From rforno at infowarrior.org Tue Sep 1 02:40:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 Aug 2009 22:40:25 -0400 Subject: [Infowarrior] - Code for Skype Spyware Released to Thwart Surveillance Message-ID: Code for Skype Spyware Released to Thwart Surveillance ? By Kim Zetter ? August 31, 2009 | ? 2:44 pm | ? Categories: Cybersecurity http://www.wired.com/threatlevel/2009/08/skype-trojan/ A Swiss programmer who crafted malware for intercepting and recording Voice-over-IP phone calls has posted the source code online to draw attention to vulnerabilities in programs such as Skype, and to make it harder for law enforcement to surreptitiously use the malware for surveillance, according to Tech World. Ruben Unteregger, 33, wrote the code for ?MiniPanzer? and ?MegaPanzer? in 2006 for his former employer, ERA IT Solutions. The company allegedly sold the malware to Swiss authorities to be used for surveillance. Once installed on a machine, the malware hooks into Window?s audio drivers, thus bypassing Skype?s proprietary encryption. It then records the victim?s VoIP calls as MP3s, which are sent to a remote server for an eavesdropper to collect. The programs were developed to work on Windows XP, but Unteregger said in an interview published last week that the programs likely would work with other Windows operating systems as well. Unteregger, who said he retained copyright for the programs, released the source code and two compiled binaries last week so that anti-virus companies could write signatures to detect the malware and frustrate efforts by authorities to secretly plant the programs on targeted computers. Days after Unteregger released his code, Symantec and TrendMicro announced that their anti-virus programs had already detected copies of a Skype trojan in the wild, which appears to resemble Unteregger?s programs. From rforno at infowarrior.org Tue Sep 1 19:23:07 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Sep 2009 15:23:07 -0400 Subject: [Infowarrior] - NFL adopts game day social media policy Message-ID: <6A8A9CFB-7739-4DA2-90D7-14E38F22C7F7@infowarrior.org> I love these guys....they just don't understand the information age at all. ---rf NFL adopts game day social media policy Posted by Mike Florio on August 31, 2009 4:08 PM ET http://profootballtalk.nbcsports.com/2009/08/31/nfl-adopts-game-day-social-media-policy/ The National Football League, ten days from the start of the 2009 regular season, has rolled out its policy regarding the use of social media (such as Twitter and Facebook) on game days. Per the release from the league office, the NFL has advised the 32 member teams that coaches, players, and football operations personnel will be permitted, with club permission, to use these devices on game day during specific time periods before and after games. The prohibited window starts 90 minutes before the game begins and extends after post-game media interviews have concluded. The phrase "with club permission," however, allows the teams to (in theory) apply broader rules on the use of social media. At some point, the matter could become a subject for collective bargaining. (Actually, the NFLPA might contend that the league- imposed policy in and of itself represents a condition of employment that cannot be unilaterally imposed.) "The use of these sites . . . is not permitted during the game, including halftime," the release states. "No updates are permitted to be posted by the individual himself or anyone representing him during this prohibited time on his personal Twitter, Facebook or any other social media account." The league also has blocked referee Ed Hochuli from tweeting apologies for his next blown call; the policy prohibits NFL game officials and the officiating department from using social media at any time. There's also an aspect that applies to the media. "Longstanding policies prohibiting play-by-play descriptions of NFL games in progress apply fully to Twitter and other social media platforms," the release states. "Internet sites may not post detailed information that approximates play-by-play during a game. While a game is in progress, any forms of accounts of the game must be sufficiently time-delayed and limited in amount (e.g., score updates with detail given only in quarterly game updates) so that the accredited organization's game coverage cannot be used as a substitute for, or otherwise approximate, authorized play-by-play accounts." But while it will be fairly easy for the league to slam the door on play-by-play accounts posted by the likes of beat writers, accredited national media, and assorted Internet slapdicks like yours truly, we wish the league office the best of luck in keeping Joe Schmoe in Kokomo from trying to become the Twitter and/or USTREAM version of Al Michaels. And that's where the rules become unfair and/or unrealistic. Someone sitting in the press box will be prohibited from tweeting a play-by- play account of the game. But the guy or gal sitting only a few feet away in the paid seating area will be able to tweet to his or her heart's content. There's no way that the NFL will be able to police this. Our guess is that, in the end, the league will to stop only those offenders who become the most popular and/or notorious. All that said, our new friend (and we don't mean that sarcastically) Chad Ochocinco is on notice -- there will be no player tweeting during games. From rforno at infowarrior.org Tue Sep 1 19:31:58 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Sep 2009 15:31:58 -0400 Subject: [Infowarrior] - The Article Cash4Gold Doesn't Want You To Read Message-ID: The Article Cash4Gold Doesn't Want You To Read 2:11 PM on Tue Sep 1 2009, 7,507 views By Ben Popken and Meg Marco http://consumerist.com/5349663/the-article-cash4gold-doesnt-want-you-to-read If you have any broken, ugly jewelry lying around in a drawer somewhere, you've probably taken notice of a company called Cash4Gold that promised to pay "top dollar" for your not-so-precious precious metals. If you're like us, you might have even seen a post on ComplaintsBoard.com by a former employee exposing Cash4Gold. The whistleblower's post appeared on ComplaintsBoard last November. We featured it this February, as part of our ongoing coverage of Cash4Gold, after the company raised its public profile with a multi- million dollar Super Bowl ad. The post was indeed written by an ex- employee, Michele Liberis, who is now being sued by the company for defamation. Recently, Cash4Gold added Consumerist and ComplaintsBoard as co-defendants in its lawsuits (PDF) against Liberis and another former employee, Vielka Nephew (PDF), in an attempt to force us to take the information down. Liberis and Nephew have chosen to stand up to Cash4Gold's legal attack, and so have we. < - > Just to be clear about the Consumerist's position, we consider this a legitimate and even important news story. One core mission of a consumer-oriented news site is to alert its readers to bad deals. Everything we've learned about Cash4Gold's offer so far places it in that category, in our view. That's why we have resisted the legal efforts to silence our reporting, and why we've continued to dig into the story, despite the company's lack of cooperation. From rforno at infowarrior.org Wed Sep 2 18:26:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Sep 2009 14:26:02 -0400 Subject: [Infowarrior] - Bill Giving Obama Power to Shut Web Takes on New Tone Message-ID: Bill Giving Obama Power to Shut Web Takes on New Tone John Fontana, Network World Sep 1, 2009 9:50 am http://www.pcworld.com/article/171207/obama_web_security.html?tk=rss_news The second draft of a Senate cybersecurity billappears to tone down language that would grant President Obama the power to shut down the Internet. The Senate bill, first introduced in April by Senator John Rockefeller (D-W. Va.), does, however, still include language that gives Obama the authority to direct responses to cyber attacks and declare a cyber emergency. The bill also gives the President 180 days, as opposed to one year outlined in the bill's first draft, to implement a cybersecurity strategy from the day the bill is passed, which for now could be a long way off. But the language in the first draft of the bill, which has yet to make it out of Rockefeller's Senate Committee on Commerce, Science, and Transportation and onto the Senate floor, has been rewritten regarding the President's authority to shut down both public and private networks including Internet traffic coming to and from compromised systems. Critics contend sweeping presidential power isn't good news since private networks could be shut down by government order. In addition, those same networks could be subject to government mandated security standards and technical configurations. The original bill included the words: "The President may....order the limitation or shutdown of Internet traffic to and from any compromised Federal government or United States critical infrastructure information system or network. The second draft, which has not been released publicly, rearranges those words, according to text of the bill posted by CNet. The second draft contains more convoluted language concerning the President's control over computer networks and it deletes reference to the Internet. It qualifies his authority to include "strategic national interests involving compromised Federal Government or United States critical infrastructure information system or network," but says he may "direct the national response to the cyber threat" in coordination with "relevant industry sectors." The reference to relevant industry sectors is new in the second draft. The bill still includes language that would have the President directing the "timely restoration of the affected critical infrastructure information system or network." Earlier this year, critics expressed concern over potentially giving the President power to tell private network operators when they could turn their systems back on after a cybersecurity threat. Proponents, however, including officials from the Center for Strategic and International Studies (CSIS), are on record as saying the legislation is comprehensive and strong and reflects the need for thorough debate around digital security that is long overdue. The original bill proposed by Rockefeller, and now co-sponsored by Evan Bayh (D-Ind.) Bill Nelson (D-Fla.) and Olympia Snowe (R-Maine), touched off a storm of debate over how much power the President should have to control the operation of "critical infrastructure." When the bill was release in April, Leslie Harris, president and CEO at the Center for Democracy and Technology (CDT), which promotes democratic values and constitutional liberties for the digital age, told Network World: "We are confident that the communication networks and the Internet would be so designated [as critical infrastructure], so in the interest of national security the president could order them disconnected." Network World sources said Rockefeller's Commerce, Science, and Transportation committee, which includes Senators Mark Begich (D- Alaska), Barbara Boxer (D-Calif.) and Maria Cantwell (D-Wash.), spent much of the recent Senate recess meeting with stakeholders and groups that had problems with the first draft of the bill. Those meetings are intended to help complete a second draft, which has yet to be introduced formally by the committee. While the sources did not say who was part of those meetings, stakeholders could conceivably extend to large service provider networks such as those run by Google, Microsoft, AOL, Yahoo and others that offer online services and applications to corporations and consumers. In April, Google confirmed it was studying the legislation. The cybersecurity bill is very much in the early stages and the second draft represents progress in drafting the bill's language for the committee to debate. Introduced bills and resolutions first go to committees that deliberate, investigate and revise them before they go to general debate. The majority of bills and resolutions never make it out of committee. As with any law, both the House and Senate would have to pass the bill and the President would have to sign it. From rforno at infowarrior.org Thu Sep 3 11:29:51 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Sep 2009 07:29:51 -0400 Subject: [Infowarrior] - Apple silently downgrades Flash to vuln version Message-ID: <66BEAC04-53E7-4884-9C5C-BD0CFA4BC4DB@infowarrior.org> Apple ships a known vulnerable version of Flash with Snow Leopard http://www.sophos.com/blogs/gc/g/2009/09/02/apple-ships-vulnerable-version-flash-snow-leopard/ The last thing you expect when you upgrade your operating system, is that you will have some of your security silently downgraded. But that's precisely what seems to have happened with Mac OS X Snow Leopard, which ignores that you have been keeping Adobe Flash up-to- date and downgrades it to an earlier version, as the following YouTube video shows: So, lets explain what's going on here. Imagine you have a Mac. Imagine you have been really diligent about keeping your copy of Adobe Flash up-to-date (Adobe is commonly targeted by the bad guys, and so Adobe has been releasing regular security updates for Flash and PDF Reader) Now, imagine (like me) you got your copy of Snow Leopard on Friday, and have now updated your computers. Unfortunately during the course of that update (and unknown to you) Apple downgraded your installation of Flash to an earlier version (version 10.0.23.1), which is known not to be secure and is not patched against various security vulnerabilities. The version you should be running is the latest version of Flash Player for Mac - 10.0.32.18. Mac users are not informed that Snow Leopard has downgraded their version of Flash without permission, and that they are now exposed to a raft of potential attacks and exploits which have been targeted on Adobe's software in recent months. I urge all Mac users who have upgraded to Snow Leopard to double-check that their version of Adobe Flash is current and - if not - update it immediately from http://get.adobe.com/flashplayer/ This should be done as a matter of priority. Adobe is the "new Microsoft" when it comes to security vulnerabilities, with hackers targeting their software looking for vulnerabilities to exploit. This has lead the company to follow Microsoft's example by releasing regular security updates. Mac users who have been diligent enough to keep their security up-to- date do not deserve to be silently downgraded. We know that hackers keep finding security holes in Adobe's code - and that's deeply concerning because it is so widely used by many internet users, whether on Mac or PC. It's vital, therefore, that users ensure they are running the latest version - and that, in the future, operating system manufacturers do not reduce their customers' level of security without warning. If you're not sure which version of Adobe Flash you have on your computer (whatever operating system you use), take 30 seconds to visit their website. Adobe will not only tell you what version of Flash you are running, they will also tell you what version you should be running. Update: Chet has blogged about other security oddities he's seen when upgrading from Leopard to Snow Leopard, and claims that Apple has missed an opportunity to improve. Posted on September 2nd, 2009 by Graham Cluley, Sophos From rforno at infowarrior.org Thu Sep 3 11:33:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Sep 2009 07:33:45 -0400 Subject: [Infowarrior] - Hacking Swine Flu Message-ID: <1FC1348C-42DA-4012-838C-11C6C0D2419D@infowarrior.org> I read a fantastic article in Nature magazine (vol 459, pp931-939 (18 June 2009)) that summarizes not only the current state of novel H1N1 (aka Swine Flu) understanding, but also a compares H1N1 against other flu strains. In particular, it discusses in-depth how the pathogenic components ? i.e., the stuff that kills you ? compare against each other. The Influenza virus is quite fascinating. Allow me to ramble on? < - > http://www.bunniestudios.com/blog/?p=353 From rforno at infowarrior.org Thu Sep 3 11:36:46 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Sep 2009 07:36:46 -0400 Subject: [Infowarrior] - Customers Angered as iPhones Overload AT&T Message-ID: September 3, 2009 Customers Angered as iPhones Overload AT&T By JENNA WORTHAM http://www.nytimes.com/2009/09/03/technology/companies/03att.html?_r=1&pagewanted=print Slim and sleek as it is, the iPhone is really the Hummer of cellphones. It?s a data guzzler. Owners use them like minicomputers, which they are, and use them a lot. Not only do iPhone owners download applications, stream music and videos and browse the Web at higher rates than the average smartphone user, but the average iPhone owner can also use 10 times the network capacity used by the average smartphone user. ?They don?t even realize how much data they?re using,? said Gene Munster, a senior securities analyst with Piper Jaffray. The result is dropped calls, spotty service, delayed text and voice messages and glacial download speeds as AT&T?s cellular network strains to meet the demand. Another result is outraged customers. Cellphone owners using other carriers may gloat now, but the problems of AT&T and the iPhone portend their future. Other networks could be stressed as well as more sophisticated phones encouraging such intense use become popular, analysts say. Taylor Sbicca, a 27-year-old systems administrator in San Francisco, checks his iPhone 10 to 15 times a day. But he is not making calls. He checks the scores of last night?s baseball game and updates his Twitter stream. He checks the local weather report to see if he needs a coat before heading out to dinner ? then he picks a restaurant on Yelp and maps the quickest way to get there. Or at least, he tries to. ?It?s so slow, it feels like I?m on a dial-up modem,? he said. Shazam, an application that identifies songs being played on the radio or TV, takes so long to load that the tune may be over by the time the app is ready to hear it. On numerous occasions, Mr. Sbicca says, he missed invitations to meet friends because his text messages had been delayed. And picking up a cell signal in his apartment? ?You hit the dial button and the phone just sits there, saying it?s connecting for 30 seconds,? he said. More than 20 million other smartphone users are on the AT&T network, but other phones do not drain the network the way the nine million iPhones users do. Indeed, that is why the howls of protest are more numerous in the dense urban areas with higher concentrations of iPhone owners. ?It?s almost worthless to try and get on 3G during peak times in those cities,? Mr. Munster said, referring to the 3G network. ?When too many users get in the area, the call drops.? The problems seem particularly pronounced in New York and San Francisco, where Mr. Munster estimates AT&T?s network shoulders as much as 20 percent of all the iPhone users in the United States. Owners of the iPhone 3GS, the newest model, ?have probably increased their usage by about 100 percent,? said Chetan Sharma, an independent wireless analyst. ?It?s faster so they are using it more on a daily basis.? Mr. Sharma compares the problem to water flowing through a pipe. ?It can only funnel so much at a given time,? he said. ?It comes down to peak capacity loads, or spikes in data usage. That?s why you see these problems at conferences or in large cities with high concentration of iPhone users.? When thousands of iPhone owners descended on Austin, Tex., in March during South by Southwest, an annual technology and music conference, attendees were unable to send text messages, check their e-mail or make calls until AT&T installed temporary cell sites to amplify the service. AT&T?s right to be the exclusive carrier for iPhone in the United States has been a golden ticket for the wireless company. The average iPhone owner pays AT&T $2,000 during his two-year contract ? roughly twice the amount of the average mobile phone customer. But at the same time the iPhone has become an Achilles? heel for the company. ?It?s been a challenging year for us,? said John Donovan, the chief technology officer of AT&T. ?Overnight we?re seeing a radical shift in how people are using their phones,? he said. ?There?s just no parallel for the demand.? AT&T says that the majority of the nearly $18 billion it will spend this year on its networks will be diverted into upgrades and expansions to meet the surging demands on the 3G network. The company intends to erect an additional 2,100 cell towers to fill out patchy coverage, upgrade existing cell sites by adding fiber optic connectivity to deliver data faster and add other technology to provide stronger cell signals. As fast as AT&T wants to go, many cities require lengthy filing processes to erect new cell towers. Even after towers are installed, it can take several months for software upgrades to begin operating at faster speeds. The company has also delayed bandwidth-heavy features like multimedia messaging, or text messages containing pictures, audio or video. It is also postponing ?tethering,? which allows the iPhone to share its Internet connection with a computer, a standard feature on many rival smartphones. AT&T says it has no intention of capping how much data iPhone owners use. The upgrades are expected to be completed by next year and the company has said it is already seeing improvements. But AT&T faces another cost ? to its reputation. AT&T?s deal with Apple is said to expire as early as next year, at which point other carriers in the United States would be able to sell the popular Apple phones. Indeed, a recent survey by Pricegrabber.com found that 34 percent of respondents pinpointed AT&T as the primary reason for not buying an iPhone. ?It?s a P.R. nightmare,? said Craig Moffett, a senior analyst with Sanford C. Bernstein & Company. AT&T might be in the spotlight now, analysts say, but other carriers will face similar problems as they sell more smartphones, laptop cards and eventually tablets that encourage high data usage. Globally, mobile data traffic is expected to double every year through 2013, according to Cisco Systems, which makes network gear. ?Whether an iPhone, a Storm or a Gphone, the world is changing.? Mr. Munster said. ?We?re just starting to scratch the surface of these issues that AT&T is facing.? In preparation for the next wave of smartphones and data demands, all the carriers are rushing to introduce the next-generation of wireless networks, called 4G. Analysts expect that in a year or so, AT&T?s network will have improved significantly ? but it may not be soon enough for some iPhone owners paying for the higher-priced data plans, like Mr. Sbicca, who says he plans to switch carriers as soon as the iPhone becomes available on other networks. ?What good is having all those applications if you don?t have the speed to run them?? he said. ?It?s not exactly rocket science here. It?s pretty standard stuff to be able to make a phone call.? From rforno at infowarrior.org Thu Sep 3 16:40:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Sep 2009 12:40:11 -0400 Subject: [Infowarrior] - Google Patents World's Simplest Home Page Message-ID: <4C1E5697-0E61-42DB-B831-7B35B2BC6342@infowarrior.org> http://valleywag.gawker.com/5350982/google-patents-worlds-simplest-home-page After a five-and-a-half-year fight, Google and its attorneys have managed to convince federal bureaucrats to bestow a patent on the company's iconic home page. We always thought the page was brain-dead simple, but apparently it's an innovative "graphical user interface." Google had more luck patenting the design of its search results, which were submitted along with the home page in early 2004 cleared the U.S. Patent and Trademark Office at the end of 2006. The home page, in contrast, was split off into a separate application, receiving its design patent for a "Graphical user interface for a display screen of a communications terminal" just yesterday. The document (see below) is as minimalist as the interface, containing a single illustration of Google.com, with the company logo depicted in dotted lines to indicate it is not an integral part of the patent. In other words, subject to how the patent is enforced, Google owns the idea of having a giant search box in the middle of the page, with two big buttons underneath and several small links nearby. Since the time of the patent application in 2004, the company has moved some links, for searching News and Groups and other alternate databases, from directly above the search box to the top of the home page. But Google presumably believes its patent is broad enough to cover the variation. From rforno at infowarrior.org Thu Sep 3 19:10:45 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Sep 2009 15:10:45 -0400 Subject: [Infowarrior] - MPAA at it again.... Message-ID: Movie studios again demand HDTV disabling powers from FCC Even the MPAA now concedes that its bid for selectable output control could force some consumers to buy new home theater gear. What we still don't have is a reasonable estimate on whether the 11 million figure bandied about is accurate. Nor do we know what the Genachowski FCC thinks about this mess. By Matthew Lasar | Last updated September 2, 2009 6:22 AM CT http://arstechnica.com/tech-policy/news/2009/09/movie-studios-again-demand-hdtv-disabling-powers-from-fcc.ars Hollywood's bid to force a yet-to-be-agreed-upon number of households to buy new home theater gear is back in business. The Motion Picture Association of America has once again asked the Federal Communications Commission for the right to selectively control output streams to the TV entertainment systems of consumers. "The pro-consumer purpose" (!) request "is to enable movie studios to offer millions of Americans in- home access to high-value, high definition video content," three MPAA biggies explained during a meeting they held with seven FCC Media Bureau staffers last Thursday. Consumer groups, electronics makers, pro-consumer bloggers, and consumers, it should be noted, think this idea is a very stinky dog. So did former FCC Chair Kevin Martin. But that does not seem to dissuade the MPAA, whose principals just can't seem to let the issue go. What's interesting about the group's latest filing, however, is that it effectively concedes that the output changes it wants could, in fact, hobble some home video systems. "The vast majority of consumers would not have to purchase new devices to receive the new, high-value content contemplated by MPAA's" request, the group assures the FCC. But first, a history of this controversial crusade. No go with the flow As we've reported for well over a year, in June of 2008 the MPAA petitioned the FCC for a waiver on a practice that the agency banned in its 2003 "plug and play" Order?messing with a video stream so as to disable either the analog or digital flow to a consumers' home HDTV/ DVR system. This is called "selectable output control." Hollywood says it wants to partner with cable companies to offer pre-DVD releases of big movies, but not unless they transmit through "secure and protected digital outputs in order to prevent unauthorized copying and redistribution." That means bleeping the analog stream, which MPAA worries is less "secure." In the interviews we did with several MPAA officials, we tried very hard to get them to explain to us what exactly they want security from (naughty consumers trying to record the movie, perhaps?), but to no avail. What the trade group rather robotically emphasizes is that pre- DVD releases will benefit people who for various reasons can't get to theaters. "Physically challenged or elderly consumers who have limited mobility would have greater choice in movie viewing options," the group's filings on this issue say. "It would similarly benefit parents who want to see a new movie, but who cannot find or afford a babysitter." But critics of the proposed deal want to know why the FCC should let the studios on whose behalf MPAA is petitioning?Paramount, Sony, Twentieth Century Fox, Universal, Disney, and Warner Brothers?limit the capabilities of home TV systems that consumers have already bought and installed. "The side effect," warns the consumer group Public Knowledge in an educational video it has put out on this question, "is that SOC would break all eleven million HDTVs in the US that don't have digital input. In essence, all the MPAA wants is to control when and how you watch the stuff you've already paid for." Frozen critics From this point of departure came a quick he-said-she-said at the FCC about how many home video systems SOC would screw up. In mid-November, the Consumer Electronics Association, which not surprisingly also hates this idea, warned that if the FCC gave Hollywood an SOC waiver, 20 million HDTV sets could cease to function as they did when they were bought by US consumers. PK's Jef Pearlman showed up at the agency's door a few days later and called this a low estimate, since it didn't count DVRs and other devices that might get their input exclusively from analog connections. Not to be outdone, the MPAA returned to the FCC's HQ in late November with the rejoinder that its critics were, in essence, Luddites. "At its core, the position of CEA is that technology should be frozen in time, and any new services that require advanced technology should be banned," a small crew of MPAA folk and supporters explained at a meeting with former Commissioner Jonathan Adelstein. "This position is quite astonishing, coming from an organization that in the past has advocated in favor of technological innovation." Finally we asked then Commission Chair Kevin Martin at one of his last press conferences what he thought about SOC. "I'm not supportive of moving forward with this MPAA proposal at this time," Martin told us in late December. But when Ars pressed if the issue was now tabled for the Obama administration's FCC, the outgoing boss said yes. "If another Commission" wants to deal with the question, "they will be able to, obviously, but I'm not supportive of it," he explained. And so, not surprisingly, SONY Pictures was once more into the breach by early February, trying to get interim Chair Michael Copps to see "the advantages of expanded consumer choices in the marketplace" that would supposedly come with a waiver on SOC. There is no evidence that Copps, who was totally preoccupied by the DTV transition at the time, gave this issue more than a moment's thought. Not to worry MPAA's latest filing takes issue with PK's 11 million number, noting that a comment submitted by the group last September doesn't cite a source for the figure. But then it continues: "Even if accurate, the Public Knowledge figure is vastly overinclusive because it counts homes where consumers do have at least one television set with protected digital inputs (even though they also may have older sets in other rooms in the house). In fact, the vast majority of consumers would not have to purchase new devices to receive the new, high-value content contemplated by MPAA?s waiver request." Our translation: SOC could screw up plenty of home theater equipment, but that's ok, because those households have backups with digital inputs. The MPAA filing does not explain why any device that a consumer bought with their good money should be hobbled in this instance. Nor does it counsel the FCC on how to help those whom MPAA effectively concedes would have to buy a new device. Nor are we any closer to a reasonable estimate of how many households would face this unfortunate result. And don't ask us what FCC Chair Julius Genachowski thinks about this mess because we don't know, yet. Read the MPAA's filing (PDF) From rforno at infowarrior.org Sun Sep 6 04:39:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Sep 2009 00:39:41 -0400 Subject: [Infowarrior] - Administration Seeks to Keep Terror Watch-List Data Secret Message-ID: <952CE011-94F9-457E-A2D6-86D93AC35D3B@infowarrior.org> Administration Seeks to Keep Terror Watch-List Data Secret By Ellen Nakashima Washington Post Staff Writer Sunday, September 6, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/09/05/AR2009090502240_pf.html The Obama administration wants to maintain the secrecy of terrorist watch-list information it routinely shares with federal, state and local agencies, a move that rights groups say would make it difficult for people who have been improperly included on such lists to challenge the government. Intelligence officials in the administration are pressing for legislation that would exempt "terrorist identity information" from disclosure under the Freedom of Information Act. Such information -- which includes names, aliases, fingerprints and other biometric identifiers -- is widely shared with law enforcement agencies and intelligence "fusion centers," which combine state and federal counterterrorism resources. Still, some officials say public disclosure of watch-list data risks alerting terrorism suspects that they are being tracked and may help them evade surveillance. Advocates for civil liberties and open government argue that the administration has not proved the secrecy is necessary and that the proposed changes could make the government less accountable for errors on watch lists. The proposed FOIA exemption has been included in pending House and Senate intelligence authorization bills at the administration's request. "Instead of enhancing accountability, this would remove accountability one or two steps further away," said Steven Aftergood, director of the Federation of American Scientists' Project on Government Secrecy. When the FBI's Terrorist Screening Center disseminates data from watch lists to state and federal agencies, the information is unclassified, though marked "for official use only." Officials said that the information could be obtained under a FOIA request and that such data has been released under FOIA. Michael G. Birmingham, a spokesman for the Office of the Director of National Intelligence, said that the intelligence community is seeking "adequate protection from disclosing terrorist identity information" to the public because "no [such] exemption currently exists under FOIA." He said the goal of the proposed exemption was to keep sensitive unclassified information from unintended recipients, including terrorism suspects. One intelligence official said the information's disclosure creates a host of difficulties. "Here's the problem," the official said, discussing the matter on the condition of anonymity because he was not authorized to speak on the record. "If you've got somebody, including a suspected terrorist, who can FOIA that information, you're making intelligence-gathering methods vulnerable. You're possibly making intelligence agents and law enforcement