new costs - are sure to emerge. Worse, only 17 percent of the aircraft's characteristics will be validated by flight testing by the time the Pentagon has signed contracts for more than 500 aircraft. Operational squadron pilots will have the thrill of discovering the remaining problems, in training or in combat. No one should be surprised if the final F-35 total program unit cost reaches $200 million per aircraft after all the fixes are paid for. None of these prices is "affordable." The latest version of the F-16, heavily laden with complex electronics and other expensive modifications, costs about $60 million, twice its original price - in today's dollars. The A-10, which the F-35 will also replace, cost about $15 million in today's dollars. Thus, to replace the almost 4,000 F-16s and A-10s built with just over 1,700 F-35s, the Air Force will have to pay far more to buy half as many airplanes. In an age when the Air Force budget looks to increase only marginally, if at all, while simultaneously planning to buy several other major aircraft (new aerial tankers, new transports, new heavy bombers, and new helicopters), this plan to distend the fighter-bomber budget is a fool's errand. While most, but not all, in the Pentagon and Congress remain oblivious to the unaffordability of the F-35, some of its foreign buyers are becoming horrified. Despite their governments' investment of hundreds of millions, parliamentarians and analysts in Australia, Norway, Denmark, and the Netherlands are expressing real concerns. The F-35's single largest international partner is the United Kingdom. There, the Royal Navy and Air Force have just decided to reduce their F-35 buy from 138 aircraft to 50. The reason: "We are waking up to the fact that all those planes are unaffordable." The problems with the F-35 are not limited to its cost. As a fighter, the F-35 depends on a technological pipe dream. Having failed to develop in the 1950s, the 1960s, and the 1970s an effective (and reliable) radar-based technology to shoot down enemy (not friendly) aircraft "beyond visual range," the Air Force is trying yet again with the F-35, like the F-22 before it. Both have the added development of "stealth" (less detectability against some radars at some angles), but that new "high tech" feature and the long range radar have imposed design penalties that compromised the aircraft with not just high cost but also weight, drag, complexity, and vulnerabilities. The few times this technology has been tried in real air combat in the past decade, it has been successful less than half the time, and that has been against incompetent and/or primitively equipped pilots from Iraq and Serbia. If the latest iteration of "beyond visual range" turns out to be yet another chimera, the F-35 will have to operate as a close-in dogfighter, but in that regime it is a disaster. If one accepts every aerodynamic promise Lockheed currently makes for it, the F-35 will be overweight and underpowered. At 49,500 pounds in air-to-air take-off weight with an engine rated at 42,000 pounds of thrust, it will be a significant step backward in thrust-to-weight and acceleration for a new fighter. In fact, at that weight and with just 460 square feet of wing area for the Air Force and Marine Corps versions, the F-35's small wings will be loaded with 108 pounds for every square foot, one third worse than the F-16A. (Wings that are large relative to weight are crucial for maneuvering and surviving in combat.) The F-35 is, in fact, considerably less maneuverable than the appallingly vulnerable F-105 "Lead Sled," a fighter that proved helpless in dogfights against MiGs over North Vietnam. (A chilling note: most of the Air Force's fleet of F-105s was lost in four years of bombing; one hundred pilots were lost in just six months.) Nor is the F-35 a first class bomber for all that cost: in its stealthy mode it carries only a 4,000 pound payload, one third the 12,000 pounds carried by the "Lead Sled." As a "close air support" ground-attack aircraft to help US troops engaged in combat, the F-35 is too fast to identify the targets it is shooting at; too delicate and flammable to withstand ground fire, and too short-legged to loiter usefully over embattled US ground units for sustained periods. It is a giant step backward from the current A-10. It is time to start climbing out of the F-35 hole. Needless to say, the complexities of Pentagon procurement regulations and especially the circle-the-wagons mentality of the Pentagon and Congress present serious hurdles to be overcome, most of them ethical. First is the need is to accept the facts as they exist, rather than as Lockheed and self-interested bureaucrats in the Pentagon would prefer them to be. That will mean accepting the JET recommendations as currently written - not watering them down to make them