From rforno at infowarrior.org Sun May 2 23:19:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 2 May 2010 19:19:54 -0400 Subject: [Infowarrior] - Worldwide Cybersecurity Summit Message-ID: <1A4D70EC-E690-4045-BD94-7CA5FFB623F0@infowarrior.org> Governments, businesses to discuss cybersecurity threats by Chris Lefkow Chris Lefkow Sat May 1, 1:59 pm ET http://news.yahoo.com/s/afp/20100501/tc_afp/usitcomputersecurityinternet/print WASHINGTON (AFP) ? Government officials and business leaders from around the world are meeting in Texas this week to discuss what all agree is an area of common and growing concern: cybersecurity. The Worldwide Cybersecurity Summit, hosted by the EastWest Institute (EWI), opens in Dallas on Monday and will feature three days of discussions on ways to protect the world's digital infrastructure from electronic threats. Among those scheduled to address the gathering, being held in the wake of sophisticated cyberattacks on Google which the Internet giant said originated in China, are President Barack Obama's National Security Advisor James Jones and White House cybersecurity coordinator Howard Schmidt. The EWI, a non-partisan think tank, is bringing together 400 government officials, business leaders and cybersecurity experts from China, France, Germany, India, Russia, the United States and nearly three dozen other countries to "map the dangers and areas of cooperation" in cyberspace. "The skyrocketing severity and frequency of cyberattacks against businesses, governments and other institutions globally pose an ominous threat to the stability of the international economy and peace itself," according to the EWI. "Nations have well established rules of the game on land, sea, air and in outer space," it said. "There is a significant lack of such rules in the fifth common domain -- cyberspace." Ahead of the meeting, the EWI and Public Strategies conducted a survey of government officials, business leaders and cybersecurity experts on their perception of the dangers in cyberspace. Thirty-four government officials and 103 business executives or experts, many of whom plan to attend the cybersecurity summit in Dallas, responded to the April 19-26 survey, for which they were guaranteed anonymity. When asked to rate the cybersecurity threat to governments and businesses on a scale of one to 10 with nine or ten representing a "profound threat," more than 80 percent of both groups agreed that the threat ranked a six or higher. Forty-eight percent of both groups said they faced a "profound threat" while only three percent from each category said they faced "no threat." Only four percent of the government officials and eight percent of the business leaders and cybersecurity experts rated the security of government computer systems and those of businesses as "very secure." Sixty-seven percent of government officials said their computer grid was "not very secure" while 33 percent of business leaders and experts said the computer systems of businesses in their country were not very secure. "The consensus on threat levels is quite high," said EWI vice president Andrew Nagorski. "There's a general understanding that if there are major cyberattacks this is going to have a major economic impact." Participants in the survey also agreed that international tensions are likely to escalate if concerns over cybersecurity are not addressed. Sixty-seven percent of the government officials said that if current cybersecurity policies prove ineffective, "deteriorating relations, angry recriminations and growing distrust" could result among countries such as China, India, Russia and the United States. Fifty-one percent of the business leaders and experts expressed the same fear. "This survey demonstrates how much more we need to do to implement policies that keep pace with the breakneck speed of technological advances," said EWI president and chief executive John Edwin Mroz. "We need private-public partnerships and we need international cooperation to make cyberspace safe and secure," he said. "These results point to an urgent need to build trust, not only between countries but also between governments and businesses on a global level." From rforno at infowarrior.org Mon May 3 13:47:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 May 2010 09:47:55 -0400 Subject: [Infowarrior] - FTC to gain Internet control? Message-ID: <57D2C3C6-6D5C-42AC-A922-473DA193B500@infowarrior.org> Wonder how many folks know about this? I remain opposed to such 'backdoor' ways of sneaking things through the legislative process. -rick Under financial overhaul, FTC could gain enforcement power over Internet By Cecilia Kang Washington Post Staff Writer Tuesday, April 27, 2010; A13 http://www.washingtonpost.com/wp-dyn/content/article/2010/04/26/AR2010042604335_pf.html# The Federal Trade Commission could become a more powerful watchdog for Internet users under a little-known provision in financial overhaul legislation that would expand the agency's ability to create rules. An emboldened FTC would stand in stark contrast to a besieged Federal Communications Commission, whose ability to oversee broadband providers has been cast into doubt after a federal court ruled last month that the agency lacked the ability to punish Comcast for violating open-Internet guidelines. The version of regulatory overhaul legislation passed by the House would allow the FTC to issue rules on a fast track and permit the agency to impose civil penalties on companies that hurt consumers. FTC Chairman Jon Leibowitz has argued in favor of bolstering his agency's enforcement ability. "If we had a deterrent, a bigger stick to fine malefactors, that would be helpful," Leibowitz told Fox News last week. That provision to strengthen the FTC is absent from the financial overhaul legislation before the Senate. Some observers, however, expect the measure to be included when the House and Senate versions are combined. The proposal comes as uncertainty surrounds the federal government's ability to regulate the Internet and oversee service providers. Spokeswomen at the FTC and FCC declined to comment. "Everyone is trying to figure out who is on first and what the game is here. Everything is a moving target right now," said Art Brodsky, a spokesman for Public Knowledge, an advocacy group. Major media, telecom and cable companies stand to win or lose greatly from changes at the FTC and FCC. For example, a proposed rule at the FCC would force carriers to treat all Web traffic equally on their networks. That has drawn sharp opposition from broadband service providers, who would prefer that Congress mandate such a change. Comcast has complained that some traffic is so heavy that it slows the entire system. The proposal to expand the FTC's authority has sparked a flurry of lobbying by advertisers, industry groups and the U.S. Chamber of Commerce, which are seeking to block it citing concerns about possible overreach by the agency. Advertisers and retailers, for example, are wary of new rules from the FTC, which acts as their primary enforcement agency. The House financial overhaul bill would make it easier for the FTC to issue rules on privacy that would curtail an advertiser's ability to collect personal data on consumers' Web habits. The Chamber of Commerce sent a letter last week signed by 41 trade groups to Senate Majority Leader Harry M. Reid (D-Nev.) and Minority Leader Mitch McConnell (R-Ky.) protesting any move to include a provision on the FTC in the Senate bill. Advertisers took out a full-page ad in Roll Call, asking lawmakers to reject an effort to embolden the FTC. "These FTC rules are a big deal and deserve their own debate," said Chris Merida, the director of congressional and public affairs at the Chamber. Consumer interest groups, however, want to give the FTC greater clout in overseeing Web-related issues. They say online advertisers are gathering personal data about consumers and potentially abusing that information with little federal oversight. "The bottom line is that these powerful special business interests want to keep the Internet as their private financial playground -- where they get to reap the big bucks without any regulatory oversight," said Jeff Chester, executive director of the Center for Digital Democracy. From rforno at infowarrior.org Mon May 3 13:50:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 May 2010 09:50:01 -0400 Subject: [Infowarrior] - Facebook to Share Your Info for Money Message-ID: (I'm still not on Facebook and have no interest in it, either -rick) Facebook to Share Your Info for Money Updated: Wednesday, 28 Apr 2010, 10:36 AM EDT Published : Tuesday, 27 Apr 2010, 11:01 PM EDT http://www.myfoxdc.com/dpp/money/facebook-to-share-your-info-for-money-april-27-20101272464814471 MINNEAPOLIS - Facebook is now sharing your personal profile information with third parties. For now, it's just a few web sites, like the music site Pandora, and the consumer review site, Yelp. Facebook is automatically sharing that information, without your consent. If you don't want to share, you have to opt out. University of Minnesota law professor and privacy expert Bill McGevern says it's an important line in the sand. And for Facebook, with 600 million users, the stakes are high. ?Facebook is trying over and over to get this shared so Facebook becomes the center of the web,? said McGevern. Facebook want to make money by selling user information. Last week, Facebook announced new features designed to unlock more of the data accumulated about its users during its six-year history. The senators said the recent changes by Facebook fundamentally alter the relationship between users and the social networking site. Before the change, users had control over what information they wished to share publicly and what information they wanted to keep private. Among other things, Facebook is plugging into other websites so people can communicate their interests with friends, colleagues and acquaintances online. Facebook also changed its own website to create more pages where users' biographical information could be exposed to a wider audience. In a statement, Facebook said, "these new products and features are designed to enhance personalization and promote social activity. All of Facebook?s partner sites interact with a user?s consent." To opt out of Facebook?s new profile sharing is a multiple step process: STEP 1: Go to the ?Privacy Settings.? Go to ?Applications and Web Sites.? Then go to ?Instant Personalization Pilot Program,? and hit edit settings. STEP 2: For all users there?s an automatic check in the box below, which allows Facebook to share your information with other web sites. You are automatically ?opted in.? If you do not wish to share this information, uncheck the box. STEP 3: Even after you?ve done this, it is not clear whether you need to ?opt out? at the sites where Facebook is intending to share your information, like Pandora and Yelp, and soon many more sites. So you will want to look at the upper left hand corner of those sites to see whether those sites are recognizing your Facebook account and activity. Here again, you need to opt out. But a word of caution, as Facebook concedes, your information may still be shared through your friends accounts, unless you block the application from these web sites. Facebook, apparently responding to Congressional pressure, has already made some changes to this ?Instant Personalization Pilot Program,? so you may want to periodically check back in to adjust your settings. From rforno at infowarrior.org Tue May 4 00:45:59 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 3 May 2010 20:45:59 -0400 Subject: [Infowarrior] - Top Ten Reasons You Should Quit Facebook Message-ID: <854AED5B-5A72-4FAC-9177-1091A6E2040F@infowarrior.org> Top Ten Reasons You Should Quit Facebook Mon Apr-26 2010 | Dan Yoder http://www.rocket.ly/home/2010/4/26/top-ten-reasons-you-should-quit-facebook.html Update: Due to the surprising popularity of this post, I feel I should be absolutely clear about my role as VP of Engineering for a Hollywood-based social media startup, BorderStylo. The opinions expressed here are purely my own and are not in any way endorsed by my employer. While I do not see our applications as directly competitive to Facebook, nor have I presented them as such, it would be disingenuous not to mention this. After some reflection, I've decided to delete my account on Facebook. I'd like to encourage you to do the same. This is part altruism and part selfish. The altruism part is that I think Facebook, as a company, is unethical. The selfish part is that I'd like my own social network to migrate away from Facebook so that I'm not missing anything. In any event, here's my "Top Ten" reasons for why you should join me and many others and delete your account. 10. Facebook's Terms Of Service are completely one-sided. Let's start with the basics. Facebook's Terms Of Service state that not only do they own your data (section 2.1), but if you don't keep it up to date and accurate (section 4.6), they can terminate your account (section 14). You could argue that the terms are just protecting Facebook's interests, and are not in practice enforced, but in the context of their other activities, this defense is pretty weak. As you'll see, there's no reason to give them the benefit of the doubt. Essentially, they see their customers as unpaid employees for crowd-sourcing ad-targeting data. 9. Facebook's CEO has a documented history of unethical behavior. From the very beginning of Facebook's existence, there are questions about Zuckerberg's ethics. According to BusinessInsider.com, he used Facebook user data to guess email passwords and read personal email in order to discredit his rivals. These allegations, albeit unproven and somewhat dated, nonetheless raise troubling questions about the ethics of the CEO of the world's largest social network. They're particularly compelling given that Facebook chose to fork over $65M to settle a related lawsuit alleging that Zuckerberg had actually stolen the idea for Facebook. 8. Facebook has flat out declared war on privacy. Founder and CEO of Facebook, in defense of Facebook's privacy changes last January: "People have really gotten comfortable not only sharing more information and different kinds, but more openly and with more people. That social norm is just something that has evolved over time." More recently, in introducing the Open Graph API: "... the default is now social." Essentially, this means Facebook not only wants to know everything about you, and own that data, but to make it available to everybody. Which would not, by itself, necessarily be unethical, except that ... 7. Facebook is pulling a classic bait-and-switch. At the same time that they're telling developers how to access your data with new APIs, they are relatively quiet about explaining the implications of that to members. What this amounts to is a bait-and-switch. Facebook gets you to share information that you might not otherwise share, and then they make it publicly available. Since they are in the business of monetizing information about you for advertising purposes, this amounts to tricking their users into giving advertisers information about themselves. This is why Facebook is so much worse than Twitter in this regard: Twitter has made only the simplest (and thus, more credible) privacy claims and their customers know up front that all their tweets are public. It's also why the FTC is getting involved, and people are suing them (and winning). Update: Check out this excellent timeline from the EFF documenting the changes to Facebook's privacy policy. 6. Facebook is a bully. When Pete Warden demonstrated just how this bait-and-switch works (by crawling all the data that Facebook's privacy settings changes had inadvertently made public) they sued him. Keep in mind, this happened just before they announced the Open Graph API and stated that the "default is now social." So why sue an independent software developer and fledgling entrepreneur for making data publicly available when you're actually already planning to do that yourself? Their real agenda is pretty clear: they don't want their membership to know how much data is really available. It's one thing to talk to developers about how great all this sharing is going to be; quite another to actually see what that means in the form of files anyone can download and load into MatLab. 5. Even your private data is shared with applications. At this point, all your data is shared with applications that you install. Which means now you're not only trusting Facebook, but the application developers, too, many of whom are too small to worry much about keeping your data secure. And some of whom might be even more ethically challenged than Facebook. In practice, what this means is that all your data - all of it - must be effectively considered public, unless you simply never use any Facebook applications at all. Coupled with the OpenGraph API, you are no longer trusting Facebook, but the Facebook ecosystem. 4. Facebook is not technically competent enough to be trusted. Even if we weren't talking about ethical issues here, I can't trust Facebook's technical competence to make sure my data isn't hijacked. For example, their recent introduction of their "Like" button makes it rather easy for spammers to gain access to my feed and spam my social network. Or how about this gem for harvesting profile data? These are just the latest of a series of Keystone Kops mistakes, such as accidentally making users' profiles completely public, or the cross-site scripting hole that took them over two weeks to fix. They either don't care too much about your privacy or don't really have very good engineers, or perhaps both. 3. Facebook makes it incredibly difficult to truly delete your account. It's one thing to make data public or even mislead users about doing so; but where I really draw the line is that, once you decide you've had enough, it's pretty tricky to really delete your account. They make no promises about deleting your data and every application you've used may keep it as well. On top of that, account deletion is incredibly (and intentionally) confusing. When you go to your account settings, you're given an option to deactivate your account, which turns out not to be the same thing as deleting it. Deactivating means you can still be tagged in photos and be spammed by Facebook (you actually have to opt out of getting emails as part of the deactivation, an incredibly easy detail to overlook, since you think you're deleting your account). Finally, the moment you log back in, you're back like nothing ever happened! In fact, it's really not much different from not logging in for awhile. To actually delete your account, you have to find a link buried in the on-line help (by "buried" I mean it takes five clicks to get there). Or you can just click here. Basically, Facebook is trying to trick their users into allowing them to keep their data even after they've "deleted" their account. 2. Facebook doesn't (really) support the Open Web. The so-called Open Graph API is named so as to disguise its fundamentally closed nature. It's bad enough that the idea here is that we all pitch in and make it easier than ever to help Facebook collect more data about you. It's bad enough that most consumers will have no idea that this data is basically public. It's bad enough that they claim to own this data and are aiming to be the one source for accessing it. But then they are disingenuous enough to call it "open," when, in fact, it is completely proprietary to Facebook. You can't use this feature unless you're on Facebook. A truly open implementation would work with whichever social network we prefer, and it would look something like OpenLike. Similarly, they implement just enough of OpenID to claim they support it, while aggressively promoting a proprietary alternative, Facebook Connect. 1. The Facebook application itself sucks. Between the farms and the mafia wars and the "top news" (which always guesses wrong - is that configurable somehow?) and the myriad privacy settings and the annoying ads (with all that data about me, the best they can apparently do is promote dating sites, because, uh, I'm single) and the thousands upon thousands of crappy applications, Facebook is almost completely useless to me at this point. Yes, I could probably customize it better, but the navigation is ridiculous, so I don't bother. (And, yet, somehow, I can't even change colors or apply themes or do anything to make my page look personalized.) Let's not even get into how slowly your feed page loads. Basically, at this point, Facebook is more annoying than anything else. Facebook is clearly determined to add every feature of every competing social network in an attempt to take over the Web (this is a never-ending quest that goes back to AOL and those damn CDs that were practically falling out of the sky). While Twitter isn't the most usable thing in the world, at least they've tried to stay focused and aren't trying to be everything to everyone. I often hear people talking about Facebook as though they were some sort of monopoly or public trust. Well, they aren't. They owe us nothing. They can do whatever they want, within the bounds of the laws. (And keep in mind, even those criteria are pretty murky when it comes to social networking.) But that doesn't mean we have to actually put up with them. Furthermore, their long-term success is by no means guaranteed - have we all forgotten MySpace? Oh, right, we have. Regardless of the hype, the fact remains that Sergei Brin or Bill Gates or Warren Buffett could personally acquire a majority stake in Facebook without even straining their bank account. And Facebook's revenue remains more or less a rounding error for more established tech companies. While social networking is a fun new application category enjoying remarkable growth, Facebook isn't the only game in town. I don't like their application nor how they do business and so I've made my choice to use other providers. And so can you. From rforno at infowarrior.org Tue May 4 17:04:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 May 2010 13:04:53 -0400 Subject: [Infowarrior] - Fwd: [attrition] Errata Overhaul and Re-launch References: Message-ID: From: security curmudgeon Date: May 3, 2010 2:57:27 PM EDT Re-launch Overview: ------------------- Started over a decade ago, the Errata project of attrition.org is the longest maintained section of the site. While consistently the least viewed, it has provided a valuable resource to many people in and out of the computer security industry including employers and media. While far from a complete history of the darker side of our industry, the project serves as a reminder that security providers and companies can be as much of a risk as they provide help. http://attrition.org/errata/ Changelog: ---------- Significant changes for re-launch: - Standardized HTML (mostly) - Slightly better META content - Massive re-org of several pages - Most indexes converted to tables - Snazzy new graphics for main page - Significant backfill of events for several pages Moving forward: - Several ideas for new pages in the works - Endless backfill (1500+ mails / articles) - More HTML standardization (e.g., titles, META) Errata Information & Background: -------------------------------- Whether it is $39.99 anti-virus software, or $500/hr specialty penetration testing, you are paying a price for a piece of security. The security companies that offer these solutions insist that security is important for you as a person and critical to your business. So important in fact, that they expect you will pay ridiculous prices for solutions that aren't as complete or helpful as they seem. One of the cornerstones and components of 'security' is integrity; "1. adherence to moral and ethical principles; soundness of moral character; honesty". When security providers have a breakdown in their own integrity, you should be aware of it. When the company taking your money in return for security products and services fails to maintain a certain level of integrity, you should challenge them on why they think they are qualified to sell security offerings. This page exists to enlighten readers about errors, omissions, incidents, lies and charlatans in the security industry. With the media running rampant and insufficient checks and balances for their reporting in place, the general population has been misled about everything from hackers to viruses to 'cyberwar' to privacy. In recent years, companies peddling security products and services have taken a turn for the worse, casting aside ethics in favor of lies and profit. Over the years, many companies and people have developed a taste for money and fame when it isn't deserved. These frauds and charlatans survive on being in front of cameras and news articles, constantly peddling their ideas and solutions, when they typically have no merit. People often ask why we are so critical about articles, or focusing on a single paragraph of a larger article. Regardless of the size or frequency of errors, these problems can be viewed as single bricks in a large wall. The more people read these bricks, the more they begin to see the entire wall. After reading the same errors or omissions from several news sources, the information makes an amazing transition from 'unbiased news' to 'fact'. The notion that it is 'unbiased news' in the first place is just as ludicrious, but a fact of life. Like the news clips, charlatans build their careers by using the same methods. Quoted in an article here, give a weak presentation there and before long it is spun into an elaborate resume, extensive use of the word 'expert' and "twenty years of experience." The contents of these pages are the opinions and observations of attrition.org staff. However, we frequently receive pointers to articles, information and budding charlatans in our industry. In some cases, we receive material that we republish as is. For any material to appear on this page, we feel that our opinion or posted content is backed by a reasonable amount of evidence and logic. We try to distinguish what is factually incorrect versus our opinions. Do not take this page as gospel; use it as one of many information resources, do your own research and form your own opinions. While we will strive to keep this project as unbiased as possible, there will be many times where we can only counter opinions, bias and implications with those of our own. From rforno at infowarrior.org Tue May 4 18:31:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 May 2010 14:31:54 -0400 Subject: [Infowarrior] - Ariz. college using RFID for class attendance Message-ID: <54EF0E8E-E007-4FD2-B939-036F675F7AC5@infowarrior.org> Ariz. college to position sensors to check class attendance Devices would be installed in underclassmen lecture halls; some say infringes on privacy http://badgerherald.com/news/2010/05/04/ariz_college_to_posi.php By David Brazy Tuesday, May 4, 2010 1:18 a.m. Updated Tuesday, May 4, 2010 1:19:04 a.m. Students at Northern Arizona University will have a hard time skipping large classes next fall because of a new attendance monitoring system. The new system will use sensors to detect students? university identification cards when they enter classrooms, according to NAU spokesperson Tom Bauer. The data will be recorded and available for professors to examine. Bauer said the university?s main goal with the sensor system is to increase attendance and student performance. ?People are saying we are using surveillance or Orwellian [tactics] and, boy, I?m like ?wow,? I didn?t know taking attendance qualified as surveillance,? Bauer said. University President John Haeger is encouraging professors to have attendance be a part of students? grades, but he added it is not mandatory and up to each professor to decide, Bauer said. Haeger added the sensors, paid for by federal stimulus money, initially would only be installed in large freshmen and sophomore classes with more than 50 students. NAU Student Body President Kathleen Templin said most students seem to be against the new system. She added students have started Facebook groups and petitions against the sensor system. NAU sophomore Rachel Brackett created one of the most popular Facebook groups, ?NAU Against Proximity Cards,? which has more than 1,400 members. Brackett said she chooses to go to class, and it is a right she hopes to preserve. She said not being forced to go to class is a part of the college experience. ?I feel as though having students make it their own decision to go to class is part of the process of becoming mature adults,? Brackett said. Adam Kissel, director of the Foundation for Individual Rights in Education, said this is the first time he has heard of such a system. Kissel added if the school is strictly using the system for taking attendance in classrooms there would probably be no harm. Kissel said with enough sensors, the system could be used to track students? presence on campus 24 hours a day, which would be a problem for students? rights. ?One thing that we find here at FIRE is that if the rule is there or the technology is there, the university will probably use it,? Kissel said. Brackett said she feels the sensor system is an invasion of privacy. She said in theory, with the recorded data, many people in the university would be able to track students? locations. ?It?s just one more step in the wrong direction?. I am finding out the more I study this particular issue,? Brackett said. While some say the system is Orwellian, it is similar to an existing University of Wisconsin practice. Some UW classes use electronic clickers to take attendance and have students answer questions during class. UW professor Dana Geary, who uses the clickers for one of her classes, said the clickers do not seem to affect the number of students who attend class. Geary added the attendance grades were useful in helping her make decisions in grading for students whose grades were right at a boundary level. From rforno at infowarrior.org Tue May 4 19:45:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 May 2010 15:45:10 -0400 Subject: [Infowarrior] - New privacy bill makes your location, sex habits "sensitive info" Message-ID: <37E413DC-D17C-4F54-90B1-18D9E099A696@infowarrior.org> New privacy bill makes your location, sex habits "sensitive info" By Nate Anderson | Last updated 39 minutes ago http://arstechnica.com/tech-policy/news/2010/05/religion-sex-money-location-bill-makes-them-sensitive-info.ars Major Internet privacy legislation was unveiled today (PDF) by Rep. Rick Boucher (D-VA) and Rep. Cliff Stearns (R-FL). Under the bill, companies would be forbidden from using your cell phone's geolocation information without your consent, and the same goes for information on your race, religious beliefs, or sexual orientation. For most other information, a simple opt-out will keep that data?even data already collected?from being used. Boucher chairs the House Subcommittee on Communications, Technology, and the Internet, and he has dealt with Internet issues for years (he was a driving force behind the doomed attempt to patch the worst parts of the DMCA, as well); Stearns is the ranking member on the committee. The two today released a "discussion draft" of their new privacy legislation in order to gauge Congressional and public opinion on its ideas. Covered and sensitive The bill isn't particularly long, and compared to laws in other countries, it's not particularly strict. But it does provide a decent privacy baseline in the US, providing limited protection for "covered information" and much tougher protection for "sensitive information." The bill makes a key distinction between the two kinds of data: covered information collection is "opt-out," while sensitive information collection would become "opt-in" only. According to the bill, covered information includes: ? The first name or initial and last name ? A postal address ? A telephone or fax number ? An e-mail address ? Unique biometric data, including a fingerprint or retina scan ? A Social Security number, tax identification number, passport number, driver's license number, or any other government-issued identification number ? A financial account number, or credit or debit card number, and any required security code, access code, or password that is necessary to permit access to an individual?s financial account ? Any unique persistent identifier, such as a customer number, unique pseudonym or user alias, Internet Protocol address, or other unique identifier, where such identifier is used to collect, store, or identify information about a specific individual or a computer Companies and websites that disclose their data collection practices can harvest this data on the assumption that, by using the site, one has agreed to such collection. But they are required to provide an opt-out option that would stop all such data collection and prevent the company from using even previously acquired data. Sensitive information can't even be collected and stored in the first place without an explicit opt-in assent. The bill defines sensitive information as: ? Medical records, including medical history, mental or physical condition, or medical treatment or diagnosis by a health care professional ? Race or ethnicity ? Religious beliefs ? Sexual orientation ? Financial records and other financial information associated with a financial account, including balances and other financial information ? Precise geolocation information When it comes to that last one, the bill states that "a user?s express opt-in consent to an application provider that relies on a platform offered by a commercial mobile service provider shall satisfy the requirements of this subsection." Aggregate and anonymous information can be collected without any privacy policy at all. Salvation or devastation? The draft bill has only been out for a few hours, and its opponents are already issuing a call to arms. The Progress & Freedom Foundation warns that "policymakers could unintentionally devastate the 'free' Internet as we know it. Because the Digital Economy is fueled by advertising and data collection, a 'privacy industrial policy' for the Internet would diminish consumer choice in ad-supported content and services, raise prices, quash digital innovation, and hurt online speech platforms enjoyed by Internet users worldwide." Groups like the Center for Democracy & Technology have a different take. "It has been almost a decade since Congress last considered consumer privacy legislation," said CDT President Leslie Harris. "Since that time, commercial collection and use of consumer information both online and off has increased exponentially. Consumers deserve comprehensive privacy protection. Today?s release of the staff discussion draft of the Boucher-Stearns consumer privacy bill is the first step to achieving this important goal." As for Boucher, he sees the bill as ultimately pro-business. "Our goal is to encourage greater levels of electronic commerce by providing to Internet users the assurance that their experience online will be more secure," he said in a statement. "That greater sense of privacy protection will be particularly important in encouraging the trend toward cloud computing. "Online advertising supports much of the commercial content, applications and services that are available on the Internet today without charge, and this legislation will not disrupt this well established and successful business model. It simply extends to consumers important baseline privacy protections." From rforno at infowarrior.org Tue May 4 22:30:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 May 2010 18:30:35 -0400 Subject: [Infowarrior] - I agree with Glenn Beck. For once. Message-ID: <2C51F5B8-9FD8-4450-9F93-7FDE2C5BBB13@infowarrior.org> (Beck's comments at the end of these extracted quotes. Wonder of wonders, eh? -rick) Times Square bombing arrest allows GOP to revive 'Miranda' debate By Paul Kane, Shailagh Murray and Matt DeLong http://voices.washingtonpost.com/44/2010/05/gop-seizes-on-times-square-arr.html?hpid=topnews After the news late Monday that federal authorities arrested Faisal Shahzad in connection with Saturday's botched car bombing in New York's Times Square, congressional Republicans wasted no time in reviving the debate on whether to read Miranda rights to a terror suspect. The Miranda issue rose to prominence in the aftermath of the failed attempt to blow up an airliner on Christmas Day. It was reported that the suspect, Umar Farouk Abdulmutallab, stopped providing information after he was read his rights following 50 minutes of interrogation. < - > "If someone acts like a terrorist and cooperates with people intent on war against the United States, they should be treated as terrorists and not as a common criminal. And no, they should not be read their Miranda rights," said Sen. John Cornyn (R-Texas), who along with McCain is senior Republican on the Armed Services Committee. < - > Sen. Joseph Lieberman (I-Conn.), appearing on Fox News, suggested changing the law to strip the citizenship -- and in turn the rights afforded by the Constitution -- from any American who becomes involved with terrorism. I think it's time for us to look at whether we want to amend that law to apply it to American citizens who choose to become affiliated with foreign terrorist organizations, whether they should not also be deprived automatically of their citizenship, and therefore be deprived of rights that come with that citizenship when they are apprehended and charged with a terrorist act. < - > Meanwhile, conservative firebrand talk show host Glenn Beck came out in favor of reading Shahzad his Miranda rights. "He is a citizen of the United States, so I say we uphold the laws and the Constitution on citizens," the bombastic Fox News host said to the stunned co-hosts of "Fox and Friends". "If you are a citizen, you obey the law and follow the Constitution. [Shahzad] has all the rights under the Constitution." "We don't shred the Constitution when it is popular," Beck added. "We do the right thing." From rforno at infowarrior.org Tue May 4 22:37:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 May 2010 18:37:37 -0400 Subject: [Infowarrior] - Cybersecurity Act of 2010: A Very Bad Bill Message-ID: <0B95B987-33E5-4F48-886B-B7D580D7DAF1@infowarrior.org> Rckefeller?s Cybersecurity Act of 2010: A Very Bad Bill By Richard Stiennon http://blogs.forbes.com/firewall/2010/05/04/rockefellers-cybersecurity-act-of-2010-a-very-bad-bill There are a bunch of cybersecurity bills trickling through Congress right now; some of them several years in the making. Senator Rockefeller?s Cybersecurity Act of 2010(S.773) is deemed the most likely to get voted on by the Senate as it was just unanimously passed through the Senate Committee that he chairs, Commerce Science and Transportation. It is time for the security industry to take a close look at this $1.82 billion bill as it contains some pretty drastic measures that are going to be very disruptive, and I believe detrimental. The preamble, labeled ?Findings? sets the stage with the dramatic language we have become familiar with: As a fundamental principle, cyberspace is a vital asset for the nation and the United States should protect it using all instruments of national power, in order to ensure national security, public safety, economic prosperity, and the delivery of critical services to the American public. Even though there is a definitions section, ?cyberspace? is never defined in S. 773. And, setting aside the dangling participle, this is a rather broad declaration. All instruments of national power? There are further claims drawn from various cybersecurity experts including the President, Melissa Hathaway (author of Cyber Policy Review), Dennis Blair (Director of National Intelligence), Howard Schmidt (Cybersecurity Coordinator), Mike McConnell (former Director of National Intelligence), Paul Kurtz (Good Harbor consultant), James Lewis (Senior Fellow, CSIS), Booz Allen Hamilton, Allan Paller (SANS), and various policy think tanks, supporting the claim that cyberspace is a vital asset, and it is not secure or resilient. If we stipulate for the moment that cyberspace is a vital asset and the government needs to step in to make it secure and resilient, let?s examine the rest of the bill to see, if enacted, it would accomplish both those goals. Section 4 of the act requires the President to define critical infrastructure. Specifically: within 90 days of enactment: ?The President, in consultation with sector coordinating councils, relevant government agencies, and regulatory entities, shall initiate a rulemaking ?, to establish a procedure for the designation of any information system the infiltration, incapacitation, or disruption of which would threaten a strategic national interests as a critical infrastructure information system under this Act.? In other words, the Act requires the President to convene a bunch of meetings with as yet undefined groups to define a procedure with no timeline to designate what is and is not critical. Now there is a tough task. But not to worry about the implications, these amorphous bodies are also instructed to ?establish a procedure?by which the owner or operator of an