personnel vulnerable. Suspects could alter their behavior and circumvent the surveillance." David Sobel, senior counsel for the Electronic Frontier Foundation, a privacy advocacy group, said the government has successfully used existing FOIA exemptions to deny requests for watch-list records. He cited a court case last fall brought by the EFF in which the government, in keeping with it policy, refused to confirm or deny whether a European Parliament member's name was on the terrorist watch list. The government claimed in part an exemption that bars disclosure of law enforcement information on "techniques and procedures" for investigations. The EFF, concluding that the government would win, withdrew the case. Rather than expanding the list of FOIA exemptions, Congress should pay more attention to improving the procedures for helping people who have been improperly included on the watch list, Sobel said. "There's a serious redress problem," he said. "That's the issue that needs to be addressed." On Tuesday, a coalition of privacy and transparency advocates led by OpenTheGovernment.org sent a letter to the leading members of the House and Senate intelligence committees urging that the measure be dropped. "We consider this provision unnecessary, overbroad and unwise," the letter said. A consolidated government watch list was created in 2004 and is housed at the Terrorist Screening Center. As of last September, it included about 1.1 million names and aliases corresponding to 400,000 individuals. The TSC feeds names and other data to the Transportation Security Administration's air passenger "no-fly" list, the State Department's Consular Lookout and Support System list, and the FBI's Violent Gang and Terrorist Organizations File, as well as to state and local agencies. A person is included in the list if he or she is "known or appropriately suspected to be or have been engaged in conduct constituting, in preparation for, in aid of, or related to terrorism," according to the TSC Web site. A May report by the Justice Department Office of the Inspector General found the watch-list process to be flawed, with the FBI failing to "update or remove watch list records as required." In one instance, an individual remained on the list nearly five years after the after the underlying terrorism case had been closed, the report found. The FBI later said it had implemented measures "to resolve all of the issues disclosed in the report." In 2007, the FBI signed a memo with federal agencies to standardize the redress process and to ensure "fair, timely and independent review" of complaints, according to a statement by the bureau. "We're constantly working to improve our redress procedures," TSC spokesman Chad Kolton said. "We're very proud of the work we've done so far." Kolton noted that fewer than 5 percent of the 400,000 people whose names are on the watch list are U.S. citizens or permanent residents. "The vast majority of people on the watch list are not currently in the U.S.,'' he said. From rforno at infowarrior.org Sun Sep 6 04:52:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Sep 2009 00:52:30 -0400 Subject: [Infowarrior] - Wall Street: Here We Go Again... Message-ID: <6FED31FE-15AF-4546-8246-14AC70F4D6E7@infowarrior.org> Back to Business Wall Street Pursues Profit in Bundles of Life Insurance By JENNY ANDERSON After the mortgage business imploded last year, Wall Street investment banks began searching for another big idea to make money. They think they may have found one. The bankers plan to buy ?life settlements,? life insurance policies that ill and elderly people sell for cash ? $400,000 for a $1 million policy, say, depending on the life expectancy of the insured person. Then they plan to ?securitize? these policies, in Wall Street jargon, by packaging hundreds or thousands together into bonds. They will then resell those bonds to investors, like big pension funds, who will receive the payouts when people with the insurance die. The earlier the policyholder dies, the bigger the return ? though if people live longer than expected, investors could get poor returns or even lose money. Either way, Wall Street would profit by pocketing sizable fees for creating the bonds, reselling them and subsequently trading them. But some who have studied life settlements warn that insurers might have to raise premiums in the short term if they end up having to pay out more death claims than they had anticipated. The idea is still in the planning stages. But already ?our phones have been ringing off the hook with inquiries,? says Kathleen Tillwitz, a senior vice president at DBRS, which gives risk ratings to investments and is reviewing nine proposals for life-insurance securitizations from private investors and financial firms, including Credit Suisse. ?We?re hoping to get a herd stampeding after the first offering,? said one investment banker not authorized to speak to the news media. In the aftermath of the financial meltdown, exotic investments dreamed up by Wall Street got much of the blame. It was not just subprime mortgage securities but an array of products ? credit-default swaps, structured investment vehicles, collateralized debt obligations ? that proved far riskier than anticipated. The debacle gave financial wizardry a bad name generally, but not on Wall Street. Even as Washington debates increased financial regulation, bankers are scurrying to concoct new products. In addition to securitizing life settlements, for example, some banks are repackaging their money-losing securities into higher-rated ones, called re-remics (re-securitization of real estate mortgage investment conduits). Morgan Stanley says at least $30 billion in residential re- remics have been done this year. Financial innovation can be good, of course, by lowering the cost of borrowing for everyone, giving consumers more investment choices and, more broadly, by helping the economy to grow. And the proponents of securitizing life settlements say it would benefit people who want to cash out their policies while they are alive. But some are dismayed by Wall Street?s quick return to its old ways, chasing profits with complicated new products. < - > http://www.nytimes.com/2009/09/06/business/06insurance.html?hp=&pagewanted=print From rforno at infowarrior.org Mon Sep 7 16:16:30 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Sep 2009 12:16:30 -0400 Subject: [Infowarrior] - UN Calls for New Global Reserve Currenc Message-ID: http://www.bloomberg.com/apps/news?pid=20601087&sid=aSp9VoPeHquI UN Says New Currency Is Needed to Fix Broken ?Confidence Game? Share | Email | Print | A A A By Jonathan Tirone Sept. 7 (Bloomberg) -- The dollar?s role in international trade should be reduced by establishing a new currency to protect emerging markets from the ?confidence game? of financial speculation, the United Nations said. UN countries should agree on the creation of a global reserve bank to issue the currency and to monitor the national exchange rates of its members, the Geneva-based UN Conference on Trade and Development said today in a report. China, India, Brazil and Russia this year called for a replacement to the dollar as the main reserve currency after the financial crisis sparked by the collapse of the U.S. mortgage market led to the worst global recession since World War II. China, the world?s largest holder of dollar reserves, said a supranational currency such as the International Monetary Fund?s special drawing rights, or SDRs, may add stability. ?There?s a much better chance of achieving a stable pattern of exchange rates in a multilaterally-agreed framework for exchange-rate management,? Heiner Flassbeck, co-author of the report and a UNCTAD director, said in an interview from Geneva. ?An initiative equivalent to Bretton Woods or the European Monetary System is needed.? The 1944 Bretton Woods agreement created the modern global economic system and institutions including the IMF and World Bank. Enhanced SDRs While it would be desirable to strengthen SDRs, a unit of account based on a basket of currencies, it wouldn?t be enough to aid emerging markets most in need of liquidity, said Flassbeck, a former German deputy finance minister who worked in 1997-1998 with then U.S. Deputy Treasury Secretary Lawrence Summers to contain the Asian financial crisis. Emerging-market countries are underrepresented at the IMF, hindering the effectiveness of enhanced SDR allocations, the UN said. An organization should be created to manage real exchange rates between countries measured by purchasing power and adjusted to inflation differentials and development levels, it said. ?The most important lesson of the global crisis is that financial markets don?t get prices right,? Flassbeck said. ?Governments are being tempted by the resulting confidence game catering to financial- market participants who have shown they?re inept at assessing risk.? The 45-year-old UN group, run by former World Trade Organization chief Supachai Panitchpakdi, ?promotes integration of developing countries in the world economy,? according to its Web site. Emerging-market nations should consider restricting capital mobility until a new system is in place, the group said. The world body began issuing warnings in 2006 about financial imbalances leading to a global recession. The UN Trade and Development report is being held for release via print media until 6 p.m. London time. To contact the reporters on this story: Jonathan Tirone in Vienna at jtirone at bloomberg.net Last Updated: September 7, 2009 09:52 EDT From rforno at infowarrior.org Mon Sep 7 17:24:21 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Sep 2009 13:24:21 -0400 Subject: [Infowarrior] - Web-monitoring software gathers data on kid chats Message-ID: <8B89B409-AAC9-4D9A-AF77-3F3D8F15751C@infowarrior.org> Web-monitoring software gathers data on kid chats By DEBORAH YAO (AP) ? 2 days ago http://www.google.com/hostednews/ap/article/ALeqM5i5CjgMEdrwRm3JxeglUykMAHAYmAD9AGNVM00 Parents who install a leading brand of software to monitor their kids' online activities may be unwittingly allowing the company to read their children's chat messages ? and sell the marketing data gathered. Software sold under the Sentry and FamilySafe brands can read private chats conducted through Yahoo, MSN, AOL and other services, and send back data on what kids are saying about such things as movies, music or video games. The information is then offered to businesses seeking ways to tailor their marketing messages to kids. "This scares me more than anything I have seen using monitoring technology," said Parry Aftab, a child-safety advocate. "You don't put children's personal information at risk." The company that sells the software insists it is not putting kids' information at risk, since the program does not record children's names or addresses. But the software knows how old they are because parents customize its features to be more or less permissive, depending on age. Five other makers of parental-control software contacted by The Associated Press, including McAfee Inc. and Symantec Corp., said they do not sell chat data to advertisers. One competitor, CyberPatrol LLC, said it would never consider such an arrangement. "That's pretty much confidential information," said Barbara Rose, the company's vice president of marketing. "As a parent, I would have a problem with them targeting youngsters." The software brands in question are developed by EchoMetrix Inc., a company based in Syosset, N.Y. In June, EchoMetrix unveiled a separate data-mining service called Pulse that taps into the data gathered by Sentry software to give businesses a glimpse of youth chatter online. While other services read publicly available teen chatter, Pulse also can read private chats. It gathers information from instant messages, blogs, social networking sites, forums and chat rooms. EchoMetrix CEO Jeff Greene said the company complies with U.S. privacy laws and does not collect any identifiable information. "We never know the name of the kid ? it's bobby37 on the house computer," Greene said. What Pulse will reveal is how "bobby37" and other teens feel about upcoming movies, computer games or clothing trends. Such information can help advertisers craft their marketing messages as buzz builds about a product. Days before "Harry Potter and the Half-Blood Prince" opened in theaters on July 15, teen chatter about the movie spiked across the Internet with largely positive reactions. "Cool" popped up as one of the most heavily used words in teen chats, blogs, forums and on Twitter. The upbeat comments gathered by Pulse foreshadowed a strong opening for the Warner Bros. film. Parents who don't want the company to share their child's information to businesses can check a box to opt out. But that option can be found only by visiting the company's Web site, accessible through a control panel that appears after the program has been installed. It was not in the agreement contained in the Sentry Total Home Protection program The Associated Press downloaded and installed Friday. According to the agreement, the software passes along data to "trusted partners." Confidentiality agreements prohibit those clients from sharing the information with others. In recognition of federal privacy laws that restrict the collection of data on kids under 13, the agreement states that the company has "a parent's permission to share the information if the user is a child under age 13." Tech site CNet ranks the EchoMetrix software as one of the three best for parental control. Sales figures were not available. The Sentry and FamilySafe brands include parental-control software such as Sentry Total Family Protection, Sentry Basic, Sentry Lite and FamilySafe (SentryPC is made by a different company and has no ties with EchoMetrix). The Lite version is free. Others range from $20 to download and $10 a year for monitoring, to about $48 a year, divided into monthly payments. The same company also offers software under the brands of partner entities, such as AmberWatch Lookout. AmberWatch Foundation, a child-protection nonprofit group that licenses its brand to EchoMetrix, said information gathered through the AmberWatch-branded software is not shared with advertisers. Practically speaking, few people ever read the fine print before they click on a button to agree to the licensing agreement. "Unless it's upfront in neon letters, parents don't know," Aftab said. EchoMetrix, formerly known as SearchHelp, said companies that have tested the chat data using Pulse include News Corp.'s Fox Broadcasting and Dreamworks SKG Inc. Viacom Inc.'s Paramount Pictures recently signed on. None of those companies would comment when contacted by the AP. EchoMetrix has been losing money. Its liabilities exceeded its assets by nearly $25 million as of June 30, according to a regulatory filing that said there is "substantial doubt about the company's ability to continue as a going concern." To get the marketing data, companies put in keywords, such as the name of a new product, and specify a date range, into Pulse. They get a "word cloud" display of the most commonly used words, as well as snippets of actual chats. Pulse can slice data by age groups, region and even the instant-messaging program used. Pulse also tracked buzz for Microsoft Corp.'s "Natal," a forthcoming Xbox motion-sensor device that replaces the traditional button-based controller. Microsoft is not a client of Pulse, but EchoMetrix used "Natal" to illustrate how its data can benefit marketers. Greene said children's conversations about Natal were focused on its price and availability, which suggested that Microsoft should assure teens that there will be enough stock and that ordering ahead can lock in a price. Competing data-mining companies such as J.D. Power Web Intelligence, a unit of quality ratings firm J.D. Power and Associates, also trolls the Internet for consumer chats. But Vice President Chase Parker said the company does not read any data that's password-protected, such as the instant message sessions that EchoMetrix collects for advertisers. Suresh Vittal, principal analyst at Forrester Research, said EchoMetrix might have to make its disclosures more apparent to parents. "Are we in the safeguarding-the-children business or are we in the business of selling data to other people?" he said. If it's the latter, "it should all be done transparently and with the knowledge of the customer." Copyright ? 2009 The Associated Press. All rights reserved. From rforno at infowarrior.org Mon Sep 7 17:28:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Sep 2009 13:28:03 -0400 Subject: [Infowarrior] - UK Government spun 136 people into 7m illegal file sharers Message-ID: <0D8A0B18-C73A-4A13-9AB9-C867D9155516@infowarrior.org> How UK Government spun 136 people into 7m illegal file sharers http://www.pcpro.co.uk/news/351331/how-uk-government-spun-136-people-into-7m-illegal-file-sharers Posted on 4 Sep 2009 at 14:54 The British Government's official figures on the level of illegal file sharing in the UK come from questionable research commissioned by the music industry, the BBC has revealed. The Radio 4 show More or Less - which is devoted to the "often abused but ever ubiquitous world of numbers" - decided to examine the Government's claim that 7m people in Britain are engaged in illegal file sharing. The 7m figure comes from the Strategic Advisory Board for Intellectual Property, a Government advisory body. As if the Government taking official statistics directly from partisan sources wasn't bad enough, the BBC reporter Oliver Hawkins also found that the figures were based on some highly questionable assumptions The Advisory Board claimed it commissioned the research from a team of academics at University College London, who it transpires got the 7m figure from a paper published by Forrester Research. The More or Less team hunted down the relevant Forrester paper, but could find no mention of the 7m figure, so they contacted the report's author Mark Mulligan. Mulligan claimed the figure actually came from a report he wrote about music industry losses for Forrester subsidiary Jupiter Research. That report was privately commissioned by none other than the music trade body, the BPI. Fudged figures As if the Government taking official statistics directly from partisan sources wasn't bad enough, the BBC reporter Oliver Hawkins also found that the figures were based on some highly questionable assumptions. The 7m figure had actually been rounded up from an actual figure of 6.7m. That 6.7m was gleaned from a 2008 survey of 1,176 net-connected households, 11.6% of which admitted to having used file-sharing software - in other words, only 136 people. It gets worse. That 11.6% of respondents who admitted to file sharing was adjusted upwards to 16.3% "to reflect the assumption that fewer people admit to file sharing than actually do it." The report's author told the BBC that the adjustment "wasn't just pulled out of thin air" but based on unspecified evidence. The 6.7m figure was then calculated based on the estimated number of people with internet access in the UK. However, Jupiter research was working on the assumption that there were 40m people online in the UK in 2008, whereas the Government's own Office of National Statistics claimed there were only 33.9m people online during that year. If the BPI-commissioned Jupiter research had used the Government's online population figures, the total number of file sharers would be 5.6m. If the researchers hadn't adjusted their figures upwards, the total number of file sharers would be only 3.9m - or just over half the figure being bandied about by the Government. From rforno at infowarrior.org Tue Sep 8 03:29:22 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 7 Sep 2009 23:29:22 -0400 Subject: [Infowarrior] - Congress weighs landmark change in Web ad privacy Message-ID: <3194D343-FA28-4D7E-9ED4-E539148CE185@infowarrior.org> Congress weighs landmark change in Web ad privacy By JOELLE TESSLER The Associated Press Monday, September 7, 2009 10:15 AM http://www.washingtonpost.com/wp-dyn/content/article/2009/09/07/AR2009090700604_pf.html WASHINGTON -- The Web sites we visit, the online links we click, the search queries we conduct, the products we put in virtual shopping carts, the personal details we reveal on social networking pages - all of this can give companies insight into what Internet ads we might be interested in seeing. But privacy watchdogs warn that too many people have no idea that Internet marketers are tracking their online habits and then mining that data to serve up targeted pitches - a practice known as behavioral advertising. So Congress could be stepping in. Rep. Rick Boucher, D-Va., chairman of the House Energy and Commerce Subcommittee on Communications, Technology and the Internet, is drafting a bill that would impose broad new rules on Web sites and advertisers. His goal: to ensure that consumers know what information is being collected about them on the Web and how it is being used, and to give them control over that information. While Congress has waded into Internet privacy issues before, this measure could break new ground, as the first major attempt to regulate a nascent but fast-growing industry that represents the future of advertising. Boucher insists his bill will benefit consumers and preserve the underlying economics of the Internet, which relies on advertising to keep so much online content free. "Our goal is not to hinder online advertising," he said. "This will make people more likely to trust electronic commerce and the Internet." Although his proposal is still taking shape, Boucher is confident lawmakers will pass an online marketing privacy law of some sort. He is working with Cliff Stearns of Florida, the top Republican on the Internet subcommittee, as well as Rep. Bobby Rush, D-Ill., who chairs a separate subcommittee on consumer protection. Already, Washington's interest in Internet marketing has put online advertisers on notice. In July, the industry released a set of self- regulatory principles in an effort to head off concerns in Congress and the Federal Trade Commission. The FTC put out Internet ad guidelines early this year. Boucher's efforts have encouraged privacy activists, who point out that Internet surveillance has evolved beyond just data-tracking files, known as cookies, that Web sites place on visitors' computers. Technologies such as "deep packet inspection" can now monitor a user's every online move. "Consumers have no idea that they are being followed online and that their information is being compiled into invisible digital dossiers," said Jeffrey Chester, executive director of the Center for Digital Democracy, one of 10 privacy groups that recently issued recommendations for lawmakers. "There is an incredibly sophisticated, ever-advancing system for profiling online users." Chester believes several developments have put the issue on Washington's radar. Those include the rise of social networking sites that capture detailed personal information, like Facebook and MySpace; Google Inc.'s acquisition of the Internet ad service DoubleClick Inc.; and the proposed Internet search partnership between Microsoft Corp. and Yahoo Inc., now under review by the Justice Department. "Online privacy has finally taken off and become a serious political issue," Chester said. "A perfect digital storm has created momentum toward action." The challenge facing Washington, said Federal Trade Commission Chairman Jon Leibowitz, is to strike the right balance between "protecting the fundamental rights of consumers" and preserving "business equilibrium." Boucher's bill will seek a middle ground in a long-running debate over what the default assumptions should be when companies monitor consumers' online interests. On one side, privacy watchdogs say Web sites should be required to obtain user permission - that is, people would "opt in" - before collecting most data. On the other side, Web sites and advertisers insist such a mandate would overwhelm consumers with privacy notices. The companies argue that it is more practical to simply allow people who do not want to be tracked to "opt out" of data collection. Boucher expects to set different rules for different types of sites. Sites that collect visitor information in order to target advertising on their own pages, for instance, would have to offer consumers a chance to opt out of having their interests tracked. These sites would also be required to prominently disclose what information they collect and provide a detailed description of how that information is used. Web sites that deal with sensitive personal information, such as medical and financial data, sexual orientation, Social Security numbers and other ID numbers, would have to ask users to opt in to being tracked. Boucher's bill would not be the first significant online privacy law. In 1986, Congress passed the Electronic Communications Privacy Act, which placed privacy obligations on companies and organizations that offer e-mail services. The Children's Online Privacy Protection Act of 1998 requires commercial Web sites targeted at children under age 13 to obtain parental consent before collecting personally identifiable information. But the current bill would mark the first significant attempt by Congress to regulate Internet advertising. Marc Rotenberg, executive director of the Electronic Privacy Information Center, said there had been little need for Congress to impose privacy protections on advertisers offline, since traditional media such as TV, radio and newspapers don't enable marketers to profile individual consumers as easily as the Internet does. Now, Rotenberg said, "privacy laws should be updated to reflect new business practices." It's too soon to know whether Boucher's final bill will go far enough to satisfy privacy activists. But they agree that a law would do much more than the self-regulatory principles released by the Interactive Advertising Bureau (IAB), the Association of National Advertisers (ANA) and three other advertising trade groups in July. Among other things, those principles call for consumer education efforts and disclosure of behavioral advertising practices. ANA Executive Vice President Dan Jaffe said self regulation is the best approach for managing an industry evolving as quickly as online advertising. "Legislation would be too rigid because this is a moving target," Jaffe said. Mike Zaneis, IAB's vice president of public policy, added that self regulation is effective since it is in advertisers' interest to make sure consumers trust them. "At the end of the day, the most important asset any online company has is a strong relationship with the consumer," he said. Yet that's also why Chester insists that tougher rules from Congress would not cripple online advertising. Consumers might be more likely to favor Web sites that allow them to see and influence their personal data. "It's about treating consumers with respect," said Joseph Turow, a professor at the University of Pennsylvania's Annenberg School for Communication. "Companies keep saying they want to engage users. That means opening up and not sneaking behind someone's back to draw up pictures of them. We need information reciprocity." Turow added that while he supports opt-in mandates as "the ultimate form of respect," the debate over opt-in versus opt-out rules won't matter "when people really have an opportunity to interact with their data." For now, privacy activists are pinning their hopes on lawmakers. Evan Hendricks, editor of the Privacy Times newsletter, believes Boucher's bill will find bipartisan support in Congress. "This stands a very realistic chance of passage," he said. "Privacy is the kind of issue you can't be against." ? 2009 The Associated Press From rforno at infowarrior.org Tue Sep 8 18:45:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Sep 2009 14:45:48 -0400 Subject: [Infowarrior] - Windows 7 and BSOD Message-ID: Here we go again......the more things change, the more they stay the same!!! -rf Windows 7 when it ships next month will be vulnerable to an attack that hasn't been possible since 1999, a new vulnerability found by a security researcher shows. Sending a deliberately malformed network negotiation request can force a Windows 7 system into a page fault that triggers a "blue screen of death" error, even without the user's help in launching the code. The attack affects both 32-bit and 64-bit versions of the OS. http://legacy.macnn.com/articles/09/09/08/windows.7.returns.remote.bsod/ The write-up: Windows Vista/7 : SMB2.0 NEGOTIATE PROTOCOL REQUEST Remote B.S.O.D. http://seclists.org/fulldisclosure/2009/Sep/0039.html From rforno at infowarrior.org Thu Sep 10 04:17:54 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Sep 2009 00:17:54 -0400 Subject: [Infowarrior] - Pigeon transfers data faster than S. Africa's service provider Message-ID: <9B5B187A-0C80-40BC-8957-E7314371F98C@infowarrior.org> (c/o J) Pigeon transfers data faster than S. Africa's service provider Posted 8h 12m ago | Comments 2 | Recommend 1 http://www.usatoday.com/tech/news/2009-09-09-pigeon-faster_N.htm JOHANNESBURG (Reuters) ? A South African information technology company on Wednesday proved that it was faster for them to transmit data with a carrier pigeon than to send it using Telkom, the country's leading Internet service provider. Internet speed and connectivity in Africa's largest economy are poor because of a bandwidth shortage. It is also expensive. Local news agency SAPA reported the 11-month-old pigeon, Winston, took one hour and eight minutes to fly the 50 miles from Unlimited IT's offices near Pietermaritzburg to the coastal city of Durban with a data card was strapped to his leg. Including downloading, the transfer took two hours, six minutes and 57 seconds ? the time it took for only 4% of the data to be transferred using a Telkom line. SAPA said Unlimited IT performed the stunt after becoming frustrated with slow internet transmission times. The company has 11 call-centers around the country and regularly sends data to its other branches. Telkom could not immediately be reached for comment. Internet speed is expected to improve once a 17,000 km underwater fiber optic cable linking southern and East Africa to other networks becomes operational before South Africa hosts the soccer World Cup next year. Local service providers are currently negotiating deals for more bandwidth. Copyright 2009 Reuters Limited. From rforno at infowarrior.org Thu Sep 10 04:28:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Sep 2009 00:28:18 -0400 Subject: [Infowarrior] - AT&T Relents, Drops Paging Instructions from Voicemail Message-ID: <187A67BA-4557-45F3-AD8E-B0F3D14B47D0@infowarrior.org> AT&T Relents, Drops Paging Instructions from Voicemail I know the big news today is supposed to be Steve Jobs returning to the stage at Apple?s iPod announcements and all. But for me, the big news is this: As of today, AT&T has eliminated the most egregious portion of its mandatory, time-wasting voicemail instructions recording. You know that blast from 1975? The part that says, ?To page this person, press five now?? It?s gone. Nationwide. Because of you, dear readers, and all the complaints you?ve filed in the last five weeks. This is the first victory in our ?Take Back the Beep? campaign. That?s my crusade to pressure the cell carriers to eliminate those ridiculous, mandatory, airtime-eating, life-wasting recordings. The wheels of huge corporations usually turn very slowly, but AT&T managed to discuss, process and implement this change in just five weeks. Now, the truth is, the stupid recording isn?t completely gone. When you call an AT&T phone, you still hear ?At the tone, please record your message. When you are finished recording, press pound. You may then leave a callback number.? But the whole thing is only 8 seconds long, down from 12 or 15. Wheels are turning at T-Mobile on this issue. Sprint already lets you eliminate the entire recording. Verizon, characteristically, refuses to respond. But AT&T gets the credit for being the first to take a small, important step toward sanity. http://pogue.blogs.nytimes.com/2009/09/09/att-relents-drops-paging-instructions-from-voicemail/ From rforno at infowarrior.org Fri Sep 11 13:13:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Sep 2009 09:13:44 -0400 Subject: [Infowarrior] - More Music licensing quackery Message-ID: Music Licensing Harms The DVD Release Of A Classic TV Show http://techdirt.com/articles/20090910/0306546149.shtml "Part of the reason these shows are such classics was their use of timely and evocative music. It still boggles my mind that it should even require any additional licensing. The music was licensed for the show. The DVDs are simply the same show. The music was already licensed. Why should it need another license? And, even if you grant the idea that it should get the license, why would anyone not let that happen? Having the music in these shows is never going to harm the market for that music or those musicians. It can only serve to draw more attention to that music, especially for people nostalgic for the time when the show aired." From rforno at infowarrior.org Fri Sep 11 13:28:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Sep 2009 09:28:36 -0400 Subject: [Infowarrior] - Vegemite's Stone Age view of the Web Message-ID: <4165F42F-20F9-4057-AE39-5E183B441CBF@infowarrior.org> http://www.vegemite.com.au/vegemite/page?siteid=vegemite-prd&locale=auen1&PagecRef=332 "You may access and display the pages of the Site on a computer or a monitor, and print out for your personal use any whole page or pages of this Site. All other use, copying or reproduction of any part of this Site is prohibited (save to the extent permitted by law). Without limiting the foregoing, no part of this Site may be reproduced on any other internet site, and you are not authorised to redistribute or sell the material or to reverse engineer, disassemble, or otherwise convert it to any other form that people can use. You are also prohibited from linking the Site to another website in any way whatsoever." ...I wonder how many e-mail / web archive sites are going to be contacted by the Vegemite-brained lawyers who discuss such corporate idiocy? I bet these folks still believe in the Tooth Fairy, too! Incidentally, I used "View Source" in Firefox to see how they did their site layout....does that mean I've reverse-engineered their site? (c/o Boingboing - http://www.boingboing.net/2009/09/10/vegemites-stupid-and.html) From rforno at infowarrior.org Fri Sep 11 16:44:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Sep 2009 12:44:34 -0400 Subject: [Infowarrior] - Microsoft sets up open-source foundation Message-ID: Microsoft sets up open-source foundation by Chris Duckett http://news.cnet.com/8301-10805_3-10350671-75.html?part=rss&subj=news&tag=2547-1_3-0-20 Microsoft has created the nonprofit CodePlex Foundation to target increased communication between open-source communities and software companies. Citing an under-representation of commercial software companies and their employees in open source, the CodePlex Foundation aims to work with particular projects to bridge the gap between the open-source and commercial worlds. The Redmond giant has contributed $1 million to the foundation and has filled out its board and advisory panel with many Microsoft staffers, including Sam Ramji, who is leaving Microsoft as its open-source point man but is also becoming CodePlex Foundation's interim president. Unlike other open-source foundations, such as the Mozilla Foundation and GNOME Foundation, the foundation said on its Web site that it intends to address the full spectrum of software projects. This is an unexpected and interesting move from Redmond. Don't think that this is completely like other open-source foundations that you may be used to, though. Take this line from the Codeplex Foundation FAQ: "We wanted a foundation that addresses a full spectrum of software projects, and does so with the licensing and intellectual property needs of commercial software companies in mind." Add to this that the About page states that companies will contribute code, not patents, and that is what I think will stop the existing open-source community from going anywhere near the CodePlex Foundation. I can't see any patent-encumbered CodePlex project being accepted into, or contributing code into, any large existing open-source project while still having the patent specter looming overhead--it's something that the open-source community has tried to avoid whenever possible. But this is probably not that audience that the foundation is aiming for--it's more likely to target purely Microsoft companies/developers and attempt to get them to open up a little. Allowing these companies to keep their patents will make it easier for them to engage in the Microsoft ecosystem but not in the wider open source world. Chris Duckett of ZDNet Australia reported from Sydney. From rforno at infowarrior.org Sat Sep 12 16:02:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Sep 2009 12:02:35 -0400 Subject: [Infowarrior] - quick note ref credit cards Message-ID: <72B73721-B7C9-43CA-AFC4-706E0ABDFAD9@infowarrior.org> A warning to fellow Netizens -- I just saw an economic news segment on MSNBC Saturday where the camera zoomed in and one could clearly read the entire front of a shopper's AMEX Platinum Card. As more and more news programs are doing stories on consumer spending and shopping and their focus (rightly or wrongly) begins turning towards 'recovery' these stories frequently show folks making purchases with credit cards at cash registers in retail stores. It may sound conspiratorial, but folks may want to be aware of this potential risk and take steps to reduce the chances that their credit card number, expiration date, and name on the card are compromised through the lens of a TV news camera by ensuring their credit cards are not 'exposed' for too long a time when paying for stuff in stores. Just a friendly thought. -rf From rforno at infowarrior.org Sun Sep 13 01:12:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Sep 2009 21:12:03 -0400 Subject: [Infowarrior] - For Coast Guard and CNN, an Exercise in Embarrassment Message-ID: <211534E2-2FC0-4EFC-8999-A2FDA81E24CF@infowarrior.org> For Coast Guard and CNN, an Exercise in Embarrassment By Dana Milbank Washington Post Staff Writer Saturday, September 12, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/09/11/AR2009091102802_pf.html It has been eight years since the terrorists struck, but the fog of war has yet to dissipate. Sept. 11, 2009, 10:04 a.m.: President Obama was returning to the White House from a 9/11 memorial event at the Pentagon. CNN was broadcasting from the Flight 93 memorial in Shanksville, Pa., when anchor Heidi Collins broke in with alarming news -- the Coast Guard had "engaged" a boat on the Potomac near the Pentagon. "We have seen at least one boat come up the Potomac and challenge the Coast Guard," reported CNN's Jeanne Meserve, as the network showed a gloomy, long-range image of the river with the caption "Coast Guard fires on boat on Potomac River." The Coast Guard, Meserve said, "sent a transmission saying they expended 10 rounds." Gunfire on the Potomac! Near the Pentagon! On 9/11! Federal Aviation Administration officials, watching the scene on CNN, ordered a ground stop at nearby Reagan National Airport. About 10 police cars sped to the scene, between the Memorial and 14th Street bridges. Officials at Coast Guard headquarters didn't seem to know what was going on. The media-industrial complex began to turn its gears. Seven minutes after the CNN report, the Reuters news service issued a bulletin: "Coast Guard Fired on Suspicious Boat on Potomac River in Central Washington, DC.