palatable, or ignoring them as they were in 2008 under Gates' first term as SecDef. Second would be exercising the professed spirit of the new Weapon System Acquisition Act, signed into law by President Obama last May. While the fine print of the new law is hopelessly riddled with loopholes to protect business as usual, the bill purports to control costs and inspire competition, especially the "fly-before-buy" competitive approach that has worked so marvelously well the few times it's been tried. This is the same vision that President Obama expressed to the VFW in Phoenix last August when he said he wanted to stop "the special interests and their exotic projects that are years behind schedule and billions over budget." Clearly, no one has told the President that the F-35 is a leading poster child for the evils he condemned. Third, the biggest step, would be to suspend further F-35 production until the test aircraft, all of them now funded, can complete a revised, much more thorough flight test schedule. Once we know the F-35's realistically demonstrated performance and problems, and the full extent of its costs, we can make an informed decision whether to put it into full production. To do that, the upside down F-35 acquisition plan -- which buys 500 aircraft before the "definitive" test report (the one that only flight tests 17% of F-35 characteristics) is on Gates' desk -- needs to be radically recast into real fly-before-buy plan -- just the kind of plan the new Acquisition Reform Act advocates, albeit feebly. In the almost certain event that the F-35 is found by uncompromised, realistic testing to be an unaffordable loser, there are viable alternatives. If an active consensus develops to reverse the current aging and shrinking of the existing tactical aviation inventory (as opposed to today's silent conspiracy encouraging those trends to worsen), a short term, affordable fix to restore combat adequacy is needed: Extend the life of existing F-16 and A-10 airframes for the Air Force and to continue purchasing F-18E/F aircraft for the Navy and Marine Corps. For the part of the inventory that most urgently needs immediate expansion, the A-10 and the close support mission, hundreds of airframes now sitting in the "boneyard" can and should be refurbished -- at extraordinarily modest cost. Just a life-extension program will not address long term needs. Accordingly, competitive prototype fly off programs should be immediately initiated to develop and select new fighters to build a larger force that is far more combat-effective than existing the F-16s, F-18s, and A-10s. Just such programs -- that lead to an astonishing 10,000 plane Air Force within current budget levels -- are described in detail in "Reversing the Decay in American Air Power," a chapter in the anthology "America's Defense Meltdown: Pentagon Reform for President Obama and the New Congress" (Stamford University Press). You can almost literally hear the howls of protest right now. The F-35 is too big to fail. Gates himself seems trapped by that logic; he said "My view is we cannot afford as a nation not to have this airplane." We take the opposite view. The F-35's bloat -- in cost, leaden weight, and mindless complexity -- guarantees failure. It will shrink our air forces at increased expense, rot their ability to prevail in the air and support our ground forces, and will needlessly spill the blood of far too many of our pilots. We have to take the first steps to better understand the extent of the F-35 disaster and to reverse the continuing decay in our air forces. Read more at: http://www.huffingtonpost.com/winslow-t-wheeler/what-now-icarus-is-wester_b_337564.html From rforno at infowarrior.org Fri Oct 30 12:43:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Oct 2009 08:43:00 -0400 Subject: [Infowarrior] - US-CERT Moves in With NCC, NCSC Message-ID: US-CERT Moves in With NCC, NCSC By Robert McMillan, IDG News Service - Fri Oct 30, 2009 4:30AM EDT http://tech.yahoo.com/news/pcworld/20091030/tc_pcworld/uscertmovesinwithnccncsc The group responsible for coordinating U.S. responses to cyber threats is getting new digs. Department of Homeland Security (DHS) Secretary Janet Napolitano will cut the ribbon Friday at a new "unified operations center" in Arlington, Virginia, that will be home to the U.S. Computer Emergency Readiness Team (US-CERT). It will also house the National Coordinating Center for Telecommunications (NCC), and the National Cyber Security Center (NCSC), which coordinates between three-letter government agencies such as the National Security Agency and the Federal Bureau of Investigation. The NCC monitors threats to the telecommunications system and coordinates its restoration in the event of an attack or a natural disaster. The three groups are being moved into one operations center in order to improve