information system may appeal.? This will keep a lot of very high priced lawyers busy for years. Imagine if the NYSE or MasterCard-Visa is designated a ?critical information resource.? Now comes the great regulatory overlay for IT security professionals, Title 1 ? Workforce Development. The President will be required to ask the National Academies (National Academy of Sciences (NAS), the National Academy of Engineering (NAE), the Institute of Medicine (IOM), and the National Research Council (NRC)) to conduct a one year study of existing accreditations and report after one year. From there, within six months, the President will be required to institute accreditation requirements for cybersecurity professionals working within the Federal Government and on designated critical information systems. There will be semi-annual audits to make sure each system is in compliance and remediation plans will be worked out if a department or agency is not in compliance for two consecutive audits. The Director of the National Science Foundation (metallurgist Arden L. Bement) shall establish a Federal Cyber Scholarship-for-Service program which will apply to 1,000 students that will receive free-ride scholarships plus stipends and internships. Promising K-12 students will also be identified for participation in summer work and internships. I am sure the senators do not really mean to include kindergarten students. Funding for the scholarship program will start at $50 million in 2010 and rise to $70 million in 2014. Fifty thousand dollars a year for each student (and program overhead) should do the job. Next up is the Cybersecurity Competition and Challenge. The Director of NIST ( physicist Patrick Gallagher) shall establish cybersecurity competitions and challenges with cash prizes not to exceed $5 million. The competitions will include middles school students. $15 million will be appropriated each year through 2014 for NIST to fund this. Then comes the Cybersecurity Workforce Plan that requires every Federal agency to develop a strategic cybersecurity workforce plan with a mindboggling array of requirements for establishing that strategy and measuring its effectiveness. Title II ? Plans and Authority This section gives the President 180 days to develop a Comprehensive National Cybersecurity Strategy. The President may declare a cybersecurity emergency that invokes a ?collaborative emergency response and restoration plan? to be developed as part of the Strategy. Note this is the watered down version of the first proposed legislation, the so-called ?kill switch.? Biennial Cyber Review The President shall complete a review of the cyber posture of the United States every two years. Cybersecurity Dashboard Pilot Project Within a year the Secretary of Commerce (Gary Locke) shall propose and implement a ?system to provide dynamic, comprehensive, real-time, cybersecurity status and vulnerability information of all Federal Government information systems managed by the Department of Commerce including an inventory of such, vulnerabilities of such systems, and corrective action plans for those vulnerabilities.? Apparently this would include all 15 operating units of the Department of Commerce including the Census Bureau, NOAA, and NIST. A very nice idea but do not underestimate the momentous size of this task or the disruption to the computing environments of the Commerce Department to pull this off within a year. NIST Cybersecurity Guidance This section requires NIST to promote auditable, private sector developed cybersecurity risk management measures. Another laudable goal but I am afraid that cybersecurity risk management solutions that exist today lag the threat landscape by a number of years. While the Federal sector has to play catch up, the end result of successfully completing this section of the ACT will result (if completely successful) in agencies that can demonstrate they are in compliance with today?s risk management best practices but will still be completely vulnerable to advanced threats. The requirements of this section will also apply to US Critical Infrastructure Information Systems, creating a huge burden of compliance for an already stressed industry sector. Joint Intelligence Threat and Vulnerability Assessment A small section with huge impact reads in total: ?The Director of National Intelligence (Dennis Blair), the Secretary of Commerce (Gary Locke), the Secretary of Homeland Security(Janet Napolitano), the Attorney General (Eric Himpton Holder), the Secretary of Defense (Robert Gates), and the Secretary of State (Hillary Clinton) shall submit to the Congress a joint assessment of, and report on, cybersecurity threats to and vulnerabilities of Federal information systems and United States critical infrastructure information systems.? No timeline is provided for this monumental task. Federal Secure Products and Services Acquisitions The Administrator of the General Services Administration (Martha N. Johnson) shall require that requests for proposals will include cybersecurity risk measurement techniques for Federal information systems products. Perhaps the time has come for this measure but it will add tremendous overhead to an already burdensome acquisition process. Title III Cybersecurity Knowledge Development A new cybersecurity awareness campaign that ?calls on a new generation of Americans to service in the field of cybersecurity.? The Secretary of Education (basketball pro Arne Duncan) shall establish K-12 curriculum guidelines to address cyber safety, cybersecurity, and cyber ethics. The Act also provides for the funding of new cybersecurity research into how to design and build secure software, and test and verify it. The Cybersecurity Research and Development Act will be amended to provide over $150 million in funds each year. And The Computer and Network Security Centers will receive an additional $50 million per year. The Computer and Network Security Capacity Building Grants will be enhanced to the tune of $40 million+ per year. The Scientific and Advanced Technology ACT Grants will be bumped up by $5 million+ per year. The Graduate Traineeships in Computer and Network Security Research will have $20 million+ added. Total new authorization for Title III comes to $1.445 Billion through 2014. Title IV Public-Private Collaboration The first step will be the creation of a Cybersecurity Advisory Panel. This panel will be called on to consult with the President on every other measure in the bill. The members will not be compensated other than for travel expenses. State and Regional Cybersecurity Centers will be set up to ?enhance the cybersecurity of small and medium sized businesses.? The Secretary of Commerce is given 120 days to issue a description of the Centers. Note that it has been a year already since Congress passed an Act requiring the Small Business Administration to set up an IT Security Advisory Board. The SBA is already six months late in establishing that board. Public-Private Clearing House The government will review how threat information is currently shared between public and private sources and recommend the establishment of a central clearing house for threat and vulnerability information. That is what Infragard and US-CERT are supposed to do today. That?s it. That is the vaunted public-private partnership that Senator Rockefeller is stumping in his latest public presentations and op-ed pieces. Repercussions If passed, S.773 will be an unmitigated disaster for the security industry, security professionals, and the security stance of the US government. Remember Sarbanes-Oxley? There was one tiny reference to ?security frameworks? in that bill that caused every security team at publicly traded companies to drop everything they were doing and document their compliance with ITIL and COBIT. Some would argue that is a good thing but the end result was not enhanced security postures, but enhanced record keeping. This bill represents a gargantuan overlay on top of a vibrant industry that is finely tuned to address the rising threats that this bill attempts to address. It will be a windfall for those involved in cyber security certification, and academics who have been left in the dust by advances in cybersecurity being developed by entrepreneurial firms. If enacted it will create a guild of government certified security professionals that have the luxury of taking the time to qualify. And of course, those that vote for this Act will be able to point to the proactive stance they took when the next cyber embarrassment occurs. They will not have done anything to prevent the next cyber incident. But they will have covered their...backs. From rforno at infowarrior.org Tue May 4 23:21:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 May 2010 19:21:18 -0400 Subject: [Infowarrior] - EFF Warnings on Facebook Connections Message-ID: <0F26A9F7-D603-4459-940E-E3993D4B5786@infowarrior.org> (The last bullet point really adds new meaning to 'watch what you say' when online......-rick) Six Things You Need to Know About Facebook Connections Commentary by Kurt Opsahl http://www.eff.org/deeplinks/2010/05/things-you-need-know-about-facebook "Connections." It's an innocent-sounding word. But it's at the heart of some of the worst of Facebook's recent changes. Facebook first announced Connections a few weeks ago, and EFF quickly wrote at length the problems they created. Basically, Facebook has transformed substantial personal information ? including your hometown, education, work history, interests, and activites ? into "Connections." This allows far more people than ever before to see this information, regardless of whether you want them to. Since then, our email inbox has been flooded with confused questions and reports about these changes. We've learned lots more about everyone's questions and experiences. Drawing from this, here are six things you need to know about Connections: ? Facebook will not let you share any of this information without using Connections. You cannot opt-out of Connections. If you refuse to play ball, Facebook will remove all unlinked information from your profile. ? Facebook will not respect your old privacy settings in this transition. For example, if you had previously sought to share your Interests with "Only Friends," Facebook will now ignore this and share your Connections with "Everyone." ? Facebook has removed your ability to restrict its use of this information. The new privacy controls only affect your information's "Visibility," not whether it is "publicly available." Explaining what "publicly available" means, Facebook writes: "Such information may, for example, be accessed by everyone on the Internet (including people not logged into Facebook), be indexed by third party search engines, and be imported, exported, distributed, and redistributed by us and others without privacy limitations." ? Facebook will continue store and use your Connections even after you delete them. Just because you can't see them doesn't mean they're not there. Even after you "delete" profile information, Facebook will remember it. We've also received reports that Facebook continues to use deleted profile information to help people find you through Facebook's search engine. ? Facebook sometimes creates a Connection when you "Like" something. That "Like" button you see all over Facebook, and now all over the web? It too can sometimes add a Connection to your profile, without you even knowing it. ? Facebook sometimes creates a Connection when you post to your wall. If you use the name of a Connection in a post on your wall, it may show up on the Connection Page, without you even knowing it. (For example, if you use the word "FBI" in a post). You can give Facebook comments on the new Connections here. From rforno at infowarrior.org Wed May 5 02:11:38 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 May 2010 22:11:38 -0400 Subject: [Infowarrior] - Google tutorial lets developers play malicious hacker Message-ID: <19B9BBCB-236C-45F1-B110-0FBF823F01DE@infowarrior.org> Google tutorial lets developers play malicious hacker By Dan Goodin in San Francisco ? Get more from this author Posted in Enterprise Security, 5th May 2010 00:08 GMT http://www.theregister.co.uk/2010/05/05/google_web_app_security_course/ Google has released a free online tutorial that gives developers the chance to play the role of malicious hacker by exploiting real security bugs in a mock web application. The codelab is premised on a "small, cheesy web application" dubbed Jarlsberg that is chock-full of bugs that can be exploited to take down webservers, perform remote code-execution attacks, and spring information-disclosure leaks. It can be downloaded and run on a local machine to teach developers firsthand the perils of insecure coding. Google's "Web Application Exploits and Defenses" codelab can be used in a black-box setting, in which hackers aren't privy to the source code of the application they're attacking, or a white-box setting, in which they are. Jarlsberg is written in Python, although hackers, of course, need not be versed in the language in order to make mincemeat of the application. The tutorial is designed to give developers - and anyone else - hands-on experience finding and fixing security bugs in the typical web application. It's broken up into various classes of vulnerabilities such as XSS, or cross-site scripting; CSRF, or cross-site request forgeries; and path traversal. Students are taught not only how to identify specific types of vulnerabilities but how to exploit them to carry out certain types of attacks. The code is available here, and and a PDF of an instructor's guide is here. ? From rforno at infowarrior.org Wed May 5 03:55:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 4 May 2010 23:55:05 -0400 Subject: [Infowarrior] - Twitter is the New CNN Message-ID: <677A2400-C06F-4AB7-B74E-04C657F43537@infowarrior.org> Twitter is the New CNN ARTICLE DATE: 05.03.10 By Lance Ulanoff http://www.pcmag.com/print_article2/0,1217,a=250555,00.asp?hidPrint=true A new study paints the popular micro-blogging service Twitter in a whole new light and sets it up to take on traditional news media. Here's something I've always known about Twitter: It's about information not socialization. Twitter's called a "micro-blogging" service, after all. If it were all about social interaction, perhaps it would be described as a micro-social network. Of course, with millions and millions of users, Twitter is anything but micro. And now, my Twitter hypothesis has some academic support. A group of Korean researchers recently completed and presented the results of a unique quantitative study that paints Twitter, in fairly stark terms, as the likely future of news. Here are some of their more interesting findings: Twitter isn't like a social network because it's not "mutual." On Facebook, we have to friend each other to really engage. On Twitter, people will follow you if you're interesting and they get something out of it, even if you never follow them back. That sounds a lot like the reasons why people buy The New Yorker, subscribe to a newspaper, or watch a particular television news program. Following equals subscribing. Is there any clearer signal that Twitter is an information and news service than this? My Twitter stream is, for all intents and purposes, a feed. I wonder if I should rename my followers "subscribers." Twitter fits the definition of a "news medium." Tell me if anything in the following definition does not fit Twitter. Medium: The means of communication, as radio, television, newspapers, and magazines, that reach or influence people widely. Tweeters talk about timely topics. Not only do we talk about timely topics, people on Twitter break news and, as the study notes, Twitter spreads information rapidly via digital word of mouth. How quickly did you learn on Twitter about Flight 1549 or the car bomb in Times Square? Twitter is full of timely tweets. Twitter members do not, as they sometimes do in forums and other social networks, talk about old news. The majority of the tweets are about topics that occurred yesterday or, more likely, today. User participation is tied to timely topics. Twitter's user patterns actually align with major global events. Again, this is much more like a news service, such as CNN, Fox News, or CNBC. During the economic meltdown, CNBC's ratings skyrocketed. The researchers observed Twitter's numbers rise during the Iran Election and just about anything to do with Apple. Headlines, headlines, headlines. If you follow my Twitter stream, then this isn't news to you. Typically, I post headlines with a little analysis thrown in. I like to think of my Twitter feeds as my own tiny little newspaper. Apparently, I'm not alone. The researchers found that 53 percent of tweets are headlines; 31 percent fall into the "ephemeral" category. Most of the activity on Twitter is driven by super users. These users form super information hubs. The researchers were a bit unclear about how these power users generate more and more followers, though I think one of their theories "Recommendation by Twitter" is partly right. How they generate followers aside, the concept of a small cadre of influential Twitter users, once again, aligns with the news media model. So while everyone likes to talk about the democratization of news, it's really the same old story. A relatively small group of people are delivering the news and most Twitter users are simply passing along what they've learned. Those with many followers tweet more. Those with the most followers tweet the most. This helps drive the "one to one million" Twitter hop. So, one person tweets breaking news and, potentially, one million see it because thousands retweet it. It's the last part where Twitter is actually more efficient than traditional news media. Stories from CNN or the print edition of The New York Times may be retold to a handful of people, but it's hard for the average person to disseminate information without a platform like Twitter. One caveat here, however, is that researchers found what most on Twitter have known for a long time, there are many followers, and people on Twitter in general, who do not tweet or retweet at all. Everyone tweets news, especially the top users. Twitter is turning everyone into news reporters. The Korean researchers found that everyone from sports stars to musicians and actors are tweeting or retweeting headline news. I probably tweet more general news than I would write about on PCMag.com. It's simply the nature of the service. It's a miracle that so much news does get through. Most retweets, it turns out, get retweeted just once. So, how does so much news get disseminated on Twitter effectively? One retweet almost guarantees hundreds of additional content readers. Those readers may then go on to create a new tweet based on the news content. While I generally retweet news, there are times when I feel the need to recast the topic with an entirely new tweet. It's like a newspaper's concept of a "write-through" (non-reported write-up of someone else's reporting or a press release). Tweeting is real- time. Most retweets happen within the first hour, which is how Twitter's information flow remains timely. This makes sense. When I follow a Tweeted news link, I pay close attention to the date on the story and the time stamp of the tweet before I retweet. According to the study, 35 percent of retweets happen in the first 10 minutes. Timeliness is, of course, a hallmark of news media. Clearly, it's time for us to stop describing Twitter as a social medium, or even a micro-blogging service. It's an information dissemination platform. At this moment, Twitter users and the news media are leveraging Twitter to disseminate news, but that could change. If more users start to view Twitter the way I do, as their own personal news service, then traditional news media will need to view Twitter in a new light, too?as a competitor. From rforno at infowarrior.org Wed May 5 13:26:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 May 2010 09:26:55 -0400 Subject: [Infowarrior] - Fallows: If the TSA Were Running New York Message-ID: If the TSA Were Running New York May 3 2010, 4:13 PM ET http://www.theatlantic.com/politics/archive/2010/05/if-the-tsa-were-running-new-york/39839/ How would it respond to this weekend's Times Square bomb threat? Well, by extrapolation from its response to the 9/11 attacks and subsequent threats, the policy would be: - All vans or SUVs headed into Midtown Manhattan would have to stop and have their contents inspected. If any vehicle seemed for any reason to have escaped inspection, Midtown in its entirety would be evacuated; - A whole new uniformed force -- the Times Square Security Administration, or TsSA - would be formed for this purpose; - The restrictions would never be lifted and the TsSA would have permanent life, because the political incentives here work only one way. A politician who supports more open-ended, more thorough, more intrusive, more expensive inspections can never be proven "wrong." The absence of attacks shows that his measures have "worked"; and a new attack shows that inspections must go further still. A politician who wants to limit the inspections can never be proven "right." An absence of attacks means that nothing has gone wrong -- yet. Any future attack would always and forever be that politician's "fault." Given that asymmetry of risks, what public figure will ever be able to talk about paring back the TSA? Something about airplanes and air travel heightens the emotional response to such threats (as Bruce Schneier and I discussed in a Second Life conversation recently). Thus the mood of fear and panic after this event seems less than after the foiled "underwear bombing" airline plot at Christmas time. But as a matter of logic, the steps above are what the TSA approach would necessitate. After all, we still feel the consequences (shoes off! no liquids!) of the failed "shoe bomber" in 2001, and there is no foreseeable reason to expect that to change. There is one other crucial element in the Times Square case, and it can't be stressed often enough. So far we have seen a New York-style rather than a Washington-style response to the threat. And while New York is the least "American" of U.S. cities, its emotional and social response is just what America's should be. Let me explain: The point of terrorism is not to "destroy." It is to terrify. And for eight and a half years now, the dominant federal government response to terrorist threats and attacks has been to magnify their harm by increasing a mood of fear and intimidation. That is the real case against the ludicrous "orange threat level" announcements we hear every three minutes at the airport. It's not just that they're pointless, uninformative, and insulting to our collective intelligence; it's that their larger effect is to make people feel frightened rather than brave. I won't go into the arguments about whether creation of an ever-threatened public mood is deliberate, or what interests it serves. I'll just say: it works against larger American interests (as argued here), and New York in these past two days has shown the alternative. That is nothing more than: being alert, but living your life and not skulking around terrified. I hate to say that when people act fearful, "the terrorists win," but it's true. After the jump, quotes from a National Security Network posting today that lays out the importance of being resilient, as New Yorkers in general are doing now. I am anything but a Gothamite in spirit. "Nice place to visit" is about as far as I'll go. But today I say: I Heart NY! From the National Security Network "Taking on Terror" essay: > This is at least the tenth such plot on New York foiled since 9/11/2001, and the city continues to thrive. Just hours after the failed attack was discovered and the vehicle removed, Times Square was once again packed and back to business. The vendor who alerted police was among the first back at work, "out here showing my colors" at 8:30 Sunday morning.Such resiliency has "historically been one of the United States' great national strengths," says terrorism expert and President of the Center for National Policy Stephen Flynn. While resilience foils terrorists' intentions, the overreaction and fear-mongering advocated by some conservatives creates a siege mentality that works against America's interests and strengths. Today we can be proud of our police and our fellow-citizens - and we should all take a lesson from New York. > > New Yorkers demonstrate resilience, refuse to give in to fear. During and after the bomb scare this weekend, New York City residents showed why awareness and resolve are the best means for defusing terrorist threats... Following the scare, New York City officials were keen not to raise fears unnecessarily by indulging in speculation about the thwarted attack. > > The next morning, it was clear that New Yorkers and visitors alike would not be intimidated by the evening's drama. The Washington Post reported: "...it was a testament to the national resilience that Times Square was packed again Sunday morning, just a few hours after the vehicle was disarmed and removed. The only visible signs of the close call the night before were the scores of police officers on the scene, including the white Technical Assistance Response Unit vans surveying the hours of video surveillance recordings from the cameras that are a ubiquitous staple of New York's post-Sept. 11 life." ... > > In a piece for Foreign Affairs in 2008, Steve Flynn, now President of the Center for National Policy, noted: "...A climate of fear and a sense of powerlessness caused by the threats of terrorism and natural disasters are undermining American ideals and fueling political demagoguery. Rebuilding the resilience of American society is the way to reverse this and respond to today's challenges." > > Editor of Newsweek International and Washington Post Columnist Fareed Zakaria writes that "The purpose of terrorism is to provoke an overreaction. Its real aim is not to kill the hundreds of people directly targeted but to sow fear in the rest of the population. Terrorism is an unusual military tactic in that it depends on the response of the onlookers. If we are not terrorized, then the attack didn't work." Similarly, Marc Lynch, senior fellow at CNAS and professor at George Washington University, explains that an "overreaction" to terrorism attempts plays "right into the hands of a terrorist group." > Next step in the thought experiment: after wondering what NY would look like this weekend if run by the TSA, imagining what the TSA might be like if run in the spirit of this weekend's NY. From rforno at infowarrior.org Wed May 5 14:50:08 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 May 2010 10:50:08 -0400 Subject: [Infowarrior] - QOTD: DMCA Message-ID: <4718386C-E7B6-4101-908C-5AA03D59084E@infowarrior.org> "There's only one thing stupider than being the first country to enact the DMCA, in spite of its obvious shortcomings: enacting the DMCA after the first country has spent a decade showing how rotten and backwards this approach to copyright is." - Cory Doctorow Canadian Prime Minister promises to enact a Canadian DMCA in six weeks http://www.boingboing.net/2010/05/05/canadian-prime-minis-2.html From rforno at infowarrior.org Wed May 5 15:29:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 May 2010 11:29:21 -0400 Subject: [Infowarrior] - For anyone speculating on why Facebook Chat has been unavailable all morning. Message-ID: (c/o Anonymous) ....speculate no more: http://eu.techcrunch.com/2010/05/05/video-major-facebook-security-hole-lets-you-view-your-friends-live-chats/ You?ve got to hand it to Facebook. They certainly know how to do security ? not. Today I was tipped off that there is a major security flaw in the social networking site that, with just a few mouse clicks, enables any user to view the live chats of their ?friends?. Using what sounds like a simple trick, a user can also access their friends? latest pending friend-requests and which friends they share in common. That?s a lot of potentially sensitive information. Unbelievable I thought, until I just tested the exploit for myself. And guess what? It works. The irony is that the exploit is enabled by they way that Facebook lets you preview your own privacy settings. In other words, a privacy feature contains a flaw that lets others view private information if they are aware of the exploit. I know Facebook wants us to share more information and open up, but I?m not sure that this is quite what they had in mind. Because this has major implications for user privacy we?ve informed Facebook about this exploit. Here is the video of the exploit in action. From rforno at infowarrior.org Wed May 5 22:43:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 May 2010 18:43:42 -0400 Subject: [Infowarrior] - Apple demands public apology for iPhone parody Message-ID: <975F3269-6F8D-4C00-A16D-6B29B34B7968@infowarrior.org> Apple demands public apology for iPhone parody By Rik Myslewski in San Francisco ? Get more from this author Posted in Mobile, 5th May 2010 19:25 GMT http://www.theregister.co.uk/2010/05/05/ellen_degeneres_apologizes/ For years, Apple has ruthlessly ridiculed Windows users with its Get a Mac ads - but like many a schoolyard bully, Cupertino can dish it out, but it can't take it. American comedian and talk-show host Ellen DeGeneres apologized to Apple on her eponymous television show for a parody iPhone commercial that ran on Monday in which she gently chided Cupertino's smartphone for, among other things, having a keyboard that was difficult to use. One representative line of her lampoon: fumbling through an attempt to send a text message in the fake commercial, she mused: "My fingers are so much thicker than I remembered." But on Tuesday's show, she sat in her trademark easy chair and told her audience: "Today I got in trouble. I did a fake commercial for the iPhone." After showing her audience the troublemaking parody, she said: "I thought it was funny. A bunch of people thought it was funny. Do you know who didn't think it was funny?" On cue, her audience responded en masse: "Apple!" "Yeah, the people at Apple didn't think it was so funny," DeGeneres said. "They thought I made it look like it was hard to use." Then she started to grovel. "I just want to say that I'm sorry if I made it look like the iPhone is hard to use. It's not hard to use. I have an iPhone, Portia has an iPhone, I just learned how to text on an iPhone, it's the only phone that I can text on. And I love it." Attempting to salvage her honor with a snippet of humor, she said: "I love my iPad, I love my iPod, I love IHOP." Then she returned to full-on self-abasement. "So everybody at Apple - Steve Jobs, Mr. Macintosh - I apologize. I'm sorry. I love the stuff." This cringe-worthy daytime-TV moment wouldn't even be worth reporting if it weren't yet another indicator that Apple is losing - has lost? - its once-cuddly aura. As Cupertino has transmogrified from the scrappy underdog of the late 1990s to the consumer-electronics juggernaut of today, it has become increasingly heavy-handed in its dealings with its developers, its staff, and the media. Examples are legion: the App Store police and their cavalier developer dealings, the iPhone SDK license agreement's draconian secrecy requirements, that same agreement's recent banning of cross-platform coding, Steve Jobs's highly debatable attack on Adobe - the list goes on. While most of these skirmishes have been under the radar of the mass media, the recent dogfight over the stolen/misplaced/whatever iPhone 4G prototype has brought Apple's secretive self to the attention of the broader public. And whether you believe the blame in that convoluted narrative lies with the engineer who lost the phone, the phone's finder and seller, Gizmodo, Apple, or the Palo Alto police, it's fair to say that the whole sorry story has put Apple under an unflattering media microscope. As Jon Stewart said in a nearly nine-minute dissection of the story on The Daily Show last week - entitled, by the way, Appholes - "Apple, you guys were the rebels, man, you were the underdogs. People believed in you. But now ... are you becoming The Man?" "It wasn't supposed to be this way," Stewart continued. "Microsoft was supposed to be the evil one. But now you guys are busting down doors in Palo Alto while Commandant Gates is ridding the world of mosquitoes! What the f--k is going on?" Stewart's analysis of Apple's authoritarian attitude led him to the corner office of One Infinite Loop. "C'mon Steve. Just chill out with the paranoid corporate genius stuff. Don't go Howard Hughes on us. We don't want to picture you holed up in a tower somewhere, peeing in Mason jars while designing a giant wooden touch screen that you'll use once. 'It's the new iSpruce.'" All fun and games, to be sure - after all, Stewart consistently goes to great pains to remind the world that he is a comedian. But now Apple has gone after Ellen DeGeneres, a homey housewives' heroine. Can't be good for Apple's image. Apple may be riding high today, but as The Reg has pointed out before, there's more than a little truth in the ancient adage that "Pride goeth before destruction, and an haughty spirit before a fall." ? From rforno at infowarrior.org Thu May 6 03:12:04 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 May 2010 23:12:04 -0400 Subject: [Infowarrior] - Cyberattacks: Washington is hyping the threat to justify regulating the Internet Message-ID: <6B8EEFDF-6936-4773-8C02-AAB553759A67@infowarrior.org> WOW --- it's *very* rare to see this kind of commentary in any of the mainstream media publications. Kudos to the CSM for a job well done. I agree with this article 110%. -rick Cyberattacks: Washington is hyping the threat to justify regulating the Internet Networks have been under attack -- and successfully handled by operators -- as long as they?ve been around. Be wary of calls for more government supervision of the Internet By Jerry Brito and Tate Watkins http://www.csmonitor.com/Commentary/Opinion/2010/0429/Cyberattacks-Washington-is-hyping-the-threat-to-justify-regulating-the-Internet Arlington, Va. ? We marched into Baghdad on flimsy evidence and we might be about to make the same mistake in cyberspace. Over the past few weeks, there has been a steady drumbeat of alarmist rhetoric about potential threats online. At a Senate Armed Services Committee hearing last month, chairman Carl Levin said that ?cyberweapons and cyberattacks potentially can be devastating, approaching weapons of mass destruction in their effects.? The increased consternation began with the suspected Chinese breach of Google?s servers earlier this year. Since then, press accounts, congressional pronouncements, and security industry talk have increasingly sown panic about an amorphous cyberthreat. Bush administration cybersecurity chief Michael McConnell recently warned that the United States ?is fighting a cyber-war today, and we are losing.? According to McConnell, now a vice president at Booz Allen Hamilton, ?our power grids, air and ground transportation, telecommunications, and water-filtration systems are in jeopardy.? More recently, Sens. Jay Rockefeller (D) and Olympia Snowe (R) wrote about ?sophisticated cyber adversaries? with the potential ?to disrupt or disable vital information networks, which could cause catastrophic economic loss and social havoc.? Yet none of the prognosticators of disaster presents any evidence to sustain their claims. They mention the Google breach, but that was an act of espionage that, while serious, did not lead to catastrophe. There have been and continue to be many ?cyberattacks? on government and private networks, from the Korea attacks to the denial-of-service attacks during the Georgia-Russia war. To be sure, these attacks are a serious concern and we should continue to study them. But so far, these types of events tend to be more of a nuisance than a catastrophe. The biggest result is that websites are down for a few hours or days. This shows that security should be a serious concern for any network operator. It does not show, however, that these attacks can lead ? much less have ever led ? to the types of doomsday scenarios that politicians imagine. There is no evidence that these attacks have ever cost any lives or that any type of critical infrastructure has ever been compromised: No blackouts, no dams bursting, no panic in the streets. The cyberalarmist rhetoric conflates the various threats we might face into one big ball of fear, uncertainty, and doubt. Recently, for example, the director of the Central Intelligence Agency announced that a cyberattack could be the next Pearl Harbor. Cyberwar, cyberespionage, cyberterrorism, cybercrime ? these are all disparate threats. Some are more real than others, and they each have different causes, motivations, manifestations, and implications. As a result, there will probably be different appropriate responses for each. Unfortunately, the popular discussion largely clumps them into the vague and essentially meaningless ?cyberthreat? category. Let?s take a deep breath. Before we can effectively address any of these amorphous ?cyberthreats,? we must first identify what, specifically, these threats are and to what extent the federal government plays a role in defending against them. The war metaphor may be useful rhetoric, but it is a poor analogy to the dispersed and different threats that both public and private information technology systems face. The fact is, as long as we have had networks, they have been under attack. But over the past 20 years network operators have developed effective detection, prevention, and mitigation strategies. This is why we should be wary of calls for more government supervision of the Internet. As part of its National Broadband Plan, the Federal Communications Commission began an inquiry into whether to establish a ?voluntary cybersecurity certification program.? Through the program the FCC would certify communication service providers based on a set of cybersecurity standards developed directly by the FCC, or indirectly through a third party. More ominously, Senators Rockefeller and Snowe have introduced the Cybersecurity Act of 2010 that aims to change how the Internet works in the name of security. It would also create a national system of licensing for security professionals, and would dole out millions of dollars in cyberpork to ?regional cybersecurity centers? and other programs. At the heart of calls for federal involvement in cybersecurity is the proposition that we re-engineer the Internet to facilitate better tracking of users in order to pinpoint the origin of attacks. The Rockefeller-Snowe bill looks to develop such a ?secure domain name addressing system.? That?s a slippery slope. And there?s the fact that we have seen a wasteful military-industrial complex develop before, and in this rush to ?protect? we might be seeing a new one blossoming now. The greater the threat is perceived to be ? and the less clearly it is defined ? the better it is for defense contractors like Booz Allen Hamilton, which last week landed $34 million in Defense Department cybersecurity contracts. That money could certainly be put to better use right now. Anyone concerned about net neutrality or civil liberties ? in particular online privacy and anonymity ? should take notice. Before the country is swept by fear and we react too quickly to the ?gathering threat? of cyberattacks, we should pause to calmly consider the risks involved and the alternatives available to us. Rather than pass a sweeping ?cyberdefense? bill right away, Congress should take the time to untangle the different threats that confront us and make sure they are addressing each appropriately. If not, we will be saddled with an overreaching one-size-fits-all result. Giving the military and federal agencies the tools to protect their online assets might be an appropriate first response. But reengineering the Internet and imposing standards and licensing on the most innovative sector of our economy should give us pause. There is no reason to rush to action. From rforno at infowarrior.org Thu May 6 03:20:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 5 May 2010 23:20:02 -0400 Subject: [Infowarrior] - Does Storing Your Documents In 'The Cloud' Mean The Gov't Has Easier Access To It? Message-ID: <072EF4A5-7550-4E09-8C07-6995481482EE@infowarrior.org> Does Storing Your Documents In 'The Cloud' Mean The Gov't Has Easier Access To It? http://techdirt.com/blog/itinnovation/articles/20100505/0210579305.shtml This post is part of the IT Innovation series, sponsored by Oracle & Intel. Read more at ITInnovation.com. Visit the Resource Center for the latest in whitepapers, tools and webcasts. Of course, the content of this post consists entirely of the thoughts and opinions of the author. One of the more annoying things concerning the ever changing technology world is the trouble that the law has in keeping up. We're seeing that a lot lately. For example, a few months ago, we talked about 4th Amendment issues when it comes to cloud data. There are a few different camps on this, with a few different thoughts -- and so far, no one's exactly sure who's right. We predicted the issue was going to come up more frequently... and we're already seeing that. A few months after that post, we had a court ruling that (on a questionable basis) found no 4th Amendment privacy protections for emails once delivered, using similar logic to the debate over the cloud. And such cases are becoming more common. The Citizen Media Law Project has a good discussion about the FBI getting access to documents stored in Google Docs as part of a spam investigation. In that case, the FBI did go through the process of getting a full search warrant (which should have satisfied some of the 4th Amendment concerns), but it's the first case on record of the FBI getting access to Google Docs. Part of the problem here is that this sort of stuff is covered under a law that's nearly a quarter of a century old, and is not even remotely designed for a modern technology world: The current federal statute on the issue, the Electronic Communications Privacy Act (ECPA), 18 U.S.C. ? 