--CNN." Not to be outdone, CNN arch-nemesis Fox News interrupted its broadcast with the "breaking news" that a "U.S. Coast Guard ship of some type fired on what is considered a suspicious boat in the Potomac River." By that time, CNN had Bush administration homeland security adviser Frances Fragos Townsend on air, talking about how "it is very unusual." Unusual, indeed. Particularly because there were no intruders, no suspicious boats, no guns and no shots. After half an hour of chaos, red-faced Coast Guard officials explained that they had undertaken a routine training exercise -- the sort that occur on the river about four times a week. Somebody overheard the Coast Guard's radio communication and -- evidently missing the words "this is a drill" and the words "bang, bang, bang" in the place of actual gunfire -- mistook it for the real thing. The result was the biggest government-induced security scare since the Pentagon flew an Air Force One look-alike low over Manhattan for a photo op earlier this year. The Coast Guard managed to eclipse an October 2005 incident in which hundreds of Washingtonians feared an attack because they didn't know the Kennedy Center was having a fireworks show. On the eighth anniversary of the terrorist strikes, the Coast Guard incident served as an unwelcome reminder of two facts of life in the capital: Homeland security authorities continue to bear an occasional, unnerving likeness to Keystone Kops, and the cable-news-driven, minute- by-minute news cycle has a unique ability to sow mass confusion and misinformation. At noon, Vice Adm. John Currier, the Coast Guard's chief of staff, stepped out of his service's headquarters, ready to explain why it was a good idea to hold a terrorist-apprehending exercise involving simulated gunfire right near the Pentagon on Sept. 11, around the time the president was in the area. "This was a pre-planned, normal planning exercise," Currier explained, as if it had happened on, say, Sept. 10. Yes, "bang-bang was verbalized on the radio." No, the Secret Service was not notified. No, the Coast Guard couldn't possibly have done the drill in a less sensitive place on the river. Yes, it's quite possible they said on the radio that "I've expended x number of rounds." Was Sept. 11 really the best day for this? "We will look at our procedures and our timing of this exercise," Currier allowed, but commanders saw no reason to postpone what was supposed to be a "low-profile" drill that became rather more. The admiral said no apology would be made for the "unfortunate" situation, but he held out hope for what Obama might call a teachable moment. "This is very instructive for us," Currier said. "We're going to review our own protocols, our own procedures. . . . We may even ask some of you for advice on how we can preclude this type of thing from happening again." Here's some advice: Don't pretend to shoot terrorists near the Pentagon on Sept. 11 with the president nearby. This, in turn, would have prevented considerable embarrassment at CNN, which spent more than half an hour speculating ominously about the scene on the Potomac. "This is pretty incredible," said anchor Collins. Said Meserve: "People seem intent on trying to violate that zone. For what purpose we can't possibly say, but the Coast Guard is putting up a defense." She tried to identify on-screen "which boats are Coast Guard boats and which are the intruder." Townsend contributed: "If you go past the shot we're looking at now and go closer to the Pentagon, you're even in a better position if you wanted to launch some sort of an attack from the water on the Pentagon," so "it really is understandable both why the temporary restrictive zone is there and why the Coast Guard is so aggressive about protecting it today." From the Pentagon, CNN correspondent Barbara Starr spoke of the "unsettling" possibility that the bad guys were surrounded and a chase would ensue. Finally, after much more of this, Meserve returned with the news that other media outlets had already reported: Never mind. It was a "training exercise." For all concerned. From rforno at infowarrior.org Sun Sep 13 15:42:31 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Sep 2009 11:42:31 -0400 Subject: [Infowarrior] - TI calculator DRM broken Message-ID: All TI Signing Keys Factored http://www.ticalc.org/archives/news/articles/14/145/145273.html Now users can load any software they want on the hardware they have purchased http://www.unitedti.org/index.php?s=b9f9472e3dedfdd5fcf5eaf43394ad0c&showtopic=8888&st=240 Here is the key: Yesterday, 01:32 PM Post #248 Ladies and gentlemen, let me announce you that this day, 12. September 2009 will be known as day, when our calculators were allowed to use any operating system and any application we want. After 6 weeks of hard work of many people, after (according to my rough estimation) 1,000,000,000,000,000,000 operations that our computers performed, after immesurable effort of this community, we have achieved this incredible milestone. We can celebrate now, because all work has been done and all keys has been factored. Here is the last one (timestamp): 1737151761871919686367410157184490073789363408174753463469806788671094736709 * 4941127540420796870145714715557564815593619760969920785035639648699409500782737 = 85834884124758523393419906059162899739748622544146005879173063198653028871106031 66683421501058782847742563604085967034787577633652983629030320016427392533 Thanks everybody for participating and making this possible. From rforno at infowarrior.org Mon Sep 14 04:24:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Sep 2009 00:24:35 -0400 Subject: [Infowarrior] - Info on Malware Ad on NYTimes.com Message-ID: Anatomy of a Malware Ad on NYTimes.com In geeky on September 13, 2009 at 6:59 PM On Saturday evening, Avast displayed a malware warning as I loaded a nytimes.com article. After some digging, here?s the malware I found.... < - > http://troy.yort.com/anatomy-of-a-malware-ad-on-nytimes-com From rforno at infowarrior.org Mon Sep 14 13:58:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Sep 2009 09:58:14 -0400 Subject: [Infowarrior] - Pew Report: Media Accuracy hits 20yr low Message-ID: <78549CB9-E7A6-48C1-A87D-F5DBA29C33C2@infowarrior.org> September 13, 2009 Press Accuracy Rating Hits Two Decade Low Public Evaluations of the News Media: 1985-2009 The public?s assessment of the accuracy of news stories is now at its lowest level in more than two decades of Pew Research surveys, and Americans? views of media bias and independence now match previous lows. Just 29% of Americans say that news organizations generally get the facts straight, while 63% say that news stories are often inaccurate. In the initial survey in this series about the news media?s performance in 1985, 55% said news stories were accurate while 34% said they were inaccurate. That percentage had fallen sharply by the late 1990s and has remained low over the last decade. < - > http://people-press.org/report/543/ From rforno at infowarrior.org Mon Sep 14 17:24:52 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Sep 2009 13:24:52 -0400 Subject: [Infowarrior] - Public Opposition Drives Down Redflex Profit Margin Message-ID: <397987B5-C88B-4C5F-BB7A-144A54B26CA1@infowarrior.org> Anyone who feels sorry for this company, please raise your hand.....anybody? Thought so!!!! -rf Public Opposition Drives Down Redflex Profit Margin Photo enforcement vendor Redflex is losing millions as a result of public opposition to automated ticketing. http://www.thenewspaper.com/news/28/2879.asp The largest provider of red light camera and speed camera services in the US admitted yesterday that public opposition has begun to affect the bottom line. In an announcement to the Australian Securities Exchange (ASX), Melbourne-based Redflex Traffic Systems reported a nine percent drop in net profit for the year ended June 30, 2009. This has come about in part as motorists increasingly refuse to pay automated fines and use public pressure to force cities to eliminate photo enforcement programs. "We have been adversely affected by reduced collection rates on some of our US contracts, write-downs on several contracts that have not been renewed, extended start-up difficulties with a major state-wide speed contract in Arizona and costs in dealing with litigation and legislative issues," a Redflex statement explained. "These and other factors have affected profitability for the year." Reduced collections have cost the company A$2.2 million this year. Motorists in Arizona and Virginia, for example, have become increasingly aware that they may throw away any automated camera ticket received in the mail. Both states require personal service for any citation to be valid. To offset this loss, Redflex added another 394 red light cameras and speed cameras in the US market. This helped increase the amount of money extracted from American motorists by 61 percent to $114,543,000 this year -- despite the net decrease in profit over the previous year. Of all its contracts, the Arizona photo enforcement contract has proved the most problematic as intense public protest forced lawmakers to limit speed camera deployment. Redflex has lost $2.3 million on this contract to date. "The program has encountered a number of difficulties," Redflex explained. "Despite initial expectations of installing 40 mobile and 60 fixed units, the installations have been held to 40 mobile and 36 fixed at this stage. We are hopeful of installing the additional 24 systems in the future but do not have a committed timeframe at this stage. Initially, deployments of the mobile units were limited in time and were constrained to less than ideal locations." Those additional deployments may never happen as the group CameraFraud.com continues to collect signatures for a statewide initiative that would ban all photo ticketing. Arizona is not the only jurisdiction where Redflex faces trouble. Redflex boasted that it had signed 49 new ticketing contracts, but the list provided to investors was somewhat deceptive. Among the "new contract" cities, Redflex counted Sulphur, Louisiana and Heath, Ohio. In April, a stunning 86 percent of voters ordered the camera program to be shut down. Heath voters will have the same opportunity in November after a group of citizens gathered signatures to force a referendum. So far, the write downs on closed contracts cost the company $1.6 million. Redflex also highlighted its contract renewal with Santa Ana, California even though a Superior Court judge has ruled that the Redflex program is "illegal and void" (view ruling). The legal troubles do not end with motorists fighting photo ticketing. In fact, Redflex is involved in litigation with other photo enforcement companies. So far this year, that suit has cost Redflex $815,000. A failed attempt to entice investors to buy out Redflex cost another $438,000. The biggest loss in future earnings potential has come as a number of states shut the door on photo ticketing in 2009. After the legislatures in Maine, Mississippi and Montana acted, Redflex had to pull the plug on a number of planned red light camera and speed camera programs. From rforno at infowarrior.org Mon Sep 14 17:26:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Sep 2009 13:26:41 -0400 Subject: [Infowarrior] - Copyright law threatening privacy Message-ID: <66692776-A207-4584-B068-8B7EAB00AF0C@infowarrior.org> Copyright law threatening privacy By Kris Kotarski, Calgary HeraldSeptember 7, 2009 http://www.calgaryherald.com/technology/Copyright%20threatening/1969025/story.html On Dec. 13, 1981, Poland's communist government declared martial law to put down the Solidarity movement. Telephone lines went silent across the country, and once service was restored, each time anyone picked up the telephone they were greeted with a voice: "Rozmowa Kontrolowana." "This conversation is being monitored." Since telephone service was still a rare privilege in a country where the political establishment feared citizen-to-citizen communication, some could shrug their shoulders because it did not directly apply to them. When, days later, the government set up regional censorship offices to read everyone's mail, shrugging one's shoulders ceased to be an option. Not quite 30 years have passed, and tales like these remain common, from the Egyptian government's efforts to register and track users at Internet cafes, to Iranian government agents showing up on Twitter this spring to intimidate protesters. That dictatorships treat their citizens this way is no surprise. What is surprising is that democracies are beginning to do the same. It is increasingly apparent that modern copyright law is utterly and completely incompatible with the right to privacy. This is at the core of the Pirate movement in Europe which broke through to elect its first members of the European Parliament this summer, and the Pirate Party of Canada, which is collecting signatures on its website to register as an official political party as we speak. While the name may sound a little humorous, the cause is very serious indeed. Whether you spend a lot of time online or not, the Pirate movement aims to keep the bounds of your and your children's relationship with their government in a reasonable place, and to make certain that the balance between citizen rights and the bottom line does not tilt in the wrong direction. What has changed? Before home computers, compact discs and Internet file sharing, it was conceivable for copyright laws to be enforced in a manner that did not bring the state to any-one's doorstep. If there was an illegal copy of a book in a bookshop, one could report it to the authorities. If someone brought a video camera into a theatre or a concert, they could be readily seen. Given today's technological realities, this is no longer the case. If we look at legislation that either exists or is tabled across the Western world, sending a song to a friend by e-mail is a crime. Posting even a short clip of a copyrighted video on a message board for one's friends risks a fine whether the message board is public or not, and taping a television show and passing the tape to your mom or dad may be illegal as well. No one likes stealing, but the problem lies in the fact that current copyright laws are completely unenforceable unless the government or industry groups start to read every e-mail and analyze every form of online communication done by citizens. Think "Rozmowa Kontrolowana," every time you sit down to write an e- mail. Think Egypt, Burma or China, with your government openly reading your mail looking for a reason to charge you with a crime. Lobbying groups representing those who rely on the existing copyright regime for their business models have been fighting tooth-and-nail for such regulations. Canada's Bill C-61, which died a deserved death because of the last federal election, is our homegrown example, and there are many more across the Western world. Such efforts aim to turn what citizens do in the privacy of their homes into criminal offences, and to compel enforcement, they aim to make Internet service providers (ISPs) liable for what users do with their Internet connections (just imagine your local grocer being held legally liable for selling a tomato that was thrown at a politician). This would help certain industry groups protect their bottom line. It would also destroy the sphere of private interaction and the right to private communication, something that is absolutely crucial to a well- functioning democracy. Rick Falkvinge, the entrepreneur who founded Sweden's Pirate Party, said it best when speaking in front of Google employees in 2007. "If copyright is to be enforced in this new environment, that means law enforcement and corporate interest groups must monitor every one and zero that leaves my computer and that includes looking at the letters to my lawyer, and doctor and wife. "I'm frankly not prepared to give them that right." Are you? kkotarski at gmail.comtwitter.com/kotarski ? Copyright (c) The Calgary Herald From rforno at infowarrior.org Mon Sep 14 19:11:03 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Sep 2009 15:11:03 -0400 Subject: [Infowarrior] - OpEd: Dylan Ratigan on the Economy Message-ID: <7669EFDB-1B1D-4FEA-9B16-539C3876EA7F@infowarrior.org> (Ratigan departed CNBC last spring under circumstances many believe were not he result of his contract coming up for renewal but because he started speaking out against what he was seeing from his perch at CNBC. --rf) Americans Have Been Taken Hostage Dylan Ratigan Host of "Morning Meeting with Dylan Ratigan" on MSNBC Posted: September 13, 2009 11:28 PM http://www.huffingtonpost.com/dylan-ratigan/americans-have-been-taken_b_285225.html The American people have been taken hostage to a broken system. It is a system that remains in place to this day. A system where bank lobbyists have been spending in record numbers to make sure it stays that way. A system that corrupts the most basic principles of competition and fair play, principles upon which this country was built. It is a system that so far has forced the taxpayer to provide the banks with the use of $14 trillion from the Federal Reserve, much of the $7 trillion outstanding at the US Treasury and $2.3 trillion at the FDIC. A system partially built by the very people who currently advise our President, run our Treasury Department and are charged with its reform. And most stunningly -- it is a system that no one in our government has yet made any effort to fundamentally change. Like health care, this is a referendum on our government's ability to function on behalf of the American people. Ask yourself how long you are willing to be held hostage? How long will you let our elected officials be the agents of those whose business it is to exploit our government and the American people at any cost? As hostages -- was there any sum of money we wouldn't have given AIG? Why did we pay Goldman Sachs and all the other banks 100 cents on the dollar for their contracts with AIG, using taxpayer money, while we forced GM and others to take massive payment cuts? Why hasn't any of the bonus money paid to the CEOs that built this financial nuclear bomb been clawed back? And more than anything else -- why does the US Congress refuse to outlaw the most anti-competitive structure known to our economy, one summed up as TOO BIG TOO FAIL? It has become startlingly clear that we as a country, and I as a journalist, had made a grave error in affording those who built and ran those banks and insurance companies the honorable treatment of being called capitalists. When in fact the exact opposite was true, these people were more like vampires using the threat of Too Big Too Fail to hold us hostage and collect ongoing ransom from the US Government and the American taxpayer. This was no unlucky accident. The massive spike in unemployment, the utter destruction of retirement wealth, the collapse in the value of our homes, the worst recession since the Great Depression all resulted directly from these actions. Even with all that -- the only changes that have been made, have been made to prop up and hide the massive flaws on behalf of those who perpetuated them. Still utterly nothing has been done to disclose the flaws in this system, improve it or rebuild it. Last fall was an awakening for me, as it was for many in our country. And yet, our Congress has yet to open its eyes, much less do anything about it. In fact conditions have never been better for the banks or worse for the rest of us. Why is this? Who does our Government work for? How much longer will we as Americans tolerate it? And what, if anything, can we do about it? As we approach the anniversary of the bailouts for our banks and insurers -- and watch the multi-trillion taxpayer-funded programs at the Federal Reserve continue to support banks and subsidize their multibillion bonus pools, we must ask if our politicians represent the interests of America? Or those who would rob America of its money and its future? As a country, we must demand that our politicians stop serving those whose business models are based on systemic theft and start serving those who seek to create value for others -- the workers, innovators and investors who have made this country great. From rforno at infowarrior.org Mon Sep 14 20:51:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Sep 2009 16:51:48 -0400 Subject: [Infowarrior] - Patch Tuesday, meet Seizure Sunday Message-ID: <5BAECA66-6504-41B5-A8E5-AE2C697629CC@infowarrior.org> (c/o Anonymous) http://www.usdoj.gov/usao/eousa/foia_reading_room/usab5601.pdf (page 11) "Many in the forensic community and crime fighting world have been buzzing about Microsoft's new operating system, Vista, its new encryption utility, BitLocker, and the implications it will have on computer forensics and cybercrime fighting.... By default, defrag is scheduled to execute every Wednesday at 3 a.m. Law enforcement should take into consideration that most users do not modify the default settings of the defrag launch. Consequently, it may be advantageous to execute search warrants prior to Wednesday evenings." From rforno at infowarrior.org Mon Sep 14 21:15:02 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Sep 2009 17:15:02 -0400 Subject: [Infowarrior] - DOD announces new IS access to Help Fusion Centers Combat Terrorism Message-ID: DoD Announces New Information-Sharing Access to Help Fusion Centers Combat Terrorism http://www.defenselink.mil/releases/release.aspx?releaseid=12974 The Departments of Defense (DoD) and Homeland Security (DHS) today announced an initiative to grant select state and major urban area fusion center personnel access to classified terrorism-related information residing in DoD?s classified network. Under this initiative, select fusion center personnel with a federal security clearance will be able to access specific terrorism-related information resident on the DoD Secret Internet Protocol Router Network (SIPRNet)?a secure network used to send classified data. This classified data will be accessed via DHS? Homeland Security Data Network (HSDN). DHS will be responsible for ensuring that proper security procedures are followed. ?With this action, DoD continues its work in supporting states and localities who are leading our efforts to secure the nation from domestic terrorism attacks, said Assistant Secretary of Defense for Homeland Defense and Americas? Security Affairs Paul N. Stockton. ?We look forward to exploring other opportunities where DoD can help our state and local partners effectively defeat terrorism.? ?This initiative reflects the federal government?s strong commitment to improve information sharing with our state, local, and tribal partners,? said DHS Acting Under Secretary for Intelligence and Analysis Bart R. Johnson. ?Fusion centers are a critical part of our national security enterprise, and this new tool enables federal agencies to share information with these partners while utilizing our advanced technical capabilities for secure information sharing.? This joint initiative will promote collaboration between DHS, DoD and other federal departments and agencies, enabling the trusted and secure exchange of terrorism-related information in order to detect, deter, prevent and respond to homeland security threats. State and major urban area fusion centers provide critical links for information sharing between and across all levels of government, and help fulfill key recommendations of the 9/11 Commission. This initiative will serve as a valuable resource to enhance situational awaeness and support more timely and complete analysis of national security threats. Increasing the breadth of law enforcement that have access to terrorism-related data will further improve the ability of fusion centers to prevent, detect, deter, and respond to terrorist attacks, and advance the combined missions of DHS and DoD to protect the nation?s security. DHS and DoD remain committed to protecting privacy and civil liberties as well as data and networks in an increasingly vulnerable cyber environment. From rforno at infowarrior.org Tue Sep 15 01:10:25 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Sep 2009 21:10:25 -0400 Subject: [Infowarrior] - Report: Kramer Is Top Candidate For Cyber Post Message-ID: <1C39BA1E-DC27-4433-822D-9A226D33B5DC@infowarrior.org> Franklin Kramer Is Top Candidate For Cyber Post http://politics.theatlantic.com/2009/09/franklin_kramer_is_top_candidate_for_cyber_post.php Franklin Kramer, a former assistant secretary of defense and well- regarded cyber security consultant, has been interviewed by several senior White House officials in recent weeks, fueling speculation that he is the leading candidate for the administration's top cybersecurity post. Reuters reported today that Kramer was the "leading" candidate, citing a senior administration official. Reached today in Washington, Kramer declined to comment. In testimony before the House Armed Services Committee in 2005, Kramer said said that cyber security "is best thought of as part of national security--geo-political and economic, of which technical security is only a limited, though important, part." That jibes with the way the White House conceives of the problem. Kramer has called for a "cyber policy council " along the lines of the National Economic Council and for a "cyber corps," an interagency, multidisciplinary force that could "integrate influence, attack, defense, and exploitation in the operational arena." Kramer has also advocated a full and open dialog with Americans about the tradeoffs inherent in securing cyberspace. After leaving government in 2001 -- he was assistant secretary of defense for international security affairs from 1996 to 2001 -- Kramer became a technology consultant and a lawyer, at the firm of Shea & Gardner in Washington, D.C. From 2004 to 2006, Kramer earned $416,000 worth of defense contracts. Kramer has published widely on cybersecurity, and co-authored a foundational policy text, "Cyberpower and National Security," when he was a distinguished research fellow at the National Defense University. Since 2007, Kramer has worked as an adviser for a private international investment firm. Speaking at a technology summit in Washington today, a White House official said that the new cyber "czar" would be unveiled soon but would not identify the person. A White House spokesman, Nick Shapiro, declined to comment. From rforno at infowarrior.org Tue Sep 15 12:09:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Sep 2009 08:09:20 -0400 Subject: [Infowarrior] - Google 'Flip' being tested Message-ID: <3C3974BB-E678-4AFC-A637-2930CE96AEFE@infowarrior.org> Google hopes readers will 'flip' over new format ? By MICHAEL LIEDTKE, AP Technology Writer - Tue Sep 15, 2009 7:28AM EDT http://tech.yahoo.com/news/ap/20090915/ap_on_hi_te/us_tec_google_news_flipper SAN FRANCISCO - Google Inc. is testing a new format that is supposed to make reading online stories as easy as flipping through a magazine, a shift that eventually could feed more advertising sales to revenue-starved publishers. The Internet search leader unveiled the experiment, called "Fast Flip," Monday at a conference hosted by TechCrunch, a popular blog. The service is meant to duplicate the look and feel of perusing a printed publication. The stories are displayed on electronic pages that can be quickly scrolled through by clicking on large arrows on the side instead of a standard Web link that requires waiting several seconds for a page to load. Readers can sort through content based on topics, favorite writers and publications. For now, Fast Flip will only show the first page of a story. Readers who want to continue will have to click through to the publisher's site, where the display reverts to a traditional Web page. More than three dozen publishers, broadcasters and Web-only outlets have agreed to share their content on Fast Flip. The participants include two major newspapers, The New York Times and the Washington Post, as well as large magazines like Newsweek and BusinessWeek. The publishers providing the stories to Fast Flip will get most of the revenue from the ads that Google intends to show in the new format. That's a switch from Google's main search page and its news section, where the Mountain View-based company keeps all the money from ads shown alongside headlines and snippets from stories. Fast Flip is the latest step that Google has taken to improve its relationship with newspaper and magazine publishers, many of whom have railed against the company for profiting from their articles without sharing the wealth. The acrimony has escalated as a three-year decline in the print medium's ad revenue accelerated during the past year. The newspaper industry's ad sales plunged 29 percent during the first half this year while Google's crept up 4 percent. In another example of cooperation, Google recently offered to help newspaper publishers set up a system to charge readers for access to parts of their Web sites. While the notion of Google funneling more sales to publishers is appealing, news executives also want to ensure that Fast Flip doesn't become too popular. Publishers still want readers to come to their Web sites, where they can sell ads without giving Google a piece of the action. "It's a balancing act," said Martin Nisenholtz, who oversees The New York Times Co.'s digital operations. "(Fast Flip) has a richer interface, which is part of its appeal. But creating a powerful new aggregator is not in the Times' interest." The Times Co.'s online operations are among the newspaper industry's most successful, with Internet ad sales of $136 million during the first half of this year. Fast Feed won't be a big moneymaker right away. As a test service, it's starting out in Google's "Labs" department, a part of the Web site that doesn't get heavy use like the main search engine and the standard news section. Google, though, is hoping Fast Flip will make reading online more enjoyable. If that happens, Google should be able to show more ads to more people, with most of the money going to publishers, said Krishna Bharat, the inventor of the search engine's news section. "The publishing industry is facing a number of challenges right now, and there is no silver bullet," Bharat said. "We think increasing the viewing engagement is part of the solution." ___ On The Net: http://fastflip.googlelabs.com From rforno at infowarrior.org Tue Sep 15 12:12:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Sep 2009 08:12:16 -0400 Subject: [Infowarrior] - =?windows-1252?q?