communications between the units, said Amy.Kudwa, a spokeswoman with the DHS. "The model of connecting the dots and sharing information and physically co-locating has been one of the most important lessons learned since 9/11," she said. "This is a similar model of collecting experts who are working on different aspects of a larger issue." The move is not a merger, however, Kudra added, saying that the agency management structures will remain intact. DHS is ending its National Cybersecurity Awareness Month with the ribbon-cutting ceremony. US-CERT, which works with both the private sector and the federal government to coordinate response to computer-based attacks, is looking for new management these days. Its last director, Mischel Kwon left to join EMC's RSA division in August. From rforno at infowarrior.org Fri Oct 30 12:46:24 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Oct 2009 08:46:24 -0400 Subject: [Infowarrior] - Oh noes! No scary costumes allowed! Message-ID: <3E0554D5-1C19-4737-926E-E61621265D1F@infowarrior.org> Le sigh.....see what 'thinking of the kids" leads to??? Ick. -rf Drop the Halloween Mask ! You Might Scare Somebody By JENNIFER STEINHAUER http://www.nytimes.com/2009/10/30/us/30costume.html?_r=1&hp=&pagewanted=print LOS ANGELES ? Little Bo Peep would make the cut at the Halloween parade at Riverside Drive Elementary School here on Friday, but the staff she used to menace her sheep would probably have to go. Guns, daggers and other toy weapons have long been excisedfrom costumes at many school celebrations on Halloween. But in some classrooms across the country, the interpretation of what is too scary ? or offensive, gross or saddening ? is now also leading to an abundance of caution and some prohibitions. In a school district in Illinois, students are being encouraged to dress up as historical characters or delicious food items rather than vampires or zombies. In Texas, a school has issued suggestions for ?positive costumes? for the annual Halloween dance. At Riverside Drive, a Los Angeles public school in the San Fernando Valley, the Halloween parade is being defanged right down to its jagged fingertips. ?We?re balancing a tradition here with the times we live in,? said Tom Hernandez, a spokesman for District 202 in Plainfield, Ill., where costumes depicting animals and food (preferably carrots or pumpkins) are in favor. Even at a public school named after the man who practically invented cloak and daggers for children, there are restrictions. ?Children are not allowed to bring any weapons or masks to the costume parade, no swords, and they can wear moderate face makeup ? nothing extreme,? explained Addys Gonzalez, the office assistant at the Walt Disney Elementary School in Burbank, Calif. A memo about costume appropriateness sent home recently by Riverside Drive?s principal made the following points: ?They should not depict gangs or horror characters, or be scary. ?Masks are allowed only during the parade. ?Costumes may not demean any race, religion, nationality, handicapped condition or gender. ?No fake fingernails. ?No weapons, even fake ones. ?Shoes must be worn. Joel Bishoff?s children will make the cut at Riverside Drive. His second grader will be Dorothy (not the witch!) from ?The Wizard of Oz,? while his fifth-grade son will wear a costume depicting a box of Wheaties. ?I?m not sure what is driving this memo,? Mr. Bishoff said. ?But perhaps it is reaction to years past. Sometimes kids will have those ?Scream? masks, but usually not too blood and gutsy. I mean, can?t parents have discretion? The fact is, if parents are too stupid to not send kids to school with hockey masks as Jason, they are probably too stupid to read this memo.? Jennifer Kessler, the principal at the Riverside Drive school, did not return calls seeking an explanation of the policy. Riverside Drive goes beyond the Los Angeles Unified Public Schools guidelines, written a few years ago, said Monica Carazo, a spokeswoman for the system. Those guidelines discourage fake weapons, costumes that mock race or gender and anything too sexy; French maids are explicitly discouraged. Parents and some educators said that restrictions like those at Riverside Drive often stemmed from a desire to protect smaller children from freakishly scary costumes, to maintain classroom order (spray-on hair color is often banned, for instance, because children tend to spray it all day long) and to keep from demeaning groups through costumes that play on stereotypes. Some other institutions have taken a similar approach. The Chicago Children?s Museum has imposed costume restrictions on employees for several years. Jennifer Farrington, the museum?s president, said the restrictions had ?emerged out of talks about diversity and stereotypes.? ?This is about staying true to our vision and values, and developmentally