2510, et seq., basically extended the rules regarding government access to older technologies like the telephone (e.g., wiretapping) to electronic communications. The USA Patriot Act, passed after the Sept. 11, 2001 attacks, modified these old rules a bit. But the basic, underlying statute was passed in 1986, before the advent and widespread use of email, text messaging, social networking websites, and the myriad other means of modern communications. As others have explained at length, ECPA creates an exceedingly dense and confusing statutory framework, and relies on a series of archaic distinctions, such as whether a communication is "stored" or "in transit." This complexity creates uncertainty about what showing law enforcement has to make in order to access user materials stored in the cloud. Is a search warrant, a subpoena, or an informal request required? Under what circumstances can service providers voluntarily cooperate with law enforcement? What's interesting is how little attention these issues seem to be getting -- even though they can have a pretty large impact. And, even though this may seem like legal details, it applies well outside the legal field as well. While it won't be the key focus, we're even going to include a short section on these kinds of legal issues in the cloud in our upcoming webinar on cloud security (register here). While this might not seem directly like a security issue, if you're in charge of keeping data secure, it's pretty important to know what it means when the feds knock on your door... or the door of the third party "cloud" provider to whom you outsourced your company's data. From rforno at infowarrior.org Thu May 6 12:38:26 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 May 2010 08:38:26 -0400 Subject: [Infowarrior] - Advanced User Guide to Social Networking Privacy Message-ID: <7E4C1FD6-2CA2-46F6-B37F-51285F245EBD@infowarrior.org> Lockdown or Death for your FaceBook Profile: An Advanced User Guide to Social Networking Privacy http://www.zdnet.com/blog/perlow/lockdown-or-death-for-your-facebook-profile-an-advanced-user-guide-to-social-networking-privacy/12891 From rforno at infowarrior.org Thu May 6 12:46:57 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 May 2010 08:46:57 -0400 Subject: [Infowarrior] - Google, Amazon Win Over AT&T, Comcast on Web Access Message-ID: <5897F569-3D6B-48EF-932B-077964833013@infowarrior.org> Google, Amazon Win Over AT&T, Comcast on Web Access By Todd Shields - May 05, 2010 http://preview.bloomberg.com/news/2010-05-05/fcc-to-regulate-internet-services-in-victory-for-google-over-comcast-at-t.html U.S. regulators will claim authority over companies offering Internet access in a setback for AT&T Inc. and Comcast Corp. and a win for Web content providers such as Google Inc., Amazon.com Inc. and EBay Inc. Federal Communications Commission Chairman Julius Genachowski plans to say tomorrow that the agency will extend rules used for telephone service to Internet providers, a commission official, who declined to be identified, said today in an e-mailed statement. The agency will pledge to stop short of provisions such as the authority to control rates. Genachowski wants to set net-neutrality rules that would bar companies from favoring their own Web content and services, a goal sought by consumer advocacy groups. His power to do so was undermined when a U.S. court ruled on April 6 that the agency lacked authority to regulate Comcast?s Internet practices. The decision by Genachowski will let the FCC ?ensure consumers are fully protected against blocking or degradation of websites and applications of their choice by broadband providers,? said Markham Erickson, executive director of the Open Internet Coalition, in an e-mailed statement. The coalition, with members including Google, EBay and Amazon, and consumer groups urged Genachowski to use the telephone rules in place of the regulations attacked in the Comcast case. ?This is a welcome announcement,? said Gigi Sohn, president of Public Knowledge, a Washington-based consumer advocacy group, in an e-mailed statement. ?Radical, Unlawful? Imposing phone rules ?would mark a radical and unlawful departure? from 15 years of Internet policy under Republicans and Democrats, executives for AT&T, Verizon Communications Inc. and Time Warner Cable Inc. said in an April 29 letter to Genachowski. Republicans questioned the FCC?s authority to extend the phone-service rules to the Internet. ?The FCC does not have the authority to regulate management of network congestion on the Internet,? said Lisa Miller, spokeswoman for Representative Joe Barton of Texas, the senior Republican on the House Energy and Commerce Committee, which oversees the FCC. Genachowski ?should ask Congress? for authority rather than ?make an end run,? Miller said in an e- mailed statement. Representative Henry Waxman of California and Senator Jay Rockefeller of West Virginia, who head each chamber?s commerce committee, wrote Genachowski a letter today urging him to consider all options to retain authority over Internet access providers. The Democratic lawmakers said they may back a law giving the agency more power. Michael Balmoris, a Washington spokesman for Dallas-based AT&T, the biggest U.S. phone company, and Sena Fitzmaurice, a Washington spokeswoman for Philadelphia-based Comcast, the largest U.S. cable provider, declined to comment. To contact the reporter on this story: Todd Shields in Washington at tshields3 at bloomberg.net From rforno at infowarrior.org Thu May 6 12:49:15 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 May 2010 08:49:15 -0400 Subject: [Infowarrior] - Google's security and privacy are not good enough Message-ID: Google's security and privacy are not good enough University of California snubs Gmail By Edward Berridge Thu May 06 2010, 11:38 http://www.theinquirer.net/inquirer/news/1635116/google-security-privacy A US UNIVERSITY has said that Google's commitment to privacy and security doesn't meet its standards. According to Information Week, Gmail failed a University of California at Davis evaluation as the official e-mail program for its 30,000 faculty and staff members. UC Davis' CIO Peter Siegel, academic senate IT chair Niels Jensen, and campus council IT chair Joe Kiskis said the school decided to end its Gmail pilot because faculty members doubted Google's ability to keep their correspondence private. Many faculty "expressed concerns that our campus's commitment to protecting the privacy of their communications is not demonstrated by Google and that the appropriate safeguards are neither in place at this time nor planned for in the near future," the letter said. Google insists that its privacy controls are adequate, although it admits that there are lots of opinions and voices on campuses. The University of California report cited a recent letter to Google CEO Eric Schmidt from the privacy commissioners of ten countries, including Canada, the UK, and Germany that slammed the outfit for its recent addition of Google Buzz to Gmail. Buzz adds social networking tools that the commissioners said compromise user privacy. However Google pointed out that Buzz was not part of the Gmail package under evaluation at UC Davis. UC Davis said that "outsourcing e-mail may not be in compliance with the University of California Electronic Communications Policy", which forbids the university from disclosing or examining the contents of emails without the account holder's consent and from distributing emails to third parties. ? From rforno at infowarrior.org Thu May 6 13:34:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 May 2010 09:34:24 -0400 Subject: [Infowarrior] - Facebook's exorbitant privilege Message-ID: <76833ED6-EFB1-444E-94D9-E9B227763F28@infowarrior.org> As an econ friend just said: "How Facebook is like the dollar." lol -rick Facebook's exorbitant privilege http://drezner.foreignpolicy.com/posts/2010/05/06/facebooks_exorbitant_privilege Posted By Daniel W. Drezner Thursday, May 6, 2010 - 1:21 PM Share One of the purposes of this blog is to profess my deep, profound admiration for Salma Hayek take somewhat arcane concepts from the world of social science and make them more accessible to the general interest reader. For example, there's been a lot of talk in recent years about the end of the dollar's status as the world's reserve currency. I keep saying it's not going to happen. To undertstand why, let me put it this way: the U.S. dollar is the Facebook of hard currencies. Social networking technologies, like reserve currencies, have a peculiar quality -- they are more useful when more people use them. A social networking site is only worth something if everyone's friends and contacts are on the site. It doesn't matter if there's another site that's superior, unless everyone is willing to simultaneously switch over. This gives the owner of the dominant social networking site an exorbitant privilege. It can change the rules of the game in its favor with minimal risk of mass defections. Indeed, it looks like Facebook is doing exactly that in an effort to increase its profit sources. Not surprisingly, this has alienated some Facebook users. As Charli Carpenter points out, however, alienation does not necessarily lead to defection: A lot of us can?t just decide to ?leave? without having somewhere to go. That?s because Facebook has become not just an extension of our offline networks, but to some extent, a space in which our virtual identities live ? our most important semi-imagined community. The decision to leave such sites is usually agonizing and isolating, because we are deeply committed to what Facebook has to offer, even as many of us abhor on principle what Facebook is becoming.... Plenty of us would choose such an exile from the dictatorship of Facebook were there a welcoming neighbor nearby to which we could escape with our friends and families. The latter is crucial: since the ?space? of social networking sites is constituted both by the platform and by one?s social network, we need a way to convince people in our Facebook networks to join us in exodus. That requires a social networking utility as cool and functional as Facebook, with none of its privacy-violating nonsense. Not just any country, but a country where we and our friends would actually want to go. There's an additional requirement -- everyone would need to agree that the new country is clearly cooler than Facebookland. These are pretty imposing barriers to exit. Now, lest one despair too much, Facebook, like the U.S. Treasury Department or the Federal Reserve, does not have unlimited power -- there is a limit pricing effect. Too much abuse of the privilege will lead to increased search for alternatives, and give competitors an enhanced incentive to encroach on Facebook's turf. Indeed, in this way, Facebook's status is more fragile than the dollar -- because while there are viable alternatives to Facebook, the only plausible rival to the dollar right now is doing a lovely job of imploding right now. There is one warning, however -- Facebook's hegemony will seem impregnable right up to the moment it collapses. Because the attraciveness of these sites depends on the number of other users, there's always the possibility that an inflection point is reached in which everyone migrates from Facebook to Orkut or something else. And when that does happen, the fall of Facebook will be fast and hard. And yes, this applies to the dollar as well. From rforno at infowarrior.org Thu May 6 15:02:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 May 2010 11:02:42 -0400 Subject: [Infowarrior] - Lieberman to Propose Citizenship-Stripping Law Message-ID: <7BC26B8C-02E1-4ADB-9F5A-5EF6F866F097@infowarrior.org> Lieberman to Propose Citizenship-Stripping Law Published 1, May 5, 2010 http://jonathanturley.org/2010/05/05/lieberman-to-propose-citizenship-stripping-law/ Greg Sargent at the Washington Post is reporting that Sen. Joe Lieberman (I-Conn.) will be proposing a new law that could potentially strip Americans of their citizenship if they?re involved with foreign terrorist organizations. The limited details revealed today are enough to send a chill down the spine of civil libertarians around the country. I will be discussing this issue tonight on Rachel Maddow?s show. The law reportedly would allow the State Department to treat citizenship like an administrative matter ? deciding whether you have associated with terrorist organizations. Agency procedures are widely condemned for their lack of due process protections and the heavy deference given to agency decision-making. We have seen abuses of this system in the designation of organizations under a similar process. To his credit, Schumer has come out against Lieberman?s proposal, again as reported by Sargant. He reports that Schumer initially indicated that he might support the law. However, Schumer?s staff insists that he was approached briefly in the hall on the subject but that he could not support such a proposal. While the burden would be on the State Department and you would have access to court review, the agency process could make it difficult to contest such findings ? particularly with the use of secret evidence (and barring the use of evidence by the defendant on national security grounds). Stripping citizens of their citizenship could also create stateless persons ? a problem in international law. Moreover, this process could occur at the same time that a person is fighting criminal charges ? adding to the practical and financial burden. Lieberman will reportedly hold a presser on Thursday. (more @ http://voices.washingtonpost.com/plum-line/2010/05/how_liebermans_citizen-strippi.html?wprss=plum-line) ...and even Chuck Shumer is against it: http://voices.washingtonpost.com/plum-line/2010/05/schumer_comes_out_against_lieb.html From rforno at infowarrior.org Thu May 6 18:49:06 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 May 2010 14:49:06 -0400 Subject: [Infowarrior] - FYI...markets crashing hard on Greece woes Message-ID: Dow down 663 SP down 73 Russel down 60 Gold up 30 Vix up 15 From rforno at infowarrior.org Thu May 6 21:21:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 May 2010 17:21:33 -0400 Subject: [Infowarrior] - Dow Plunges 998 Before Paring Losses Message-ID: <4981CFAE-EAE0-4C90-8DDD-616609CBBDB2@infowarrior.org> Dow Plunges 998 Before Paring Losses By Michael P. Regan and Rita Nazareth - May 06, 2010 http://preview.bloomberg.com/news/2010-05-06/bonds-decline-spanish-borrowing-costs-jump-as-ecb-meets-stocks-advance.html U.S. stocks tumbled the most in a year on concern Europe?s debt crisis will halt the global recovery. The selloff briefly erased more than $1 trillion in market value as the Dow Jones Industrial Average fell almost 1,000 points, its biggest intraday loss since 1987, before paring the drop. The Dow average ended down 347.8 points, or 3.2 percent, at 10,520.32 at the 4 p.m. close of trading in New York. The Standard & Poor?s 500 Index fell as much as 8.6 percent, its biggest plunge since December 2008, before ending at 1,128.15, down 3.2 percent. It was the biggest drop on a closing basis since April 20, 2009, for both measures. ?It?s panic selling,? said Burt White, chief investment officer at LPL Financial in Boston, which oversees $379 billion. ?There?s concern that the European situation might cool down global growth and freeze the credit markets.? New York Stock Exchange spokesman Rich Adamonis said ?there were a number of erroneous trades? during the plunge. The NYSE told CNBC that there were no system errors as speculation of bad trades swirled through the market. The Nasdaq OMX Group Inc. said it is working with other markets to review transactions during the plunge. Citigroup Inc. said it found ?no evidence? of erroneous trades after CNBC said the bank made a potentially bad transaction that triggered the slide. CNBC cited ?multiple sources.? Procter & Gamble Co. said it?s looking into electronic trading of its stock to determine whether it was made in error. Its shares sank as much as 37 percent and closed down 2.3 percent. Euro Tumbles The euro tumbled the most since the collapse of credit markets in 2008, dropping 1.5 percent to $1.2623 and touching a 14-month low of $1.2529, even as Greece?s parliament approved austerity measures demanded by the European Union and International Monetary Fund as a condition of its 110 billion euro ($139 billion) bailout. European Central Bank President Jean-Claude Trichet held interest rates at a record low of 1 percent today and said the bank didn?t discuss whether to purchase government bonds to stem the region?s debt crisis, defying market speculation that he would take such measures. ?The ECB can fix this instantly by doing what the Fed has done -- instantly providing liquidity by buying bad fixed-income instruments and paying cash in U.S. dollars,? said David Kovacs, head of quantitative strategies at Turner Investment Partners in Berwyn, Pennsylvania, which manages $18 billion. ?The reason the market is horrified now is Trichet said it?s not even being discussed. Smart investors are basically selling risk assets.? 2010 Gains Wiped Out The MSCI Asia Pacific Index joined the MSCI World Index and the Stoxx 600 Index in wiping out its advance for 2010. The Dow and S&P 500 briefly erased their yearly gains before paring losses. Bank of America Corp., Hewlett-Packard Co. and American Express Co. tumbled more than 4.5 percent to lead declines in the 30-stock Dow as all 30 of its companies dropped at least 1.6 percent. General Electric Co., the world?s biggest maker of jet engines, power-generation equipment and locomotives, fell as much as 17 percent before ending down 4.4 percent. Apple Inc. tumbled as much as 22 percent, the most since 2000, and ended down 3.8 percent. Technology stocks and industrial companies in the S&P 500 had the biggest intraday declines on record, losing as much as 10 percent and 11 percent, respectively, in intraday trading. Both groups ended down less than 4 percent. VIX Surges The benchmark index for U.S. stock options surged as much as 63 percent, the most since February 2007, to 40.7 before paring its advance to 32 percent and closing at an almost one- year high of 32.8. The VIX, as the Chicago Board Options Exchange Volatility Index is known, measures the cost of using options as insurance against declines in the S&P 500. About 19.3 billion shares changed hands on U.S. exchanges, the most since October 2008 and more than double 2010 average. Almost 10 stocks fell for every two that rose on U.S. exchanges The MSCI World Index of stocks in 23 developed nations sank 2.8 percent and has plunged 6.4 percent of the past three days, its biggest retreat since in 14 months. Yields on benchmark 10-year Treasury notes plunged 16 basis points to 3.377 percent on demand for assets considered the most safe. The Dollar Index, which measures the currency against six major trading partners, jumped as much as 1.4 percent. European Bonds Bonds of debt-laden European nations tumbled. The yield on Spain?s 10-year note surged 24 basis points, or 0.24 percentage point, to 4.42 percent, the highest since June. Italy?s 10-year yield jumped 22 basis points to 4.27 percent. The 10-year Greek bond yield surged 1.14 percentage points to 11.31 percent, the highest in Bloomberg data going back to 1998. The nation?s two-year debt surged 1.46 percentage points to 16.36 percent, a record in Bloomberg data. German bunds gained, sending the yield premium investors demand to own Greek and Spanish 10-year debt to records. A 110 billion-euro ($140 billion) aid package to avoid a default by Greece has failed to prevent bond yields from rising, driving up borrowing costs for countries including Spain and Portugal. Sovereign debt contagion may spread across Europe, affecting the banking systems of Portugal, Spain and Italy, as well as Greece, Moody?s Investors Service said in a report. ?All About Europe? ?It?s all about Europe,? said Tom Wirth, senior investment officer for Chemung Canal Trust Co., which manages $1.6 billion in Elmira, New York. ?There?s a perception that what?s going on in Europe will be dragging the region back into a recession. The question is how much of that is going to be contagious to the rest of the world.? Spain paid the highest yield since 2008 to sell five-year bonds. The Treasury sold 2.35 billion euros of the notes in an auction in Madrid to yield 3.532 percent. That was 0.716 percentage point more than it paid on similar securities in the most recent sale, nine weeks ago. Prime Minister Jose Luis Rodriguez Zapatero this week railed at investors who dumped Spanish bonds on concern that the rescue plan for Greece may not insulate other euro-region governments from the crisis. The premier is trying to reduce a budget deficit that?s almost four times the European Union?s limit and regain the confidence of fund managers. ECB President Jean-Claude Trichet resisted pressure from investors to take new steps to fight the euro-area?s spreading fiscal crisis. ?Decisive Actions? ?We call for decisive actions by governments to achieving a lasting and credible consolidation of public finances,? Trichet told reporters today after the ECB?s Governing Council met in Lisbon. Spain and Portugal are ?not Greece,? he said. Turmoil in financial markets also battered the market for initial public offerings. Ron Burkle?s Americold Realty Trust postponed the largest U.S. initial public offering of 2010, while Hong Kong?s Swire Properties Ltd. shelved its sale as the biggest stock-market slump in a year roiled IPOs. Americold, the warehouse operator owned by Burkle?s Yucaipa Cos., pulled its $660 million sale after slashing the midpoint price by 33 percent yesterday, according to Bloomberg data and a filing with the Securities and Exchange Commission. Swire Properties, landlord to Time Warner Inc. in Hong Kong, dropped its plan to raise as much as HK$20.8 billion ($2.7 billion). Smile Brands Group Inc., the Santa Ana, California- based provider of support services to dental groups, also shelved its $132 million IPO today. Crude oil fell to an 11-week low in New York, retreating 3.6 percent to $77.11 a barrel. Gold rallied 2.6 percent to top $1,200 an ounce, approaching a record. To contact the reporters on this story: Michael P. Regan in New York at Mregan12 at bloomberg.net; Rita Nazareth in New York at rnazareth at bloomberg.net. From rforno at infowarrior.org Fri May 7 00:20:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 May 2010 20:20:35 -0400 Subject: [Infowarrior] - USAF social media protocol (PDF) Message-ID: (c/o Anonymous) Here is a link to the Air Force guide mentioned in the article below: http://www.af.mil/shared/media/document/AFD-090406-036.pdf Air Force writes a book on social media protocol A few do?s and don?ts on putting together an effective guidebook By Sean Gallagher http://defensesystems.com/articles/2010/05/05/air-force-social-media-guide.aspx With the Defense Department?s recent decision to open up DOD networks to social media sites, members of the military will be looking for guidance on what they can and can?t do on Facebook, Twitter, and blogs. ?With the directive-type memorandum opening up social networks, suddenly you have an entire world of servicemembers who will have access to all these sites,? said Paul Bove, social media strategist for the Air Force Public Affairs Agency?s Emerging Technology Division, speaking today at the Open Government Innovations 2010 conference in Washington. ?And they need to have policy on what they can and can?t post on them.? And on that point, the Air Force Public Affairs Agency is ahead of the curve: The agency published its first guidebook to using social media for airmen more than a year ago. ?Guides eliminate the excuse of, ?I didn?t know,?? said Bove. Bove spoke at the conference about the process of putting together that guide, titled Social Media and the Air Force, now out in its second version. He also spoke about its overall success ? both as a tool for airmen and in gaining recognition for the Air Force in social media circles. Version 2 of the guide, printed in November 2009, is now being shipped out to every major Air Force command, along with Air Force Public Affairs guidance on the DOD?s new social media policy implementation. ?Our efforts go back into 2008,? Bove said. ?That?s when the Air Force really started to get involved in social media. We had nothing that really construed guidance for social media?there was no guidebook or instruction manual. There were a lot of resources on the Web, but they aren?t tailored to any particular organization?s needs. And a lot of organizations didn?t have a social media plan at the time. So [Air Force] Maj. [David] Faggard, who was our division chief at the time, said, ?Let?s write our own book.?? Bove went through the key parts of the process of creating a social media guide for a government organization, using the Air Force guide as a case study. The first step, he said, is to determine if a guide is really necessary. ?Often there?s sufficient guidance elsewhere in policy,? he said, and that simply pulling that policy together for reference will be enough. In the Air Force?s case, there was existing policy regarding operational security that applies to social media. But as far as other activities on social media, ?We saw there wasn?t policy that existed,? he said. ?So we thought this would be useful. We call it a guidebook or textbook; this isn?t official guidance from the Secretary of the Air Force.? Bove emphasized the importance of having leadership understand and approve of the process of creating a social media guide early in the process. ?If you?re going to decide that you need a guidebook, leadership is going to want to know why, and what?s the cost,? he said, adding that advance research, including social media site surveys and other resources are important in bolstering an argument for the need for a guide. Bove also said getting the agency?s legal department to look over the plan is an important part of the process. ?Talk to your legal department, and say, ?This is our plan--is there anything we should consider, that might violate copyrights, or any other issues??? Bove noted that the effort to produce the 30-page guide?s first version, along with an accompanying video and a decision-tree poster for assessment of blog and social media posts and how to respond, were significant. He emphasized that teams taking on the task of producing a guide should ?crowd-source? within their department, breaking up the work across people with the skills to handle elements of writing and design. The Air Force?s guide?with more than 10,000 copies printed and an electronic version posted on the Air Force?s main Web page?has garnered mostly positive feedback from leaders in the social media marketing community. Bove pointed out that it ranks at the top of Google search results for ?blog assessment? and other keywords. But Bove noted that this didn?t come without incident?an early draft of the blog assessment chart was leaked to the Internet, and was picked up by Wired Magazine?s Danger Room blog and portrayed unfavorably. ?They took the material out of context,? he said. ?And it wasn?t our final version, so there were still errors in it.? The Wired blog was then picked up by the New York Times and a local Washington TV station. Bove used this as a cautionary tale. ?Make sure anyone working on your team knows that the material is for internal use and proprietary until it?s done and approved,? he said. From rforno at infowarrior.org Fri May 7 01:00:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 6 May 2010 21:00:35 -0400 Subject: [Infowarrior] - NYSE: Blame Electronic Trading for Stocks Plunge Message-ID: Blame Electronic Trading for Stocks Plunge, NYSE Official Says By Chris Nagi and Matt Miller - May 06, 2010 http://preview.bloomberg.com/news/2010-05-06/electronic-trading-to-blame-for-stock-market-plunge-nyse-s-leibowitz-says.html Computerized trades sent to electronic networks turned an orderly stock market decline into a rout today, according to Larry Leibowitz, the chief operating officer of NYSE Euronext. While the first half of the Dow Jones Industrial Average?s 998.5-point plunge probably reflected normal trading, the selloff snowballed because of orders sent to venues with no investors willing to match them, Leibowitz said in an interview on Bloomberg Television. ?If you look at the charts you can see fairly clearly where the trades came in,? he said from New York. ?It?s that V-shaped drop where it came down and snapped right back up. You had some very high-cap stocks trading down 50 percent or large percentages in a split instant because there really was no liquidity in electronic markets.? The selloff briefly erased more than $1 trillion in market value as the Dow average tumbled 9.2 percent, its biggest intraday percentage loss since 1987, before paring the drop. More than 29.4 billion shares changed hands on all U.S. venues today, including traditional exchanges such as the NYSE, rivals Bats Global Markets Inc. in Kansas City and Jersey City, New Jersey-based Direct Edge, and other electronic platforms. The level compares with 2.58 billion traded on the NYSE, making it the biggest gap in more than three years, data compiled by Bloomberg show. More Venues Increasing automation and competition have reduced the Big Board and Nasdaq?s volume in securities they list from as much as 80 percent in the last decade. Now, two-thirds of trading in their companies takes place off their networks because orders are dispersed across dozens of competing venues. Nasdaq OMX Group Inc. said it will cancel stock trades that were more than 60 percent above or below prices at 2:40 p.m. New York time, just before U.S. equities plummeted. The New York-based firm, which investigated trades between 2:40 p.m. and 3 p.m., said it will provide a list of stocks affected and the prices at which the trades will be canceled. ?The fact that it snapped back so quickly made it clear that it was an aberration,? Leibowitz said. ?When a large order or series of orders comes into electronic markets, they don?t really have any way to recognize either that they?re a mistake or to slow them to down to attract the proper liquidity on the other side. And so the electronic markets actually traded all the way through the slower New York Stock Exchange markets where we were trying to slow down trading.? To contact the reporters on this story: Chris Nagi in New York at chrisnagi at bloomberg.net; Matt Miller in New York at mtmiller at bloomberg.net From rforno at infowarrior.org Fri May 7 11:20:19 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 May 2010 07:20:19 -0400 Subject: [Infowarrior] - OT: Hear The Markets Crash Message-ID: <2E23AC7B-DA60-4F37-BABA-6C0B1BCA3F21@infowarrior.org> Want to know what a market crash sounds like from the inside? This is it. Thank you, Skynet. This is Ben Lichtenstien, one of the major pit 'squawkers' up in Chicago yesterday. Normally Ben is calm and very composed...but you can hear the total amazement/awe in his voice during yesterday's market collapse. The S&P came within (I think) 10 points of going "limit down" -- and the move back up was almost as wild. (Even if you don't understand what's going on and think he sounds like a tobacco auctioneer, it's still a 'historic' sort of event in market history and interesting to hear.) The way his voice is going, I suspect he's going to be drinking lots of hot tea and honey this weekend. :) MUST HEAR: Panic And Loathing From The S&P 500 Pits http://www.zerohedge.com/article/panic-and-loathing-sp-500-pits Die, algo quant robots, die!!! Less robots, more people, please. -rick From rforno at infowarrior.org Fri May 7 11:49:47 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 May 2010 07:49:47 -0400 Subject: [Infowarrior] - =?windows-1252?q?Bill_Targets_Citizenship_of_Terr?= =?windows-1252?q?orists=92_Allies?= Message-ID: (Interesting nobody's calling this the TEA Bill yet. -rick) Bill Targets Citizenship of Terrorists? Allies By CHARLIE SAVAGE and CARL HULSE Published: May 6, 2010 http://www.nytimes.com/2010/05/07/world/07rights.html?hpw WASHINGTON ? Proposed legislation that would allow the government to revoke American citizenship from people suspected of allying themselves with terrorists set off a legal and political debate Thursday that scrambled some of the usual partisan lines on civil-liberties issues. The Terrorist Expatriation Act, co-sponsored by Senators Joseph I. Lieberman, independent of Connecticut, and Scott Brown, Republican of Massachusetts, would allow the State Department to revoke the citizenship of people who provide support to terrorist groups like Al Qaeda or who attack the United States or its allies. Some Democrats expressed openness to the idea, while several Senate Republicans expressed concern. Mr. Brown, who endorsed aggressive tactics against terrorism suspects in his campaign for the late Senator Edward M. Kennedy?s seat, said the bill was not about politics. ?It reflects the changing nature of war and recent events,? Mr. Brown said Thursday. ?War has moved into a new dimension. Individuals who pick up arms ? this is what I believe ? have effectively denounced their citizenship, and this legislation simply memorializes that effort. So somebody who wants to burn their passport, well, let?s help them along.? Identical legislation is also being introduced in the House by two Pennsylvania congressmen, Jason Altmire, a Democrat, and Charlie Dent, a Republican. The lawmakers said at a news conference that revoking citizenship would block terrorism suspects from using American passports to re-enter the United States and make them eligible for prosecution before a military commission instead of a civilian court. Citing with approval news reports that President Obama has signed a secret order authorizing the targeted killing of a radical Yemeni-American cleric, Anwar Al-Awlaki, Mr. Lieberman argued that if that policy was legal ? and he said he believed it was ? then stripping people of citizenship for joining terrorist organizations should also be acceptable. Several major Democratic officials spoke positively about the proposal, including Secretary of State Hillary Rodham Clinton. Noting that the State Department already had the authority to rescind the citizenship of people who declare allegiance to a foreign state, she said the administration would take ?a hard look? at extending those powers to cover terrorism suspects. ?United States citizenship is a privilege,? she said. ?It is not a right. People who are serving foreign powers ? or in this case, foreign terrorists ? are clearly in violation, in my personal opinion, of that oath which they swore when they became citizens.? Speaker Nancy Pelosi said she supported the ?spirit? of the measure, although she urged caution and said that the details of the proposal, like what would trigger a loss of citizenship, still needed to be fleshed out. Several Republican officials, though, were skeptical of the idea. Representative John A. Boehner of Ohio, the Republican leader, questioned the constitutionality of the proposal. ?If they are a U.S. citizen, until they are convicted of some crime, I don?t see how you would attempt to take their citizenship away,? Mr. Boehner said. ?That would be pretty difficult under the U.S. Constitution.? The proposal would amend an existing, although rarely used, program run by the State Department. It dates to a law enacted by Congress in 1940 that allowed the stripping of citizenship for activities like voting in another country?s elections or joining the army of a nation that is at war with the United States. People who lose their citizenship can contest the decision in court. The Supreme Court later narrowed the program?s scope, declaring that the Constitution did not allow the government to take away people?s citizenship against their will. The proposal does not alter the requirement of evidence of voluntariness. That means that if the proposal passed, the State Department would have to cite evidence that a person not only joined Al Qaeda, but also intended to relinquish his citizenship, and the advantages it conveys, to rescind it. Several legal scholars disagreed about the legality and effectiveness of the proposal. Kevin R. Johnson, the dean of the law school at the University of California, Davis, argued that it was ?of dubious constitutionality? because merely joining or donating to a terrorist group fell short of unequivocal evidence that someone intended to relinquish his citizenship. Peter H. Schuck, a Yale University law professor, said the Supreme Court might allow Congress to declare that joining Al Qaeda created a presumption that an American intended to relinquish his citizenship, so long as the program allowed the person to rebut that view. Mr. Lieberman portrayed the proposal as a reaction to increasing involvement in Islamic terrorism by United States citizens, including Faisal Shahzad, the Pakistani-American man who was arrested in connection with the failed attempt to set off a car bomb in Times Square last Saturday. Mr. Shahzad was granted American citizenship last year. However, Mr. Lieberman emphasized, the measure would apply only to people who commit such acts in the future. Senate aides said that it would apply only to acts undertaken overseas. From rforno at infowarrior.org Fri May 7 12:13:31 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 May 2010 08:13:31 -0400 Subject: [Infowarrior] - Mikulski presses for more NSA web powers Message-ID: <202B6B6E-9768-4DF9-BB14-34834B1F2A2C@infowarrior.org> Navigate: http://www.politico.com/blogs/joshgerstein/0510/Mikulski_presses_for_more_NSA_powers.html Mikulski presses for more NSA web powers Sen. Barbara Mikulski (D-Md.) is pressing the Obama Administration to give the National Security Agency more power to oversee the privately-owned portions of the Internet. During an appropriations hearing Thursday, Mikulski pressed Attorney General Eric Holder for answers about legal opinions the government may be drafting to address the extent to which the NSA can defend cyberspace in the U.S. The Maryland senator said divisions of responsibility between the Department of Homeland Security and NSA, which happens to be based in her state, have paralyzed the government's cybersecurity efforts. She suggested NSA's role needs to go beyond protecting the "dot-mil" domains. "We don't know who the hell is in charge." Mikulski complained. "The private sector is really apprehensive about the ongoing attacks on them...We have to have kind of a legal framework." "There needs to be clarification of government and there needs to be clarification in and perhaps new law," she added. The senator suggested that "certain constrictions that have served us well in the past" need to be changed, though she quickly added that privacy and civil liberties protections need to remain. Mikulski also took a shot at DHS, saying, "They really don't have a lot to offer right this minute, or they do, but they're getting it from the dot-mil." Holder, who admittedly has had a lot of other things to worry about the last couple of days, seemed befuddled by the questions. He initially seemed to think Mikulski was asking about Justice Department efforts to fight cybercrime. UPDATE: Main Justice's Joe Palazzolo reports that budget documents say the Justice Department's Office of Legal Counsel has done extensive work on the legal issues surrounding cybersecurity. When Holder said he was open to "any suggestions," Mikulski grew impatient. "I'll be honest Mr. Holder, I'm not looking for suggestions, I'm looking for a comprehensive effort, tasked by the White House to the Attorney General's office." Holder never gave a firm answer about whether such a review was underway or would be undertaken. "We want to make sure that the laws we have on the books are up to date to deal with this new reality," Holder said, before indicating that the White House was really in the lead on cybersecurity. In March, the Obama Administration declassified parts of a cybersecurity plan that splits certain responsibilities between DHS and NSA. From rforno at infowarrior.org Fri May 7 17:55:27 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 May 2010 13:55:27 -0400 Subject: [Infowarrior] - Feds report 700 seizures of bootleg