_Creative_Commons_Publishes_Stud?= =?windows-1252?q?y_of_=93Noncommercial_Use=94?= Message-ID: <9CC99324-61F4-4E02-BED0-C14D25213261@infowarrior.org> Creative Commons Publishes Study of ?Noncommercial Use? Mike Linksvayer, September 14th, 2009 San Francisco, California, USA ? September 14, 2009 http://creativecommons.org/press-releases/entry/17721 Creative Commons announces the publication of Defining ?Noncommercial?: A Study of How the Online Population Understands ?Noncommercial Use.? The report details the results of a research study launched in September 2008 to explore differences between commercial and noncommercial uses of content found online, as those uses are understood by various communities and in connection with a wide variety of content. Generous support for the study was provided by the Andrew W. Mellon Foundation. The study investigated understandings of noncommercial use and the Creative Commons ?NC? license term through online surveys of content creators and users in the U.S., open access polls of global ?Creative Commons Friends and Family,? interviews with thought leaders, and focus groups with participants from around the world who create and use a wide variety of online content and media. The research behind Defining ?Noncommercial? was conducted by Netpop Research, under advisement from academics and a working group consisting of several Creative Commons jurisdiction project members as well as Creative Commons staff and board members. Creative Commons provides free copyright licenses to creators who want to grant the public certain permissions to use their works, in advance and without the need for one-to-one contact between the user and the creator. ?Noncommercial? or ?NC? is one of four license terms that creators may choose to apply to CC-licensed content. Creative Commons noncommercial licenses preclude use of a work ?in any manner that is primarily intended for or directed toward commercial advantage or private monetary compensation.? The majority of respondents (87% of creators, 85% of users) replied that the definition was ?essentially the same as? (43% of creators, 42% of users) or ?different from but still compatible with? (44% of creators, 43% of users) theirs. Only 7% of creators and 11% of users replied that the term was ?different from and incompatible with? their definition. Other highlights from the study include the rating by content creators and users of different uses of online content as either ?commercial? or ?noncommercial? on a scale of 1-100, where 1 is ?definitely noncommercial? and 100 is ?definitely commercial.? On this scale, creators and users (84.6 and 82.6, respectively) both rate uses in connection with online advertising generally as ?commercial.? However, more specific use cases revealed that many interpretations are fact- specific. For example, creators and users gave the specific use case ?not-for-profit organization uses work on its site, organization makes enough money from ads to cover hosting costs? ratings of 59.2 and 71.7, respectively. On the same scale, creators and users (89.4 and 91.7, respectively) both rate uses in which money is made as being commercial, yet again those ratings are lower in use cases specifying cost recovery or use by not-for-profits. Finally, both groups rate ?personal or private? use as noncommercial, though creators did so less strongly than users (24.3 and 16.0, respectively, on the same scale). In open access polls, CC?s global network of ?friends and family? rate some uses differently from the U.S. online population?although direct empirical comparisons may not be drawn from these data. For example, creators and users in these polls rate uses by not-for-profit organizations with advertisements as a means of cost recovery at 35.7 and 40.3, respectively?somewhat more noncommercial. They also rate ?personal or private? use as strongly noncommercial?8.2 and 7.8, respectively?again on a scale of 1-100 where 1 is ?definitely noncommercial? and 100 is ?definitely commercial.? ?As more people have begun to make, share, and use content online, the question of what constitutes a ?commercial use? versus a ?noncommercial use? has become increasingly important to understand,? said Josh Crandall, President of Netpop Research. ?With this study, we were particularly interested to see that?contrary to what many might believe?there is little variation between creators and users in the perceived ?commerciality? of particular uses of copyrighted content. Furthermore, where they do differ, users tend to have a more conservative outlook than creators. This study provides useful data and perspectives?from both members of the general public and people who work closely in the world of copyright?that can help people begin to think more clearly about the issue.? The study report and its associated data are available at http://wiki.creativecommons.org/Defining_Noncommercial , where members of the public can contribute feedback about the report. Defining ?Noncommercial? is published under a Creative Commons Attribution license, and the research data is available under a CC0 public domain waiver. ?We?re excited that the results of this important project will be available for all kinds of uses?including commercial use?by anyone,? said Joi Ito, CEO of Creative Commons. ?We encourage researchers and our community to use what we?ve done and expand this investigation further, building upon the data we collected and incorporating more perspectives from Creative Commons adopters worldwide.? In the next years, possibly as soon as 2010, Creative Commons expects to formally launch a multi-year, international process for producing the next version (4.0) of the six main Creative Commons licenses. This process will include examination of whether the noncommercial definition included in licenses with the NC term should be modified or if other means of clarifying noncommercial use under the CC licenses should be pursued. The results of Defining ?Noncommercial? and subsequent research will be an important thread informing this process. About Creative Commons Creative Commons is a not-for-profit organization, founded in 2001, that promotes the creative re-use of intellectual and artistic works, whether owned or in the public domain. Through its free copyright licenses, Creative Commons offers authors, artists, scientists, and educators the choice of a flexible range of protections and freedoms that build upon the ?all rights reserved? concept of traditional copyright to enable a voluntary ?some rights reserved? approach. Creative Commons was built with and is sustained by the generous support of organizations including the Center for the Public Domain, Google, the John D. and Catherine T. MacArthur Foundation, the Mozilla Foundation, Omidyar Network, Red Hat, and the William and Flora Hewlett Foundation, as well as members of the public. For more information about supporting Creative Commons, please contact development at creativecommons.org . About Netpop Research, LLC Netpop Research, LLC is a San Francisco-based strategic market research firm that specializes in online media, digital entertainment and user-generated content trends. Netpop Research has fielded numerous studies for major profit and nonprofit entities, and is the creator of the Netpop tracking study of Internet usage among broadband consumers in the United States and China. Contact Mike Linksvayer Vice President Creative Commons ml at creativecommons.org +1 415 369 8480 Press Kit http://creativecommons.org/about/press/ From rforno at infowarrior.org Wed Sep 16 01:39:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Sep 2009 21:39:27 -0400 Subject: [Infowarrior] - White House Seeks Renewal of Surveillance Laws Message-ID: <2D78942F-0067-4F6E-9674-A5014B10C867@infowarrior.org> White House Seeks Renewal of Surveillance Laws By Carrie Johnson and Ellen Nakashima Washington Post Staff Writers Wednesday, September 16, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/09/15/AR2009091503182_pf.html The Obama administration has for the first time set out its views on the controversial Patriot Act, telling lawmakers this week that legal approval of government surveillance methods scheduled to expire in December should be renewed, but leaving room to tweak the law to protect Americans' privacy. In a letter from Justice Department officials to key members of the Senate Judiciary Committee, the administration recommended that Congress move swiftly with legislation that would protect the government's ability to collect a variety of business and credit card records and to monitor terrorism suspects with roving wiretaps. But Assistant Attorney General Ronald Weich also told Democrats that the administration is "willing to consider" additional privacy safeguards advocated by lawmakers, so long as the provisions do not "undermine the effectiveness of these important authorities." The three provisions set to expire Dec. 31 allow investigators to monitor through roving wiretaps suspects who may be trying to escape detection by switching cellphone numbers, obtain business records of national security targets, and track "lone wolves" who may be acting by themselves on behalf of foreign powers or terrorist groups. The government has not employed the lone wolf provision, but department officials want to ensure they can do so in the future. Obama's approach to electronic surveillance has been closely watched since he shifted positions during the presidential campaign last year, casting a vote to update the Foreign Intelligence Surveillance Act over the objections of liberals in his party. That law granted telecommunication companies immunity from lawsuits by Americans who argued that their privacy had been violated in an electronic data collection program. Wiretapping and surveillance grew highly politicized during the Bush years after the New York Times disclosed a secret electronic monitoring program that had swept up sensitive information for years without court approval. The Justice Department inspector general issued blistering audits in 2007 and 2008, finding, for instance, that FBI agents had used demands for information known as national security letters in many cases where they were not authorized and had employed other tools called exigent letters to quickly obtain data without proper follow-up. Chairmen of the House and Senate Judiciary Committees scheduled hearings on the reauthorization of the expiring provisions in the Patriot Act for next week. And Sens. Russell Feingold (D-Wis.) and Richard J. Durbin (D-Ill.), who raised strong objections to the problems in the previous administration, said Tuesday that they would introduce a bill to enhance privacy safeguards. "We must take this opportunity to get it right, once and for all," they said in a joint statement. Several civil liberties groups are exhorting Congress to use the expiration to begin debate on an array of domestic surveillance issues. One priority is national security letters, which require disclosure of sensitive information by banks, credit card companies and telephone and Internet service providers. No judge signs off on these, and recipients are usually barred from talking about the letters. Durbin and Feingold want to tighten standards for obtaining national security letters so that the government must show some "nexus to terrorism," according to a Senate Democratic aide, heightening the current standard of showing "relevance" to a counterterrorism investigation. The senators also want a judge be able to review the appropriateness of the gag order on the letters' recipients. Such provisions were contained in bipartisan legislation introduced previously by Feingold and Durbin and supported by then-Sen. Barack Obama. Their new bill, expected to be out this week, will also seek to repeal the legal immunity granted to telecommunications companies included in last year's domestic surveillance legislation. The bill would also ensure that new powers granted under last year's law would not be used as a pretext to target the communications of Americans in the United States without a warrant, another Senate Democratic aide said. The letters "are really the most glaring problem" under the Patriot Act, said Sharon Bradford Franklin, general council of the Constitution Project, a bipartisan advocacy group. Michelle Richardson, legislative counsel for the American Civil Liberties Union, said it was "refreshing" to see the administration's willingness to work with Congress. "The question is, what will the final bill look like?" The ACLU is also urging a tightening of last year's FISA Amendments Act to ensure that the government is collecting the e-mails and phone calls only of suspected terrorists. It also wants revisions of guidelines that empower FBI agents to use intrusive techniques to gather intelligence within the United States without any evidence that a target has ties to a terrorist organization. From rforno at infowarrior.org Wed Sep 16 11:51:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Sep 2009 07:51:05 -0400 Subject: [Infowarrior] - Adobe buys Omniture Message-ID: <872505DE-F480-48E9-9691-F399C264D7F7@infowarrior.org> Firm for Analyzing Web Traffic Bought by Adobe for $1.8 Billion By THE ASSOCIATED PRESS http://www.nytimes.com/2009/09/16/technology/companies/16adobe.html?_r=1&hpw=&pagewanted=print Adobe Systems said it would buy the Web analytics software company Omniture for about $1.8 billion, giving the maker of content-creation software a way to let marketers monitor the effectiveness of such content. Adobe, based in San Jose, Calif., will pay $21.50 a share in cash, a premium of 24 percent over Omniture?s closing stock price Tuesday. Omniture shares jumped nearly 26 percent in after-hours trading. Adobe also said it had earned $136 million, or 26 cents a share, in the fiscal third quarter that ended in August, down 29 percent from the same time a year earlier. Excluding one-time items, Adobe earned 35 cents a share, a penny above what analysts polled by Thomson Reuters were expecting. Adobe, the maker of Photoshop, Flash and Acrobat software, said its revenue fell 21 percent to $697.5 million. Omniture, based in Orem, Utah, offers a variety of Web traffic analysis tools and other products for companies to improve their marketing over the Internet. The acquisition would marry Adobe?s tools for creating Web sites and ads with Omniture?s services for figuring how to best deliver messages. Trip Chowdhry, an analyst with Global Equities Research, said the planned acquisition would allow Adobe to create new streams of revenue even as its existing businesses declined. Though he called the deal ?timely,? Mr. Chowdhry said Adobe was overpaying. He said $12 to $13 a share, rather than $21.50, would have been a fair value. From rforno at infowarrior.org Wed Sep 16 18:32:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Sep 2009 14:32:18 -0400 Subject: [Infowarrior] - Vote: Mudge for Cyber-Czar Message-ID: This petition is posted in support for the nomination of Peiter Zatko (aka mudge) to the President's post of Cybersecurity Chief. We've all seen how effective past efforts have been regarding this initiative, and realize the importance of nominating someone who understands not only all facets of cybersecurity, but has garnered the respect of both peers and adversaries in the space. Dr. Zatko's bio is available at: http://en.wikipedia.org/wiki/P ... and http://www.allbusiness.com/gov... http://www.ipetitions.com/petition/mudge4cyberczar/ From rforno at infowarrior.org Thu Sep 17 13:31:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Sep 2009 09:31:18 -0400 Subject: [Infowarrior] - Music cartels want royalties for 30-sec samples Message-ID: Music groups want royalties from iTunes samples, more updated 08:35 am EDT, Thu September 17, 2009ASCAP, others want online performance fees Music royalty groups ASCAP and BMI are pressing online music stores like Apple's iTunes to pay performance fees not only for actual song downloads but also videos and even the 30-second samples used to preview the music in advance. While these stores already pay the distribution fees for the songs themselves, ASCAP, BMI and labels claim that just downloading and playing the content also counts as a live performance and should bring an extra fee. < - > http://www.electronista.com/articles/09/09/17/ascap.others.want.online.performance.fees/ From rforno at infowarrior.org Thu Sep 17 23:50:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Sep 2009 19:50:18 -0400 Subject: [Infowarrior] - Study Arabic, get detained Message-ID: Dave Davies: Student air passenger handcuffed to echoes of 9/11 fears By Dave Davies Philadelphia Daily News http://www.philly.com/philly/news/homepage/58864467.html?cmpid=15585797 EIGHT YEARS after 9/11, we're used to changes in our routines. We show ID to get into office buildings, and take off our shoes at airports. But should a college student flying back to school be handcuffed and held for five hours because he has Arabic flash cards in his backpack? That's the way Nick George, a senior at Pomona College, in California, sees what happened to him at the Philadelphia airport two Saturdays ago. George, of Wyncote, Montgomery County, was about to catch a Southwest flight back to school when stereo speakers in his backpack caught the eye of screeners at the metal detector. When they looked though his bag, George said, they found his Arabic/ English flash cards, and escorted him to a side screening area. He figures it didn't help that his passport had stamps from Jordan, where he'd studied a semester, and Egypt and Sudan, where he'd gone backpacking. And among his 200 flash cards were words like "terrorist" and "explosion." He was learning to translate the Arabic-language news network Al Jazeera. "I understand I might warrant a second look," George told me. "They should have taken me aside, seen I had a legitimate explanation and a student ID and that I was carrying nothing illegal, and waved me on." They didn't. George said that Transportation Security Administration officers kept him in the screening area for what seemed like 45 minutes. Eventually a woman from the TSA arrived and began asking more questions, like how he felt about 9/11. "Do you know who did 9/11?" he said that the woman asked. George said that he told her that it was Osama bin Laden, and that she responded smugly, "Do you know what language Osama bin Laden spoke?" Soon after that a Philadelphia police officer arrived and told George to put his hands behind his back. Without explanation, he slapped handcuffs on him and led him away. George was taken to the airport police station, where he was locked in a holding cell with the cuffs still on. I guess that's what you do with a high-value physics major. George said that he tried to be a model prisoner, and after about two hours a police supervisor removed the handcuffs. After a couple of more hours two FBI agents appeared and took him to another room for questioning. They were polite, George said, and asked why he studied Arabic, why he'd been in the Middle East, whether anyone had ever asked him to join a terrorist group, whether he was "Islamic," whether he'd joined any Islamic or Communist (yes, Communist) groups on campus. "They told me their job is more an art than a science," George said. "They come in and decide whether there's a legitimate threat, and in my case, they decided I was not a threat." So, many hours after his backpack entered the metal detector, George was released with a ticket to fly the next day, but without an apology or explanation. If there's one thing we know that the government needs in the post-9/11 era, it's more college students interested in learning Arabic. George feels that he was treated like a criminal because somebody didn't like the flash cards. He wasn't injured or psychologically scarred, just ticked off. "I didn't have a weapon or anything seditious, just words on paper," George said. "As an American citizen, I think I'm allowed to learn a foreign language and have flash cards." TSA spokeswoman Ann Davis tracked down a report on George's encounter, and said that it wasn't the flash cards that got him flagged. Davis said that George had been selected for screening before he even reached the metal detector by TSA behavioral-detection officers, personnel trained to screen passengers for "involuntary physical and physiological reactions that people exhibit in response to a fear of being discovered." Davis said that the report indicates that in the screening area, George's "behavior escalated to a point where our officers deemed it necessary to contact the Philadelphia Police Department." Davis couldn't say what behavior had caught the officers' eye or what escalating behavior he exhibited. She said the report did note that George had Arabic flash cards, but "that's not why we would call law enforcement." The police story is a little different. Lt. Louis Liberati said, just as Davis did, that TSA personnel initially selected George because of something in his behavior. But Liberati said that it was the stuff that the TSA found in George's backpack and wallet that really aroused their suspicion: the Arabic flash cards with troubling words, a card that had George's name and Arabic script, and the longer hair in George's driver's license and passport photos than his current clean-cut appearance. That's "an indicator sometimes that somebody may have gone through a radicalization," Liberati explained. Liberati said nothing about "escalating behavior." Liberati said police checked with the FBI, and the feds decided that they wanted to come and interview George. I reached George, now back in school, and told him the authorities' version of the events. He said that it's "crazy" to think that he was acting suspiciously in line or that he had exhibited "escalating behavior" while being questioned. He insists that he patiently explained everything, including the card with Arabic writing - his student ID from Jordan - which he keeps as a souvenir. "I never raised my voice," George said, "but I did ask once or twice how much longer this was going to take because my flight was about to leave." Liberati also said that he's certain that George had not been left handcuffed in his cell. George is equally certain that he was. His wallet was taken, and he remembers an officer coming into his cell to give him the $30 they'd found inside. The officer stuffed the money in his pocket, George said, and left with the cuffs still locked tight. Our lives have changed since 9/11, and mistakes will happen. But when government personnel put an innocent person through something like this, it would be nice if someone offered an explanation, or showed just a touch of humanity. Until then, check your flash cards with your luggage. From rforno at infowarrior.org Fri Sep 18 13:06:37 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Sep 2009 09:06:37 -0400 Subject: [Infowarrior] - A Las Vegas Illusion Message-ID: <354783C2-4F9C-4778-916B-3CB8496F178C@infowarrior.org> A Las Vegas Illusion Roger Martin is Dean of the Rotman School of Management at the University of Toronto and author of the forthcoming book, The Design of Business: Why Design Thinking Is the Next Competitive Advantage. http://views.washingtonpost.com/leadership/panelists/2009/09/a-las-vegas-illusion.html?hpid=smartliving In response to the question: What does Wall Street have to change to produce better leaders, a different culture and a more long-term focus? Forget about it. Don't even waste time thinking about it. The purpose of Wall Street firms is to trade value for their own benefit not to build value for the economy either short-term or long-term. While at one point in its history, a non-trivial part of Wall Street's activity involved financing the growth of American companies, that is now a minor piece of its business. Wall Street is primarily engaged in encouraging individuals and companies to trade value between one another and tolling the parties for the service, and trading against the outside economy for its own account. On the retail side, one Wall Street brokerage firm convinces a buyer to buy a stock that its high-paid analysts declare to be "under- valued" while another Wall Street brokerage firm convinces a seller to unload the self-same stock that its high-paid analysts declare to be "over-valued." Randomly, one adviser is right and the other is wrong, but both take a commission on the transaction. Zero value is created - the buyer makes X and the seller loses X, or vice versa. But as with Las Vegas, a casino cut is shaved off the top. On the corporate side, one Wall Street M&A department convinces a buyer that it can make a value-creating acquisition while another Wall Street M&A department convinces the seller that selling is "in the best interests of shareholders." Again, someone is right (typically the seller) and someone is wrong (typically the buyer) and the Wall Street firms each earn huge deal fees. Neither creates value for the economy, nor is it intended in either case. Buyers and sellers for some reason, beyond any data or logic, believe that Wall Street has special insights that will work in their favor - even though there is another Wall Street firm working the other side of the transaction. Wall Street has only one prerogative and that is to maintain the illusion that it adds value so that it can charge spectacular sums for its services. It is tough to be an awesome leader when your primary job is to maintain a set of self-serving illusions. And increasingly, Wall Street has recognized that the above businesses earn chump-change in comparison to the consistently super-normal returns of their best business of all: proprietary trading, in which Wall Street makes supernormal returns trading for its own account. Given that Wall Street can't demonstrate that it provides valuable trading insight for outside clients, it begs the question: how can it earn super-normal returns trading on its own account? The answer is not a very reassuring one: proprietary trading based on proprietary information. And the very best proprietary information is information that comes closest to being illegal. This is not a zero-sum game. Wall Street wins and everybody else loses. So I think it is foolish to think about Wall Street producing leaders that help build the economy. That isn't in the DNA. Wall Street exists, first and foremost, to benefit Wall Street and that isn't going to change anytime soon. From rforno at infowarrior.org Sat Sep 19 00:17:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Sep 2009 20:17:48 -0400 Subject: [Infowarrior] - JUSTICE Act would roll back telecom wiretap immunity Message-ID: <9CBB0603-DB9D-4C9A-ACFD-4AAC99219986@infowarrior.org> JUSTICE Act would roll back telecom wiretap immunity http://arstechnica.com/tech-policy/news/2009/09/justice-act-would-roll-back-telecom-wiretap-immunity.ars A group of Senate democrats has proposed a new bill called the JUSTICE Act which seeks to impose stronger safeguards on the surveillance powers granted by the PATRIOT Act. It would also roll back a controversial provision of the FISA Amendment Act that granted immunity to telecom companies that particip A group of Senate Democrats led by Russ Feingold (WI) and Dick Durbin (IL) have proposed the Judicious Use of Surveillance Tools in Counter- terrorism Efforts (JUSTICE) Act, a bill that would introduce stronger safeguards and higher standards of judicial oversight for surveillance activity. It aims to reform the most abusive characteristics of the PATRIOT Act and would also roll back a controversial provision of the FISA Amendment Act that granted telecom companies retroactive immunity for their participation in the Bush administration's extralegal warrantless surveillance program. The proposal is broadly endorsed by privacy advocates and civil liberties groups, including the American Civil Liberties Union and the Electronic Frontier Foundation. Senator Feingold says that the goal of the act is to ensure that surveillance and intelligence-gathering activities are properly empowered while guaranteeing that rights are respected and investigative privileges are not misused. "Every single member of Congress wants to give our law enforcement and intelligence officials the tools they need to keep Americans safe," Feingold said in a statement. "The JUSTICE Act permits the government to conduct necessary surveillance, but within a framework of accountability and oversight. It ensures both that our government has the tools to keep us safe, and that the privacy and civil liberties of innocent Americans will be protected." The National Security Letter (NSL) provision of the PATRIOT Act is one area in particular where the JUSTICE Act would institute new safeguards. PATRIOT Act allows federal law enforcement agents to use an NSL, instead of a court order, to obtain private records. Civil liberties advocates fear that the lack of appropriate judicial oversight applied to NSLs creates a very high risk of abuse. Indeed, a Department of Justice audit in 2007 found evidence of serious irregularities. Several components of the PATRIOT Act, including a highly controversial provision that enforced a "gag order" against NSL recipients, were deemed unconstitutional and were later stricken. The JUSTICE Act mandates use of the "least intrusive means" of information collection. It imposes limitations on the process that law enforcement agencies use to gain expedited emergency access to information. It also establishes new tracking and reporting requirements to ensure that NSL usage will receive a higher level of Congressional scrutiny. One of the most significant aspects of the JUSTICE Act is that it will remove the retroactive immunity grants that were given to the telecom companies that participated in the NSA warrantless surveillance program. The companies that cooperated with the surveillance program likely violated several laws, including section 222 of the Communications Act, which prohibits disclosure of network customer information. The immunity grants have prevented the telecommunications companies that voluntarily participated in this program from being held accountable in court. If the JUSTICE Act is passed, then litigation against the telecom companies can move forward. Such litigation could be instrumental in determining the scope of illegal activity that was perpetrated under the aegis of the NSA's surveillance program. The previous administration fought fiercely against that kind of scrutiny during Bush's presidency. Although President Obama initially supported holding the telecom companies accountable, he reversed his position and voted in favor of telecom immunity while still in the Senate. It's unclear if Obama will be support the JUSTICE Act. From rforno at infowarrior.org Sat Sep 19 00:20:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Sep 2009 20:20:11 -0400 Subject: [Infowarrior] - FCC To Introduce Net Neutrality Rule Message-ID: <80B79435-0918-4BD7-A522-9B4F28BA06C8@infowarrior.org> FCC To Introduce Net Neutrality Rule http://voices.washingtonpost.com/posttech/2009/09/fcc_to_introduce_rules_that_pr.html Julius Genachowski, chairman of the Federal Communications Commission, plans to propose a new so-called net neutrality rule Monday that could prevent telecommunications, cable and wireless companies from blocking Internet applications, according to sources at the agency. Genachowski will discuss the rules Monday during a keynote speech at The Brookings Institute. He isn't expected to drill into many details, but the proposal will specifically be for an additional guideline on how operators like AT&T, Verizon, and Comcast can control what goes on their networks. That additional guideline would prevent the operators from discriminating, or act as gatekeepers, of Web content and services. The guidelines in place today have been criticized by applications developers like Google and public interest groups for not going far enough to clarify what is defined as discriminatory behavior. Comcast is fighting in federal court an FCC ruling that it violated the guidelines by blocking a video application last year. AT&T and Verizon have said existing rules are sufficient, and more regulation is unnecessary. However, they have also said they wouldn't fight against an additional guideline that focuses on discriminatory behavior. The sources spoke on the condition of anonymity because details of the new regulations haven't been officially announced. The new rule would be the first bold move by Genachowski, who served as President Obama's technology advisor during the campaign and transition. The rule could upset wireless, telecom and cable operators who have fought against regulations that would give them less control over traffic that runs on their networks. They argue that they need to maintain flexibility to manage traffic to ensure some applications don't take up too much bandwidth and make Web access slower for some users. The agency is expected to review what traffic management is reasonable and what practices are discriminatory. The guidelines are known as "principals" at the agency, which some public interest groups have sought to codify so that they would clearly be enforceable by the agency. The debate over net neutrality encompasses a wide variety of technology companies. Some -- like Google -- create applications for the Web and want customers to have easy access to their wares. Network owners, however, find themselves increasing on the defensive; their traditional business of providing phone and television has been challenged by upstarts providing much of the same content on the Web. Such network operators have drawn scrutiny of late. Google revealed Friday in letters to the FCC that Apple rejected its voice service and a mapping service on the popular iPhone and Internet voice service Skype has fought for rules that would prevent companies like AT&T from keeping its service off its wireless 3G network. The FCC asked AT&T, Apple and Google to respond to questions about