appropriate practice, not about being politically correct,? Ms. Farrington said, citing her own memo on the topic some years ago. ?We?re about honoring and promoting diversity, not feeding children images of stereotypes.? In some school districts, there are other motivating factors. ?Several years ago, there was some push back in our community,? said Mr. Hernandez, the school district spokesman in Plainfield, Ill. ?Some people thought Halloween was a Satanic ritual. Well, let?s not say Satanic ? let?s say they were not comfortable with what it represents.? Still, no one in Plainfield wanted the Halloween celebrations, a long tradition in the school community there, to end. So guidelines were formed in favor of costumes that ?portray positive images,? Mr. Hernandez said. ?If someone shows up in a witch costume, we?re not going to tell them to take it off,? he said, but the district will not countenance claws of any sort. The change in costume mores has not been lost on those who make a living selling dress up. ?I would say people are becoming more classical and creative and staying away from things like Chucky,? said Shelly Shai, the owner of Shelly?s Dance & Costume Wear in Los Angeles, referring to a character in a series of horror films. ?I think they have enough of that in daily life now with the movies that come out, which seem to only get worse and worse. And when it comes to dressing up, people don?t want to be one of a million vampires anyway.? At James F. Bay Elementary in Seabrook, Tex., costumes are forbidden outright, according to the school?s principal, Erin Tite, but an exception was made for the Halloween dance. ?The purpose for the dance was to allow them a safe place to wear their costumes in place of trick or treating for some of our students,? Ms. Tite said in an e-mail message. ?We established the guidelines of ?positive costumes? from the beginning, knowing what we might see if we chose not to establish boundaries.? From rforno at infowarrior.org Fri Oct 30 12:47:15 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Oct 2009 08:47:15 -0400 Subject: [Infowarrior] - Internet Addresses Can Use New Scripts Message-ID: <0E388CAC-620F-4221-942E-51515F4C48B8@infowarrior.org> October 31, 2009 Internet Addresses Can Use New Scripts By CHOE SANG-HUN http://www.nytimes.com/2009/10/31/technology/31net.html?hp=&pagewanted=print SEOUL ? By the middle of next year, Internet surfers will be allowed to use Web addresses written completely in Chinese, Arabic, Korean and other languages using non-Latin alphabets, the organization overseeing Internet domain names announced Friday in a decision that could make the Web more accessible. In an action billed as one of the biggest changes in the Web?s four- decade history, the board of the Internet Corporation for Assigned Names and Numbers ? or Icann ? voted Friday during its annual meeting, held in Seoul, to allow such scripts in Internet addresses. The decision is a ?historic move toward the internationalization of the Internet,? said Rod Beckstrom, Icann?s president and chief executive. ?We just made the Internet much more accessible to millions of people in regions such as Asia, the Middle East and Russia.? This change affects domain names ? anything that comes after the dot, including .com, .cn or .jp. Domain names have been limited to 37 characters ? 26 Latin letters, 10 digits and a hyphen. But starting next year, domain names can consist of characters in any language. In some Web addresses, non-Latin scripts are already used in the portion before the dot. Thus, Icann?s decision Friday makes it possible, for the first time, to write an entire Internet address in a non-Latin alphabet. Initially, the new naming system will affect only Web addresses with ?country codes,? the designators at the end of an address name, like .kr (for Korea) or .ru (for Russia). But eventually, it will be expanded to all types of Internet address names, Icann said. Some security experts have warned that allowing internationalized domain names in languages like Arabic, Russian and Chinese could make it more difficult to fight cyberattacks, including malicious redirects and hacking. But Icann said it was ready for the challenge. ?I do not believe that there would be any appreciable difference,? Mr. Beckstrom said in an interview. ?Yes, maybe some additional potential but at the same time, some new security benefits may come too. If you look at the global set of cybersecurity issues, I don?t see this as any significant new threat if you look at it on an isolated basis.? The decision, reached after years of testing and debate, clears the way for Icann to begin accepting applications for non-Latin domain names Nov. 16. People will start seeing them in use around mid-2010, particularly in Arabic, Chinese and other scripts in which demand for the