Cisco hardware Message-ID: Feds report 700 seizures of bootleg Cisco hardware By Matthew Lasar | Last updated about 3 hours ago http://arstechnica.com/tech-policy/news/2010/05/feds-report-700-seizures-of-bootleg-cisco-hardware.ars The Department of Justice has released a summary of the fruits of the government's ongoing campaign against bootleg network hardware. The bottom line: 700 grabs of phony Cisco Systems devices worth over $143 million, and 30 felony convictions of its shippers and sellers. The announcement comes with the requisite stern warning from the feds. "These cases involve greedy businessmen hocking counterfeit and substandard hardware to any buyer?whether it could affect the health and safety of others in a hospital setting or the security of our troops on the battlefield," declared John Morton, Assistant Secretary for Homeland Security. "They pose a triple threat to our nation by stealing from our economy, threatening U.S. jobs and potentially putting the safety of our citizens at risk." Blame it on Tony But boilerplate crime-doesn't-pay language aside, fake label network hardware sold to the United States also poses a security threat. "Counterfeit components can provide the 'back door' that external parties need to access a user's personal information or monitor their communication," warns Cisco's 2008 Annual Security Report. "They are also extremely difficult to detect and can be costly to address. While software can be patched, counterfeit components must be removed one machine at a time." That's why the Thursday sentencing of Ehab Ashoor for trafficking in counterfeit Cisco products bears scrutiny. A Saudi citizen living in Sugarland, Texas, a federal jury convicted him of buying bogus Cisco Gigabit Interface Converters over the web from a vendor in China. Evidence at the trial suggested that the plan was to sell the gear to the Marine Corps, which hoped to use the equipment for coordinating troop movements, storing intelligence, and running security operations for a military base near Fallujah, Iraq. The court sentenced Ashoor to 51 months in prison. On top of that, he must pay $119,400 in restitution to Cisco. And last year Robert and Michael Edman of Richmond, Texas pled guilty to selling fake Cisco gear to the Federal Bureau of Prisons. The customers for their "Syren Technology" company included the Marine Corps, Air Force, FBI, Federal Aviation Administration, and the Department of Energy. When confronted by the FBI, Robert Edman told agents that he regularly bought Cisco equipment "from an individual in China who goes by the name 'Tony'." No vetting But these cases may be only the tip of the router when it comes to faux Cisco network equipment winding up in unbeknownst use by military and civilian federal agencies. Several years ago various blog sites leaked a Federal Bureau of Investigation PowerPoint presentation revealing how concerned the agency had become about the situation. The presentation reported fraudsters selling routers, switches, interface converters, and WAN interface cards to the federal government at bargain basement prices. Example: $1,375.00 for a legit router, $234.00 for a counterfeit. Buyers of this tainted equipment included the US Naval Academy, the Naval Air Warfare Center, the Naval Undersea Warfare Academy, an air base in Germany, the General Services Administration, the Air Force, the Federal Aviation Administration, top defense contractor Raytheon, and the FBI itself. And the problem, from the presentation's perspective, was much bigger than small crews of baddies siphoning phony machines in from China. The government subcontracting process, it disclosed, had become so cutthroat, byzantine, and laced with third-party involvement, that it could easily be penetrated by bootleggers and cheats. You get the idea from this slide: Highly specialized The report faulted Cisco for not offering direct sales (with the exception of "high specialized equipment sales"). It also criticized various high-profile buyers for sloppy procurement practices. In the case of a purchase by Lockheed Martin of over $250,000 in counterfeit Cisco equipment, the defense contractor did not go through a GSA IT vendor or an authorized Cisco reseller. Eventually the company discovered duplicate serial numbers on Cisco switches. The presentation mapped out the typical purchasing hierarchy as so: "Government or Govt. Contractor -> GSA IT Vendor -> 1st Subcontractor -> 2nd Sub-Contractor -> 3rd Sub-Contractor --> Counterfeit Equipment Distributor." All these latest seizures and busts come under the rubric of "Operation Network Raider," a campaign run by the FBI's Cyber Division, the Department of Justice, Immigration and Customs Enforcement, and Customs and Border Protection. Nine individuals face trials and another eight were convicted and await sentencing as a result of this campaign. The Justice Department's announcement also says that collars of bogus Cisco equipment dropped by 75 percent between 2008 and 2009. But it also acknowledges that over 50 counterfeit shipments seized were labeled as military- or aerospace-grade devices. From rforno at infowarrior.org Fri May 7 20:51:27 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 May 2010 16:51:27 -0400 Subject: [Infowarrior] - The Last Days of the Dragon Lady Message-ID: May 7, 2010 Op-Ed Contributor The Last Days of the Dragon Lady By CHOLENE ESPINOZA http://www.nytimes.com/2010/05/07/opinion/07Espinoza.html?hp=&pagewanted=print FIFTY years ago today, the Soviet Union announced that it had shot down an American U-2 spy plane and that its pilot, Francis Gary Powers, was alive. It seems like a long-ago event from the cold war. That may be why, in this era of satellites and drones, most people are surprised to learn that the U-2 is not only still in use, but that it is as much a part of our national security structure as it was a half-century ago. Every decade or so there is chatter about replacing the U-2. And yet, thanks to its remarkable technological and operational capacity and flexibility, the U-2 has in recent years been used to find homemade bombs in Afghanistan, drug lords in Colombia, mass graves in the former Yugoslavia and budding nuclear weapons programs in the Middle East. It has also been critical in non-military missions like measuring ozone levels and mapping disaster zones. This time, though, it looks pretty certain that the Air Force will follow through on its plans to retire the U-2 as soon as it can field a Global Hawk drone retrofitted with electronic eavesdropping devices. I flew the U-2 during the 1990s, and I received this news as if I had learned that an old friend was dying. It may seem odd to grieve for a machine. But the U-2 is no ordinary vehicle. Some in my world call flying the plane a religion, others a calling. For me it was a gift. The U-2 is nicknamed the Dragon Lady for good reason. You never knew what to expect when you took it into the air, no matter how seasoned a pilot you were. This was an unfortunate consequence of its design. The trade-off of a plane built light enough to fly above 70,000 feet is that it is almost impossible to control. And 13 miles above the ground, the atmosphere is so thin that the ?envelope? between stalling and ?overspeed? ? going so fast you lose control of the plane, resulting in an unrecoverable nose dive ? is razor-thin, making minor disruptions, even turbulence, as deadly as a missile. The challenge is even greater near the ground, since to save weight, the plane doesn?t have normal landing gear. As I was told before one of my tryout flights, ?Landing the U-2 is a lot like playing pool. It?s not so much how you shoot as how you set up your shot.? Or, as my former wing commander said, ?We?ve all had moments when we could just as easily have made one tiny move the other way and ended up dead.? Getting the plane up and down was not the only challenge. Staying airborne ? and alert ? for countless hours, looking at nothing but sky, was another. I learned the hard way, for example, that you can get diaper rash from Gatorade. Other risks were less benign, as I found when I was the ground officer for a pilot who radioed, ?My skin feels like it?s crawling.? He had the bends so badly from changes in pressure that when he landed his body was covered with huge welts. Had the weather not cleared in time for him to land, these bubbles of nitrogen might have lodged in his brain or optical nerve ? as they had in other U-2 pilots. Were the risks worth it? Absolutely. The advantage of having a human being in the pilot?s seat of a reconnaissance plane is overwhelming. A person can troubleshoot problems in mid-flight, with creativity that a computer lacks and a proximity to the problem that a remote-control pilot can never achieve. A pilot also has unique situational awareness: I?ve been on more than one mission in which I was able to distinguish promising details that a drone would have missed. It was worth it personally, too. I?ll never forget the adrenaline surge of landing what was basically a multimillion-dollar jet-powered glider on its 12-inch tail wheel from a full stall while wearing a space suit. And I?ll always remember the peace of sitting alone on the quiet edge of space, out of radio contact for hours. The new generation of drones have their merits. But flying robots, no matter how advanced, can?t measure up to the courage and commitment of a pilot who is risking her life for the sake of the mission. Reconnaissance will outlive the U-2, but there will always be a divot in the hearts of those who have seen the curvature of the earth, the stars seemingly close enough to touch, and known the satisfaction of having completed a mission with the Dragon Lady. Cholene Espinoza is a former U-2 pilot. From rforno at infowarrior.org Fri May 7 21:35:41 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 7 May 2010 17:35:41 -0400 Subject: [Infowarrior] - US: Hollywood can disable TV set features Message-ID: Film Studios Allowed by U.S. to Use Anti-Piracy Technology on TV Equipment By Todd Shields - May 07, 2010 http://preview.bloomberg.com/news/2010-05-07/film-studios-said-to-be-allowed-to-use-anti-piracy-technology-on-tv-sets.html The film industry can block outputs on home television equipment so studios can offer first-run movies while preventing viewers from making illicit copies, U.S. regulators said. Temporarily disabling the outputs will ?enable a new business model? that wouldn?t develop in the absence of such anti-piracy protection, the Federal Communications Commission said today in an order. Home viewing of recently released movies over cable and satellite systems would provide revenue for studios such as Viacom Inc.?s Paramount Pictures and Sony Corp.?s film division, which have seen DVD sales drop as more people get films through Internet, mail-order and kiosk rental services. The advocacy group Public Knowledge is among opponents who say the plan interferes with viewer choice. The FCC order ??will allow the big firms for the first time to take control of a consumer?s TV set or set-top box, blocking viewing of a TV program or motion picture,? Gigi Sohn, president of Washington-based Public Knowledge, said in a statement. The Motion Picture Association of America asked the FCC in 2008 for a waiver from rules against disabling video outputs so that its members could send movies over cable and satellite services using ?secure and protected digital outputs,? according to the trade group?s petition at the agency. ?This action is an important victory for consumers who will now have far greater access to see recent high-definition movies in their homes,? Bob Pisano, president and interim chief executive officer of the MPAA, said today in a statement. ?It is a major step forward in the development of new business models by the motion picture industry to respond to growing consumer demand.? The Washington-based MPAA represents Paramount Pictures, Sony?s film unit, News Corp.?s Twentieth Century Fox, General Electric Co.?s NBC Universal, Walt Disney Co. and Time Warner Inc.?s Warner Bros. Pictures. To contact the reporter on this story: Todd Shields in Washington at tshields3 at bloomberg.net From rforno at infowarrior.org Sat May 8 15:07:11 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 May 2010 11:07:11 -0400 Subject: [Infowarrior] - CJCS Social Media Strategy Message-ID: <3665CD0F-0CB4-4D4F-91F9-140E2FF8BF1A@infowarrior.org> Chairman's 2010 Social Media Strategy http://www.slideshare.net/DepartmentofDefense/chairmans-2010-social-media-strategy From rforno at infowarrior.org Sat May 8 22:18:43 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 May 2010 18:18:43 -0400 Subject: [Infowarrior] - Battling the Cyber Warmongers Message-ID: <94CDD623-B15A-4F62-AD43-D029F7DB8EC6@infowarrior.org> (c/o Anonymous) Battling the Cyber Warmongers Cyberattacks are inevitable but the threat has been exaggerated by those with a vested interest http://online.wsj.com/article/SB10001424052748704370704575228653351323986.html?mod=WSJ_latestheadlines By EVGENY MOROZOV A recent simulation of a devastating cyberattack on America was crying for a Bruce Willis lead: A series of mysterious attacks?probably sanctioned by China but traced to servers in the Russian city of Irkutsk?crippled much of the national infrastructure, including air traffic, financial markets and even basic email. If this was not bad enough, an unrelated electricity outage took down whatever remained of the already unplugged East Coast. .The simulation?funded by a number of major players in network security, organized by the Bipartisan Policy Center, a Washington-based think tank, and broadcast on CNN on a Saturday night?had an unexpected twist. The American government appeared incompetent, indecisive and confused (past government officials, including former Secretary of Homeland Security Michael Chertoff and former Deputy Secretary of State John Negroponte, were recruited to play this glamorous role on TV). "The U.S. is unprepared for cyberwar," the simulation's organizers grimly concluded. The past few months have been packed with cyber-jingoism from former and current national security officials. Richard Clarke, a former cybersecurity adviser to two administrations, says in his new book that "cyberwar has already begun." Testifying in Congress in February, Mike McConnell, former head of the National Security Agency, argued that "if we went to war today in a cyberwar, we would lose." Speaking in late April, Director of Central Intelligence Leon Panetta said that "the next Pearl Harbor is likely to be a cyberattacking going after our grid." The murky nature of recent attacks on Google?in which someone tricked a Google employee into opening a malicious link that eventually allowed intruders to access parts of Google's password-managing software, potentially compromising the security of several Chinese human rights activists?has only added to public fears. If the world's most innovative technology company cannot protect its computers from such digital aggression, what can we expect from the bureaucratic chimera that is the Department of Homeland Security? Google should be applauded for going on the record about the cyber-attacks; most companies prefer to keep quiet about such incidents. But do hundreds?or even thousands?of such incidents that target both the private and the public sector add up to the imminent threat of a "cyberwar" that is worthy of such hype? The evidence so far looks too shaky. Ironically, the more we spend on securing the Internet, the less secure we appear to feel. A 2009 report by Input, a marketing intelligence firm, projected that government spending on cybersecurity would grow at a compound rate of 8.1% in the next five years. A March report from consulting firm Market Research Media estimates that the government's total spending on cybersecurity between now and 2015 is set to hit $55 billion, with strong growth predicted in areas such as Internet-traffic surveillance and monitoring. Given the previous history of excessively tight connections between our government and many of its contractors, it's quite possible that the over-dramatized rhetoric of those cheerleading the cyberwar has helped to add at least a few billion dollars to this price tag. Mr. McConnell's current employer, Booz Allen Hamilton, has just landed $34 million in cyber security contracts with the Air Force. In addition to writing books on the subject, Richard Clarke is a partner in a security firm, Good Harbor Consulting. "The point we have made about cyberwar is that the U.S. has created a large and expensive cyberwar command, as have other nations. Thus, the government thinks cyberwar is possible no matter what the naysayers think," says Mr. Clarke in an email. Mr. Clarke says 90% of his firm's revenue in 2009 and 2010 to date comes from consulting unrelated to cybersecurity, and none of the proposals from his book would financially benefit Good Harbor. In a statement, Booz Allen Hamilton says of Mr. McConnell: "As director of national intelligence he delivered the same messages of concern about the vulnerability of our cyber-infrastructure to President George W. Bush and presidential candidate Barack Obama?As a longstanding intelligence professional, McConnell has an awareness across the full spectrum of classification,and sees it as his duty in public service to foster the right kind of discussion so the nation's leadership can debate and mitigate the risks." Both Messrs. McConnell and Clarke?as well as countless others who have made a successful transition from trying to fix the government's cyber security problems from within to offering their services to do the same from without?are highly respected professionals and their opinions should not be taken lightly, if only because they have seen more classified reports. Their stature, however, does not relieve them of the responsibility to provide some hard evidence to support their claims. We do not want to sleepwalk into a cyber-Katrina, but neither do we want to hold our policy-making hostage to the rhetorical ploys of better-informed government contractors. Steven Walt, a professor of international politics at Harvard, believes that the nascent debate about cyberwar presents "a classical opportunity for threat inflation." Mr Walt points to the resemblance between our current deliberations about online security and the debate about nuclear arms during the Cold War. Back then, those working in weapons labs and the military tended to hold more alarmist views than many academic experts, arguably because the livelihoods of university professors did not depend on having to hype up the need for arms racing. Markus Ranum, a veteran of the network security industry and a noted critic of the cyber war hype, points to another similarity with the Cold War. Today's hype, he says, leads us to believe that "we need to develop an offensive capability in order to defend against an attack that isn't coming?it's the old 'bomber gap' all over again: a flimsy excuse to militarize." How dire is the threat? Ask two experts and you will get different opinions. Just last month, Lt. Gen. Keith Alexander, director of the NSA, told the Senate's Armed Services Committee that U.S. military networks were seeing "hundreds of thousands of probes a day." However, speaking at a March conference in San Francisco, Howard Schmidt, Obama's recently appointed cybersecurity czar, said that "there is no cyberwar," adding that it is "a terrible metaphor" and a "terrible concept." The truth is, not surprisingly, somewhere in between. There is no doubt that the Internet brims with spamming, scamming and identity fraud. Having someone wipe out your hard drive or bank account has never been easier, and the tools for committing electronic mischief on your enemies are cheap and widely accessible. This is the inevitable cost of democratizing access to multi-purpose technologies. Just as any blogger can now act like an Ed Murrow, so can any armchair-bound cyberwarrior act like the ?ber-hacker Kevin Mitnick, who was once America's most-wanted computer criminal and now runs a security consulting firm. But just as it is wrong to conclude that the amateurization of media will bring on a renaissance of high-quality journalism, so it is wrong to conclude that the amateurization of cyberattacks will usher in a brave new world of destructive cyberwarfare. In his Senate testimony?part of his confirmation process to head the Pentagon's new Cyber Command? Gen. Alexander of the NSA explained those "hundreds of thousands of probes" could allow attackers to "scan the network to see what kind of operating system you have to facilitate?an attack." This may have scared our mostly technophobic senators but it's so vague that even some of the most basic attacks available via the Internet?including those organized by "script kiddies," or amateurs who use scripts and programs developed by professional hackers?fall under this category. Facing so many probes is often the reality of being connected to the Internet. The number of attacks is not a very meaningful indicator of the problem, especially in an era when virtually anyone can launch them. From a strictly military perspective, "cyberwar"?with a small "c"?may very well exist, playing second fiddle to ongoing military conflict, the one with tanks, shellfire and all. The Internet?much like the possibility of air combat a century ago?has opened new possibilities for military operations: block the dictator's bank account or shut down his propaganda-infested broadcast media. Such options were already on the table?even though they appear to have been used sparingly? during a number of recent wars. Back in 1999, Gen. Wesley Clark, then the outgoing supreme allied commander in Europe, instilled American policy makers with high hopes when he said in Senate testimony that NATO could have "methods to isolate Milosevic and his political parties electronically," thus preventing "the use of the military instrument." Why have such tactics?known in military parlance as "computer network attacks"?not been used more widely? As revolutionary as it is, the Internet does not make centuries-old laws of war obsolete or irrelevant. Military conventions, for example, require that attacks distinguish between civilian and military targets. In decentralized and interconnected cyberspace, this requirement is not so easy to satisfy: A cyberattack on a cellphone tower used by the adversary may affect civilian targets along with military ones. When in 2008 the U.S. military decided to dismantle a Saudi Internet forum?initially set up by the CIA to glean intelligence but increasingly used by the jihadists to plan on attacks in Iraq?it inadvertently caused disruption to more than 300 servers in Saudi Arabia, Germany and Texas. A weapon of surgical precision the Internet certainly isn't, and damage to civilians is hard to avoid. Military commanders do not want to be tried for war crimes, even if those crimes are committed online. As Gen. Clark pointed out in 1999, cyberwarfare may one day give us a more humane way to fight wars (why, for example, bomb a train depot if you can just temporarily disable its computer networks?), so we shouldn't reject it out of hand. The main reason why this concept conjures strong negative connotations is because it is often lumped with all the other evil activities that take place online?cybercrime, cyberterrorism, cyber-espionage. Such lumping, however, obscures important differences. Cybercriminals are usually driven by profit, while cyberterrorists are driven by ideology. Cyber-spies want the networks to stay functional so that they can gather intelligence, while cyberwarriors?the pure type, those working on military operations?want to destroy them. All of these distinct threats require quite distinct policy responses that can balance the risks with the levels of devastation. We probably want very strong protection against cyberterror, moderate protection against cybercrime, and little to no protection against juvenile cyber-hooliganism. Perfect security?in cyberspace or in the real world?has huge political and social costs, and most democratic societies would find it undesirable. There may be no petty crime in North Korea, but achieving such "security" requires accepting all other demands of living in an Orwellian police state. Just like we don't put up armed guards to protect every city wall from graffiti, we should not overreact in cyberspace. Recasting basic government problems in terms of a global cyber struggle won't make us any more secure. The real question is, "Why are government computers so vulnerable to very basic and unsophisticated threats?" This is not a question of national security; it is a question of basic government incompetence. Cyberwar is the new "dog ate my homework": It's far easier to blame everything on mysterious Chinese hackers than to embark on uncomfortable institutional soul-searching. Thus, when a series of fairly unsophisticated attacks crashed the websites of 27 government agencies?including those of the Treasury Department, Secret Service and Transportation Department?during last year's July Fourth weekend, it was panic time. North Korea was immediately singled out as their likely source (websites of the South Korean government were also affected). But whoever was behind the attacks, it was not their sophistication or strength that crashed the government's websites. Network security firm Arbor Networks described the attacks as "pretty modest-sized." What crashed the websites was the incompetence of the people who ran them. If "pretty modest-sized" attacks can cripple them, someone is not doing their job. What we do not want to do is turn "weapons of mass disruption"?as Barack Obama dubbed cyberattacks in 2009?into weapons of mass distraction, diverting national attention from more burning problems while promoting extremely costly solutions. For example, a re-engineering of the Internet to make it easier to trace the location of cyberattackers, as some have called for, would surely be expensive, impractical and extremely harmful to privacy. If today's attacks are mostly anonymous, tomorrow they would be performed using hijacked and fully authenticated computers of old ladies. What is worse, any major re-engineering of the Internet could derail other ambitious initiatives of the U.S. government, especially its efforts to promote Internet freedom. Urging China and Iran to keep their hands off the Internet would work only if Washington sticks to its own advice; otherwise, we are trading in hype. In reality, we don't need to develop a new set of fancy all-powerful weaponry to secure cyberspace. In most cases the threats are the same as they were 20 years ago; we still need to patch security flaws, update anti-virus databases and ban suspicious users from our sites. It's human nature, not the Internet, that we need to conquer and re-engineer to feel more secure. But it's through rational deliberation, not fear-mongering, that we can devise policies that will accomplish this. ?Evgeny Morozov is a fellow at Georgetown University and a contributing editor to Foreign Policy. His book about the Internet and democracy will be published this fall. From rforno at infowarrior.org Sat May 8 22:30:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 May 2010 18:30:10 -0400 Subject: [Infowarrior] - =?windows-1252?q?Facebook=92s_Gone_Rogue?= Message-ID: Facebook?s Gone Rogue; It?s Time for an Open Alternative ? By Ryan Singel ? May 7, 2010 | ? 6:58 pm | http://www.wired.com/epicenter/2010/05/facebook-rogue/ Facebook has gone rogue, drunk on founder Mark Zuckerberg?s dreams of world domination. It?s time the rest of the web ecosystem recognizes this and works to replace it with something open and distributed. Facebook used to be a place to share photos and thoughts with friends and family and maybe play a few stupid games that let you pretend you were a mafia don or a homesteader. It became a very useful way to connect with your friends, long-lost friends and family members. Even if you didn?t really want to keep up with them. Soon everybody ? including your uncle Louie and that guy you hated from your last job ? had a profile. And Facebook realized it owned the network. Then Facebook decided to turn ?your? profile page into your identity online ? figuring, rightly, that there?s money and power in being the place where people define themselves. But to do that, the folks at Facebook had to make sure that the information you give it was public. So in December, with the help of newly hired Beltway privacy experts, it reneged on its privacy promises and made much of your profile information public by default. That includes the city that you live in, your name, your photo, the names of your friends and the causes you?ve signed onto. This spring Facebook took that even further. All the items you list as things you like must become public and linked to public profile pages. If you don?t want them linked and made public, then you don?t get them ? though Facebook nicely hangs onto them in its database in order to let advertisers target you. This includes your music preferences, employment information, reading preferences, schools, etc. All the things that make up your profile. They all must be public ? and linked to public pages for each of those bits of info ? or you don?t get them at all. That?s hardly a choice, and the whole system is maddeningly complex. Simultaneously, the company began shipping your profile information off pre-emptively to Yelp, Pandora and Microsoft ? so that if you show up there while already logged into Facebook, the sites can ?personalize? your experience when you show up. You can try to opt out after the fact, but you?ll need a master?s in Facebook bureaucracy to stop it permanently. Care to write a status update to your friends? Facebook sets the default for those messages to be published to the entire internet through direct funnels to the net?s top search engines. You can use a dropdown field to restrict your publishing, but it?s seemingly too hard for Facebook to actually remember that?s what you do. (Google Buzz, for all the criticism it has taken, remembers your setting from your last post and uses that as the new default.) Now, say you you write a public update, saying, ?My boss had a crazy great idea for a new product!? Now, you might not know it, but there is a Facebook page for ?My Crazy Boss? and because your post had all the right words, your post now shows up on that page. Include the words ?FBI? or ?CIA,? and you show up on the FBI or CIA page. Then there?s the new Facebook ?Like? button littering the internet. It?s a great idea, in theory ? but it?s completely tied to your Facebook account, and you have no control over how it is used. (No, you can?t like something and not have it be totally public.) Then there?s Facebook?s campaign against outside services. There was the Web 2.0 suicide machine that let you delete your profile by giving it your password. Facebook shut it down. Another company has an application that will collect all your updates from services around the web into a central portal ? including from Facebook ? after you give the site your password to log in to Facebook. Facebook is suing the company and alleging it is breaking criminal law by not complying with its terms of service. No wonder 14 privacy groups filed a unfair-trade complaint with the FTC against Facebook on Wednesday. Mathew Ingram at GigaOm wrote a post entitled ?The Relationship Between Facebook and Privacy: It?s Really Complicated.? No, that?s just wrong. The relationship is simple: Facebook thinks that your notions of privacy ? meaning your ability to control information about yourself ? are just plain old-fashioned. Head honcho Zuckerberg told a live audience in January that Facebook is simply responding to changes in privacy mores, not changing them ? a convenient, but frankly untrue, statement. In Facebook?s view, everything (save perhaps your e-mail address) should be public. Funny too about that e-mail address, for Facebook would prefer you to use its e-mail?like system that censors the messages sent between users. Ingram goes onto say, ?And perhaps Facebook doesn?t make it as clear as it could what is involved, or how to fine-tune its privacy controls ? but at the same time, some of the onus for doing these things has to fall to users.? What? How can it fall to users when most of the choices don?t? actually exist? I?d like to make my friend list private. Cannot. I?d like to have my profile visible only to my friends, not my boss. Cannot. I?d like to support an anti-abortion group without my mother or the world knowing. Cannot. Setting up a decent system for controlling your privacy on a web service shouldn?t be hard. And if multiple blogs are writing posts explaining how to use your privacy system, you can take that as a sign you aren?t treating your users with respect, It means you are coercing them into choices they don?t want using design principles. That?s creepy. Facebook could start with a very simple page of choices: I?m a private person, I like sharing some things, I like living my life in public. Each of those would have different settings for the myriad of choices, and all of those users could then later dive into the control panel to tweak their choices. That would be respectful design - but Facebook isn?t about respect ? it?s about re-configuring the world?s notion of what?s public and private. So what that you might be a teenager and don?t get that college-admissions offices will use your e-mail address to find possibly embarrassing information about you. Just because Facebook got to be the world?s platform for identity by promising you privacy and then later ripping it out from under you, that?s your problem. At least, according to the bevy of privacy hired guns the company brought in at high salaries to provide cover for its shenanigans. Clearly Facebook has taught us some lessons. We want easier ways to share photos, links and short updates with friends, family, co-workers and even, sometimes, the world. But that doesn?t mean the company has earned the right to own and define our identities. It?s time for the best of the tech community to find a way to let people control what and how they?d like to share. Facebook?s basic functions can be turned into protocols, and a whole set of interoperating software and services can flourish. Think of being able to buy your own domain name and use simple software such as Posterous to build a profile page in the style of your liking. You?d get to control what unknown people get to see, while the people you befriend see a different, more intimate page. They could be using a free service that?s ad-supported, which could be offered by Yahoo, Google, Microsoft, a bevy of startups or web-hosting services like Dreamhost. ?Like? buttons around the web could be configured to do exactly what you want them to ? add them to a protected profile or get added to a wish list on your site or broadcast by your micro-blogging service of choice. You?d be able to control your presentation of self ? and as in the real world, compartmentalize your life. People who just don?t want to leave Facebook could play along as well ? so long as Facebook doesn?t continue creepy data practices like turning your info over to third parties, just because one of your contacts takes the ?Which Gilligan Island character are you?? quiz? (Yes, that currently happens) Now, it might not be likely that a loose confederation of software companies and engineers can turn Facebook?s core services into shared protocols, nor would it be easy for that loose coupling of various online services to compete with Facebook, given that it has 500 million users. Many of them may be fine having Facebook redefine their cultural norms, or just be too busy or lazy to leave. But in the internet I?d like to live in, we?d have that option, instead of being left with the choice of letting Facebook use us, or being left out of the conversation altogether. From rforno at infowarrior.org Sat May 8 22:31:29 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 May 2010 18:31:29 -0400 Subject: [Infowarrior] - Facebook is like Microsoft Project 2003 Message-ID: <8A6F0B91-6EE7-47D2-9F65-A8FBD37566B3@infowarrior.org> http://www.baekdal.com/opinion/facebook-is-dying-social-is-not/ Facebook is like Microsoft Project 2003 By Thomas Baekdal | Wednesday, May 05, 2010 | Section: opinion If I had to compare Facebook to anything, I would say that it is turning into Microsoft Project 2003. Microsoft Project 2003 was *the* project management tool for any serious project manger. It was more or less unrivaled by its competitors, being much bigger than anything else out there. It could do anything. It had a gazillion features, it could be extended, you could run it as a server, and you had an intense amount of control over every little thing. But that was what also caused its demise. Its shear size meant that it turned into a beast of complexity. There was a huge number of inconsistencies. To use it effectively, you had to go through many steps, which in turn meant that you would be using more time fiddling with the interface, trying to manage each task, than actually doing something. So Microsoft Project 2003 destroyed itself. It got so complex that people had no other choice than to look at simpler solutions. In its place came a whole new group of really incredible simple project tools, which focused on doing projects, instead of managing them. Same with Facebook Facebook is really big, it has a ton of features. But, it is also turning into the worst case of complexity overload the web has seen in years. There are so many inconsistencies that it is hard to believe - or even to keep track of. To give you a few examples. We got profiles, groups, pages, and now also community pages - who all looks rather similar, but works quite differently. We got inconsistencies in likes and comments. If you comment on a page, you do so as ?the page,? but if you like it, you do so as ?you as a person.? We are notified when someone post a comment on our profiles, but not on our pages. If you post one picture, the comments for the accompanying wall post are linked to the picture. But, if you post two images, the wall post comments are linked to the album. And then it gets really cumbersome to keep track of what people say. The number of privacy settings is just staggering. When I, a few days ago, had to help a family member setup her Facebook profile, I just showed her the one profile privacy settings (with 12 options), choosing not to mention the 16 other places where there are even more settings to adjust. Using Facebook mobile introduces a whole new way of insanity. If you email one picture from your mobile phone, it is posted to your wall, with the subject as the wall text. But, if you then 15 minutes later see something else, email that too, with a subject text. Then that picture is added to the first - thus removing the wall text from the original picture. ...and the second one. Plus, the comments that used to belong to the original picture have now disappeared from the wall, and comments have been disabled on the wall for that post. FBML, Facebook?s made up way to add functionality, is... tricky. What FBML tags you can use depends on where you are, how you got there, and which type app you use it with. FBML in a staticFBML box, on your wall, allows you to use some tags but not others. Adding a staticFBML tag to a tab, allows you to use others but not some. Adding FBML as a Facebook app, allows you to use another kind of others, and only some of the first. Using FBML on canvas pages allows you to use most of the first ones, quite a bit of the others, but not some of the others. Using FBML on your Facebook Connect site allows to use a few of the ones, none of the others, but a few completely new ones that are not some or others of the first, second, or even third... ehm... ones... or is it others? Riiight! And speaking of Facebook Connect. It is the most complex thing I have ever seen. And also the most annoying thing to work with. If you want to integrate Twitter, you just make a simple request. With Facebook Connect that is quite impossible to do in any kind of easy way. If you want to post to you Facebook page, from your website, you have to be a rocket scientist, with a flair for magic. Facebook tries to pretend it?s really simple, but it is the most complex thing I have ever seen. Same goes for the Facebook API. With Twitter, Flickr, Google, YouTube, and all the others, it is a simple matter of requesting data. With Facebook you have to add all kinds of strange things to it, encrypt part of your request etc. It is immensely powerful, but also astonishingly complex. Note: The open Graph API is slightly better, but not much. And if you want to integrate Facebook into your app, people have to go through an overly complex process to authenticate it. Privacy = trust; lack of privacy = lack of trust On top of the complexity and inconsistencies, we have a growing problem of privacy issues. Facebook has a long track record of ignoring people?s privacy. As I wrote in ?The First Rule of Privacy?; You are the only one, who can decide what you want to share. Facebook cannot decide that, nor can anyone else. But, Facebook seems oblivious to this