allegations that Google Voice was blocked. Apple denies it rejected the application, saying it is still evaluating whether to permit it on the iPhone. And it is unclear whether the FCC can regulate the manufacturers of wireless phones, which some argue are part of wireless networks and others say are separate from networks and not under the jurisdiction of the agency. Consumer interest groups have pushed for new rules and key lawmakers Thursday ratcheted up the debate when Rep. Henry Waxman (D-Calif.), chairman of the Energy and Commerce Committee said he would co-author a net neutrality bill with Rep. Ed Markey (D-Mass.) and Anna Eschoo (D- Calif.). "If the commission moves forward on network neutrality, it will achieve the president's signature tech policy agenda item," said Ben Scott, director of policy at public interest group Free Press. "And it's a firm move to protect the open Internet for consumers and producers of content in a competitive marketplace of speech and commerce." From rforno at infowarrior.org Sat Sep 19 00:29:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Sep 2009 20:29:49 -0400 Subject: [Infowarrior] - 'Online OPSEC' (so to speak) Message-ID: <57DC6940-2954-4AB0-8657-94850016B498@infowarrior.org> I'd call this game 'Online OPSEC For Kids' .... Might be useful for adults, too! Use things like 'Gaggle' and 'Fakebook' and 'Tweetr' to uncover clues about various characters and learn how these services where you post your various thoughts, views, and opinions can be used against you. http://www.smokescreengame.com/ From rforno at infowarrior.org Sat Sep 19 02:22:15 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Sep 2009 22:22:15 -0400 Subject: [Infowarrior] - Big Content to FCC: don't kill our ISP filtering dream! Message-ID: http://arstechnica.com/tech-policy/news/2009/09/big-content-still-cant-compete-with-free.ars Big Content to FCC: don't kill our ISP filtering dream! Content industry lobbyists told the FCC today that they still can't "compete with free," then later in the proceeding listed all the innovative ways in which they were doing just that. Turns out that "we can't compete" is really just code for "please allow ISP content filtering and more DRM." By Nate Anderson | Last updated September 18, 2009 8:10 AM CT In the debate over DRM and online copyright infringement, there may be no hoary chestnut hoarier than the claim that "no industry can compete with free." This is such an old argument that we would be shocked (and a bit disappointed) if any of our readers made it this far without thinking, "But what about bottled water! Oxygen bars! The iTunes store!" Over the last decade, it has been addressed almost ad nauseum, the latest installment of the nauseum coming courtesy of the hugely promoted book Free! by Wired editor-in-chief Chris Anderson. But Big Content's lobbyists either 1) haven't gotten the memo or 2) don't care about the memo, because the claim about competing with free remains one of the central talking points when lobbying government officials, as they did today. We can't compete with free The FCC held another of its broadband workshops today to take input on the national broadband plan it needs to come up with by early next year. Today's topic was "content," which predictably turned into a rather tedious debate rehashing all the old arguments and taking place between all the same players who always show up at these hearings, all attempting to bend the FCC to their will. Today's bit of will-bending was focused in large part on DRM, content filtering, and related technologies. The motion picture business was on hand to ask the FCC not to "tolerate a whole vast culture of illegality"; it wants to ensure that content filtering and related tools are not outlawed at the ISP level. When the FCC submits its broadband plan to Congress, it should tell that august body that it's OK for content owners and ISPs to use "innovation" to deal with copyright infringement. "There are some who don't trust the movement of technology to deal with these problems," said MPAA boss Dan Glickman. People love tech innovation everywhere else?so why do they distrust it when it comes to dealing with copyright infringement? It's an old argument, as was just about everything else said by both sides on this topic. But what was most interesting about the proceedings was that when discussion got a bit heated, one lobbyist for the big content owners burst out with the oldest argument of all: "No industry can compete with free!" This, it was clear, was the basic issue, the problem at the root of the entire discussion?and it drew a quick response. Gigi Sohn from Public Knowledge raised the bottled water comparison; law professor Michael Carroll asked how it might possibly be, then, that iTunes had succeeded? That such an outmoded claim could still be made by someone whose full- time job it is to lobby on behalf of just these issues is a reminder that the argument still has enough apparent traction in Washington to be deployed when Big Content is being criticised repeatedly by groups like Public Knowledge. A more charitable interpretation might be that the claim was simply shorthand for a more accurate way of putting it?"we should not have to compete with free when the free product isn't a legal one." Putting it this way means that the comparison to bottled water is moot (the "free" water here is not generally from an illegal tap, and it's not really "free," either). It does nothing to address the iTunes comparison, though, in which iTunes has sold a gazillion tracks to people who could grab them all (illegally, in many cases) for free. There was no response to these two objections, and the discussion moved on to other matters. Yes we can! (compete with free) The music and movie businesses, in particular, truly hate being told that their business models alone are at fault, and that the only way to address piracy is to deal with the business models. They would prefer to do both, though of course the innovation they are now trying to make a reality would have come even slower without the competition of piracy. Legal or not, it's real competition, and what was truly ironic about today's hearing was that the content industries have already managed to compete with free and continue to do so. That's why, later in the hearing, making a different point, another lobbyist talked up the industry's successes in new business models. The idea here is to point out that Big Content can innovate, doesn't hate its customers, and isn't merely holding people hostage to high- margin CDs and DVDs (anymore). Hulu is mentioned. So is Netflix, then Amazon. Look at how the industry has addressed its critics who say it can't or won't innovate! Of course, this undercuts the entire "we can't compete with free" premise of the earlier comment. "Can't compete with free" is trotted out whenever the content industries want more Internet restrictions and more DRM; "look how well we innovate" is trotted out, often in the same sessions, whenever the argument shifts to dated industry business models. The government folks in the room were canvassing opinions, not making recommendations, but several of them seemed skeptical of the industry's preferred tech approaches to dealing with infringement. Phil Weiser at the Department of Justice was an academic at the University of Colorado earlier this year, and he's an expert in many of these IP issues. He accepted that infringement rates need to drop, but he was more interested in creating a "greater sense of shame" in people who might infringe copyright, something far short of more DRM. The idea is to make people feel the sorts of things that operate in the real world?shame or guilt over doing something illegal, not the totally anonymous impunity that many online users appear to feel. Technology alone can't solve that problem. Another FCC official later wanted to know more about the "education" campaigns that the industry is always talking up. While it's fine to educate people about the law and about copyright and about infringement, shouldn't digital media buyers also be "educated" about the restrictions imposed by DRM when they purchase media? We'll see what emerges from all of this, but the fact that Big Content was asking for the FCC not to block ISP filtering schemes and other "innovations" rather than asking the agency to impose them makes it clear where things are headed. Such measures, if they come into effect, will be voluntary agreements between content owners and ISPs, though as the RIAA can tell you, it's not easy to sign ISPs up to voluntary schemes that will lead them to their losing customers. From rforno at infowarrior.org Sat Sep 19 02:30:53 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Sep 2009 22:30:53 -0400 Subject: [Infowarrior] - Cisco's product placement hell Message-ID: Product placement hell: Cisco "bribes" 24, CSI, House, Heroes, the Office, and more Commercial film and TV are now paid henchmen in the battle to subconciously maniplate the minds of viewers into unwitting respect for selected corporations and their products. Want proof? Look no futher than this Cisco internal marketing analysis video showing placement of the Cisco name in an extraordinary array of films and TV series, including The Office, CSI:NY, Heroes, House, Eureka, Walking the Dead, Wire in the Blood, One Good Turn, Second Life, Transformers, Iron Man, 24, and others. Video @ http://www.wikileaks.org/wiki/Product_placement_hell:_Cisco_%22bribes%22_24%2C_CSI%2C_House%2C_Heroes%2C_the_Office%2C_and_more From rforno at infowarrior.org Sat Sep 19 15:06:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Sep 2009 11:06:36 -0400 Subject: [Infowarrior] - DOJ legal memos on Einstein 2 Message-ID: (c/o anonymous) http://www.usdoj.gov/olc/2009/e2-issues.pdf http://www.usdoj.gov/olc/2009/legality-of-e2.pdf The first memo has a detailed description of Einstein 2, as well as this description of recent government-system exploitations: "Over the past several years, Federal Systems have been subject to sophisticated and well-coordinated computer network intrusions and exploitations on an unprecedented scale. The Intelligence Community has determined that those malicious network activities pose a grave threat to national security. See also Center for Strategic and International Studies, Securing Cyberspace 11-15 (2008) (discussing national security implications of federal network vulnerabilities). Those malicious network activities occur at the hands of hostile foreign nations (including foreign intelligence services), transnational criminal groups and enterprises, and individual computer hackers. Recent intrusions and exploitations have resulted in the theft of significant amounts of unclassified data from many executive departments and agencies, as well as information regarding the vulnerabilities of Federal Systems. The unclassified networks of the Departments of Defense, State, Homeland Security, and Commerce, among others, have suffered intrusions against their networks and exploitations of their data. Accordingly, the Homeland Security Council has determined that the deployment of a multi-layered network defense system is necessary to protect Federal Systems against these ongoing computer intrusions and exploitations carried out by a broad array of cyber adversaries." From rforno at infowarrior.org Sat Sep 19 23:32:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Sep 2009 19:32:27 -0400 Subject: [Infowarrior] - Battle Looms Over the Patriot Act Message-ID: September 20, 2009 Battle Looms Over the Patriot Act By CHARLIE SAVAGE http://www.nytimes.com/2009/09/20/us/politics/20patriot.html?hpw=&pagewanted=print WASHINGTON ? As Congress prepares to consider extending crucial provisions of the USA Patriot Act, civil liberties groups and some Democratic lawmakers are gearing up to press for sweeping changes to surveillance laws. Both the House and the Senate are set to hold their first committee hearings this week on whether to reauthorize three sections of the Patriot Act that expire at the end of this year. The provisions expanded the power of the F.B.I. to seize records and to eavesdrop on phone calls in the course of a counterterrorism investigation. Laying down a marker ahead of those hearings, a group of senators who support greater privacy protections filed a bill on Thursday that would impose new safeguards on the Patriot Act while tightening restrictions on other surveillance policies. The measure is co- sponsored by nine Democrats and an independent. Days before, the Obama administration called on Congress to reauthorize the three expiring Patriot Act provisions in a letter from Ronald Weich, assistant attorney general for legislative affairs. At the same time, he expressed a cautious open mind about imposing new surveillance restrictions as part of the legislative package. ?We are aware that members of Congress may propose modifications to provide additional protection for the privacy of law abiding Americans,? Mr. Weich wrote, adding that ?the administration is willing to consider such ideas, provided that they do not undermine the effectiveness of these important authorities.? One of the witnesses Democrats have invited to testify at both hearings is Suzanne E. Spaulding, who has worked for lawmakers of both parties as a former top staffer on the House and Senate Intelligence committees. Mrs. Spaulding said she would urge Congress to tighten restrictions on when the F.B.I. could use the Patriot Act powers. The rapid build-up of domestic intelligence authorities after the Sept. 11 attacks, she said, had overlooked ?important safeguards,? which has resulted ?in a greater likelihood at a minimum of the government mistakenly intruding into the privacy of innocent Americans, and at worst having a greater capability of abusing these authorities.? Still, she acknowledged, the public record contains scant evidence that the F.B.I. has abused its powers under the three expiring Patriot Act sections. And it remains to be seen whether a majority in Congress will welcome undertaking a potentially heated debate over national security in the midst of already wrenching efforts to overhaul the nation?s health insurance system. Republicans invited Kenneth L. Wainstein, a former assistant attorney general for national security for the Bush administration, to testify at both Patriot Act hearings. ?We have to be careful not to limit these tools to the point that they are no longer useful in fast-moving threat investigations,? Mr. Wainstein said. ?There is an important place for oversight of national security tools, and that oversight is being exercised by Congress and by the federal judges on the Foreign Intelligence Surveillance Court.? The first such provision allows investigators to get ?roving wiretap? court orders authorizing them to follow a target who switches phone numbers or phone companies, rather than having to apply for a new warrant each time. From 2004 to 2009, the Federal Bureau of Investigation applied for such an order about 140 times, Robert S. Mueller, the F.B.I. director, said at a Senate Judiciary Committee hearing last week. The second such provision allows the F.B.I. to get a court order to seize ?any tangible things? deemed relevant to a terrorism investigation ? like a business?s customer records, a diary or a computer. From 2004 to 2009, the bureau used that authority more than 250 times, Mr. Mueller said. The final provision set to expire is called the ?lone wolf? provision. It allows the F.B.I. to get a court order to wiretap a terrorism suspect who is not connected to any foreign terrorist group or foreign government. Mr. Mueller said this authority had never been used, but the bureau still wanted Congress to extend it. Several other lawmakers are expected to file their own bills addressing the Patriot Act and related surveillance issues in the next several weeks. Many of the proposals under discussion involve small wording shifts whose impact can be difficult to understand, in part because the statutes are extremely technical and some govern technology that is classified. But in general, civil libertarians and some Democrats have called for changes that would require stronger evidence of meaningful links between a terrorism suspect and the person whom investigators are targeting. In the same way, some are proposing to use any Patriot Act extension bill to tighten when the F.B.I. may use ?national security letters? ? administrative subpoenas that allow counterterrorism agents to seize business records without obtaining permission from a judge. Agents use the device tens of thousands of times each year. The Patriot Act section that expanded the F.B.I.?s power to issue those letters is not expiring, but they have become particularly controversial because the Justice Department?s inspector general issued two reports finding that F.B.I. agents frequently misused the device to obtain bank, credit card and telephone records. Finally, some civil libertarians want lawmakers to revisit a June 2008 law in which Congress granted immunity from civil lawsuits to telecommunications companies that assisted President George W. Bush?s program of surveillance without warrants, and that adjusted federal statutes to bring them into alignment with a form of that program. As a senator, Mr. Obama voted for that bill, infuriating civil libertarians. The bill filed Sept. 17 ? which is championed in particular by two Democratic senators, Russ Feingold of Wisconsin and Richard J. Durbin of Illinois ? would repeal the immunity provision. The measure would also tighten statutory restrictions to ban the ?bulk collection? of phone calls coming into the United States from overseas. Some security specialists say that they doubt the national security agency has that capability today, but that it could become feasible as classified technology advances. ?Every single member of Congress wants to give our law enforcement and intelligence officials the tools they need to keep Americans safe,? Mr. Feingold said in a statement when filing the bill. ?But with the Patriot Act up for reauthorization, we should take this opportunity to fix the flaws in our surveillance laws once and for all.? But changes to the hard-fought 2008 legislation on the Foreign Intelligence Surveillance Act, or FISA, could provoke fierce opposition from Senate conservatives. Senator Christopher S. Bond, Republican of Missouri and vice chairman of the Senate Intelligence Committee, strongly objected to revisiting that law. ?Our terror fighters need the tools and legal authorities to track terror suspects quickly, before they strike,? Mr. Bond said. ?Unfortunately, this bill would render our critical warning system useless by unraveling the bipartisan FISA provisions Congress passed last year.? From rforno at infowarrior.org Sun Sep 20 18:21:16 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Sep 2009 14:21:16 -0400 Subject: [Infowarrior] - NFL Message-ID: As usual, during NFL games, we see this -- ?This telecast is copyrighted by the NFL for the private use of our audience. Any other use of this telecast or any pictures, descriptions, or accounts of the game without the NFL?s consent is prohibited.? To which, I respond -- "It's about 70 degrees and gorgeous in thd DC area for the game between the NFL teams called the Washington Redskins and St Louis Rams. The grass is quite green and vibrant on the field. There are lots of people at FEDEX Field in Landover, MD, and the players are running around the field between whistles blown by referees. The game is being broadcast on FOX television." Copyright that, folks. -rf From rforno at infowarrior.org Mon Sep 21 02:05:15 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Sep 2009 22:05:15 -0400 Subject: [Infowarrior] - =?windows-1252?q?Cartoonist=92s_Heirs_Seek_to_Rec?= =?windows-1252?q?laim_Rights?= Message-ID: <6EC15686-ECCE-4E06-9141-B12009FCA5C4@infowarrior.org> In Wake of Disney-Marvel Deal, Cartoonist?s Heirs Seek to Reclaim Rights By Michael Cieply and Brooks Barnes http://mediadecoder.blogs.nytimes.com/2009/09/20/in-wake-of-disney-marvel-deal-cartoonists-heirs-seek-to-reclaim-rights/?hp The Walt Disney Company?s proposed $4 billion acquisition of Marvel Entertainment may come with a headache: a brand-new superhero copyright dispute. Heirs to the comic-book artist Jack Kirby, who has been credited as the co-creator of characters and stories behind Marvel mainstays like the ?X-Men? and ?Fantastic Four,? among many others, last week sent 45 notices of copyright termination to Marvel, Disney, Sony Pictures, Universal Pictures, 20th Century Fox, Paramount Pictures and others who have been making films and other forms of entertainment based on the characters. The legal notices expressed an intent to regain copyrights to some creations as early as 2014, according to a statement from Toberoff & Associates, a Los Angeles firm that helped win a court ruling last year returning a share of the copyright in Superman to heirs of the character?s co-creator, Jerome Siegel. Reached by telephone on Sunday, Mr. Toberoff declined to elaborate on the statement. A spokeswoman for Marvel had no immediate comment. Disney said in a statement, ?The notices involved are an attempt to terminate rights seven to 10 years from now, and involve claims that were fully considered in the acquisition.? Fox, Sony, Paramount and Universal had no comment. Marvel shareholders must still approve the sale of the company to Disney, which is already battling criticism from some Wall Street analysts that Marvel comes with too messy an array of rights agreements. The worry is that Disney will have a hard time immediately executing a coordinated exploitation of Marvel?s various brands. Sony has the film rights to Spider-Man in perpetuity, for instance, while Fox has the X-Men and Fantastic Four. Paramount has a distribution agreement for Marvel?s next few self-produced movies, including a second ?Iron Man? film. Meanwhile, Hasbro has certain toy rights and Universal holds Florida theme park rights to Spider-Man and the Incredible Hulk, among other characters. Mr. Kirby, who died in 1994, worked with the writer-editor Stan Lee to create many of the characters that in the last decade have become some of the most valuable in a Hollywood that hungers for super-heroes. Mr. Kirby was involved with ?The Incredible Hulk,? ?The Mighty Thor,? ?Iron Man,? ?Spider-Man,? and ?The Avengers,? among others. The window for serving notice of termination on the oldest of the properties opened several years ago, and will remain open for some time under the law. But Disney?s announced purchase gives a new reason for anyone with claims on Marvel to stake out a position. Under copyright law, the author or his heirs can begin a process to regain copyrights a certain period of years after the original grant. If Mr. Kirby?s four children were to gain the copyright to a co- created character, they might become entitled to a share of profits from films or other properties using it. They might also find themselves able to sell rights to certain characters independently of Marvel, Disney, or the various studios that have licensed the Marvel properties for their hit films. In July, a federal judge in Los Angeles ruled that Warner Brothers and its DC Comics unit had not violated rights of the Siegel heirs in handling internal transactions related to Superman, but an earlier ruling had already granted the heirs a return of their share in the copyright. In the late 1990s, Mr. Toberoff represented a television writer, Gilbert Ralston, who sued Warner over the rights to the film ?Wild, Wild West.? The suit was ultimately settled. Copyright issues have become increasingly difficult for Hollywood, as it continues to trade on characters and stories that were created decades ago, but are now subject to deadlines and expiration dates under federal copyright law. From rforno at infowarrior.org Tue Sep 22 12:02:36 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Sep 2009 08:02:36 -0400 Subject: [Infowarrior] - DOD Cyber Policy Chart Message-ID: My initial reaction to this diagram cannot be typed in civil Internet forums. Neither can my second. Or even my third. However, upon deeper reflection, I am reminded of the old saying about the more complicated the system, the easier it is to stop up the plumbing. A policy framework like this is a monumental achievement for Beltway bureaucrats but an EPIC FAIL for IA. Concept art for Tetris 3.0, maybe. :( Interactive, hyperlinky-PDF chart can be found at http://www.cyberwarandlaw.com/2009/09/cyber-policy-chart.html -rf From rforno at infowarrior.org Tue Sep 22 12:36:55 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Sep 2009 08:36:55 -0400 Subject: [Infowarrior] - AT&T takes the phone out of iPhone Message-ID: <28C473E5-4D53-403F-BF84-3FD9D659D829@infowarrior.org> AT&T takes the phone out of iPhone by Elinor Mills http://news.cnet.com/8301-27080_3-10358156-245.html?part=rss&subj=news&tag=2547-1_3-0-20 Three weeks ago, I got a call on a friend's iPhone while in the middle of a desert; cell phone coverage had come to Burning Man. By contrast, several calls I made last night to my parents from my San Francisco apartment were dropped and a subsequent connection became garbled. That happens daily when I try to converse on my first-generation iPhone in my apartment and in certain other neighborhoods. I've come to anticipate that if I can even make a call it's likely to be short- lived or poor quality. Frustrated by the numerous interrupted calls, I decided to try to find out why my iPhone service is so poor that it's easier to have a Web video conference over AIM with my boyfriend because neither of us can use our iPhones (his is 3G) reliably inside either of our homes. This is not a new problem. AT&T was criticized when traffic from attendees at the South By Southwest conference in Austin, Texas, overwhelmed the network earlier this year. And there were widespread complaints about dropped calls and spotty service after the launch of the iPhone 3G a year ago. I wondered why, a year later, the service still seemed unreliable. I called AT&T (on my reliable landline at work) to find out. AT&T spokesman Mark Siegel blamed the problem on the increasing amount of data traffic iPhone users are creating, which CNET News and others wrote about earlier this month. "We lead the industry in smart phones," he said. "As a result, we are having to stay ahead of what is incredible and increasing demand for wireless data services." I wanted to know specifically why my problems haven't been resolved nearly one-and-a-half years after getting my iPhone and why my voice reception would be impacted by data traffic on a different network. "Well, it wouldn't," Siegel conceded. Initially, he had suggested that my problems were related to the fact that the first-generation iPhone uses the EDGE data network, which is slower than the 3G network. However, not only am I on a different data network than the 3G data bandwidth hogs, but there should be no connection between general data usage and my voice reception. Other factors are at play, though, such as proximity to a cell tower, the thickness of walls in the building and amount of demand on the network at the time, according to Siegel. Asked what AT&T is doing to address the reception problems, Siegel said the company is rolling out 850 MHz frequency, which penetrates walls better than the higher frequency 1900MHz band; adding 2,000 cell towers to increase coverage; beefing up its back-haul capacity that connects the cell towers to the Internet; spending as much as $18 billion this year to upgrade its wireless and broadband networks; and moving to the LTE, or 4G, network standard known next year. "We recognize unique challenges have been posed by all of these smart devices being increasingly used by more and more people and I think we are on the forefront of architecting our network to continue to stay ahead of the demands that those devices place on our network," he said. Despite listing the improvements AT&T plans to make, Siegel kept insisting that there was no story here; that my concerns and the many comments on the Apple iPhone forums about reception problems and dropped calls was not newsworthy. While I do have friends who report no problems with their iPhone reception, many of my friends have complaints. I did an informal survey of friends on Facebook and learned that people suffer from dropped calls, as well as inaccessible voice mail and delayed voice messages. Also, I am not alone in being forced to cut back on talking on the phone as a result of the reception problems. Here are some examples of the responses I got: ?"As soon as I move and do not have an ATT bundle, I am throwing the iphone, and ATT in the trash," wrote a San Francisco friend using a first-generation iPhone. ?"When i first got my iPhone (July 2007), i had fine coverage. In the past nine months or so, something changed. Now i have *horrible* reception in my neighborhood, especially in my apartment, and most especially in my bedroom. My phone virtually never rings there, and i almost never get voicemails or text messages until somewhere between 2 minutes and 2 hours after the communication went through," wrote another first-generation Bay Area iPhone user on Facebook. ?"Terrible in SF. Probably 1 out of 3 calls gets dropped," wrote a 3G iPhone user. ?"I've come to use it as a portable computer and a phone only in emergencies. I hardly talk on the phone anymore," another Bay Area friend who has a 3G iPhone told me. ?"My (3G iPhone) won't work inside my house. I'm thinking about selling my house and finding a new one. Until then, I just use the forwarding feature, but it's a pain. And yeah, it means I tend to talk on the iPhone less. It's definitely a problem with my line o' work, although I'm trying to use Google Voice to solve the problem, too," wrote a friend in Arizona. Siegel was not amused. "So you are actively asking folks to submit their experiences? Sorry, but you and I have a basic disagreement about why you are doing this story. What is the news here beyond what others have covered?" he wrote in an e-mail. Maybe I should pose that question to all the iPhone users who can't make a basic phone call with their phones much of the time. Siegel said he would look into my particular situation. I hope he does and if so, I'll let you know what I find out. While I can't speak for other parts of the country, there do seem to be problems in San Francisco at least. This is significant given the high percentage of iPhone users in the area. What's your experience? From rforno at infowarrior.org Tue Sep 22 15:09:15 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Sep 2009 11:09:15 -0400 Subject: [Infowarrior] - Fwd: Netflix's Impending (But Still Avoidable) Multi-Million Dollar Privacy Blunder References: <20090922124600.GA8943@gsp.org> Message-ID: <5172FDD7-C2FF-4A76-A2C3-C9692E24C709@infowarrior.org> (via BoingBoing) Netflix's Impending (But Still Avoidable) Multi-Million Dollar Privacy Blunder http://www.freedom-to-tinker.com/blog/paul/netflixs-impending-still-avoidable-multi-million-dollar-privacy-blunder Excerpt: Netflix should cancel this new, irresponsible contest, which it has dubbed Netflix Prize 2. Researchers have known for more than a decade that gender plus ZIP code plus birthdate uniquely identifies a significant percentage of Americans (87% according to Latanya Sweeney's famous study.) True, Netflix plans to release age not birthdate, but simple arithmetic shows that for many people in the country, gender plus ZIP code plus age will narrow their private movie preferences down to at most a few hundred people. Netflix needs to understand the concept of "information entropy": even if it is not revealing information tied to a single person, it is revealing information tied to so few that we should consider this a privacy breach. From rforno at infowarrior.org Tue Sep 22 22:39:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Sep 2009 18:39:59 -0400 Subject: [Infowarrior] - Soviet Doomsday Machine Message-ID: <820DDDC0-B9C6-4AB3-9C55-0B23FC022324@infowarrior.org> Inside the Apocalyptic Soviet Doomsday Machine By Nicholas Thompson 09.21.09 http://www.wired.com/politics/security/magazine/17-10/mf_deadhand?currentPage=all The technical name was Perimeter, but some called it Mertvaya Ruka, Dead Hand. Valery Yarynich glances nervously over his shoulder. Clad in a brown leather jacket, the 72-year-old former Soviet colonel is hunkered in the back of the dimly lit Iron Gate restaurant in Washington, DC. It's March 2009?the Berlin Wall came down two decades ago?but the lean and fit Yarynich is as jumpy as an informant dodging the KGB. He begins to whisper, quietly but firmly. "The Perimeter system is very, very nice," he says. "We remove unique responsibility from high politicians and the military." He looks around again. Yarynich is talking about Russia's doomsday machine. That's right, an actual doomsday device?a real, functioning version of the ultimate weapon, always presumed to exist only as a fantasy of apocalypse- obsessed science fiction writers and paranoid ?ber-hawks. The thing that historian Lewis Mumford called "the central symbol of this scientifically organized nightmare of mass extermination." Turns out Yarynich, a 30-year veteran of the Soviet Strategic Rocket Forces and Soviet General Staff, helped build one. Chart source: Bulletin of the Atomic Scientists, Natural Resources Defense Council The point of the system, he explains, was to guarantee an automatic Soviet response to an American nuclear strike. Even if the US crippled the USSR with a surprise attack, the Soviets could still hit back. It wouldn't matter if the US blew up the Kremlin, took out the defense ministry, severed the communications network, and killed everyone with stars on their shoulders. Ground-based sensors would detect that a devastating blow had been struck and a counterattack would be launched. The technical name was Perimeter, but some called it Mertvaya Ruka, or Dead Hand. It was built 25 years ago and remained a closely guarded secret. With the demise of the USSR, word of the system did leak out, but few people seemed to notice. In fact, though Yarynich and a former Minuteman launch officer named Bruce Blair have been writing about Perimeter since 1993 in numerous books and newspaper articles, its existence has not penetrated the public mind or the corridors of power. The Russians still won't discuss it, and Americans at the highest levels?including former top officials at the State Department and White House?say they've never heard of it. When I recently told former CIA director James Woolsey that the USSR had built a doomsday device, his eyes grew cold. "I hope to God the Soviets were more sensible than that." They weren't. The system remains