new ?internationalized? domain name system has been among the strongest, Icann officials say. Internet addresses in non-Latin scripts could lead to a dramatic increase in the number of global Internet users, eventually allowing people around the globe to navigate much of the online world using their native language scripts, they said. This is a boon especially for users who find it cumbersome to type in Latin characters to access Web pages. Of the 1.6 billion Internet users worldwide, more than half use languages that have scripts that are not based on the Latin alphabet. Hong Jong-gil, an Internet industry analyst at Korea Investment and Securities in Seoul, said the new names would help children and old people who had not learned the Latin alphabet. But he did not foresee any dramatic increase in the number of Internet users because Internet penetration has less to do with whether one has to type in English- alphabet domain names and more to do with ?whether you can afford a PC and your community has broadband access.? Agencies that help companies and individuals get Internet domains welcomed the Icann decision, noting it would be good for their own businesses. ?This is great news for us. This opens a new demand for domain names,? said Yang Eun-hee, an official at Gabia.com, an Internet domain agency. ?There will be a rush among businesses to get new local- language Web addresses to protect their brand names. These days, a big company typically has dozens or hundreds of domains for their products, and it will be quite a cost to get all the new names.? Observers agree that the change could make a difference for many businesses. ?A lot of companies will end up having double domains ? the existing one in English and a new one in the local script,? said Choi Kyoung-jin, an analyst at Shinhan Investment. ?A Korean domain name may be useful for Koreans but it?s not for foreign customers.? Users who do not use the Latin alphabet can now reach Web sites by asking search engines to provide their links. But a change in the domain name policy has become inevitable, Internet industry officials said. For example, there are so many .com Web addresses that it has become next to impossible to find an English word or an intelligible combination of two English words not already in use, they said. ?Today?s decision opens up a whole new Internet territory,? Ms. Yang said. ?The Internet will become more multi-lingual than before.? Home ? World ? U.S. ? N.Y. / Region ? Business ? Technology ? Science ? Health ? Sports ? Opinion ? Arts ? Style ? Travel ? Jobs ? Real Estate ? Automobiles ? Back to Top Copyright 2009 ? Privacy Policy ? Terms of Service ? Search ? Corrections ? RSS ? First Look ? Help ? Contact Us ? Work for Us ? Site Map From rforno at infowarrior.org Sat Oct 31 02:19:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Oct 2009 22:19:02 -0400 Subject: [Infowarrior] - Compromise Reached on Senate Shield Law Message-ID: <3DF4ADE9-1765-4155-81EE-C0CD823B4A45@infowarrior.org> Compromise Reached on Senate Shield Law Q&A with Newspaper Association counsel Paul Boyle By Clint Hendler http://www.cjr.org/campaign_desk/compromise_reached_on_senate_s.php?page=all Today the prime Senate sponsors of the Free Flow of Information Act? or, as it?s commonly known, the shield bill?announced that they?d reached a compromise with the White House on the bill?s most contentious issues: who would be considered a journalist, and just how much protection journalists would get from subpoenas demanding testimony. The compromise bill?s definition of who is a journalist?or, in legislatese, a ?covered person??is surprisingly expansive. It sets up no payment or employment test, and therefore would clearly cover student journalists, freelancers, book authors, and any blogger who regularly practices journalism. The bill treats the balancing act between forcing testimony and granting shield to journalists receiving subpoenas differently, depending on whether the subpoena is brought in a civil trial or a criminal trial. In a civil trial journalists are the most protected? the litigant would be forced to demonstrate why their need for the information would serve a greater public interest that the journalist?s need to protect their source or the information they obtained. In a criminal trial, the situation is somewhat reversed: the journalist would be forced to demonstrate by a higher standard??clear and convincing? is the proposal?s term?that their need to protect confidential sources or information outweighs the public interest to be gained by providing testimony. Journalists who get subpoenas for information that could prevent a future act of terrorism or other specific harm to national security would get no balancing protection, and would be forced to testify. Newspaper Association of America general counsel Paul