simple principle, and have started sharing personal information with 3rd party ?partners? - continuing a long line of really bad decisions when it comes to privacy. People will lose faith in Facebook if they cannot trust who sees the information they share, and if they cannot decide what part of their life is exposed to strangers. There is something seriously wrong with their business ethics, when they even contemplate publishing content that was previously marked private. Notice: Also read Facebook's Eroding Privacy Policy: A Timeline Community Pages Apart from the privacy issues, Facebook is also trying to decide how you can publish content. Several page owners have recently received a notice that their pages have been reclassified as community pages, with the note that ?this change has not affected your presence on Facebook.? That is a direct lie. The differences between a page and a community page are staggering. A community page doesn?t have an owner; everyone can edit it. It doesn?t post updates to people in the same way - thus dramatically reducing possibly engagement levels. ?Once you cross a certain undefined threshold - for instance, a million fans - the page gets ripped from your clutches and released to the community, where it will be treated like a Wikipedia page for all to edit. You lose - good day sir. (via pixelrage.com)? Compare it to if you have a blog on TypePad, and one day you get an email that you have been removed as the administrator of your own blog. That is what Facebook is doing with community pages. Effectively destroying the tribe you have been trying to make. Apparently, Facebook believes that the best way to award people for their viral success is to remove them. #monsterfail There is no need for this complexity, nor is there any need to create such a policy. E.g. Twitter isn?t saying saying that you can only have 5000 followers in your profile, and unless you are a company you cannot make another one. And even if you do create one, at a certain point you will be removed as the owner and creator. It?s getting worse. All of this is just a small part of Facebook?s growing level complexity and inconsistencies. The problem is that it is getting worse. Every week, Facebook announces a new set of policy changes, or introduces a new level of complexity. Just take the whole mess of the new Facebook ?likes?. First, Facebook changed what ?like? means. To me a like is an endorsement. I like you, because you are reading this article. But that doesn?t mean I want to subscribe to everything you do, and have you fill my news stream with your updates. But, Facebook now defines liking as both an endorsement but also the act of subscribing or following a person or brand. We now have five different types of likes: ? You can like a normal post on a page or profile. That is simply an endorsement, nothing else. ? You can like a page, which isn?t an endorsement at all, instead it is a commitment because you are actually subscribing to it. ? You can like an advertisement, which is also not an endorsement, but will cause you to subscribe to that brand (and any future post they might make) ? You can like e.g. a movie review on a website, which is just an endorsement ? You can like a website as a whole, which is both an endorsement and commitment, depending on how that website have implemented the like button. You will not be able to tell the difference, but website owners can decide to push updates to you, based on settings only the website owners control. It is a mess, and it is deceptive marketing tactics. It?s like the difference of walking up to a girl, and saying ?I like you? vs. ?I want to marry you? - pretending that is the same thing. Facebook excuses itself by saying that ?User will understand the distinction through explicit social context,? which is a load of crap. Every usability expert in the world knows that introducing modes to distinguish identical actions are a really bad idea, and is impossible to understand. But, they go on to say ?To eliminate confusion and promote consistency, there will no longer be a way to give feedback to these types of news.? Meaning that if you like a status update, your friends can see it, like or comment on it. But, if you like a page (and thus become a fan), your friends can see it but not comment or like it. How is that eliminating confusion? I?m sorry Facebook. I think your concept is brilliant, and the social world is amazing. But, if you don?t get your act together soon, you will end up like Myspace - or worse - AOL. Your engineers are running the asylum. From rforno at infowarrior.org Sun May 9 03:05:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 8 May 2010 23:05:37 -0400 Subject: [Infowarrior] - Tell-All Generation Learns to Keep Things Offline Message-ID: <4A964AB8-8192-4110-B49E-1D2ADD893B4E@infowarrior.org> May 8, 2010 Tell-All Generation Learns to Keep Things Offline By LAURA M. HOLSON http://www.nytimes.com/2010/05/09/fashion/09privacy.html?hp=&pagewanted=print Min Liu, a 21-year-old liberal arts student at the New School in New York City, got a Facebook account at 17 and chronicled her college life in detail, from rooftop drinks with friends to dancing at a downtown club. Recently, though, she has had second thoughts. Concerned about her career prospects, she asked a friend to take down a photograph of her drinking and wearing a tight dress. When the woman overseeing her internship asked to join her Facebook circle, Ms. Liu agreed, but limited access to her Facebook page. ?I want people to take me seriously,? she said. The conventional wisdom suggests that everyone under 30 is comfortable revealing every facet of their lives online, from their favorite pizza to most frequent sexual partners. But many members of the tell-all generation are rethinking what it means to live out loud. While participation in social networks is still strong, a survey released last month by the University of California, Berkeley, found that more than half the young adults questioned had become more concerned about privacy than they were five years ago ? mirroring the number of people their parent?s age or older with that worry. They are more diligent than older adults, however, in trying to protect themselves. In a new study to be released this month, the Pew Internet Project has found that people in their 20s exert more control over their digital reputations than older adults, more vigorously deleting unwanted posts and limiting information about themselves. ?Social networking requires vigilance, not only in what you post, but what your friends post about you,? said Mary Madden, a senior research specialist who oversaw the study by Pew, which examines online behavior. ?Now you are responsible for everything.? The erosion of privacy has become a pressing issue among active users of social networks. Last week, Facebook scrambled to fix a security breach that allowed users to see their friends? supposedly private information, including personal chats. Sam Jackson, a junior at Yale who started a blog when he was 15 and who has been an intern at Google, said he had learned not to trust any social network to keep his information private. ?If I go back and look, there are things four years ago I would not say today,? he said. ?I am much more self-censoring. I?ll try to be honest and forthright, but I am conscious now who I am talking to.? He has learned to live out loud mostly by trial and error and has come up with his own theory: concentric layers of sharing. His Facebook account, which he has had since 2005, is strictly personal. ?I don?t want people to know what my movie rentals are,? he said. ?If I am sharing something, I want to know what?s being shared with others.? Mistrust of the intentions of social sites appears to be pervasive. In its telephone survey of 1,000 people, the Berkeley Center for Law and Technology at the University of California found that 88 percent of the 18- to 24-year-olds it surveyed last July said there should be a law that requires Web sites to delete stored information. And 62 percent said they wanted a law that gave people the right to know everything a Web site knows about them. That mistrust is translating into action. In the Pew study, to be released shortly, researchers interviewed 2,253 adults late last summer and found that people ages 18 to 29 were more apt to monitor privacy settings than older adults are, and they more often delete comments or remove their names from photos so they cannot be identified. Younger teenagers were not included in these studies, and they may not have the same privacy concerns. But anecdotal evidence suggests that many of them have not had enough experience to understand the downside to oversharing. Elliot Schrage, who oversees Facebook?s global communications and public policy strategy, said it was a good thing that young people are thinking about what they put online. ?We are not forcing anyone to use it,? he said of Facebook. But at the same time, companies like Facebook have a financial incentive to get friends to share as much as possible. That?s because the more personal the information that Facebook collects, the more valuable the site is to advertisers, who can mine it to serve up more targeted ads. Two weeks ago, Senator Charles E. Schumer, Democrat of New York, petitioned the Federal Trade Commission to review the privacy policies of social networks to make sure consumers are not being deliberately confused or misled. The action was sparked by a recent change to Facebook?s settings that forced its more than 400 million users to choose to ?opt out? of sharing private information with third-party Web sites instead of ?opt in,? a move which confounded many of them. Mr. Schrage of Facebook said, ?We try diligently to get people to understand the changes.? But in many cases, young adults are teaching one another about privacy. Ms. Liu is not just policing her own behavior, but her sister?s, too. Ms. Liu sent a text message to her 17-year-old sibling warning her to take down a photo of a guy sitting on her sister?s lap. Why? Her sister wants to audition for ?Glee? and Ms. Liu didn?t want the show?s producers to see it. Besides, what if her sister became a celebrity? ?It conjures up an image where if you became famous anyone could pull up a picture and send it to TMZ,? Ms. Liu said. Andrew Klemperer, a 20-year-old at Georgetown University, said it was a classmate who warned him about the implications of the recent Facebook change ? through a status update on (where else?) Facebook. Now he is more diligent in monitoring privacy settings and apt to warn others, too. Helen Nissenbaum, a professor of culture, media and communication at New York University and author of ?Privacy in Context,? a book about information sharing in the digital age, said teenagers were naturally protective of their privacy as they navigate the path to adulthood, and the frequency with which companies change privacy rules has taught them to be wary. That was the experience of Kanupriya Tewari, a 19-year-old pre-med student at Tufts University. Recently she sought to limit the information a friend could see on Facebook but found the process cumbersome. ?I spent like an hour trying to figure out how to limit my profile, and I couldn?t,? she said. She gave up because she had chemistry homework to do, but vowed to figure it out after finals. ?I don?t think they would look out for me,? she said. ?I have to look out for me.? From rforno at infowarrior.org Sun May 9 15:47:41 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 May 2010 11:47:41 -0400 Subject: [Infowarrior] - New attack bypasses virtually all AV protection Message-ID: New attack bypasses virtually all AV protection http://www.theregister.co.uk/2010/05/07/argument_switch_av_bypass/ By Dan Goodin in San Francisco ? Get more from this author Posted in Security, 7th May 2010 18:17 GMT Researchers say they've devised a way to bypass protections built in to dozens of the most popular desktop anti-virus products, including those offered by McAfee, Trend Micro, AVG, and BitDefender. The method, developed by software security researchers at matousec.com, works by exploiting the driver hooks the anti-virus programs bury deep inside the Windows operating system. In essence, it works by sending them a sample of benign code that passes their security checks and then, before it's executed, swaps it out with a malicious payload. The exploit has to be timed just right so the benign code isn't switched too soon or too late. But for systems running on multicore processors, matousec's "argument-switch" attack is fairly reliable because one thread is often unable to keep track of other simultaneously running threads. As a result, the vast majority of malware protection offered for Windows PCs can be tricked into allowing malicious code that under normal conditions would be blocked. All that's required is that the AV software use SSDT, or System Service Descriptor Table, hooks to modify parts of the OS kernel. "We have performed tests with [most of] today's Windows desktop security products," the researchers wrote. "The results can be summarized in one sentence: If a product uses SSDT hooks or other kind of kernel mode hooks on similar level to implement security features it is vulnerable. In other words, 100% of the tested products were found vulnerable." The researchers listed 34 products that they said were susceptible to the attack, but the list was limited by the amount of time they had for testing. "Otherwise, the list would be endless," they said. The technique works even when Windows is running under an account with limited privileges. Still, the exploit has its limitations. It requires a large amount of code to be loaded onto the targeted machine, making it impractical for shellcode-based attacks or attacks that rely on speed and stealth. It can also be carried out only when an attacker already has the ability to run a binary on the targeted PC. Still, the technique might be combined with an exploit of another piece of software, say, a vulnerable version of Adobe Reader or Oracle's Java Virtual Machine to install malware without arousing the suspicion of the any AV software the victim was using. "Realistic scenario: someone uses McAfee or another affected product to secure their desktops," H D Moore, CSO and Chief Architect of the Metasploit project, told The Register in an instant message. "A malware developer abuses this race condition to bypass the system call hooks, allowing the malware to install itself and remove McAfee. In that case, all of the 'protection' offered by the product is basically moot." A user without administrative rights could also use the attack to kill an installed and running AV, even though only admin accounts should be able to do this, Charlie Miller, principal security analyst at Independent Security Evaluators, said. Matousec.com's research is here http://www.matousec.com/info/articles/khobe-8.0-earthquake-for-windows-desktop-security-software.php From rforno at infowarrior.org Sun May 9 18:41:46 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 May 2010 14:41:46 -0400 Subject: [Infowarrior] - Cybersecurity in 2010: Bubble or Blip? Message-ID: Cybersecurity in 2010: Bubble or Blip? by Steven McElwee http://www.redlightsecurity.com/2009/12/cybersecurity-in-2010-bubble-or-blip.html Take a look at Google trends for the word "cybersecurity", and see what you find. In the third quarter of 2008, there were two small blips on the radar for this search term. In 2009 there was a sharp rise throughout the year. What will 2010 look like for cybersecurity, and are we at the beginning of a cybersecurity bubble? The Internet bubble was driven primarily by new web technologies and the potential for rapid profit. Cybersecurity, at present, is driven by regulatory compliance and government initiatives. It is unrealistic that this will be a bubble of the magnitude of the Internet bubble, but here are a few interesting parallels. First, there are currently plans to hire up to 1,000 cyber security professionals by the Department of Homeland Security. This is in addition to the hiring of contractors that serve the government. During the Internet bubble, it was very difficult to obtain quality technical personnel. They were snatched up quickly, and the rates skyrocketed. Second, there is the potential for the development of new security technologies. Research universities, working with Northrop Grumman, will be exploring new technologies to provide better security. This may trigger the development of new products from existing and new vendors. This also parallels the Internet bubble. Third, regulatory requirements related to security continue to increase, putting more pressure on companies to improve their information security operations. This gives rise not only to personnel who implement the compliance programs, but also to consultants and auditors. What will 2010 look like? My prediction is that cybersecurity professionals will be in high demand, making staffing them especially challenging. As boards and CEOs take an increasing interest in security, new companies will enter the security technology market, and this will create even more strain on the talent pool. What should you do? If you are a cybersecurity professional, keep your skills honed, certifications up-to-date, and finish your degree. There is great opportunity ahead. If you are not experienced in cybersecurity, keep an eye on companies that rise to the challenges of the new year and consider investing in those that have the most potential. What do you think? Will the rise in cybersecurity be a bubble or a blip? From rforno at infowarrior.org Sun May 9 18:42:41 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 May 2010 14:42:41 -0400 Subject: [Infowarrior] - The cybersecurity boom Message-ID: The cybersecurity boom By Marjorie Censer and Tom Temin Monday, May 10, 2010; 20 http://www.washingtonpost.com/wp-dyn/content/article/2010/05/07/AR2010050704503_pf.html When cybersecurity firm Triumfant was founded in late 2002, it developed software meant to assist help desks in managing information technology problems. The company soon found a more valuable use for its software: detecting malicious acts on networks of computers and making automatic fixes. Earlier this year, the small Rockville-based firm, which has fewer than 20 employees, announced it is partnering with Fairfax-based SRA International, a major government contractor, to beef up SRA's cybersecurity product. The company -- which today works exclusively in the cybersecurity field -- is just one of the beneficiaries of what analysts say is a growing boom in cybersecurity work. From small, recently-established firms all the way up to the well-known defense contracting giants, local companies are building up their cyber credentials. There's plenty of reason for the surge. The increasing number and intensity of cyberattacks has attracted the attention of the Obama administration and Congress, which have begun steering new dollars to the problem. And much of that new spending is focused on the Washington region, as the federal government consolidates many of its cybersecurity-focused agencies in the area. With the National Security Agency, the soon-to-be-relocated Defense Information Systems Agency and the newly-founded U.S. Cyber Command at Fort Meade; the Department of Homeland Security set to move to Anacostia; and the Pentagon just across the river, a region known for information technology is fast becoming a cybersecurity capital. "There's this gravitational pull in Washington," said Philip Eliot, a principal at the D.C. private equity firm Paladin Capital Group. David Z. Bodenheimer, a partner at law firm Crowell & Moring in Washington who leads the firm's homeland security practice and specializes in government contracts, said the unclassified portion of the federal government's cybersecurity work is estimated at $6 to $7 billion annually. The classified portion is likely just as large -- and potentially bigger, he said. "I think it is a real growth opportunity in coming years," Bodenheimer said. "The market is still rather fragmented and in flux, but is developing with a speed that it is attracting both the major defense and homeland security contractors who are establishing independent business units to pursue these opportunities, and it is also a real opportunity for the smaller players who have niche products." As start-ups and others rush to stake claims, some wonder if a bubble of sorts is beginning to inflate. Roger Novak, founder of Novak Biddle Venture Partners, recalled that many venture firms in the early 2000s chased similar prospects. "A lot of the early people made significant money, but there were a lot of 'me too' companies," he said. "So a lot of people in the investment community probably absorbed losses in the space and began to move on." But now, he said, the administration's focus is once again piquing venture interest and spurring larger companies to pursue acquisitions of companies that already have cybersecurity footholds. Novak is bullish on the sector; after all, his firm invested in Triumfant in 2006. Eliot said key opportunities right now are in securing mobile devices, protecting against Web-based attacks that come from reputable Web sites, and fending off internal threats. Those are problems "that to date don't have good solutions," he said. One reason the field is attracting so many companies is that the barriers to entry are low -- at least relative to other defense industries. "The strictly defense markets largely have strictly defense suppliers," said David L. Rockwell, a senior analyst at the Teal Group. "In cybersecurity -- so far you [have] had a lot more variety in who's able to get contracts, and I think we can expect that to continue." The big defense contractors are moving quickly to protect their turf. Lockheed Martin in late 2009 opened what it calls the NexGen Cyber Innovation and Technology Center, a research and development center, in Gaithersburg. The center brings together 14 companies -- including Hewlett-Packard, Intel, McAfee, Microsoft and Symantec -- that make up a cybersecurity technology alliance formed at the same time. BAE Systems opened in January a new cyber facility in Columbia intended to give BAE a "world-class analytical capability," said John Osterholz, the company's vice president for cyberwarfare and cybersecurity. Staffed by 20 to 25 people, the office helps BAE quickly understand and characterize threats. And Chantilly-based TASC, divested from Northrop Grumman last year, has named a new lead executive for its cyber business, said TASC's president and chief executive, Wood Parker. "I'm sure that every company says that they are interested or they have a cyber business," he acknowledged. "I can tell you that TASC has a robust cyber business today." The largest IT and defense contractors are keenly interested in helping the government manage its computer networks. Lockheed Martin, Boeing, General Dynamics, ManTech International, Northrop Grumman and SAIC (which recently acquired CloudShield Technologies) are all competing in the space. Smaller companies see more opportunity in creating products that can protect networks or help the government keep tabs on threats -- especially if that gear and software can be deployed across agencies and departments. A key player in shaping future business is likely to be the Commerce Department, chiefly via the National Institute of Standards and Technology in Gaithersburg. NIST has been systematically revising its extensive collection of guidance documents for network security. It is including industry and military experts in these revisions in an attempt to unify approaches taken by the federal government broadly. NIST figures prominently in legislation making its way through Congress. A major bill, reported out in late March by the Senate Commerce, Science and Transportation Committee, chaired by John D. Rockefeller IV (D-W.Va.) would create a cybersecurity advisory panel with the White House, designate the Commerce Department as the clearinghouse for cyberthreat information, and strengthen NIST's authority to set cybersecurity standards for federal contractors and grant recipients. The bill, S 773, would also give the National Science Foundation new authority to establish what it calls a Federal Cyber Service: Scholarship for Service program. On the House side, the Homeland Security, Science and Technology Authorization Act would double the money available to DHS for cybersecurity research and development. Censer is a Capital Business staff writer. Tom Temin has followed federal information technology for nearly 20 years. He is co-host of "The Federal Drive" on Federal News Radio (1500 AM), weekdays at 6-10 a.m. He has also launched a new technology blog, Temin on Tech. From rforno at infowarrior.org Sun May 9 19:43:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 9 May 2010 15:43:33 -0400 Subject: [Infowarrior] - Diaspora Project: Building the Anti-Facebook Message-ID: <07904293-5C47-4DFF-8503-A973AEB01302@infowarrior.org> (c/o Anonymous) Diaspora Project: Building the Anti-Facebook Written by Sarah Perez / May 5, 2010 9:02 AM / 21 Comments http://www.readwriteweb.com/archives/diaspora_project_building_the_anti-facebook.php Why can't privacy and connectedness go hand-in-hand? That's the question being raised by those behind the new Diaspora project, an ambitious undertaking to build an "anti-Facebook" - that is, a private, open source social network that puts you back in control of your personal data. Envisioned by four NYU computer science students, the Diaspora project would replace today's centralized social web (yes, they mean you, Facebook) with a decentralized one, while still offering something that's convenient and easy for anyone to use. According to the project's homepage, the students, Daniel Grippi, Maxwell Salzberg, Raphael Sofaer, and Ilya Zhitomirskiy, "bonded over many late nights building a Makerbot," (to you non-geeks, that's a type of robot) and they "started discussing what a distributed social network would look like." The end result of those discussions was the idea for Diaspora. So they stopped talking about it and started building. The project is now hosted on Kickstarter.org, a social fundraising platform that lets entrepreneurs and other creative types crowd-source funding by setting up a project goal, deadline and optional set of rewards for project backers. In Diaspora's case, they're less than $2000 short of their $10,000 goal with under a month left to go until reaching their deadline. If the project receives the necessary level of funding by June 1st, it will be built and the code released as free software using the aGPL open-source software license. What is a Decentralized Social Network? So what is Diaspora anyway? Instead of being a singular portal like Facebook, Diaspora is a distributed network where separate computers connect to each other directly, without going through a central server of some sort. Once set up, the network could aggregate your information - including your Facebook profile, if you wanted. It could also import things like tweets, RSS feeds, photos, etc., similar to how the social aggregator FriendFeed does. A planned plugin framework could extend these possibilities even further. Your computer, called a "seed" in the Diaspora setup, could even integrate the connected services in new ways. For example, a photo uploaded to Flickr could automatically be turned into a Twitter post using the caption and link. When you "friend" another user, you're actually "friending" that seed, technically speaking. There's not a centralized server managing those friend connections as there is with Facebook - it's just two computers talking to each other. Friends can then share their information, content, media and anything else with each other, privately using GPG encryption. Diaspora, the Turn-Key Solution Because not everyone will be technically capable of (or interested in) setting up their computer to function as a "seed," there are plans to offer a paid turn-key service too, similar to Wordpress.com, the blogging platform. Wordpress itself is software you can install and configure on your own server, if you're inclined to do so, but if you're less technically-savvy, you can opt to quickly start a blog via Wordpress.com instead. Diaspora would function in a similar way. If a lot this sounds reminiscent of Opera's Unite project, the Web browser maker's overly-hyped plan to "reinvent of the Web," it should. In Opera Unite, users can share documents, photos, music, videos and run websites and chat rooms by directly linking two computers together. However, in Unite's setup, there are Opera-run proxy servers involved, which led to issues - especially when those servers went down. Diaspora wouldn't have that problem. Mainstream Success? Still, the concepts behind Diaspora, while the sort of thing tech geeks will eat up, may be harder to grasp for the everyday Facebook user who is still trying to figure out how post a link or video to their Wall. Distributed, decentralized, open-source what? If Diaspora is realized, it will be up to technology advocates to position the turn-key service in a way that will make it sound simple and appealing to precisely those sorts of mainstream users if it is to ever succeed. Taking shots at Facebook's privacy issues may be a good course (Take back control with Diaspora!). We would like to see Diaspora come to be, even if it never goes mainstream because it would finally offer privacy advocates a real alternative to the increasingly data-hungry Facebook. Plus, after watching the video of students explaining their idea, saying "no" would be like turning away a Girl Scout cookie seller empty-handed. We just don't have it in us. For more information about the project and the potential for distributed social networking in general, check out the Q&A between Mozilla's Luis Villa and the team here. We couldn't do a longer interview with the team members ourselves because they're busy with "finals and graduation," we're told. From rforno at infowarrior.org Sun May 23 18:50:34 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 May 2010 19:50:34 -0400 Subject: [Infowarrior] - The Machines That Ate the Market Message-ID: May 20, 2010, 5:00PM EST The Machines That Ate the Market http://www.businessweek.com/print/magazine/content/10_22/b4180048321511.htm Once upon a time, human beings oversaw the trading of stocks. They've been replaced by a complex system of computers that can produce a scary new kind of mechanized panic. An investigation into the crash of May 6 By Nina Mehta, Lynn Thomasson and Paul M. Barrett Clarence Woods was attending a community college near Baltimore in 1982 and playing drums in a wedding band when one day, to his surprise, the financial world beckoned. "They were so desperate for anyone who knew anything about computers," Woods recalls. "If you could spell the word, you had the job." He swiftly moved from the back office at the brokerage Legg Mason (LM) to Equitable Bank, where he installed Quotron stock price machines. In 1985 he made his first purchase as a rookie trader: 100 shares of IBM (IBM) on the New York Stock Exchange (NYSE). On May 6, Woods, now 47, realized how radically his industry has changed. He had just started his own hedge fund after quitting as chief equity trader at MTB Investment Advisors, a $13 billion money manager in Baltimore. He was working at home when the trouble hit. "I was doing some small trades, and had a lot of puts set up, and all of a sudden they just went berserk," he says. "Then I started to panic." His first thought was that cyber-savvy extremists had infiltrated the fiber-optic network on which automated programs now trade securities tens of thousands of times a second. With no terrorism reports surfacing, Woods shifted his suspicion to the nature of the contemporary market itself: hyper-accelerated, decentralized, and, in important ways, beyond human supervision. "I thought, 'My God, I bet you're sure going to miss the New York Stock Exchange now.'" A lot of people felt nostalgia for Big Board dominance on May 6. The fleet computers that drive today's securities industry are astounding?and unsettling. "Wall Street is no longer what it was designed to be," Mark Cuban, the tech entrepreneur, veteran investor, and owner of the Dallas Mavericks basketball team, blogged after watching the frantic selloff. "Wall Street is now a huge mathematical game of chess where individual companies are just pawns." Hysterical Thursday did no apparent long-term harm. Some venerable stocks dropped to a penny apiece before bouncing back. Overall, the Standard & Poor's 500-stock index declined 6.2 percent, from 1,136.16 to 1,065.79, in a 20-minute span?an $862 billion paper loss?before recovering to finish down 3.2 percent. Still, the brief crash threw up a flare that illuminated a financial topography that was unfamiliar even to many experienced investors. A Bloomberg Businessweek investigation into those harrowing minutes revealed the extent to which the market is now dominated by quick-draw traders who have no intrinsic interest in the fate of companies or industries. Instead, these former mathematicians and computer scientists see securities as a cascade of abstract data. They direct their mainframes to sift the information flows for minute discrepancies, such as when futures contracts fall out of sync with related underlying stocks. High-frequency traders (HFTs), as they're known, set an astonishing pace. On May 6, 19 billion shares were bought and sold; as recently as 1998, 3 billion shares constituted a very busy day. The HFT wizards argue that all that extra buying and selling provide the liquidity that makes the market more efficient. As long as the machines are humming, electronic bids and offers abound. On May 6, however, we saw what happens when digital networks follow conflicting protocols and some of the mighty computers temporarily power down. Liquidity evaporates. Panic combined with automation leads to much faster panic. The decline began midmorning as skittishness intensified over the Greek economic debacle spreading elsewhere in Europe. A closely watched gauge of volatility calculated by the Chicago Board Options Exchange hit a high point for the year at 2:08 p.m. The volatility index, or VIX, is derived from options on the S&P 500, and it measures investor perceptions of market risk. When the VIX surged again, in its biggest gain in three years, some high-frequency programs may have automatically slowed their normal pace to limit losses, according to a May 15 research note by Nomura Securities. Sell orders piled up much faster than buys, an imbalance that worsened over the next hour. During the period of heaviest selling, starting around 2:30 p.m., the NYSE paused electronic trading in certain stocks and switched to computerized auctions conducted by human traders. This caused electronic sell orders to be rerouted to other trading venues, where there were few, if any, buy orders to absorb them. As Mary L. Schapiro, chairman of the Securities & Exchange Commission, put it in congressional testimony five days later, some high-frequency firms "withdrew their liquidity after prices declined rapidly." During the next few hours of confusion, exchanges began canceling trades in hundreds of stocks. NYSE Arca, an electronic platform operated by the Big Board, erased transactions in 295 companies. A surge in trades rejected by exchanges constitutes another trigger that automatically causes some high-frequency firms to slow down, says Ethan Kahn, a principal at Wolverine Trading, an electronic market-making outfit in Chicago: "You disable. You shut down." Wolverine pared back activity in equity futures because of concerns about the accuracy of data it was receiving, he adds. In Washington, the staff at the SEC began reviewing up to 10 terabytes of market data to figure out what happened. Twelve days later, on May 18, the agency conceded that it still couldn't offer a firm answer. That uncertainty in itself suggests the disquieting complexity the stock market now presents. The SEC and the Commodity Futures Trading Commission issued a preliminary report in which they outlined six hypotheses that could explain the scare. "We continue to believe that the market disruption of May 6 was exacerbated by disparate trading rules and conventions across the exchanges," Schapiro said upon the report's release. As one response, the SEC proposed that exchanges halt trading in individual stocks that swing more than 10 percent during a five-minute period. The new "circuit breaker" rules are subject to commission approval after 10 days of public comment. While temporarily slowing trading during periods of investor high anxiety makes sense to regulators, at least some high-frequency traders disagree. "I don't think that's the right solution," Wolverine's Kahn told Bloomberg News after the SEC announcement. "It could cause a lot of complications. On a busy day where the market is making major moves, you'd have a handful of [stock] names where it's circuit breaker-on/circuit breaker-off all day." As this debate unfolds, one danger is that regulators, politicians, and industry executives?already distracted by how to reform Wall Street in the wake of the broader credit crisis of 2008?will shrug off May 6 as a weird blip requiring no fundamental rethinking of how man, machine, and market interact. Absent so far from the public discussion is any talk about whether the next quickie-crash might coincide with an outside event that shakes investor confidence much more severely: Iran and its nukes, industrial-environmental disaster, North Korean aggression. Or all of the above. As we just saw when major investment banks suffered blindness to the toxic effects of mammoth leverage, exotic credit derivatives, and a nationwide housing bust, Wall Street's computer models tend to fail when unpredictable disasters overlap. For generations, the Big Board played the vital role of estab- lishing prices for most major stocks. Even after rudimentary computers arrived in the 1960s, living, breathing people continued to supervise the proceedings. Beginning in the 1970s, Nasdaq, and, later, additional electronic rivals, gradually eroded the NYSE's dominance. Humans could intervene if things got too strange. That has changed. Today, hedge funds and HFT shops move enormous quantities of stock in fractions of a second. Firms jockey to place their computers near the mainframes of wholly automated trading venues you've never heard of in Jersey City, N.J., and Kansas City, Mo. The speed-of-light traders do this because the distances that their orders travel, measured in feet, can determine profit or loss. Directives from Washington have encouraged the dispersal of trading. Some 50 exchanges and other electronic venues across the country now compete for securities business. The volume of equity traffic controlled by the NYSE fell from 80 percent in 2005 to 50 percent in 2007 and then to less than 25 percent this year. The exchange floor swarming with brokers in colorful jackets has become little more than a theatrical backdrop for cable TV correspondents. The vast majority of the action occurs elsewhere. High-frequency traders now account for as much as 60 percent of daily volume, according to Tabb Group, a research firm. The most prolific HFT outfits, such as Getco in Chicago, Tradebot Systems in Kansas City, Mo., or RGM Advisors in Austin, Tex., can individually generate as much as 5 percent or 10 percent of all the stocks traded in the U.S. on a given day. "The world has totally changed in the last 15 years," says Fred Federspiel, who started Pipeline Trading Systems in 2004. Pipeline, based in New York, belongs to yet another new breed: "dark pools" that allow major trades to take place out of public view. Before getting into finance, Federspiel, who holds a doctorate in nuclear physics, worked at Los Alamos National Laboratory in New Mexico, using particle accelerators to determine if subatomic neutrinos help hold the galaxy together. Trading models built by people with this sort of training tend to be based on a view of the market that is data-driven and news-agnostic. Wall Street's extreme makeover has achieved its main goals: greater efficiency and much lower commissions for the pension and mutual funds, insurance companies, and endowment managers that invest in equities. Reduced transaction costs benefit teachers, office workers, corporate executives, and retirees from coast to coast. At the same time, the transformation has created new risks, some of which were momentarily perceptible on May 6. "What happened [that day] is completely unacceptable," says Richard Gorelick, RGM's chief executive officer. Gorelick, who formerly helped run the Internet company Deja.com, turned 39 on May 6. "I got a lot of birthday calls," he says, "followed by, 'What the hell happened?!'" Manuel A. Henriquez is no Luddite. He has invested in technology companies for 23 years and runs Hercules Technology Growth Capital (HTGL), a publicly traded venture firm in Palo Alto, Calif. On May 6 he gaped as Hercules shares fell from $9.50 to $5.22 in less than 33 minutes. The 46-year-old father of two girls, ages 12 and 10, has $6 