From rforno at infowarrior.org Fri Oct 1 06:20:30 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Oct 2010 07:20:30 -0400 Subject: [Infowarrior] - Cyber-security Hurts Federal Government Productivity, Survey Says Message-ID: This article reminds me that the *only* time in 15 years that I've ever written down passwords was when working on a particular "USG" project. Why? Too damn onerous to remember them all given their "kitchen sink" password requirements....I'd spend more time resetting my password just to log in and check a project schedule website than it took me to read the data I needed to access. So at some point, yes, security in its best intentions can end up causing vulnerabilities, policy violations, or, as the article says, impact productivity. It's a careful balance, but unfortunately the "balance" tends towards the overprotecton side versus the "let's get practical" side. -rick Cyber-security Hurts Federal Government Productivity, Survey Says By: Fahmida Y. Rashid 2010-09-30 http://www.eweek.com/c/a/Security/CyberSecurity-Cutting-Federal-Government-Productivity-Survey-744792/ Officials from 28 federal agencies say cyber-security measures impact productivity by restricting access to information and delaying communications with others, according to a Government Business Council survey. Officials say they often bypass security controls on purpose to get things done. Despite their bosses' insistence on strong cyber-security in government, federal officials find those measures get in the way of doing their jobs, according to the results of a Government Business Council survey released Sept. 30. Federal executives said cyber-security measures impacted "information access, computing functionality and mobility" and reduced their productivity, according to the Cybersecurity in the Federal Government (PDF) survey in May. "Surveyed federal executives believe that cyber-security policies and procedures should be modified to provide more emphasis on the importance of allowing federal managers to achieve their agency's mission," said Bryan Klopack, GBC's director of research. About 62 percent of the respondents said security restrictions prevented them from getting information from certain Websites or using applications related to their jobs. Blocked sites included video sites, messaging services and news sites, according to the survey. Slow computer performance and the inability to access information remotely were other obstacles cited. The agency officials said they sometimes resort to "less secure practices," such as using a non-agency device, in order to get access to the information they need. Over half said they accessed information from home instead of from the office to get around the security controls. Reassuringly, none of them admitted to using someone else's log-in credentials. More than two-thirds of the respondents complained about security scanning tools and other security measures reducing computer performance. They also report that security scanning tools on the network can slow Websites loading, delay e-mail delivery and increase file download times. An official called this a "huge waste of productive time" on the survey. Existing security restrictions slowed down their response times, the officials said; more than a third blamed the security rules for delaying projects and communications within and outside the agency. Despite the 2010 Telework Enhancement Act which promotes working remotely, almost half of the surveyed officials felt the security measures actually limited them to staying within the agency building in order to have access to certain resources and applications. This is in despite of the fact that many of them have an agency-provided laptop and smartphone. Not surprisingly, officials felt security was stronger inside the building than outside the office. Even so, a majority of them said they work remotely regularly, whether from home or out on the road while traveling. President Obama signaled early in his administration that cyber-security in the federal government, especially in communications, and coordination, was a priority. "This status quo is no longer acceptable?not when there's so much at stake. We can and we must do better," he said. Various agencies have responded to Obama's mandate with their own rules. The Pentagon established a Cyber Command to safeguard Department of Defense networks, the Department of Homeland Security regularly conducts large-scale cyber-security drills to test government response in case of a disruption, and the General Services Administration requires the control systems in buildings owned by the Public Building Service to have strong cyber-security measures. The surveyed executives felt access to information was the most important factor to consider when implementing cyber-security policy. They also said response time, agency mission and computing functionality should also be taken into account to improve policies. A total of 162 federal executives from 28 civilian and defense agencies responded to the GBC survey. The agencies included theDepartment of Treasury, United States Postal Service and United States Marine Corps. The executives managed areas that included operations, finance and human resources. From rforno at infowarrior.org Fri Oct 1 08:48:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Oct 2010 09:48:01 -0400 Subject: [Infowarrior] - MoD labels Facebook Places a 'targeting pack' for terrorists Message-ID: MoD labels Facebook Places a 'targeting pack' for terrorists By Chris Williams ? Get more from this author Posted in Applications, 1st October 2010 12:26 GMT http://www.theregister.co.uk/2010/10/01/mod_facebook_places/ Exclusive Security chiefs have cautioned army, navy and RAF personnel to disable Facebook Places, over fears it could be used by terrorists to identify and track targets. The new service could act as a "one stop shop targeting pack", particularly in Northern Ireland, they warn. The Ministry of Defence is concerned about how it could be used by dissident Republican groups to gather intelligence on operations, as well as on the family and friends of personnel. Facebook Places encourages members of the dominant social network to publish their location and was launched in the UK two weeks ago. Users do not necessarily have to actively use the service for their exact location to be widely shared. An MoD advisory document about the potential threat is being circuled to military and civilian personnel in all three forces. It provides step-by-step instructions on how to disable Facebook Places using privacy settings, which it urges, although does not instruct, them to follow. To complete the lockdown, members of the forces must disable four separate data-sharing features. "The main concern relating to the use of the application, is that it may inadvertently compromise the locality of a military user," the document says. "Of significant note, users on operations in Northern Ireland, are potentially putting themselves at risk by drawing attention to their exact whereabouts." The MoD calls on the forces to turn off a feature of Facebook Places called "People here now". Turned on by default, it means that all Facebook users checked in at a given location will be able to see who else is there, if they have checked in. "That way you can meet other people who might share your interests," says Facebook. The MoD offers a more cautious view. "Social networks already provide an extensive open source intelligence gathering tool. This application is almost creating a one stop shop targeting pack, which could potentially be used to target military personnel, family and friends," it says in the advisory, which was written by Whitehall security officials. They also want personnel to ensure that if they do check in, intentionally or by accident, their location will not be visible to anyone. By default it is shared with their friends. Facebook Places allows users to not only publish their own location, but also that of their friends, a feature of the service that most distressed privacy campaigners and has also caused the MoD concern. Although Facebook asks users for their permission the first time a friend tries it, the military are urged to block such requests preemptively. Finally, the advisory document tells users how to stop third-party applications and websites getting access to location data, which by default they can. A spokeswoman for Facebook said it had developed Places with "unprecedented" privacy controls and that it is the safest such service available. The site's description of the service is here. An MoD spokeswoman said: "The MoD provides guidance on how to use social media safely and responsibly. "We have recently provided guidance on the risks of the new Facebook 'Places I Checked Into' application, which provides information on the exact location of Facebook users, and given a step by step guide on how to disable the application where appropriate. Personnel were not instructed to remove the application." The MoD's advisory is here (pdf). ? From rforno at infowarrior.org Fri Oct 1 14:14:40 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Oct 2010 15:14:40 -0400 Subject: [Infowarrior] - Blackberry's Encryption Hacked Message-ID: <46ABAC96-405C-43D6-8576-3612A5D7569F@infowarrior.org> You can no longer rely on encryption to protect a BlackBerry By InfoWorld Tech Watch Created 2010-10-01 03:00AM http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436 Did you think your BlackBerry [1] data was safe because it's encrypted on the phone, over the airwaves, and in its backup form? Think again. Russian software developer ElcomSoft, which, with its Russian competitor AccentSoft, has developed effective password-cracking programs for most common desktop encryption formats, is at it again. Now, it's targeted the BlackBerry with a Phone Password Breaker that was previously limited to Apple mobile devices [2]. Like all password-cracking programs, this is a double-edged sword. On one hand, it can save your bacon if you really need the data backed up from a phone that's been stolen and remotely wiped. On the other hand, cyber criminals who get their hands on your backup now have a way to read encrypted business data. In addition, government agencies that have a good reason to read your data can dig in. According to ElcomSoft CEO Vladimir Katalov: All data transmitted between a BlackBerry Enterprise Server [6] and BlackBerry smartphones is encrypted with a highly secure AES or Triple DES algorithm. Unique private encryption keys are generated in a secure, two-way authenticated environment and are assigned to each BlackBerry smartphone user. Even more, to secure information stored on BlackBerry smartphones, password authentication can be made mandatory through the policies of a BlackBerry Enterprise Server (default, password authentication is limited to ten attempts, after which the smartphone's wiped clean with all its contents erased). Local encryption of all data, including messages, address book and calendar entries, memos and tasks, is also provided, and can be enforced via the IT policy as well. With the supplied Password Keeper, Advanced Encryption Standard (AES) encryption allows password entries to be stored securely on the smartphone, enabling users to keep their online banking passwords, PIN codes, and financial information handy -- and secure. If that's not enough, system administrators can create and send wireless commands to remotely change BlackBerry device passwords, lock or delete information from lost or stolen BlackBerries. Sounds pretty secure, does it? As always, there is the weakest link. With BlackBerry, the weakest link is its offline backup mechanism. Katalov goes on to explain that backups are good because, well, they are backups. But he also says they are evil because they create a new instance of information that might be private or sensitive. Then he explains the hole in the BlackBerry backup scheme: Backup encryption uses AES with a 256-bit key. So far, so good. An AES key is derived from the user-supplied password, and this is where the problem arises. In short, standard key-derivation function, PBKDF2, is used in a very strange way, to say the least. Where Apple has used 2,000 iterations in iOS 3.x, and 10,000 iterations in iOS 4.x, BlackBerry uses only one. Another significant shortcoming is that it's BlackBerry Desktop Software that encrypts data, not the BlackBerry device itself. This means that the data is passed from the device to the computer in a plain, unencrypted form. Apple devices act differently; the data is encrypted on the device and never leaves it in an unencrypted form. The Apple desktop software (iTunes) acts only as a storage and never encrypts/decrypts backup data. This is quite surprising since the BlackBerry platform is known for its unprecedented security, and we've been expecting BlackBerry backup protection to be at least as secure as Apple's, which turned not to be the case. What does that mean for us? We can run password recovery attacks on BlackBerry backups really fast -- even without GPU acceleration, we can go over millions of passwords per second. That means that it only takes three days to break a seven-letter mixed-case password -- ouch. It takes a little more time if there are numbers and special characters in the password or the password is longer and much less time if the password is all one case, subject to a dictionary attack, or is partially known. Bottom line: If you really need to recover your BlackBerry backup and can't remember your password, there's still hope. At the same time, if you let the backup file out of your control and into the hands of an attacker, you're in deep trouble. Source URL (retrieved on 2010-10-01 11:55AM): http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436 Links: [1] http://www.infoworld.com/t/blackberry [2] http://www.infoworld.com/t/ios [3] http://www.infoworld.com/d/mobilize/mobile-security-your-smartphone-safer-your-pc-now-570?source=fssr [4] http://www.infoworld.com/d/mobilize/blogs?source=fssr [5] http://www.infoworld.com/newsletters/subscribe?showlist=infoworld_mobile_rpt&source=ifwelg_fssr [6] http://www.infoworld.com/d/mobilize/infoworld-review-blackberry-enterprise-server-express-or-deluxe-428 [7] http://www.infoworld.com/t/mobile-device-management/you-can-no-longer-rely-encryption-protect-blackberry-436?source=footer [8] http://www.infoworld.com/?source=footer [9] http://www.infoworld.com/blogs/infoworld-tech-watch?source=footer From rforno at infowarrior.org Fri Oct 1 14:17:34 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Oct 2010 15:17:34 -0400 Subject: [Infowarrior] - Boy Scouts' RIAA badge propaganda Message-ID: <700973FA-B7C1-4CF0-B9CC-F6B0087ABE80@infowarrior.org> Boy Scout Magazine Says Don't Listen To Legally Burned CDs, As They're Too Similar To Piracy http://www.techdirt.com/articles/20100928/23323311207/boy-scout-magazine-says-don-t-listen-to-legally-burned-cds-as-they-re-too-similar-to-piracy.shtml .... where the article goes totally off the rails is in telling parents that their children are too stupid to understand the nuances of copyright law, and because of that, they should take an extreme position: one so extreme that they shouldn't even listen to legally burned CDs: "So how can Scouters teach ethical behavior related to music downloading? One way: Set a good example. When you haul around Scouts in your car, for example, only play CDs that you've purchased. If you play CDs that you've burned--even if they're legal--your Scouts may not recognize the difference between those and the pirated CDs friends have given them." The article also tries to blame musicians who embrace alternative business models for making the situation more confusing: "Part of the problem, [Dr. Tony] Aretz says, lies in the Internet's free-for-all nature, where users get all sorts of content free--even information from newspapers that they would have to pay for in the real world. Bands like Radiohead have further complicated the situation by giving their music away or offering it on a "pay what you want" basis." From rforno at infowarrior.org Sat Oct 2 08:42:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Oct 2010 09:42:48 -0400 Subject: [Infowarrior] - Why Johnny Can't Program: A New Medium Requires A New Literacy Message-ID: <834FBF21-4A1D-4BB0-8500-0EF9190FC92B@infowarrior.org> Why Johnny Can't Program: A New Medium Requires A New Literacy http://www.huffingtonpost.com/douglas-rushkoff/programming-literacy_b_745126.html The whole article is worth reading, but this quote pretty much sums up the fundamental argument regarding Americans and technology education. I've long-argued this will become a problem, and only gets worse in an era where FB, Twitter, and mobile apps are far more enticing to our IT workers than understanding the basics of technology and then finding new ways of using it to push the envelope into the future. In other words, we've become a nation of users and doers, not thinkers or innovators....even within the IT community. --rick "Just last year, while researching a book on America's digital illiteracy, I met with the Air Force General then in charge of America's cybercommand. He said he had plenty of new recruits ready and able to operate drones or other virtual fighting machines - but no one capable of programming them, or even interested in learning how. He wasn't even getting recruits who were ready to begin basic programming classes. Meanwhile, he explained to me, colleges in Russia, China, and even Iran were churning out an order of magnitude more programmers than universities in the US. It is only a matter of time, he said - a generation at most - until our military loses its digital superiority." Full article @ http://www.huffingtonpost.com/douglas-rushkoff/programming-literacy_b_745126.html From rforno at infowarrior.org Sat Oct 2 09:55:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 2 Oct 2010 10:55:03 -0400 Subject: [Infowarrior] - Army DNS ROOT Server Down For 18+ Hours Message-ID: Army DNS ROOT Server Down For 18+ Hours "The H-Root server, operated by the US Army Research Lab, spent 18 hours out of the last 48 being a void. Both the RIPE's DNSMON and the h.root-servers.org site show this. How, in this day and age of network engineering, can we even entertain one of the thirteen root servers being unavailable for so long? I mean, the US army doesn't even seem to make the effort to deploy more sites. Look at the other root operators who don't have the backing of the US government money machine. Many of them seem to be able to deploy redundant instances. Even the much-maligned ICANN seems to have managed deploying 11 sites. All these root operators that have only one site need a good swift kick, or maybe they should pass the responsibility to others who are more committed to ensuring the Internet's stability." http://slashdot.org/story/10/10/02/1233235/Army-DNS-ROOT-Server-Down-For-18-Hours From rforno at infowarrior.org Sat Oct 2 23:42:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Oct 2010 00:42:03 -0400 Subject: [Infowarrior] - SEC/CFTC Report: SKYnet Caused Flash Crash Message-ID: <98FA969A-3D7D-4D09-9F90-96965247C68F@infowarrior.org> SEC/CFTC Report: SKYnet Caused Flash Crash By Barry Ritholtz - October 2nd, 2010, 11:30AM http://www.ritholtz.com/blog/2010/10/report-skynet-caused-flash-crash/ The 104 page report by the staffs of the U.S. Commodity Futures Trading Commission and the U.S. Securities and Exchange Commission CFTC & SEC was released this week (PDF here). I am still digesting the entire writing, but a few things leaped out. The report states that the flash crash was set off: ?At 2:32 p.m., against this backdrop of unusually high volatility and thinning liquidity, a large fundamental trader (a mutual fund complex) initiated a sell program to sell a total of 75,000 E-Mini contracts (valued at approximately $4.1 billion) as a hedge to an existing equity position.? The seller was Waddell & Reed, using a standard Barclays algo. That may have been the spark that lit the fumes, but it does not address the structural flaws in the market which is the ongoing gas leak. Nor does it give us much confidence that it is unlikely to occur again soon. Consider this WSJ description of how a SKYynet feedback loop developed and caused the crash: ?As the Waddell trade hit the futures markets . . . likely buyers included high-frequency trading firms. A key feature of high-frequency trading firms is that they quickly exit trades and, by 2:41, they were also aggressively selling the E-mini contracts they had bought from Waddell, which was still trying to sell the remainder of its contracts . . . ?HFTs began to quickly buy and then resell contracts to each other?generating a ?hot-potato? volume effect as the same positions were passed rapidly back and forth,? the report says. At one point, HFTs traded more than 27,000 contracts in just 14 seconds?a huge amount.The Waddell algorithm responded to the high volume by picking up the pace of its selling, even though stocks were spiraling lower. This feedback loop of selling by Waddell, high-frequency traders and others helped drive the E-mini price down 3% in just four minutes.? What I read into this is a system devoid of human judgment or rules as the underlying structural factor. There is no adult supervision, only bots and silicon. Instead of putting SKYnet in charge of national defense, we have put it in charge of our markets and economy. The end result ? minus the spectacular special effects ? seems to have been the same. Over my career, I have criticized specialists for raping and pillaging various orders at will. But a system without humans charged with maintaining orderly markets, with software bots swapping shares with other silicon-based life forms, is what has replaced that. Perhaps the cost of orderly markets was the specialist?s license to steal. Meanwhile, SKYnet sits . . . and waits. From rforno at infowarrior.org Sun Oct 3 13:28:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Oct 2010 14:28:13 -0400 Subject: [Infowarrior] - iPhone Applications & Privacy Issues: An Analysis of Application Transmission of iPhone UDIDs Message-ID: iPhone Applications & Privacy Issues: An Analysis of Application Transmission of iPhone Unique Device Identifiers (UDIDs) by Eric on Sep.30, 2010, under Group News, Presentations, Security http://www.pskl.us/wp/?p=476 Executive Summary In 1999, Intel released its newest CPU ? the Pentium 3. Each processor included a unique serial number, visible to any software installed on the system. A product backlash quickly developed as privacy rights groups realized that this serial number could be used to track users? online behavior. The industry, along with trade groups and governments, blasted this new feature; many governments went as far as proposing legislation to ban the use of Pentium 3 CPUs. Following the outcry, Intel quickly removed the serial number feature from their processor line, never to be re-introduced. Fast forward a decade to the introduction of Apple?s iPhone platform. Much like the Pentium 3, devices running the Apple iPhone operating system (IOS), including Apple iPhones, iPads, and iPod Touches, feature a software-readable serial number ? a ?Unique Device Identifier,? or UDID. In order to determine if the privacy fears surrounding the Pentium 3 have manifested themselves on the iPhone platform, we studied a number of iPhone apps from the ?Most Popular? and ?Top Free? categories in Apple?s App Store. For these applications, we collected and analyzed the data being transmitted between installed applications and remote servers using several open source tools. We found that 68% of these applications were transmitting UDIDs to servers under the application vendor?s control each time the application is launched. Furthermore, 18% of the applications tested encrypted their communications such that it was not clear what type of data was being shared. A scant 14% of the tested applications appear to be clean. We also confirmed that some applications are able to link the UDID to a real-world identity. The iPhone?s UDID is eerily similar to the Pentium 3?s Processor Serial Number (PSN). While the Pentium 3 PSN elicited a storm of outrage from privacy rights groups over the inherent risks associated with the sharing of such information with third parties, no such concerns have been raised up to this point regarding the iPhone UDID. As UDIDs can be readily linked to personally-identifiable information, the ?Big Brother? concerns from the Pentium 3 era should be a concern for today?s iPhone users as well. The full report is available here: iPhone-Applications-Privacy-Issues.pdf. From rforno at infowarrior.org Sun Oct 3 14:59:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Oct 2010 15:59:10 -0400 Subject: [Infowarrior] - Stuxnet: Private security wants US to tell them more Message-ID: The Christian Science Monitor - CSMonitor.com Stuxnet worm: Private security experts want US to tell them more http://www.csmonitor.com/layout/set/print/content/view/print/329735 Private sector security experts say the government?s public reports on the Stuxnet worm ? the world?s first publicly-known cyber superweapon ? often seem to be old news or incomplete. By Mark Clayton, Staff writer posted October 3, 2010 at 12:45 pm EDT America?s government security experts are among the best in the world. But their private sector counterparts are mystified why government?s public findings on the Stuxnet worm ? the world?s first publicly-known cyber superweapon ? so often have seemed muted, old news, or incomplete. Tucked away on a government website, the Industrial Control System-Cyber Emergency Response Team (ICS-CERT) ? part of the Department of Homeland Security ? posts alerts and bulletins with government analysis of Stuxnet, dutifully logging its findings since it emerged publicly in July. Yet those government alerts have mostly been echoes of findings already made public by anti-virus companies and private researchers ? often lagging by several days and providing less detailed findings, industrial control system security experts say. It looks like government is either inept at releasing detailed technical information to help protect the country or ? for other reasons political or strategic ? has decided to pull its punches on helping defuse Stuxnet, security experts, former government officials and Stuxnet experts told the monitor. For instance, they say, the US government so far has refused to provide details on Stuxnet that might help some 40-50 US-based industrial control systems possibly infected by this new generation of cyber-war software. The government?s failure, they say, leaves US corporations infected and open to attack in the future. ?Name me one new or helpful piece of information that ICS-CERT provided to the community on Stuxnet? Or any other helpful contribution on the biggest control system security event to date,? writes Dale Peterson, CEO of Digital Bond, a control systems security firm, in his Sept. 20 blog. ?It seems to me to have been a delayed clipping service.? 'Those bulletins they put out were missing key data' ?They had the expertise, the relationship with vendors, the equipment in their labs and the ability to analyze Stuxnet,? Mr. Peterson said in an interview. ?But those bulletins they put out were missing key data or late. Getting this information out quickly was their sole mission, and they failed.? Sean McGurk, director of DHS?s Control System Security Program, who oversees ICS-CERT, disputes that view, saying the team has been very focused on putting out timely public alerts ? leaving out details if they did not serve the function of protecting critical US infrastructure systems. ?We took a broad all-hazards approach to the [Stuxnet] malcode,? he says in an interview. ?We immediately began to analyze it and produce information to get into the hands of the community so they could begin taking protective measures.? At the company level, ICS-CERT is focused on forensic incident response ? like dealing with Stuxnet ? and vulnerability assessment. Computer engineers in Washington, along with experts at the Department of Energy?s Idaho National Laboratory, test control system software and equipment. Results are distributed to software vendors and users of the system software. ?We were able to reverse engineer the [Stuxnet] code and monitor how it works,? McGurk says. ?There have been individuals speculating on attribution and intent?. Our main focus has been on understanding the malware and putting mitigation in place ? how to prevent the spread and how to protect the physical infrastructure.? Still, examples of government as follower abound that Peterson and others say show the government has not been doing enough to get critical information out. On Sept. 21, German researcher Ralph Langner dropped a bombshell at a cyber security conference in Maryland detailing how Stuxnet ?fingerprints? its target, making it the first-known targeted cyber missile. It is designed to home in on and ?destroy something? in the real world, Mr. Langner says. Some of his findings, posted on his website Sept. 13, were echoed days later in an ICS-CERT alert. This past week the big anti-virus software company Symantec again eclipsed government researchers by unveiling a 49-page blue print of Stuxnet, which some experts speculate was aimed at wrecking Iranian nuclear facilities, but which has spread far beyond Iran. Symantec?s analysis ? much of it released long ago in blog posts this summer ? details not only how Stuxnet operates, but also key steps to defuse it. That could be important since Symantec notes in its new report that about 60 percent of the 100,000 Stuxnet-infected computers worldwide were in Iran. Yet just under 1 percent of those infections were in the US ? roughly 900 computers systems. And within that smaller group, about 5 percent of the infections (40-50 computers) were on Siemens industrial control systems. Siemans uncertain how many clients infected That?s a lot more than Siemens admits to. A spokesman told the Monitor just 15 of its industrial controls systems clients worldwide had reported Stuxnet infection. The spokesman acknowledged, however, the company is not certain all its clients would have reported an infection if they had one. That worries some experts who wish there was a stronger government push to fan out among potentially affected industries to explain Stuxnet and the threat variants it might pose. ?I don?t think the chemical industry has their eyes on this, which is why I?m writing about this,? says Patrick Coyle, a retired chemical engineer who writes a blog called Chemical Facility Security News. ?Government hasn?t reached these guys.? Others like Joel Langill, an industrial control systems security expert who works in the oil and gas industry says there?s been a distinct lack of information flowing from government. ?It was very quiet in July, and about the only place to get public information on Stuxnet was from Symantec,? says ?I don?t think ICS-CERT reports have done justice to the magnitude of what happened. Their reports have contained a lot of detail about the Stuxnet worm and prevention, but haven?t done much about what to do if you had it. If this was a massive cyber attack, they didn?t do very well.? On Sept. 29, ICS-CERT released a four-page ?advisory,? the most recent in a series of similarly brief tracts on how Stuxnet has operated since July. But until the Sept. 15 advisory ? which appeared two days after Mr. Langner?s revelations on his website ? none of these federal missives provided details that would be needed by US-based industrial systems to detect and remove Stuxnet from infected programmable logic controllers or PLCs, several experts say. One part of Stuxnet sneaks into an industrial control system. But another part drops its main bomb on PLCs ? vital computers that directly control robots on the factory floor. It was an issue focused on and unpacked in detail by Symantec in early August. But it took the government until its Sept. 15 advisory to address the PLC issue. While some private researchers have peeled the Stuxnet onion, others left waiting since mid-July for key details from US government researchers for corroboration have frequently been disappointed. ?They did okay addressing Stuxnet, but I would like to know what I can do to prevent a similar attack coming in the future. That?s where they come up short,? says Langill. One who applauds the federal government for its efforts on Stuxnet is Mark Weatherford, chief of security for the North American Electric Reliability Corporation. His organization, which is charged with keep the grid up and running, says his group has been working closely with government to get the word about Stuxnet security concerns directly to about 2,000 registered energy generators nationwide. ?Hopefully Stuxnet will die a peaceful death,? he says. ?But we?re going to stay on top of it until we feel comfortable that the threat is no longer there.? Lack of details leads to rumors and speculation Still, the consistent shortfall in Stuxnet details from government has led to rumors and speculation. One theory circulating is that the Defense Department feared somehow exposing nuclear systems by detailing Stuxnet fixes. Another more obvious theory is that Israel may be behind the cyber attack on Iran ? and US officials don?t want to provide Iran with a road map for fixing computers inside their nuclear facilities. Iranian authorities have admitted that Stuxnet infiltrated their nuclear power plant. ?The real question is: Did the US government know the target,? says one cyber security expert in the private sector who asked not to be named because he works with the government sector and fears losing its business. ?Did the US government know Stuxnet?s target and say, ?No, no, no ? we don?t want this information [about how to defang Stuxnet] out there. It?s highly plausible that people knew Iran was the target and didn?t want all the details about how to fix Stuxnet to get out right away.? But Scott Borg, who directs the US Cyber Consequences Unit, an independent cyber research center, says because malware attacks are so hard to source, he would not be too quick to assume the US is withholding information to help Israel, or even that Iran was the target, despite the apparent predominance of Stuxnet infections reported in Iran. The most plausible explanation is that private sector researchers are winning the race on getting information out because they are better at it. ?Most experts [on control systems] are in the private sector and sometimes they are just faster,? Mr. Borg says. ?Everyone in government has to follow proper procedure. In the private sector you go for the right answer, cut every corner to get their first. It?s easier to do this work in very informal settings.? Others, however, told the Monitor there is every sign that US government researchers at the Idaho National Laboratory knew a lot more about Stuxnet and how to defeat it ? far more than has yet been released by the government. Government researchers, they say, knew well before most information about it was released publicly by private companies. Government might have decided to release less information publicly about Stuxnet, Borg said, and supply it instead to Siemens with the details needed to fix the problem with its own customers, thereby safeguarding a valued relationship. ?There?s this decision making process,? he said. ?Do we hurt trusted relationships, other governments, vendors, our own military? This is why you get this disparity between what is released from government and what?s released privately.? Still, such decisions can leave even professionals ?incredibly frustrated because they ended up looking like goofballs,? a former senior government official, who asked not to be named because he still works with government, says of US researchers on Stuxnet. ?They had done good work. They knew a lot ? and had gotten to a good place with [Stuxnet] before anybody else. But in public they looked like they weren?t on top of their game. These guys did an incredible level of work that never got out in enough technical detail.? Meanwhile, back in Germany, Mr. Langner posted another blog item ? this one an eight-point critique of what he writes is critical, but missing information not raised in the most recent Sept. 29 ICS-CERT advisory on Stuxnet. ?Why explain in great length all the funny files that Stuxnet installs and not saying how to simply pull the plug by deleting one file?? he writes. Joe Weiss, a managing partner at Applied Control Solutions, which sponsored the conference where Langner spoke, is disappointed that government officials at the conference provided few details about Stuxnet. 