Boyle, who has been intimately involved in efforts to bring a federal shield law to life, spoke briefly with CJR following a conference call discussing the compromise with representatives of media organizations. Clint Hendler: What were the biggest concessions that the White House was willing to make between their September preferred language and what?s been arrived at today? Paul Boyle: Well, I think the White House originally would say that there?s no public interest balancing act for leak investigations involving national security. And they also said that there would not be a public interest balancing in civil cases that put the burden on civil litigants that put the burden on the litigants to make the case that the public interest would be served by having the disclosure. In criminal cases they were originally saying it would have to be extraordinary circumstances for the covered person to make the case that the public interest in news gathering outweighed the compelled disclosure. And they?ve changed that to say that a covered person must make the case by clear and convincing evidence in news gathering and free flow of information outweighs public disclosure. That was a really big trade off. The weight on the scale is sort of tilted towards the government in that section, and the weight on the scale is sort of tilted toward the media in the civil section. CH: In terms of the actual history of reporters? subpoenas, isn?t the fact of the matter that most of them come in civil cases? So maybe that?s where stronger protections are needed more of the time. PB: That?s true. That?s right. And I think that in that situation it?s kind of an unusual thing to ask reporters to reveal confidential sources. You could still get the information, but you?d have to show that the public interest in doing so really outweighs the public interest in news gathering and the free flow of information. CH: Civil cases are treated a little differently than criminal cases, and criminal cases involving national security and terrorism are treated quite differently than regular criminal cases. Are those the three categories for the different enforcement of the balancing act under the bill? PB: Yeah. Section 5 is a critical component; it?s the national security exception. At one point, to compel disclosure to prevent significant and articulatable harm to national security or to prevent a terrorist attack there was public interest balance on whether or not disclosure was in the public interest. And that?s gone. And, in reality, if we knew where Osama bin Laden was located, the media would turn that information over. But if the government wanted to compel that, they could say ?That?s specific and articulatable harm. We want to prevent a terrorist attack.? We?d never win that case. But if there were a leak situation, that would go under the criminal area. If there were a leak investigation looking at the CIA prison story, or the warantless wiretapping leak, Abu Ghraib, it would go under section two, or the criminal section. If you were investigating a past leak you would have public interest balancing. The reporter would at least have the ability to say ?Here, there?s clear and convincing evidence to say that this story was valuable to the public,? and be able to make the case that the source could be protected. But if there were a leak that the government could demonstrate that there?s going to be significant and articulatable harm, or potential for a terrorist attack from that leak, then they could get the information. CH: Let?s take as a recent example the Times?s wiretapping story. Many people argued that that story did make attacks more likely. Is that a case where there would be a battle about whether or not that argument? that attacks would be more likely because the program was exposed?was far enough along the line of a significant and articulatable harm? PB: You can?t really look at any kind of case and try to predict the outcome. It all depends on how it?s presented, and the facts. I think what?s important with this bill is that you know what the rules and procedures are, so you don?t have to spend any energy and time and resources knowing where the lines are drawn. In that situation, I imagine lawyers would argue that it revealed that this was going on to members of Congress and the general public, and led to legislation enacted by Congress to change warrantless wiretapping. These things are going to be balanced out and judges are fully capable of balancing the competing interests on both sides. And they do it everyday. This bill was never about a particular case. It was always about clear rules of procedure and giving guidance to the courts. And I think case law will develop. CH: In the event of a criminal leak investigation, the argument that that leaker might leak again wouldn?t be sufficient