million of his own money tied up in Hercules. For a while that afternoon, he thought he had lost half of it. "I literally called my wife and said, 'Give the kids tennis rackets; they're going to have to get scholarships.'" Hercules shares closed on May 6 at $9.56 after trading at twice their normal volume. If the Henriquez girls take up tennis, it will be for the love of sport. Still, their father remains shaken. "It's like the movie 2001: A Space Odyssey," he says. "You can't have Hal the Computer make all the decisions for you. We need to synthesize the human element of logic and say, 'Wait a minute, I've got an order that has never been of this size. This seems to be an anomaly.'" When Henriquez started investing in the mid-1980s as a college student in Boston, he set aside $20 or $30 a week to buy shares. In that era, broker Richard Rosenblatt and his breed still had tremendous influence over the running of the Big Board, and, by extension, over the entire market in stocks. "I was much younger and pretty quick," Rosenblatt says. "I was the high-frequency trader at the time." Rosenblatt Securities, launched in 1979, executes buy and sell orders for mutual funds and other money managers. When carrying out trades back then, Rosenblatt could see everyone he was dealing with. Specialists positioned at designated posts on the floor "made markets" in stocks they were assigned. They had the responsibility of buying even when a company's shares were falling. Big investors relied on their brokers to buy low and sell high. Unscrupulous traders could?and sometimes did?put their own interests ahead of those of their clients. Aside from exchange rules and the remote danger of prosecution, the trust among brokers and specialists provided the main impediment to fraud. Four years before Rosenblatt started his company, though, Congress had signaled that the era of traditional markets wouldn't last forever. Lawmakers directed the SEC to reduce the NYSE's near-monopoly and replace it with "a national market system." The goal: greater competition and lower expenses for investors. Rosenblatt embraced electronic trading and survived. Many of his cohorts did not. The SEC banned fixed minimum commissions and imposed rules that strengthened the upstart Nasdaq, which had begun operations in New York in 1971. Improved technology contributed to rising volume. Much of the additional trading was generated by firms using computer software to identify momentary pricing discrepancies, as opposed to longer-term investors hunting for corporate value. In the 1980s, "program traders" bought or sold large portfolios of securities in a single order, while simultaneously making offsetting bets on related futures contracts. Designed to hedge risks, program trading at times contributed to greater volatility. On Oct. 19, 1987, it helped accelerate the Black Monday market crash. Historically, the NYSE and Nasdaq were nonprofits seen as utilities that served the public interest in matching investor resources with corporate enterprise. They evolved into for-profit corporations fighting for survival. Newer profit-making exchanges started explicitly to benefit the firms that ran and patronized them. "They're more competitive, more self-serving, and they've moved more away from the utility concept," says Rosenblatt. "Maybe it's gone too far." SEC rule changes adopted in the last 15 years aimed at ever-lower transaction costs by encouraging formation of electronic communication networks, or ECNs, that challenged the NYSE and Nasdaq for market share. Robert Colby, who oversaw the modernization process for a decade and a half as deputy director of the SEC's Trading & Markets Div., says the march of technology was irresistible. "Electronic trading allowed new automated markets to spring up and compete head-on with established exchanges and market makers," he says. David Leinweber, a finance professor at the University of California at Berkeley, helped create one of the first algorithmic trading strategies in 1989. Originally called Market Mind, it allowed computers to execute securities orders entirely on their own. Leinweber had studied math and physics as an undergraduate at the Massachusetts Institute of Technology. His preparation for the Market Mind breakthrough also included research he had done at the government-funded RAND Corp. think tank. There, he helped improve communication systems and real-time data analysis for the space shuttle. In the late 1990s he worked as a partner at First Quadrant, a Pasadena (Calif.) investment firm. "I was managing equities all over the world at that time," he says, "and pretty soon there were just no [trading] floors to visit. You switched to trading electronically." Digital networks such as Island ECN and Archipelago usurped the human trading floors by offering rebates on trading and faster execution. These innovative virtual trading sites lacked the cadres of specialists and market makers obliged to maintain orderly trading. In their place were "liquidity providers"?brokerages willing to post electronic bid and ask quotes, but free of institutional duties. Seemingly minor advances had profound consequences. The switch in 2001 to decimal share pricing, from sixteenths of a dollar, gave investors greater flexibility. Any firm willing to sell for a penny less than the best available offer price could step in and make the trade. A traditional Nasdaq market maker that had bought at $10 and sold at $10.0625 found itself in a lower-margin business. This favored the new electronic communications networks and the ever-speedier high-volume traders seeking microscopic profits across a multitude of transactions. Market making moved from exchange floors to computers. On its Web site, Wolverine in Chicago says its servers receive direct data feeds from more than 15 exchanges and execute more than 1.5 million orders a day. The culture of the industry changed, too. Membership on a college sports team no longer constitutes a ticket to an entry-level job. In the past, Wall Street traders "were taller, bigger, more aggressive," says Kahn, who oversees market making at Wolverine. Today's HFT firms, by contrast, look for "more of a quant-computer-type person," says Kahn, who has a finance degree from the Wharton School. The quants use a range of strategies. One is simultaneously posting bids and offers for ever-changing amounts of a single stock. Prices tend to vary by minuscule amounts on different electronic exchanges, so a stock can be bought at a lower price on one, then sold instantly at a higher price on another. The profit could be as little as a hundredth of a cent per share, which, multiplied by millions of shares a day, adds up to real money. One thing that apparently happened on May 6 is that when HFT firms reacted to the market's sudden moves by slowing their computers or switching them off, buy orders that had been in place only seconds earlier disappeared, causing disequilibrium. HFT behavior, to be sure, wasn't the only factor that turned a down day in the markets into an abrupt collapse. Conflicting rules among exchanges also played a role. RGM's Gorelick says his HFT firm, founded in 2001, continued to trade during the market turmoil. Its software developers and IT support people crowded onto the trading floor in Austin and quietly stared at the computer screens. Gorelick says, however, that high-frequency buying and selling wasn't so much the problem. He blames "old-fashioned human panic," worsened by inconsistent policies among exchanges. Kahn disagrees. "The system broke down" on May 6, he says. "There should be and will be structural changes in the future." New regulation is coming, he adds. "We just don't know what it will be." Schapiro has said she hasn't assessed any blame yet. HFT firms that pulled back may have acted appropriately, given that they had no legal obligation to do otherwise, she told Congress. In addition to its circuit-breaker proposal, the SEC is expected to consider requiring high-frequency traders to continue to make markets, even during a major selloff. Some would resist such a mandate. "No one should be forced to provide liquidity when CNBC is showing riots in Greece in the morning and there are worries the bailout of Greece and Portugal will fall apart and they'll default on their debt," says Pipeline's Federspiel. On another front, some lawmakers have proposed enacting a tiny tax on each equity trade. Such a levy would likely discourage some high-frequency trading, slow the market's pace overall, and raise billions in revenue for the federal government. Some of the tax proceeds could be used to bolster SEC monitoring. After the frenzy of May 6, Clarence Woods of Baltimore says he ended up more or less where he started. He's moving ahead with plans for his new hedge fund and counts on the SEC to reassess the market: "We'll sit back, see what works and what doesn't." Manuel Henriquez, the Palo Alto venture capitalist, acknowledges "a visceral reaction to pull all the computers out." He doesn't think that's feasible, though. "We need to continue to embrace technology, but understand that technology can bite both ways." Matt Andresen helped launch Island ECN in 1996 and later oversaw market making at Citadel Investment Group, which he left in March 2009. "The impact of the high-frequency tool has been, I believe, very democratizing," he says. Brokers serving individual investors can execute orders more quickly and less expensively?at least on most days. Then there was May 6. "Whatever the cause of it," Andresen says, "the failure mode was unacceptable." With Jeff Kearns, Whitney Kisling, and Peter Coy Mehta is a reporter for Bloomberg News. Thomasson is a reporter for Bloomberg News. Barrett is an assistant managing editor at Bloomberg Businessweek. From rforno at infowarrior.org Sun May 23 21:58:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 May 2010 22:58:00 -0400 Subject: [Infowarrior] - OT: Attention Deficit Democracy Message-ID: <2F910C94-E07C-4A8D-9602-DED8511B9C9C@infowarrior.org> After the Polling Booths Close .... Obama and Attention Deficit Democracy By JAMES BOVARD http://www.counterpunch.org/bovard05212010.html In his commencement address at the University of Michigan on May 1, President Obama warned that public ignorance subverts self-government. Obama declared: ?When we don?t pay close attention to the decisions made by our leaders, when we fail to educate ourselves about the major issues of the day... that?s when democracy breaks down. That?s when power is abused.? Unfortunately, most Americans have little or no idea how government works or who is holding the reins on their lives. Most American voters do not know the name of their congressman, the length of terms of House or Senate members, or what the Bill of Rights guarantees. Most Americans cannot name a single Supreme Court justice or a single cabinet department in the federal government. But the ignorance goes far beyond Civics 101. In his commencement speech, Obama declared that ?we need an educated citizenry that values hard evidence and not just assertion.? Except, of course, when government officials assert that ?there is nothing to see here - just move along.? While Obama loudly urges Americans to get better informed, Republicans and Democrats are quietly covering up some of the government?s worst abuses. Obama heavily pressured Congress last year to enact a law prohibiting the release of thousands of photos showing horrendous abuse of detainees in Iraq and Afghanistan by U.S. troops. From 2004 onwards, the U.S. government deceived Americans - first claiming the torture scandal involved only ?a few bad apples? from West Virginia, and then insisting that it was merely a few bad units, and then asserting that there was no national policy. By 2008, it was clear that the torture was mandated at high levels of the White House and Pentagon. Suppressing the photos makes it easier for former Vice President Dick Cheney and others who crafted the policies to continue denying that any crimes ever occurred. Obama is also squelching the vast majority of facts regarding the National Security Agency?s 2002+ warrantless wiretapping of Americans. (Federal judge Vaughn Walker recently ruled that the wiretaps were illegal ). No individual American has been permitted to know whether NSA copied his email or recorded his calls. The Obama administration even refuses to release the Bush-era Justice Department memos that ?proved? why government is now entitled to spy on citizens without a warrant. While Congress granted retroactive immunity to the federal officials and phone companies that betrayed Americans? privacy, Obama?s Justice Department is prosecuting a NSA official for notifying the media of the abuse. Obama?s vision of democracy also does not include permitting Americans to learn which banks and other financial institutions received trillions of dollars of subsidies and guarantees from the Federal Reserve. Sen. Bernie Sanders (Ind.-Vt.) and Rep. Ron Paul (R-Tx) pushed an ?Audit the Federal Reserve? amendment to the financial regulation bill. But the Obama White House acted as if disclosing the names of the lucky companies that received windfall benefits would violate the rights of the biggest welfare recipients in American history. How are citizens supposed to stop abuses when politicians refuse to let them know what government is doing? The government claims that evidence of its torture and wiretapping must be suppressed in the name of national security. But this greatly reduces the likelihood that Americans will learn from their rulers? folly. The recent coverups illustrate how our republic is becoming an Attention Deficit Democracy. The government remains nominally democratic - elections continue to be boisterous events with mass rallies and tidal waves of dubious ads. But after the polling booths close, most citizens remain clueless about what their rulers do in their name. Attention Deficit Democracy begets Leviathan because rulers exploit people?s ignorance to seize more power over them. The contract between rulers and ruled is replaced by a blank check. And regardless of how many secrets the government keeps, the rulers still act like the people are liable for all the government?s abuses. Obama urged graduating students to ?pay attention? and ?stay informed.? Citizens should be especially curious about what lurks behind the curtains that politicians close. The more crimes politicians are permitted to hide, the fewer liberties citizens will retain. #### James Bovard is the author of Attention Deficit Democracy, The Bush Betrayal, Terrorism and Tyranny, and other books. He serves as a policy advisor for the Future of Freedom Foundation. From rforno at infowarrior.org Sun May 23 22:59:27 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 23 May 2010 23:59:27 -0400 Subject: [Infowarrior] - Great PR by/for BP (not...) Message-ID: <32F07FFF-A0A5-414E-9FEC-52B1C55BC56D@infowarrior.org> (c/o Anonymous) http://twitter.com/bpglobalpr/status/14584751888 "Please do NOT take or clean any oil you find on the beach. That is the property of British Petroleum and we WILL sue you." about 5 hours ago via Twitterrific @BPGlobalPR From rforno at infowarrior.org Mon May 24 07:13:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 May 2010 08:13:02 -0400 Subject: [Infowarrior] - MD: Illegal to record an arrest? Message-ID: <91A09954-87AC-43FF-BA66-82C2AD09682C@infowarrior.org> ay 21, 2010 6:18 pm US/Eastern Debate Sparks Over Video Recording Of Arrests http://wjz.com/local/preakness.fight.internet.2.1708562.html Mike Hellgren BALTIMORE (WJZ) ? Several Marylanders face felony charges for recording their arrests on camera, and others have been intimidated to shut their cameras off. That's touched off a legal controversy. Mike Hellgren explains the fierce debate and what you should do to protect yourself. A man whose arrest was caught on video faces felony charges from Maryland State Police for recording it on camera. "We are enforcing the law, and we don't make any apologies for that," said Greg Shipley, MSP. Video of another arrest at the Preakness quickly made its way online, despite an officer issuing this warning to the person who shot it, "Do me a favor and turn that off. It's illegal to videotape anybody's voice or anything else, against the law in the state of Maryland." But is he right? Can police stop you from recording their actions, like a beating at the University of Maryland College Park? The American Civil Liberties Union says no. "For the government to be saying it has the power to prevent citizens from doing that is profoundly shocking, troubling, and particularly in the case of Maryland, simply flat-out wrong," said David Roach, ACLU. Under Maryland law, conversations in private cannot be recorded without the consent of both people involved. But can that be applied to incidents such as one caught on tape three years ago where a Baltimore officer arrested a teenager at the Inner Harbor? "When you tell me to turn it off because it's against the law, you've proven to me that I'm not secretly taping you," said law professor Byron Warnken. "He doesn't have the right to say, if you don't stop recording me, I'm going to arrest you." The last official interpretation of Maryland's law came from the previous attorney general saying it was legal for officers to record video on dashcams. Delegate Sandy Rosenberg is pushing the current attorney general for his opinion on whether you can record them, too. "If he finds that there are circumstances when it's illegal, under existing law, to tape public actions by police or other public officials, then it's appropriate for me to introduce a bill to change that statute," said Rosenberg, Democrat, District 41, Baltimore City. At this point, the attorney general has not indicated whether he will issue an opinion clarifying this law. (? MMX, CBS Broadcasting Inc. All Rights Reserved.) From rforno at infowarrior.org Mon May 24 07:14:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 May 2010 08:14:13 -0400 Subject: [Infowarrior] - Danger in the Internet Cafe? Typhoid Adware Message-ID: Danger in the Internet Cafe? New Computer Security Threat for Wireless Networks: Typhoid Adware http://www.sciencedaily.com/releases/2010/05/100521191436.htm ScienceDaily (May 21, 2010) ? There's a potential threat lurking in your internet caf?, say University of Calgary computer science researchers. It's called Typhoid adware and works in similar fashion to Typhoid Mary, the first identified healthy carrier of typhoid fever who spread the disease to dozens of people in the New York area in the early 1900s. "Our research describes a potential computer security threat and offers some solutions," says associate professor John Aycock, who co-authored a paper with assistant professor Mea Wang and students Daniel Medeiros Nunes de Castro and Eric Lin. "We're looking at a different variant of adware -- Typhoid adware -which we haven't seen out there yet, but we believe could be a threat soon." Adware is software that sneaks onto computers often when users download things, for example fancy tool bars or free screen savers, and it typically pops up lots and lots of ads. Typhoid adware needs a wireless internet caf? or other area where users share a non-encrypted wireless connection. "Typhoid adware is designed for public places where people bring their laptops," says Aycock. "It's far more covert, displaying advertisements on computers that don't have the adware installed, not the ones that do." The paper demonstrates how Typhoid adware works as well as presents solutions on how to defend against such attacks. De Castro recently presented it at the EICAR conference in Paris, a conference devoted to IT security. Typically, adware authors install their software on as many machines as possible. But Typhoid adware comes from another person's computer and convinces other laptops to communicate with it and not the legitimate access point. Then the Typhoid adware automatically inserts advertisements in videos and web pages on the other computers. Meanwhile, the carrier sips her latt? in peace -- she sees no advertisements and doesn't know she is infected ?- just like symptomless Typhoid Mary. U of C researchers have come up with a number of defenses against Typhoid adware. One is protecting the content of videos to ensure that what users see comes from the original source. Another is a way to "tell" laptops they are at an Internet caf? to make them more suspicious of contact from other computers. "When you go to an Internet caf?, you tell your computer you are there and it can put up these defenses. Anti-virus companies can do the same thing through software that stops your computer from being misled and re-directed to someone else," says Aycock. Why worry about ads? Aycock explains it this way: "Not only are ads annoying but they can also advertise rogue antivirus software that's harmful to your computer, so ads are in some sense the tip of the iceberg." The paper Typhoid Adware can be found: http://pages.cpsc.ucalgary.ca/~aycock/papers/eicar10.pdf From rforno at infowarrior.org Mon May 24 22:23:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 24 May 2010 23:23:00 -0400 Subject: [Infowarrior] - OT: 26-Page Brownie Recipe? Only At The Pentagon Message-ID: (PDF of The Recipe, for those interested, is @ http://liw.iki.fi/liw/misc/MIL-C-44072C.pdf) A 26-Page Brownie Recipe? Only At The Pentagon by NPR Staff May 22, 2010 http://www.npr.org/templates/story/story.php?storyId=127058298&ps=cprs Baking brownies is one of the easiest things you can do in the kitchen. Most recipes have fewer than 10 ingredients, and the instructions are simple ? measure, mix, bake. Well, not if you're baking for the Pentagon. The latest viral sensation to hit the Internet is a 26-page document laying out all the rules and regulations you need to follow to bake appropriate treats for our men and women in uniform. Take Section 3.2.6 of the recipe, for example, which covers eggs. It reads, in part, "Whole eggs may be liquid or frozen and shall have been processed and labeled in accordance with the Regulations Governing the Inspection of Eggs and Egg Products (7 CFR Part 59)." You get the picture. Jeremy Whitsitt, with the Department of Defense Combat Feeding Directorate, tells host Guy Raz that the extra care is needed because military bakers face unique challenges. "One thing we like to say is, 'What would happen if you cooked a meal, stored it in a stifling hot warehouse, dropped it out of an airplane, dragged it through the mud, left it out with bugs and vermin, and ate it three years later?'" If it were a military meal, Whitsitt says, it would still be edible and maybe even tasty. Brownies made from the Pentagon?s recipe will probably last about three years if they're packaged properly. But the important question is, how do they taste? We asked Penny Karas, the founder of Hello Cupcake bakery in Washington, D.C., to whip up us a batch. And to be honest, they weren't too good: dry, crumbly and dense. But they did taste as if they might last quite a while if boxed up and shipped to a war zone. The Pentagon actually updated its official brownie specifications recently. The new document has been streamlined and expanded to cover things like lemon poppy seed cake and chocolate banana nut muffin tops. The length? 31 pages. From rforno at infowarrior.org Tue May 25 08:16:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 May 2010 09:16:24 -0400 Subject: [Infowarrior] - SCOTUS: Antitrust Law Applies To The NFL; No Exclusive Licensing Allowed Message-ID: <590BE03C-4273-4ECC-8A57-28574E3B350A@infowarrior.org> Supreme Court Says Antitrust Law Applies To The NFL; No Exclusive Licensing Allowed from the good-move dept http://techdirt.com/articles/20100524/1441469552.shtml Earlier this year, we mentioned the Supreme Court was reviewing a lawsuit over whether or not the NFL had the right to have an exclusive license for its apparel. A company, American Needle, who had supplied apparel to various NFL teams, sued the NFL after it had entered into a long-term exclusive contract with Reebok to handle all team apparel. American Needle claimed that this was a clear anti-trust violation, as all of the teams had colluded to exclude everyone else from the market. The NFL argued, instead, that the entire league should be viewed as a single company. Today, the Supreme Court ruled against the NFL, saying that each team should be viewed as a separate company. The case then gets sent back down to be reconsidered: The details of this particular case are somewhat unique, in that it really only applies to situations where there are sports leagues (Major League Baseball is the only sports league that has an official exemption from Congress for antitrust issues -- though it's not clear why the different treatment). However, the decision by retiring Justice John Paul Stevens highlights the importance of competition, and the problems of letting organizations team up, just because teaming up makes better financial sense for all of those organizations: Directly relevant to this case, the teams compete in the market for intellectual property. To a firm making hats, the Saints and the Colts are two potentially competing suppliers of valuable trademarks. When each NFL team licenses its intellectual property, it is not pursuing the "common interests of the whole" league but is instead pursuing interests of each "corporation itself," Copperweld, 467 U. S., at 770; teams are acting as "separate economic actors pursuing separate economic interests," and each team therefore is a potential "independent cente[r] of decisionmaking," id., at 769. Decisions by NFL teams to license their separately owned trademarks collectively and to only one vendor are decisions that "depriv[e] the marketplace of independent centers of decisionmaking," ibid., and therefore of actual or potential competition. This makes a lot of sense. Otherwise, you could argue that any particular industry could set up an organization of which all the companies in that industry are a "member" and allow that single organization to negotiate exclusive deals, with the argument that it's "for the common interests of the whole." But, that's obviously collusion, with the intent to harm consumers. Thankfully, the Supreme Court saw through the flimsy claim that such a structure makes companies immune to antitrust law. From rforno at infowarrior.org Tue May 25 10:06:58 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 May 2010 11:06:58 -0400 Subject: [Infowarrior] - NKorea severs all ties with rival SKorea Message-ID: <9F8635D9-D413-48C2-BAFC-24C4C3091CC9@infowarrior.org> NKorea severs all ties with rival SKorea By HYUNG-JIN KIM The Associated Press Tuesday, May 25, 2010; 10:58 AM http://www.washingtonpost.com/wp-dyn/content/article/2010/05/25/AR2010052500416_pf.html SEOUL, South Korea -- North Korea declared Tuesday that it would sever all communication and relations with Seoul as punishment for blaming it for the sinking of a South Korean warship. The North also announced it would expel all South Koreans working at a joint factory park in the northern border town of Kaesong, the official Korean Central News Agency said in a dispatch monitored in Seoul late Tuesday. Tensions were rising on the divided Korean peninsula in the wake of an investigation report blaming North Korea for a torpedo attack that sank the Cheonan warship on March 26, killing 46 South Korean sailors. South Korea's military restarted psychological warfare operations - including blaring radio broadcasts into the North and placing loudspeakers at the border to blast out propaganda - to punish the North for the provocation. The South is also slashing trade and denying permission to North Korean cargo ships to pass through South Korean waters. North Korea struck back by declaring it would cut all ties with the South until President Lee Myung-bak leaves office. South Korean ships and airliners will be banned from passing through its territory and the North will resume its own psychological warfare, KCNA said. Earlier, one Seoul-based monitoring agency reported that North Korea's leader ordered its 1.2 million-member military to get ready for combat. South Korean officials could not immediately confirm the report. The North flatly denies involvement in the sinking of the Cheonan, one of the South's worst military disasters since the 1950-53 Korean War ended with an armistice, and has warned that retaliation would mean war. It has threatened to destroy any propaganda facilities installed at the heavily militarized border. A team of international investigators, however, concluded last week that a torpedo from a North Korean submarine tore apart the Cheonan. ? 2010 The Associated Press From rforno at infowarrior.org Tue May 25 14:03:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 May 2010 15:03:39 -0400 Subject: [Infowarrior] - Three strikes, copyright and copytight? Message-ID: <6080F266-73C4-4A32-A6BC-E3938D9EB1CB@infowarrior.org> Three strikes, copyright and copytight? Posted by: johnnyryan on: 24 April 2010 Together with a colleague at the IIEA, Caitriona Heinl, I have been examining the current state of three strikes measures against music piracy (see earlier related blog entry). This comes as part of an IIEA study. This document presents an overview of ?three strikes? measures, what they seek to achieve, the mechanisms by which they operate, and the difficulties currently experienced within the EU and beyond in their introduction. The purpose of this document is to establish whether a three strikes mechanism is applicable to illegal violent radical content online, and whether it is transferrable across the EU. Note: FOOTNOTES AND SOURCES PROVIDED IN PDF VERSION Though three strikes measures are in prospect in a number of EU Member States, no functioning system has yet been implemented as a matter of government policy. Ireland, where the dominant ISP has recently agreed to implement a three strikes system, offers an insight into the technical measures proposed for this system. Since the three strikes approach is at so early a stage this study also includes a number of related initiatives in countries beyond the EU to provide sufficient information. Note: Three strikes measures, also referred to as ?graduated response?, are not explicitly mentioned in the Terms of Reference for the NLM Study. However they represent a developing mechanism by which authorities in many Member States and Third Countries are presently seeking to prevent the dissemination of illegal, in this case copyright infringing content. As an experimental and highly visible instance of measures, in some cases non-legislative measures, the three strikes system is within the study team?s remit. This document is a necessary product of the NLM study for the simple reason that, to our knowledge, no other overview of three strikes initiatives is presently available. < - > http://johnnyryan.wordpress.com/2010/04/24/three-strikes-copyright-and-copytight/ From rforno at infowarrior.org Tue May 25 22:30:06 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 May 2010 23:30:06 -0400 Subject: [Infowarrior] - Pushy fliers may show up on TSA's radar Message-ID: <5801DA5E-FE43-4669-8C07-16056907018D@infowarrior.org> Pushy fliers may show up on TSA's radar Updated 22h 44m ago | Comments 290 | Recommend 27 E-mail | Save | Print | Reprints & Permissions | By Thomas Frank, USA TODAY http://www.usatoday.com/travel/flights/2010-05-24-TSA-threatening-fliers-watch-list_N.htm WASHINGTON ? Airline passengers who get frustrated and kick a wall, throw a suitcase or make a pithy comment to a screener could find themselves in a little-known Homeland Security database. The Transportation Security Administration says it is keeping records of people who make its screeners feel threatened as part of an effort to prevent workplace violence. Privacy advocates fear the database could feed government watch lists and subject innocent people to extra airport screening. "Is this going to be the baby watch list? There's a potential for the misuse of information or the mischaracterization of harmless events as potential threats," American Civil Liberties Union lawyer Michael German said. A TSA report says the database can include names, birth dates, Social Security numbers, home addresses and phone numbers of people involved in airport incidents, including aggressors, victims and witnesses. Incidents in the database include threats, bullying or verbal abuse, remarks about death or violence, brandishing a real or fake weapon, intentionally scaring workers or excessive displays of anger such as punching a wall or kicking equipment, the report says. The database was created in late 2007 as the TSA launched a program to prevent the nation's 50,000 airport screeners from being attacked or threatened, agency spokeswoman Kristin Lee said. At the time, TSA officials voiced concern about passengers disrespecting screeners, and they began issuing new uniforms with police-style badges pinned to shirts. Lee said attacks and threats against screeners are "rare" and the database has records from about 240 incidents. Most are screeners in conflict with other screeners. About 30 incidents involve people such as passengers or airport workers attacking or threatening screeners, Lee said. Information about passengers is taken from incident reports that the TSA writes when a traveler threatens or attacks a screener, Lee said. "The program's focus is on prevention," Lee said. The database helps the TSA spot trends in incidents that can shape workplace-safety programs, Lee said. A TSA document published in February says database information can be given to government agencies and to airports, airlines and rail and bus systems in cases involving their workers or job applicants. "They may be contacted by the TSA if an incident involves their employee," Lee said. A.J. Castilla, a screener at Boston's Logan International Airport and an official with a TSA union, said he has seen passengers throw shoes at and push screeners, but incidents have subsided more recently. The ACLU's German said he worries that the incidents in the database are broad. "I've been very angry at an airport because flying can be a very frustrating experience," he said. From rforno at infowarrior.org Tue May 25 22:31:44 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 25 May 2010 23:31:44 -0400 Subject: [Infowarrior] - Satellite-Killing Space Junk Risks $250 Billion Market, TV Message-ID: <8DC8ABB0-E27E-4AEE-A2E5-30398FC6BB26@infowarrior.org> Satellite-Killing Space Junk Risks $250 Billion Market, TV By Jonathan Tirone - May 25, 2010 http://preview.bloomberg.com/news/2010-05-25/satellite-killing-junk-risks-250-billion-space-market-ahead-of-world-cup.html Trash in space may bring commerce and communications on Earth to a halt unless policy makers and executives take steps to prevent satellite collisions with orbiting junk, according to a Pentagon report. Potential crashes between satellites and debris -- refuse from old rockets, abandoned satellites and missile shrapnel -- are threatening the $250 billion space-services market providing financial communication, global-positioning navigation, international phone connections, Google-Earth pictures, television signals and weather forecasts, the report says. Space is ?increasingly congested and contested,? said the U.S. Defense Department?s interim U.S. Space Posture Review, which was sent to Congress in March and not publicly released. Scientists are warning that space collisions could set off an uncontrolled chain reaction that might make some orbits unusable for commercial or military satellites because they are too littered with debris. The February 2009 crash between a defunct Russian Cosmos satellite and an Iridium Communications Inc. satellite left 1,500 pieces of junk, each whizzing around the earth at 7.8 kilometers (4.8 miles) a second and each capable of destroying more satellites. ?This is almost the tipping point,? Bharath Gopalaswamy, an Indian rocket scientist researching space debris at the Stockholm International Peace Research Institute, said in an e- mailed response to questions. ?No satellite can be reliably shielded against this kind of destructive force.? Chinese Missile Test A Chinese missile test destroyed a satellite in January 2007, leaving 150,000 pieces of junk in the atmosphere, according to Gopalaswamy. That test was a central factor in pushing the U.S. to help the United Nations issue guidelines urging companies and countries not to clutter orbits with junk, the Space Posture Review says. ?Nobody recognized this as a big issue until a few years ago,? said Chris Kunstadter, vice president of insurance operations at XL Capital Ltd., a New York-based company selling satellite policies. ?The Chinese interceptor test and the Iridium incident opened our eyes.? In low-earth orbit, between 800 and 1,000 kilometers above the planet, there are now more than 370,000 pieces of junk, compared with 1,100 satellites, Gopalaswamy estimates. The U.S. Space Posture Review, the second produced since 2007, forecasts orbital congestion will worsen. Space needs ?policies and laws to protect the public interest,? UN Office on Outer Space Affairs Director Mazlan Othman said in an interview. ?We should have all the instruments to make sure that lifestyles are not disrupted because of misconduct in space? when people ?switch the television to watch the World Cup next month in Johannesburg.? Avoiding Debris ?We are seeing an increasing number of incidents when operators have to maneuver their satellites to avoid a piece of debris,? David Wade, an underwriter at London-based Atrium Space Insurance Consortium, said in an e-mail responding to questions. ?Performing these maneuvers consumes additional fuel and reduces the lifetime of the satellite.? XL and Atrium, a partner with Lloyd?s of London, say that the higher risk of satellite collisions with debris hasn?t yet led to higher premium payments. Officials at low-earth orbit satellite operators Dulles, Virginia-based GeoEye Inc., Longmont, Colorado-based DigitalGlobe Inc., which provides satellite imagery to Google Earth, and McLean, Virginia-based Iridium Communications, with the world?s biggest satellite constellation, declined to comment. Services Threatened Communications satellites at altitudes of 36,000 kilometers also face space debris problems. Companies sometimes resort to ?gentlemen?s agreements? through the UN?s International Telecommunications Union under which they temporarily rely on satellites from competitors when services are threatened, Yves Feltes, a spokesman for SES SA, the world?s biggest publicly traded satellite operator, said in a telephone interview. A satellite operated by Luxembourg-based SES was threatened by an out-of-control Intelsat-Galaxy-15 satellite in May. Intelsat S.A.?s satellite interfered with the transmission frequency of an SES space asset after Earth-bound technicians couldn?t regain control over the Galaxy-15. Intelsat and SES are both pioneers in the commercial uses of space. Intelsat began transmitting signals in 1965, the result of a law signed by President John F. Kennedy giving private companies access to space. SES was launched in 1985 as Europe?s first private satellite network. Impairment Loss ?We are working closely with SES, and have been since the early days of the anomaly, to minimize the interference that could be caused by the satellite as it flies by other satellites,? Intelsat spokeswoman Dianne VanBeber said in an e- mail response to questions. The closely held company may have to take an impairment loss for the Galaxy-15 satellite, valued at $142 million, Intelsat said May 12. ?Any outage due to an unexpected technical or health problem usually leads to credits to the customers for compensation,? SES says on its website. ?An hour of outage for a satellite can cost as much as $150,000.? TV viewers may face programming interruptions unless rival companies adjust to the defunct Intelsat satellite?s orbit, according to the UN. The incident highlights the need for tougher regulations. ?Satellites are becoming an ever greater part of our everyday lives,? Wade said. ?We certainly hope that there will be no further irresponsible acts such as targeting satellites with weapons which would increase the debris threat even further.? The UN Committee on the Peaceful Uses of Outer Space will debate how best to reduce orbital debris when it meets in the Austrian capital on June 9. From rforno at infowarrior.org Wed May 26 07:04:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 May 2010 08:04:24 -0400 Subject: [Infowarrior] - Google tries its hand at influence in Washington Message-ID: <410CDE7F-30EE-430D-9DF6-649B303A2CE2@infowarrior.org> Google tries its hand at influence in Washington By Ariana Eunjung Cha and Cecilia Kang Washington Post Foreign Service Wednesday, May 26, 2010; A12 http://www.washingtonpost.com/wp-dyn/content/article/2010/05/25/AR2010052504496_pf.html When someone as influential as Sen. John D. Rockefeller IV requests your presence at a hearing, Washington insiders know it's more of a summons than an invitation. So for two hours on the morning of April 29, Microsoft, Facebook, the Federal Trade Commission, and experts from academia, think tanks and privacy groups dutifully came to answer questions about children's online privacy. But another invitee, Google, the biggest online company of all, was a no-show. Over the past year, Google's critics have expressed concern about the company's growing influence in Washington -- its close ties to the Obama administration and the millions it spends on lobbying. Last week, the nation's deputy chief technology officer, Andrew McLaughlin, was reprimanded for continuing to e-mail with his former Google colleagues about issues related to his White House duties. On the ground in the nation's capital, though, Google's reputation is more that of a scatterbrained graduate student than of a political operative. 