'Why are they holding back?' ?Neither the Department of Energy or DHS has been giving us any real help on this issue,? says Mr. Weiss. ?If they?ve got the information, why the heck wasn?t that information being sent to our infrastructure owners? Why are they holding back? He and others say there is more than a little irony in federal officials touting last week?s Cyber Storm III, the government?s third big war game, as great preparation for a cyber attack with the backdrop of Stuxnet, the first known cyber superweapon to make its appearance in the public realm. But to charges of offering late and incomplete information on this major new threat, DHS?s Mr. McGurk says his agency has no apologies for not listing all the gory details, which he said is intentional when it occurs. ?I wouldn?t say information was intentionally withheld because it wasn?t complete,? he says referring to the ICS-CERT alerts on Stuxnet since July. Sometimes it?s best to go to work directly with the chemical industry or petroleum industry, he notes. That may entail sharing some detailed information the government knows but wants to keep to itself and those who most need to know it ? information, he says, that is ?not something we are going to put publicly on a public website.? ? The Christian Science Monitor. All Rights Reserved. Terms under which this service is provided to you. From rforno at infowarrior.org Sun Oct 3 17:09:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Oct 2010 18:09:21 -0400 Subject: [Infowarrior] - Planefinder app a 'threat' to aviation Message-ID: <22FB18C8-99C6-4D04-8E5C-E515EB084E47@infowarrior.org> A phone application that threatens security Press Trust of India, Updated: October 03, 2010 21:01 IST http://www.ndtv.com/article/technology/a-phone-application-that-threatens-security-56673 London: A cheap mobile phone application that can track the precise location of passenger aircraft in the sky can be a serious terrorist threat, security experts have claimed and called for its immediate ban. The Plane Finder AR application, developed by a British firm for the Apple iPhone and Google's Android, allows users to point their phone at the sky and see the position, height and speed of nearby aircraft. It also shows the airline, flight number, departure point, destination and even the likely course-the features which could be used to target an aircraft with a surface-to-air missile, or to direct another plane on to a collision course, the 'Daily Mail' reported. The programme, sold for just 1.79 pounds in the online Apple store, has now been labelled an 'aid to terrorists' by security experts and the US Department of Homeland Security is also examining how to protect airliners. The new application works by intercepting the so-called Automatic Dependent Surveillance-Broadcasts (ADS-B) transmitted by most passenger aircraft to a new satellite tracking system that supplements or, in some countries, replaces radar. British and European air traffic control systems have not yet adopted the technology but it is being fitted in all new aircraft, which now constantly broadcast their positions. After the September 11 attacks in America in 2001, a senior Federal Aviation Administration official warned that ADS-B technology could be used by terrorists. He wrote: "Broadcasting the identity and location of aircraft... would open the door for a terrorist to attack a specific aircraft or airline." The firm behind the app, Pinkfroot, uses a network of aircraft enthusiasts in Britain and abroad, who are equipped with ADS-B receivers costing around 200 pounds to intercept the information from aircraft and send it to a central database. Conservative MP Patrick Mercer, former chairman of the Parliamentary Counter Terrorism sub-committee, said: "Anything that makes it easier for our enemies to find targets is madness. The Government must look at outlawing the marketing of such equipment." However, the Hampshire-based firm has gone one step further, marketing a so-called 'Augmented Reality' application because users can point a phones camera at the sky and see the precise position of aircraft superimposed on the horizon. The firm claims more than 2,000 people have downloaded Plane Finder AR from iTunes since its launch last month. Read more at: http://www.ndtv.com/article/technology/a-phone-application-that-threatens-security-56673?cp From rforno at infowarrior.org Sun Oct 3 19:59:43 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 3 Oct 2010 20:59:43 -0400 Subject: [Infowarrior] - Are we raising a generation of nincompoops? Message-ID: Are we raising a generation of nincompoops? By Beth J. Harpaz, Associated Press Writer | September 27, 2010 http://www.boston.com/news/nation/articles/2010/09/27/are_we_raising_a_generation_of_nincompoops?mode=PF NEW YORK --Second-graders who can't tie shoes or zip jackets. Four-year-olds in Pull-Ups diapers. Five-year-olds in strollers. Teens and preteens befuddled by can openers and ice-cube trays. College kids who've never done laundry, taken a bus alone or addressed an envelope. Are we raising a generation of nincompoops? And do we have only ourselves to blame? Or are some of these things simply the result of kids growing up with push-button technology in an era when mechanical devices are gradually being replaced by electronics? Susan Maushart, a mother of three, says her teenage daughter "literally does not know how to use a can opener. Most cans come with pull-tops these days. I see her reaching for a can that requires a can opener, and her shoulders slump and she goes for something else." Teenagers are so accustomed to either throwing their clothes on the floor or hanging them on hooks that Maushart says her "kids actually struggle with the mechanics of a clothes hanger." Many kids never learn to do ordinary household tasks. They have no chores. Take-out and drive-through meals have replaced home cooking. And busy families who can afford it often outsource house-cleaning and lawn care. "It's so all laid out for them," said Maushart, author of the forthcoming book "The Winter of Our Disconnect," about her efforts to wean her family from its dependence on technology. "Having so much comfort and ease is what has led to this situation -- the Velcro sneakers, the Pull-Ups generation. You can pee in your pants and we'll take care of it for you!" The issue hit home for me when a visiting 12-year-old took an ice-cube tray out of my freezer, then stared at it helplessly. Raised in a world where refrigerators have push-button ice-makers, he'd never had to get cubes out of a tray -- in the same way that kids growing up with pull-tab cans don't understand can openers. But his passivity was what bothered me most. Come on, kid! If your life depended on it, couldn't you wrestle that ice-cube tray to the ground? It's not that complicated! Mark Bauerlein, author of the best-selling book "The Dumbest Generation," which contends that cyberculture is turning young people into know-nothings, says "the absence of technology" confuses kids faced with simple mechanical tasks. But Bauerlein says there's a second factor: "a loss of independence and a loss of initiative." He says that growing up with cell phones and Google means kids don't have to figure things out or solve problems any more. They can look up what they need online or call mom or dad for step-by-step instructions. And today's helicopter parents are more than happy to oblige, whether their kids are 12 or 22. "It's the dependence factor, the unimaginability of life without the new technology, that is making kids less entrepreneurial, less initiative-oriented, less independent," Bauerlein said. Teachers in kindergarten have always had to show patience with children learning to tie shoes and zip jackets, but thanks to Velcro closures, today's kids often don't develop those skills until they are older. Sure, harried parents are grateful for Velcro when they're trying to get a kid dressed and out the door, and children learn to tie shoes eventually unless they have a real disability. But if they're capable of learning to tie their shoes before they learn to read, shouldn't we encourage them? Some skills, of course, are no longer useful. Kids don't need to know how to add Roman numerals, write cursive or look things up in a paper-bound thesaurus. But is snail-mail already so outmoded that teenagers don't need to know how to address an envelope or put the stamp in the right spot? Ask a 15-year-old to prepare an envelope some time; you might be shocked at the result. Lenore Skenazy, who writes a popular blog called Free-Range Kids, based on her book by the same name, has a different take. Skenazy, whose approach to parenting is decidedly anti-helicopter, agrees that we are partly to blame for our children's apparent incompetence, starting when they are infants. "There is an onslaught of stuff being sold to us from the second they come out of the womb trying to convince us that they are nincompoops," she said. "They need to go to Gymboree or they will never hum and clap! To teach them how to walk, you're supposed to turn your child into a marionette by strapping this thing on them that holds them up because it helps them balance more naturally than 30,000 years of evolution!" Despite all this, Skenazy thinks today's kids are way smarter than we give them credit for: "They know how to change a photo caption on a digital photo and send it to a friend. They can add the smiley face without the colon and parentheses! They never took typing but they can type faster than I can!" Had I not been there to help that 12-year-old with the ice-cube tray, she added, the kid surely would have "whipped out his iPhone and clicked on his ice cube app to get a little video animated by a 6-year-old that explained how you get ice cubes out of a tray." Friends playing devil's advocate say I'm wrong to indict a whole generation for the decline of skills they don't need. After all, we no longer have to grow crops, shoot deer, prime a pump or milk a cow to make dinner, but it was just a couple of generations ago that you couldn't survive in many places without that knowledge. Others say this is simply the last gasp of the analog era as we move once and for all to the digital age. In 10 years, there won't be any ice cube trays; every fridge will have push-button ice. But Bauerlein, a professor at Emory University who has studied culture and American life, defends my right to rail against the ignorance of youth. "That's our job as we get old," he said. "A healthy society is healthy only if it has some degree of tension between older and younger generations. It's up to us old folks to remind teenagers: 'The world didn't begin on your 13th birthday!' And it's good for kids to resent that and to argue back. We want to criticize and provoke them. It's not healthy for the older generation to say, 'Kids are kids, they'll grow up.' "They won't grow up," he added, "unless you do your job by knocking down their hubris." ------ Online: http://freerangekids.wordpress.com/ From rforno at infowarrior.org Mon Oct 4 20:03:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Oct 2010 21:03:21 -0400 Subject: [Infowarrior] - Airlines Want to Bump Air Marshals to Coach Message-ID: <064B6A17-5F9C-423B-975B-1BEC643FC492@infowarrior.org> ? THE MIDDLE SEAT ? SEPTEMBER 30, 2010 Airlines Want to Bump Air Marshals to Coach A Debate Over Whether Agents in First-Class Seats Should Sit Farther Back Where Some Say Risk of Attack Is Greatest ? By SCOTT MCCARTNEY http://online.wsj.com/article_email/SB10001424052748703431604575521832473932878-lMyQjAxMTAwMDIwOTEyNDkyWj.html To protect the nation's air travelers, federal air marshals deployed after the 2001 terrorist attacks try to travel incognito, often in pairs, and choose flights identified with the potential to fall under threat. And they almost always fly first class?something some airlines would like to change. With cockpit doors fortified and a history of attackers choosing coach seats, some airline executives and security experts question whether the first-class practice is really necessary?or even a good idea. It could weaken security by isolating marshals or making them easier for terrorists to identify, airline executives say. With more threats in the coach cabin now, first-class clustering may not make as much security sense. Security experts say bombers are a bigger threat today than knife-wielding attackers trying to get through secure cockpit doors, and Transportation Security Administration checkpoints are heavily focused on explosives, whether hidden in shoes, liquids or under clothes. Some believe bombers try to target areas over the wing?a structurally critical location and also the site of fuel storage?to cause the most damage to the aircraft. Airline CEOs met recently with TSA administrator John Pistole and officials from the Federal Air Marshal Service requesting the TSA to reconsider the placement of marshals based on current security threats. "Our concern is far less revenue and more that we have defenses appropriate to the threat," said James May, chief executive of the Air Transport Association, the airline industry's lobbying group. "We think there needs to be an even distribution, particularly when we have multiple agents on board." Mr. May said he believes the air marshal service is trying to make adjustments. Marshals are assigned to flights using a scheduling system based on security intelligence and other factors, said Nelson Minerly, spokesman for the Federal Air Marshal Service. Mr. Minerly says the practice of placing marshals in first class is essential in an attack in which seconds matter. "Our distinction isn't for a free ride in a fluffy seat. It's based on threat and tactical doctrines," he said. In most cases, the marshal service designates which cabin marshals will fly in, Mr. Minerly said, with seating assigned to "maximize the effectiveness of the team." Move "further and further back in the plane" and "it will take longer and longer to respond." By law, airlines must provide seats to marshals at no cost in any cabin requested. With first-class and business-class seats in particular, the revenue loss to airlines can be substantial because they can't sell last-minute tickets or upgrades, and travelers sometimes get bumped to the back or lose out on upgrade opportunities. When travelers do get bumped, airlines are barred from divulging why the first-class seat was unexpectedly taken away, to keep the presence of a marshal a secret. Bumped travelers?airlines can't disclose how many passengers are affected?typically get coach seats and refunds on the cash or miles they paid for the better seat. In a recent episode, the Air Transport Association said, a flight from Europe to the U.S. was about to depart with at least six marshals already on board in multiple cabins when a rival carrier canceled a flight. Marshals from that flight came over to demand first-class seats on the flight that was leaving. The airline refused, saying it would cancel the flight rather than empty the first-class cabin. Marshals backed off, airline officials say. Mr. Minerly of the Federal Air Marshal Service said he was unfamiliar with the incident, and that the agency does not comment on specific cases. Airlines are reluctant to publicly discuss the marshals program since their activities are classified as sensitive secure information. US Airways Chief Executive Doug Parker did raise the question of whether marshals are too focused on first class at a meeting with reporters in April. When asked for further explanation, Mr. Parker through a spokesman declined to comment. Executives from four other major U.S. carriers echoed his thinking, however, but declined to comment because airlines are prohibited from speaking publicly on the air-marshal program. TSA declines to disclose how many air marshals there are, but officials have said in the past there are more than 1,000, and some estimates have run as high as 4,000. Airline officials say that since the Christmas Day attempt to blow up a flight from Amsterdam to Detroit, marshals have been assigned to more international trips, sometimes as many as six or more to a flight. Both the shoe-bombing and Christmas Day-bombing attempts occurred in coach. Even with thousands of marshals, only a small percentage of U.S. airline flights are covered. The deterrent is largely that terrorists not know which flights might have armed agents on board. Marshals haven't been on board for any of the recent terrorism attempts against U.S. airlines. Air marshals arrested a Qatari diplomat caught smoking in the bathroom on a United Airlines flight from Washington, D.C., to Denver, and two marshals in Miami shot and killed a man with bipolar disorder in 2005 after he ran through a plane waiting to take off, acted erratically on a jet bridge, claimed to have a bomb in his backpack and refused an order to hit the ground. When the man began moving back toward the airplane, agents fired. The Miami-Dade State Attorney's office ruled the shooting as justified. The idea of air marshals on U.S. airline flights has ebbed and flowed over the years depending on threats to airline flights. President Kennedy ordered marshals aboard planes after flights were hijacked to Cuba in the early 1960s. President Nixon ordered deployment of air marshals on Sept. 11, 1970, after terrorists hijacked three New York-bound jets and held them hostage in Egypt and Jordan. In 2001, the U.S. had fewer than 50 air marshals. Write to Scott McCartney at middleseat at wsj.com From rforno at infowarrior.org Mon Oct 4 20:12:26 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Oct 2010 21:12:26 -0400 Subject: [Infowarrior] - OT: Firefighters watch as home burns to the ground Message-ID: <7CFCDBA4-B3C3-4A69-8605-0DE4931F1209@infowarrior.org> Firefighters watch as home burns to the ground Reporter - Jason Hibbs Photojournalist - Mark Owen http://www.wpsdlocal6.com/news/local/Firefighters-watch-as-home-burns-to-the-ground-104052668.html Story Created: Sep 29, 2010 at 10:34 PM CDT Story Updated: Sep 30, 2010 at 12:31 AM CDT OBION COUNTY, Tenn. - Imagine your home catches fire but the local fire department won't respond, then watches it burn. That's exactly what happened to a local family tonight. A local neighborhood is furious after firefighters watched as an Obion County, Tennessee, home burned to the ground. The homeowner, Gene Cranick, said he offered to pay whatever it would take for firefighters to put out the flames, but was told it was too late. They wouldn't do anything to stop his house from burning. Each year, Obion County residents must pay $75 if they want fire protection from the city of South Fulton. But the Cranicks did not pay. The mayor said if homeowners don't pay, they're out of luck. This fire went on for hours because garden hoses just wouldn't put it out. It wasn't until that fire spread to a neighbor's property, that anyone would respond. Turns out, the neighbor had paid the fee. "I thought they'd come out and put it out, even if you hadn't paid your $75, but I was wrong," said Gene Cranick. Because of that, not much is left of Cranick's house. They called 911 several times, and initially the South Fulton Fire Department would not come. The Cranicks told 9-1-1 they would pay firefighters, whatever the cost, to stop the fire before it spread to their house. "When I called I told them that. My grandson had already called there and he thought that when I got here I could get something done, I couldn't," Paulette Cranick. It was only when a neighbor's field caught fire, a neighbor who had paid the county fire service fee, that the department responded. Gene Cranick asked the fire chief to make an exception and save his home, the chief wouldn't. We asked him why. He wouldn't talk to us and called police to have us escorted off the property. Police never came but firefighters quickly left the scene. Meanwhile, the Cranick home continued to burn. We asked the mayor of South Fulton if the chief could have made an exception. "Anybody that's not in the city of South Fulton, it's a service we offer, either they accept it or they don't," Mayor David Crocker said. Friends and neighbors said it's a cruel and dangerous city policy but the Cranicks don't blame the firefighters themselves. They blame the people in charge. "They're doing their job," Paulette Cranick said of the firefighters. "They're doing what they are told to do. It's not their fault." To give you an idea of just how intense the feelings got in this situation, soon after the fire department returned to the station, the Obion County Sheriff's Department said someone went there and assaulted one of the firefighters. From rforno at infowarrior.org Tue Oct 5 06:21:45 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Oct 2010 07:21:45 -0400 Subject: [Infowarrior] - OT: 911 Callers Are a Joke in Broward County Message-ID: <87B92D79-A895-495B-B7C5-EC3707A2579A@infowarrior.org> 911 Callers Are a Joke in Broward County http://www.nbcmiami.com/news/local-beat/911-Does-Not-Stand-for-Emergency-in-Broward-104294569.html?dr Best line? "The fast food offenses are usually the most common and often the most annoying because people think it's really an emergency worthy of 911, one operator said......"Screaming in my ear, 'I wanted the sausage, and he gave me the burrito!'" April McGill recalls from one call. "She's trying to force me to eat something off the menu that I don't want!"" ... I knew I left home for a reason back in the late 80s. This confirms it. Unfortunately, although I escapted 911 lunacy by leaving Florida, I ended up living with 9/11 lunacy in DC. Gaah! -- rick From rforno at infowarrior.org Wed Oct 6 06:59:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Oct 2010 07:59:42 -0400 Subject: [Infowarrior] - Voice Phishing: System to Trace Telephone Call Paths Across Multiple Networks Developed Message-ID: <13BB8D34-4408-44E1-B33B-23E1428E0982@infowarrior.org> (c/o DG) Voice Phishing: System to Trace Telephone Call Paths Across Multiple Networks Developed http://www.sciencedaily.com/releases/2010/10/101005121820.htm ScienceDaily (Oct. 5, 2010) ? Phishing scams are making the leap from email to the world's voice systems, and a team of researchers in the Georgia Tech College of Computing has found a way to tag fraudulent calls with a digital "fingerprint" that will help separate legitimate calls from phone scams. Voice phishing (or "vishing") has become much more prevalent with the advent of cellular and voice IP (VoIP) networks, which enable criminals both to route calls through multiple networks to avoid detection and to fake caller ID information. However each network through which a call is routed leaves its own telltale imprint on the call itself, and individual phones have their own unique signatures, as well. Funded in part by the National Science Foundation, the Georgia Tech team created a system called "PinDr0p" that can analyze and assemble those call artifacts to create a fingerprint -- the first step in determining "call provenance," a term the researchers coined. The work, described in the paper, "PinDr0p: Using Single-Ended Audio Features to Determine Call Provenance," was presented at the Association for Computing Machinery's Conference on Computers and Communications Security, Oct. 5 in Chicago. "There's a joke, 'On the Internet, no one knows you're a dog.' Now that's moving to phones," said Mustaque Ahamad, professor in the School of Computer Science and director of the Georgia Tech Information Security Center (GTISC). "The need is obvious to build security into these voice systems, and this is one of the first contributions to that research area. PinDr0p needs no additional detection infrastructure; all it uses is the sound you hear on the phone. It's a very powerful technique." PinDr0p exploits artifacts left on call audio by the voice networks themselves. For example, VoIP calls tend to experience packet loss -- split-second interruptions in audio that are too small for the human ear to detect. Likewise, cellular and public switched telephone networks (PTSNs) leave a distinctive type of noise on calls that pass through them. Phone calls today often pass through multiple VoIP, cellular and PTSN networks, and call data is either not transferred or transferred without verification across the networks.Using the call audio, PinDr0p employs a series of algorithms to detect and analyze call artifacts, then determines a call's provenance (the path it takes to get to a recipient's phone) with at least 90 percent accuracy and, given enough comparative information, even 100 percent accuracy. Patrick Traynor, assistant professor of computer science, said that though the technology is modern, vishing is simply classic wire fraud: Someone gets a call which based on caller ID information appears legitimate, and the caller asks the recipient to reveal personal information like credit card and PIN details. During a five-day period in January 2010, bank customers in four U.S. states received fraudulent calls exactly like this, and instances of vishing date back at least to 2006. PinDr0p is doubly effective for fraud detection, Traynor said, because it relies on call details outside the caller's control. "They're not able to add the kind of noise we're looking for to make them sound like somebody else," he said. "There's no way for a caller to reduce packet loss. There's no way for them to say to the cellular network, 'Make my sound quality better.'" In testing PinDr0p, the researchers analyzed multiple calls made from 16 locations as far flung as Australia, India, United Arab Emirates, United Kingdom and France. After creating a fingerprint for calls originating from each location, they were able to correctly identify subsequent calls from the same location 90 percent of the time. With two confirmed fingerprints on a call, they could identify subsequent calls 96.25 percent of the time; with three it rose to 97.5 percent accuracy. By the time researchers had five positive IDs for a certain call, they could identify future calls from that source 100 percent of the time. But PinDr0p does have its limitations -- for the moment. "Call provenance doesn't translate into an individual's name or a precise IP address," said Vijay Balasubramaniyan, a Ph.D. student in computer science, who presented the PinDr0p paper in Chicago. However Balasubramaniyan, Ahamad and Traynor are actively working on the next step: Using PinDr0p not just to trace call provenance, but to geolocate the origin of the call. "This is the first step in the direction of creating a truly trustworthy caller ID," Traynor said. From rforno at infowarrior.org Wed Oct 6 07:11:34 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Oct 2010 08:11:34 -0400 Subject: [Infowarrior] - 2010 Map of Online Communities Message-ID: <66655E69-B83E-41DF-846A-A232FF0B23B8@infowarrior.org> Well, one version, anyway. http://xkcd.com/802/ From rforno at infowarrior.org Wed Oct 6 07:27:04 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Oct 2010 08:27:04 -0400 Subject: [Infowarrior] - New G2 phone comes w/'rootkit' Message-ID: Newest Google Android Cell Phone Contains Unexpected ?Feature? -- A Malicious Root Kit. Published: October 5, 2010 http://oti.newamerica.net/blogposts/2010/newest_google_android_cell_phone_contains_unexpected_feature_a_malicious_root_kit-380 Chip on Phone Overwrites User-Preferred Software -- Re-installs Original Firmware. Yesterday, some T-Mobile stores began selling its newest mobile device, the G2, an Android-based smart phone originally slated for an October 6 release while AT&T is slated to release it later in the year. This device truly is representative of the next generation of mobile devices. The hardware capabilities surpass the abilities of most available netbook computers, including the ability to play High Definition video seamlessly. Unfortunately, the G2 also comes with built-in hardware that restricts what software a device owner might wish to install. Specifically, one of the microchips embedded into the G2 prevents device owners from making permanent changes that allow custom modifications to the the Android operating system. This is the same Android that purposefully opened up its source code under the Apache License, allowing anyone to use, modify, and redistribute the operating system code even if they choose not to contribute back to the development community. Even among other Android computing devices and phones, the G2 is touted as an open platform. Unfortunately, the hardware in this device completely undermines this license by allowing mobile network providers to override end-user changes to the source code. Wireless network operators have deployed a hardware rootkit that restricts modifications to a device owned by the user. This would be akin to a computer sold with Microsoft Windows containing chip that prevented users from installing Linux or another operating system of their choice. Of course, the G2 is not really a phone. It is a mobile computer with an interface that connects to a mobile network. The majority of time many people spend using their G2 mobile computer is taking notes in meetings, reading and responding to email, editing documents, browsing web pages, getting news from their RSS feed readers, listening to audio files, watching YouTube videos, and interacting with online social networks. Occasionally, we may take a photo or maybe even a video, and sometimes users may respond to text messages or make a phone call. These are the same activities most people do with their home and office desktop and laptop computers. Plugging a USB wireless modem into a laptop for T-Mobile?s broadband services does not mean that T-Mobile can say that Ubuntu Linux is not an approved operating system, or that Skype is not an allowed voice service. Yet when unsuspecting members of the public buy Google?s Android G2 at a T-Mobile store, they aren?t getting a customizable mobile computer or phone but are instead getting a device where the hardware itself dramatically limits users' right to make changes to their computers and install the operating system of their choice. Clearly, this is a major new initiative to control users rights to run their computers as they see fit. Instead, the new Google Android hardware rootkit acts just like a virus -- overriding user?s preferences to change settings and software to conform to the desires of a third party. And just like a virus, this kind of behavior should be just as illegal. Users of the new Google Android G2 should be warned that their device has a rootkit that will overwrite their software modifications. We are seeking further clarification as to the legality of this malicious software. More info: http://press.t-mobile.com/articles/T-Mobile-G2-with-Google http://forum.xda-developers.com/showthread.php?t=794053 From rforno at infowarrior.org Wed Oct 6 07:55:43 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Oct 2010 08:55:43 -0400 Subject: [Infowarrior] - Tech CEOs go to the White House Message-ID: <6C758A27-3BE0-45FE-9B87-FBDF9688E2C3@infowarrior.org> Tech CEOs go to the White House By Sara Jerome - 10/06/10 08:16 AM ET http://thehill.com/blogs/hillicon-valley/technology/122901-tech-ceos-go-to-the-white-house The leaders of six technology companies are heading to the White House on Wednesday to send a message about how the government can reduce the deficit. They will meet with Federal Reserve Chairman Ben Bernanke, Council of Economic Advisors Director Austan Goolsbee, National Economic Council Advisor Director Larry Summers and other economic officials. The tech leaders include the heads of IBM, Dell, Applied Materials, EMC, Intel, Motorola and Micron. IBM's chairman Sam Palmisano and Dell's chief executive Michael Dell will be in tow. They willl deliver their plan on reducing the deficit by $1 trillion over the next ten years without new legislation. Their idea is to foster greater innovation in areas ranging from healthcare, to education and energy to spur economic growth and create jobs, according to a statement they distributed by the Technology CEO Council (TCC) which includes all those companies. They say the government can cut 30 percent of its IT overhead from the $76 billion it spends annually in this area. It can cut money from its procurement processes by reducing duplication. It should also reduce fraud and do digital rather than using paper. From rforno at infowarrior.org Wed Oct 6 08:13:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Oct 2010 09:13:10 -0400 Subject: [Infowarrior] - The Pentagon's New Cyber Warriors Message-ID: <7AC3148F-6FC9-4261-81FA-F3053AB6CAE3@infowarrior.org> http://www.reuters.com/article/idUSTRE69433120101005 October 5, 2010 Special Report: The Pentagon's New Cyber Warriors By Jim Wolf, Reuters WASHINGTON -- Guarding water wells and granaries from enemy raids is as old as war itself. In the Middle Ages, vital resources were hoarded behind castle walls, protected by moats, drawbridges and knights with double-edged swords. Today, U.S. national security planners are proposing that the 21st century's critical infrastructure -- power grids, communications, water utilities, financial networks -- be similarly shielded from cyber marauders and other foes. The ramparts would be virtual, their perimeters policed by the Pentagon and backed by digital weapons capable of circling the globe in milliseconds to knock out targets. An examination by Reuters, including dozens of interviews with military officers, government officials and outside experts, shows that the U.S. military is preparing for digital combat even more extensively than has been made public. And how to keep the nation's lifeblood industries safe is a big, if controversial, aspect of it. "The best-laid defenses on military networks will matter little unless our civilian critical infrastructure is also able to withstand attacks," says Deputy U.S. Defense Secretary William Lynn, who has been reshaping military capabilities for an emerging digital battlefield. Any major future conflict, he says, inevitably will involve cyber warfare that could knock out power, transport and banks, causing "massive" economic disruption. But not everyone agrees that the military should or even can take on the job of shielding such networks. In fact, some in the private sector fear that shifting responsibility to the Pentagon is technologically difficult -- and could prove counterproductive. For the moment, however, proponents of the change seem to have the upper hand. Their case has been helped by the recent emergence of Stuxnet, a malicious computer worm of unknown origin that attacks command modules for industrial equipment. Experts describe the code as a first-of-its-kind guided cyber missile. Stuxnet has hit Iran especially hard, possibly slowing progress on Tehran's nuclear program, as well as causing problems elsewhere. Stuxnet was a cyber shot heard around the world. Russia, China, Israel and other nations are racing to plug network gaps. They also are building digital arsenals of bits, bytes and logic bombs -- code designed to interfere with a computer's operation if a specific condition is met, according to experts inside and outside the U.S. government. The worms are coming! In some ways, the U.S. military-industrial complex -- as President Dwight Eisenhower called ties among policymakers, the armed forces and arms makers -- is turning into more of a military-cyber-intelligence mash-up. The Pentagon's biggest suppliers -- including Lockheed Martin Corp, Boeing Co , Northrop Grumman Corp, BAE Systems Plc and Raytheon Co -- each have big and growing cyber-related product and service lines for a market that has been estimated at $80 billion to $140 billion a year worldwide, depending on how broadly it is defined. U.S. officials have shown increasing concern about alleged Chinese and Russian penetrations of the electricity grid, which depends on the Internet to function. Beijing, at odds with the United States over Taiwan arms sales and other thorny issues, has "laced U.S. infrastructure with logic bombs," former National Security Council official Richard Clarke writes in his 2010 book "Cyber War," a charge China denies. Such concerns explain the Pentagon's push to put civilian infrastructure under its wing by creating a cyber realm walled off from the rest of the Internet. It would feature "active" perimeter defenses, including intrusion monitoring and scanning technology, at its interface with the public Internet, much like the Pentagon's "dot.mil" domain with its more than 15,000 Defense Department networks. The head of the military's new Cyber Command, Army General Keith Alexander, says setting it up would be straightforward technically. He calls it a "secure zone, a protected zone." Others have dubbed the idea "dot.secure." "The hard part is now working through and ensuring everybody's satisfied with what we're going to do," Alexander, 58, told reporters gathered recently near his headquarters at Fort Meade, Maryland. Alexander also heads the National Security Agency, or NSA, the super-secretive Defense Department arm that shields national security information and networks, and intercepts foreign communications. The Pentagon is already putting in place a pilot program to boost its suppliers' network defenses after break-ins that have compromised weapons blueprints, among other things. Lynn told Alexander to submit plans, in his NSA role, for guarding the so-called defense industrial base, or DIB, that sells the Pentagon $400 billion in goods and services a year. "The DIB represents a growing repository of government information and intellectual property on unclassified networks," Lynn said in a June 4 memo obtained by Reuters. He gave the general 60 days to develop the plan, with the Homeland Security Department, to provide "active perimeter" defenses to an undisclosed number of Pentagon contractors. "We must develop additional initiatives that will rapidly increase the level of cybersecurity protection for the DIB to a level equivalent to the (Department of Defense's) unclassified network," Lynn wrote. The Pentagon, along with the Homeland Security department, is now consulting volunteer "industry partners" on the challenges private sector companies envision, said Air Force Lieutenant Colonel Rene White, a Pentagon spokeswoman, in a status report. Throwback? Some see the Pentagon's proposed new ring around certain critical services as a throwback almost to the dark ages. "Dot.secure becomes new Target One," says Richard Bejtlich, General Electric Co's director of incident response. "I can't think of an easier way to help an adversary target the most critical information on industry computers." Bejtlich and others say such an arrangement would only be as strong as its weakest link, vulnerable to compromise in many ways. "I guarantee users will want to and need to transfer information between their normal company Internet-connected computers and 'dot.secure'," he says. "Separation is a fool's goal." Utilities already use encrypted, password-controlled systems to handle communication between power plants and large-scale distribution systems. Trying to move that traffic off the existing Internet onto an independent computer network would be expensive, and would not necessarily guarantee security. "Even a private network is only so secure," said Dan Sheflin, a vice president at Honeywell International Inc who works on grid-control technology. "A big threat is employees walk in, unknowingly or knowingly, with (an infected) thumb drive, plug it in, put their kids' pictures on their PC and, oh boy, something's on the network. Those are things that even a private network could be subject to." Rather than building a new network, a more practical solution could be improving the security of existing systems. "The real issue is not letting people in and having layers of defense if they do get in to isolate them and eradicate them," said Sheflin, of Honeywell, which makes grid components ranging from home thermostats to automation systems to run power plants. "This is a very difficult problem. We are up against well-funded groups who can employ many people who spend their time trying to do this." Greg Neichin of San Francisco-based Cleantech Group LLC, a research firm, says utility companies already are well aware of the need to guard their infrastructure, which can represent billions of dollars of investment. "Private industry is throwing huge sums at this already," he says. "What is the gain from government involvement?" Companies ranging from Honeywell to General Electric Co -- whose chief executive, Jeff Immelt, called the U.S. energy grid a relic last month -- are pushing the drive toward a "smart grid." That model would permit two-way communication between power producers and consumers, so a utility could avoid a blackout during a peak demand time by sending a signal to users' thermostats to turn down air conditioning, for instance. Such a system could also allow variable pricing -- lowering prices during off-peak demand times, which would encourage homeowners to run major appliances like dishwashers and washing machines in the evenings, when industrial demand declines. Neichin is worried that efforts to wall off grid-related communication could stifle that kind of innovation. But even Sheflin of Honeywell argues that private companies are not likely to solve a problem of this magnitude on their own. "The government needs to be involved in this," he said. "There is going to have to be someone that says, 'Wait a minute, this is of paramount importance.' I don't think it's going to be private industry that will raise the red flag." A Pentagon spokesman said he could not address industry concerns right now, but the Defense Department would do so before long. Still, the military's proposal