so shrouded that Yarynich worries his continued openness puts him in danger. He might have a point: One Soviet official who spoke with Americans about the system died in a mysterious fall down a staircase. But Yarynich takes the risk. He believes the world needs to know about Dead Hand. Because, after all, it is still in place. The system that Yarynich helped build came online in 1985, after some of the most dangerous years of the Cold War. Throughout the '70s, the USSR had steadily narrowed the long US lead in nuclear firepower. At the same time, post-Vietnam, recession-era America seemed weak and confused. Then in strode Ronald Reagan, promising that the days of retreat were over. It was morning in America, he said, and twilight in the Soviet Union. Part of the new president's hard-line approach was to make the Soviets believe that the US was unafraid of nuclear war. Many of his advisers had long advocated modeling and actively planning for nuclear combat. These were the progeny of Herman Kahn, author of On Thermonuclear War and Thinking About the Unthinkable. They believed that the side with the largest arsenal and an expressed readiness to use it would gain leverage during every crisis. You either launch first or convince the enemy that you can strike back even if you're dead. Illustration: Ryan Kelly The new administration began expanding the US nuclear arsenal and priming the silos. And it backed up the bombs with bluster. In his 1981 Senate confirmation hearings, Eugene Rostow, incoming head of the Arms Control and Disarmament Agency, signaled that the US just might be crazy enough to use its weapons, declaring that Japan "not only survived but flourished after the nuclear attack" of 1945. Speaking of a possible US-Soviet exchange, he said, "Some estimates predict that there would be 10 million casualties on one side and 100 million on another. But that is not the whole of the population." Meanwhile, in ways both small and large, US behavior toward the Soviets took on a harsher edge. Soviet ambassador Anatoly Dobrynin lost his reserved parking pass at the State Department. US troops swooped into tiny Grenada to defeat communism in Operation Urgent Fury. US naval exercises pushed ever closer to Soviet waters. The strategy worked. Moscow soon believed the new US leadership really was ready to fight a nuclear war. But the Soviets also became convinced that the US was now willing to start a nuclear war. "The policy of the Reagan administration has to be seen as adventurous and serving the goal of world domination," Soviet marshal Nikolai Ogarkov told a gathering of the Warsaw Pact chiefs of staff in September 1982. "In 1941, too, there were many among us who warned against war and many who did not believe a war was coming," Ogarkov said, referring to the German invasion of his country. "Thus, the situation is not only very serious but also very dangerous." A few months later, Reagan made one of the most provocative moves of the Cold War. He announced that the US was going to develop a shield of lasers and nuclear weapons in space to defend against Soviet warheads. He called it missile defense; critics mocked it as "Star Wars." To Moscow it was the Death Star?and it confirmed that the US was planning an attack. It would be impossible for the system to stop thousands of incoming Soviet missiles at once, so missile defense made sense only as a way of mopping up after an initial US strike. The US would first fire its thousands of weapons at Soviet cities and missile silos. Some Soviet weapons would survive for a retaliatory launch, but Reagan's shield could block many of those. Thus, Star Wars would nullify the long-standing doctrine of mutually assured destruction, the principle that neither side would ever start a nuclear war since neither could survive a counterattack. As we know now, Reagan was not planning a first strike. According to his private diaries and personal letters, he genuinely believed he was bringing about lasting peace. (He once told Gorbachev he might be a reincarnation of the human who invented the first shield.) The system, Reagan insisted, was purely defensive. But as the Soviets knew, if the Americans were mobilizing for attack, that's exactly what you'd expect them to say. And according to Cold War logic, if you think the other side is about to launch, you should do one of two things: Either launch first or convince the enemy that you can strike back even if you're dead. Perimeter ensures the ability to strike back, but it's no hair-trigger device. It was designed to lie semi-dormant until switched on by a high official in a crisis. Then it would begin monitoring a network of seismic, radiation, and air pressure sensors for signs of nuclear explosions. Before launching any retaliatory strike, the system had to check off four if/then propositions: If it was turned on, then it would try to determine that a nuclear weapon had hit Soviet soil. If it seemed that one had, the system would check to see if any communication links to the war room of the Soviet General Staff remained. If they did, and if some amount of time?likely ranging from 15 minutes to an hour?passed without further indications of attack, the machine would assume officials were still living who could order the counterattack and shut down. But if the line to the General Staff went dead, then Perimeter would infer that apocalypse had arrived. It would immediately transfer launch authority to whoever was manning the system at that moment deep inside a protected bunker?bypassing layers and layers of normal command authority. At that point, the ability to destroy the world would fall to whoever was on duty: maybe a high minister sent in during the crisis, maybe a 25-year-old junior officer fresh out of military academy. And if that person decided to press the button ... If/then. If/then. If/then. If/then. Once initiated, the counterattack would be controlled by so-called command missiles. Hidden in hardened silos designed to withstand the massive blast and electromagnetic pulses of a nuclear explosion, these missiles would launch first and then radio down coded orders to whatever Soviet weapons had survived the first strike. At that point, the machines will have taken over the war. Soaring over the smoldering, radioactive ruins of the motherland, and with all ground communications destroyed, the command missiles would lead the destruction of the US. The US did build versions of these technologies, deploying command missiles in what was called the Emergency Rocket Communications System. It also developed seismic and radiation sensors to monitor for nuclear tests or explosions the world over. But the US never combined it all into a system of zombie retaliation. It feared accidents and the one mistake that could end it all. Instead, airborne American crews with the capacity and authority to launch retaliatory strikes were kept aloft throughout the Cold War. Their mission was similar to Perimeter's, but the system relied more on people and less on machines. And in keeping with the principles of Cold War game theory, the US told the Soviets all about it. Great Moments in Nuclear Game Theory Permissive Action Links When: 1960s What: Midway through the Cold War, American leaders began to worry that a rogue US officer might launch a small, unauthorized strike, prompting massive retaliation. So in 1962, Robert McNamara ordered every nuclear weapon locked with numerical codes. Effect: None. Irritated by the restriction, Strategic Air Command set all the codes to strings of zeros. The Defense Department didn't learn of the subterfuge until 1977. US-Soviet Hotline When: 1963 What: The USSR and US set up a direct line, reserved for emergencies. The goal was to prevent miscommunication about nuclear launches. Effect: Unclear. To many it was a safeguard. But one Defense official in the 1970s hypothesized that the Soviet leader could authorize a small strike and then call to blame the launch on a renegade, saying, "But if you promise not to respond, I will order an absolute lockdown immediately." Missile Defense When: 1983 What: President Reagan proposed a system of nuclear weapons and lasers in space to shoot down enemy missiles. He considered it a tool for peace and promised to share the technology. Effect: Destabilizing. The Soviets believed the true purpose of the "Star Wars" system was to back up a US first strike. The technology couldn't stop a massive Soviet launch, they figured, but it might thwart a weakened Soviet response. Airborne Command Post When: 1961-1990 What: For three decades, the US kept aircraft in the sky 24/7 that could communicate with missile silos and give the launch order if ground-based command centers were ever destroyed. Effect: Stabilizing. Known as Looking Glass, it was the American equivalent of Perimeter, guaranteeing that the US could launch a counterattack. And the US told the Soviets all about it, ensuring that it served as a deterrent. The first mention of a doomsday machine, according to P. D. Smith, author of Doomsday Men, was on an NBC radio broadcast in February 1950, when the atomic scientist Leo Szilard described a hypothetical system of hydrogen bombs that could cover the world in radioactive dust and end all human life. "Who would want to kill everybody on earth?" he asked rhetorically. Someone who wanted to deter an attacker. If Moscow were on the brink of military defeat, for example, it could halt an invasion by declaring, "We will detonate our H-bombs." A decade and a half later, Stanley Kubrick's satirical masterpiece Dr. Strangelove permanently embedded the idea in the public imagination. In the movie, a rogue US general sends his bomber wing to preemptively strike the USSR. The Soviet ambassador then reveals that his country has just deployed a device that will automatically respond to any nuclear attack by cloaking the planet in deadly "cobalt-thorium-G." "The whole point of the doomsday machine is lost if you keep it a secret!" cries Dr. Strangelove. "Why didn't you tell the world?" After all, such a device works as a deterrent only if the enemy is aware of its existence. In the movie, the Soviet ambassador can only lamely respond, "It was to be announced at the party congress on Monday." In real life, however, many Mondays and many party congresses passed after Perimeter was created. So why didn't the Soviets tell the world, or at least the White House, about it? No evidence exists that top Reagan administration officials knew anything about a Soviet doomsday plan. George Shultz, secretary of state for most of Reagan's presidency, told me that he had never heard of it. In fact, the Soviet military didn't even inform its own civilian arms negotiators. "I was never told about Perimeter," says Yuli Kvitsinsky, lead Soviet negotiator at the time the device was created. And the brass still won't talk about it today. In addition to Yarynich, a few other people confirmed the existence of the system to me?notably former Soviet space official Alexander Zheleznyakov and defense adviser Vitali Tsygichko?but most questions about it are still met with scowls and sharp nyets. At an interview in Moscow this February with Vladimir Dvorkin, another former official in the Strategic Rocket Forces, I was ushered out of the room almost as soon as I brought up the topic. So why was the US not informed about Perimeter? Kremlinologists have long noted the Soviet military's extreme penchant for secrecy, but surely that couldn't fully explain what appears to be a self-defeating strategic error of extraordinary magnitude. The silence can be attributed partly to fears that the US would figure out how to disable the system. But the principal reason is more complicated and surprising. According to both Yarynich and Zheleznyakov, Perimeter was never meant as a traditional doomsday machine. The Soviets had taken game theory one step further than Kubrick, Szilard, and everyone else: They built a system to deter themselves. By guaranteeing that Moscow could hit back, Perimeter was actually designed to keep an overeager Soviet military or civilian leader from launching prematurely during a crisis. The point, Zheleznyakov says, was "to cool down all these hotheads and extremists. No matter what was going to happen, there still would be revenge. Those who attack us will be punished." And Perimeter bought the Soviets time. After the US installed deadly accurate Pershing II missiles on German bases in December 1983, Kremlin military planners assumed they would have only 10 to 15 minutes from the moment radar picked up an attack until impact. Given the paranoia of the era, it is not unimaginable that a malfunctioning radar, a flock of geese that looked like an incoming warhead, or a misinterpreted American war exercise could have triggered a catastrophe. Indeed, all these events actually occurred at some point. If they had happened at the same time, Armageddon might have ensued. Perimeter solved that problem. If Soviet radar picked up an ominous but ambiguous signal, the leaders could turn on Perimeter and wait. If it turned out to be geese, they could relax and Perimeter would stand down. Confirming actual detonations on Soviet soil is far easier than confirming distant launches. "That is why we have the system," Yarynich says. "To avoid a tragic mistake. " The mistake that both Yarynich and his counterpart in the United States, Bruce Blair, want to avoid now is silence. It's long past time for the world to come to grips with Perimeter, they argue. The system may no longer be a central element of Russian strategy?US-based Russian arms expert Pavel Podvig calls it now "just another cog in the machine"?but Dead Hand is still armed. To Blair, who today runs a think tank in Washington called the World Security Institute, such dismissals are unacceptable. Though neither he nor anyone in the US has up-to-the-minute information on Perimeter, he sees the Russians' refusal to retire it as yet another example of the insufficient reduction of forces on both sides. There is no reason, he says, to have thousands of armed missiles on something close to hair-trigger alert. Despite how far the world has come, there's still plenty of opportunity for colossal mistakes. When I talked to him recently, he spoke both in sorrow and in anger: "The Cold War is over. But we act the same way that we used to." Yarynich, likewise, is committed to the principle that knowledge about nuclear command and control means safety. But he also believes that Perimeter can still serve a useful purpose. Yes, it was designed as a self-deterrent, and it filled that role well during the hottest days of the Cold War. But, he wonders, couldn't it now also play the traditional role of a doomsday device? Couldn't it deter future enemies if publicized? The waters of international conflict never stay calm for long. A recent case in point was the heated exchange between the Bush administration and Russian president Vladimir Putin over Georgia. "It's nonsense not to talk about Perimeter," Yarynich says. If the existence of the device isn't made public, he adds, "we have more risk in future crises. And crisis is inevitable." As Yarynich describes Perimeter with pride, I challenge him with the classic critique of such systems: What if they fail? What if something goes wrong? What if a computer virus, earthquake, reactor meltdown, and power outage conspire to convince the system that war has begun? Yarynich sips his beer and dismisses my concerns. Even given an unthinkable series of accidents, he reminds me, there would still be at least one human hand to prevent Perimeter from ending the world. Prior to 1985, he says, the Soviets designed several automatic systems that could launch counterattacks without any human involvement whatsoever. But all these devices were rejected by the high command. Perimeter, he points out, was never a truly autonomous doomsday device. "If there are explosions and all communications are broken," he says, "then the people in this facility can?I would like to underline can?launch." Yes, I agree, a human could decide in the end not to press the button. But that person is a soldier, isolated in an underground bunker, surrounded by evidence that the enemy has just destroyed his homeland and everyone he knows. Sensors have gone off; timers are ticking. There's a checklist, and soldiers are trained to follow checklists. Wouldn't any officer just launch? I ask Yarynich what he would do if he were alone in the bunker. He shakes his head. "I cannot say if I would push the button." It might not actually be a button, he then explains. It could now be some kind of a key or other secure form of switch. He's not absolutely sure. After all, he says, Dead Hand is continuously being upgraded. Senior editor Nicholas Thompson (nicholas_thompson at wired.com) is the author of The Hawk and the Dove: Paul Nitze, George Kennan, and the History of the Cold War. From rforno at infowarrior.org Wed Sep 23 11:39:11 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Sep 2009 07:39:11 -0400 Subject: [Infowarrior] - =?windows-1252?q?FBI=92s_Data-Mining_System?= Message-ID: FBI?s Data-Mining System Sifts Airline, Hotel, Car-Rental Records ? By Ryan Singel ? September 23, 2009 | ? 7:00 am | ? Categories: Sunshine and Secrecy, Threats, Watchlists http://www.wired.com/threatlevel/2009/09/fbi-nsac/ A fast-growing FBI data-mining system billed as a tool for hunting terrorists is being used in hacker and domestic criminal investigations, and now contains tens of thousands of records from private corporate databases, including car-rental companies, large hotel chains and at least one national department store, declassified documents obtained by Wired.com show. Headquartered in Crystal City, Virginia, just outside Washington, the FBI?s National Security Branch Analysis Center (NSAC) maintains a hodgepodge of data sets packed with more than 1.5 billion government and private-sector records about citizens and foreigners, the documents show, bringing the government closer than ever to implementing the ?Total Information Awareness? system first dreamed up by the Pentagon in the days following the Sept. 11 attacks. Such a system, if successful, would correlate data from scores of different sources to automatically identify terrorists and other threats before they could strike. The FBI is seeking to quadruple the known staff of the program. But the proposal has long been criticized by privacy groups as ineffective and invasive. Critics say the new documents show that the government is proceeding with the plan in private, and without sufficient oversight. The FBI?s Data-Mining Ore Composed of government information, commercial databases and records acquired in criminal and terrorism probes, the FBI?s National Security Branch Analysis Center is too broad to be considered mission-focused, but still too patchy to be Orwellian. Here?s the data we know about. ? International travel records of citizens and foreigners ? Financial forms filed with the Treasury by banks and casinos ? 55,000 entries on customers of Wyndham Worldwide, which includes Ramada Inn, Days Inn, Super 8, Howard Johnson and Hawthorn Suites ? 730 records from rental-car company Avis ? 165 credit card transaction histories from Sears ? Nearly 200 million records transferred from private data brokers such Accurint, Acxiom and Choicepoint ? A reverse White Pages with 696 million names and addresses tied to U.S. phone numbers ? Log data on all calls made by federal prison inmates ? A list of all active pilots ? 500,000 names of suspected terrorists from the Unified Terrorist Watch List ? Nearly 3 million records on people cleared to drive hazardous materials on the nation?s highways ? Telephone records and wiretapped conversations captured by FBI investigations ? 17,000 traveler itineraries from the Airlines Reporting Corporation ?We have a situation where the government is spending fairly large sums of money to use an unproven technology that has a possibly of false positives that would subject innocent Americans to unnecessary scrutiny and impinge on their freedom,? said Kurt Opsahl, a lawyer with the Electronic Frontier Foundation. ?Before the NSAC expands its mission, there must be strict oversight from Congress and the public.? The FBI declined to comment on the program. Among the data in its coffers, the NSAC houses more than 55,000 entries on customers of the Cendant Hotel chain, now known as Wyndham Worldwide, which includes Ramada Inn, Days Inn, Super 8, Howard Johnson and Hawthorn Suites. The entries are for hotel customers whose names matched those on a long list the FBI provided to the company. Like much of the data used by NSAC, the records were likely retained at the conclusion of an investigation, and added to NSAC for future data mining. Another 730 records come from the rental car company Avis, which used to be owned by Cendant. Those records were derived from a one-time search of Avis?s database against the State Department?s old terrorist watch list. An additional 165 entries are credit card transaction histories from the Sears department store chain. Wyndham Worldwide did not respond to repeated requests for comment. Sears declined comment. Wired.com?s analysis of more than 800 pages of documents obtained under our Freedom of Information Act request show the FBI has been continuously expanding the NSAC system and its goals since 2004. By 2008, NSAC comprised 103 full-time employees and contractors, and the FBI was seeking budget approval for another 71 employees, plus more than $8 million for outside contractors to help analyze its growing pool of private and public data. A long-term planning document from the same year shows the bureau ultimately wants to expand the center to 439 people. As described in the documents, the system is both a meta-search engine ? querying many data sources at once ? and a tool that performs pattern and link analysis. The NSAC is an analytic Swiss army knife. The FBI used the system to locate a suspected Al Qaeda operative with expertise in biological agents who was hiding out in Houston. And when law enforcement officials got information suggesting members of a Pakistani terrorist group had obtained jobs as Philadelphia taxi drivers, the NSAC was tapped to help the city?s police force run background checks on Philadelphia cabbies. (A Jordanian-born Philly cab driver was convicted in 2008 for his part in a plot to attack the Fort Dix army base in New Jersey, but there?s no evidence of a connection between the investigations.) And when the FBI lost track of terrorism suspects swept in the evacuation from Hurricane Katrina in 2005, it created a standing order in the system to flag any activity by the missing targets. Additionally, the FBI shared NSAC data with the Pentagon?s controversial Counter-Intelligence Field Activity office, a secretive domestic-spying unit which collected data on peace groups, including the Quakers, until it was shut down in 2008. But the FBI told lawmakers it would be careful in its interactions with that group. Conventional criminal cases have also benefited. In a 2004 case against a telemarketing company called Gecko Communications, NSAC used its batch-searching capability to provide prosecutors with detailed information on 192,000 alleged victims of a credit scam. The feds suspected that Gecko had promised to help the victims improve their credit scores, and then failed to produce results. NSAC automatically analyzed the victims? credit records to prove their scores hadn?t improved, a task that took two days instead of the four- and-a-half years that the U.S. Attorney?s Office had expected to sink into the job. In December 2006, the owners and seven office managers at the company were sentenced to prison. The NSAC was born as two separate systems designed to improve information-sharing between government agencies following the Sept. 11 attacks. The Foreign Terrorist Tracking Task Force database has been used to screen flight-school candidates and assist anti-terror investigations. The Investigative Data Warehouse is the more general system, and is the principal element now under expansion. ?The IDW objective was to create a data warehouse that uses certain data elements to provide a single-access repository for information related to issues beyond counterterrorism to include counterintelligence, criminal and cyber investigations,? stated a formerly secret fiscal year 2008 budget request document. ?These missions will be refined and expanded as these capabilities are folded into the NSAC.? When the bureau unified the systems under the NSAC banner in 2007, the move set off alarm bells with lawmakers, who thought it sounded a lot like the Pentagon?s widely-criticized Total Information Awareness project, which had sought to identify terrorist sleeper cells by linking up and searching through U.S. credit card, health and communication databases. The TIA program had moved into the shadows of the intelligence world after Congress voted to revoke most of its funding. In 2007, Republican congressman James Sensenbrenner asked the Government Accountability Office to look into the NSAC. No report has been made public yet. But the documents obtained by Wired.com show that the FBI has repeatedly downplayed the databases?s capabilities when addressing critics in Congress, while simultaneously talking up ? in budget documents ? the system?s power to spit out the names of newly suspicious persons. The FBI deflected criticism from a House committee on June 29, 2007, by pointing out a major difference between the NSAC and the shuttered TIA program: The NSAC, the bureau said, is not as open-ended. ?A mission is usually begun with a list of names or personal identifiers that have arisen during a threat assessment, preliminary or full investigation,? the unsigned response read. ?Those people under investigation are then assessed to determine if they have any association with terrorism or foreign espionage.? But a formerly secret 2008 funding justification document among the newly released documents suggests the FBI?s pre-crime intentions are much wider that the bureau acknowledged. The NSAC will also pursue ?pattern analysis? as part of its service to the [National Security Branch]. ?Pattern analysis? queries take a predictive model or pattern of behavior and search for that pattern in data sets. The FBI?s efforts to define predictive models ? should improve efforts to identify ?sleeper cells.? As an example, the FBI said its sophisticated data queries allowed it to identify 165 licensed helicopter pilots who came from countries of interest, and found that six of those had ?derogatory? information about them in the NSAC computers. It sent the leads to FBI field agents in Los Angeles. The FBI also has ambitious plans to expand its data set, the budget request shows. Among the items on its wish list is the database of the Airlines Reporting Corporation ? a company that runs a backend system for travel agencies and airlines. A complete database would include billions of American?s itineraries, as well as the information they give to travel agencies, such as date of birth, credit card numbers, names of friends and family, e-mail addresses, meal preferences and health information. So far, the company has given the FBI nearly 17,000 records, which are now part of NSAC. Spokesman Allan Mut?n said the company gives the FBI records only when presented with a subpoena or a national security letter ? which, he adds, has happened quite a bit. ?Nine-eleven was a time and event that piqued the interest of the authorities in airline passenger data,? Mut?n said. The ever-growing size of the database concerns EFF?s Opsahl, who has pieced together the best picture of the FBI?s data mining system through other government FOIA requests. Opsahl cites a October 2008 National Research Council paper that concluded that data mining is a dangerous and ineffective way to identify potential terrorists, which will inevitably generate false positives that subject innocent citizens to invasive scrutiny by their government. At the same time, Opsahl admits the NSAC is not at the moment the Orwellian system that TIA would have been. ?This is too massive to be based on a particular query, but too narrow to reflect a policy that they are going to out and collect this kind of data systematically,? Opsahl said. That could change if the FBI gets it hands on the data sources on its 2008 wish list. That list includes airline manifests sent to the Department of Homeland Security, the national Social Security number database, and the Postal Service?s change-of-address database. There are also 24 additional databases the FBI is seeking, but those names were blacked out in the released data. From rforno at infowarrior.org Wed Sep 23 11:47:35 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Sep 2009 07:47:35 -0400 Subject: [Infowarrior] - Obama to Set Higher Bar For Keeping State Secrets Message-ID: <4E0323C2-1A3B-40CE-819A-BDD59775BE63@infowarrior.org> Obama to Set Higher Bar For Keeping State Secrets New Policy May Affect Wiretap, Torture Suits By Carrie Johnson Washington Post Staff Writer Wednesday, September 23, 2009 http://www.washingtonpost.com/wp-dyn/content/article/2009/09/22/AR2009092204295_pf.html The Obama administration will announce a new policy Wednesday making it much more difficult for the government to claim that it is protecting state secrets when it hides details of sensitive national security strategies such as rendition and warrantless eavesdropping, according to two senior Justice Department officials. The new policy requires agencies, including the intelligence community and the military, to convince the attorney general and a team of Justice Department lawyers that the release of sensitive information would present significant harm to "national defense or foreign relations." In the past, the claim that state secrets were at risk could be invoked with the approval of one official and by meeting a lower standard of proof that disclosure would be harmful. That claim was asserted dozens of times during the Bush administration, legal scholars said. The shift could have a broad effect on many lawsuits, including those filed by alleged victims of torture and electronic surveillance. Authorities have frequently argued that judges should dismiss those cases at the outset to avoid the release of information that could compromise national security. The heightened standard is designed in part to restore the confidence of Congress, civil liberties advocates and judges, who have criticized both the Bush White House and the Obama administration for excessive secrecy. The new policy will take effect Oct. 1 and has been endorsed by federal intelligence agencies, Justice Department sources said. "What we're trying to do is . . . improve public confidence that this privilege is invoked very rarely and only when it's well supported," said a senior department official involved in the review, who spoke on the condition of anonymity because the policy had not yet been unveiled. "By holding ourselves to this higher standard, we're in some way sending a message to the courts. We're not following a 'just trust us' approach." The policy, however, is unlikely to change the administration's approach in two high-profile cases, including one in San Francisco filed by an Islamic charity whose lawyers claim they were subjected to illegal government wiretapping. That dispute, involving the al- Haramain Islamic Foundation, provoked an outcry from the American Civil Liberties Union and other public policy groups this year after the Obama Justice Department followed the Bush strategy and asserted "state secrets" arguments to try to stop the case. In a separate lawsuit filed by five men who say they were transported overseas to CIA "black site" prisons, where they underwent brutal interrogation, the U.S. Court of Appeals for the 9th Circuit this year criticized the Justice Department for making a sweeping argument to scuttle the case and keep even judges from reviewing materials. To side with the government, the court ruling said, would mean that judges "should effectively cordon off all secret government actions from judicial scrutiny, immunizing the CIA and its partners from the demands and limits of the law." In a news conference the day after the court's ruling, Obama told reporters that he thought the privilege was "overbroad" and could be curtailed. "There are going to be cases in which national security interests are genuinely at stake and that you can't litigate without revealing covert activities or classified information that would genuinely compromise our safety," the president said in late April. "But searching for ways to redact, to carve out certain cases, to see what can be done so that a judge in chambers can review information without it being in open court, you know, there should be some additional tools so that it's not such a blunt instrument." Under the new approach, a team of career prosecutors must review and the attorney general must approve any assertions of the state secrets privilege before government lawyers can make that argument in court. Officials said the new policy will ensure that the secrecy arguments are more narrowly tailored and that they are not employed to hide violations of law, bureaucratic foul-ups or details that would embarrass government officials. The policy will also severely limit the government's ability to claim that the very subject of some lawsuits should trigger the state secrets privilege, except when necessary to protect against the risk of significant harm. It is unclear how the new policy will affect pending legislation on Capitol Hill, where Democrats in the House and Senate Judiciary committees have introduced bills that would give judges more authority to sift through sensitive evidence when the government has invoked the legal privilege. The legislation would raise the standard for state secrets to instances when the release of material "would be reasonably likely to cause significant harm to the national defense or the diplomatic relations of the United States." That standard closely tracks language in a memo drafted by Attorney General Eric H. Holder Jr. laying out the new state secrets policy. Senate Judiciary Committee Chairman Patrick J. Leahy (D-Vt.), a co- sponsor of one state secrets bill, said reforms are a "priority . . . to bring a greater degree of transparency and accountability to a process that has been shrouded in secrecy." The Justice Department officials said Tuesday that their agency would give regular reports on their use of the state secrets privilege to oversight committees on Capitol Hill and that the attorney general would pass along "credible" allegations of wrongdoing by government agencies or officials to watchdogs at the appropriate agencies, even