'Viral lobbying' Google, a once-scrappy Silicon Valley search company that is valued at more than $150 billion, is building an unconventional presence in Washington, with connections to think tanks, education sessions on high-tech issues for legislative staff members and charitable efforts on behalf of high-profile causes. The company's approach focuses on making smart arguments and the view that those who disagree don't have all the facts. Google employees tend to hand out thick white papers or academic studies. Although they try to put in face time at events such as hearings, cocktail receptions and baseball games, it is usually not to the extent that more traditional lobbyists do, say government officials, legislative staffers, trade groups and competitors. "We believe that with good information you can make good decisions. D.C. certainly has its own set of rules, but a data-driven approach has served us well," said Mistique Cano, a District-based spokeswoman for Google. Ralph Hellman, chief lobbyist for the Information Technology Industry Council, a Washington trade group, describes it as "viral lobbying." But he said that strategy hasn't always been effective: "They like to make the intellectual argument, but that can only get you so far." Google declined to comment on Rockefeller's hearing last month. Whether its no-show was an honest oversight, an effort to avoid public questioning at a sensitive time or a deliberate slight, the senator was not pleased. "It was a stupid mistake for them not to show up, and I say shame on them," Rockefeller (D-W.Va.) said at the hearing. Although Apple, the Silicon Valley computer maker, also declined to accept Rockefeller's request, its presence in Washington has been limited and it doesn't need friends in Washington as desperately as Google does. An antitrust inquiry into Google's $750 million bid to buy mobile ad firm AdMob was resolved Friday when the FTC allowed it to move forward. But the company still faces questions about its efforts to digitize books and how its board of directors interlocks with that of other Silicon Valley giants. The FTC has opened an investigation into privacy issues related to Google Street View vans capturing data from WiFi networks, and lawmakers and consumer groups have called on the FTC to look into privacy issues related to Google's Buzz social-networking application. Google built its $23.7 billion-a-year online advertising empire on the public trust engendered by its maverick, environmentally conscious "do no evil" PhD founders. But their style hasn't always been a good match for Washington. In 2006, when Google co-founder Sergey Brin visited Capitol Hill, he found that he couldn't get in to meet with many of the senators he wanted to because Google had contacted the lawmakers only days before. But by 2008, things had begun to change. Google employees were among the strongest supporters of Obama's campaign, donating about $800,000. Chief executive Eric Schmidt actively stumped for Obama. After the election, three Google executives went to work for the White House. A $4 million force Last year, Google spent $4 million on lobbying, 50 times as much as it did in 2003, when it first turned its attention to Washington. Google's spending is still significantly lower than its main adversaries' lobbying tabs: $6.7 million for Microsoft and $14.7 million for AT&T. But it's more than double what Amazon, Yahoo and eBay spent. As part of its efforts to improve communication between techies and Washington, Google set up a policy fellows program that places about 15 students at think tanks for the summer. In addition, Schmidt and his wife, Wendy, have donated more than $1 million of their personal money to the New America Foundation, which has done a lot of research on open Internet issues that Google is fighting for. Google's increasingly closer ties to Washington have alarmed Silicon Valley competitors, who worry that the company will get special treatment. Some were irritated, for instance, when Energy Secretary Steven Chu in October chose to give a major policy speech at the Google campus rather than at a neutral location. "When these kinds of things come up at the same time that Google is under investigation by both antitrust authorities it really sends kind of a strange signal," said Gary Reback, a Palo Alto, Calif.-based antitrust attorney for a coalition of Internet companies, libraries, nonprofits and individuals that is opposing a proposed settlement that would allow Google to commercialize millions of digital books. E-mails between McLaughlin, previously Google's top global policy officer, and his former co-workers at Google that were released last Tuesday don't show undue influence, but some of it violated a government ethics pledge he had signed. In one case, Alan Davidson, director of U.S. policy for Google, talks about organizing the industry to defend comments by McLaughlin that were getting bad publicity. "[S]ome of those folks will have your back," Davidson wrote. Google's D.C. office, a 31,000-square-foot space north of Metro Center that includes a foosball table and an old-fashioned video arcade featuring "Street Fighter II," is filled with about 35 staffers (including engineers and sales workers) . The lobbying and communications team is a mix of old Washington hands and recent university graduates. Among the most experienced: Robert Boorstin, a former speechwriter for President Bill Clinton; Pablo Chavez, former counsel for Sen. John McCain (R-Ariz.); and Johanna Shelton, who worked on the House Energy and Commerce Committee. This team has sought to charm Washington with a strategy of what it calls "thought leadership." Googlers say that the company has a long-term view of its lobbying and that its goal is to serve as a resource for legislators and government officials who have tech questions. Google often describes itself as a company that is a think tank or a think tank that is a company. Instead of walking into Capitol Hill offices with "asks" (requests for things such as signatures on letters and public statements or changes to bills) as other K Streettypes do, Google lobbyists and executives such as Schmidt, Brin and co-founder Larry Page like to banter about lofty, idealistic concepts. Topics such as clean energy, the origins of the Internet and the benefits of free trade don't clearly link to Google's immediate business interests. One Senate staffer said Google representatives seem to make a conscious effort not to start sentences with "We" or "Google" but prefer to talk in generalities. Google's efforts to appear to be above the politicking of Washington have rankled its more traditional competitors. "They try to portray themselves as a useful Internet tool for the world to use and love, but actually their business model is that of a giant advertising machine. They take too much comfort in the fact that people will only see them as a fantastic and amazing Internet tool and that they won't be held accountable. But that in the long range will backfire," said Hilary Rosen, a longtime industry lobbyist who is now a managing partner of the Brunswick Group. Her firm represents Microsoft, a competitor of Google in online search, e-mail and documents. John Simpson, a researcher for the nonprofit Consumer Watchdog who was the first to raise questions about McLaughlin's appointment to the White House, said Google's bumbling intellectual persona in Washington is just an act. "They have an image they want to cultivate, but when push comes to shove, they are as tough and hard-nosed as anybody and as capable of doing all the same sorts of things to throw their influence around Washington. They are good at it," Simpson said, "and they are getting better." From rforno at infowarrior.org Wed May 26 07:10:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 May 2010 08:10:01 -0400 Subject: [Infowarrior] - Law Firm Asks Alleged File-Sharers To Incriminate Themselves Message-ID: <117BB539-014B-4A28-87AE-766587BFED4B@infowarrior.org> Law Firm Asks Alleged File-Sharers To Incriminate Themselves Written by enigmax on May 26, 2010 http://torrentfreak.com/law-firm-asks-alleged-file-sharers-to-incriminate-themselves-100526/ Lawyers ACS:Law in the UK are now into their second year of threatening alleged pirates with legal action. Since they don?t have a good case when people deny their allegations, for some time now the firm has been sending out questionnaires which allow people to build a case against themselves. As a UK consumer magazine is pointing out, people don?t have to play this game. After sending out thousands of letters to UK Internet users who have allegedly infringed their clients? rights, lawyers ACS:Law have a couple of cracks appearing in their armor. Davenport Lyons (DL), the law firm which pioneered the ?pay-up-or-else? scheme in the UK, are facing disciplinary proceedings by the Solicitors Regulation Authority on allegations of misconduct. Knowing full well that they cannot make the same mistakes as DL, ACS:Law are trying to be a little more careful in the way they try to force money out of letter recipients. According to ACS:Law owner Andrew Crossley, his company does not state that the people they send their letters to are guilty of anything, only that their connection has been used to infringe. He also goes on to say that his letters are merely an offer to settle any potential legal case in the future and people aren?t obliged to pay anything. This is great news. Since Crossley admits he can?t prove the letter recipient has committed any infringement, that same recipient is under no obligation to pay a dime. So it?s all finished there then? Not a chance, ACS:Law don?t give up so easily. Yesterday consumer magazine Which? reported on the questionnaires being sent out by ACS:Law. The law firm sends these out once people have written to them denying they did anything wrong. All they are designed to do is to enable the letter recipient to incriminate themselves or, in some cases, other people. The advice from Deborah Prince, Which??s head of legal affairs, is that people are under no obligation to fill in these questionnaires. These bits of paper simply amount to a fishing trip by a law firm clutching at straws in the face of a recipient who won?t be bullied and won?t pay up. But these questionnaires aren?t new ? ACS:Law have been sending these out for some time. Just after we published consumer group Being Threatened?s guide to dealing with letters from the lawyers back in January, they added a bonus section. The Speculative Invoicing Handbook Bonus Chapter: Not replying to a questionnaire is available for download here and really shows these questionnaires for what they are. ?If you?ve ?replied and denied? and now received a letter from a law firm requesting further information: Congratulations! This kind of mailing demonstrates that at present they don?t have enough information to build a case against you,? explains the guide. ?Your straight denial has left them out in the cold. Now they?re hoping you?ll be kind enough to fabricate a case against yourself (or maybe someone else) on their behalf. Perhaps you?ll be good enough to suggest your own grandmother who surfs eBay for wool supplies when she pops over on Sundays? Maybe your younger brother, or your flatmate? Thankfully you?re not as stupid as they?d believe.? Yet despite the wealth of information available to anyone with a web browser and a rudimentary grasp of Google, people continue to give ACS:Law money. In the first 11 months of their scheme they collected an amazing ?1,000,000 from these letters. How many cases went to court? Zero. One day people will see this scheme for what it is and stop feeding it. Hopefully that will be before we see our first flying pig. From rforno at infowarrior.org Wed May 26 12:23:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 May 2010 13:23:48 -0400 Subject: [Infowarrior] - Reputation Management and Social Media Message-ID: <3541951F-1375-41B5-A08B-E8780C85396B@infowarrior.org> http://pewinternet.org/Reports/2010/Reputation-Management.aspx Reputation Management and Social Media by Mary Madden, Aaron Smith May 26, 2010 More than half (57%) of adult internet users say they have used a search engine to look up their name and see what information was available about them online, up from 47% who did so in 2006. Young adults, far from being indifferent about their digital footprints, are the most active online reputation managers in several dimensions. For example, more than two-thirds (71%) of social networking users ages 18-29 have changed the privacy settings on their profile to limit what they share with others online. Reputation management has now become a defining feature of online life for many internet users, especially the young. While some internet users are careful to project themselves online in a way that suits specific audiences, other internet users embrace an open approach to sharing information about themselves and do not take steps to restrict what they share. ?Search engines and social media sites now play a central role in building one?s identity online,? said Mary Madden, Senior Research Specialist and lead author of the report, ?Many users are learning and refining their approach as they go?changing privacy settings on profiles, customizing who can see certain updates and deleting unwanted information about them that appears online.? When compared with older users, young adults are more likely to restrict what they share and whom they share it with. ?Contrary to the popular perception that younger users embrace a laissez-faire attitude about their online reputations, young adults are often more vigilant than older adults when it comes to managing their online identities,? said Madden. About the Survey This report is based on the findings of a daily tracking survey on Americans' use of the internet. The results in this report are based on data from telephone interviews conducted by Princeton Survey Research Associates International between August 18 and September 14, 2009, among a total sample of 2,253 adults, age 18 and older including 560 cell phone interviews. Interviews were conducted in both English (n=2,179) and Spanish (n=74). For results based on the total sample, one can say with 95% confidence that the error attributable to sampling and other random effects is plus or minus 2.3 percentage points. For results based on internet users (n=1,698), the margin of sampling error is plus or minus 2.7 percentage points. In addition to sampling error, question wording and practical difficulties in conducting telephone surveys may introduce some error or bias into the findings of opinion polls. http://pewinternet.org/Reports/2010/Reputation-Management.aspx From rforno at infowarrior.org Wed May 26 13:15:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 26 May 2010 14:15:54 -0400 Subject: [Infowarrior] - Facebook reveals 'simplified' privacy changes Message-ID: Facebook reveals 'simplified' privacy changes Page last updated at 17:52 GMT, Wednesday, 26 May 2010 18:52 UK http://news.bbc.co.uk/2/hi/technology/10167143.stm Social network Facebook has said it will offer a one-stop shop for privacy settings in response to user concerns. Mark Zuckerberg admitted the settings had "gotten complex" for users. It follows a storm of protest from users over a series of changes on the site that left its members unsure about how public their information had become. "We needed to simplify controls," he told a press conference. The new system will offer users one privacy page with a list of all their applications and a choice of three settings for each. As with the changes made in December, users will be able to choose to share their applications with just friends, friends of friends or everyone. "We've focused on three things: a single control for your content, more powerful controls for your basic information and an easy control to turn off all applications," said Mark Zuckerberg, speaking at Facebook's Palo Alto headquarters. People who want more "granular control" will still be able to access existing settings. Mr Zuckerberg said that developers had "worked weekends, camped out in the conference centre" in order to overhaul its privacy settings. "The number one thing we've heard to that the settings have gotten complex and hard for people to use," he said. "It is something we take very seriously," he added. He spent time explaining how Facebook has evolved from a very basic system when it was launched in 2004 to the 400m user site it is today. "When we started Facebook, we built it around a few simple ideas. People want to share and stay connected with their friends and the people around them. When you have control over what you share, you want to share more. When you share more, the world becomes more open and connected," he said. But since then the site has rolled out hundreds of new features and, alongside them, a raft a privacy settings. Changes made to the site earlier this year and in December 2009 infuriated users and led to formal complaints from privacy groups. The European Commission described the changes as "unacceptable". From rforno at infowarrior.org Thu May 27 04:57:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 May 2010 05:57:00 -0400 Subject: [Infowarrior] - Vulnerability in iPhone data encryption Message-ID: (c/o AJR) As I was told.....the shortcut here: Power off iphone. Plug iphone in to Unbuntu system. Turn phone on. ... PROFIT! Vulnerability in iPhone data encryption http://www.h-online.com/security/news/item/Vulnerability-in-iPhone-data-encryption-1008185.html How it should be - the locked iPhone refuses the connection from a Mac. A lost iPhone is a bigger problem than previously thought. Despite encryption the finder can gain easy access to data including photos and audio recordings, even if the owner has set up their iPhone to require a pass code. And, of all things, this is made possible with Linux ? the very operating system which Apple regularly cold-shoulders. According to Apple, all data on the iPhone 3GS is hardware-encrypted using 256-bit AES, which cannot be disabled by the user. Access to data on the iPhone is normally restricted to computers with which the iPhone has previously been connected and to which the requisite credentials have previously been transferred. This exchange of credentials is blocked when the iPhone is locked, so that connecting a locked iPhone to an unfamiliar computer will not allow the latter access to data on the iPhone. The Ubuntu system mounts the iPhone and allows access to the data. However, Bernd Marienfeldt, security officer at UK internet node LINX, found that he was able to gain unfettered access to his iPhone 3GS from Ubuntu 10.04. If he connected the device whilst it was turned off and then turned it on, Ubuntu auto-mounted the file system and was able to access several folders despite never having previously been connected to the iPhone. The H's associates at heise Security have successfully reproduced the problem. An Ubuntu system which had never before communicated with the iPhone immediately displayed a range of folders. Their contents included the unencrypted images, MP3s and audio recordings stored on the device. Marienfeldt has informed Apple of the problem, which the company is now investigating. It thinks the problem is caused by a race condition, as the problem only occurs when the iPhone is turned on whilst connected to the USB bus. It is not yet clear whether an update to fix the vulnerability will be released ? in response to an enquiry from heise Security, Apple stated that it does not provide information on ongoing investigations. From rforno at infowarrior.org Thu May 27 06:31:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 May 2010 07:31:23 -0400 Subject: [Infowarrior] - New Security Strategy Focuses on Managing Threats Message-ID: <8A5AA6D3-12FA-4D9A-85DB-A760EC187F08@infowarrior.org> May 27, 2010 New Security Strategy Focuses on Managing Threats http://www.nytimes.com/2010/05/28/world/28strategy.html?hp=&pagewanted=print By DAVID E. SANGER and PETER BAKER WASHINGTON ? President Obama?s first formal National Security Strategy argues that preserving American leadership in the world hinges on learning to accept and manage the rise of many competitors, and dismisses as far too narrow the Bush era doctrine that fighting terrorism should be the nation?s overarching objective. In a 52-page document that tries to balance the idealism of Mr. Obama?s campaign promises with the realities of his confrontations with a fractious and threatening world over the past 16 months, Mr. Obama describes an American strategy that recognizes limits on how much the United States can spend to shape the globe. An America ?hardened by war? and ?disciplined by a devastating economic crisis,? he argues, cannot sustain extended fighting in both Iraq and Afghanistan, while fulfilling other commitments at home and abroad. ?The burdens of a young century cannot fall on American shoulders alone,? Mr. Obama writes in the introduction of the strategy being released on Thursday. ?Indeed, our adversaries would like to see America sap our strength by overextending our power.? That line is just one of many subtle slaps at President George W. Bush. Much of the National Security Strategy, which is required by Congress, reads as an argument for a restoration of an older order of reliance on international institutions, updated to confront modern threats. While Mr. Bush?s 2002 document explicitly said the United States would never allow the rise of a rival superpower, Mr. Obama argues that America faces no real military competitor, but that global power is increasingly diffuse. ?To succeed, we must face the world as it is,? he says. The principal author of the report, Ben Rhodes, a deputy national security adviser, noted in an interview that Mr. Obama?s move to replace the G-8 nations with a broader group, called the G-20, that includes China, India and Brazil, recognizes this reality. ?We are deeply committed to broadening the circle of responsible actors,? Mr. Rhodes said. Although the administration has put renewed focus on the war in Afghanistan and escalated C.I.A. drone strikes against militants, the strategy rejects Mr. Bush?s single-minded focus on counterterrorism as the organizing principle of national security policy. Those efforts ?to counter violent extremism? ? Mr. Obama avoids the use of the word ?Islamic? ? ?are only one element of our strategic environment and cannot define America?s engagement with the world.? He goes on to argue that ?the gravest danger to the American people and global security continues to come from weapons of mass destruction, particularly nuclear weapons.? And he dwelled on cyber threats, climate change, and America?s dependence on fossil fuels as fundamental national security issues, issues that received relatively little or no attention in Mr. Bush?s 2002 document, although his administration focused on them more in its second term. ?It is a rather dramatic departure from the most recent prior national security strategy,? Susan Rice, the American ambassador to the United Nations, said in an interview. Mr. Bush?s 2002 document articulated a vision of American power that foreshadowed the American involvement in Iraq. Mr. Obama?s version could fuel the ongoing debate about whether his philosophy expands or constricts American influence. Critics already argue that Mr. Obama does not place enough importance on fighting terrorism or fully embrace America?s singular role in the world as he seeks the favor and cooperation of other nations. A section on the use of force makes no mention of pre-emptive attacks against countries or non-state actors who may pose a threat, as Mr. Bush did in 2002, just six months before the invasion of Iraq. But Mr. Obama does not explicitly rule out striking first. ?While the use of force is sometimes necessary, we will exhaust other options before war whenever we can, and carefully weigh the costs and risks of action against the costs and risks of inaction,? he says. When it is necessary, he adds, ?we will seek broad international support, working with such institutions as NATO and the U.N. Security Council.? Mr. Bush?s aides said they would not seek a ?permission slip?? for such actions. Mr. Obama phrases that idea differently, writing, ?the United States must reserve the right to act unilaterally if necessary to defend our nation and our interests, yet we will also seek to adhere to standards that govern the use of force.? Mr. Obama also defines national security more broadly than his predecessor did, making the case, for example, that reducing the deficit is critical to sustaining American power. He emphasizes issues like the economy, education, climate change, energy and science. In that way, he tries to draw a broader theme linking his presidency to the notion of a ?new foundation,? the phrase he previously has coined as a slogan for his domestic program. ?Our national security begins at home,? the strategy says. Still, for all its self-conscious rejection of the Bush era, the document reflects elements of continuity. For example, it does not disavow using the state secrets act to withhold information from courts in terrorism cases, although it argues for prudent and limited use. It also insists that ?we will maintain the military superiority that has secured our country, and underpinned global security, for decades.? The document does not make the spread of democracy the defining priority that Mr. Bush did, but it embraces the goal more robustly than is typical for Mr. Obama, a reflection of a struggle within his administration about how to approach a topic that became so associated with Mr. Bush. Mr. Obama commits to ?welcoming all peaceful democratic movements? and to ?supporting the development of institutions within fragile democracies.? But he also broadens the goal, by saying ?We recognize economic opportunity as a human right.? And the document offers assessments of several flashpoints that seem drawn from wording used by the last administration. For instance, it says that if North Korea and Iran abandon their nuclear programs, ?they will be able to proceed on a path to greater political and economic integration with the international community? but if not, ?we will pursue multiple means to increase their isolation.? It calls on China to take on ?a responsible leadership role? and vows to ?monitor China?s military modernization program and prepare accordingly? while saying that disagreements on human rights ?should not prevent cooperation on issues of mutual interest.? It lays out a vision of a ?stable, substantive, multidimensional relationship with Russia? but promises to ?promote the rule of law, accountable government and universal values? within Russia and ?support the sovereignty and territorial integrity of Russia?s neighbors.? And it reaffirms that the United States is ?building a strategic partnership? with India and that ?we welcome Brazil?s leadership.? The bottom line, argued Ms. Rice, is that the security of the United States is inextricably linked to that of people everywhere. ?By necessity, we need to build to the greatest extent possible cooperative relationships not only with traditional allies but with new allies,? she said. In a speech on Wednesday previewing the strategy, John Brennan, the president?s homeland security and counterterrorism adviser, said it offers a sharper definition of America?s struggle with radicalism. ?Our enemy is not terrorism because terrorism is but a tactic,? he said at the Center for Strategic and International Studies, a research organization in Washington. ?Our enemy is not terror because terror is a state of mind and, as Americans, we refuse to live in fear.? He also rejected the terms jihad, holy war or Islamists because ?there is nothing holy or legitimate or Islamic about murdering innocent men, women and children.? Instead, he said, ?our enemy is Al Qaeda and its terrorist affiliates.? Mr. Brennan noted the spate of attacks and attempted attacks lately inside the United States, some by American citizens or legal residents. ?This is a new phase to the terrorist threat, no longer limited to coordinated, sophisticated 9/11 style attacks but expanding to single individuals attempting to carry out relatively unsophisticated attacks,? he said. ?As our enemy adapts and evolves their tactics, so must we constantly adapt and evolve ours, not in a mad rush driven by fear, but in a thoughtful and reasoned way.? Neil MacFarquhar contributed reporting from the United Nations. From rforno at infowarrior.org Thu May 27 17:30:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 May 2010 18:30:13 -0400 Subject: [Infowarrior] - Bhalotra to the White House Message-ID: Bhalotra to the White House BY ADAM ROSS 05/27/10 09:20 am ET http://cybersecurityreport.nextgov.com/2010/05/bhalotra_named_deputy_cyber_coordinator.php White House Cybersecurity Coordinator Howard Schmidt is expected to name Sameer Bhalotra his deputy cybersecurity coordinator soon. According to sources, Bhalotra, a professional staffer at the U.S. Senate, sent out notes last night informing people of his move to the White House. Bhalotra has gained deep respect within the ranks of cybersecurity circles as a strong cyber advisor. "It's a shame to see Sameer leave the Hill and SSCI, but this is a real coup for Howard Schmidt," said James Lewis, a cybersecurity expert and senior fellow at the Washington-based Center for Strategic and International Studies. Bhalotra has conducted deeply classified work and worked extensively on the Senate cyber budget. As the key cyber staffer on the Senate Intelligence Committee since 2007, he's been responsible for the entire cyber budget for the last several years. He also was a member of the Commission on the Cybersecurity for the 44th Presidency. Perhaps more importantly, he's well trusted in Congress, and sources say Republicans and Democrats alike are big fans. Adding Bhalotra to Schmidt's team is enough reason for Congress to make the White House Network Operations Center (NOC) a permanent federal office, according to SANS' Director of Research Alan Paller. A bill from Rep. Diane E. Watson, D-Calif., introduced in March, would do to just that, and other legislative attempts to update FISMA also are expected to propose similar measures. "He is probably the most technically tuned-in staff member on the Hill," said Paller. "He's an innovator and a team builder and a mentor to many others on the Hill where he headed the Senate's cyber staff caucus." It was rumored back in December of 2009 that Bhalotra would be making the move to the White House, but a decision hadn't been made at the time. According to his bio, Bhalotra received an undergraduate degree in physics and chemistry from Harvard University and a doctorate in applied physics from Stanford University. "This is a great move for the Administration," said Karen Evans, former administrator for e-government and IT at the Office of Management and Budget. "Sameer brings an in-depth understanding of the issues facing the nation complemented with his Hill experience." Adam Ross is managing editor at the SANS Institute and wrote, edited, and Web produced for The Washington Post's opinions and politics sections, online and in print. You can reach him at aross at nextgov.com. From rforno at infowarrior.org Thu May 27 18:01:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 27 May 2010 19:01:00 -0400 Subject: [Infowarrior] - =?windows-1252?q?Blizzard=3A_DRM_is_a_waste_of_ev?= =?windows-1252?q?eryone=92s_time?= Message-ID: <0CF6987D-189C-46D3-A8D2-EFAD98DC2B36@infowarrior.org> Blizzard: DRM is a waste of everyone?s time by Nicholas Deleon on May 27, 2010 http://www.crunchgear.com/2010/05/27/blizzard-drm-is-a-waste-of-everyones-time/ ?We need our development teams focused on content and cool features, not anti-piracy technology.? Thank you, finally! See, Blizzard gets it. The company?s co-founder, Frank Pearce, recently told the good folks at Video Gamer that he thinks the fight against DRM is misguided. Not that he supports end-users going around torrenting his games till the end of time, but that the way to ?beat? piracy is to embrace gamers and treat them like complete jerks. Part of the process is the new Battle.net, which launches with StarCraft II. Its DRM is rather simple: a one-time online activation. After that, you can play online or off without having to worry about Blizzard?s mommy-state servers keeping tabs on your authentication status. No, Blizzard isn?t the only company whose DRM works like that, but it does highlight the idea that, ?Oh, well, all the top publishers see piracy as a huge, catastrophic issue, so clearly we need to implement ridiculous DRM policies.? Pearce also called DRM a ?losing battle.? By that he means what we?ve been saying forever: no matter how robust your DRM is, it will be cracked. It is a complete waste of resources (time, money, sandwiches, etc.) developing trying to outfox crackers. (These crackers, most of the time, aren?t even interested in pirating the game, but merely seeing if they?re ?hacking? skills are as sharp as possible. That people can then pirate these games is but a nasty side effect.) There?s too many of them out there to develop a truly hack-proof system. So, spend those resources making sure your game isn?t a pile of dross! Maybe then it?ll sell? Sigh, if only other PC publishers would follow Blizzard?s lead here? From rforno at infowarrior.org Fri May 28 08:22:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 May 2010 09:22:39 -0400 Subject: [Infowarrior] - QOTD and article ... DOD considers shielding private networks Message-ID: <09834172-E687-4649-B7BC-74A0E7DC6E10@infowarrior.org> ZMG, we're back to the 'wild west' analogy to describe the Internet. How very 1996. -rick (c/o DS) Dumbest line in the article: "likened the decision to opt out to remaining 'in the wild, wild west of unprotected Internet.'" Absurd. http://gcn.com/articles/2010/05/27/strategic-command-einstein-cybersecurity.aspx?s=gcndaily_280510 DOD considers shielding private networks Deputy defense secretary talks Einstein for private business ?By Amber Corrin ?May 27, 2010 As the risk of an attack on the nation's critical infrastructure increases with the rising cyber threat, the Defense Department could take on a bigger role in protecting the computer networks of private industry, according to a top DOD official. To support such a move, a task force comprising industry and government information technology and defense interests, which deputy defense secretary William Lynne III termed an ?enduring security framework,? has been forged to examine issues surrounding critical infrastructure network security. ?In terms of protecting the nation?s security?it?s the vulnerability of certain critical infrastructure ? power, transportation, finance,? that is the target of these cybersecurity efforts, Lynne said. One possibility Lynne discussed, speaking with a small group of reporters at the U.S. Strategic Command Cyber Symposium on May 26 in Omaha, Neb., is the development and deployment of Einstein 2 and 3 for civilian networks. The intrusion detection and prevention systems are being developed by the Homeland Security Department for use on government computer networks. Einstein 2 is in place in at least 11 of the 21 government agencies that police their own networks the other 89 federal agencies will go through one of four major technology contractors for the Einstein monitoring, according to the Associated Press. Einstein 3 is in a trial phase. Lynne said that, in theory, participation in the protection would be voluntary and private sector organizations could opt in ? though likened the decision to opt out to remaining ?in the wild, wild west of unprotected Internet.? That wild frontier of unprotected Internet is becoming increasingly dangerous, according to Lynne and Air Force Gen. Kevin Chilton, STRATCOM commander. ?The Internet doesn?t respect sovereignty,? Lynne said. ?The cyber threat doesn?t track well with the history of traditional military power. We can?t predict where the threat will come from.? Chilton noted that the increase of cyber crime requires a response cultivated by the cooperation of government and industry, and also international partners. ?To be successful in cyberspace we need to be ambidextrous. We need all hands.? The response to cyber threats is complicated by rules of engagement that are still being negotiated. ?Are they right? That?s what we?re examining,? Chilton said. From rforno at infowarrior.org Fri May 28 19:06:46 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 May 2010 20:06:46 -0400 Subject: [Infowarrior] - Navy considers Wii, DDR for boot camp Message-ID: <0EA74B3F-885B-450A-BF21-58376DB72F04@infowarrior.org> US Navy considering fitness video games for boot camp by Andrew Yoon { May 26th 2010 at 4:00AM } Kubrick's Full Metal Jacket effectively scared an entire generation away from boot camp. However, a new tactic being considered by the US Navy may completely change our perception of boot camp: video games. In the latest issue of Navy Times, Navy Surgeon General Vice Admiral Adam Robinson (he does sound important) suggested that games like Wii Fit and Dance Dance Revolution could help "newcomers to the military service build up the endurance they need to get in shape safely." According to the report, today's recruit requires much more work to get into "fighting shape" than in the past. With America's youth becoming increasingly sedentary, the US Navy has observed an increasing number of injuries suffered during boot camp. Recruits are "not used to the amount of standing and running that comes in recruit training," the report indicates. Games would theoretically provide a more approachable, familiar solution for physical activity. However, don't expect games to completely replace current recruit training techniques. The US Navy is simply looking into the possibility of augmenting its current regimen with fitness games. Additionally, there's no timetable in place for when games would be introduced into the military. Still, we're eager to see if the boot camps of the future will look less like the one in Kubrick's war movie and more like ... this. http://www.joystiq.com/2010/05/26/us-navy-considering-fitness-video-games-for-boot-camp/ From rforno at infowarrior.org Fri May 28 22:50:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 28 May 2010 23:50:22 -0400 Subject: [Infowarrior] - Nature: Airport security: Intent to deceive? Message-ID: Published online 26 May 2010 | Nature 465, 412-415 (2010) | doi:10.1038/465412a News Feature http://www.nature.com/news/2010/100526/full/465412a.html Airport security: Intent to deceive? Can the science of deception detection help to catch terrorists? Sharon Weinberger takes a close look at the evidence for it. Sharon Weinberger Download a PDF of this story. In August 2009, Nicholas George, a 22-year-old student at Pomona College in Claremont, California, was going through a checkpoint at Philadelphia International Airport when he was pulled aside for questioning. As the Transportation Security Administration (TSA) employees searched his hand luggage, they chatted with him about innocuous subjects, such as whether he'd watched a recent game. Inside George's bag, however, the screeners found flash cards with Arabic words ? he was studying Arabic at Pomona ? and a book they considered to be critical of US foreign policy. That led to more questioning, this time by a TSA supervisor, about George's views on the terrorist attacks on 11 September 2001. Eventually, and seemingly without cause, he was handcuffed by Philadelphia police, detained for four hours, and questioned by Federal Bureau of Investigation agents before being released without charge. George had been singled out by behaviour-detection officers: TSA screeners trained to pick out suspicious or anomalous behaviour in passengers. There are about 3,000 of these officers working at some 161 airports across the United States, all part of a four-year-old programme called Screening Passengers by Observation Technique (SPOT), which is designed to identify people who could pose a threat to airline passengers. It remains unclear what the officers found anomalous about George's behaviour, and why he was detained. The TSA's parent agency, the Department of Homeland Security (DHS), has declined to comment on his case because it is the subject of a federal lawsuit that was filed on George's behalf in February by the American Civil Liberties Union. But the incident has brought renewed attention to a burgeoning