faces other complications. Who's in charge? The U.S. Department of Homeland Security now leads efforts to secure federal non-military systems, often described as the Internet's "dot.gov" domain. It also has the lead in protecting critical infrastructure. NSA and Cyber Command lend a hand when asked to do so, including by U.S. companies seeking to button up their networks. The idea of letting the Defense Department wall off certain private-sector networks is highly tricky for policymakers, industry and Pentagon planners. Among the issues: what to protect, who should be in charge, how to respond to any attack and whether the advent of a military gateway could hurt U.S. business's dealings overseas, for instance for fear of Pentagon snooping. In addition, the 1878 Posse Comitatus Act generally bars federal military personnel from acting in a law-enforcement capacity within the United States, except where expressly authorized by the Congress. Alexander says the White House is considering whether to ask Congress for new authorities as part of a revised team approach to cyber threats that would also involve the FBI, the Department of Homeland Security and the Defense Department. There are persistent signs of strains between Cyber Command and the Homeland Security Department over how to enhance the U.S. cybersecurity posture. "To achieve this, we have to depart from the romantic notion of cyberspace as the Wild Wild West," Homeland Deputy Secretary Jane Lute told the annual Black Hat computer hackers' conference in Las Vegas in July. "Or the scary notion of cyberspace as a combat zone. The goal here is not control, it's confidence." Alexander made a reference to tensions during certain meetings ahead of Cyber Storm III, a three-day exercise mounted by U.S. Homeland Security last week with 12 other countries plus thousands of participants across government and industry. It simulated a major cyber attack on critical infrastructure. "Defense Department issues versus Homeland Security issues," he told the House of Representatives Armed Services Committee on September 23. "And that's probably where you'll see more friction. So how much of each do you play? How radical do you make the exercise?" President Barack Obama's cybersecurity coordinator, Howard Schmidt, is working with Congress and within the administration to develop policies and programs to improve U.S. cybersecurity, says a White House spokesman, Nicholas Shapiro. Obama, proclaiming October National Cybersecurity Awareness Month, said protecting digital infrastructure is a "national security priority." "We must continue to work closely with a broad array of partners -- from federal, state, local and tribal governments to foreign governments, academia, law enforcement and the private sector -- to reduce risk and build resilience in our shared critical information and communications infrastructure," he said. Virtual castle walls Active defenses of the type the military would use to shield a "dot.secure" zone represent a fundamental shift in the U.S. approach to network defense, Lynn says. They depend on warnings from communications intercepts gathered by U.S. intelligence. Establishing this link was a key reasons for the creation of Cyber Command, ordered in June 2009 by Defense Secretary Robert Gates after he concluded that the cyber threat had outgrown the military's existing structures. "Policymakers need to consider, among other things, applying the National Security Agency's defense capabilities beyond the ".gov" domain, such as to domains that undergird the commercial defense industry," Lynn wrote in the September/October issue of Foreign Affairs. "The Pentagon is therefore working with the Department of Homeland Security and the private sector to look for innovative ways to use the military's cyber defense capabilities to protect the defense industry," he said. U.S. Senator Sheldon Whitehouse, who led a Senate Intelligence Committee cyber task force that submitted a classified report to the panel in July, has floated a similar idea, drawing an analogy to medieval fortresses. "Can certain critical private infrastructure networks be protected now within virtual castle walls in secure domains where those pre-positioned offenses could be both lawful and effective?" he asked in a July 27 floor speech. "This would obviously have to be done in a transparent manner, subject to very strict oversight. But with the risks as grave as they are, this question cannot be overlooked," said the Rhode Island Democrat. "There is a concerted and systematic effort under way by national states to steal our cutting-edge technologies." The "dot.secure" idea may be slow in getting a full congressional airing. More than 40 bills on cyber security are currently pending. The chairman of the House Armed Services Committee, Missouri Democrat Ike Skelton, told Reuters he was not ready to pass judgment on possible new powers for Cyber Command. Cyber warriors Cyber Command leads day-to-day protection for the more than 15,000 U.S. defense networks and is designed to mount offensive strikes if ordered to do so. The command has already lined up more than 40,000 military personnel, civilians and contractors under Alexander's control, nearly half the total involved in operating the Defense Department's sprawling information technology base. It is still putting capabilities in place from across the military as it rushes to reach full operational capability by the end of this month. Reuters has pinned down the numbers involved for each service. The Air Force component, the 24th Air Force, will align about 5,300 personnel to conduct or support round-the-clock operations, including roughly 3,500 military, 900 civilian and 900 contractors, said spokeswoman Captain Christine Millette. The unit was declared fully operational on October 1, including its 561st Network Operations Squadron based at Peterson Air Force Base, Colorado, where it operates, maintains and defends Air Force networks. The Navy adds about 14,000 active duty military and civilian employees serving at information operations, network defense, space and telecommunication facilities around the world. They are now aligned operationally under the U.S. Fleet Cyber Command, said spokesman Commander Steve Mavica. The Army contributes more than 21,000 soldiers and civilians, including the Army Intelligence and Security Command, for cyber-related actions, said Lieutenant Colonel David Patterson, an Army spokesman. The Marine Corps will assign roughly 800 of its forces to "pure" cyber work, according to Lieutenant General George Flynn, deputy commandant for combat development. Cyber Command's headquarters staff will total about 1,100, mostly military, under a budget request of about $150 million for the fiscal year that started October 1, up from about $120 million the year before. Beside guarding Defense Department computers, the nation's cyber warriors could carry out computer-network attacks overseas with weapons never known to have been used before. "You can turn a computer or a power plant into a useless lump of metal," says a former U.S. national security official familiar with the development of U.S. cyber warfare capabilities. "We could do all kind of things that would be useful adjuncts to a balanced military campaign." Such weapons could blow up, say, a chemical plant by instructing computers to raise the temperature in a combustion chamber, or shut a hydro-electric power plant for months by sabotaging its turbines. Scant official information is available on the development of U.S. cyber weapons, which are typically "black" programs classified secret. They are built from binary 1s and 0s -- bits and bytes. They may be aimed at blinding, jamming, deceiving, overloading and intruding into a foe's information and communications circuits. An unclassified May 2009 U.S. Air Force budget-justification document for Congress lifted the veil on one U.S. cyber weapon program. It described "Project Suter" software, apparently designed to invade enemy communication networks and computer systems, including those used to track and help shoot down enemy warplanes. "Exercises provide an opportunity to train personnel in combined, distributed operations focused on the 'Find, Fix and Finish' process for high-value targets," says the request for research, development, test and evaluation funds. The U.S. Air Force Space Command has proposed the creation of a graduate-level course for "network warfare operations." The proposed five-and-a-half-month class would produce officers to lead weapons and tactics development "and provide in-depth expertise throughout the air, space and cyberspace domains focused on the application of network defense, exploitation and attack," Lieutenant Colonel Chad Riden, the space command's Weapons and Tactics branch chief, said in an emailed reply to Reuters. Georgia on their mind The world got a glimpse of what lower-level cyber warfare might look like in Estonia in 2007 and in Georgia in 2008 when cyber attacks disrupted networks amid conflicts with Russia. Now, the Stuxnet computer virus is taking worries about cyber warfare to new heights as the first reported case of malicious software designed to sabotage industrial controls. "Stuxnet is a working and fearsome prototype of a cyber-weapon that will lead to a new arms race in the world," said Kaspersky Lab, a Moscow-based security software vendor. "This time it will be a cyber arms race." The program specifically targets control systems built by Siemens AG, a German equipment maker. Iran, the target of U.N. sanctions over its nuclear program, has been hit hardest of any country by the worm, according to experts such as the U.S. technology company Symantec. Asked about Stuxnet, U.S. Navy Vice Admiral Bernard McCullough, head of Cyber Command's Navy component, told Reuters: "It has some capabilities we haven't seen before." Discovered in June, Stuxnet -- named for parts of its embedded code -- is capable of reprogramming software that controls such things as robot arms, elevator doors and HVAC climate control systems, said Sean McGurk, who has studied it for the U.S. Department of Homeland Security at an Idaho lab that grabs live viruses from the Internet and serves as a kind of digital Petri dish. "We're not looking right now to try to attribute where it came from," McGurk told reporters at the National Cybersecurity and Communications Integration Center that he runs in Arlington, Virginia. "What we're focusing on now is how to mitigate and prevent the spread," he said on September 24. And then there is China. Its cyber clout has been a growing concern to U.S. officials amid bilateral strains over U.S. arms sales to Taiwan, Beijing's currency policies, its territorial claims in the South China Sea and other irritants. Beijing appears to have thoroughly pierced unclassified U.S. government networks, said Dmitri Alperovitch, who heads Internet-threat intelligence analysis and correlation for McAfee, a software and security vendor that counts the Pentagon among its clients. "In the U.S. when you're sending an email over an unclassified system you might as well copy the Chinese on that email because they'll probably read it anyway because of their pretty thorough penetration of our network," he says. Still, Chinese cyber capabilities lag those of the United States, Russia, Israel and France in that order, adds Alperovitch. He headed McAfee's investigation into Aurora, a codename for a cyber espionage blitz on high-tech Western companies that led Google to recast its relationship with China earlier this year. Cyber arms entail "high reward, low risk" says Jeffrey Carr, a consultant to the United States and allied governments on Russian and Chinese cyber warfare strategy and tactics. Lynn, the deputy defense secretary steering the military's cyber overhaul, went to Brussels on September 14 to brief NATO allies on U.S. cyber defense initiatives. He encouraged them to take action to secure NATO networks, said Bryan Whitman, a Pentagon spokesman. Some U.S. computer defenses are already linked with those of its allies, notably through existing intelligence-sharing partnerships with Britain, Canada, Australia and NATO. But "far greater levels of cooperation" are needed to stay ahead of the threat, Lynn says. NATO's secretary-general, Anders Fogh Rasmussen, "believes that this is a growing problem and that it can reach levels that can threaten the fundamental security interests of the alliance," NATO spokesman James Appathurai said. A Rasmussen-compiled draft of a new NATO vision statement is due to be approved by NATO states at a November 19-20 summit in Lisbon and will endorse a more prominent cyber defense role for the alliance. They all agree that castle walls alone are no longer an option. Additional reporting byJim Finkle andScott Malone in Boston; David Brunnstrom in Brussels. From rforno at infowarrior.org Wed Oct 6 08:25:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Oct 2010 09:25:42 -0400 Subject: [Infowarrior] - Trickle Down Surveillance Message-ID: Trickle Down Surveillance The Pennsylvania spying scandal reveals a deeper problem with homeland security. Matthew Harwood | October 5, 2010 http://reason.com/archives/2010/10/05/trickle-down-surveillance? James F. Powers, Pennsylvania?s director of homeland security, was miffed. Somehow an intelligence bulletin discussing the activities of natural gas drilling opponents turned up on an online forum in early September, so Powers emailed the woman who posted it. The bulletin, he wrote her, was meant only for state and local law enforcement and for critical infrastructure owners, including businesses wrapped up in the state?s enormously profitable natural gas drilling industry. But since the bulletin was posted on an unsecured forum, anyone could access it. This was not good, Powers explained, because the bulletin could fall into the wrong hands. ?We want to continue providing this support to the Marcellus Shale Formation natural gas stakeholders while not feeding those groups fomenting dissent against those same companies,? Powers wrote. There was one big problem, however: Powers didn?t look at the forum. What he thought was a pro-drilling forum turned out to be the opposite and the woman, retired U.S. Air Force Officer Virginia Cody, a drilling opponent. In just one email, Powers inadvertently revealed that Pennsylvania?s Office of Homeland Security had not only been monitoring the activities of law-abiding citizens who oppose natural gas drilling for fear of its environmental damage, but passing the information on to the companies involved in the drilling. Powers had chosen business interests over Pennsylvanians? rights of free speech and association. There was more. The state?s Office of Homeland Security didn?t generate the intelligence bulletin--a private contractor Powers hired did. Since 2009, the Institute of Terrorism Research and Response (ITRR), a private intelligence firm with offices in Philadelphia and Jerusalem, was paid over $100,000 in a no-bid contract to create intelligence bulletins on possible threats to Pennsylvania?s critical infrastructure. Apparently, the threats were everywhere. Aside from anti-drilling activists, the 137 bulletins ITRR produced reported on the activities of anarchists, animal rights activists, anti-war activists, black power activists, Federal Reserve critics, Tea Partiers, even groups associated with Pennsylvania Gov. Ed Rendell?s own education policies. In one ridiculously absurd bulletin, ITRR warned that ?anarchists, anti-prison ideologues and Indian rights activists? were going to attack the federal prison in Lewisburg by clogging the prison?s phone lines with calls. In ITRR?s reports, anyone with a political cause or complaint, whether left or right, was eyed as a potential security threat. After the leaked bulletin and Power?s email were passed to the press, public outrage and bipartisan condemnation from the state house ensued. On September 14, Gov. Rendell called a press conference where he apologized for violating Pennsylvanians? civil rights, terminated ITRR?s contract, and then publicly released the 137 bulletins the firm had produced. Last Monday, both Powers and ITRR co-director Michael Perelman faced outraged state senators, some of whom called for Powers? termination. And on Friday, Powers? inevitable resignation came. The public attention, contract termination, and Powers? resignation all make it easy to say case closed: A homeland security bureaucrat overreached and fortunately he was smacked down by the state?s citizens and their elected representatives. But what Pennsylvania?s surveillance scandal shows is that a disturbing federal trend has trickled down to the states. In July, The Washington Post released its two-year investigation ?Top Secret America.? The three-part series exposed how homeland security and intelligence have become big business at the expense of taxpayers. Currently, the federal government outsources a substantial amount of intelligence duties to unaccountable armies of contractors that produce redundant reports that are routinely ignored by the intelligence community. These reports remain secret, thus ensuring no public oversight, accountability, or fiscal responsibility. The recent scandal in Pennsylvania looks eerily similar. For one, Pennsylvania?s state police already run an intelligence shop that monitors threats to the commonwealth. Even worse, spokespeople for both the state police and the attorney general?s office told the press that ITRR?s reports were ignored because they were valueless. "I would liken it to reading the National Enquirer," the head of the state police?s criminal investigations division told a state Senate hearing last week. "Every so often they have it right but most of the time it is unsubstantiated gossip." The reports often caused alarm and led police to waste manpower by chasing down phantom threats until state police told ?local stations? to stop responding to the threats ITRR identified. Finally, the funds used by Powers to hire ITRR didn?t come from Pennsylvania, they came from the federal government, which has time and again said that creating a domestic intelligence apparatus at the state-level is a main priority to upset developing terrorism plots. And Pennsylvania isn?t the only state using federal funds to hire a private firm to search the Internet for threats. Last year, the North Central Texas Fusion System headquartered in Collins County also found itself at the center of a controversy after a contractor drew up an intelligence bulletin that conflated the constitutionally protected activities of antiwar activists and American Muslims as a threat to the region. Like Pennsylvania, the contractor, ADB Consulting, also received no-bid contracts, but the fiscal damage was much worse. ADB Consulting had been paid at least $1.3 million for fusion center operations, primarily financed through federal funds. Much like what occurred in Pennsylvania, the county?s director of homeland security barred private contractors from writing the intelligence reports. Much as the Post uncovered a secret world of widespread surveillance inside the federal government, the incidents in Pennsylvania and Texas suggest the same thing is happening inside the nation?s statehouses. Collected together, these incidents show that a vast, multi-tiered surveillance state is under construction, greased by federal funds and aided by private companies willing to fatten up on the public dime. Addressing the state senate hearing last Monday, Pennsylvania State Police Commissioner Frank Pawlowski knocked Powers? decision to hire ITRR. ?This is one of the problems you have when you contract intelligence work to amateurs,? he said. Fair enough, but Pawlowski missed the point. The real issue here isn?t that the government should have a monopoly on domestic intelligence gathering, it?s that such gathering shouldn?t be done at all. Matthew Harwood is a writer living in Washington DC. His work has appeared in the Washington Monthly and online at the Guardian, the Huffington Post, Truthout, and elsewhere. He is currently working on a book about evangelical Christian rhetoric and aggressive U.S. foreign policy. From rforno at infowarrior.org Wed Oct 6 09:32:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Oct 2010 10:32:01 -0400 Subject: [Infowarrior] - Trading Pennies Into $7 Billion Drives High-Frequency's Cowboys Message-ID: <5A1E9591-ECA2-437D-A5FC-C3C921979DAB@infowarrior.org> Trading Pennies Into $7 Billion Drives High-Frequency's Cowboys By Kambiz Foroohar - Oct 6, 2010 12:01 AM ET Wed Oct 06 04:01:00 GMT 2010 Richard Gorelick, chief executive officer and co-founder of RGM Advisors LLC, poses in the company's office in Austin, TX on Aug. 27, 2010. Photographer: Wyatt McSpadden/Bloomberg Markets via Bloomberg A cowboy-hat-wearing robot with ?Sell? emblazoned across its chest adorns a wall-length mural in the lounge of RGM Advisors LLC in Austin, Texas. Another robot, with ?Buy? on it, wobbles toward a green Wall Street sign as two machines tote spark-emitting high-speed cables. ?We explained to a local artist that we wanted a mural that represented our business, and he came up with the design,? RGM Chief Executive Officer Richard Gorelick says in an airy 16th-floor office that calls to mind a Scandinavian design firm rather than a company that trades hundreds of millions of shares a day, Bloomberg Markets magazine reports in its November issue. As a cue to RGM?s staff of 120 mainly scientists, software developers and information technology graduates that their job is to eke out a fraction of a cent profit on each of those trades, five stone urns in the lobby are stuffed with pennies. ?It?s a lot easier for us to teach really smart scientists about markets and trading than to teach traders about programming,? Gorelick, 39, says. High-frequency firms such as Gorelick?s are the rebellious new force in U.S. securities markets. Armed with algorithms and computers that shave milliseconds off the speed of a trade, programmers, math whizzes and even some former dot commers like Gorelick have set up shop from Austin to Chicago to Red Bank, New Jersey. These firms don?t analyze a company?s value or bet on financial news. They use computers to scour public and private markets for deviations from historical prices and leap on discrepancies, rather than betting on the value of a company, currency or commodity. < -- > http://www.bloomberg.com/news/2010-10-06/trading-pennies-into-7-billion-profit-drives-high-frequency-s-new-cowboys.html From rforno at infowarrior.org Wed Oct 6 09:47:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Oct 2010 10:47:00 -0400 Subject: [Infowarrior] - Regarding the Flash Crash Message-ID: <257494FC-6A1C-4774-8FF8-2B89729FB404@infowarrior.org> (c/o GP .... and yes, this sentiment is expressed by a bunch of traders / investors I've spoken with as well. --rick) Source: http://boards.fool.com/sec-lays-an-egg-on-flash-crash-28799731.aspx?sort=whole#28799731 Yesterday (10/1/10) the SEC and the CFTC issued their report on the 5/6/10 Flash Crash. It is 104 pages with lots of pretty multicolor charts that illustrate various aspects of the crash. After reading the report over, I started to write up the most essential points and post them. After further reflection, I decided that the SEC report and my summary of it were almost totally misguided. Link to the SEC report: http://sec.gov/news/studies/2010/marketevents-report.pdf Factually, the SEC report is quite good and comprehensive in explaining various aspects of the crash. For the small minority of investors in America that enjoy learning about nitty-gritty details of what occurred that day, it is a worthwhile read. Exactly how many investors fit into that category? Let?s make an estimate. Let?s assume that 100 investors read the METAR board postings on a regular basis and would take the time to read the full 104 page report. How many non-METARites do you know that would be interested enough to read the report? I don?t see many hands. There are approximately 114 million US households. Let?s assume that half of them either have stock accounts, 401K accounts or some other interest in US equity markets. That gives us 57 million investors that ?care? how US equities perform. (Yes, for purposes of simplification, I am assuming there is only one interested investor per household.) Out of the 57 million investors, how many METAR like investors are there that will read the SEC flash crash report? Let?s be incredibly generous and say 1 million. I actually think it is closer to zero, but let?s assume it is 1 million. That leaves us with 56 million US investors that will only see news headlines on the SEC Flash Crash report. My original summary was intended for the 100 METARites which I decided was the wrong approach. This new summary is intended for the 56 million non-METARites. Here goes: 1) The SEC totally, 100% missed the most important points to highlight to the masses. Most likely they did this on purpose to try and convince the masses that all is well or will be well with US equity markets. I do NOT think the SEC is so incompetent that they actually believe this to be true, but they have to put a positive spin on it. And no, it is NOT a Democrat or Republican issue. Chris Cox under Bush is the same as Mary Schapiro under Obama in this regard. 2) The SEC lays primary blame for the flash crash on Waddell-Reed placing orders to sell short 75,000 e-mini SP500 contracts. The contracts have a nominal value of $4.1 billion which is supposed to impress the na?ve that it is a large number. In fact, on a typical day about 2 MILLION of these contracts change hands. So the 75,000 represent about 3.75% of average trading. Does anybody believe that an incremental change of 3.75% volume should crash the US equity markets? I don?t think so. Similar trades to this likely have been done hundreds of times before without causing a flash crash. 3) Waddell-Reed is basically a widows and orphans mutual fund manager that was trying to hedge an $81 billion equity position. So it is not like they were some wild eyed speculator using 100 to 1 leverage or doing naked shorting. What they were doing was 100% legal, 100% moral, 100% rational and probably prudent. 4) The SEC report should have come out directly and said they every single firm and exchange they investigated was acting legally, morally and rationally in their own self interest. The SEC did not directly say it, but the implication to the public is that Waddell-Reed is somehow the bad guy in the flash crash. ABSOLUTELY NOT TRUE. In fact, what the SEC should have said to the public was that there were NO bad actors involved at all. The markets were working 100% like people intended them to work. Nothing irrational about them at all. 5) The SEC did NOT lay out a definitive action plan to prevent another flash crash from occurring. The reason for this is simple. They have NO plan. The markets have changed dramatically in structure over the last decade or so. In the ?old days? when all trades were physically done on the NYSE, you could easily have fixed a problem if it occurred in the markets. 6) These days, there are countless exchanges and ?dark pools? where trading occurs. The NYSE specialists are now called ?designated market makers.? In the old days, they single handedly had responsibility for maintaining an ?orderly market? in issues there were responsible for. These days, there are really NO substitutes for specialists. The High Frequency Traders fill that role some of the time, but as we learned during the flash crash, they can and will simply stop trading if they feel it is in their best interest. Even if the Designated Market Maker wanted to maintain an orderly market, how can he do it on the non-NYSE exchanges and dark pools? 7) The SEC did get one aspect correct. Trading is best described as a marginally stable system. What we learned is that it is relatively easy to have the system go unstable and out of control. Think of a jet fighter flying 100 feet off the ground at Mach 1. If something goes wrong, you get a large earth crater in a few milliseconds. That is kind of what our markets have evolved to. Incredibly high speeds with not much margin for error. 8) If the SEC was honest and upfront with the masses, here is what they would say. ?Welcome to 2010. This is how markets now work. We can not reasonably guarantee another flash crash will be prevented. Matter of fact, we suggest you plan on them as a normal part of the investing landscape. But don?t worry, we believe they have NO long term impact on the fundamentals of equity investing. If stocks irrationally flash crash again, they will shortly go back to their correct, rational prices.? 9) As a practical matter, I don?t know how to put the genie of ?stable? markets back into the bottle. While it is theoretically possible to do, there is so much money involved, I can?t imagine rolling back the clock. Stated differently: ?Dorothy, we are NOT in Kansas anymore. Tapping your ruby red slippers together three times will NOT take us back to the stable markets of Kansas.? As you can see, my message on the Flash Crash aimed at the 56 million non METARite investors would deliver a very different message than what the SEC did. If anyone is interested in technical nitty gritty details of the flash crash, I will publish that summary. However, after reflecting for a while, I think it is less pertinent than this summary. There is one other aspect that has changed since the flash crash. If someone wanted to use lets call them questionable techniques to game the market, it is a lot more obvious how to do it after all of the flash crash research came out. I have to think that enterprising investors are hard at work figuring our how they will use these to increase profits at any available opportunity. . . Thanks, Yodaorange From rforno at infowarrior.org Wed Oct 6 12:34:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Oct 2010 13:34:24 -0400 Subject: [Infowarrior] - ACTA Ultra-Lite: The U.S. Cave on the Internet Chapter Complete Message-ID: <5AF0FF14-389E-4125-919B-B82DAE321F6F@infowarrior.org> ACTA Ultra-Lite: The U.S. Cave on the Internet Chapter Complete http://www.michaelgeist.ca/content/view/5352/125/ Wednesday October 06, 2010 One of the biggest stories over the three year negotiation of ACTA has been the willingness of the U.S. to cave on the Internet provisions. When it first proposed the chapter, the U.S. was seeking new intermediary liability requirements with three strikes and you're out used as an example of an appropriate policy as well as language that attempted to create a global DMCA. The draft released today is a far cry from that proposal with the intermediary liability provisions largely removed and the DMCA digital lock provisions much closer to the WIPO Internet treaty model. In its place, is a chapter that is best viewed as ACTA Ultra-Lite. For Canadians, this is crucial since it now leaves an ACTA that is far more flexible than even Bill C-32. In fact, the Canadian copyright bill now exceeds the requirements under ACTA and could be amended in a manner that will allow for greater balance on digital locks and still be ACTA compliant. It should also be noted that this chapter is still not concluded. The inclusion of trademarks in some provisions would seemingly require changes to U.S. law and has not acheived consensus. Further, a provision on enforcement procedures " including the unlawful use of means of widespread distribution for infringing purposes" has not received consensus support. With respect to what has been concluded: ISP Liability The approach on ISP liability is largely unchanged from the last leaked draft and involve two provisions. First: Each Party shall endeavor to promote cooperative efforts within the business community to effectively address copyright or related rights infringement while preserving legitimate competition and consistent with each Party?s law, preserving fundamental principles such as freedom of expression, fair process, and privacy. Second: Each Party may provide, in accordance with its laws and regulations, its competent authorities with the authority to order an online service provider to disclose expeditiously to a right holder information sufficient to identify a subscriber whose account was allegedly used for infringement, where that right holder has filed a legally sufficient claim of infringement of copyrights or related rights and where such information is being sought for the purpose of protecting or enforcing copyright or related rights. These procedures shall be implemented in a manner that avoids the creation of barriers to legitimate activity, including electronic commerce, and, consistent with each Party?s law, preserves fundamental principles such as freedom of expression, fair process, and privacy. Note that neither of these provisions create new substantive obligations. The first provision requires an effort to promote cooperative efforts, not new laws. The second provision is permissive - a party may provide new laws, but is not required to do so. Digital Locks/Anti-Circumvention The anti-circumvention rules have also undergone significant change from the initial proposal and have even changed from the last leaked draft from the August round of negotiations in Washington. The primary requirement is a mirror of the WIPO Internet treaty provision, which features considerable flexibility in implementation: Each Party shall provide adequate legal protection and effective legal remedies against the circumvention of effective technological measures that are used by authors, performers or producers of phonograms in connection with the exercise of their rights in, and that restrict acts in respect of, their works, performances, and phonograms, which are not authorized by the authors, the performers or the producers of phonograms concerned or permitted by law. The other provisions attempt to define "adequate legal protection and effective legal remedies" but still leave considerable flexibility in doing so. The language is such that you can picture the U.S. delegation slowly caving on its demands in order to achieve consensus. For example, in the last draft the U.S. wanted to include circumvention of access controls: the unauthorized circumvention of an effective technological measure [US/Sing/Aus: that controls access to a protected work, performance or phonogram and is] carried out knowingly [US: or with reasonable grounds to know This language is now gone - there is no requirement in ACTA for a prohibition on access controls. This is notable from a Canadian perspective, since Bill C-32 specifically targets access controls in some of its provisions. There are now two sets of additional requirements. First: to the extent provided by its law: (i) the unauthorized circumvention of an effective technological measure carried out knowingly or with reasonable grounds to know; and (ii) the offering to the public by marketing of a device or product, including computer programs, or a service, as a means of circumventing an effective technological measure; and Note that this requirement now come with a caveat of "to the extent provided by its law." This was demanded by the Japanese delegation and it appears to effectively make the additional definitions optional, since it is only to the extent found in a country's domestic law. In other words, if it is not found in the domestic law, there is no requirement to implement these requirements. Second: the manufacture, importation, or distribution of a device or product, including computer programs, or provision of a service that: (i) is primarily designed or produced for the purpose of circumventing an effective technological measure; or (ii) has only a limited commercially significant purpose other than circumventing an effective technological measure. These specific requirements are all subject to appropriate limitations and exceptions. The final paragraph in the Internet chapter provides: In providing adequate legal protection and effective legal remedies pursuant to paragraphs 5 and 7, each Party may adopt or maintain appropriate limitations or exceptions to measures implementing paragraphs 5, 6 and 7. Further, the obligations in paragraphs 5, 6 and 7 are without prejudice to the rights, limitations, exceptions, or defenses to copyright or related rights infringement under a Party?s law. This is crucial, since it means that any anti-circumvention protection can still be made subject to fair dealing or fair use as well as any consumer exceptions. Moreover, it represents another major cave by the U.S. The earlier drafts included the following critical limitation on the inclusion of exceptions: so long as they do not significantly impair the adequacy of legal protection of technological measures or electronic rights management information or the effectiveness of legal remedies for violations of those implementation measures. With those limitations dropped, there is no limiting language on the scope of exceptions to digital locks. Taken together, the Internet chapter must be seen as failure by the U.S., which clearly envisioned using ACTA to export its DMCA-style approach (in fact, the failure extends to the anti-camcording provision, which is now merely something a country may do, but is not required to do). Instead, the treaty leaves much the same flexibility as exists under the WIPO Internet treaties and opens the door to Canadian reforms to the digital lock provisions in Bill C-32. From rforno at infowarrior.org Wed Oct 6 12:37:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Oct 2010 13:37:39 -0400 Subject: [Infowarrior] - ACTA text released (PDF link) Message-ID: (ACTA text @ http://www.ustr.gov/webfm_send/2338) ACTA text shows US caved in on Internet provisions By Nate Anderson | Last updated 38 minutes ago http://arstechnica.com/tech-policy/news/2010/10/near-final-acta-text-arrives-big-failure-for-us.ars Talk about a cave-in. The Anti-Counterfeiting Trade Agreement (ACTA) has been three years in the making, and at one point included language advocating "three strikes" regimes, ordering ISPs to develop anti-piracy plans, promoting tough DRM anticircumvention language, setting up a "takedown" notification system, and "secondary liability" for device makers. Europeans were demanding protection for their geographic marks (Champagne, etc). Other countries wanted patents in the mix. That's all gone in today's release of the "near-final" ACTA text (PDF). US Trade Representative Ron Kirk, whose office negotiated the US side of the deal, issued a statement this morning about the "tremendous progress in the fight against counterfeiting and piracy," but the real story here is the tremendous climbdown by US negotiators, who have largely failed in their attempts to push the Digital Millenium Copyright Act (DMCA) onto the rest of the world. Apparently, a face-saving agreement is better than no agreement at all?but even the neutered ACTA we see today could run into problems. Mexico's Senate yesterday approved a nonbinding resolution asking for the country to suspend participation in ACTA, while key members of the European Parliament have also expressed skepticism about the deal. Even Public Knowledge, a DC advocacy group that has long