to compel testimony from a covered person. Is that correct? PB: Yes. The language is fairly complex. It says the government can?t, on its face, say the fact that the leaser would leak again. That?s not good enough. They have to provide further evidence that there?s going to be the potential for a future leak, and present facts to that. With this bill, on national security leaks, for the most part the government can?t go up there and say ?We need the information for national security.? They?ve got to demonstrate why they need the information. On leaks, it protects that perspective; it provides balancing when the government is looking back. CH: You were on this conference call that just broke up. How is this being received? PB: I think there was a lot of good discussion. There was discussion about the clear and convincing evidence standard, and whether or not that was too much of a give. There were some folks who were concerned about that, and there was some conversation about whether non- confidential information was protected. It?s much clearer in the house bill that there?s protection for non-confidential information. CH: So, information that was given without the explicit promise of it being confidential? PB: Correct. But generally speaking, at the end of the day, people felt this was a good compromise worth our support if indeed this gets the administration to support the bill and we can get this to the president?s desk. CH: And there?s still a long way to go. PB: Absolutely! From rforno at infowarrior.org Sat Oct 31 02:39:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Oct 2009 22:39:58 -0400 Subject: [Infowarrior] - Apocalypse? Weather Channel to run movies... Message-ID: See also: "The ABCs of TLC, GSN and A& E: Niche networks skew younger to avoid ending up MIA" http://www.washingtonpost.com/wp-dyn/content/article/2009/10/29/AR2009102904501.html?hpid=sec-artsliving Weather Channel to air movies for first time http://tinyurl.com/yle77wz By DAVID BAUDER, AP Television Writer David Bauder, Ap Television Writer ? Tue Oct 20, 3:41 pm ET NEW YORK ? The Weather Channel plans to show movies for the first time in its 27-year history and it's easy to guess which one is leading off. "The Perfect Storm," of course. The George Clooney and Mark Wahlberg movie about a horrific storm off the New England coast will air on Oct. 30, the 18th anniversary of the actual storm. Network executives had been thinking about adding movies, and the timing proved too good to pass up, said Geoffrey Darby, the network's chief programmer. The network in recent years gradually slipped in longer programming, including a morning show hosted by Al Roker, to complement its constantly rotating forecasts. "The Perfect Storm" begins a four-week period in which The Weather Channel will try some Friday night movies. The films are either weather-themed or have plots in which weather plays a key role, Darby said. Meteorologist Jennifer Carfagno will host movie night and offer commentary. Other movies include the documentary "March of the Penguins," the thriller "Deep Blue Sea" and "Misery," for which Kathy Bates won an Academy Award. The weather angle is pretty clear in "The Perfect Storm," but "Misery"? Darby noted the nightmare endured by James Caan's character begins with a blinding snowstorm. For The Weather Channel, the risk lies in alienating its regular weather-obsessed viewers, who tune in for news of high pressure systems rather than high drama. The potential reward is that new fans will tune in, and they'll stay on the station for a longer period, pleasing advertisers. Darby said most viewers on Friday night aren't interested in much more than the weekend forecast, and that will be updated on the screen six times an hour. "It's a way to respond to at least a significant portion of our audience that says, `Let's expand the definition of weather,'" he said. The idea predates NBC Universal's purchase of The Weather Channel, Darby said. None of the first four movies are distributed by NBC Universal. From rforno at infowarrior.org Sat Oct 31 02:47:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Oct 2009 22:47:30 -0400 Subject: [Infowarrior] - The 12 most annoying Facebookers Message-ID: <913CBF1C-A700-494C-811B-64C1E255A986@infowarrior.org> The 12 most annoying Facebookers By Brandon Griggs, CNN October 24, 2009 -- Updated 1542 GMT (2342 HKT) http://edition.cnn.com/2009/TECH/10/24/annoying.facebook.updaters/index.html (CNN) -- Facebook, for better or worse, is like being at a big party with all your friends, family, acquaintances and co-workers. There are lots of fun, interesting people you're happy to talk to when they stroll up. Then there are the other people, the ones who make you cringe when you see them coming. This article is about those people. Sure, Facebook can be a great tool for keeping