if the administration had decided to invoke the legal privilege in sensitive cases. The new policy was welcomed by Gary Bass, executive director of OMB Watch, a nonprofit that promotes government transparency. He said it was "enormously consistent with open-government recommendations" from himself and other advocates. Since February, a Justice Department task force of eight lawyers has been sifting through about a dozen pending cases in which state secrets arguments have been made. So far, they have reversed course in only one lawsuit -- a bizarre case in federal court in the District in which a former agent for the Drug Enforcement Administration accuses the State Department and the CIA of installing listening devices in a coffee table in his home. From rforno at infowarrior.org Wed Sep 23 12:08:38 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Sep 2009 08:08:38 -0400 Subject: [Infowarrior] - Stick Figure Guide to the Advanced Encryption Standard Message-ID: A Stick Figure Guide to the Advanced Encryption Standard (AES) (A play in 4 acts. Please feel free to exit along with the stage character that best represents you. Take intermissions as you see fit. Click on the stage if you have a hard time seeing it. If you get bored, feel free to jump to the code. Most importantly, enjoy the show!) Act 1: Once Upon a Time... < - > http://www.moserware.com/2009/09/stick-figure-guide-to-advanced.html From rforno at infowarrior.org Wed Sep 23 14:50:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Sep 2009 10:50:01 -0400 Subject: [Infowarrior] - Non-Profit Targets Cyber-Security in Plants Message-ID: Non-Profit Targets Cyber-Security in Plants by Stephanie Neil, MA Editorial Staff http://www.managingautomation.com/maonline/news/read/NonProfit_Targets_CyberSecurity_in_Plants_33037 The move from proprietary, non-networked control systems in the plant to off-the-shelf, open applications that share information across industrial and business networks is a double-edged sword for manufacturers. On one side, people are more productive; on the other side, SCADA and process control systems are falling victim to hackers and network viruses. Getting a handle on how to manage cyber-threats, however, has always been a bit tricky. Reporting an industrial incident to organizations such as the government-backed CERT program, which tracks Internet and network security attacks, accidents, and failures, could expose a company?s network vulnerability or create a legal liability. As a result, many manufacturers keep a lid on their own security issues, which limits knowledge sharing that could help the industrial community as a whole. Enter the Security Incidents Organization, a newly formed non-profit group that provides public access to its Repository of Industrial Security Incidents (RISI). Established in July, the group maintains an industry-wide repository for collecting, investigating, analyzing, and sharing critical information regarding cyber-security incidents that directly affect SCADA and process control systems. The RISI database dates back to 2001, when it was housed at the British Columbia Institute of Technology (BCIT) as part of a research project that was shut down in 2006. At that time, BCIT faculty member Eric Byres purchased the database and continued to collect data on incidents. His company, Byres Research, was acquired by safety and security services firm exida earlier this year. Exida?s intent was to resurrect the database and make it available to the industry in a cost-effective model. ?We also had to figure out a way to incentivize companies to report incidents so that it is not a static database, but dynamic and growing,? said John Cusimano, exida?s director of security services and the executive director of the Security Incidents Organization. To encourage participation, the group, which is directed by an advisory board of manufacturers, vendors, and consultants, will provide a complimentary three-month membership (or extend a current membership for three months) with each unique incident reported. Basic introductory membership is $195 per year for an individual, but corporate memberships are available, as well as incident and analysis reports for an additional fee. The group researches each reported incident before posting it in the database, which is the real value of the service. ?The purpose of the database is to separate fact from fiction,? Cusimano said. Currently, there are 154 incidents in the database related to industry cyber-security. The majority of cases have been from outside attacks. Some are accidental events, such as a virus or worm that gets into the business network and works its way into the control system. Then there is the problem of the disgruntled employee. ?There are not a lot of those, but the amount of damage they do is significant,? Cusimano said. While the vast majority of cases reported involve a line shutdown that disrupts production, worst-case scenarios involve disabling safety systems or altering production so that a product is not salable or does not meet specification. The goal of the RISI database is to provide manufacturers with a tool that helps avoid such catastrophic situations. From rforno at infowarrior.org Wed Sep 23 16:33:01 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Sep 2009 12:33:01 -0400 Subject: [Infowarrior] - OT: 50 things killed by the internet Message-ID: <23351B37-2ED4-4920-AF29-0126A4002842@infowarrior.org> 50 things that are being killed by the internet http://www.telegraph.co.uk/technology/6133903/50-things-that-are-being-killed-by-the-internet.html From rforno at infowarrior.org Thu Sep 24 19:07:05 2009 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 24 Sep 2009 15:07:05 -0400 Subject: [Infowarrior] - No Rest for the Airport Security Weary Message-ID: QOTAA: "Echoing the opinions of many security experts interviewed, Andrew R. Thomas, editor in chief of the Journal of Transportation Security, said that since 9/11 two things have made aviation safer: reinforced cockpit doors and the conviction of passengers to bring down terrorists, as evidenced by the action taken on United Flight 93. ?Any substantive measures put in place by T.S.A. since 9/11 are effectively window dressing and have done little to reduce the overall risk to the system,? he said in an e-mail message." September 27, 2009 Practical Traveler No Rest for the Airport Security Weary By MICHELLE HIGGINS http://www.nytimes.com/2009/09/27/travel/27prac.html?_r=1&hpw=&pagewanted=print LIKE millions of other men, women and children who each day pass through the dizzying maze called the airport passenger screening system, Jim Adams, an executive at a natural gas company in Dallas, has gotten the drill down pat: taking off his shoes, stripping himself of jacket, belt, watch, cellphone and loose change, making sure his 3.4-ounce tubes of toothpaste and shaving gel are safely sealed in a quart-size plastic bag, unpacking his laptop, discarding that half- finished bottle of water ? all while glancing nervously at the clock, wondering if he is going to miss his flight. But several weeks ago, a new step was added to that routine: trying to prove to suddenly skeptical security agents that he actually was the person his boarding pass and photo ID said he was. A rule that is being phased in this year requires that the names on IDs and tickets match perfectly; it?s not permissible to have an ID that reads ?John Smith,? your legal name, and a ticket as ?Jack Smith,? the name you use in everyday life. Mr. Adams, 63, says he has routinely had to wait 30 minutes or more for a Transportation Security Administration official to check his ID and enter his name in a logbook. It?s happened more than a dozen times, and he has never been told exactly why he is being singled out. ?In the early days it was anything sharp or pointed,? he said. ?Now it?s gotten really personal. It?s me. It?s not my fingernail clippers or pen knife.? Mr. Adams said, however, that he was able to avoid additional security screening and subsequent delays on two flights this month for which he used his full name, James L. Adams Jr. He said he still hadn?t received a response from the Transportation Security Administration about his problems on earlier flights. Even for people who pass through security with less difficulty than Mr. Adams, the airport security system has made flying increasingly miserable in the eight years since 9/11. Many of the measures instituted the last few years, like the limitations on liquids and the requirement that you take off your shoes, were almost knee-jerk reactions to specific scares and were left in place as a matter of course. As rule upon rule has been added, passengers have learned to cope with the long lines, bag checks, physical pat-downs and carry-on restrictions that border on the absurd. But now there is a fresh opportunity for change. This month, the White House said that President Obama planned to nominate Erroll G. Southers, a former F.B.I. special agent, to head up the Transportation Security Administration, which has been without a permanent head for eight months. Mr. Southers, who is now the assistant chief for Homeland Security at the agency that operates Los Angeles International and several other airports in that region, will, if approved, face the formidable challenge of balancing the yin and yang of airport security ? passenger convenience and safety. Until now, passenger convenience has largely been ignored. After 9/11, a litany of sharp objects was banned from carry-ons. After Richard Reid tried to ignite explosives hidden in his sneaker on a flight from Paris to Miami in Dec. 2001, travelers were told to remove their shoes for screening. And after British officials foiled a plot to blow up planes with liquid explosives in August 2006, liquids, gels and aerosols were banned, though later allowed as long as they were packed in tiny bottles and in plastic bags. And just when passengers think they know the routine, the Transportation Safety Administration adds a twist. Earlier this month, for example, it began screening certain powders in carry-on luggage. And screeners recently started asking passengers to place shoes directly on conveyor belts rather than in bins, giving officers a better view of shoes as they come through. It?s hard not to ask: Is all this necessary? Is it making us any safer? And will it ever get better? Based on interviews with a range of security experts, the answers increasingly seem to be no; not really; and not for a while. Giovanni Bisignani, the chief executive of the International Air Transport Association, urged the Obama administration to deliver broad policy changes in security in a speech delivered to airline leaders in February. ?I am not convinced that we are much wiser or any more efficient with many of our processes,? Mr. Bisignani said. ?As travelers, our shared experience is hassle, and as industry players, it is bureaucracy and cost. It is time for both to change.? Of course, if we look back at the state of security before 9/11, it?s clear that we have made progress. People without a ticket can no longer waltz through the airport and up to the gate. Technology, including explosive-detection devices, has gotten better and is more consistently applied to checked and carry-on bags alike. Passengers are more consistently screened by a more stable security work force with less employment turnover. And at times, even the lines seem to be moving a hair faster. A case could also be made that because there have been no successful attacks against a United States commercial flight since 9/11, the system is indeed working. But inconsistencies, contradictory rules and flat out screening failures continue to provoke skepticism among passengers and security experts alike. ?My wife was recently shocked to discover that she had accidentally taken a large pair of scissors in her knitting bag on a recent trip, and they were not discovered in either the outgoing or returning trips,? said Walt Ciciora, an electrical engineer from Southport, Conn. ?That concerned us.? Echoing the opinions of many security experts interviewed, Andrew R. Thomas, editor in chief of the Journal of Transportation Security, said that since 9/11 two things have made aviation safer: reinforced cockpit doors and the conviction of passengers to bring down terrorists, as evidenced by the action taken on United Flight 93. ?Any substantive measures put in place by T.S.A. since 9/11 are effectively window dressing and have done little to reduce the overall risk to the system,? he said in an e-mail message. ?I think we do a lot of things that are foolish and silly,? he said in a separate telephone conservation, ?and there doesn?t seem to be a mechanism in place to pull back and evaluate what?s working and what?s not.? The Transportation Security Administration disagrees. ?We are constantly looking at the risks that we see and the procedures we have in place and ensuring the resources we have available to us,? said the acting administrator, Gale D. Rossides. ?The dollars we are investing, the people we?re employing, are focused on the highest priorities.? And there are multiple layers of security in place so that if one area fails and, say, someone sneaks a knife onboard a plane, there are also locked cockpit doors to thwart hijackers. Each week, as evidence that it is getting the job done, the agency posts on its Web site (www.tsa.gov) a tally of passenger arrests and banned items, including firearms, found at checkpoints. For the week beginning Sept. 7, for example, 11 passengers were arrested ?after investigations of suspicious behavior or fraudulent travel documents,? 40 firearms were found at checkpoints, 6 ?artfully concealed prohibited items? were discovered, and there were 30 incidents that involved a ?checkpoint closure, terminal evacuation or sterile area breach.? ?It would be terrific,? Ms. Rossides said, if passengers could one day walk through a checkpoint without having to open their bags or take off their shoes and jackets. But she made it clear that those wishes were hers and not necessarily on the government?s agenda. ?That?s my vision,? she said, ?not T.S.A.?s or D.H.S.?s vision, but my vision ? where the industry can create the kind of technology where it is much easier on the traveler and still provides T.S.A. with the detection capability. The innovation in the labs and the industry will get us there.? Removing any of the security measures, even the most criticized and ineffective, would be a risky political decision for the Obama administration, opening up the White House to second-guessing. Undoing a long-established rule will inevitably provoke skepticism about the reasoning behind the decision. Therefore, if any of the procedures are to be changed, they must be proved to be ineffective or replaced and improved ? not merely eliminated. All this takes time and testing, whether it is to demonstrate what little gains in safety come from collecting lip gloss and moisturizers at checkpoints or to develop technologies that make screening safer and more efficient. That means passengers are likely to be stuck with the current airport screening process for several years. Is any relief at hand? Well, you may one day be able to walk through security without having to relinquish your water bottle or your jar of moisturizer, but that day may be at least two years away, at best. Advanced X-ray machines now being rolled out to airports could be programmed to distinguish between hazardous and benign liquids, enabling passengers to carry full-size tubes of hair gel and to keep their Gatorade bottles in their bags. Currently, 78 of the more than 450 airports nationwide where the Transportation Security Administration maintains security have the new X-ray machines, which offer multiple views of carry-on luggage as opposed to one top-down look. The agency expects to have contracts in place by the end of fiscal 2010 to buy enough machines to cover the rest. But beyond the rollout of the machines, there is another integral step that must also be completed: software must be developed and installed to differentiate between liquids. And neither the agency nor the software manufacturers will even hint at a timeline. Kip Hawley, a former head of the Transportation Security Administration, said Washington needed to make this happen sooner rather than later. ?I don?t think they need to make massive changes,? he said. ?They just need to hit the accelerator.? BUT speeding things up isn?t an easy task, he acknowledged, partly because of resistance from passengers themselves. Take those full-body screening machines, the kind that provide a stark image of the naked body, and which Mr. Hawley said could be the answer to the current jacket, belt and jewelry strip down. Yet, while they might eliminate much of the annoyance of going through security, many passengers have objected to them because they found the machines personally invasive. Earlier this year, in fact, the House of Representatives approved an amendment, still making its way through Congress, to limit the use of the machines to secondary screening and to require that passengers be offered a pat-down search in lieu of such screening. If the increasingly cumbersome screening process has proved anything, however, it?s that travelers are a highly adaptable species. And when the facts show that the benefits of a particular security method outweigh the privacy issues, many are willing accept it. ?I equate this to E-ZPass for vehicles,? said Chris Grniet, a vice president at the Kroll Security Group. ?Everyone said this will be an invasion of privacy,? and certain people still will not do it, he said. But those who embraced the system no longer have to slow down for tolls. Another factor that cannot be ignored is that passenger numbers and, consequently, security checkpoint volume are down because of the economy. But as a recovery and passenger traffic pick up, the system will be under enormous pressure. Lines will grow, waiting times will rise, and screeners will face added pressure to speed things along. ?The procedures are not being reduced; if anything they?re being added,? said Brian Michael Jenkins, an international expert on terrorism at the Mineta Transportation Institute. ?The number of T.S.A. screeners are not going up, so either the line gets longer or we get smarter. Or we invent the X-ray for a man?s soul.? From rforno at infowarrior.org Fri Sep 25 16:47:18 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Sep 2009 12:47:18 -0400 Subject: [Infowarrior] - PGP CEO ref: Snow Leopard Message-ID: <2C60858A-D987-4D07-9253-29DC4470D472@infowarrior.org> (c/o Anonymous) Snow Leopard Redux Monday, September 21st, 2009 Phil Dunkelberger ? President & CEO I?ll echo what Tim Matthews said in his blog about our excitement over Snow Leopard shipping. It?s great when the OS vendors really listen to their customers and decide to take a break from ?feature-itis? and spend a release cycle making their existing features faster, smaller and more reliable. Unfortunately, like many operating system upgrades, some of the changes Apple made affected our PGP Desktop products and cause them to behave in unpredictable ways or to simply fail. This is the reason we communicated directly with all of our Macintosh users urging them not to attempt to use the currently shipping versions of PGP Desktop products with Snow Leopard. Since we sent that communication and posted Tim?s blog, I?ve received a number of questions from individual Mac users; the most common of which are .... http://blog.pgp.com/index.php/2009/09/snow-leopard-redux/ From rforno at infowarrior.org Sat Sep 26 03:42:20 2009 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Sep 2009 23:42:20 -0400 Subject: [Infowarrior] - IP Czar Appointed, goes into OMB Message-ID: Obama Finally Appoints IP Czar... Puts It In The Wrong Departmentfrom the of-course dept In a move that surprises no one, the Obama administration finally got around to officially nominating Victoria Espinel to be the IP Czar, a position that was created out of thin air a year ago in the ProIP Act, though the position went entirely unfilled until now. Hollywood lobbyists have been pushing the administration to appoint someone ever since the spring, and VP Joe Biden had to come out and calm Hollywood execs and lawyers by promising them the "right person" would be appointed (meaning: not someone who is interested in copyright reform). And yet... there was no appointment for so long. Why? Well, a few weeks ago, it was explained that there was a fight over where to put the position and under what group Espinel's office would exist. The most obvious group was the Office of Science and Technology Policy. The problem? Most of the folks in OSTP actually seem to understand the problems of copyright law. They're fans of openness and understand things like Creative Commons. Entertainment industry lobbyists started to freak out again, that even if they got someone on "their side," that placing them in OSTP would stifle them, as the rest of the group might (gasp!) actually push back on attempts to stretch copyright enforcement towards the maximalist position. Instead, they wanted the position to be either its own office (entirely unlikely) or, in the Office of Management & Budget. Why OMB? No good reason. The position doesn't fit there at all... but putting it there keeps it away from those darn "copyleftists" in OSTP. So where did the position end up? Yup... it's a part of OMB, just like Hollywood wanted. Lobbyists on all sides of the equation -- including consumer advocacy group Public Knowledge, though, are saying that Espinel is a good appointee. I certainly hope so, though I disagree that the position should exist at all. Also, Espinel was formerly the IP boss for the US Trade Representative -- a group that has been known to push for more draconian IP laws, and to do so cloaked in secrecy. So... I'm hoping to be surprised, but putting the office in OMB and having someone from USTR isn't encouraging http://techdirt.com/articles/20090925/1549476326.shtml From rforno at infowarrior.org Sat Sep 26 15:42:41 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Sep 2009 11:42:41 -0400 Subject: [Infowarrior] - US to cede control of ICANN? Message-ID: (Sounds nice but seems toothless -- after all, the US likely won't ever cede 'control' of the Dot....-rf) US to cede control of ICANN? http://www.theregister.co.uk/2009/09/25/us_icann_autonomy_report/ By Austin Modine in San Francisco Posted in Networks, 25th September 2009 23:47 GMT The US government has reportedly agreed to cede control over ICANN once its current pact with the internet oversight body expires next week. ICANN (Internet Corporation for Assigned Names and Numbers) is a California-based non-profit that oversees the internet's address system. It currently operates under the auspices of the Joint Project Agreement with the US government, due to end September 30, 2009. The Economist reports a new "affirmations of commitments" has been struck in place of the JPA that gives ICANN autonomy to manage its own affairs. The agreement allegedly extends indefinitely and is set to go into effect the day before the JPA expires. The new deal also reportedly sets up "oversight panels" composed of representatives of foreign governments, which will conduct regular reviews of ICANN in four areas: competition among generic domains (.com, .net. .org, etc); the handling of data on registrants; network security and transparency; and accountability to public interests. The US will only retain a permanent seat in the latter, The Economist reports. The panels would reportedly have no real authority over ICANN, however, and failing to follow their recommendations bares no penalties. It's not clear by the report which governments would be represented on the panels or how the countries being represented would be determined. ICANN would also still require permission before making any major changes to internet operations under a separate agreement with the US government that expires in 2011. When asked for comment, both ICANN and the US agency overseeing ICANN said negations are still ongoing and refused to confirm or deny the report. US influence over ICANN has been a strong point of contention for many other countries. This June, the EU called on the US to relinquish control of ICANN when its contract expires in favor of "multilateral accountability." ? From rforno at infowarrior.org Sun Sep 27 02:02:23 2009 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Sep 2009 22:02:23 -0400 Subject: [Infowarrior] - OpEd: Feingold on Patriot Act review Message-ID: <9957992A-8CF7-476E-909E-E64EAE2182F3@infowarrior.org> "Congress Gave the FBI Few Rules to Follow and Shouldn't be Surprised at the Results" Fixing the Patriot Act, Restoring the Constitution By Sen. RUSSELL FEINGOLD http://www.counterpunch.org/feingold09242009.html At the end of this year, three provisions of the USA PATRIOT Act will sunset unless Congress acts to reauthorize them. In my view, Congress should take this opportunity to revisit not just those three provisions, but rather a broad range of surveillance laws enacted in recent years to assess what additional safeguards are needed. That is why I have introduced the JUSTICE Act, S. 1686, along with Senator Durbin and eight other Senators. It takes a comprehensive approach to fixing the USA PATRIOT Act and the FISA Amendments Act, once and for all. It permits the government to conduct necessary surveillance, but within a framework of accountability and oversight. It ensures both that our government has the tools to keep us safe, and that the privacy and civil liberties of innocent Americans will be protected. Because as the title of this hearing suggests, we can and must do both. These are not mutually exclusive goals. Indeed, the Department of Justice just last week acknowledged as much in a letter setting forth its views on Patriot Act reauthorization. The Department said: ?We also are aware that Members of Congress may propose modifications to provide additional protection for the privacy of law abiding Americans. As President Obama said in his speech at the National Archives on May 21, 2009, ?We are indeed at war with al Qaeda and its affiliates. We do need to update our institutions to deal with this threat. But we must do so with an abiding confidence in the rule of law and due process; in checks and balances and accountability.? Therefore, the Administration is willing to consider such ideas, provided that they do not undermine the effectiveness of these important authorities.? I welcome the administration?s openness to potential reforms of the Patriot Act and look forward to working together as the reauthorization process moves forward this fall. But I remain concerned that critical information about the implementation of the Patriot Act has not been made public ? information that I believe would have a significant impact on the debate. During the debate on the Protect America Act and the FISA Amendments Acts in 2007 and 2008, critical legal and factual information remained unknown to the public and to most members of Congress ? information that was certainly relevant to the debate and might even have made a difference in votes. And during the last Patriot Act reauthorization debate in 2005, a great deal of implementation information remained classified. This time around, we must find a way to have an open and honest debate about the nature of these government powers, while protecting national security secrets. As a first step, the Justice Department?s letter made public for the first time that the so-called ?lone wolf? authority ? one of the three expiring provisions ? has never been used. That was a good start, since this is a key fact as we consider whether to extend that power. But there also is information about the use of Section 215 orders that I believe Congress and the American people deserve to know. I do not underestimate the importance of protecting our national security secrets. But before we decide whether and in what form to extend these authorities, Congress and the American people deserve to know at least basic information about how they have been used. So I hope that the administration will consider seriously making public some additional basic information, particularly with respect to the use of Section 215 orders. There can be no question that statutory changes to our surveillance laws are necessary. Since the Patriot Act was first passed in 2001, we have learned important lessons, and perhaps the most important of all is that Congress cannot grant the government overly broad authorities and just keep its fingers crossed that they won?t be misused, or interpreted by aggressive executive branch lawyers in as broad a way as possible. Congress has the responsibility to put appropriate limits on government authorities ? limits that allow agents to actively pursue criminals, terrorists and spies, but that also protect the privacy of innocent Americans. This lesson was most clear in the context of National Security Letters. In reports issued in 2007 and 2008, the Department of Justice Inspector General carefully documented rampant misuse and abuse of the National Security Letter (NSL) authority by the FBI. The Inspector General found ? as he put it ? ?widespread and serious misuse of the FBI?s national security letter authorities. In many instances, the FBI?s misuse of national security letters violated NSL statutes, Attorney General Guidelines, or the FBI?s own internal policies.? After those Inspector General reports, there can no longer be any doubt that granting overbroad authority leads to abuses. The FBI?s apparently lax attitude and in some cases grave misuse of these potentially very intrusive authorities is attributable in no small part to the USA PATRIOT Act. That flawed legislation greatly expanded the NSL authorities, essentially granting the FBI a blank check to obtain some very sensitive records about Americans, including people not under any suspicion of wrong-doing, without judicial approval. Congress gave the FBI very few rules to follow, and should not be all that surprised at the result. This time around, we have the opportunity to get this right. That is why we should look at a range of issues and not just the three provisions that expire. Russell Feingold is a United States Senator from Wisconsin. From rforno at infowarrior.org Mon Sep 28 23:42:00 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Sep 2009 19:42:00 -0400 Subject: [Infowarrior] - DIY 'Dazzler' for $250 Message-ID: <190C773C-4328-4AF5-AEA5-41A2933C3150@infowarrior.org> After attending a conference where the $1 million "sea-sick flashlight" (named "THE DAZZLER") was demonstrated by the US Dept. of Homeland Security, we decided to create our own version. For under $250, you can build your own dazzler and we've released the source code, schematics and PCB files to make it easy. A great Arduino project for people who really like blinking LEDs Our first open source Homeland Security non-lethal weapon project - The "THE BEDAZZLER: A Do-it-yourself Handheld LED-Incapacitator". http://ladyada.net/make/bedazzler/ From rforno at infowarrior.org Tue Sep 29 03:05:14 2009 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Sep 2009 23:05:14 -0400 Subject: [Infowarrior] - DHS Report on Border Laptop Searches Message-ID: <1AEA4623-CC65-4006-9EA5-747AAE5FCFA3@infowarrior.org> DHS privacy report: Laptop searches at airports infrequent Jaikumar Vijayan 25.09.2009 kl 17:45 | IDG News Service http://news.idg.no/cw/art.cfm?id=F2595FA7-1A64-67EA-E4B4ED6EA03241AB The U.S. Department of Homeland Security's annual privacy report card revealed more details on the agency's controversial policy involving searches of electronic devices at U.S. borders. The U.S. Department of Homeland Security's annual privacy report card revealed more details on the agency's controversial policy involving searches of electronic devices at U.S. borders. The 99-page report, which was released Thursday, also offered details on the agency's efforts to address privacy risks in social media and the use of imaging technologies that produce whole-body scans at airport security checkpoints. The report is the first DHS privacy assessment released to Congress since the new administration took office. It covers the activities of the DHS Privacy Office between July 2008 and June 2009. For the most part, the report is a compilation of privacy-related activities across the DHS during this period. However, it also offered lesser-known details about some DHS programs. For instance, numbers released in the report indicate that warrantless searches of electronic devices at U.S. borders are occurring less frequently than some privacy and civil rights advocates might have feared. Of the more than 144 million travelers that arrived at U.S. ports of entry between Oct. 1, 2008 and May 5, 2009, searches of electronic media were conducted on 1,947 of them, the DHS said. Of this number, 696 searches were performed on laptop computers, the DHS said. Even here, not all of the laptops received an "in-depth" search of the device, the report states. A search sometimes may have been as simple as turning on a device to ensure that it was what it purported to be. U.S. Customs and Border Protection agents conducted "in-depth" searches on 40 laptops, but the report did not describe what an in-depth search entailed. The numbers add new perspective to the issue of border searches of electronic devices. While the DHS has insisted on the need to perform such searches, privacy and civil rights groups maintain such searches are intrusive and violate an individual's constitutional rights against unreasonable searches. Social networking tools get close look The report also noted the "myriad of complex legal, security and privacy issues" raised by the use of social networking tools in the federal government. As part of an effort to address such issues, the DHS Office of Policy and the Office of Public Affairs have established a Social Media Roundtable Working Group with representatives from offices throughout the department, the report said. The privacy office is also implementing a compliance process to ensure that the department's use of social media tools complies with all privacy laws, including the Privacy Act and the Homeland Security Act. The DHS privacy office is asking all of the department's component units to conduct so-called privacy threshold analyses to identify the uses of social media within the DHS and their impact on privacy. The report also noted the "heightened public interest" around the Transportation Security Administration's use of imaging technologies to search for items that passengers might be hiding beneath their clothing. The report said the TSA has