opposed ACTA, said today that the new text is "a qualified victory for those who want to protect the digital rights of consumers around the world. Some of the most egregious provisions from earlier drafts have been removed on topics ranging from digital protection measures to the liability of intermediaries like Internet Service Providers and search engines." Let's see what's left. Internet piracy. In earlier drafts, ISPs were told that they must have a policy for disconnecting repeat infringers (something already in the DMCA) in order to steer clear of liability, and disconnecting users after "three strikes" was held up as a model. All of this is gone, reduced to a mere footnote saying that countries can do what they want to limit ISP liability. French group La Quadrature du Net remains unhappy about wording that "seeks to extend the scope of the 'digital chapter' to criminalize 'unlawful uses of means of widespread distribution.'" But that wording says nothing about "criminalizing" anything (the "enforcement" here refers to both civil and criminal enforcement, as the previous paragraph in the text makes clear). And the specific phrase "including the unlawful use of means of widespread distribution for infringing purposes" is one of the few in the document set off by a highlight and italics, which is to say that it has not been agreed upon. Cooperation. Instead, ACTA signatories agree to "promote cooperative efforts within the business community to effectively address copyright or related rights infringement while preserving legitimate competition and consistent with each Party?s law, preserving fundamental principles such as freedom of expression, fair process, and privacy." This has the potential to be worrying?will governments push ISPs to start disconnecting users without any judicial oversight? But it's also remarkably vague in what it requires, a far cry from the detailed ISP provisions in previous ACTA drafts. The RIAA has already sent out a statement confirming that it likes this bit a lot, since "it is estimated that as much as 95 percent of global Internet traffic in music is illegal." IP lookups. Each country does need to provide some way for rightsholders to turn an IP address into a name. Many countries have this already; in the US, it's a subpoena, while a "Norwich Pharmacal Order" in the UK accomplishes the same thing. DRM. The tough rules against DRM have been watered down. ACTA signatories have to outlaw DRM circumvention, but there's a huge caveat; this only applies to DRM which restricts acts not authorized by rightsholders "or permitted by law." That last caveat is huge, and aligns ACTA more with the older WIPO Internet Treaties than with the DMCA. This language would appear to allow DRM circumvention when the resulting use is a legal one. Sadly, when it comes to tools for doing the circumventing, these are broadly banned, even where some limited uses might be legal. This appears to set up a situation in which an ACTA signatory could allow people to bypass DRM to make backups or exercise fair use rights, but could not allow distribution of the tools to help them do it. Patents. Patents appear to be gone from much of the treaty (with the US pushing hard to keep them out of the "civil enforcement" section as well, though this remains contentious). Geographic indicators. Europe has already indicated that it may not support ACTA if its precious food marks are not protected worldwide (something that would force Wisconsin-produced "Parmesan" to change its name, for instance, since Parmiggiano-Reggiano is a protected geographic mark.) The new text does not mention such marks specifically, though Sean Flynn of American University worries that they could be snuck in through an ambiguous phrase in the border seizure section. iPod searches at the border? The "de minimis" provision remains. ACTA countries can "exclude from the application of this Section small quantities of goods of a non-commercial nature contained in travelers? personal luggage." Green destruction. When customs officials do seize loads of counterfeit T-shirts, say, they can't just remove the labels and let the items enter the commerce stream. Instead, the good should be destroyed. When that happens, the bonfire must be a "green" one, as "the destruction of goods infringing intellectual property rights shall be done consistently with each Party?s laws and regulations on environmental matters." Camcording. Even the MPAA's beloved camcording rule, which has been in ACTA drafts for a long while, could be in trouble. The draft text makes clear that some countries still believe that criminalizing theater cammers should be optional, and the parties have yet to reach an agreement. Cave-in As Canadian law professor Michael Geist puts it, "one of the biggest stories over the three year negotiation of ACTA has been the willingness of the US to cave on the Internet provisions... The draft released today is a far cry from that proposal with the intermediary liability provisions largely removed and the DMCA digital lock provisions much closer to the [existing] WIPO Internet treaty model. "Taken together, the Internet chapter must be seen as failure by the US, which clearly envisioned using ACTA to export its DMCA-style approach." But there are plenty of other opportunities for mischief, especially when it comes to technical details or to items like statutory damages and how they might be calculated. This is especially true since ACTA negotiators have shown the usual preference for exporting intellectual property protections while leaving limitations and fair uses up for grabs. With no more negotiating sessions scheduled, this is close to a final draft, and something like it will probably be adopted unless countries start pulling out of the agreement altogether. From rforno at infowarrior.org Wed Oct 6 14:00:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Oct 2010 15:00:22 -0400 Subject: [Infowarrior] - WH blocked scientists from divulging worst-case scenario on BP spill Message-ID: <1AC11AEF-EAAE-4B54-8335-EB114CF15A76@infowarrior.org> Panel: Gov't thwarted worst-case scenario on spill http://news.yahoo.com/s/ap/20101006/ap_on_re_us/us_gulf_oil_spill_2 By DINA CAPPIELLO, Associated Press Writer Dina Cappiello, Associated Press Writer ? Wed Oct 6, 11:48 am ET WASHINGTON ? The White House blocked efforts by federal scientists to tell the public just how bad the Gulf oil spill could have been. That finding comes from a panel appointed by President Barack Obama to investigate the worst offshore oil spill in history. In documents released Wednesday, the national oil spill commission reveals that in late April or early May the White House budget office denied a request from the National Oceanic and Atmospheric Administration to make public the worst-case discharge from the blown-out well. BP estimated the worse scenario to be a leak of 2.5 million gallons per day. The government, meanwhile, was telling the public the well was releasing 210,000 gallons per day - a figure that later grew closer to BP's figure. From rforno at infowarrior.org Wed Oct 6 16:23:31 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Oct 2010 17:23:31 -0400 Subject: [Infowarrior] - Semi-OT: If you do this in an email, I hate you. Message-ID: <337C7C17-38CE-43F6-AF68-1EC6971D9492@infowarrior.org> .. I think I found my new .sig. ;) "If you do this in an email, I hate you. " http://theoatmeal.com/comics/email --- rick From rforno at infowarrior.org Thu Oct 7 06:34:12 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Oct 2010 07:34:12 -0400 Subject: [Infowarrior] - DHS Keeps on Creepin' On... Message-ID: <517228BD-A7C5-41D4-AC86-E50C05E2F61E@infowarrior.org> Department of Homeland Security Keeps on Creepin' On... Submitted by Brendan Fischer on October 6, 2010 - 3:23pm. http://www.prwatch.org/node/9511 Recently, we expressed concern about the Department of Homeland Security (DHS) testing iris-scanning technology on immigrants detained at the borders. Since posting that entry, the Center for Media and Democracy has obtained a copy of the DHS ?Privacy Impact Assessment? for the technology?s test run, and we have serious reservations about DHS' consideration of this technology's serious implications for privacy and civil liberty. The border patrol's test of this iris scanning technology caught our attention for two reasons. First, DHS has been given access to enormous funds to fulfill its politically expedient mandate to ?secure the borders, ? without requiring that the agency carefully balance the funds expended against their potential effectiveness and the impact on civil liberties. Second, by testing new technologies on immigrants who lack both a voice and a vote, they may reduce the risk of being called out for violating civil liberties, allowing elements of the surveillance state to slowly creep into America. People who have just been caught crossing the border are likely too tired, hungry, and dismayed to object to violations of their civil liberties, and they cannot vote anyway. Both of our concerns have been borne out by the Privacy Impact Assessment. The Privacy Impact Assessment (PIA,) describes how the border patrol in McAllen, Texas will be using the iris-scanning technology to determine its ?operational effectiveness? in an ?operational setting.? The PIA states that there is no privacy risk associated with the iris scans, as the data collected will be stored in a ?standalone system? separate from other DHS networks, and will not be used for other purposes or disseminated to other agencies. The iris images collected in this test run will be anonymous and not linked to the subject?s identity. They will only be used for ?quality control,? to evaluate the effectiveness of the scanning technology. In other words, the PIA completely misses the point. The privacy and civil liberty concerns related to iris-scanning technology go well beyond those considered in the PIA. DHS should be assessing the privacy implications of the iris-scanning technology itself, not just the privacy impact of the test run. This is How It Starts... This is how a surveillance state creeps forward -- through short-term thinking and missing the forest for the trees. The implications of the iris-scanning technology go well beyond this six-week test on the border, but there are no indications that DHS is considering the privacy impact of anything besides this six-week test run. As for the second concern, the PIA states that ?the project is an evaluation of prototype iris camera performance ... and is not considered human subject testing.? Firstly, such a broad, unfounded assertion allows DHS to avoid considering the important privacy implications of this technology. Secondly, it is questionable whether such a statement would be permissible if this technology were to be tested on U.S. citizens, and seems to imply a lesser degree of humanity for the immigrant test subjects. The PIA also notes that subjects are permitted to opt-out of the iris-collection. That's right. Immigrants who have just been apprehended after a long hike through the hot, dry desert are probably among the least likely populations to decline the testing; in addition, the deportation process is sufficiently terrifying to compel almost anybody to comply. The agency should not be permitted to conduct tests on vulnerable individuals, write off their privacy concerns, and slowly and surreptitiously spend taxpayer money to intrude on civil liberties. Money provides momentum. In other words, once the investment is made in the technology, it becomes much more difficult to halt its wider implementation. DHS must conduct a thorough assessment of the potential impact of technologies like iris-scanners on the civil liberties and privacy of all Americans, then balance these implications against the potential national security benefits. This must be carried out before DHS throws more money towards testing these iris-scanners. It may be politically expedient to slowly implement technology under the cloak of border security, but our civil liberties are too precious to sacrifice on the altar of xenophobic fear. From rforno at infowarrior.org Thu Oct 7 12:59:49 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Oct 2010 13:59:49 -0400 Subject: [Infowarrior] - Modern Warfare, Too Message-ID: Modern Warfare, Too The Stuxnet attack on Iran is a new development in the evolution of cyberwarfare By Michael Tanji | Oct 5, 2010 7:00 AM http://www.tabletmag.com/news-and-politics/46385/modern-warfare-too/print/ The Stuxnet worm is said to have negatively impacted computer systems in Iranian nuclear facilities such as the Bushehr reactor and the Natanz uranium enrichment plant, although the depth and breadth of its impact at these facilities are unclear. About Bushehr, Hamid Alipour, deputy head of Iran?s Information Technology Company, was quoted by the Iranian News Agency as saying, ?The attack is still ongoing and new versions of this virus (sic) are spreading.? On September 26, Mahmoud Jafari, the project manager at the Bushehr plant,said the worm ?has not caused any damage to major systems of the plant,? yet on September 29 Iranannounced that the Bushehr plant would not go on line for at least another three months. A link between Stuxnet and a slow-down in uranium enrichment at Natanz is just as speculative but not unrealistic, given Stuxnet?s capabilities. Two themes have emerged in media coverage of Stuxnet: that it is a ?cyber weapon? designed to disable critical infrastructure computer systems, and that its sophistication is such that only a powerful nation-state could have created it. The reality is that Stuxnet is something special, but not in the way that most observers have noted. The weaponization of computer code and the targeting of adversary computer systems is not a new phenomenon. It is simply an extremely rare one. What is significant is that the Stuxnet code focuses on critical infrastructure systems, which for a long time were thought to be too arcane and obscure to be targeted by online subversives. More Context ? Coded Israel may or may not have been behind the Stuxnet ?worm? attack on Iran?and it doesn?t matter whether it was Some background: Stuxnet is a worm, which is a subset of a larger body of computer programs called malicious software, or ?malware.? You are probably already familiar with the most common form of malware: the computer virus. Worms differ from viruses in that worms operate independently of other programs; a virus must attach itself to some legitimate program in order to spread. A worm may not damage a computer or network, but its replication may degrade bandwidth and consume CPU power to the detriment of legitimate uses; viruses inevitably corrupt or otherwise modify legitimate programs to do things other than what their creators intended or their users desire. There is no evidence that Stuxnet targeted the Bushehr nuclear facility specifically. What it does is look for systems that contain a particular kind of Siemens Supervisory Control and Data Acquisition (SCADA) software: specialized software that interacts with mechanical controls, used to operate things like power plants, water treatment facilities, and oil pipelines. The Siemens equipment targeted by Stuxnet happens to be installed at facilities in Iran, as well as in Germany (where most of the infections have been reported), the United States, and other parts of the world. Stuxnet was probably not created in response to any recent developments in Iran. Earliest indications are that it was first seen in the wild in the summer of 2009. Does that coincide with the delivery and installation of Siemens software in Bushehr? That information is not likely to be in the public domain, and it?s something that Siemens, which does a lot of business with Iran, would not want to divulge. But Siemens officials have been quick to point out that the company has nothing to do with Bushehr, which suggests that any Siemens software running at the facility is unlicensed. If that?s the case, the only way Bushehr became a specific target of Stuxnet would be if someone who knew Bushehr is running Siemens software passed that information to Stuxnet?s creator or creators. Siemens also does a fair bit of business in Israel, in both the public and private sectors, which would make Israeli access to the information needed to create Stuxnet fairly straightforward. Would Siemens work cooperatively with an Israeli organization that wanted to impact Siemens systems in specific Iranian locations? Software companies come to all sorts of arrangements with nations in order to do business with them. The alternative to not cooperating is often the inability to do business overseas. You could make the argument that such an arrangement is coercion, or in the case of trying to prevent a regime like Iran from obtaining nuclear weapons, you could say it was the right thing to do. Creating malware is like creating other types of computer programs: You have a specific goal for what you want the program to accomplish, and you write instructions in a language that the computer will understand to accomplish those goals. Libraries of pre-written code exist so that you don?t have to write common functions from scratch. There is actually a market for malicious code?like modern Willie Suttons, criminals know that cybercrime is where the money is. Successful malware of this sort is fairly sophisticated, as evidenced by how often it sneaks past anti-virus products and how much money their masters are able to obtain from bothindividuals and large financial institutions. Stuxnet is not run-of-the-mill malware, which is why so many are attributing its creation to a sophisticated, well-funded, probably state-sponsored organization. But building malware that stands out from the run-of-the-mill is not a particularly expensive or herculean effort. The assembly of such parts is not for amateurs, but the necessary skills are not as scarce as some would lead you to believe. What leads people to think that a very powerful actor is behind Stuxnet is that so many amateurs churn out so much crappy malware on a daily basis that anything sufficiently unique is a rarity and treated as such. Perhaps the most important feature of Stuxnet has nothing to do with its construction, technical capabilities, or its speculative link to a contentious real-world situation, but the fact that it is much more in-line with traditional military or intelligence thinking than most malicious activity noted online to date. Malicious online activity linked to a real-world political-military situation is not new. Whether it?s a plane crash, an accidental bombing, or an all-out war, such attacks almost never cause any irreparable damage, and in most cases it becomes clear that the attackers targeted any system they could find; they did not take the time to identify and focus their energies on what is commonly referred to as a ?legitimate military target.? Stuxnet does nothing but seek out legitimate targets, in the context of total war. It is an indicator that, at a minimum, confirms what observers of the information warfare field have suspected for some time: When the enemy comes, he?ll turn out the lights first. The worst-case scenario is that the ability to negatively impact critical infrastructure is becoming democratized, and claims about being able to do things like shut down the Internet won?t be far-fetched but instead commonplace. It is not unrealistic to think that the authors of Stuxnet are Israeli. Like the United States, Israel has long been interested in developing and deploying cyber capabilities in its war-fighting arsenal. Like the United States, it also has seen those with advanced technical talent migrate from the armed forces and intelligence services into the private sector. It is also not unrealistic to think that Israel has access to the kind of information that would be required to target Siemens SCADA software. So, we have the means and the opportunity, now we need to look at the question of motive. If the existence, much less the successful operation, of Bushehr is unacceptable to Israel, the means available to destroy, disable, or delay its launch must be evaluated. I cannot speak to the effectiveness of Israel?s capabilities in the first two categories, but Stuxnet is an excellent way to delay?even if briefly?activity at Bushehr. For all its sophistication, though, Stuxnet is not really that effective a digital weapon. Digital weapons are not analogous to just any physical weapons; they?re disposable sniper rifles, not cluster bombs. They are meant to perform specific tasks, and because the arms race between cyber defenders and attackers is so close, attackers go into battle assuming that their weapons will work only once. To that end, Stuxnet may not have been designed to kill, but simply to disorient: cyber tear gas, if you will. It is also sophisticated enough, it is targeted enough, to make the sufficiently suspicious in Iran wonder if there is in fact not someone on the inside who has passed information about Bushehr?s SCADA systems to Israel. Stuxnet may be Israeli-by-proxy. It is not clear to me that enough data exists to point to the ethnicity or country of origin of Stuxnet?s author or authors, but it is not unheard of for malware to have words, phrases, or names written inside the code that suggest its author wrote in a given language. Linguistic clues like the inclusion of the word ?Myrtus? in Stuxnet?s code are an interesting hint, but it almost seems too obvious by half. Regardless, it would not be the first time that a nation had contracted out its offensive cyber capabilities. The strategic advantages Israel gains via Stuxnet?regardless of whether or not it has any connection to it at all?are significant. Without launching a single aircraft, without firing a shot, without endangering the life of a single soldier, Stuxnet has provided Israel with a means to slow down activities at Bushehr, a means to occupy the time and energy of the Iranian intelligence and security apparatus, and a means to enhance its reputation?deserved or not?as a player in the realm of cyber conflict. That is what we are really witnessing here in the Stuxnet case: the evolution of conflict. Nations do not have friends or enemies, they have allies and adversaries. The more connected we all become at local, national, and global levels, the more the destruction brought on by conventional war becomes undesirable. Effects-Based Operations, the early 1990s idea that military and nonmilitary methods had to be combined for a desired effect, has lost its luster in military circles, but the reasoning is sound enough: If you?re not actually going to bomb your adversaries back into the Stone Age, you don?t want to destroy the power plant, you just want to turn it off, because eventually you want the lights to come back. To a large extent it doesn?t matter who was behind the creation and release of Stuxnet; that it compromised computer systems at Bushehr is almost beside the point. Its mere existence provides both sides interested in Bushehr with ammunition to support their own agendas. The Iranians get to feel both smug and scared in that Stuxnet probably won?t neutralize activity at Bushehr (Stuxnet will naturally not be the cause of any delays, and the resumption of work will be quickly and loudly promoted), but the fact that it looks for systems they have may be enough to convince their security apparatus that someone on the inside cannot be trusted. Adversaries of Iran?whether they wrote Stuxnet or not?get to look alternately very scary in their ability to know what sort of systems are running in Bushehr and fairly inept in that they let a digital weapon get loose in public. Both the mullahs and their adversaries get a boogie man; both also get plausible deniability. Michael Tanji is a former supervisory intelligence officer who worked on information warfare issues at the Defense Intelligence Agency. He is the editor of Threats in the Age of Obama. From rforno at infowarrior.org Thu Oct 7 13:02:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Oct 2010 14:02:02 -0400 Subject: [Infowarrior] - Charney: Computer 'health certificates' needed Message-ID: <55B14680-B7FC-4FB0-A26B-4CE897462DDB@infowarrior.org> http://www.bbc.co.uk/news/technology-11483008 Virus-infected computers that pose a risk to other PCs should be blocked from the net, a senior researcher at software giant Microsoft suggests. < - > His proposal, presented at the International Security Solutions Europe (ISSE) Conference in Berlin, Germany, is for all computers to have a "health certificate" to prove that it is uninfected before it connects to the net. "Although the conditions to be checked may change over time, current experience suggests that such health checks should ensure that software patches are applied, a firewall is installed and configured correctly, an antivirus program with current signatures is running, and the machine is not currently infected with known malware," he wrote in the accompanying paper. < - > From rforno at infowarrior.org Thu Oct 7 13:04:25 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Oct 2010 14:04:25 -0400 Subject: [Infowarrior] - Audio zoom picks out lone voice in the crowd Message-ID: Audio zoom picks out lone voice in the crowd ? 11:42 05 October 2010 by Catherine de Lange ? Magazine issue 2781. Subscribe and save http://www.newscientist.com/article/dn19541-audio-zoom-picks-out-lone-voice-in-the-crowd.html Professional footballers beware: the argument you are having with your coach could soon be overheard even within the cacophony of a packed stadium. A new microphone system allows broadcasters to zoom in on sounds as well as sights, to pick out a single conversation. Physicists Morgan Kj?lerbakken and Vibeke Jahr, formerly at the University of Oslo, Norway, were working on sonar technology when they came up with the idea for what they call a supermicrophone, now dubbed the AudioScope. The device is made up of around 300 microphones arranged in a fixed circular array above the sports ground. They are used in conjunction with a wide-angle camera that can zoom in to any position on the pitch. Because the camera is also fixed, it can be calibrated to zoom in to any location within its range. The AudioScope software then calculates the time it would take for sound emanating from that point to reach each microphone in the circular array, and digitally corrects each audio feed to synchronise them with that spot. "If we correct the audio arriving at three microphones then we have a signal that is three times as strong," says Kj?lerbakken. Doing the same thing with 300 microphones can make a single conversation audible even in a stadium full of sports fans (see video). Kj?lerbakken and Jahr have now patented the device and founded a company ? Squarehead Technology ? to develop their idea. The most obvious application is in televised sports, and the company has been working with basketball and soccer teams to test it out. The response has been good, says Kj?lerbakken, although some players aren't keen on the idea. From rforno at infowarrior.org Thu Oct 7 17:41:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Oct 2010 18:41:48 -0400 Subject: [Infowarrior] - Snuggly The Security Bear is back! Message-ID: Snuggly The Security Bear returns to reassure us about the White House's new Internet wiretap plans. Once again, Mark Fiore nails it right! --rick http://www.sfgate.com/cgi-bin/article.cgi?f=/g/a/2010/10/06/fiorefriendly.DTL From rforno at infowarrior.org Thu Oct 7 21:13:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Oct 2010 22:13:00 -0400 Subject: [Infowarrior] - How Speed Traders Are Changing Wall Street Message-ID: <5BBB45C1-E9D8-4E89-9123-A3CB023DB378@infowarrior.org> Oct. 7, 2010 How Speed Traders Are Changing Wall Street Steve Kroft Gets A Rare Look Inside the Secretive World of "High-Frequency Trading" http://www.cbsnews.com/stories/2010/10/07/60minutes/main6936075.shtml (CBS) New Jersey stock trader Manoj Narang says his firm has never had a losing week because his super computers are fast enough to capitalize on split-second opportunities in the market. Narang and other traders are using a legal but controversial technique called "high-frequency trading." It played a role in a 15-minute, 600-point market meltdown last spring now known as the "Mini Market Crash." Correspondent Steve Kroft talks to Narang in a rare chance to see such a business up close. He also speaks to SEC Chair Mary Schapiro - who has high frequency trading in her regulatory sights - and others for a "60 Minutes" report to be broadcast Sunday, Oct. 10, at 7 p.m. ET/PT. High frequency traders rely on mathematicians and computer experts to write electronic trading programs and they use expensive computers to run them. Many of the country's large financial institutions do high frequency trading and it is estimated that from 50 to 70 percent of all U.S. stock trades are made this way. Humans are becoming less involved. "Humans are way too slow to trade on the kinds of opportunities that we're trying to capture," says Narang. "Opportunities that exist for only fractions of a second," he tells Kroft. The opportunities are gleaned from information that all traders have access to. But those with high speed computers like Narang's get that information a split second faster and can act on it just as fast. The trades can involve such a high volume that fractions of pennies made on each share of stock can add up to millions of dollars in profits. "We've had two or three days in a row where we lose money but we've never had a week, so far, where we lost," he tells Kroft. "We've never had a month that was a loser for us." Narang and staffers at his company, Tradeworx, program his computers with algorithms instructing them to buy or sell certain stocks upon specified conditions, such as price. He trusts the machine to do it all. "The computer is monitoring real time data and knows what to do," says Narang. "Computers are very predictable because they tend not to screw up. They tend to do what they are told." But computers can create turmoil in the market, and the results can be devastating. The market crash last May 6 was triggered by one computer algorithm that sold $4.1 billion of securities in a 20-minute period. The high-frequency trading programs' response to that - buying many of them up and selling them just as fast - exacerbated an already bad situation. "The events of May 6th scared people," says SEC Chair Mary Schapiro. She had already proposed more transparency rules for such trading operations before that event, but is considering even more now. "It's unsettling for all investors if an algorithm behaves in an aberrant way and causes a lot of volatility, or causes markets to act in an irrational way," Schapiro tells Kroft. Some financial people think high-frequency trading with its reliance on speed rather than hard facts about the company or market is bad for Wall Street. "Valuation is irrelevant. It's just about moving the price up and down the ladder?so you have to question the true valuation of the markets now," says Joe Saluzzi, an institutional trader at Themis Trading. He also says he sees predatory behavior made possible by the speed advantage, where practitioners can execute and cancel thousands of trades to see which way a market is going and then capitalize on that advantage. But to Larry Leibowitz, the chief operating officer of the New York Stock Exchange, the charges are nothing new. "There's always been charges for as long as trading has existed that people are front running orders, manipulating stocks," he says. Add in the mystery a machine like a computer can inject into the formula and the stage is set for mistrust he says. "I think high frequency trading is the natural evolution of applying technology to the problem of how do I trade the cheapest and most efficiently," Liebowitz tells Kroft. Produced by Tom Anderson ? MMX, CBS Interactive Inc. All Rights Reserved. From rforno at infowarrior.org Fri Oct 8 06:24:56 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Oct 2010 07:24:56 -0400 Subject: [Infowarrior] - Caught Spying on Student, FBI Demands GPS Tracker Back References: <20101008033401.GA11184@gsp.org> Message-ID: Begin forwarded message: > From: Rich Kulawiec > Date: October 7, 2010 11:34:01 PM EDT > > (h/t to pogowasright.org) > > Caught Spying on Student, FBI Demands GPS Tracker Back > http://www.wired.com/threatlevel/2010/10/fbi-tracking-device/ > > Excerpt: > > A California student got a visit from the FBI this week after he > found a secret GPS tracking device on his car, and a friend posted > photos of it online. The post prompted wide speculation about > whether the device was real, whether the young Arab-American > was being targeted in a terrorism investigation and what the > authorities would do. > > It took just 24 hours to find out: The device was real, the > student was being secretly tracked and the FBI wanted their > expensive device back, the student told Wired.com in an interview > Wednesday. > > > ---rsk > From rforno at infowarrior.org Fri Oct 8 06:38:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Oct 2010 07:38:22 -0400 Subject: [Infowarrior] - Ad Group Unveils Plan to Improve Web Privacy Message-ID: October 4, 2010 Ad Group Unveils Plan to Improve Web Privacy http://www.nytimes.com/2010/10/04/business/media/04privacy.html?