controversy: is it possible to know whether people are being deceptive, or planning hostile acts, just by observing them? Some people seem to think so. At London's Heathrow Airport, for example, the UK government is deploying behaviour-detection officers in a trial modelled in part on SPOT. And in the United States, the DHS is pursuing a programme that would use sensors to look at nonverbal behaviours, and thereby spot terrorists as they walk through a corridor. The US Department of Defense and intelligence agencies have expressed interest in similar ideas. Yet a growing number of researchers are dubious ? not just about the projects themselves, but about the science on which they are based. "Simply put, people (including professional lie-catchers with extensive experience of assessing veracity) would achieve similar hit rates if they flipped a coin," noted a 2007 report1 from a committee of credibility-assessment experts who reviewed research on portal screening. "No scientific evidence exists to support the detection or inference of future behaviour, including intent," declares a 2008 report prepared by the JASON defence advisory group. And the TSA had no business deploying SPOT across the nation's airports "without first validating the scientific basis for identifying suspicious passengers in an airport environment", stated a two-year review of the programme released on 20 May by the Government Accountability Office (GAO), the investigative arm of the US Congress. In response to such concerns, the TSA has commissioned an independent study that it hopes will produce evidence to show that SPOT works, and the DHS is promising rigorous peer review of its technology programme. For critics, however, this is too little, too late. The writing's on the face Most credibility-assessment researchers agree that humans are demonstrably poor at face-to-face lie detection. SPOT traces its intellectual roots to the small group of researchers who disagree ? perhaps the most notable being Paul Ekman, now an emeritus professor of psychology at the University of California Medical School in San Francisco. In the 1970s, Ekman co-developed the 'facial action coding system' for analysing human facial expressions, and has since turned it into a methodology for teaching people how to link those expressions to a variety of hidden emotions, including an intent to deceive. He puts particular emphasis on 'microfacial' expressions such as a tensing of the lips or the raising of the brow ? movements that might last just a fraction of a second, but which might represent attempts to hide a subject's true feelings. Ekman claims that a properly trained observer using these facial cues alone can detect deception with 70% accuracy ? and can raise that figure to almost 100% accuracy by also taking into account gestures and body movements. Ekman says he has taught about one thousand TSA screeners and continues to consult on the programme. Ekman's work has brought him cultural acclaim, ranging from a profile in bestselling book Blink ? by Malcolm Gladwell, a staff writer for The New Yorker magazine ? to a fictionalized TV show based on his work, called Lie to Me. But scientists have generally given him a chillier reception. His critics argue that most of his peer-reviewed studies on microexpressions were published decades ago, and much of his more recent writing on the subject has not been peer reviewed. Ekman maintains that this publishing strategy is deliberate ? that he no longer publishes all of the details of his work in the peer-reviewed literature because, he says, those papers are closely followed by scientists in countries such as Syria, Iran and China, which the United States views as a potential threat. The data that Ekman has made available have not persuaded Charles Honts, a psychologist at Boise State University in Idaho who is an expert in the polygraph or 'lie detector'. Although he was trained on Ekman's coding system in the 1980s, Honts says, he has been unable to replicate Ekman's results on facial coding. David Raskin, a professor emeritus of psychology at the University of Utah in Salt Lake City, says he has had similar problems replicating Ekman's findings. "I have yet to see a comprehensive evaluation" of Ekman's work, he says. Ekman counters that a big part of the replication problem is that polygraph experts, such as Honts and Raskin, don't follow the right protocol. "One of the things I teach is never ask a question that can be answered yes or no," Ekman says. "In a polygraph, that's the way you must ask questions." Raskin and Honts disagree with Ekman's criticism, saying that Ekman himself provided the materials and training in the facial-coding technique. Yet another objection to Ekman's theory of deception detection is his idea of people who are naturally gifted at reading facial expressions. These "wizards", Ekman argues, are proof that humans have the capability to spot deception, and that by studying those abilities, others can be taught to look for the same cues. But in a critique4 of Ekman's work, Charles Bond, a psychologist retired from Texas Christian University in Forth Worth, argues that Ekman's wizard theory has a number of flaws ? perhaps the most crucial being that the most successful individuals were drawn out of a sample pool in the thousands. Rather than proving these people are human lie detectors, Bond maintains, the wizardry was merely due to random chance. "If enough people play the lottery, someone wins," says Bond. ?Linking displays of emotion to deception is a leap of gargantuan dimensions.? Ekman says that Bond's criticism is a "ridiculous quibble" and that the statistics speak for themselves. The wizards' scores were based on three different tests, he says, making it impossible to assign their high success rate to chance. Bond replies that he took the three tests into account, and that doing so doesn't change his conclusion. Leap of logic But there is yet another problem, says Honts. Ekman's findings are "incongruent with all the rest of the data on detecting deception from observation". The human face very obviously displays emotion, says Maria Hartwig, a psychology professor at the City University of New York's John Jay College of Criminal Justice. But linking those displays to deception is "a leap of gargantuan dimensions not supported by scientific evidence", she says. This point is disputed by one of Ekman's collaborators, Mark Frank, a psychologist at the University at Buffalo in New York. Although Frank acknowledges that many peer-reviewed studies seem to show that people are not better than chance when it comes to picking up signs of deception, he argues that much of the research is skewed because it disproportionately involves young college students as test subjects, as opposed to police officers and others who might be older, more motivated and more experienced in detecting lies. Moreover, he says, when law-enforcement officials are tested, the stakes are often too low, and thus don't mimic a real-world setting. "I think a lot of the published material is still important, good work about human nature," says Frank. "But if you want to look at the total literature, and say, let's go apply it to counter-terrorism, it's a huge mistake." A confounding problem is that the methodology used in SPOT, which is only partially based on Ekman's work, has never been subjected to controlled scientific tests. Nor is there much agreement as to what a fair test should entail. Controlled tests of deception detection typically involve people posing as would-be terrorists and attempting to make it through airport security. Yet Ekman calls this approach "totally bogus", because those playing the parts of 'terrorists' don't face the same stakes as a real terrorist ? and so are unlikely to show the same emotions. "I'm on the record opposed to that sort of testing," he says. But without such data, how is anyone supposed to evaluate SPOT ? or its training programmes? Those programmes are "not in the public scientific domain", says Bella DePaulo, a social psychologist at the University of California, Santa Barbara. "As a scientist, I want to see peer-reviewed journal articles, so I can look at procedures and data and know what the training procedures involve, and what the results do show." Carl Maccario, a TSA analyst who helped to create SPOT, defends the science of the programme, saying that the agency has drawn on a number of scientists who study behavioural cues. One he mentions is David Givens, director of the nonprofit Center for Nonverbal Studies in Spokane, Washington. Givens published a number of scholarly articles on nonverbal communications in the 1970s and 1980s, although by his own account he is no longer involved in academic research. His more recent publications include books such as Your Body at Work: A Guide to Sight-Reading the Body Language of Business, Bosses, and Boardrooms (2010). But Givens says that he has no idea which nonverbal indicators have been selected by the TSA for use in SPOT, nor has he ever been asked by the TSA to review their choices. In the absence of testing, Maccario points to anecdotal incidents, such as the 2008 case of Kevin Brown, a Jamaican national who was picked out by behaviour-detection officers at Orlando International Airport in Florida and arrested with what they took to be the makings of a pipe bomb. Witnesses said that Brown was rocking back and forth and acting strangely, so it is hard to say whether specialized training was needed to spot his unusual behaviour. In any case, Brown successfully claimed that the 'pipe bomb' materials were actually fuel bottles, pleaded guilty to bringing a flammable substance onto an aircraft, and was released on three years' probation. Arrest record The TSA does track statistics. From the SPOT programme's first phase, from January 2006 through to November 2009, according to the agency, behaviour-detection officers referred more than 232,000 people for secondary screening, which involves closer inspection of bags and testing for explosives. The agency notes that the vast majority of those subjected to that extra inspection continued on their travels with no further delays. But 1,710 were arrested, which the TSA cites as evidence for the programme's effectiveness. Critics, however, note that these statistics mean that fewer than 1% of the referrals actually lead to an arrest, and those arrests are overwhelmingly for criminal activities, such as outstanding warrants, completely unrelated to terrorism. According to the GAO, TSA officials are unsure whether "the SPOT program has ever resulted in the arrest of anyone who is a terrorist, or who was planning to engage in terrorist-related activity". The TSA has hired an independent contractor to assess SPOT. Ekman says he has been apprised of the initial findings, and that they look promising. But the results aren't expected until next year. "It'll be monumental either way," says Maccario. SPOT was in its first full year of operation when the DHS science and technology directorate began to look at ways to move people through the screening points faster. One was Future Attribute Screening Technology (FAST), which is now being funded at around US$10 million a year. The idea is to have passengers walk through a portal as sensors remotely monitor their vital signs for 'malintent': a neologism meaning the intent or desire to cause harm. Cameras (above) and sensors (inset) can measure subtle physiological changes to eye movement, pupil dilation, heart rate and respiration, among other things.JANE SHAUCK PHOTOGRAPHY/WWW.PHOTOJANE/DHS FAST operates on much the same physical principle as the century-old polygraph, which seeks to reveal lies by measuring psychophysiological responses such as respiration, cardiac rate and electrical resistance of the skin while a subject is being asked a series of questions. The FAST portal would also look at visual signals such as blink rate and body movement ? and would give up the polygraph's contact sensors in favour of stand-off sensors such as thermal cameras, which can measure subtle changes in facial temperature, and BioLIDAR, a laser radar that can measure heart rate and respiration. Most of the FAST work, particularly the sensors, is contracted out to the Charles Stark Draper Laboratory, an independent, not-for-profit, research centre in Cambridge, Massachusetts, which has the goal of producing a prototype portal next year. The project is then scheduled to enter a second phase that will remove the questioning process altogether and instead try to induce a response in the subjects by using various stimuli such as sounds or pictures, possibly of a known terrorist. "In the laboratory now, we have a success detection rate [percentage] of malintent or not malintent, in the mid-70s," says Robert Burns, the DHS programme manager for FAST. "That's significantly better than chance or what the trained people can do." Robert Burns explaining the Future Attribute Screening Technology, which measures nonverbal cues.JANE SHAUCK PHOTOGRAPHY/WWW.PHOTOJANE/DHS Those results have not yet been published, but Burns says that the FAST programme sets great store on peer review and publication, and that three papers are currently in the process of review. But FAST's critics maintain that the malintent theory and FAST both suffer from some of the same scientific flaws as SPOT. Flying is stressful: people worry about missing flights, they fight with their spouses and they worry about terrorism. All of these stresses heighten the emotions that would be monitored by the FAST sensors, but may have nothing to do with deception, let alone malintent. "To say that the observation is due to intent to do something wrong, illegal or cause harm, is leaping at the Moon," says Raskin. The malintent theory underlying FAST is the creation of Daniel Martin, who is the director of research for FAST, and his wife, Jennifer Martin. Both are psychologists, and Daniel Martin, who is on the faculty of Yale University in New Haven, Connecticut, has in the past focused primarily on the area of substance abuse. Daniel Martin says that at the time he and his wife developed the malintent theory, "there was minimal published work available that specifically tested whether physiological, behavioural, and paralinguistic cues could detect malintent in a realistic applied research study". He says that they have had to develop their own laboratory protocols to carry out those tests. Martin and his colleagues have just published what they say is the first peer-reviewed study to look specifically at the links between psychophysiological indicators and intent. The study5 looks at 40 native Arabic-speaking men and finds a connection between intent to deceive and a heart-rate variation known as respiratory sinus arrhythmia. ?We are pursuing the answer, we're not sure yet. We have years yet to go.? "I have not come out and said, 'We have found the answer'," Martin adds. "We are pursuing the answer, we're not sure yet. We have years yet to go." The lack of answers has not stopped aviation-security programmes from moving forwards with deception detection. Maccario points to the UK pilot scheme, now in its first year at Heathrow Airport. He says that the programme, like SPOT, uses specially trained behaviour-detection officers, and "their initial results are very successful". Earlier this year, the US Intelligence Advanced Research Projects Activity announced its own plans to study "defining, understanding, and ultimately detecting valid, reliable signatures of trust in humans". And about two years ago, the Pentagon asked JASON to look at the field. "As we dug in, we found it was very hard to subject the research to the kinds of standard we're used to in the physical sciences," says JASON head Roy Schwitters, a physics professor at the University of Texas at Austin. In fact, the executive summary of the JASON report, The Quest for Truth: Deception and Intent Detection, which was provided to Nature by the Pentagon, criticizes many of the allegedly successful results from deception-detection techniques as being post-hoc identifications. One problem, the study found, was that the reported success rates often included drug smugglers, warrant violators and other criminals, not covert combatants or suicide bombers who might not have the same motivations or emotional responses. Sallie Keller, dean of engineering at Rice University in Houston, Texas, and the head of the JASON study, said that it seemed that those involved in the field were trying to get their work peer reviewed. But doing research ? even if it is properly peer reviewed ? doesn't mean the technology is ready to be used in an airport. "The scientific community thinks that it is extremely important to go through the process of scientific verification, before rolling something out as a practice that people trust," she says. ADVERTISEMENT Researchers involved in the field suggest a number of research avenues that could be more fruitful for counter-terrorism. Aldert Vrij, a social psychologist at the University of Portsmouth, UK, says that structured interviews may offer the best credibility-assessment research. Nonverbal cues might play a part in this process, he says, but you need to actively interview a person. For example, his work shows that subjects were able to give more reasons for supporting an opinion that they believed than if they were acting as a devil's advocate and feigning support6. He suggests that such an approach could have helped to determine the beliefs of the Jordanian suicide bomber who killed seven CIA employees in Afghanistan after being taken into their confidence. Although Israeli aviation security uses interview-intensive screening, it's not clear how practical such an interview method would be at busy airport checkpoints, which have to screen hundreds or thousands of passengers every hour. The guards would still need some way to choose who to interview, or no one would ever get on a plane. This is the seductive appeal of programmes such as SPOT and FAST. But, to Honts, the decade since the 11 September attacks has been one of lost opportunity. Calling SPOT an "abject failure", he says that the government would have done better to invest first in basic science, experimentally establishing how people with malintent think and respond during screenings. That work, in turn, could have laid a more solid foundation for effective detection methods. Granted, Honts says, that measured approach would have been slow, but it would have been a better investment than rushing to build hardware first, or implementing programmes before they have been tested. "We spent all this time, and all this money," he says, "and nothing has been accomplished." Sharon Weinberger is a freelance reporter based in Washington DC. ? References ? Hontz, C. R., Hartwig, M., Kleinman, S. M. & Meissner, C. A. Credibility Assessment at Portals, Portals Committee Report (2009). ? Ekman, P. & O'Sullivan, M. Am. Psychol. 46, 913-920 (1991). | Article | PubMed | ISI | ChemPort | ? Ekman, P., O'Sullivan, M. & Frank, M. G. Psychol. Sci. 10, 263-266 (1999). | Article ? Bond, C. Appl. Cognit. Psychol. 22, 1298-1300 (2008). | Article ? Aikins, D. E., Martin, D. J. & Morgan, C. A. III. Psychophysiology doi:10.1111/j.1469-8986.2010.00976.x (2010). ? Leal, S., Vrij, A., Mann, S. & Fisher, R. P. Acta Psychol. doi:10.1016/j.actpsy.2010.03.005 (2010). From rforno at infowarrior.org Sat May 29 10:06:41 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 May 2010 11:06:41 -0400 Subject: [Infowarrior] - OpEd: The cybersecurity changes we need Message-ID: The cybersecurity changes we need By Jack Goldsmith and Melissa Hathaway Saturday, May 29, 2010; A19 http://www.washingtonpost.com/wp-dyn/content/article/2010/05/28/AR2010052803698_pf.html The news is filled with scary stories about the insecurity of the computer and telecommunication systems on which our nation's prosperity depends: malicious software planted in electricity-grid computers; rampant state-sponsored and criminal cyber-espionage and theft; and the possibility of cyberattacks on banking and transportation systems. Exactly one year ago, President Obama declared our "digital infrastructure" to be a "national security asset" and pledged to make it "secure, trustworthy and resilient." His administration has made little progress toward this goal, however, largely because cybersecurity is seen as a tax on short-term economic growth. Digital progress brings many benefits, but our ever-deeper dependence on ever more complex computer systems also brings excessive security vulnerabilities. The sources of these vulnerabilities include software with too many bugs; the use of commercial off-the-shelf software produced in a global supply chain in which malicious code can be embedded by stealth; inadequate cooperation about security threats and effective security practices among firms and between firms and government; and computer malfeasance by botnets (large clusters of zombie computers, controlled by third parties, that can be used for cyberattacks). Well more than a dozen executive branch and National Research Council reports over the past two decades attest to the fact that the government has long known about these and other causes of cyber-insecurity. But it has failed to take adequate steps to fix them because doing so is seen as a drag on innovation and profits. Imposing liability on manufacturers will increase software prices for consumers and slow software development. So too will demands for supply chain vigilance. Mandating information-sharing is expensive and might jeopardize some corporate secrets. Clamping down on botnets will make Internet access slower and more expensive. The short-term economic gains from increased reliance on computer systems must be balanced against the medium- and longer-term losses from failing to adequately secure these systems. This is what President Obama meant when he said last year that "America's economic prosperity in the 21st century will depend on cybersecurity." Unfortunately, cybersecurity is expensive; its diffuse benefits are hard to see or quantify, and they usually come down the road. For decades, Washington has opted to pursue short-term economic gains from digital progress and to ignore the longer-term costs of not properly securing these systems. This trend has continued under the Obama administration. In March the Federal Communications Commission unveiled an elaborate National Broadband Plan that promises to wire more Americans with much faster Internet connections. The plan acknowledged that more broadband would increase security vulnerabilities and noted that the country "needs a clear strategy for securing the vital communications networks upon which critical infrastructure and public safety communications rely." But it said very little concrete about how to do this and instead asked the FCC to issue a "roadmap to address cybersecurity." The government has issued many such roadmaps over the past two decades. We know what the road toward security looks like; the hard part is getting the government to travel down it. The administration is pushing initiatives for deeper integration of computer systems in other contexts, including the "smart grid," a computerized network that facilitates electricity and information flows between homes and electrical suppliers; computerized health records; and next-generation air-traffic management. In each context it recognizes potential security problems, but it has made only nominal proposals, not consonant with the security threat, to address these issues. Nor has the administration insisted on security standards as firms and the government quickly migrate to a paperless system that stores data and runs computing from the imperceptible "cloud" of computers dotted around the globe. More generally, it has not followed through on the many cybersecurity regulatory proposals outlined in the Cyberspace Policy Review that President Obama endorsed a year ago. The National Security Strategy released Thursday confirms the importance of cybersecurity but breaks no new ground, only mimicking the general themes from last year's review. There is widespread agreement that this long-term trend of grabbing the economic gains from information technology advances and ignoring their security costs has reached a crisis point. Yes, computer security is expensive and can slow growth. But with too little investment in security, the gains from computer integration can be wiped out or reversed. As we progress digitally, we must also adopt and embed sometimes-costly security solutions into our core infrastructures and enterprises and stop playing the game of chance. This approach demands leadership from the White House and Congress that is difficult to muster in hard economic times. The lesson of the past two decades is that the nation will not get serious about cybersecurity until the costs of not doing so are more apparent -- probably after some component of our economy is destroyed by a catastrophic cyber-event. Jack Goldsmith, a professor at Harvard Law School, served as an assistant attorney general in the George W. Bush administration and co-authored "Who Controls the Internet?" Melissa Hathaway, a senior adviser at the Belfer Center of Harvard University's Kennedy School of Government, led President Obama's Cyberspace Policy Review. From rforno at infowarrior.org Sat May 29 11:34:40 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 29 May 2010 12:34:40 -0400 Subject: [Infowarrior] - Memorial Day Message Message-ID: All, Just a quick note of recognition, rememberance, and thanks to those who have served in our Nation's Armed Forces over the years -- and a special nod to those who are serving currently (and their families/friends), including those forward deployed in harm's way; my best wishes to you and your troops for a safe deployment and speedy, healthy return home! Stay Safe, Rick Forno -infowarrior.org From rforno at infowarrior.org Sun May 30 09:25:50 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 May 2010 10:25:50 -0400 Subject: [Infowarrior] - Keillor: When everyone's a writer, no one is Message-ID: When everyone's a writer, no one is In a world where everything's free on the web, what will happen to publishing May 25, 2010 |By Garrison Keillor http://articles.baltimoresun.com/2010-05-25/news/bs-ed-keillor-writing-20100525_1_mary-pope-osborne-magic-tree-house-books-read/2 In New York the other night, I ran into my daughter's favorite author, Mary Pope Osborne, whose "Magic Tree House" books I've read to the child at night, and a moment later, Scott Turow, who writes legal thrillers that keep people awake all night, and David Remnick, the biographer of President Barack Obama. Bang bang bang, one heavyweight after another. Erica Jong, Jeffrey Toobin, Judy Blume. It was a rooftop party in Tribeca that I got invited to via a well-connected pal, wall-to-wall authors and agents and editors and elegant young women in little black dresses, standing, white wine in hand, looking out across the Hudson at the lights of Hoboken and Jersey City, eating shrimp and scallops and spanikopita on toothpicks, all talking at once the way New Yorkers do. I grew up on the windswept plains with my nose in a book, so I am awestruck in the presence of book people, even though I have written a couple books myself. These are anti-elitist times, when mobs are calling for the downfall of pointy-head intellectuals who dare tell decent people what to think, but I admire the elite. I'm not one of them ? I'm a deadline writer, my car has 150,000 miles on it ? but I'm sorry about their downfall. And this book party in Tribeca feels like a Historic Moment, like a 1982 convention of typewriter salesmen or the hunting party of Kaiser Wilhelm II with his coterie of plumed barons in the fall of 1913 before the Great War sent their world spinning off the precipice. Call me a pessimist, call me Ishmael, but I think that book publishing is about to slide into the sea. We live in a literate time, and our children are writing up a storm, often combining letters and numerals (U R 2 1derful), blogging like crazy, reading for hours off their little screens, surfing around from Henry James to Jesse James to the epistle of James to pajamas to Obama to Alabama to Alanon to non-sequiturs, sequins, penguins, penal institutions, and it's all free, and you read freely, you're not committed to anything the way you are when you shell out $30 for a book, you're like a hummingbird in an endless meadow of flowers. And if you want to write, you just write and publish yourself. No need to ask permission, just open a website. And if you want to write a book, you just write it, send it to Lulu.com or BookSurge at Amazon or PubIt or ExLibris and you've got yourself an e-book. No problem. And that is the future of publishing: 18 million authors in America, each with an average of 14 readers, eight of whom are blood relatives. Average annual earnings: $1.75. Back in the day, we became writers through the laying on of hands. Some teacher who we worshipped touched our shoulder, and this benediction saw us through a hundred defeats. And then an editor smiled on us and wrote us a check, and our babies got shoes. But in the New Era, writers will be self-anointed. No passing of the torch. Just sit down and write the book. And The New York Times, the great brand name of publishing, whose imprimatur you covet for your book ("brilliantly lyrical, edgy, suffused with light" ? NY Times) will vanish (Poof!). And editors will vanish. The upside of self-publishing is that you can write whatever you wish, utter freedom, and that also is the downside. You can write whatever you wish, and everyone in the world can exercise their right to read the first three sentences and delete the rest. Self-publishing will destroy the aura of martyrdom that writers have enjoyed for centuries. Tortured geniuses, rejected by publishers, etc., etc. If you publish yourself, this doesn't work anymore, alas. Children, I am an author who used to type a book manuscript on a manual typewriter. Yes, I did. And mailed it to a New York publisher in a big manila envelope with actual postage stamps on it. And kept a carbon copy for myself. I waited for a month or so and then got an acceptance letter in the mail. It was typed on paper. They offered to pay me a large sum of money. I read it over and over and ran up and down the rows of corn whooping. It was beautiful, the Old Era. I'm sorry you missed it. Garrison Keillor's column appears regularly in The Baltimore Sun. His e-mail is old scout at prairiehome.org. From rforno at infowarrior.org Sun May 30 09:49:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 30 May 2010 10:49:02 -0400 Subject: [Infowarrior] - The Density of Smart People Message-ID: (c/o several people) The Density of Smart People May 28 2010, 11:15 AM ET | Comment Clusters of smart people of the highly educated sort that economists refer to as "human capital" are the key engine of economic growth and development. Jane Jacobs argued that the clustering of talented and energetic in cities is the fundamental driving force of economic development. In a classic essay, "On the Mechanics of Economic Development," the Nobel prize-winning, University of Chicago economist Robert Lucas formalized Jacobs' insights and argued that human capital, or what can be called Jane Jacobs externalities, are indeed the key factor in economic growth and development. Still, the standard way economists measure human capital is to take the percentage of people in a country, state, or metropolitan area with a bachelor's degree or higher most scholars measure human capital in terms of population. So I was intrigued by this fascinating analysis by Rob Pitingolo (h/t: Don Peck) which looks at the density of human capital. Pitingolo put together a neat measure that he refers to as "educational attainment density." Instead of measuring human capital or college degree holders as a function of population, he measures it as a function of land area -- that is, as college degree holders per square mile. As he explains ... < -- > http://www.theatlantic.com/business/archive/2010/05/the-density-of-smart-people/57384/ From rforno at infowarrior.org Mon May 31 09:56:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 May 2010 10:56:33 -0400 Subject: [Infowarrior] - Entertainment industry fails to grasp downloaders' needs Message-ID: Entertainment industry fails to grasp downloaders' needs Analysis Prefers to milk the diminishing masses instead By Lawrence Latif Mon May 31 2010, 02:05 http://www.theinquirer.net/inquirer/feature/1651123/entertainment-industry-fails-grasp-downloaders THE MEDIA MAFIAA has seemingly missed the boat with its latest attempt to curb distribution of TV shows across the Internet. According to Torrentfreak, the finale of Lost broke previous Bittorrent download records despite being available in 59 countries within 48 hours of initial airplay. This lays to waste one of the points put forward by downloaders to justify hitting alternative sources to acquire television shows. Assuming the site, which failed to disclose how it reached the figure of 900,000 downloads over a 20 hour period, is not embellishing its figures, it paints an impressive account of Bittorrent as a content distribution network. It also shows that the media firms should reconsider what it is that leads users to spend time and money to download content. However the figures could merely serve to affirm the blinkered view of media executives who think of downloaders as punks and nothing more. They don't consider that those who download shows go to far greater trouble than those who prefer to slump in front of the telly and channel surf once the adverts are on. Downloaders are people who go out of their way to watch shows, that is, to get what the media cartels want to sell and who, in any other industry would be treated as the most loyal customers. Think about it. So if it isn't the lag in global transmission of TV shows that motivates downloaders, what causes people to hit Bittorrent and Usenet servers to acquire the shows? Simply, downloading TV shows offers a better playback experience, and it isn't just due to the lack of advertising breaks. Having adverts in a show isn't the problem. When tastefully done, such as on Hulu, the majority of viewers are perfectly willing to have a couple of minutes per half hour devoted to adverts, particularly if they are entertaining. No, the problem is something far more fundamental - sound and picture quality. With high definition televisions almost reaching ubiquity, having to pay a considerable extra fee just to see a high quality version of a show is not on. At this stage of maturity, the term 'high definition' should be resigned to the dustbin, with the resolutions of 720p and 1080p deemed as standard. But of course that won't allow Sky and Virgin to milk consumers for every last penny. Blaming show producers and channels isn't completely fair either. One doubts that a TV producer who actually cares about the viewers' experience can bear to stand for the levels of stream compression that television channels are forced to use. Compression occurs because existing delivery systems such as Sky charge channels on the amount of bandwidth a stream consumes, much like how Internet service providers charge for bandwidth to servers. For that reason channels have to compress video and audio in order to keep costs manageable. To that end, the file sharing community is far more discerning when it comes to quality, whether it be in video or music sharing. The infamous British music site Oink wasn't, as the ill-informed media reported at the time, all about bringing down the music labels, but rather it was a collection of music lovers who used the site not only to share music from little known artists but also to share high quality recordings. The attention to detail when it came to faithfully producing encoded copies of CDs would have put many commercial sound engineers to shame. Given the popularity of Itunes, its clear that there is more than enough money to be made by selling DRM-free tracks at reasonable prices over the Internet. But what will it take to get those discerning Oink users to come up with their cash? A wide choice of artists, not just from popular genres, and above all high quality, lossless recordings in open formats such as Flac will be necessary. Instead, studios try to peddle substandard quality video and audio in closed formats and expect users to put up with it. Sure enough, the ignorant majority might do just that, but as the figures reported show, there are significant numbers of those who simply want a high quality experience and are being forced to turn to alternative means to get it. Contrary to popular belief among media executives, downloaders are paying for content thanks to the imposition of bandwidth quotas on broadband connections. Lest we forget, downloaders also incur other expenses such as electricity usage and above all, time, which after all is money according to media types. One could even argue that the adverts displayed on tracker sites can be a source of income generation not only for the site owners but also for media companies, if they embrace the millions who clearly are willing to pay money to acquire their content. If the entertainment industry decides to ditch its established greedy principles and grasping tactics then maybe it will realise that its supposed enemies in its so called 'war' on downloaders can actually be its allies. ? From rforno at infowarrior.org Mon May 31 17:20:59 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 May 2010 18:20:59 -0400 Subject: [Infowarrior] - New Yorker on Wikileaks Message-ID: <1D364EC5-D0B1-4057-BE6D-625C4004DC1A@infowarrior.org> (Big article at the URL below) A Reporter at Large Julian Assange?s mission for total transparency. by Raffi Khatchadourian June 7, 2010 http://www.newyorker.com/reporting/2010/06/07/100607fa_fact_khatchadourian?printable=true From rforno at infowarrior.org Mon May 31 22:07:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 31 May 2010 23:07:22 -0400 Subject: [Infowarrior] - Google ditches Windows on security concerns Message-ID: Google ditches Windows on security concerns By David Gelles and Richard Waters in San Francisco Published: May 31 2010 23:26 | Last updated: May 31 2010 23:26 http://www.ft.com/cms/s/2/d2f3f04e-6ccf-11df-91c8-00144feab49a.html Google is phasing out the internal use of Microsoft?s ubiquitous Windows operating system because of security concerns, according to several Google employees. The directive to move to other operating systems began in earnest in January, after Google?s Chinese operations were hacked, and could effectively end the use of Windows at Google, which employs more than 10,000 workers internationally. ?We?re not doing any more Windows. It is a security effort,? said one Google employee. ?Many people have been moved away from [Windows] PCs, mostly towards Mac OS, following the China hacking attacks,? said another. New hires are now given the option of using Apple?s Mac computers or PCs running the Linux operating system. ?Linux is open source and we feel good about it,? said one employee. ?Microsoft we don?t feel so good about.? In early January, some new hires were still being allowed to install Windows on their laptops, but it was not an option for their desktop computers. Google would not comment on its current policy. Windows is known for being more vulnerable to attacks by hackers and more susceptible to computer viruses than other operating systems. Employees wanting to stay on Windows required clearance from ?quite senior levels?, one employee said. ?Getting a new Windows machine now requires CIO approval,? said another employee. In addition to being a semi-formal policy, employees themselves have grown more concerned about security since the China attacks. ?Particularly since the China scare, a lot of people here are using Macs for security,? said one employee. Employees said it was also an effort to run the company on Google?s own products, including its forthcoming Chrome OS, which will compete with Windows. ?A lot of it is an effort to run things on Google product,? the employee said. ?They want to run things on Chrome.? The hacking in China hastened the move. ?Before the security, there was a directive by the company to try to run things on Google products,? said the employee. ?It was a long time coming.? The move created mild discontent among some Google employees, appreciative of the choice in operating systems granted to them - an unusual feature in large companies. But many employees were relieved they could still use Macs and Linux. ?It would have made more people upset if they banned Macs rather than Windows,? he added. Google and Microsoft compete on many fronts, from search, to web-based email, to operating systems. While Google is the clear leader in search, Windows remains the most popular operating system in the world by a large margin, with various versions accounting for more than 80 per cent of installations, according to research firm Net Applications. Copyright The Financial Times Limited 2010. You may share using our article tools. Please don't cut articles from FT.com and redistribute by email or post to the web.