taken steps to mitigate the privacy impact of the technology, for example, by having the person viewing the scans in a remote location and by placing a blur over the facial image. TSA is also working with technology providers to further anonymize images by converting them to an abstract image, such as a cartoon, the report said. The report chronicled similar efforts to monitor the privacy implications of a range of projects that privacy groups are also watching. Examples include Einstein 2.0 network monitoring technology that improves the ability of federal agencies to detect and respond to threats, and the Real ID identity credentialing program. The DHS's terror watch list program, its numerous data mining projects and the secure flight initiative were also mentioned in the report. From rforno at infowarrior.org Tue Sep 29 12:11:34 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Sep 2009 08:11:34 -0400 Subject: [Infowarrior] - USTR on ACTA secrecy Message-ID: <10E6593B-F110-40C3-ACAF-C04B94DA03C9@infowarrior.org> USTR: We Can't Be Open About ACTA Because We Promised We Wouldn't Be (*Lobbyists Not Included) from the missing-the-point dept The US Trade Rep apparently has a thing on their website called "ask the ambassador" and Robin alerts us that recently a "James from Virginia" asked a rather important question: "If the United States government gives all other governments in the ACTA negotiation a copy of a text, what is the rationale for keeping this a secret from the American public? Why would a negotiation at ACTA be less transparent than negotiations at World Intellectual Property Organization (WIPO) or the World Trade Organization (WTO)?" The USTR's answer is really a convenient non-answer. It basically says that it can't reveal the details because everybody promised not to do so. Of course, that doesn't explain why so many lobbyists have such detailed access to the info, and why other countries have revealed the details of the negotiations. The answer that "this is how we do things" isn't particularly reassuring when corporations and diplomats are basically negotiating basic civil rights. http://techdirt.com/articles/20090925/0801256322.shtml From rforno at infowarrior.org Tue Sep 29 12:12:48 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Sep 2009 08:12:48 -0400 Subject: [Infowarrior] - Navy's Command Center of the Future Message-ID: Inside the Navy's Command Center of the Future by Daniel Terdiman http://news.cnet.com/8301-13772_3-10362933-52.html? SAN DIEGO--I have seen the future of military command centers, and it is small rooms with glass walls and video screens with built-in artificial intelligence. That's probably a gross oversimplification, but those are certainly some of the elements on display at the Navy's Command Center of the Future, a prototype project currently under way at the Space and Naval Warfare (SPAWAR) Systems Center Pacific here. For those not familiar with SPAWAR, it is a Navy laboratory tasked with "creating an unfair advantage for our war fighters," according to Jim Fallin, the facility's director of communications, that designs "systems, infrastructure, sensors and the means needed to create a fully netted combat force that operates and interlaces all the domains of warfare, from seabed to space." With clients and partners that include the U.S. Army, Marines, and Air Force, as well as many universities and other institutions, SPAWAR is a growing--and hiring--research institution that aims to give America's military services "the ability to disrupt any adversary's ability to conduct warfare." Photos: Looking in on the Navy's Command Center of the Future View the full gallery And given that these are the guys recently tasked with reworking the White House's famous Situation Room, they also seem like the right ones to take the traditional military command center--with huge rooms, row after row after row of desks with computers and huge video screens--and flip such environments on their head. In other words, SPAWAR has nothing short of a major assignment on its hands: to build the kind of center that will best serve the soldiers and decision makers of the future, all while minimizing the physical space necessary for such rooms and maximizing the use of technology. Showcasing the technology of the future The Command Center of the Future (CCoF), which has had a budget so far of a couple of hundred thousand dollars, first opened its doors just four months ago and is clearly not yet finished. But given that it's a prototype of the kinds of military action centers that are likely to be in use five or ten years down the line, it's probably best that the SPAWAR folks not rush to finish their work. Upon entering what turns out to be a pretty small room deep inside a nondescript SPAWAR office building, visitors are greeted initially by a wall of military insignia and then by a dimly-lit, quiet, room with gleaming glass walls and banks of video screens installed behind the glass. According to my host, SPAWAR research engineer Jeff Clarkson, who is leading the project, the CCoF has as one of its main purposes the highlighting and showcasing of the technologies of the future. Notwithstanding the visit of a CNET News reporter, the typical visitor since the doors to the CCoF opened four months ago have included VIPs like Navy admirals, the secretary of the Navy, the chief of Naval Operations, and others eager to see the kinds of facilities likely to be featured on warships and in Department of Defense facilities a few years from now. And the idea behind this room--which is far from operational--is to convey, in its small space, what a future command center may well look like, Clarkson said. One clear goal of the CCoF is to show how military decision makers no longer need to be together in a single room in order to work on actionable intelligence, make strategic decisions, or communicate with subordinate personnel around the world. Rather, the room is designed to bring together those who need to be involved in discussions surrounding specific military engagements, regardless of whether they're local. Indeed, the room's very mission statement is to make it possible to rely on video teleconferencing and artificial intelligence in such meetings. And while the CCoF is still in its early stages--its many video screens are still tuned to cable news channels rather than remote Navy locations--Clarkson and his team are hopeful that they will soon move to the next stage and build into the room the technologies that will showcase just how the people who will use it will interact with the tools of the future. For example, while the video screens today are nothing more than TVs with shiny glass covers, they will soon feature multitouch overlays that will mean many of the glass surfaces will allow decision makers to manipulate data and other information simply by running their fingers over the glass, much as users of iPhones do today. Similarly, while it's still in a presentation stage, the CCoF will be used for things like mocking up Flash representations of the control system of an unmanned aerial vehicle (UAV) so that decision makers can see how much control they have over such assets from far across the world. 'The art of the possible' Just after entering the room, visitors notice an area that is separated from the main space by its own set of glass walls. In normal circumstances, this is where to place junior staff members in front of a couple of computers. But the idea behind this sub-room is to give decision makers a private, secure, place to go for classified discussions. And while it might initially be counter-intuitive to have such discussions in what at first appears much like a fish tank, Clarkson explained that in fact, that room is designed with glass that can automatically turn dark, as well as sound-proofing that can make it entirely secure. And the point of this, Clarkson continued, is to make it possible for such senior officials to be able to huddle together for highly sensitive discussions without having to leave the command center, saving a great deal of time for everyone involved. To be sure, this room inside this San Diego building is by no means a final product. In fact, even when future command centers are being constructed, they will likely have an infinite number of sizes and configurations that will match their surroundings: smaller rooms on Navy ships and larger ones inside Department of Defense buildings, Clarkson said. But for now, as military VIPs show up to see the prototype, the idea is really to give them a sense of "the art of the possible," as Fallin put it. Changing mission needs Clarkson said that one of the major focuses of the CCoF is to prove that such an environment can be flexible and adaptable to "changing mission needs." That means that the rooms need to be easily reconfigurable, something that is clear in how it was set up during my visit. On one side of the room, a group of eight chairs was set up as a place for seating junior staff while senior officials put their heads together at the main round-table. But that configuration was just one way for the room to be presented, Clarkson said. And anyway, many of those who would take place in the kinds of discussions that would be centered in the room would be at remote locations, communicating via teleconference. Yet Clarkson said even such virtual communication would be aided by the latest technologies. One such advance would be an implementation of artificial intelligence that would display, on the appropriate screens on the glass walls, documents being talked about by those on the screens. In other words, Clarkson said, the CCoF would have AI meant to discern what is being talked about during a teleconference and to know how to source up whatever documents are needed as they're needed. At the same time, the technology could also keep track of those on- screen and show, for the benefit of those in the room, little heads-up displays (HUDs) that identify each on-screen speaker. And while the command centers of the future may be needed by senior officials to set strategy during specific action, they are also likely to be manned 24/7 by junior officials making sure that proper communications with supporting organizations are always under way. Ultimately, Clarkson said, the state-of-the-art in command center workflow theory is built around the idea of flow. He explained that research has shown that decision makers think better if they can move around while they talk and that's why the CCoF here has been designed to allow such senior officials to walk and talk and never lose sight of those they're communicating with. In the past, by comparison, the experience has been much more sedentary, with officials coming in and sitting down at a table the entire time. "We want to create a sense of guests and hosts being able to walk (around) together and still be discussing," said Clarkson. "They still have security and still have information, and they can look up something if (they) need it." And while the command center of the past--like, say, the alternate command center of the North American Aerospace Defense Command (NORAD)--has traditionally been a basketball court-size space with endless rows of desks, Clarkson said he hopes that the work being done on the CCoF will demonstrate that in the wars of the future, what's really needed is technology to bring dispersed people together so that they can discuss the important topics of the day, no matter where they are. "We're just trying to show what's possible," Clarkson said, "what's coming down the pipeline, and what we envision the future to be." Daniel Terdiman is a staff writer at CNET News covering games, Net culture, and everything in between. From rforno at infowarrior.org Tue Sep 29 12:25:59 2009 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Sep 2009 08:25:59 -0400 Subject: [Infowarrior] - Apple's insecure iPhone forced update Message-ID: Don't need it? Don't install it.Apple may have recently shoved an unsafe update down your PC's throat, but the broader problem is Apple, or anyone else, installing any unnecessary program on your PC. Tags: Apple, iPhone Configuration Utility http://www.itworld.com/security/79064/dont-need-it-dont-install-it If you use any Apple program on Windows you may have noticed recently a rather odd Apple Software Update dialog box telling you under the Updates heading that you need the iPhone Configuration Utility 2.1. I did, and my reaction was: "I do?" After all, I use an iPod Touch, not an iPhone, and iTunes does just fine with managing it. Then, I found I was also getting the notice on Windows PCs that I've never used with my Touch. What is this? A little investigation revealed that the iPhone Configuration Utility is actually a tool for business system administrators to set up and administer corporate iPhones . Even if I were using an iPhone, I'd need that program like I'd need season tickets to the Detroit Lions. So, I haven't installed it-and I really wish Apple would stop bugging about it. I didn't think anything more about it. I don't install programs I don't need or plan on testing. Others though did and they discovered that this completely unneeded Apple shovelware for 99.9999% of all users installs not just a configuration program, but the Apache Web server as well. For the tiny number of people who do need it, this lets corporate iPhone users 'phone' in to the business Web server for updates. For the millions of everyone else having a Web server on your PC is horrible security risk. It's hard enough keeping Windows secure, but adding a totally unregulated Web server to the mix is like throwing matches at a pool of gasoline. What was Apple thinking!? Actually, I rather doubt they were thinking. As Windows expert Ed Bott pointed out, Apple has long used "its automatic update process to deliver massive amounts of new software to users." That's often software you don't need, and in the case of the iPhone Configuration Utility it's actively making securing your Windows PC harder. In general, I like Apple products, but I don't like anyone forcing software on me. In fact, I recommend that people only install the programs they need on their PCs. Every last program you install on PC potentially adds what security experts call an 'attack surface' to your computer. By this they mean that you may be adding a new weak spot in your PC defenses. A Web server, like the one Apple adding to you PC isn't a weak spot though. It's a gateway just asking to be hammered on by an attacker. Managed properly Apache is as safe a Web server as you'll ever find, but ordinary PC users shouldn't try to manage it, and even an expert can't do anything with it if they don't know it's there. If you haven't installed this program yet, don't. You don't need it, and you don't want it. If you have installed it, uninstall it with Windows' control panel uninstall utility. On XP, that the Change or Remove Program applet. So long as you're at it, you might want to get rid of other programs that you never use. Unused programs make be completely harmless, but they may also be security time-bombs. Stick with just the programs you need and use, and you'll be a better off. Finally, Apple? Stop pushing software on people! If we want it, we'll download it ourselves. Thank you. Thank you very much. From rforno at infowarrior.org Wed Sep 30 12:43:04 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Sep 2009 08:43:04 -0400 Subject: [Infowarrior] - =?windows-1252?q?=91Clear=92_Security_Service_May?= =?windows-1252?q?_Return_at_Airports?= Message-ID: <2AF8374A-77C1-486A-9F9C-9024F175C077@infowarrior.org> September 30, 2009 ?Clear? Security Service May Return at Airports By BRAD STONE http://www.nytimes.com/2009/09/30/technology/30clear.html?hpw=&pagewanted=print Verified Identity Pass, a company founded by the entrepreneur Steven Brill, offered travelers a tempting proposition: pay up to $199 a year, submit to a fingerprint and iris scan, and skip to the front of interminable airport security lines. But last June, the company left its roughly 200,000 paying customers stranded, saying that it was ceasing operations and did not have cash to offer refunds. Now it appears those customers will get a break. Kurtis Fechtmeyer, an investment banker based in Emeryville, Calif., said on Tuesday that his new investment group, Henry Inc., had signed a letter of intent with Morgan Stanley, the defunct company?s largest debt holder, to buy its assets and reopen its fast-lane security service, called Clear. Mr. Fechtmeyer said his group thought it could bring back the service as soon as this holiday season. It will offer former Clear members, some of whom had paid for years of the service in advance, the option of rejoining with their membership intact. ?People are still desperate for convenience at security checkpoints, and the government is very interested in having more registered travelers whose identities are verified,? he said. ?There is still strong demand for this service.? If the former members choose not to sign up, Mr. Fechtmeyer said, their personal information will be destroyed. The fate of that data had been a source of worry for some Clear customers. Mr. Fechtmeyer, a former managing director of FBR Capital Markets, an investment bank, had been helping Clear secure extra financing before it shut down. His investment group is composed of family-owned funds in the Bay Area and elsewhere and at least one principal investor whom he declined to name because the deal was not yet completed. Word of a possible new life for the Clear service surfaced ahead of a hearing that a House Homeland Security subcommittee will hold on Wednesday to discuss the future of the Transportation Security Administration?s registered traveler program. Mr. Fechtmeyer?s wife, Alison Townley, also a principal of Henry, will testify. The vision for the Clear service was first laid out soon after the 9/11 attacks in a Newsweek column by Mr. Brill, the founder of Court TV and American Lawyer magazine. He wrote that a private company could solve the problems of security and long lines in airports with a smart identification card, backed by biometric tests, that would allow members to pass through special lines at airports. Verified Identity Pass, the New York-based company he created to pursue that idea, required people to go through a lengthy enrollment process, give up personal information and have an iris scan and fingerprints recorded. In return, they got to bypass security lines, accompanied by Clear ?concierges? who were stationed at airports like Kennedy International. In its four years of operation, V.I.P. raised $90 million in financing from the likes of Spark Capital, Baker Capital, Lockheed Martin, General Electric and Lehman Brothers. But it became known less for its service than for a string of controversies. Mr. Brill was forced out of the company by investors earlier this year and later sued over breach of contract, winning a million-dollar judgment. Last year, a company laptop containing the personal information of some 33,000 customers was lost for a week at San Francisco International Airport (it was later found and the information had apparently not been accessed). When the Clear service ceased operations over the summer, after backers could not agree on how to restructure its debt, some members filed a class-action lawsuit, accusing the company of fraud and of breaching its contracts. But people involved with the company say it was near profitability when it shut down. That is one reason Mr. Fechtmeyer and Ms. Townley are optimistic that they can turn the Clear service into a successful business. They say they have already begun to meet with representatives from the Transportation Security Agency and Clear?s partner airports, some of which said ?you cannot open soon enough,? according to Ms. Townley. They also said that they conducted a survey of Clear customers over the summer, and that 70 percent said they would return to the service. Another 20 percent said they would return depending on which airports were included. The new buyers are developing ways to allow people to sign up for the service directly at the airport ? presumably when they are confronted in person with a long, time-wasting security line. Mr. Brill, who now runs Journalism Online, a venture developing ways for newspapers to charge for online access, was cautiously enthusiastic about a new life for Clear. ?Assuming they comply with the privacy requirements of the program, I think it would be great,? he said. ?The way the company got shut down was at best irresponsible. If someone is going to try to make it up to those customers, I think that?s a real good thing.? From rforno at infowarrior.org Wed Sep 30 12:46:49 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Sep 2009 08:46:49 -0400 Subject: [Infowarrior] - OT: DVD Jon's remake of Apple's 1984 ad Message-ID: Big Brother ad by doubleTwist http://www.youtube.com/watch?v=tdVzboF2E2Q From rforno at infowarrior.org Wed Sep 30 14:01:27 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Sep 2009 10:01:27 -0400 Subject: [Infowarrior] - Very OT: Hat Tip to FEDEX Message-ID: FedEx flies terminally ill girl home By CELIA DEWOODY celiad at harrisondaily.com Published: Saturday, September 26, 2009 6:08 AM http://harrisondailytimes.com/articles/2009/09/26/news/doc4abd634567a5f810451602.txt Because of caring people and a caring company, a terminally ill little Green Forest girl was flown home Friday by air ambulance from M. D. Anderson Cancer Center in Houston, so she can spend her last days surrounded by the people who love her most. Jada Harper, who turned seven on Sept. 1, has an inoperable malignant tumor in her brain and is in a coma with a ventilator doing her breathing for her. She has been at the famous cancer center in Houston since July, but her situation is now at the point not much else can be done to help her. Friday afternoon, Jada was flown home to the Ozarks ? on a gurney, attached to the machine that breathes for her. FedEx Freight paid the $11,000 bill for the special medical flight her family was unable to afford. Jada is the daughter of Savannah and Jason Surface and has been a student at Green Forest Elementary School. The family, which includes Lyndon, 4, and Gracelyn, almost 2, lived in Oak Grove until Jada got sick this summer, and the family moved in with Jason?s family ? his mother Wanda and sister Brandy Surface ? in Batavia. ?Jada got diagnosed in June with a malignant brain tumor,? said the child?s grandmother, Wanda Surface. ?It?s a brain-stem glioma, and it?s inoperable.? Wanda said Jada was first treated at Arkansas Children?s Hospital in Little Rock. ?The most important thing was radiation, so we spoke with doctors all over the United States. There was one doctor who really wanted to see her, from M. D. Anderson?s in Houston. So we took her to Anderson?s in July.? Jada was able to travel by car at that time. ?She had chemo and radiation,? Wanda said. ?The treatment was shrinking the tumor, but they only gave us 18 months. Then about three weeks ago, she seized, and it killed part of her brain. She?s been in a coma for three weeks now. They had to put her on a ventilator.? Wanda said Jada is not able to be taken off of the ventilator. ?They say she could still wake up, but she?ll still have brain damage,? she said. ?They?re only giving us three months now.? The child?s grandmother said medical experts at M. D. Anderson?s recently gave Jada?s parents a choice: to give her further radiation, which might buy her six months ? ?They said she could stay here, and let her lay here and let us keep her alive for maybe six more months. Or ? you could take her home and give her three months.? Wanda said Savannah and Jason ?couldn?t bear to think about her lying there in that hospital for six more months. They decided to take her home to her family, to everyone who loves her. Everybody is here.? Wanda, along with her son Jason, Jada?s dad, had been in Houston with Jada until recently. ?Jason had to come home to go back to work at Tyson?s,? she said. ?We got home yesterday.? Jada?s mother, Savannah, remained behind at Anderson?s with her daughter. Moving Jada home from Texas ? in a coma and attached to a ventilator ? became the big challenge. ?They said a ground ambulance was too dangerous,? Wanda said. ?They said she?d be dead within hours ? it?s just too long of a trip from Houston.? She needed to be moved in an air ambulance, which costs $10,000- $14,000, Wanda said. Wanda said the family started calling every organization they could think of that helps transport people for medical reasons, including Angel Flight, but they weren?t able to find anybody who would fly the little girl in her serious medical condition from Houston to Arkansas. Tiffany Gilliam, a close friend of Savannah?s, kept updating Andrea Martin, Green Forest Elem-entary principal, with what was going on with Jada. Andrea called someone she knew at FedEx to see if they could help. She called the right person when she called Kelly Madewell, who is flight operations specialist at FedEx Freight in Harrison. ?This all took place on Thursday,? Wanda said. ?The next thing we knew, Savannah called us from Houston, and she was crying and crying. She said they had called her to tell her that FedEx had a flight coming to pick her and Jada up and bring them home.? Ken Reeves, vice-president and general counsel of FedEx Freight, told the Daily Times that Madewell ?was the one who put this whole thing together, and Doug Duncan in Memphis, (president and CEO of FedEx Freight Corp. in Memphis), and Pat Reed here in Harrison, (executive vice-president and CEO of FedEx Freight), both approved for FedEx Freight in Harrison to pay for it.? Reeves said the flight will cost the company ?a little over $11,000.? ?One thing that impresses me about this company is that the company has a heart,? Reeves said. ?Our company does a lot of things like this. It?s been recognized as one of the most admired companies in the world, and this is why.? The Medway air ambulance, equipped with a medical team, picked up Jada and her mother in Houston on Thursday afternoon for the hour-long flight to the Harrison airport, where they landed about 4:30 p.m. Jada was met on the runway by an ambulance from North Arkansas Reg-ional Medical Center?s Emergency Services, which whisked her off in a matter of minutes toward NARMC, where she will be in intensive care, according to Wanda. Friends and relatives, as well as Reeves and Reed from FedEx, were on hand at the FedEx terminal at the Boone County Regional Airport to greet Jada and Savannah when they arrived. The family used the opportunity to thank the two FedEx officials over and over for bringing their little girl home. Jada?s family has expressed their gratitude to FedEx for what they have done to ensure the sick little girl could be brought home to be with her family. ?I really appreciate it,? said Daniyale Harper of Harrison, Jada?s aunt, earlier Friday. ?It?s the best thing that?s happened so far.? Jada?s grandmother, Wanda, said, ?I?m so overwhelmed. You don?t know how we?ve searched for the past two weeks. We?ve searched all over the U.S. to find somebody who could help us bring Jada home, and the answer was right here in our own hometown. These people at FedEx are miracle-workers.? Jada?s mother, Savannah, told Reed and Reeves at the airport, ?It?s all worked out wonderful. I didn?t think we?d be able to get her here, but luckily, my hometown came through. From the bottom of our hearts, thank you.? From rforno at infowarrior.org Wed Sep 30 14:31:44 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Sep 2009 10:31:44 -0400 Subject: [Infowarrior] - Hackers could target cardiac implants Message-ID: Killer hackers could target cardiac implants Emtech Researcher calls for tighter security By Clive Akass Wednesday, 30 September 2009, 13:59 http://www.theinquirer.net/inquirer/news/1556846/killer-hackers-target-cardiac-implants A US RESEARCHER is calling for legislation to enforce tighter security on implanted cardiac devices after he hacked one wirelessly to produce a potentially fatal electric shock. The scenario may sound like something out of a detective novel or far- fetched thriller movie script but the danger is real and should be taken seriously, says Kevin Fu, an assistant professor of computer science at the University of Massachusetts, who specialises in the security of RFID systems. Judges at the EmTech conference in Boston took his work seriously enough to give him an Innovator of the Year award. Doctors can access modern pacemakers and defibrillators over the Internet via a short-range wireless link similar to those used in RFID devices. The system allows them to monitor patients remotely and install software updates. This means a hacker could access confidential medical information as well as reprogram the devices, Fu says. He wrote in a recent paper: "Manufacturers point out that IMDs (implanted medical devices) have used radio communication for decades, and that they are not aware of any unreported security problems. Spam and viruses were also not prevalent on the Internet during its many- decade childhood. Firewalls, encryption, and proprietary techniques did not stop the eventual onslaught." Fu and his team used off-the-shelf components to build a device that could write to a defibrillator and read the signals being sent to it. They deciphered the signals by exploiting the fact that they knew the patient's name. They could then reprogram the device to give an electric shock. Another possibility is that a hacker could disable the power-saving mode so that the device's battery ran down in days rather than years. The hacking device could be built into something the size of a cellphone and infect IMDs with malware randomly as the killer walked down the street. Millions of people use pacemaker-defibrillator devices. Fu points out that such random attacks are not unknown. Vandals can cause people to have seizures by implanting flashing lights on a website used by epileptics; and seven people died when a killer put cyanide-laced painkillers on supermarket shelves in Chicago. Nevertheless some doctors resisted when Fu first started making inquiries about IMD security. Has he any idea of how many of the devices in use are vulnerable? "That's the point," he said. "We just don't know." ? From rforno at infowarrior.org Wed Sep 30 18:19:57 2009 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Sep 2009 14:19:57 -0400 Subject: [Infowarrior] - DOC-ICANN Sign Historic Accord on Internet Governance Message-ID: <564BA7EF-BFA2-43F7-8D45-75166C149452@infowarrior.org> FOR RELEASE: Immediate MEDIA CONTACTS: Brad White Director of Media Affairs, ICANN Ph. +1 202.429.2710 brad.white at icann.org Michele Jourdan Corporate Affairs Ph. +1 310.301.5831 michele.jourdan at icann.org Commerce Department and ICANN Sign Historic Accord on Internet Governance Washington, D.C? September 30, 2009? ICANN and the U.S. Department of Commerce have signed an historic Affirmation agreement supporting the ICANN model of international multi-stakeholder and bottom-up governance of the global Internet addressing system. ?This new Affirmation marks an exciting new stage in ICANN?s development as a truly international entity and it confirms once and for all, that the ICANN model of public participation works, and works effectively? said Rod Beckstrom, ICANN Chief Executive Officer. ?One world, one Internet, everyone connected ? this is our goal at ICANN. This agreement gives international stakeholders an even more powerful voice in our activities moving forward.? More than a decade ago it was envisioned that the Internet?s addressing system would be coordinated by a private, multi- stakeholder, non-profit corporation, specifically ICANN. The rationale was that the Internet not be controlled by any single government, group of governments or special interest. ?A decade ago the US government was a catalyst for a global discussion on how to coordinate the vital resource that is the Internet?s unique identifiers,? said Peter Dengate Thrush, ICANN?s Chairman of the Board. ?They understood that it needed to be coordinated not controlled. That vision has been affirmed in the model of private sector leadership that ICANN represents.? Under the Affirmation agreement, the U.S. will remain committed to participation in ICANN?s Governmental Advisory Committee (GAC), which is one of the bodies that advises the corporation in its crucial mission of assuring that one human being can contact another anywhere on the planet. The agreement also mandates that ICANN?s accountability to the Internet community must be reviewed at least every 3 years by a committee made up of representatives of the community, which will include the U.S. Assistant Secretary of Communications and Information of the Department of Commerce. Global business and Internet leaders welcomed news of the Affirmation agreement. ? ?The Affirmation of Commitments by ICANN and DOC fulfills a long- standing objective of the original formation of ICANN: to create an organization that can serve the world's interest in a robust, reliable and interoperable Internet.? ? Vint Cerf, co-inventor of the Internet. ? ?Google and its users depend every day on a vibrant and expanding Internet; we endorse this Affirmation and applaud the maturing of ICANN's role in the provision of Internet stability.? ? Eric Schmidt, Chief Executive Officer of Google, Inc. ? ?ICANN?s assurances on openness, stability and competition are remarkable, particularly as they are backed up by a strong oversight process that involves the global community. This is what we needed for moving ahead into the next phase of the internet.? ? Jim Lewis, Center for Strategic and International Studies. ? ?VeriSign commends the Internet Corporation on Assigned Names and Numbers (ICANN) and the Department of Commerce the ten years of work by both parties towards the evolution of governance around the Domain Name Addressing System. We are encouraged that the new agreement by ICANN and the U.S. Department of Commerce will allow for more international participation in the policy creation at ICANN and expand ICANN?s efforts as technical coordinator of the domain name addressing system to ensure a robust and secure Internet.? ? Mark McLaughlin, President and CEO of Verisign. To read additional reaction to the Affirmation Agreement go here:http://www.icann.org/en/announcements/announcement-30sep09-en.htm#reaction To read the Joint Affirmation Agreement go here:http://www.icann.org/en/announcements/announcement-30sep09-en.htm#affirmation . To see a videotaped interview with CEO Rod Beckstrom discussing the Affirmation Agreement go here: : http://www.icann.org/en/announcements/announcement-30sep09-en.htm#video .