_r=2&ref=todayspaper&pagewanted=print By TANZINA VEGA As the debate around online privacy and advertiser access to users? data continues, a group of the advertising industry?s largest trade organizations was to announce on Monday the details of a self-regulatory program that would allow users to opt out of being tracked by its member organizations. The program provides details on how companies can adopt some of the principles for conducting online behavioral advertising outlined in a report released last July. The program includes the use of an icon called the ?Advertising Option Icon? that marketers can place near their ads or on the Web pages that collect data that is used for behavioral targeting. Users who click on the icon, a lower case letter ?I? inside a triangle that is pointing right, will see an explanation of why they are seeing a particular ad and will be able to opt out of being tracked. Some companies may still serve less focused ads after a user opts out, while others may stop showing ads to that user altogether. But representatives for the trade organizations said the steps were not an indication that the privacy debate had ended. ?This is a big step forward in what?s going to be on ongoing dialogue for many years,? said Stuart P. Ingis, a partner at the Venable law firm and a lawyer for the trade groups. The program would affect the 5,000 companies that are represented by the trade organizations, which include the American Association of Advertising Agencies, the American Advertising Federation, the Association of National Advertisers, the Direct Marketing Association and the Interactive Advertising Bureau, with additional support from the Council of Better Business Bureaus. The Better Business Bureaus group and the Direct Marketing Association will be charged with monitoring and enforcing compliance with the program and will also manage consumer complaints. The organizations will provide Web seminars with information on the newly created program for advertisers, and will also use donated advertising space online to advertise the program to consumers. Marketers that collect data for behavioral advertising will also be able to visit AboutAds.info to start to use the icon or register for the opt-out mechanism. The trade groups have teamed up with Better Advertising, a New York start-up, which will provide the technology to monitor the ads online and report findings so the industry groups can take action. They will also monitor changes to the privacy policies for participating companies and report updates or changes. But privacy advocates say self-regulation is not enough. ?This is just the latest version in a long series of failed self-regulatory efforts. We need the government to step in and set rules for industry,? said Pam Dixon, the executive director of the World Privacy Forum, a nonprofit group based in California. From rforno at infowarrior.org Fri Oct 8 06:40:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Oct 2010 07:40:02 -0400 Subject: [Infowarrior] - WH accused of exaggerating terror threat for political gain Message-ID: <17278BF8-01D8-474A-BEC8-4A88C29D5678@infowarrior.org> Barack Obama accused of exaggerating terror threat for political gain ? Simon Tisdall and Richard Norton-Taylor ? guardian.co.uk, Thursday 7 October 2010 17.32 BST http://www.guardian.co.uk/world/2010/oct/07/barack-obama-terror-threat-claims A US terror alert issued this week about al-Qaida plots to attack targets in western Europe was politically motivated and not based on credible new information, senior Pakistani diplomats and European intelligence officials have told the Guardian. The non-specific US warning, which despite its vagueness led Britain, France and other countries to raise their overseas terror alert levels, was an attempt to justify a recent escalation in US drone and helicopter attacks inside Pakistan that have "set the country on fire", said Wajid Shamsul Hasan, the high commissioner to Britain. Hasan, a veteran diplomat who is close to Pakistan's president, suggested the Obama administration was playing politics with the terror threat before next month's midterm congressional elections, in which the Republicans are expected to make big gains. He also claimed President Obama was reacting to pressure to demonstrate that his Afghan war strategy and this year's troop surge, which are unpopular with the American public, were necessary. "I will not deny the fact that there may be internal political dynamics, including the forthcoming midterm American elections. If the Americans have definite information about terrorists and al-Qaida people, we should be provided [with] that and we could go after them ourselves," Hasan said. "Such reports are a mixture of frustrations, ineptitude and lack of appreciation of ground realities. Any attempt to infringe the sovereignty of Pakistan would not bring about stability in Afghanistan, which is presumably the primary objective of the American and Nato forces." Dismissing claims of a developed, co-ordinated plot aimed at Britain, France and Germany, European intelligence officials also pointed the finger at the US, and specifically at the White House. "To stitch together [the terror plot claims] in a seamless narrative is nonsensical," said one well-placed official. While Abdul Jabbar, a Briton, and others killed by an American drone strike on 8 September in North Waziristan, in Pakistan's tribal areas, were heard discussing co-ordinated plots, including possible "commando-style" attacks on prominent buildings and tourist sites in European capitals, security and intelligence officials said the plots were nowhere near fruition. The officials did not deny the men, and other foreign-born jihadi recruits who travel to the tribal areas for indoctrination and training, represented a potentially serious threat. "You have discussions about all sorts of things ? that does not necessarily mean there is anything concrete. It is not easy to set up groups," said one counter-terrorism official. By making it clear that the US drone strikes were pre-emptive, and were not in any way combating an imminent threat, European officials raised fresh questions ? this time directly involving a British national ? about the legality of the attacks, which could be viewed as assassinations. They said Washington was the "driver" behind claims about a series of "commando-style" plots and that the CIA ? perhaps because it was worried about provoking unwelcome attention to its drone strikes ? was also extremely annoyed by the publicity given to them. The plot claims, which western intelligence agencies were aware of for months, were leaked last week to the American media. They were followed by a spate of what security and intelligence officials said were exaggerated claims in the British media, a US state department warning to American citizens to be vigilant when visiting Britain, France, and Germany, a "tit for tat" warning by France to its citizens visiting the UK, and alerts issued by the Swedish and Japanese governments. Thomas de Maizi?re, Germany's interior minister, publicly expressed his scepticism about the US terror warning, saying he saw no sign of an imminent attack on Germany. He described the danger to Germany as "hypothetical". The sharp rise in US unmanned drone attacks in Pakistan's tribal areas, coupled with several cross-border raids by American helicopter gunships that culminated in the killing of two Frontier Corps soldiers last week, was destabilising Pakistan, Hasan said. "Why are they putting so much pressure on us? It is a threat to the democratic system ? But people in Pakistan feel Washington does not care." American actions were "obviously" linked to Obama's decision to set a timetable for leaving Afghanistan. The US leader had "jumped the gun" and now "the Americans are in a hurry". He said fears were growing in Pakistan that the US was planning a bombing campaign using fixed-wing aircraft as well as drones in North Waziristan. Hasan said Washington politicians failed to understand how much the US needed Pakistan in the "war on terror". Nor did they realise that public anger over repeated US infringements of Pakistani sovereignty could boil over into attacks on American personnel and interests that the government might not be able to control. "The government does not want to go down this road," he said. "But people feel abused. If they [the Americans] kill someone again, they will react. There is a figure that there are 3,000 American personnel in Pakistan. They would be very easy targets." Hasan said American personnel stationed at the Pakistani air force base at Jacobabad, on the border between Sindh and Baluchistan provinces, could be vulnerable if the situation deteriorated further. The US requested the use of Jacobabad, and other bases at Dalbandin and Pasni, after the 9/11 attacks, and has maintained a military presence there ever since. Another Pakistani diplomat said Jacobabad was the main centre of operations for CIA and US army drones, which are ultimately controlled from America. "They have hangars there. That's where they fly from and that's where they return." The drone operations began in June 2004 with the tacit, reluctant agreement and involvement of the Pakistani authorities but were now in effect running beyond Pakistan's control, the diplomat suggested. "We have always denied it in the past. But everybody knows this is happening. We need to wake up," the official said. A US official said: "Our allies have been briefed on the nature of the threat and the intelligence that led to the travel alert and everyone understands this cannot be taken lightly. "To try to ascribe any political motivation is misguided and irresponsible." From rforno at infowarrior.org Fri Oct 8 06:41:58 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Oct 2010 07:41:58 -0400 Subject: [Infowarrior] - Big Sis does DC Metro security messages Message-ID: <7CE6D0FC-92AF-4B4C-9194-F9E8DDBBB23F@infowarrior.org> Janet Napolitano voicing new Metro messages http://voices.washingtonpost.com/federal-eye/2010/10/janet_napolitano_voicing_new_m.html?hpid=news-col-blog Now airing at a Metro subway station near you: Homeland Security Secretary Janet Napolitano, voicing a new public awareness message designed to encourage vigilance among transit customers. The secretary's message began airing last month in the transit system's 85 subway stations as part of the Homeland Security Department's "If you see something, say something" public awareness campaign. The national effort includes new posters and public address announcements at the nation's airports and train, subway and bus stations and other locations. In case you can't quite make out what Napolitano is saying on Metro speakers (and who would blame you?), here are her remarks (which you can also watch and hear above): "You play a vital role in the security of the Metro system. If you see something suspicious commuting to work or running errands, say something to local authorities to make it right. Report all suspicious activity on buses, trains or in stations to a Metro employee, or call the Metro Transit Police at 202-962-2121. Thank you for keeping our Metro system safe." Washington is the first city to use Napolitano's message and she will localize it for other metropolitan transit systems in the coming weeks, DHS said. From rforno at infowarrior.org Fri Oct 8 06:49:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Oct 2010 07:49:13 -0400 Subject: [Infowarrior] - US ex-spook wants 'rogue states' banned from Internet Message-ID: <7D0295E6-8E4C-4CF5-829C-9DD0615BAD24@infowarrior.org> (Issue w/the last sentence. It's difficult to 100% block a country from the Net, but it's pretty easy to make it rather difficult for it to get much done online --- in my old job we had to deal with a few requests like that in the late '90s, none of which we ended up acting upon for a variety of reasons. ---rick) US ex-spook wants 'rogue states' banned from Internet We invented it do what you are told By Nick Farrell http://www.theinquirer.net/inquirer/news/1741310/-spook-rogue-banned-internet A FORMER US SPOOK wants all countries in the world to agree to do what America says or be banned from the Internet. It is not clear how much the views of the former chief technology officer at the US National Security Agency Dr Prescott Winter reflect those of his mates who still work there. But if Winter had his way, countries in Eastern Europe and Africa that harbour cyber criminals would be locked out of the global Internet until their governments do something to reduce the threats. He was talking about cyber security threats, but it could equally mean "does things the US does not like", like that nation's obsession with propping up its music and film industries. Winter, who left the NSA in February after a 27-year career, said governments and Internet providers around the world could go a step further and target the sources of many of the threats. He said that global superpowers like China have been accused of sponsoring hackers to attack Western Internet companies including Google. The fact the US and Israel have also been accused of attacking Iran's nuclear power station with a sophisticated bit of malware seems to have skipped his notice. But Winter said that when countries are consistently introducing cyber threats the global community should band together to effectively shut them out of the Internet until their governments do something about it. According to the Sydney Morning Herald, Winter said, "In some cases the governments are clearly condoning this behaviour, clearly benefiting from it in some ways, and there needs to be a message not just to the guys who are writing this code and shipping it around but to the government." He added that countries levy sanctions on other countries over terrorist issues and other kinds of misbehaviour, so why not levy sanctions on countries for this kind of misbehaviour? Winter said that everyone could understand a nuclear weapon is a threat. He said people aren't ready to understand that bad code is a threat but it's pretty clear that it could do massive amounts of harm. Winter, who is now the CTO for security solutions provider Arcsight, admitted that blocking countries from the Internet would be an "enormously complex task". ? From rforno at infowarrior.org Fri Oct 8 09:30:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Oct 2010 10:30:35 -0400 Subject: [Infowarrior] - DOT Weighs Urging U.S. Ban on All Driver Phone Use in Cars Message-ID: LaHood Weighs Urging U.S. Ban on All Driver Phone Use in Cars By Angela Greiling Keane and Jeff Green - Oct 8, 2010 12:00 AM ET Fri Oct 08 04:00:01 GMT 2010 http://www.bloomberg.com/news/2010-10-08/lahood-weighs-urging-u-s-ban-on-all-driver-phone-use-in-cars.html U.S. Transportation Secretary Ray LaHood says he believes motorists are distracted by any use of mobile phones while driving, including hands-free calls, as his department begins research that may lead him to push for a ban. LaHood, whose campaign against texting and making calls while driving has led to restrictions in 30 states, says his concerns extend to vehicle information and entertainment systems such as Ford Motor Co.?s Sync and General Motors Co.?s OnStar. ?I don?t want people talking on phones, having them up to their ear or texting while they?re driving,? LaHood said in an interview this week. ?We need a lot better research on other distractions,? including Bluetooth-enabled hands-free calls and the in-car systems, he said. Even without a ban, which would have to be implemented by individual states, LaHood?s escalating campaign may limit the growth of vehicle features such as Sync, being added by automakers to attract younger buyers. His push also may reduce calls made from vehicles and the revenue of mobile-phone companies such as Verizon Wireless and AT&T Inc. LaHood, 64, said even hands-free phone conversations are a ?cognitive distraction.? Calling for a ban on hands-free communications is a possible outcome of research under way at the Transportation Department?s National Highway Traffic Safety Administration into all driver distractions, Olivia Alair, a department spokeswoman, said. Too Ingrained? LaHood plans to meet with the heads of all makers of cars sold in the U.S. to discuss their cooperation in limiting distracted driving, he said in the Oct. 5 interview. He said he?s not yet recommending restrictions on hands-free phone calls and didn?t say when he might make a decision. The transportation secretary may have little chance of getting a ban by the states even if he decides one is justified, said Christopher King, a telecommunications analyst at Stifel Nicolaus & Co. in Baltimore. ?It?s so ingrained at this point, I think banning that would be extremely difficult, bordering on folly,? King said in an interview. ?There would be no legitimate, public support for an outright ban.? The Transportation Department?s powers to push further limits on distracted driving range from exhortations to setting standards backed by the federal government?s financial clout. The government previously awarded highway aid to states based on whether they raised the legal drinking age to 21 or required seatbelt use. What People Do The Alliance of Automobile Manufacturers wants to make sure regulators don?t prohibit a wireless link in cars, said Wade Newton, a spokesman for the Washington-based group, whose 12 members include Ford, GM and Toyota Motor Corp. Newton cited technologies that can automatically alert emergency responders if a car crashes and systems being developed that would alert drivers to changing weather or accidents ahead on the road. ?Our feeling is it?s a matter of balancing what we know people are going to do anyway with what technology can help them do safer in a vehicle,? he said. ?We know that people are going to have conversations and look at maps and listen to music in a vehicle.? The Transportation Department estimated about 5 percent of all drivers in 2009 were using mobile phones in their cars at any given time. LaHood began campaigning last year to limit driver distractions that he says caused 5,474 deaths in 2009 and accounted for 16 percent of all road fatalities. The total was a 6 percent decline from 5,838 in 2008. Wrong Focus ?In one year, we have made a difference,? LaHood said of his effort to win state restrictions. ?Our goal is to get all 50 states.? The Insurance Institute for Highway Safety, which has said LaHood is focusing too much attention on distracted driving instead of other safety pursuits, released a study last month concluding laws banning handheld texting don?t reduce crashes. The study, using data from four states before and after they enacted anti-texting laws, found the overall number of crashes increased in three of the states. The increase may stem from drivers taking their eyes off the road even more as they try to hide their phones from view while texting, Adrian Lund, president of the industry-sponsored group, said in an Oct. 5 interview. Federal guidelines are planned next year to put into writing LaHood?s views on how much, if any, mobile communication by the driver is appropriate when a vehicle is in motion, said Ronald Medford, NHTSA?s deputy administrator. Using Facebook OnStar, with about 5.7 million subscribers, is testing an application that would let users make audio updates to their Facebook pages and have messages from the social-media site read to them while driving. The system already provides crash- notification services as well as directions and information such as vehicle diagnostics. ?I?m absolutely opposed to all of that,? LaHood said, when asked about drivers using the Facebook and Twitter social networks. ?That would be the biggest distraction of all. All of that is well beyond the idea that you?re really trying to avoid distracted driving.? Rebecca White, an OnStar spokeswoman, declined to comment. Ford has been selling Sync, based on Microsoft Corp.?s voice-activated technology, since the 2008 model year. The Dearborn, Michigan-based company added features such as touch- command controls and voice-activated climate control this year. Ford said in January it plans to bring social networking, Web browsing and thumb controls similar to those on Apple Inc.?s iPod to 80 percent of its models by 2015. Eyes on the Road ?Research clearly shows that voice-controlled connectivity technologies provide substantial safety benefits because they allow drivers to keep their hands on the wheel and eyes on the road -- key factors in reducing driving distractions,? said Wes Sherwood, a Ford spokesman. ?Car manufacturers always say ?safety is our No. 1 priority,? but yet you invest your money into developing these systems where you can update your Facebook status,? said Jennifer Smith, president of FocusDriven, a group whose founders lost family members in distracted-driving-related car crashes and wants all cell-phone use by drivers banned. Chrysler Group LLC, which encourages drivers to use hands- free devices if they need to talk and drive, is sponsoring a Car and Driver magazine cellular phone application called TXT U L8r that responds to text messages with an alert that the person is unavailable, said Esperansita Bejnarowicz, a social-media manager at Chrysler. Wireless Revenue The U.S. wireless industry generated $152 billion in revenue last year from 2.3 trillion minutes of use, according to CTIA -- the Wireless Association, a Washington-based trade group that represents mobile-phone services. ?We support no texting and driving,? Marquett Smith, a spokesman for Verizon Wireless, said in an e-mailed statement. ?If a ban is put in place, we will encourage our customers to comply.? The campaign against distracted driving and the use of mobile phones in the car will continue in stages, LaHood said. ?The bottom line for me is to get where we?re at with seat belts and with drunk driving,? LaHood said. ?When those programs were started, people were very skeptical that you could get people to buckle up.? To contact the reporters on this story: Angela Greiling Keane in Washington at agreilingkea at bloomberg.net; Jeff Green in Southfield, Michigan, at jgreen16 at bloomberg.net. To contact the editor responsible for this story: Larry Liebert at lliebert at bloomberg.net. From rforno at infowarrior.org Fri Oct 8 14:25:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Oct 2010 15:25:18 -0400 Subject: [Infowarrior] - OT: A moderate's survival guide for Congress Message-ID: <8CDC5D1F-356D-48C3-9434-AD1968EDA7FB@infowarrior.org> Interesting commentary from a moderate Republican Senator. Wish more folks on all sides thought this way instead of contrbuting to the ongoing farcical federal demonstration of the worst aspects of social behaviour. -- rick Sen. Susan Collins: A moderate's survival guide for Congress By Susan M. Collins Sunday, October 10, 2010; B04 http://www.washingtonpost.com/wp-dyn/content/article/2010/10/08/AR2010100802663_pf.html I don't know who first described politics as the "art of compromise," but that maxim, to which I have always subscribed, seems woefully unfashionable today. It's a tough time to be a moderate in the U.S. Senate. Sitting down with those on the opposite side of a debate, negotiating in good faith, attempting to reach a solution -- such actions are now vilified by the hard-liners on both sides of the aisle. Too few want to achieve real solutions; too many would rather draw sharp distinctions and score political points, even if that means neglecting the problems our country faces. A historian might say that at least we don't have one member caning another into unconsciousness, as when Rep. Preston Brooks of South Carolina flogged Sen. Charles Sumner of Massachusetts on the Senate floor in 1856. But in modern times, I have not seen the degree of bitter divisiveness and excessive partisanship now found in the Senate. The weapon of choice today is not a metal-topped cane but poisonous words. I imagine that is one reason that, just weeks from the November midterms, the American people are so angry with incumbents of all political persuasions, and particularly those who are in charge. The way out is far from clear, but I would suggest that a divided government and a more evenly split Senate are more conducive to bipartisanship than the super-majorities and one-party control of the White House and Congress that we see today. When one party has all the power, the temptation is to roll over the minority, leading to resentment and resistance because the minority has so few options. It wasn't always this way. There were times when those who worked to avert legislative implosions were more welcome. In 2005, a group of senators came together to negotiate an agreement for considering judicial nominees. This "Gang of 14," of which I was part, sought to avoid what was known as the "nuclear option," a change in the Senate rules that would have brought about a legislative meltdown. Democrats had used the filibuster to prevent the confirmation of some of President George W. Bush's appellate court nominees. With the rallying cry that nominees deserved an "up or down vote," Republican Senate leaders threatened to change the rules to prevent filibusters from being used to block judicial confirmations. Democrats countered that the rights of the minority had always been protected in the Senate and warned that if the rules were changed, the Democrats would block action on everything. While leaders on both sides hardened their positions, the 14 of us -- seven from each party -- joined to forge a solution. We established a new standard, stating that we would support filibusters of judicial nominees only in "extraordinary circumstances." Applying that standard, the Democratic senators in our coalition supported cloture for five of the seven filibustered nominees, resulting in their confirmation. In turn, we seven Republicans agreed to oppose the "nuclear option," thus thwarting the plans of the GOP leaders. Our deal restored trust and helped preserve the unique culture of the Senate. It showed that the two parties could come together and reach an agreement in an atmosphere of mutual respect and good faith. Oh, how times have changed. When I led the effort in 2009 to try to produce a more fiscally responsible stimulus bill, I was vilified by partisans on both sides. On the left, I was attacked by columnists for cutting $100 billion from the bill and mocked in the blogosphere as "Swine Flu Sue" for my contention that spending for a pandemic flu did not belong in the stimulus package but should be part of the regular appropriations process. On the right, I was denounced as a traitor and a RINO ("Republican in name only"), and one of my Republican colleagues targeted me for a campaign that generated tens of thousands of out-of-state e-mails denouncing me. What changed to produce such incivility, such personal and painful and nasty debate? During the past two years, the minority party has been increasingly shut out of the discussion. Even in the Senate, which used to pride itself on being the bastion of free and open debate, procedural tactics are routinely used to prevent Republican amendments. That causes Republicans to overuse the filibuster, because our only option is to stop a bill to which we cannot offer amendments. This unfortunate phenomenon happened again with the recent consideration of the defense authorization bill, which included a repeal of the military's "don't ask, don't tell" policy. I have supported ending that policy and was the sole Republican on the Armed Services Committee to vote for repeal. If gay individuals are willing to put on the uniform of our country, to be deployed in war zones such as Iraq and Afghanistan, to risk their lives for their fellow citizens, then we should express our gratitude to them, not exclude them from serving or expel them from the military. I recognized, however, that many of my colleagues disagreed, and that they should have the right to express their views and offer their amendments on this controversial issue -- as well as many others in the defense bill. But Majority Leader Harry Reid did not agree. Because of his stance, I found myself in the awkward position of voting against moving forward on legislation that I supported and that contained a change in policy I advocated. This was the 116th time in this Congress that the majority leader or another Democrat filed cloture rather than agreeing to allow amendments to be debated. What concerns me even more is the practice of filling up the amendment tree to prevent Republican amendments -- this was the 40th time that was done. By contrast, when the White House is controlled by one party and at least one chamber of Congress is in the hands of the other, the president has no choice but to reach out and negotiate. It would be a lot easier for President Obama to resist the hard left of his party if he could say he has to pursue legislation acceptable to a Republican House or Senate. Or better yet, from my perspective, both! When I was a freshman senator in 1997, Sen. John Chafee of Rhode Island, as fine a gentleman as has ever graced the Senate chamber, advised me never to campaign against those with whom I served. The Senate is too small a place for that, he counseled. Campaign for your fellow Republicans and go to states with open seats, but do not campaign against your Democratic colleagues. It will poison your relationship with them. Back then, most senators followed the "Chafee rule," but that soon changed. Now many enthusiastically campaign against their colleagues across the aisle. I was shocked when, in 2008, two Democratic senators came to Maine and unfairly criticized my work during my highly competitive race that year. My willingness to work with Democrats had been well established over the past decade, and there was no one running that year with more bipartisan legislative initiatives and accomplishments than I had. But that didn't stop them. This year's elections have shown just how far the destruction of collegiality has progressed, with some lawmakers campaigning against senators in their own caucus by endorsing their primary opponents. Such personal campaign attacks have detrimental effects that last long after Election Day. I am not suggesting that civility requires us to accept the unacceptable. Good manners must not prevent the telling of unpleasant truths. When Sen. Margaret Chase Smith of Maine went to the Senate floor 60 years ago to deliver her famous "Declaration of Conscience," she did not do so to demonize Wisconsin's Sen. Joseph McCarthy personally but to denounce his actions. She certainly gave him great offense, but she spoke the truth about his tactics of ruining reputations, crushing free speech and smearing opponents. Telling the truth about McCarthy's conduct in strong, tough language was far more important than worrying about offending him. In contrast, consider the House member from my party who interrupted Obama's speech to a joint session of Congress a year ago by yelling "You lie!" Or recall the House Democratic member whose contribution to the health-care debate consisted of asserting that Republicans had a two-word plan: "Die quickly." These are decidedly uncivil acts, designed not to reveal the truth but only to offend. President Ronald Reagan understood that there would be times when civility for civility's sake was not the premier value. But it was his fundamental commitment to civility that allowed him to work so well with Democratic Speaker Tip O'Neill and to forge a genuine friendship with him. His belief in the power of political civility also led to his formulation of the 11th Commandment: "Thou shalt not speak ill of another Republican." So where does this leave us? Students of American culture might ask whether incivility is a strictly Washington phenomenon or a reflection of changes in our society at large. That question reminds me of the response that then-Sen. Lowell Weicker gave to an unhappy constituent who denounced him and his colleagues as "a bunch of liars, thieves and womanizers." Weicker calmly replied: "Well, it is, after all, a representative form of government." I will not try to play sociologist and weigh in on this issue except to say that there are indications that as a people we are becoming less civil -- just witness the attack journalism on cable television, the growing incidence of bullying in schools, the use of the Internet to smear those one does not like and the popular appeal of shows in which people are fired or voted off islands. I am more confident in asserting that even if Washington leads the nation in incivility, it is not likely to change until those outside Washington demand it. What gets rewarded gets done, and for those of us in Congress, reelection is the ultimate reward. Voting out of office -- or not electing in the first place -- those who put partisanship over progress and conflict over compromise would create a very different legislative climate, one in which the objective is to solve the problem, not to win the debate. It may not be easy to feel passionate about civility and compromise, but it is easy to feel passionate about a vibrant, just and prosperous America. To achieve that, however, we need to get passionate about electing legislators who not only work hard but work together. Not long ago, I happened upon George Washington's "Rules of Civility and Decent Behavior," a transcription of various guides to etiquette, written when Washington was but a teenager. There are 110 points. First of all, be respectful. Second, if you itch, be careful where you scratch. Third, don't scare your friends. Fourth, in the presence of others, avoid humming or drumming your fingers. (I cannot tell you how wonderful it would be if humming and drumming were the greatest threats to civility in the Senate.) It is not until No. 110 that young George got to the heart of the matter: "Labor to keep alive in your breast that little spark of celestial fire called conscience." That little spark lights our way much more brightly than bomb-throwing, scorched-earth, incendiary political rhetoric ever will. Susan M. Collins is a Republican senator from Maine. From rforno at infowarrior.org Fri Oct 8 14:27:04 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Oct 2010 15:27:04 -0400 Subject: [Infowarrior] - Library of Congress: Copyright Is Destroying Historic Audio Message-ID: <5CB7D034-4DC2-4EA2-AF84-DA80CAA02568@infowarrior.org> US Library of Congress: Copyright Is Destroying Historic Audio posted by Thom Holwerda on Fri 8th Oct 2010 13:53 UTC http://www.osnews.com/story/23888/US_Library_of_Congress_Copyright_Is_Destroying_Historic_Audio You think only "pirates" and "freeloaders" rail against current copyright laws? Well, think again - even the Library of Congress seemingly has had enough. The topic is recorded sound preservation, and in a 181-page in-depth study, the Library of Congress concludes that apart from technical difficulties, US copyright law makes it virtually impossible for anyone to perform any form of audio preservation. The painted picture is grim - very grim. The very detailed and in-depth report has been ten years in the making, and was commissioned in the National Recording Preservation Act of 2000. The goal of the study was to inform Congress of the state of audio preservation, the difficulties encountered, what kind of standard procedures are needed for preservation, and so on. The conclusions in the report are grim, at best. Problems Since us geeks can understand that 150 years of recording technology would pose problems for modern archivists (imagine how many different technologies have come and gone in those 150 years), let's skip straight ahead to the destructive effects of copyright law on archiving audio recordings. "Were copyright law followed to the letter, little audio preservation would be undertaken. Were the law strictly enforced, it would brand virtually all audio preservation as illegal," the study concludes, "Copyright laws related to preservation are neither strictly followed nor strictly enforced. Consequently, some audio preservation is conducted." While libraries supposedly have some leeway in preserving audio recordings, they find it "virtually impossible to reconcile their responsibility for preserving and making accessible culturally important sound recordings with their obligation to adhere to copyright laws". The problem is that the current provisions in law for audio preservation are "restrictive and anachronistic" in our current digitial age. There are more problems. While the recording industry undertakes some preservation, they will only preserve those recordings from which they think they might profit in the future (what a surprise). For instance, consider a researcher working on vaudeville who may be interested in vaudevillian recordings on cylinders. "These performers may have been headliners in their time, but today their names are virtually unknown," the study details, "While scholarly interest in these recordings is high, their economic value to the property holder is negligible. However, legal restrictions governing access to a cylinder produced in 1909 are the same as those governing a compact disc made in 2009, even though it is highly unlikely that the 1909 recording has any revenue potential for the rights holder." The report also highlights the problems posed by the rather complicated history of US copyright law. "All U.S. recordings, both commercially released and unpublished, created before February 15, 1972, are protected by a complex network of disparate state civil, criminal, and common laws," the study explains. The consequence is that all sounds recordings made before 1972 will have their copyright expire in 2067 - 95 years after the placement of these recordings under federal protection in 1972. This means that the oldest sound recordings in the US dating from 1890, will only enter the public domain after 177 years. It goes much deeper than that, though. Sound recording preservation institutions are having problems finding the necessary funding for their expensive work because they are not allowed to grant access to the material they're trying to preserve. Access has become such an important demand that organisations unable to provide such access will simply not even bother to preserve the audio in the first place. In addition, private collectors are unwilling to hand over their collections to institutions out of fear that their collections will not be made available to the public. As one participant in the study said, "The preservation of music is meaningless if this music is not accessible." Another important - and very well-worded - complaint in the study is that copyright law is seen as so restrictive by the public, that people simply dismiss it outright. "In the perception of the public, copyright law has a reputation for being overly restrictive," the study notes, "This perception fosters a dismissive attitude toward the law in communities that can hardly be characterized as rogue elements of society. An individual representing one institution has noted that, unless or until instructed to cease and desist certain practices, his organization was compelled to 'fly under the radar' to support its mission." Solutions The study doesn't just identify problems - it proposes solutions as well; five of them, to be exact: ? Repeal Section 301(c) of the Copyright Act - this is the section that enacts the 2067 barrier as expained above. ? Decriminalise the use and copying of orphaned works - which are works for which no rightsholders can be determined. ? Bring US copyright terms in line with European ones - a maximum of 50-75 years. The study discovered that an additional 22% of US historical recordings are available in Europe, but not in the US, due to shorter copyright terms in Europe. ? Third parties should be able to re-issue abandoned works without permission from rightsholders - as long as those rightsholders are properly compensated. ? Libraries should be allowed to more easily copy and share material within the library and between other libraries, and restrictions on quality of the copies should be removed. Locked up This detailed study confirms something that I - and many others with me - have been saying for a long time now: modern-day copyright is no longer performing its intended function, i.e., to promote the sciences and arts. Instead, it has become a license to print money, existing almost exclusively to secure the exorbitant income of big content. The British Lord Camden already predicted this outcome back in the 18th century. "All our learning will be locked up in the hands of the Tonsons and the Lintots of the age. [...] Knowledge and science are not things to be bound in such cobweb chains." This horror scenario, envisioned almost 300 years ago, has now become a reality. Organisations like the RIAA and MPAA, as well as its promoters, have no interest in promoting the arts and sciences - our learning has been locked up by the Tonsons and Lintots of our age. The calls for massive copyright reform are growing ever stronger, but the US will have to wait until the Obama administration leaves office before any serious changes can be made. The current US administration is utterly and wholly, for the full 100%, siding with big content with little to no regard for promoting the arts and sciences. In doing so, the Obama administration is contributing to the destruction of immense bodies of knowledge and art. As far as I'm concerned, this shows a complete and utter disdain for art, culture, and history. From rforno at infowarrior.org Sat Oct 9 11:55:44 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Oct 2010 12:55:44 -0400 Subject: [Infowarrior] - Trans-Atlantic Cable Targets High-Frequency Traders Message-ID: Underwater Options? Trans-Atlantic Cable Targets High-Frequency Traders By DOUG CAMERON And JACOB BUNGE http://online.wsj.com/article/SB10001424052748704789404575524072473936124.html Hibernia Atlantic announced plans Thursday to build a new trans-Atlantic communications cable aimed at high-frequency stock traders, shaving 500 kilometers (310 miles) from the shortest existing route and cutting execution times by about 8%. The cable group's plan is the latest effort to link financial centers with new infrastructure, providing ever-faster trading times, and would be the first new line across the Atlantic in more than a decade. The trans-Atlantic market is the world's second-busiest for financial trades after London-Frankfurt. A new, shorter cable route developed by Spread Networks recently was opened on the third-ranked New York-Chicago corridor. Closing the Gap "There has been a gap in the Atlantic market," said Mike Saunders, Hibernia Atlantic's vice president for business development. Hibernia Atlantic has yet to sign any definitive customer contracts for the project. It is targeting high-frequency traders and related financial firms with round-trip speeds of less than 60 milliseconds, compared with 65 milliseconds using the existing AC-1 trans-Atlantic network. Mr. Saunders said the company aims to start construction next spring and complete the 6,000-kilometer (3,720-mile) cable running from Somerset in southern England to Halifax on Canada's eastern seaboard by mid-2012. Hibernia Atlantic, a unit of Columbia Ventures Corp., a Canadian telecom investment firm, declined to detail the cost of the project, which Mr. Saunders said was in the range of "hundreds of millions of dollars." Technology-driven trading firms are estimated to make up about two-thirds of daily trading activity in U.S. stock markets and are ramping up growth in overseas venues. Intense competition to harvest profits from often tiny movements in the price of securities and derivatives has driven speed-sensitive banks and trading houses into new exchange-backed data centers promising the fastest possible trade executions, and toward low-latency connections like those developed by Hibernia and Spread Networks. Such links help inform trading programs that need to consider market data coming out of two separate locations, according to Kevin McPartland, senior analyst with market research firm Tabb Group. Shaving Milliseconds "Say there's a tick up in the price of a future, and all the stocks in a certain basket will tick up a fraction of a second later," Mr. McPartland said. "If you can see two milliseconds faster where the futures moved in Chicago and subsequently make the stock trade in New York, you can more quickly capture the spread." The 825-mile line between Chicago and New York by Spread Networks was plotted to be more direct than any existing connection, according to David Barksdale, the company's chief executive. "The market need was highest among financial firms," said Mr. Barksdale in an interview. "They want ultralow-latency and control over the electronics" attached to the fiber, he said. Creating Spread's cable link took two years and about 1,000 construction workers at any given time during the project, which has been estimated to cost $300 million, though the company declined to discuss the expense. Spread's link went live in August and has reduced latency