up with folks who are important to you. Take the status update, the 160-character message that users post in response to the question, "What's on your mind?" An artful, witty or newsy status update is a pleasure -- a real-time, tiny window into a friend's life. But far more posts read like navel-gazing diary entries, or worse, spam. A recent study categorized 40 percent of Twitter tweets as "pointless babble," and it wouldn't be surprising if updates on Facebook, still a fast-growing social network, break down in a similar way. Combine dull status updates with shameless self-promoters, "friend- padders" and that friend of a friend who sends you quizzes every day, and Facebook becomes a daily reminder of why some people can get on your nerves. Here are 12 of the most annoying types of Facebook users: The Let-Me-Tell-You-Every-Detail-of-My-Day Bore. "I'm waking up." "I had Wheaties for breakfast." "I'm bored at work." "I'm stuck in traffic." You're kidding! How fascinating! No moment is too mundane for some people to broadcast unsolicited to the world. Just because you have 432 Facebook friends doesn't mean we all want to know when you're waiting for the bus. The Self-Promoter. OK, so we've probably all posted at least once about some achievement. And sure, maybe your friends really do want to read the fascinating article you wrote about beet farming. But when almost EVERY update is a link to your blog, your poetry reading, your 10k results or your art show, you sound like a bragger or a self- centered careerist. The Friend-Padder. The average Facebook user has 120 friends on the site. Schmoozers and social butterflies -- you know, the ones who make lifelong pals on the subway -- might reasonably have 300 or 400. But 1,000 "friends?" Unless you're George Clooney or just won the lottery, no one has that many. That's just showing off. The Town Crier. "Michael Jackson is dead!!!" You heard it from me first! Me, and the 213,000 other people who all saw it on TMZ. These Matt Drudge wannabes are the reason many of us learn of breaking news not from TV or news sites but from online social networks. In their rush to trumpet the news, these people also spread rumors, half-truths and innuendo. No, Jeff Goldblum did not plunge to his death from a New Zealand cliff. The TMIer. "Brad is heading to Walgreens to buy something for these pesky hemorrhoids." Boundaries of privacy and decorum don't seem to exist for these too-much-information updaters, who unabashedly offer up details about their sex lives, marital troubles and bodily functions. Thanks for sharing. The Bad Grammarian. "So sad about Fara Fauset but Im so gladd its friday yippe". Yes, I know the punctuation rules are different in the digital world. And, no, no one likes a spelling-Nazi schoolmarm. But you sound like a moron. The Sympathy-Baiter. "Barbara is feeling sad today." "Man, am I glad that's over." "Jim could really use some good news about now." Like anglers hunting for fish, these sad sacks cast out their hooks -- baited with vague tales of woe -- in the hopes of landing concerned responses. Genuine bad news is one thing, but these manipulative posts are just pleas for attention. The Lurker. The Peeping Toms of Facebook, these voyeurs are too cautious, or maybe too lazy, to update their status or write on your wall. But once in a while, you'll be talking to them and they'll mention something you posted, so you know they're on your page, hiding in the shadows. It's just a little creepy. The Crank. These curmudgeons, like the trolls who spew hate in blog comments, never met something they couldn't complain about. "Carl isn't really that impressed with idiots who don't realize how idiotic they are." [Actual status update.] Keep spreading the love. The Paparazzo. Ever visit your Facebook page and discover that someone's posted a photo of you from last weekend's party -- a photo you didn't authorize and haven't even seen? You'd really rather not have to explain to your mom why you were leering like a drunken hyena and French-kissing a bottle of Jagermeister. The Obscurist. "If not now then when?" "You'll see..." "Grist for the mill." "John is, small world." "Dave thought he was immune, but no. No, he is not." [Actual status updates, all.] Sorry, but you're not being mysterious -- just nonsensical. The Chronic Inviter. "Support my cause. Sign my petition. Play Mafia Wars with me. Which 'Star Trek' character are you? Here are the 'Top 5 cars I have personally owned.' Here are '25 Things About Me.' Here's a drink. What drink are you? We're related! I took the 'What President Are You?' quiz and found out I'm Millard Fillmore! What president are you?" You probably mean well, but stop. Just stop. I don't care what president I am -- can't we simply be friends? Now excuse me while I go post the link to this story on my Facebook page.