between the two cities to 13.3 milliseconds, undercutting other routes. A millisecond is one-thousandth of a second. Such high-speed lines are seen carrying a high price tag. While neither Spread nor Hibernia discussed fees, Raymond James analyst Patrick O'Shaughnessy saw a developing situation of "have and have-nots" dividing the high-frequency trading world, with firms that can afford the service beating out less well-capitalized rivals. "On the margin we believe this has led to lower trading volumes, at least in the near term, as smaller players exit the business or revamp their business models and/or technology to evolve with the changing environment," Mr. O'Shaughnessy wrote in a research note. Write to Doug Cameron at doug.cameron at dowjones.com and Jacob Bunge at jacob.bunge at dowjones.com From rforno at infowarrior.org Sat Oct 9 13:46:26 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Oct 2010 14:46:26 -0400 Subject: [Infowarrior] - Who Owns The Media? Message-ID: Who Owns The Media? The 6 Monolithic Corporations That Control Almost Everything We Watch, Hear And Read Written by The Economic Collapse Blog - 10/04/10 http://www.thetradingreport.com/2010/10/04/who-owns-the-media-the-6-monolithic-corporations-that-control-almost-everything-we-watch-hear-and-read/ Back in 1983, approximately 50 corporations controlled the vast majority of all news media in the United States. Today, ownership of the news media has been concentrated in the hands of just six incredibly powerful media corporations. These corporate behemoths control most of what we watch, hear and read every single day. They own television networks, cable channels, movie studios, newspapers, magazines, publishing houses, music labels and even many of our favorite websites. Sadly, most Americans don?t even stop to think about who is feeding them the endless hours of news and entertainment that they constantly ingest. Most Americans don?t really seem to care about who owns the media. But they should. The truth is that each of us is deeply influenced by the messages that are constantly being pounded into our heads by the mainstream media. The average American watches 153 hours of television a month. In fact, most Americans begin to feel physically uncomfortable if they go too long without watching or listening to something. Sadly, most Americans have become absolutely addicted to news and entertainment and the ownership of all that news and entertainment that we crave is being concentrated in fewer and fewer hands each year. The six corporations that collectively control U.S. media today are Time Warner, Walt Disney, Viacom, Rupert Murdoch?s News Corp., CBS Corporation and NBC Universal. Together, the ?big six? absolutely dominate news and entertainment in the United States. But even those areas of the media that the ?big six? do not completely control are becoming increasingly concentrated. For example, Clear Channel now owns over 1000 radio stations across the United States. Companies like Google, Yahoo and Microsoft are increasingly dominating the Internet. But it is the ?big six? that are the biggest concerns. When you control what Americans watch, hear and read you gain a great deal of control over what they think. They don?t call it ?programming? for nothing. Back in 1983 it was bad enough that about 50 corporations dominated U.S. media. But since that time, power over the media has rapidly become concentrated in the hands of fewer and fewer people?. In 1983, fifty corporations dominated most of every mass medium and the biggest media merger in history was a $340 million deal. ? [I]n 1987, the fifty companies had shrunk to twenty-nine. ? [I]n 1990, the twenty-nine had shrunk to twenty three. ? [I]n 1997, the biggest firms numbered ten and involved the $19 billion Disney-ABC deal, at the time the biggest media merger ever. ? [In 2000] AOL Time Warner?s $350 billion merged corporation [was] more than 1,000 times larger [than the biggest deal of 1983]. ?Ben H. Bagdikian, The Media Monopoly, Sixth Edition, (Beacon Press, 2000), pp. xx?xxi Today, six colossal media giants tower over all the rest. Much of the information in the chart below comes from mediaowners.com. The chart below reveals only a small fraction of the media outlets that these six behemoths actually own?. Time Warner Home Box Office (HBO) Time Inc. Turner Broadcasting System, Inc. Warner Bros. Entertainment Inc. CW Network (partial ownership) TMZ New Line Cinema Time Warner Cable Cinemax Cartoon Network TBS TNT America Online MapQuest Moviefone Castle Rock Sports Illustrated Fortune Marie Claire People Magazine Walt Disney ABC Television Network Disney Publishing ESPN Inc. Disney Channel SOAPnet A&E Lifetime Buena Vista Home Entertainment Buena Vista Theatrical Productions Buena Vista Records Disney Records Hollywood Records Miramax Films Touchstone Pictures Walt Disney Pictures Pixar Animation Studios Buena Vista Games Hyperion Books Viacom Paramount Pictures Paramount Home Entertainment Black Entertainment Television (BET) Comedy Central Country Music Television (CMT) Logo MTV MTV Canada MTV2 Nick Magazine Nick at Nite Nick Jr. Nickelodeon Noggin Spike TV The Movie Channel TV Land VH1 News Corporation Dow Jones & Company, Inc. Fox Television Stations The New York Post Fox Searchlight Pictures Beliefnet Fox Business Network Fox Kids Europe Fox News Channel Fox Sports Net Fox Television Network FX My Network TV MySpace News Limited News Phoenix InfoNews Channel Phoenix Movies Channel Sky PerfecTV Speed Channel STAR TV India STAR TV Taiwan STAR World Times Higher Education Supplement Magazine Times Literary Supplement Magazine Times of London 20th Century Fox Home Entertainment 20th Century Fox International 20th Century Fox Studios 20th Century Fox Television BSkyB DIRECTV The Wall Street Journal Fox Broadcasting Company Fox Interactive Media FOXTEL HarperCollins Publishers The National Geographic Channel National Rugby League News Interactive News Outdoor Radio Veronica ReganBooks Sky Italia Sky Radio Denmark Sky Radio Germany Sky Radio Netherlands STAR Zondervan CBS Corporation CBS News CBS Sports CBS Television Network CNET Showtime TV.com CBS Radio Inc. (130 stations) CBS Consumer Products CBS Outdoor CW Network (50% ownership) Infinity Broadcasting Simon & Schuster (Pocket Books, Scribner) Westwood One Radio Network NBC Universal Bravo CNBC NBC News MSNBC NBC Sports NBC Television Network Oxygen SciFi Magazine Syfy (Sci Fi Channel) Telemundo USA Network Weather Channel Focus Features NBC Universal Television Distribution NBC Universal Television Studio Paxson Communications (partial ownership) Trio Universal Parks & Resorts Universal Pictures Universal Studio Home Video These gigantic media corporations do not exist to objectively tell the truth to the American people. Rather, the primary purpose of their existence is to make money. These gigantic media corporations are not going to do anything to threaten their relationships with their biggest advertisers (such as the largest pharmaceutical companies that literally spend billions on advertising), and one way or another these gigantic media corporations are always going to express the ideological viewpoints of their owners. Fortunately, an increasing number of Americans are starting to wake up and are realizing that the mainstream media should not be trusted. According to a new poll just released by Gallup, the number of Americans that have little to no trust in the mainstream media (57%) is at an all-time high. That is one reason why we have seen the alternative media experience such rapid growth over the past few years. The mainstream media has been losing credibility at a staggering rate, and Americans are starting to look elsewhere for the truth about what is really going on. Do you think that anyone in the mainstream news would actually tell you that the Federal Reserve is bad for America or that we are facing a horrific derivatives bubble that could destroy the entire world financial system? Do you think that anyone in the mainstream media would actually tell you the truth about the deindustrialization of America or the truth about the voracious greed of Goldman Sachs? Sure there are a few courageous reporters in the mainstream media that manage to slip a few stories past their corporate bosses from time to time, but in general there is a very clear understanding that there are simply certain things that you just do not say in the mainstream news. But Americans are becoming increasingly hungry for the truth, and they are becoming increasingly dissatisfied with the dumbed down pablum that is passing as ?hard hitting news? these days. From rforno at infowarrior.org Sat Oct 9 14:53:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Oct 2010 15:53:36 -0400 Subject: [Infowarrior] - North Korea Opens up Internet for National Anniversary Message-ID: <715FA9AC-7C3B-4A8F-9987-8CF1BDCFC8DB@infowarrior.org> North Korea Opens up Internet for National Anniversary Martyn Williams Martyn Williams Sat Oct 9, 10:00 am ET http://news.yahoo.com/s/pcworld/20101009/tc_pcworld/northkoreaopensupinternetfornationalanniversary/print North Korea appears to have made its first full connection to the Internet. The connection, planning for which has been going on for at least nine months, came as the reclusive country prepares to mark the 65th anniversary of the founding of the ruling Workers' Party of Korea with a massive celebration and military parade. A Web site for the country's official news agency was the first to appear from among a group of 1,024 Internet addresses that had been reserved for North Korea but never used. The Korea Central News Agency's new Web site is different from one operated by a group in Tokyo and carries news and photos a day ahead of the Japanese site. Other North Korea-linked Web sites and a recently launched Twitter feed operate from locations outside the country or via direct connections to China's national Internet. The site appeared as Pyongyang welcomed foreign journalists to the city to observe Sunday's parade. A press room for the journalists was set up at the Koryo Hotel and reporters were given full access to the Internet. Typically visitors to Pyongyang are only able to make telephone calls or send e-mails through designated computers. "The North Korean IT guys at the press room really know their stuff. We're logged on," wrote Melissa Chan, a correspondent for Al Jazeera, in a Twitter message. She later appeared live on the channel via a Skype link. "We have access to Facebook, Twitter and here I am able to Skype with you," she said. The access is extraordinary for a country that keeps such tight control on how its citizens communicate. While Internet access is believed to be available to small group of elite members of the ruling party, the rest of the country is not permitted access to outside sources of news. Radios are pre-tuned to state broadcasts, magazines and newspapers from other countries are banned and the only Web access available is to a nationwide intranet that doesn't link to sites outside of the country. As PCs are unusual at home, most access is via terminals in libraries. The first signs of a greater interest in the Internet came late last year when a batch of Internet addresses, long reserved for North Korea, were assigned to a North Korean-Thai joint venture. The numeric IP addresses lie at the heart of communication on the Internet. Every computer connected to the network needs its own address so that data can be sent and received by the correct servers and computers. Without them, communication would be impossible. Frequent monitoring of the addresses by IDG News Service repeatedly failed to turn up any use of them until now. An analysis of the connection to the news agency Web site shows it is connected to the wider Internet via China Netcom. It's impossible to tell if the access given to journalists in Pyongyang marks a turning point in the way the country regulates access to communications, or if it's simply a courtesy made available to create a good impression among journalists. The founding anniversary of the Workers' Party of Korea is a big deal for the country every year, but this year is especially important. Kim Jong Eun, son of leader Kim Jong Il, has just taken his first position within the party, which rules North Korea. His appointment to the party's Central Committee and the Central Military Commission are first steps towards a likely future position as leader of the country. Martyn Williams covers Japan and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams at idg.com From rforno at infowarrior.org Mon Oct 11 08:15:43 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Oct 2010 09:15:43 -0400 Subject: [Infowarrior] - India plans its own OS Message-ID: <4D8C8237-A823-4AEF-BE0C-747969BCA389@infowarrior.org> Indian govt.?s plans for indigenous operating system gather momentum By Manan Kakkar | October 9, 2010, 11:44am PDT http://www.zdnet.com/blog/india/indian-govts-plans-for-indigenous-operating-system-gather-momentum/209 The Indian government seems to be taking security risks posed by Western services quite seriously. There have been several reports of the government?s IT infrastructure being targeted. A few months back, the Indian government officials made public their plans of developing their own operating system. Back in February, a task force comprising of personnel from the Prime Minister?s Office, Defense, Home, Telecomm Ministries was assigned to the project. An official said, ?A sanitized, lower level operating system and application software may be preferred to the advanced versions, which necessarily require access to internet for upgrades.? The government has ensured that computers with sensitive data or connected to crucial networks do not have Internet access thereby reducing possible cyber threats. India?s security agency, the DRDO (Defense Research and Development Organization) has been working on the operating system and has setup a software development center in the nation?s capital. A dedicated work force of 50 software professionals will be working from Bangalore and Delhi. The team will be coordinating with Indian IT companies and institutes like the IIT on developing the operating system. The DRDO Director General Dr. VK Saraswat talking about the project said, ?There are many gaps in our software areas; particularly we don?t have our own operating system. So, in today?s world where you have tremendous requirements of security on whatever you do?economy, banking and defense?it?s essential that you need to have an operating system.? The on-going discussions with RIM to be able to access encrypted Blackberry emails are part of an effort to ensure India is better equipped to handle the new age security threats. From rforno at infowarrior.org Mon Oct 11 08:18:08 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Oct 2010 09:18:08 -0400 Subject: [Infowarrior] - DHS Project 12 Report: Critical Infrastructure Public-Private Partnerships Message-ID: DHS Project 12 Report: Critical Infrastructure Public-Private Partnerships http://publicintelligence.net/ufouo-dhs-project-12-report-critical-infrastructure-public-private-partnerships/ From rforno at infowarrior.org Mon Oct 11 12:31:14 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Oct 2010 13:31:14 -0400 Subject: [Infowarrior] - How ACTA Turns Private, Non-Commercial File Sharing Into 'Commercial Scale' Criminal Infringement Message-ID: <734A780B-08A3-441A-B5F9-7C2E761F68A1@infowarrior.org> How ACTA Turns Private, Non-Commercial File Sharing Into 'Commercial Scale' Criminal Infringement from the this-is-not-good dept http://www.techdirt.com/articles/20101010/23585611352/how-acta-turns-private-non-commercial-file-sharing-into-commercial-scale-criminal-infringement.shtml We've already discussed some of the problems of the "near-finalized" draft of ACTA, but the deeper people dig into the agreement, the worse it gets. We had noted, in our original post, that the definition of "commercial scale" matters a lot, and Glyn Moody points us to an analysis that shows how the ACTA negotiators cleverly scaled back their definition of "commercial scale," to make it both vague and incredibly broad. The current text in ACTA reads: ACTA 2.14.1: "Each Party shall provide for criminal procedures and penalties to be applied at least in cases of willful trademark counterfeiting or copyright or related rights piracy on a commercial scale. [ACTA footnote 9] For the purposes of this section, acts carried out on a commercial scale include at least those carried out as commercial activities for direct or indirect economic or commercial advantage." "Carried out as commercial activities for direct or indirect economic or commercial advantage." Could you be any more inclusive than that? We've recently discussed how the borderline between commercial and non-commercial use can sometimes be very difficult to distinguish. Under ACTA, it appears that when in doubt, it's commercial scale. Of course, what's really troubling here is that the EU negotiators had already promised that there would be no definition of "commercial scale." Yet, there is... and it's a lot worse than what the EU Parliament had already determined "commercial scale" to cover. The analysis linked above, first looks at the Max Planck Institute's analysis of "commercial scale" infringement, where it notes that just saying "commercial scale" "fails to provide for an appropriate and sufficiently precise definition of the elements of a crime" under the current laws of the EU. Instead, it says such actions can only qualify as a crime if the following conditions are met: ? Identity with the infringed object of protection (the infringing item emulates the characteristic elements of a protected product or distinctive sign in an unmodified fashion [construction, assembly, etc.]). ? Commercial activity with an intention to earn a profit. ? Intent or contingent intent (dolus eventualis) with regard to the existence of the infringed right. Note that none of that is found within the ACTA definition. The report also highlights the EU Parliament's own definition of commercial scale, which has important caveats not found in ACTA: "infringements on a commercial scale" means any infringement of an intellectual property right committed to obtain a commercial advantage; this excludes acts carried out by private users for personal and not-for-profit purposes Notice how the ACTA negotiators conveniently left out the exclusion at the end. So for all the talk of how the new ACTA would only focus on "commercial scale" infringement, by subtly changing (mostly via omission) the definition of "commercial scale," ACTA now covers an awful lot that most people would not, in fact, consider to be "commercial scale." We'll leave it as an exercise to the reader whether these omissions were done through incompetence or for other reasons. From rforno at infowarrior.org Mon Oct 11 17:40:19 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Oct 2010 18:40:19 -0400 Subject: [Infowarrior] - The state of IT security Message-ID: (c/o FR) Greg Shipley has done a must-read piece on the state of the IT security industry. http://www.informationweek.com/news/security/antivirus/showArticle.jhtml?articleID=2 From rforno at infowarrior.org Mon Oct 11 17:45:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Oct 2010 18:45:33 -0400 Subject: [Infowarrior] - Corrected URL ... Re: The state of IT security In-Reply-To: References: Message-ID: http://www.informationweek.com/news/security/antivirus/showArticle.jhtml?articleID=227700360 On Oct 11, 2010, at 18:40 PM, Richard Forno wrote: > (c/o FR) > > Greg Shipley has done a must-read piece on the state of the IT security industry. > > http://www.informationweek.com/news/security/antivirus/showArticle.jhtml?articleID=2 From rforno at infowarrior.org Mon Oct 11 17:51:20 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Oct 2010 18:51:20 -0400 Subject: [Infowarrior] - =?windows-1252?q?Pentagon=92s_193_Mind-Numbing_Cy?= =?windows-1252?q?bersecurity_Regs?= Message-ID: (an oldie but goodie... --rick) Pentagon?s 193 Mind-Numbing Cybersecurity Regs http://www.wired.com/dangerroom/2010/10/read-em-all-pentagons-193-mind-numbing-cyber-security-regs/ From rforno at infowarrior.org Mon Oct 11 21:33:34 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Oct 2010 22:33:34 -0400 Subject: [Infowarrior] - 'Scrapers' Dig Deep for Data on Web Message-ID: <5A08F2FE-F6F4-49EC-B61D-51EC1522B12D@infowarrior.org> OCTOBER 12, 2010 'Scrapers' Dig Deep for Data on Web By JULIA ANGWIN And STEVE STECKLOW http://online.wsj.com/article/SB10001424052748703358504575544381288117888.html At 1 a.m. on May 7, the website PatientsLikeMe.com noticed suspicious activity on its "Mood" discussion board. There, people exchange highly personal stories about their emotional disorders, ranging from bipolar disease to a desire to cut themselves. It was a break-in. A new member of the site, using sophisticated software, was "scraping," or copying, every single message off PatientsLikeMe's private online forums. PatientsLikeMe managed to block and identify the intruder: Nielsen Co., the privately held New York media-research firm. Nielsen monitors online "buzz" for clients, including major drug makers, which buy data gleaned from the Web to get insight from consumers about their products, Nielsen says. "I felt totally violated," says Bilal Ahmed, a 33-year-old resident of Sydney, Australia, who used PatientsLikeMe to connect with other people suffering from depression. He used a pseudonym on the message boards, but his PatientsLikeMe profile linked to his blog, which contains his real name. After PatientsLikeMe told users about the break-in, Mr. Ahmed deleted all his posts, plus a list of drugs he uses. "It was very disturbing to know that your information is being sold," he says. Nielsen says it no longer scrapes sites requiring an individual account for access, unless it has permission. The market for personal data about Internet users is booming, and in the vanguard is the practice of "scraping." Firms offer to harvest online conversations and collect personal details from social-networking sites, r?sum? sites and online forums where people might discuss their lives. The emerging business of web scraping provides some of the raw material for a rapidly expanding data economy. Marketers spent $7.8 billion on online and offline data in 2009, according to the New York management consulting firm Winterberry Group LLC. Spending on data from online sources is set to more than double, to $840 million in 2012 from $410 million in 2009. The Wall Street Journal's examination of scraping?a trade that involves personal information as well as many other types of data?is part of the newspaper's investigation into the business of tracking people's activities online and selling details about their behavior and personal interests. Some companies collect personal information for detailed background reports on individuals, such as email addresses, cell numbers, photographs and posts on social-network sites. Others offer what are known as listening services, which monitor in real time hundreds or thousands of news sources, blogs and websites to see what people are saying about specific products or topics. One such service is offered by Dow Jones & Co., publisher of the Journal. Dow Jones collects data from the Web?which may include personal information contained in news articles and blog postings?that help corporate clients monitor how they are portrayed. It says it doesn't gather information from password-protected parts of sites. The competition for data is fierce. PatientsLikeMe also sells data about its users. PatientsLikeMe says the data it sells is anonymized, no names attached. Nielsen spokesman Matt Anchin says the company's reports to its clients include publicly available information gleaned from the Internet, "so if someone decides to share personally identifiable information, it could be included." Internet users often have little recourse if personally identifiable data is scraped: There is no national law requiring data companies to let people remove or change information about themselves, though some firms let users remove their profiles under certain circumstances. California has a special protection for public officials, including politicians, sheriffs and district attorneys. It makes it easier for them to remove their home address and phone numbers from these databases, by filling out a special form stating they fear for their safety. Data brokers long have scoured public records, such as real-estate transactions and courthouse documents, for information on individuals. Now, some are adding online information to people's profiles. Scraping for Your Real Name PeekYou.com has applied for a patent for a way to, among other things, match people's real names to pseudonyms they use on blogs, Twitter and online forums. Many scrapers and data brokers argue that if information is available online, it is fair game, no matter how personal. "Social networks are becoming the new public records," says Jim Adler, chief privacy officer of Intelius Inc., a leading paid people-search website. It offers services that include criminal background checks and "Date Check," which promises details about a prospective date for $14.95. "This data is out there," Mr. Adler says. "If we don't bring it to the consumer's attention, someone else will." New York-based PeekYou LLC has applied for a patent for a method that, among other things, matches people's real names to the pseudonyms they use on blogs, Twitter and other social networks. PeekYou's people-search website offers records of about 250 million people, primarily in the U.S. and Canada. PeekYou says it also is starting to work with listening services to help them learn more about the people whose conversations they are monitoring. It says it hands over only demographic information, not names or addresses. Employers, too, are trying to figure out how to use such data to screen job candidates. It's tricky: Employers legally can't discriminate based on gender, race and other factors they may glean from social-media profiles. One company that screens job applicants for employers, InfoCheckUSA LLC in Florida, began offering limited social-networking data?some of it scraped?to employers about a year ago. "It's slowly starting to grow," says Chris Dugger, national account manager. He says he's particularly interested in things like whether people are "talking about how they just ripped off their last employer." Scrapers operate in a legal gray area. Internationally, anti-scraping laws vary. In the U.S., court rulings have been contradictory. "Scraping is ubiquitous, but questionable," says Eric Goldman, a law professor at Santa Clara University. "Everyone does it, but it's not totally clear that anyone is allowed to do it without permission." Scrapers and listening companies say what they're doing is no different from what any person does when gathering information online?they just do it on a much larger scale. "We take an incomprehensible amount of information and make it intelligent," says Chase McMichael, chief executive of InfiniGraph, a Palo Alto, Calif., "listening service" that helps companies understand the likes and dislikes of online customers. Scraping services range from dirt cheap to custom-built. Some outfits, such as 80Legs.com in Texas, will scrape a million Web pages for $101. One Utah company, screen-scraper.com, offers do-it-yourself scraping software for free. The top listening services can charge hundreds of thousands of dollars to monitor and analyze Web discussions. Some scrapers-for-hire don't ask clients many questions. "If we don't think they're going to use it for illegal purposes?they often don't tell us what they're going to use it for?generally, we'll err on the side of doing it," says Todd Wilson, owner of screen-scraper.com, a 10-person firm in Provo, Utah, that operates out of a two-room office. It is one of at least three firms in a scenic area known locally as "Happy Valley" that specialize in scraping. How to Protect Yourself Almost every major website you visit is tracking your online activity. Here's a step-by-step guide to fending off trackers. Key tracking terminology Screen-scraper charges between $1,500 and $10,000 for most jobs. The company says it's often hired to conduct "business intelligence," working for companies who want to scrape competitors' websites. One recent assignment: A major insurance company wanted to scrape the names of agents working for competitors. Why? "We don't know," says Scott Wilson, the owner's brother and vice president of sales. Another job: attempting to scrape Facebook for a multi-level marketing company that wanted email addresses of users who "like" the firm's page?as well as their friends?so they all could be pitched products. Scraping often is a cat-and-mouse game between websites, which try to protect their data, and the scrapers, who try to outfox their defenses. Scraping itself isn't difficult: Nearly any talented computer programmer can do it. But penetrating a site's defenses can be tough. One defense familiar to most Internet users involves "captchas," the squiggly letters that many websites require people to type to prove they're human and not a scraping robot. Scrapers sometimes fight back with software that deciphers captchas. Some professional scrapers stage blitzkrieg raids, mounting around a dozen simultaneous attacks on a website to grab as much data as quickly as possible without being detected or crashing the site they're targeting. Raids like these are on the rise. "Customers for whom we were regularly blocking about 1,000 to 2,000 scrapes a month are now seeing three times or in some cases 10 times as much scraping," says Marino Zini, managing director of Sentor Anti Scraping System. The company's Stockholm team blocks scrapers on behalf of website clients. At Monster.com, the jobs website that stores r?sum?s for tens of millions of individuals, fighting scrapers is a full-time job, "every minute of every day of every week," says Patrick Manzo, global chief privacy officer of Monster Worldwide Inc. Facebook, with its trove of personal data on some 500 million users, says it takes legal and technical steps to deter scraping. At PatientsLikeMe, there are forums where people discuss experiences with AIDS, supranuclear palsy, depression, organ transplants, post-traumatic stress disorder and self-mutilation. These are supposed to be viewable only by members who have agreed not to scrape, and not by intruders such as Nielsen. "It was a bad legacy practice that we don't do anymore," says Dave Hudson, who in June took over as chief executive of the Nielsen unit that scraped PatientsLikeMe in May. "It's something that we decided is not acceptable, and we stopped." It's rarely a coincidence when you see Web ads for products that match your interests. WSJ's Christina Tsuei explains how advertisers use cookies to track your online habits. Mr. Hudson wouldn't say how often the practice occurred, and wouldn't identify its client. The Nielsen unit that did the scraping is now part of a joint venture with McKinsey & Co. called NM Incite. It traces its roots to a Cincinnati company called Intelliseek that was founded in 1997. One of its most successful early businesses was scraping message boards to find mentions of brand names for corporate clients. In 2001, the venture-capital arm of the Central Intelligence Agency, In-Q-Tel Inc., was among a group of investors that put $8 million into the business. Intelliseek struggled to set boundaries in the new business of monitoring individual conversations online, says Sundar Kadayam, Intelliseek's co-founder. The firm decided it wouldn't be ethical to use automated software to log into private message boards to scrape them. But, he says, Intelliseek occasionally would ask employees to do that kind of scraping if clients requested it. "The human being can just sign in as who they are," he says. "They don't have to be deceitful." In 2006, Nielsen bought Intelliseek, which had revenue of more than $10 million and had just become profitable, Mr. Kadayam says. He left one year after the acquisition. At the time, Nielsen, which provides television ratings and other media services, was looking to diversify into digital businesses. Nielsen combined Intelliseek with a New York startup it had bought called BuzzMetrics. The new unit, Nielsen BuzzMetrics, quickly became a leader in the field of social-media monitoring. It collects data from 130 million blogs, 8,000 message boards, Twitter and social networks. It sells services such as "ThreatTracker," which alerts a company if its brand is being discussed in a negative light. Clients include more than a dozen of the biggest pharmaceutical companies, according to the company's marketing material. Like many websites, PatientsLikeMe has software that detects unusual activity. On May 7, that software sounded an alarm about the "Mood" forum. David Williams, the chief marketing officer, quickly determined that the "member" who had triggered the alert actually was an automated program scraping the forum. He shut down the account. The next morning, the holder of that account e-mailed customer support to ask why the login and password weren't working. By the afternoon, PatientsLikeMe had located three other suspect accounts and shut them down. The site's investigators traced all of the accounts to Nielsen BuzzMetrics. On May 18, PatientsLikeMe sent a cease-and-desist letter to Nielsen. Ten days later, Nielsen sent a letter agreeing to stop scraping. Nielsen says it was unable to remove the scraped data from its database, but a company spokesman later said Nielsen had found a way to quarantine the PatientsLikeMe data to prevent it from being included in its reports for clients. PatientsLikeMe's president, Ben Heywood, disclosed the break-in to the site's 70,000 members in a blog post. He also reminded users that PatientsLikeMe also sells its data in an anonymous form, without attaching user's names to it. That sparked a lively debate on the site about the propriety of selling sensitive information. The company says most of the 350 responses to the blog post were supportive. But it says a total of 218 members quit. In total, PatientsLikeMe estimates that the scraper obtained about 5% of the messages in the site's forums, primarily in "Mood" and "Multiple Sclerosis." "We're a business, and the reality is that someone came in and stole from us," says PatientsLikeMe's chairman, Jamie Heywood. Write to Julia Angwin at julia.angwin at wsj.com and Steve Stecklow at steve.stecklow at wsj.com From rforno at infowarrior.org Tue Oct 12 06:52:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Oct 2010 07:52:53 -0400 Subject: [Infowarrior] - Long Warfare Theory Message-ID: <2FECE456-64B1-4CDE-ACB3-667DBFD9B7AA@infowarrior.org> http://original.antiwar.com/huber/2010/10/11/long-warfare-theory/ AntiWar.com October 12, 2100 Long Warfare Theory by Jeff Huber ?No nation ever profited from a long war.? - Sun Tzu Sun Tzu?s immortal The Art of War translates into a shade over 10,000 words of American English, roughly 40 pages of aphoristic wisdom presented in language that probably 75 percent of public-school third-graders could understand. One hundred percent of our military officers should understand it, but they don?t, partly because fewer than 10 percent of them have read it. The single-mantra version of Sun Tzu?s philosophy is ?charge downhill, not uphill.?* You?d think that even cadets at West Point and Annapolis and Colorado Springs who graduate at the bottoms of their classes could retain such a short and sweet maxim and comprehend its gist. Yet the history of war is choked with case studies of generals who paid the consequences of attacking uphill when they had every opportunity in the world not to. Perhaps the most celebrated example of this was the Battle of Gettysburg, where Robert E. Lee insisted, despite the strong objection of his deputy James Longstreet, on attacking up not just one hill, but three of them (Little Round Top, Culp?s Hill, and Cemetery Hill). The drubbing Lee invited on himself at Gettysburg was the turning point of the Civil War and the beginning of the end of the Confederacy. That Lee continues to be our most revered and respected general despite having lost both a war and a country by violating the most common gem of military wisdom should tell us something about the kind of reverence and respect we show generals, especially the Long War hooligans we have now. A comparison between Lee and David Petraeus is as unavoidable as it is ludicrous. If we rate Lee, his singular lack of judgment at Gettysburg and all, as a 10, Petraeus weighs in somewhere to the right of the decimal point, and maybe to the right of zero. Petraeus is a bull-feather merchant who gained primacy in the U.S. officer corps through sheer genius for self-promotion and wizardry at public relations. Though he is celebrated as our ?best general? and enjoys a reputation as the military genius who ?wrote the book? on counterinsurgency, he has in fact been singularly and purposefully responsible for entangling us in a long war that he himself admits cannot be won but that we will likely continue to fight for at least another generation. Bob Woodward?s latest book-length spin surgery, titled Obama?s War, quotes Petraeus as saying ?I don?t think you win this war. I think you keep fighting. ? This is the kind of fight we?re in for the rest of our lives and probably our kids? lives.? Petraeus supposedly blurted this and other uncomfortable revelations to Woodward ?after a glass of wine on an airplane.? If Petraeus?s tongue can be yanked that loose with a single glass of wine, the guy?s as much of a drinker as he is a general. Maybe that explains a few things, like how the 190,000 AK-47s he handed out to Iraqi security force recruits vanished like a wallet on a New York City sidewalk and wound up in the hands of militants. If, as prominent warmonger Lindsey Graham suggests, King David Petraeus is ?our best hope,? our ship of state is already on a bow-first vector for the ocean floor. Lamentably, the state of American military wisdom is so pitiable that Petraeus may in fact be the sharpest utensil in a drawer otherwise inhabited by spoons. This is, in part, because of a lack of intellectual integrity in our so-called war college system, the most prestigious icon of which is the U.S. Naval War College (NWC) in Newport, R.I. NWC is home of the annual Global War Game, the template from which all other U.S. military warfare simulations are modeled. Lamentably, NWC war gaming hasn?t been a legitimate test bench for actual war since the 1930s, when the likes of Chester Nimitz and Ray Spruance devised War Plan Orange to defeat the Japanese in the Pacific. During the Cold War, the Global game was rigged to ?prove? that the U.S. Navy would only lose a handful of aircraft carriers in a toe-to-toe slugfest with the Russkies. After the Berlin Wall went Humpty Dumpty, the Global game turned into a venue for validating whatever cockamamie doctrines and weapons systems the three-star in charge of the college wanted to verify. Arthur Cebrowski, president of NWC from 1998 to 2001, used the Global game ? and every other war game he could influence ? to promote his pet ?littoral combat ship? project, a key component of his project to transform the Navy into a worldwide Coast Guard. After retiring from active duty, Cebrowski became his pal Don Rumsfeld?s czar of military transformation, a platform from which he propelled his network-centric warfare concept past everyone?s tonsils. NCW (not to be confused with NWC, mind you) became the new truth among the defense intelligentsia. Cebrowski declared it to be ?an entirely new theory of warfare,? one that involved a ?system of systems? and that turned ?complexity? into a decisive principle of warfare. Cebrowski himself confessed that NCW itself was too complex to define, but that whatever it was, it made all previous thought about the art of war obsolete. NCW critics correctly guessed that Cebrowski was displaying symptoms of a decades-old dose of the bends. Indeed, NCW has never panned out to be anything more than net-eccentric rapture designed to help a good-old-boy network of networks sell pricey hardware like the littoral combat ship to Congress. Harlan K. Ullman and James P. Wade of the National Defense University developed an NCW competitor doctrine now known far and wide as Shock and Awe. One can most accurately understand Shock and Awe by picturing John Candy and Joe Flaherty of the old Second City Television show sitting in front of a flickering TV screen and chortling, ?That Baghdad blowed up good, blowed up real good.? Shock and Awe looked real good on cable news until we discovered Operation Iraqi Freedom hadn?t given us anything but sticker shock and buyer?s remorse. But the most virulent warfare theory to infest our New American Century to date has been the Army and Marine Corps? ?new? counterinsurgency (COIN) doctrine, as manifested in ?the book,? Field Manual 3-24. Contrary to the details of his manufactured legend, the only part of FM 3-24 that Petraeus actually wrote was his signature on the cover page. Maybe he did that so everybody would have an autographed copy. The book?s real authors were a team from the Army War College in Carlisle, Pa., who plagiarized much of its material from older doctrines like the ones that worked out so ducky in Vietnam. COIN doctrine suffers from a fatal internal fallacy. A successful counterinsurgency, the field manual insists, requires a legitimate host government that is in control of an effective security force. But major insurgencies do not occur in states that have a legitimate government and a functional security apparatus. Attempting to create those two entities in a country where they don?t already exist but an insurgency already does is futile, as proven by our experiences in Vietnam, Iraq, and Afghanistan. America?s finest military minds (heh) have committed the best-trained, best-equipped armed force in history to an unending, ruinous war against an enemy that doesn?t have a single tank or airplane or ship and is led by a handful of cave dwellers who don?t even have a fort to fart in. We have to give Lee credit for one thing: in charging uphill at Gettysburg, he was at least trying to gain a decisive victory because he knew his country didn?t have the strategic depth to fight a long war. Petraeus and his extended entourage in academia and defense think tank-dom not only want to charge straight up every hill they encounter, they want to make absolutely certain that their Long War lasts long enough to accomplish what Lee could not: the collapse of the Union. *The Lionel Giles translation reads, ?It is a military axiom not to advance uphill against the enemy, nor to oppose him when he comes downhill.? From rforno at infowarrior.org Tue Oct 12 08:19:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Oct 2010 09:19:36 -0400 Subject: [Infowarrior] - Have College Freshmen Changed? Message-ID: <38F5086C-0425-43BB-B58B-34D7B96C556A@infowarrior.org> Have College Freshmen Changed? For many parents, the first few weeks of college are filled with worry about how their children will handle the shift from high school to the first stage of adult life. (The suicide of Tyler Clementi, the Rutgers freshman, added to those concerns with fears of campus bullying and incivility.) Many campuses have orientation programs to help new students make that transition. Even so, college administrators are struggling to keep up with what their students need. Are social, academic and financial pressures on freshmen becoming more intense? Have freshmen changed? Does the fact that many students are used to "helicopter" parents monitoring and guiding all of their activities affect the transition to college? < -- > http://www.nytimes.com/roomfordebate/2010/10/11/have-college-freshmen-changed From rforno at infowarrior.org Tue Oct 12 10:49:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Oct 2010 11:49:13 -0400 Subject: [Infowarrior] - CMU developing Skynet? Message-ID: The last paragraph is brilliant) http://www.techeye.net/science/computer-reads-the-internet Carnegie Mellon University has taught a computer how to read and learn from the internet. According to Dennis Baron at the Oxford University press blog, the computer is called NELL and it is reading the internet and learning from it in much the same way that humans learn language and acquire knowledge. Basically by soaking it all up and figuring it out. NELL is short for Never Ending Language Learner and apparently it is getting brainier every day. NELL has learned over 440,000 separate things with an accuracy of 74 per cent. This is about the same as a C grade at school. It judges the facts it finds. Some it promotes to the idea of being beliefs if they come from a single trusted source, or if they come from several less reliable sources. One of the problems the boffins have is that more than half of what NELL gives a "beliefs status" too were made from evidence from less reliable sources. This makes NELL more of a rumour mill than a trusted source and once NELL changes a fact to a belief, it stays a belief. It cannot unlearn stuff. This is a big problem when NELL makes mistakes: the computer incorrectly labelled "right posterior" as a body part. How the boffins laughed. NELL's human handlers had to tell NELL that Klingon is not an ethnic group, despite the fact that many earthlings think it is. At the moment NELL thinks that the First Amendment is a musical instrument, the Second Amendment is a 'hobby,' and is completely unwilling to admit to any knowledge of the fifth amendment at all. A bit like the recording industry and most lawmakers in the US. From rforno at infowarrior.org Tue Oct 12 14:45:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Oct 2010 15:45:53 -0400 Subject: [Infowarrior] - Federal judge upholds ban on DATA enforcement Message-ID: <0509734A-0078-4DF2-9D42-046E52140A26@infowarrior.org> Federal judge orders injunction against military gay ban Posted 12m ago http://www.usatoday.com/news/military/2010-10-12-military-gay-ban_N.htm RIVERSIDE, Calif. (AP) ? A federal judge has issued a nationwide injunction stopping enforcement of the "don't ask, don't tell" policy, ending the military's 17-year-old ban on openly gay troops. U.S. District Judge Virginia Phillips' landmark ruling issued Tuesday was widely cheered by gay rights organizations that credited her with getting accomplished what President Obama and Washington politics could not. U.S. Department of Justice attorneys have 60 days to appeal. Legal experts say they are under no legal obligation to do so and they could let Phillips' ruling stand. Phillips declared the law unconstitutional after a two-week trial in federal court in Riverside. The case was brought about by the pro-gay Log Cabin Republicans. Copyright 2010 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Tue Oct 12 15:57:17 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Oct 2010 16:57:17 -0400 Subject: [Infowarrior] - Oh the irony: Copyright groups suing each other Message-ID: <890A883B-9AC5-41E1-8148-7F07D5A40A57@infowarrior.org> Media Copyright Group Sues US Copyright Group Over Trademark Threat from the that's-what-you-get dept http://www.techdirt.com/articles/20101012/10515411392/media-copyright-group-sues-us-copyright-group-over-trademark-threat.shtml We had just written about the rise of a bunch of new pre-settlement shakedown shops, who send out massive amounts of lawsuits over claims of file sharing in order to get people to pay up. Just recently, some had noticed that these firms all seem to copy from each other, and now two of the firms may be heading to court over it. Seriously. An anonymous reader passed along the news that the Media Copyright Group -- which was set up recently by a divorce lawyer to work with porn providers -- has filed for declaratory judgment against US Copyright Group, the offshoot of Dunlap, Grubb & Weaver (the firm that was the first to get attention for bringing these sorts of pre-settlement deals to the US). We had already noted that US Copyright Group appeared to have copied its website from a competitor, but apparently even though US Copyright Group thinks it's okay to copy others, it doesn't like anyone else copying it. A lawyer from Dunlap, Grubb & Weaver sent a cease and desist to Media Copyright Group, alleging trademark infringement. Media Copyright Group filed for a declaratory judgment that it is not infringing: All I can say is that there's something quite amusing about watching two of these law firms suing each other in court, arguing over whether or not one infringed on the other's "intellectual property." From rforno at infowarrior.org Tue Oct 12 20:24:29 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Oct 2010 21:24:29 -0400 Subject: [Infowarrior] - Canon blocks copy jobs by keyword Message-ID: <3018869A-3EF2-4A8B-8AF2-6EA350ABBAB3@infowarrior.org> Canon blocks copy jobs by keyword By Alan Lu on Oct 13, 2010 6:53 AM (5 hours ago) http://www.itnews.com.au/News/235047,canon-blocks-copy-jobs-by-keyword.aspx Prevents unauthorised document use. Canon has demonstrated Uniflow 5, the latest version of its document management system that can prevent users from printing or copying documents containing specific words. Uniflow allows printers, scanners, copiers and multifunction devices to be managed centrally. This allows a record to be kept of how many documents have been printed and by whom for billing purposes - essential for professions that bill clients by the hour or by the amount of work done, such as lawyers and architects. The system requires a Uniflow server and Uniflow-enabled Canon imaging devices. The latest version of Uniflow has a keyword-based security system. Once configured by an administrator, the system can prevent a user from attempting to print, scan, copy or fax a document containing a prohibited keyword, such as a client name or project codename. The server will email the administrator a PDF copy of the document in question if a user attempts to do so. The system can optionally inform the user by email that their attempt has been blocked, but without identifying the keyword in question, maintaining the security of the system. Uniflow 5?s keyword recognition uses optical character recognition (OCR) technology licensed from Belgian OCR firm Iris, technology more commonly used for turning scanned documents into editable text. A determined user who has guessed the prohibited keyword could get around it by simply substituting numbers or other characters for letters, such as z00 instead of zoo, representatives for Canon conceded. Canon representatives were unable to confirm when Uniflow 5 products would be available for purchase. From rforno at infowarrior.org Wed Oct 13 08:13:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Oct 2010 09:13:24 -0400 Subject: [Infowarrior] - Inside the Pentagon's cyber war games Message-ID: Inside the Pentagon's cyber war games Tom Patterson, a participant in the Pacifica games, describes what DOD can learn ? By Tom Patterson ? Oct 12, 2010 ? http://fcw.com/articles/2010/10/12/inside-pentagon-cyber-war-game.aspx Under a constant canopy of low-flying nuclear-capable B-52s, the brand new Cyber-Innovation Center in the shadow of Barksdale Air Force Base in Bossier City, La., provided the perfect setting for the Pentagon's latest cyber challenge ? a public- and private-sector exchange focused on leveraging ?the art of the possible? in a cyber war game setting. Unlike the war-games or exercises prepared for by Barksdale's nuclear strike force ? the Global Strike Command ? these cyber war games, held in September, help prepare America for a different type of battle altogether. Not just Xbox anymore Just to be clear, these war games are about the real effects of a cyberwar, not bloody Call of Duty avatars or losing your Second Life. This is about clever bad guys using bits and bytes to confuse, dissuade or shut-down people and systems, on the battlefield and across America. This is also about making planes fall from the sky, ships sink or drift at sea, and cutting off forward deployed troops from their lifelines. This is about causing chaos in our streets at home due to sudden crashes in our critical infrastructure through manipulation of our banking, transportation, utilities, communications, and other critical infrastructure industries. These are all real scenarios being considered both by the United States, our allies and our adversaries. These cyber war games are in place to ensure that we consider everything, get awareness to what capabilities exist and prepare for it in the event it's ever used against us. Next: A secret weapon A different kind of game War-games usually start with a story-board, where two teams ? Red for bad guys, Blue for good guys ? are presented a fictional scenario and face off in a simulated conflict over some time-period (today or 10-plus years from now), where Red thinks up ways to attack and Blue thinks up ways to counter those attacks and defend U.S. (and global) interests. In the cyber realm, Red's been kicking Blue's butt, so Blue did something radical. They hired Riley Repko away from private industry to develop non-traditional ways to engage the private-sector ? the ?true owners? of the intellectual capital within the cyber domain. Because these defense-centric war games have historically been classified exercises, the participants were always limited to those with security clearances. Although that has always worked well in the kinetic world of air, sea, and ground power, it fails when it comes to cyber power. Much of what is possible in the cyber world is being thought up by people who never would want, or never could get, a Defense Department security clearance. That's where Riley's cyber war-games come into play. Repko is a veteran of both the military (having retired from the U.S. Air Force Reserves in 2006 after 27 years of service), and the private-industry (working 25 years in management positions, including over a decade for Larry Ellison at Oracle). He has come back to the government and is now serving within Air Force Operations and Requirements, leading their engagements efforts, specifically with the private-sector. Because of his transformational thinking, he is currently detailed to the Office of the Secretary of Defense. He knew that if we wanted to tap into American ingenuity and creativity, he would have to change the rules of the game. And that he did. This starts with, as he puts it, ?awareness to what's out there? (capabilities found in the private sector) and their capacity ? specifically, does this solution exist, is it fielded or is it merely an idea still on a napkin? Next: The strategy revealed Setting up the board The key to Riley's plan is the ability to utilize a trusted third-party to perform the ?sanitization and anonymization? functions that shield any over-exposure to vulnerabilities while at the same time protecting the sensitive corporate intellectual property from being misappropriated. This further allows for the widest population of experts (globally) to participate, no longer worrying about clearances or IP issues, and for focus to be given directly to the real war problems at hand. In essence, extending the operational reach of the military through a nexus of collaboration between large and small businesses, the R&D and university communities, venture capital, the inter-agencies and even the 'wizards' ? those hackers and patriots who must be part of the mix. That made this cyber war game unlike its kinetic forefathers ? fully collaborative, quite interesting and demonstrating a new model for going forward. In this game, the Air Force took the time to create an actionable scenario that did not divulge any sensitive or classified material, yet still challenged participants to bring to bear the most creative of technological solutions. Next: The battle is joined! Inside the Pacifica Games After the Air Force set the stage by briefing us on the hostile events transpiring on the fictional island of Pacifica, we went to work. We were briefed in a real world environment, with bits and pieces of information coming in real time. As happens in war, the events escalated over time, with the Red team throwing wave after wave of attacks that were a blend of kinetic and cyber challenges. We had several Air Force officers with our group, to help define the typical military response and requirements in these situations. And then it was up to us. We leveraged what is being thought of, developed and deployed in the private-sector, including IPv6 communications (for ad/hoc networks and covert communications), a variety of transportable identification and authentication systems, including magnetic fingerprints (which are used successfully in the payments world but never before in war), game theory, games development, advertising, social networks, search engines, and much more. As a member of the Blue team, I was joined by technical experts from the intelligence community, former inter-agency federal leaders, academia and the communications, information security, financial, technology and other commercial sectors. The representatives from each of these organizations were not the typical business development types (for the most part), but rather that one person that most companies keep locked in their vault, as they know more about their subject than anyone else. We knew this would be different from a typical business meeting when they had us all remove the batteries from our BlackBerrys and mobile phones, and completely power down our iPhones ? explaining how advisories can load malware onto mobile devices that allow remote activation of our microphones. They didn't want us tipping our Blue hand before we even got out of the gate. We had a Blue team member design on the board a new way to communicate, using adaptive lasers, despite the formidable enemy communications deterrence over Pacifica. This was something his company never deployed, because he knew of no commercial need, yet seemed to provide a workable countermeasure to the Pacifica ?enemy.? We also developed a low-tech idea that repurposed soccer balls that also holds promise. In these games, everything was on the table. Over the two days of the game, the Blue team offered over a dozen possible countermeasures to the Red team?s aggression, and followed our guidance to ?find ways around the problem, if you can't stop it directly.? Lots of mash-ups were created that I've never seen before, which could well be steps toward defending our nation. Next: Debriefing Stopping a real cyber-war While I can't say that the Blue team ?won? the game, I do know that this is the way to develop our defenses going forward. Cyber war is so radically different than kinetic war, and the participants got very realistic demonstrations about the how the mash-up of both is changing everything. This approach to the problem will be a critical success factor of the future. Yet we still need to do better. These Pacifica games demonstrated both the need and ability of this approach, but DOD needs to make this a long-term trusted component of their planning, and that requires three next steps: Step 1. Use the fruits of the Pacifica war-game by linking and sharing the most promising of ideas to their most appropriate government partner, and get them going as projects. By tapping into the private-sector, you will be amazed as to what the 'art of the possible' is near-term. Step 2. Build out the collaboration framework elements identified and developed by Mr. Repko. The ?sanitizer and anonymizer? mechanism managed through a trusted but neutral administrator could enable both the Defense Industrial Base and the 17 other Information Sharing and Analysis Centers, small technology businesses, research and academic organizations to safely register and collaborate their potential technologies, gaps and seams with DOD and inter-agencies' and assist them with defining their cyber-warfare requirements. Step 3. Widen the circle of participants for the future games, more commercial experts from smaller and more unique companies, design in the use of tele-presence to lower the burden on small business to participate, and spread the word through all business sectors that DOD (and federal agencies) are now 'open' for business. I was proud to both advise and participate in the Pacifica cyber war game workshop. Along with many of my commercial colleagues, I look forward to the Pentagon taking the next steps with the support of the science and technology communities of Congress, DHS, and especially the private-sector. We can and must leverage the best innovation our country has to offer in the defense of our freedoms. From rforno at infowarrior.org Wed Oct 13 08:14:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Oct 2010 09:14:53 -0400 Subject: [Infowarrior] - Pentagon Partners With NATO To Create Global Cyber Warfare System Message-ID: <3F4BCAD9-9A5B-4A74-A39C-0BF4E0D13735@infowarrior.org> Pentagon Partners With NATO To Create Global Cyber Warfare System Saturday, 09 October 2010 00:04 Written by Rick Rozoff http://www.eurasiareview.com/201010088921/pentagon-partners-with-nato-to-create-global-cyber-warfare-system.html U.S. Cyber Command is scheduled to be activated this month, in the words of a Reuters dispatch "ready to go to war in cyberspace" with full operational capability. The launching of the world's first multi-service - with the involvement of all major branches of the U.S. armed forces: Air Force, Army, Marine Corps and Navy - military command is being coordinated with a complementary initiative by the North Atlantic Treaty Organization in Europe, the joint effort striving toward a worldwide cyber warfare system. Last month the U.S. Defense Department's Joint Task Force Global Network Operations command was deactivated and absorbed into U.S. Cyber Command (CYBERCOM) after a decade-long existence. In describing the transition, the Pentagon's press service recounted that the task force had worked on "the best ways to operate on the cyber battlefield" with "a dual mission to conduct offensive and defensive cyber operations." In 2003 it was assigned to U.S. Strategic Command (STRATCOM), under whose sponsorship CYBERCOM is also being inaugurated. The next year Joint Task Force Global Network Operations was reconfigured "to assume the offensive role" of the above-mentioned shield-and-sword function. Air Force General Kevin Chilton, the commander of U.S. Strategic Command, presided over the September 7 turnover ceremony. Army Lieutenant General Carroll Pollett, head of the Task Force Global Network Operations since 2008, is now reduced to remaining director of the Defense Information Systems Agency, at whose Arlington, Virginia site the ceremony was held, though the Pentagon's Defense Information Systems Agency is slated to follow CYBERCOM to Fort Meade, Maryland. General Pollett's comments at the event included: "(Information) has become an operational imperative in our ability to deliver decisive capabilities to warfighters and our national leaders. "Cyberspace has evolved into a new warfighter domain. "Cyberspace has proven equal and just as important as air, sea, land and space as a domain. It's clear that it must be defended and operationalized." [1] His characterization of cyber space as the fifth military domain is consistent with the standard use of that trope by Pentagon officials, a variant of which is fifth battlespace. [2] When the leaders of the mightiest military in the history of the world discuss adding a new dimension to the traditional ones of infantry, air force, navy, marine, and satellite and missile operations, they are planning not only for an extension of warfare preparations to a new realm but into one which is related to and in many ways dominates the others. The first commander of CYBERCOM, General Keith Alexander, said two weeks after his appointment and CYBERCOM's launching on May 21 that the Pentagon "depends on its networks for command and control, communications, intelligence, operations and logistics" and that the mission of his command is to "deter, detect and defend against emerging threats against our nation in cyberspace." The general, who is simultaneously head of the Defense Department's National Security Agency, also said that "clear rules of engagement" need to be defined for cyber warfare and that "We have to look at it in two different venues - what we're doing in peacetime and in wartime." [3] In his first public comments since assuming his new command, Alexander was already speaking of its role within a war context. A few days before, Strategic Command chief Chilton and Deputy Secretary of Defense William Lynn also asserted that CYBERCOM's next priority is "to develop the rules of engagement of cyber warfare." [4] On the rare occasions when the Pentagon's establishing an unprecedented military command for cyber operations is mentioned in the news media at all, the preferred word in defining its purpose is defense. When military and Defense Department personnel speak among themselves more direct terms are employed: Warfare, warfighting, wartime, rules of engagement, battlefield, battlespace. Regarding Washington's use of the word defense in general, when the U.S. changed the name of the Department of War to the Department of Defense in 1949 it achieved one thing: The name was changed. A year later the Defense Department was embroiled in the Korean War. The American military has not been used to defend the U.S. mainland since 1812, when the United States instigated a war with Britain by invading Canada. It has not been used even to defend American territories since the less-than-effective defense of Pearl Harbor in 1941 (Hawaii did not become a state until 18 years later) and ensuing fighting in even more remote island possessions: The Philippines, Guam, Wake Island and the Midway Atoll. During the U.S.'s first war in Europe, initially in France and later in Soviet Russia from 1917-1919, Washington called its armed forces what they were. Expeditionary. In the war waged by the U.S. and NATO against Yugoslavia in 1999 and in the invasion of Iraq four years later the two countries' power, broadcasting and telecommunications networks were targeted for disabling and destruction. In the case of Yugoslavia graphite bombs were used to shut down the nation's electrical power grid. Recent rumors that the Stuxnet computer virus was used to attack Iran's civilian nuclear power plant at Bushehr provide an example of how the capabilities CYBERCOM is developing for its offensive, its wartime, contingencies could be employed. In a world increasingly dependent on information technology, cruise missiles and graphite bombs have been superseded by cyber attacks. In addition to the Pentagon's Prompt Global Strike project [5] for launching intercontinental ballistic and hypersonic cruise missile strikes anywhere in the world within 60 minutes, with the interval to shrink to a fraction of that time in the future, and with the development of super stealthy strategic bombers able to evade radar and air defenses and penetrate deep into the interior of targeted countries, a global cyber warfare capability would render the world defenseless in the face of American blackmail. And attacks. The foreign equivalents of the Pentagon's Command, Control, Communications, Computers, Intelligence, Surveillance and Reconnaissance (C4ISR) system could be neutralized. Not only would Iran be vulnerable, but Russia and China as well. The September-October edition of Foreign Affairs, the journal of the Council on Foreign Relations, contains an article by Deputy Secretary of Defense William Lynn called "Defending a New Domain: The Pentagon's Cyberstrategy" in which he announced that "the Pentagon has built layered and robust defenses around military networks and inaugurated the new U.S. Cyber Command to integrate cyberdefense operations across the military," [6] and where he spelled out the five components of the Pentagon's cyber warfare strategy: - Cyber must be recognized as a warfare domain equal to land, sea, and air; - Any defensive posture must go beyond ?good hygiene? to include sophisticated and accurate operations that allow rapid response; - Cyber defenses must reach beyond the department?s dot-mil world into commercial networks, as governed by Homeland Security; - Cyber defenses must be pursued with international allies for an effective ?shared warning? of threats; and - The Defense Department must help to maintain and leverage U.S. technological dominance and improve the acquisitions process to keep up with the speed and agility of the information technology industry. [7] The Defense Department is due to release a cyber strategy document this autumn, synchronized with the full operationalization of CYBERCOM and ahead of the NATO summit in Portugal on November 19-20. On August 28 the Washington Post ran a feature entitled "Pentagon considers preemptive strikes as part of cyber-defense strategy" which detailed the following: The Defense Department is working on "an aggressive approach" to cyber operations which "includes preemptive actions such as knocking out parts of an adversary's computer network overseas." According to Pentagon budget documents, it is developing a full range of weapons capabilities to permit "attack and exploitation of adversary information systems" that will "deceive, deny, disrupt, degrade and destroy" information and information systems. The deployment of software and hardware tools for the above purposes is "the next logical step in a cyber strategy outlined last week by Deputy Secretary of Defense William J. Lynn III," one of so-called "active defense." [8] In August CYBERCOM chief General Keith Alexander spoke at the LandWarNet 2010 conference in Tampa, Florida whose theme was Providing Global Cyber Dominance to Joint/Combined Commanders. He reiterated the contention that "cyberspace is now a domain alongside air, land, sea, and space." [9] More ominously, he added: "We have to have offensive capabilities, to, in real time, shut down somebody trying to attack us." [10] For "active defense" read the capacity to launch preemptive attacks not only on individual hackers but on entire national computer networks. The Washington Post cited an unnamed senior Pentagon official arguing the same point: "I think we understand that in order for us to ensure integrity within the military networks, we've got to be able to reach out as far as we can - once we know where the threat is coming from - and try to eliminate that threat where we can." Even though "taking action against an attacker's computer in another country may well violate a country's sovereignty." [11] A reporter from the newspaper warned that "The Pentagon has standing rules of engagement for network defense, such as the right of self-defense. But the line between self-defense and offensive action can be difficult to discern." [12] Reactions to the above statements and others like them have emanated from Russia and China, if not from official sources. A Russian website posted an analysis last month under the title "US gets ready to knock the world offline" which stated that "After October 1 [the original date for activating CYBERCOM as an independent command] thousands of US military hackers and spies will get down to their cyber war activities." [13] The author reminded his readers that in April of this year Central Intelligence Agency Director Leon Panetta unveiled the CIA 2015 blueprint for the next five years, the "second pillar" of which includes "investing in technology to extend the CIA?s operational and analytic reach and becom[ing] more efficient. Agency personnel must be able to operate effectively and securely in a rapidly changing global information environment. The plan boosts the CIA?s potential for human-enabled technical collection and provides advanced software tools...." [14] In May, the same month CYBERCOM was activated, the White House approved this year's Cyberspace Policy Review. The Russian source also said that "Numerous publications in the US mass media show that the reform of the national cyber defense forces as well as the introduction of the doctrine and strategy of cyber war are soon to be completed. As for the US cyber strategy, we can assume that it is in line with the general concept of US global leadership." [15] A few weeks ago an article appeared in the Global Times by a researcher at the Development Research Center of the State Council of China who wrote, "To control the world by controlling the Internet has been a dominant strategy of the US" and "the national information security strategy of the US has evolved from a preventative strategy to a preemptive one." "The ultimate goal is for the US to [have] the ability to open and shut parts of the Internet at will." The article claims that in 2004 the U.S. shut down the "ly" domain name and cut off all Internet services in Libya and "In May 2009, Microsoft announced on its website that they would turn off the Windows Live Messenger service for Cuba, Syria, Iran, Sudan and North Korea, in accordance with US legislation." [16] The Washington Post story quoted from earlier added that the Pentagon's disabling of a Saudi website in 2008 "also inadvertently disrupted more than 300 servers in Saudi Arabia, Germany and Texas." [17] The Chinese author further asserted that "the five core areas of Internet infrastructure are monopolized by US": - IT giants, including high-performance computers, operating systems, database technologies, network switching technologies and information resource libraries. - Across the world, around 92.3 percent of personal computers and 80.4 percent of super computers use Intel chips, while 91.8 percent of personal computers use Microsoft operating systems, and 98 percent of core server technology lies in the hands of IBM and Hewlett-Packard. - Meanwhile, 89.7 percent of database software is controlled by Oracle and Microsoft, and 93.5 percent of core patented network switching technology is held by US companies. - After the control of Internet infrastructure and hardware and software systems, the US is now turning to Internet content. - The US government has adopted macro-control and focus-funding to actively use IT giants to create a global Internet infrastructure which could be manipulated by the US. [18] He also mentioned that Senator Joseph Lieberman, chairman of the Senate Committee on Homeland Security and Governmental Affairs, recently presented to his colleagues in the Senate a bill called Protecting Cyberspace as a National Asset which provides for the president to "order Google, Yahoo and other search engine operators to suspend Internet services. "And other US-based Internet service providers could also be under the control of the president when 'Internet security emergencies' occur. "If so, the US president would officially have the power to open or close the Internet." [19] The Chinese expert's apprehensions were confirmed by retired Air Force general Michael Hayden - director of the National Security Agency from 1999-2005, principal deputy director of National Intelligence from 2005?2006 and director of the CIA from 2006-2009 - who last month stated, as paraphrased by Reuters, that "Cyberterrorism is such a threat that the U.S. president should have the authority to shut down the Internet in the event of an attack." In his own words: ?My personal view is that it is probably wise to legislate some authority to the President, to take emergency measures...when he feels as if he has to take these measures? [20] The Pentagon and the White do not intend to act alone in developing an international cyber warfare structure. U.S. cyber warfare security experts met in Omaha, Nebraska shortly after CYBERCOM was inaugurated in May for a two-day Strategic Command Cyberspace Symposium which included "cyber commanders from several U.S. combatant commands, NATO, Japan and the U.K." [21] In the same month, May, the NATO Group of Experts headed by former U.S. Secretary of State Madeleine Albright released its report, NATO 2010, which stated "NATO should plan to mount a fully adequate array of cyber defence capabilities, including passive and active elements." [22] A feature three weeks later in the Sunday Times of London disclosed that "A report by Albright's group said that a cyber attack on the critical infrastructure of a Nato country could equate to an armed attack, justifying retaliation. "'A large-scale attack on Nato's command and control systems or energy grids could possibly lead to collective defence measures under article 5,' the experts said." The article also cited a legal expert at NATO's Cooperative Cyber Defence Centre of Excellence established in Estonia in 2008 affirming that "because the effect of a cyber attack can be similar to an armed assault, there is no need to redraft existing treaties." That is, the Alliance's Article 4 - used to move Patriot anti-ballistic missiles into Turkey on the eve of the war against Iraq in 2003 - and its Article 5 - used for NATO's participation in the war in Afghanistan - can be evoked and activated in the event of a cyber attack. The Sunday Times piece added: "[NATO] concerns follow warnings from intelligence services across Europe that computer-launched attacks from Russia and China are a mounting threat. "NATO is considering the use of military force against enemies who launch cyber attacks on its member states. "The move follows a series of Russian-linked hacking against Nato members and warnings from intelligence services of the growing threat from China." [23] The preceding month the 13th NATO Cyber Defence Workshop was held in the Estonian capital of Tallinn. Speaking to the attendees, Defence Minister Jaak Aaviksoo said, "The robust national cyber security systems of Allies will be building blocks of a convincing NATO cyber defence capability." [24] In June a four-day international conference "tackling the issue of cyber conflicts" was held at the NATO center in Estonia, which borders Russia. A keynote address was delivered by Melissa Hathaway, Cybersecurity Chief at the U.S. National Security Council. Gloria Craig, Director for International Security Policy at Britain's Ministry of Defence, insisted on the urgency of expanded cyber warfare capacities, stating "As of now NATO is not prepared for a global cyberattack." [25] Also in June, over "100 participants from leading global IT companies, the banking sector, the intelligence community, NATO, the EU and other institutions" attended the Cyber Defence in the Context of the New NATO Strategic Concept conference in Romania, which issued a report advocating that "NATO must accelerate efforts to respond to the danger of cyber attacks by protecting its own communications and command systems, helping Allies to improve their ability to prevent and recover from attacks, and developing an array of cyber defence capabilities...." [26] In August NATO revealed that it has created a new Emerging Security Challenges Division "in order to deal with a growing range of non-traditional risks and challenges," including cyber operations. "The Emerging Security Challenges Division brings together various strands of expertise already existent in different parts of NATO Headquarters. Merging this work into one Division will give it greater focus and visibility." [27] This month NATO's Consultation, Command and Control Agency (NC3A) organized a conference in the Czech Republic, and the Alliance's advanced technologies procurement agency announced that "NATO is looking at beginning to invest up to 930 million euros ($1.3 billion) in 2011 and 2012 in multi-year projects to address key security challenges, such as cyber defence, support to NATO's Afghanistan effort and maritime security." [28] A recent report divulged that in an interview with the Suddeutsche Zeitung NATO Secretary General Anders Fogh Rasmussen said he wants the Alliance to "extend the definition of attacks which trigger activation of the alliance to include cyber attacks" [30] as part of the new Strategic Concept to be endorsed at its summit next month. In mid-September the Pentagon's second-in-command, William Lynn, was in Brussels to address the North Atlantic Council, NATO's highest governing body, as well as a defense-related think tank. [29] Rallying Washington's military allies ahead of the summit in November, he said: "NATO has a nuclear shield, it is building a stronger and stronger [missile] defence shield, it needs a cyber shield as well....The Cold War concepts of shared warning apply in the 21st century to cyber security. Just as our air defences, our missile defences have been linked so too do our cyber defences need to be linked as well." [31] As Lynn arrived in Brussels U.S. European Command was finishing the 15-day Combined Endeavor 2010 exercise, "the world's largest military communications and information systems exercise," at the Joint Multinational Simulations Center at the Grafenwoehr Training Area in Germany, Altogether there were 1,400 participants from 40 countries: The U.S., Germany, Austria, Afghanistan, Armenia, Albania, Azerbaijan, Bulgaria, Bosnia, Britain, Canada, Croatia, the Czech Republic, Denmark, Estonia, France, Finland, Germany, Georgia, Hungary, Italy, Iraq, Ireland, Kazakhstan, Lithuania, Macedonia, Moldova, Montenegro, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia, Switzerland, Spain, Serbia, Turkey and Ukraine. A U.S. European Command spokesman said of the event: "There's an 'endeavor' now in the Pacific, Pacific Endeavor. There is one in North America that uses South America and Canada to interconnect their network communication systems. This exercise that we do here in Grafenwoehr has branched-out world-wide, and every major command is launching their version of it." [32] Since 2006 the U.S. has also led Africa Endeavor military exercises on the continent, "Africa's largest communications interoperability exercise," [33] first under U.S. European Command and recently under the new U.S. Africa Command. Africa Endeavor 2010 was held in Ghana in August with the participation of 36 African nations. Worldwide is the correct word for the military network the Pentagon has built in recent years, as is evidenced by the nations participating under U.S. command in Combined Endeavor 2010 and Africa Endeavor 2010: 75 countries with Afghanistan and Iraq among them. American-led multinational training exercises and war games on the same scale are routinely held throughout Europe, at the moment this year's second Joint Warrior exercise - Europe's largest war games - in, off the coast and over the skies of Scotland with 30 countries, 10,000 troops, 30 warships, three submarines and 21 air and helicopter units. Military maneuvers of comparable size occurred during the summer in the Asia-Pacific region when the U.S. led this year's 14-nation Rim of the Pacific war games, the world's largest multinational maritime exercise, with an estimated 22,000 troops, 34 ships, five submarines and over 100 aircraft involved. [34] Last month's Combined Endeavor exercise in Germany included a cyber defense component for the first time. Participants from 26 countries and two organizations, NATO and the Cooperative Cyber Defence Centre of Excellence based in Estonia, engaged in planning for cyber operations at the Joint Multinational Simulations Center in Grafenwoehr from September 3-15. Since the end of the Cold War, and especially in the past decade, the Pentagon has expanded its activities - bombing campaigns, wars, invasions, multinational maneuvers and war games, base building and takeovers, troop and missile shield deployments, training programs, establishing military transport networks - throughout the world. Through the eastward expansion of NATO, the world's only military bloc, and the launching of U.S. Africa Command two years ago, the U.S. has gained military dominance over two entire continents. It has military partnerships with almost every nation in Europe, Africa, the Middle East and Asia, and has acquired new bases and other military facilities in Eastern Europe, Africa, the Middle East, Asia, the South Pacific and South America: Kosovo, Bulgaria, Romania, Hungary, Poland, Djibouti, Seychelles, Iraq, Israel, Kuwait, Afghanistan, Kyrgyzstan, Australia and Colombia. Washington has increased its military presence in several continents to achieve its 21st century geopolitical objectives. To control access to and the transport of hydrocarbon resources, the Pentagon has expanded its role in the Persian Gulf, Africa's Gulf of Guinea, the Black Sea and in nations near the Caspian Sea Basin. With the reactivation of the U.S. Fourth Fleet in 2008, the U.S. is positioned to dominate the Caribbean Basin, including Colombia, Venezuela and Panama on its southern shores. The U.S. is putting the pieces in place for a global interceptor missile system with the deployment, directly and with partners, of Patriot Advanced Capability-3, Standard Missile-3, Terminal High Altitude Area Defense, X-Band Radar and other missile shield components to Poland, Israel, Bahrain, Kuwait, Qatar, the United Arab Emirates, Japan, South Korea and Australia, with the Black Sea, the Mediterranean Sea, Baltic Sea and South Caucasus as planned future sites. The Pentagon will be satisfied with nothing less than full spectrum dominance throughout the world - and above the world. It is now adding to its military superiority in the realms of land, air, sea and space control of the fifth battleground: Cyberspace. From rforno at infowarrior.org Wed Oct 13 08:45:14 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Oct 2010 09:45:14 -0400 Subject: [Infowarrior] - CFR: Time for U.S. to assert itself on the Internet Message-ID: <13DAB2C7-3EF0-4518-9B5D-E6E968D9CEBF@infowarrior.org> CFR Report @ http://www.cfr.org/content/publications/attachments/Cybersecurity_CSR56.pdf Time for U.S. to assert itself on the Internet, report says Council contends the Internet is too important to leave governance to someone else ? By William Jackson ? Oct 04, 2010 ? http://gcn.com/articles/2010/10/04/cybereye-box-us-should-assert-itself-on-internet.aspx The international community has failed to develop an effective model for governing the Internet, and the United States must assert its interests in overseeing the infrastructure that plays a vital part in its national security and economic well-being, according to a new report from the Council on Foreign Relations. The report, by Robert Knake, notes that the annual cost of cyber crime is estimated at $1 trillion and that cyberattacks are becoming a part of warfare and diplomacy. ?While no fewer than six U.N. bodies and multiple regional and national forums have sought to build a consensus on the future of Internet governance, there has been little progress thus far,? the report states. ?The United States has largely abstained from these discussions, instead focusing on developing its own offensive and defensive cybersecurity capabilities while entrusting the ongoing stability of the system to the expertise of the private sector.? Knake said the United States can no longer afford to cede the initiative on Internet governance to nations that do not share its interests, and the country should pursue its own agenda for dealing with cyber warfare, cyber crime and state-sponsored espionage through legislation and technology. From rforno at infowarrior.org Sat Oct 16 06:49:38 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Oct 2010 07:49:38 -0400 Subject: [Infowarrior] - Remembering Jon Postel Message-ID: <678046B3-380F-4EB6-856E-E6E5EAA9408C@infowarrior.org> Jon Postel (August 6, 1943 -- October 16, 1998) Remembering Jonathan B. Postel Working with Jon By Danny Cohen http://www.postel.org/remembrances/cohen-story.html In 1973, after doing interactive flight simulation over the ARPAnet, I joined ISI and applied that experience to interactive speech over the ARPAnet. The communication requirements for realtime speech were unique (more like UDP than like TCP). This got me involved in the Network Working Group, and I started another project at ISI called "Internet Concepts". In 1977 Steve Crocker, who was then at ISI, told me that Jon was willing to join us, and that Jon will be a great addition to my Internet Concepts project. Steve was right on both accounts. Jon and I worked together from March-1977 until 1993 when I left ISI. According to ISI's management Jon worked for me for several years, and I worked for him for several years. In reality we never worked for each other, we always worked together, to advance the technology that we believed in. Over most of those 16 years we had our offices together, and always worked with each other, even when we worked on totally different projects. Jon was always most pleasant to work with. He was most caring both about the project, and about the individuals on the team. He was always full of great intentions and humor. Jon was always ready for mischiefs, one way or another. He was always game to hack something. When I worked on the MOSIS project, in 1980, users submitted their VLSI designs to us by e-mail. For several defense contractors, getting access to the ARPAnet was too complex. We suggested that they would use a commercial e-mail service, like TELEmail, instead. Then we had the problem of getting all these e-mail systems to interoperate, since none of them was willing to interoperate with the others. Jon and I solved this problem during one long night of hacking. This hack later became the mail-tunnel that provided the service known as "InterMail", for passing e-mail between various non-cooperating systems, including systems like MCImail and IEEE's COMPmail. I'm sure that Jon was so enthusiastic to work with me on it for two reasons: * Such interoperability among heterogeneous e-mail systems was our religion, with no tolerance for separatism; * We definitely were not supposed to do it. Jon hated bureaucracy and silly rules, as Cary Thomas so well described. Too bad that we lived in an environment with so many rules. We started Los-Nettos without lawyers and without formal contracts. Handshakes were good enough. At that time several other regional networks started around the country. Most of them were interested in glory, in expansion, and in fortune. Jon was interested only in getting the problem solved. This was Jon's priority, both at work, and in his life. I found it funny to read in the papers that Jon was the director of IANA. Jon was IANA. Much more important, Jon was the corporate memory of the Internet, and also the corporate style, and technical taste of the internet. Jon was an authority without bureaucracy. No silly rules! Jon's authority was not derived from any management structure. It was due to his personality, his dedication, deep understanding, and demanding technical taste and style. Jon set the standards for both the Internet standards and for the Internet standardization process. Jon turned the RFCs into a central piece of the standardization process. One can also read that Jon was the editor of the RFC, and may think that Jon checked only the grammar or the format of the RFCs. Nothing could be further from the truth, not that he did not check it, but in addition, being the corporate memory, Jon had indicated many times to authors that earlier work had treated the same subject, and that their work would be improved by learning about that earlier work. For the benefits of those in the audience who are either to young or too old to remember let me recall some recent history: The Internet protocols (mainly IP, TCP, UDP, FTP, Telnet, FTP, and even SNMP) were defined and documented in their RFCs. DoD adopted them and announced a date by which all of DoD units would have to use TCP/IP. They even translated RFC791 from Jon's English to proper Militarese. However, all the other countries (i.e., their governments and PTTs) joined the ISO wagon, the X25 based suite of OSI protocols. The US government joined them and defined GOSIP. All the large computer companies (from IBM and DEC down) announced their future plans to join the GOSIP bandwagon. DoD totally capitulated and denounced the "DoD unique protocols" and was seeking ways to forget all about them, spending million of dollars on GOSIP and X500. Against them, on the Internet side, there was a very small group of young Davids. The OSI camp had its prestige, but we had working systems, a large community of devotees, and properly documented protocols that allowed integration of the TCP/IP suite into every UNIX system, such as in every SUN workstation. Against the strict laws in Europe, their universities developed an underground of Internet connections. One could get from California to the university in Rome by going first over the Internet across the US to the east coast, then to the UK, then using some private lines to France, then to CERN in Switzerland, and from there to Rome - while breaking the laws of all those countries with every packet. Meanwhile, in the states, Academia, and the research communities, never knew about GOSIP. The Internet, against all the conventional wisdom, grew without anyone being in charge, without central control, and without any central planning. The war between the ISO and the TCP/IP camps never took place. One camp turned out to be a no show. What made it all possible was the wise selection of what to standardize and what not to, and the high quality of the standards in the series of living documents. Our foundation and infrastructure of standards was the secret weapon that won the war. Jon created it, using the RFC mechanism initiated by Steve Crocker. It was Jon who immediately realized their importance, and the need for someone to act as the curator, and volunteered. The lightning speed with which Microsoft joined the Internet was not possible without the quality of the existing standards that were so well documented. During the transition from ARPA, through the NSF, to the commercial world there was a point in which the trivial funding required for the smooth operation of editing and distributing the RFCs was in doubt. At that time the prospect of not having funds to run this operation was very real. Finally the problem was solved and the process suffered no interruption. What most of the involved agencies and managers did not know is that there was never a danger of any interruption. Jon would have done it even with no external funding. If they did not pay him to do it, he would have paid them to let him do it. For him it was not a job, it was labor of love. Jon never joined the PowerPoint generation. Jon always believed that the content was the only thing that matters. Hand written slides were good enough. Color and logos were distractions, a necessary evil in certain occasions, not the style of choice. Jon defined quality by counting interesting ideas, not points per inch. When fancy formatting creeped into the Internet community, Jon resisted the temptation to allow fancy formats for RFCs. Instead, he insisted on them being in ASCII, easy to e-mail, guaranteed to be readable anywhere in the world. The instant availability and usability of RFCs was much more important to him than how fancy they looked. The Internet was not just a job for Jon. It was his hobby and his mission in life. We will miss Jon, who was for the Internet its corporate memory, its corporate style, and its corporate taste. I will miss him even more as a colleague and a friend. In Summary: * Jon was pleasant, fun/funny, and unselfish. He was full of mischief, adventure, humor, and caring. He was devoted to his work, to the Internet, and to the people that worked with him. * It was great working together and having neighboring offices for 16 years. * Jon set the standards for the Internet standards. * Jon was the Internet's corporate memory, the corporate taste, and the corporate style. * Jon was an authority without bureaucracy. * Jon was an Internet Missionary. * Jon was a great friend that I will miss forever. From rforno at infowarrior.org Sun Oct 17 13:59:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Oct 2010 14:59:53 -0400 Subject: [Infowarrior] - Pentagon braces for huge WikiLeaks dump on Iraq war Message-ID: Pentagon braces for huge WikiLeaks dump on Iraq war 1:53pm EDT By Phil Stewart http://www.reuters.com/article/idUSTRE69G19520101017 WASHINGTON (Reuters) - The Pentagon said on Sunday it had a 120-member team prepared to review a massive leak of as many as 500,000 Iraq war documents, which are expected to be released by the WikiLeaks website sometime this month. Pentagon spokesman Col. Dave Lapan told Reuters the timing of the leak remained unclear but the Defense Department was ready for a document dump as early as Monday or Tuesday, a possibility raised in previous WikiLeaks statements. Still, people familiar with the upcoming leak told Reuters they do not expect WikiLeaks to release the classified files for at least another week. If confirmed, the leak would be much larger than the record-breaking release of more than 70,000 Afghan war documents in July, which stoked debate about the 9-year-old conflict but did not contain major revelations. It was the largest security breach of its kind in U.S. military history. "It's the same team we put together after the publication of the (Afghan war documents)," Lapan said, adding it was unclear how many of the 120 personnel would be needed to contribute to the Iraq leak analysis. Although the Iraq conflict has faded from public debate in the United States in recent years, the document dump threatens to revive memories of some of the most trying times in the war, including the Abu Ghraib prisoner abuse scandal. It could also renew debate about foreign and domestic actors influencing Iraq, which has been wrestling with a political vacuum since an inconclusive election in March. One source familiar with the Iraq documents said they are likely to contain revelations about civilian casualties, but expected them to cause less of a stir than the Afghan leak. Lapan said the Pentagon team believed it knew which documents WikiLeaks may be releasing since it had already reviewed the Iraq war file. That could speed up its assessment about potential fallout. NO INTEL SOURCES COMPROMISED At the time of the Afghan war leak, the top U.S. military officer, Admiral Mike Mullen, warned that WikiLeaks may have the blood of U.S. soldiers and Afghan civilians on its hands because it had leaked documents naming U.S. collaborators. Still, U.S. Defense Secretary Robert Gates said in a letter to the head of the Senate Armed Services Committee, viewed by Reuters, that the leak had not revealed any "sensitive intelligence sources or methods." Gates said disclosing the names of cooperating Afghans, who could become targets for the Taliban, could cause "significant harm or damage to national security interests of the United States." The letter was dated August 16. WikiLeaks says it is a non-profit organization funded by human rights campaigners, journalists and the general public. But the Pentagon has demanded it return classified information and critics have questioned its perceived anti-war agenda. So far the investigation into the Afghan war leak has focused on Bradley Manning, who worked as an Army intelligence analyst in Iraq. Manning is already under arrest and charged with leaking a classified video showing a 2007 helicopter attack that killed a dozen people in Iraq, including two Reuters journalists. The Pentagon, citing the criminal investigation, has refused to discuss the Manning case. (Additional reporting by Mark Hosenball; Editing by Doina Chiacu) From rforno at infowarrior.org Sun Oct 17 20:43:08 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Oct 2010 21:43:08 -0400 Subject: [Infowarrior] - Facebook in Privacy Breach Message-ID: ? TECHNOLOGY ? OCTOBER 18, 2010 Facebook in Privacy Breach Top-Ranked Applications Transmit Personal IDs, a Journal Investigation Finds By EMILY STEEL And GEOFFREY A. FOWLER http://online.wsj.com/article/SB10001424052702304772804575558484075236968.html Many of the most popular applications, or "apps," on the social-networking site Facebook Inc. have been transmitting identifying information?in effect, providing access to people's names and, in some cases, their friends' names?to dozens of advertising and Internet tracking companies, a Wall Street Journal investigation has found. The issue affects tens of millions of Facebook app users, including people who set their profiles to be completely private. The practice breaks Facebook's rules, and renews questions about its ability to keep identifiable information about its users' activities secure. The problem has ties to the growing field of companies that build detailed databases on people in order to track them online?a practice the Journal has been examining in its What They Know series. It's unclear how long the breach was in place. On Sunday, a Facebook spokesman said it is taking steps to "dramatically limit" the exposure of users' personal information. "A Facebook user ID may be inadvertently shared by a user's Internet browser or by an application," the spokesman said. Knowledge of an ID "does not permit access to anyone's private information on Facebook," he said, adding that the company would introduce new technology to contain the problem identified by the Journal. "Our technical systems have always been complemented by strong policy enforcement, and we will continue to rely on both to keep people in control of their information," the Facebook official said. "Apps" are pieces of software that let Facebook's 500 million users play games or share common interests with one another. The Journal found that all of the 10 most popular apps on Facebook were transmitting users' IDs to outside companies. The apps, ranked by research company Inside Network Inc. (based on monthly users), include Zynga Game Network Inc.'s FarmVille, with 59 million users, and Texas HoldEm Poker and FrontierVille. Three of the top 10 apps, including FarmVille, also have been transmitting personal information about a user's friends to outside companies. Most apps aren't made by Facebook, but by independent software developers. Several apps became unavailable to Facebook users after the Journal informed Facebook that the apps were transmitting personal information; the specific reason for their unavailability remains unclear. The information being transmitted is one of Facebook's basic building blocks: the unique "Facebook ID" number assigned to every user on the site. Since a Facebook user ID is a public part of any Facebook profile, anyone can use an ID number to look up a person's name, using a standard Web browser, even if that person has set all of his or her Facebook information to be private. For other users, the Facebook ID reveals information they have set to share with "everyone," including age, residence, occupation and photos. The apps reviewed by the Journal were sending Facebook ID numbers to at least 25 advertising and data firms, several of which build profiles of Internet users by tracking their online activities. Defenders of online tracking argue that this kind of surveillance is benign because it is conducted anonymously. In this case, however, the Journal found that one data-gathering firm, RapLeaf Inc., had linked Facebook user ID information obtained from apps to its own database of Internet users, which it sells. RapLeaf also transmitted the Facebook IDs it obtained to a dozen other firms, the Journal found. RapLeaf said that transmission was unintentional. "We didn't do it on purpose," said Joel Jewitt, vice president of business development for RapLeaf. Facebook said it previously has "taken steps ... to significantly limit Rapleaf's ability to use any Facebook-related data." Facebook prohibits app makers from transferring data about users to outside advertising and data companies, even if a user agrees. The Journal's findings shed light on the challenge of policing those rules for the 550,000 apps on its site. The Journal's findings are the latest challenge for Facebook, which has been criticized in recent years for modifying its privacy rules to expose more of a user's information. This past spring, the Journal found that Facebook was transmitting the ID numbers to advertising companies, under some circumstances, when a user clicked on an ad. Facebook subsequently discontinued the practice. "This is an even more complicated technical challenge than a similar issue we successfully addressed last spring on Facebook.com," a Facebook spokesman said, "but one that we are committed to addressing." The privacy issue follows Facebook's effort just this month to give its users more control over its apps; privacy activists had cited as a potential hole in users' ability to control who sees their information. On Oct. 6, Facebook created a control panel that lets users see which apps are accessing which categories of information about them. It indicates, for example, when an application accesses a users' "basic information" (including a user ID and name). However, it doesn't detail what information friends' applications have accessed about a user. Facebook apps transform Facebook into a hub for all kinds of activity, from playing games to setting up a family tree. Apps are considered an important way for Facebook to extend the usefulness of its network. The company says 70% of users use apps each month. Applications are also a growing source of revenue beyond advertising for Facebook itself, which sells its own virtual currency that can be used to pay for games. Following an investigation by the Canadian Privacy Commissioner, Facebook in June limited applications to accessing only the public parts of a user's profile, unless the user grants additional permission. (Canadian officials later expressed satisfaction with Facebook's steps.) Previously, applications could tap any data the user had access to, including detailed profiles and information about a user's friends. It's not clear if developers of many of the apps transmitting Facebook ID numbers even knew that their apps were doing so. The apps were using a common Web standard, known as a "referer," which passes on the address of the last page viewed when a user clicks on a link. On Facebook and other social-networking sites, referers can expose a user's identity. The company says it has disabled thousands of applications at times for violating its policies. It's unclear how many, if any, of those cases involved passing user information to marketing companies. Facebook also appeared to have shut down some applications the Journal found to be transmitting user IDs, including several created by LOLapps Media Inc., a San Francisco company backed with $4 million in venture capital. LOLapp's applications include Gift Creator, with 3.5 million monthly active users, Quiz Creator, with 1.4 million monthly active users, Colorful Butterflies and Best Friends Gifts. Since Friday, users attempting to access to those applications received either an error message or were reverted to Facebook's home screen. "We have taken immediate action to disable all applications that violate our terms," a Facebook spokesman said. A spokeswoman for LOLapps Media declined to comment. The applications transmitting Facebook IDs may have breached their own privacy policies, as well as industry standards, which say sites shouldn't share and advertisers shouldn't collect personally identifiable information without users' permission. Zynga, for example, says in its privacy policy that it "does not provide any Personally Identifiable Information to third-party advertising companies." A Zynga spokeswoman said, "Zynga has a strict policy of not passing personally identifiable information to any third parties. We look forward to working with Facebook to refine how web technologies work to keep people in control of their information." The most expansive use of Facebook user information uncovered by the Journal involved RapLeaf. The San Francisco company compiles and sells profiles of individuals based in part on their online activities. The Journal found that some LOLapps applications, as well as the Family Tree application, were transmitting users' Facebook ID numbers to RapLeaf. RapLeaf then linked those ID numbers to dossiers it had previously assembled on those individuals, according to RapLeaf. RapLeaf then embedded that information in an Internet-tracking file known as a "cookie." RapLeaf says it strips out the user's name when it embeds the information in the cookie and shares that information for ad targeting. However, The Wall Street Journal found that RapLeaf transmitted Facebook user IDs to a dozen other advertising and data firms, including Google Inc.'s Invite Media. All 12 companies said that they didn't collect, store or use the information. Ilya Nikolayev, chief executive of Familybuilder, maker of the Family Tree application, said in an email, "It is Familybuilder's corporate policy to keep any actual, potential, current or prior business partnerships, relationships, customer details, and any similar information confidential. As this story relates to a company other than Familybuilder, we have nothing further to contribute." Write to Emily Steel at emily.steel at wsj.com and Geoffrey A. Fowler at geoffrey.fowler at wsj.com From rforno at infowarrior.org Sun Oct 17 21:02:16 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Oct 2010 22:02:16 -0400 Subject: [Infowarrior] - DOD: Wikileaks did not disclose sources/methods Message-ID: <4A7AA80D-9708-43C2-9EB5-7F4516D07734@infowarrior.org> Gates: Leaked documents don't reveal key intel, but risks remain By Adam Levine, CNN Washington (CNN) -- The online leak of thousands of secret military documents from the war in Afghanistan by the website WikiLeaks did not disclose any sensitive intelligence sources or methods, the Department of Defense concluded. Secretary of Defense Robert Gates said there is still concern Afghans named in the published documents could be retaliated against by the Taliban, though a NATO official said there has been no indication that this has happened. The assessment, revealed in a letter from Gates to the Chairman of the Senate Armed Services Committee, Sen. Carl Levin (D-Michigan), comes after a thorough Pentagon review of the more than 70,000 documents posted to the controversial whistle-blower site in July. The letter, provided to CNN, was written August 16 by Gates in response to a query by the senator regarding the leak of classified information. Gates said the review found most of the information relates to "tactical military operations." "The initial assessment in no way discounts the risk to national security," Gates wrote. "However, the review to date has not revealed any sensitive intelligence sources and methods compromised by the disclosure." The defense secretary said that the published documents do contain names of some cooperating Afghans, who could face reprisal by Taliban. But a senior NATO official in Kabul told CNN that there has not been a single case of Afghans needing protection or to be moved because of the leak. "We assess this risk as likely to cause significant harm or damage to national security interests of the United States and are examining mitigation options," Gates wrote in the letter. "We are working closely with our allies to determine what risks our mission partners may face as a result of the disclosure." Gates also said there is still the possibility of more documents being published, for which the Pentagon is preparing. Over the summer, the Pentagon created a team of more than 100 personnel made up of mostly intelligence analysts from various branches of the Defense Department as well as the FBI, who were involved in the round-the-clock review. WikiLeaks has approximately 15,000 more Afghanistan documents that the site is reviewing because they contain names or other sensitive information. While initially the sitefounder, Julian Assange, had vowed to publish the additional documents after redaction, there is now some question whether that will happen given the intense criticism WikiLeaks came under after Afghan names were found in the already published files. Additionally, WikiLeaks is expected to publish as early as next week about 400,000 military documents from the Iraq war that were leaked to the site. The leaking of the documents raised the immediate ire of military officials although soon after the posting they questioned the documents' significance. Back in July, Chairman of the Joint Chiefs of Staff Adm. Mike Mullen, said he was "appalled" by the leak but said the documents were from previous years up to 2009 and "much has changed since then." Despite this, the military warned that the naming of Afghans was a huge concern. Wikileaks has "the blood of some young soldier or that of an Afghan family" on their hands, Mullen said. In addition to the document review, the military has launched a criminal investigation into the leak. Since the initial publication of the documents, military officials consider Army Pfc. Bradley Manning a prime suspect in the leak. Manning is already being held in Quantico, Virginia, charged with leaking video of an Iraq airstrike to WikiLeaks as well as removing classified information from military computers. CNN's Pentagon Correspondent Barbara Starr contributed to this report. Find this article at: http://www.cnn.com/2010/US/10/16/wikileaks.assessment/index.html?hpt=T2 From rforno at infowarrior.org Mon Oct 18 06:51:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Oct 2010 07:51:05 -0400 Subject: [Infowarrior] - =?windows-1252?q?Leaked_Letter_=97_BSA_Pressures_?= =?windows-1252?q?Europe_To_Kill_Open_Standards?= Message-ID: <1B06CF36-5110-40DA-B8F3-40B51443CA92@infowarrior.org> Defending Open Standards: FSFE refutes BSA's false claims to European Commission Author: Karsten Gerloff, Carlo Piana and Sam TukePublished: 2010-10-15 The Business Software Alliance (BSA) is pressuring the European Commission to remove the last vestiges of support for Open Standards from the latest version of the EU's interoperability recommendations, the European Interoperability Framework. FSFE has obtained a copy of a letter sent to the Commission by the BSA last week. In the following paragraphs we analyse the BSA's arguments and explain why their claims are false, and why Open Standards are key to interoperability and competition in the European software market. We have shared this analysis with the European Commission. < -- > http://www.fsfe.org/projects/os/bsa-letter-analysis.html.en From rforno at infowarrior.org Mon Oct 18 07:56:29 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Oct 2010 08:56:29 -0400 Subject: [Infowarrior] - US studying Australian Internet security program Message-ID: US studying Australian Internet security program By LOLITA C. BALDOR The Associated Press Saturday, October 16, 2010; 9:05 AM http://www.washingtonpost.com/wp-dyn/content/article/2010/10/16/AR2010101600655_pf.html WASHINGTON -- The government is reviewing an Australian program that will allow Internet service providers to alert customers if their computers are taken over by hackers and could limit online access if people don't fix the problem. Obama administration officials have met with industry leaders and experts to find ways to increase online safety while trying to balance securing the Internet and guarding people's privacy and civil liberties. Experts and U.S. officials are interested in portions of the plan, set to go into effect in Australia in December. But any move toward Internet regulation or monitoring by the U.S. government or industry could trigger fierce opposition from the public. The discussions come as private, corporate and government computers across the U.S. are increasingly being taken over and exploited by hackers and other computer criminals. White House cybercoordinator Howard Schmidt told The Associated Press that the U.S. is looking at a number of voluntary ways to help the public and small businesses better protect themselves online. Possibilities include provisions in the Australia plan that enable customers to get warnings from their Internet providers if their computer gets taken over by hackers through a botnet. A botnet is a network of infected computers that can number in the thousands and that network is usually controlled by hackers through a small number of scattered PCs. Computer owners are often unaware that their machine is linked to a botnet and is being used to shut down targeted websites, distribute malicious code or spread spam. If a company is willing to give its customers better online security, the American public will go along with that, Schmidt said. "Without security you have no privacy. And many of us that care deeply about our privacy look to make sure our systems are secure," Schmidt said in an interview. Internet service providers, he added, can help "make sure our systems are cleaned up if they're infected and keep them clean." But officials are stopping short of advocating an option in the Australian plan that allows Internet providers to wall off or limit online usage by customers who fail to clean their infected computers, saying this would be technically difficult and likely run into opposition. "In my view, the United States is probably going to be well behind other nations in stepping into a lot of these new areas," said Prescott Winter, former chief technology officer for the National Security Agency, who is now at the California-based cybersecurity firm, ArcSight. In the U.S., he said, the Internet is viewed as a technological wild west that should remain unfenced and unfettered. But he said this open range isn't secure, so "we need to take steps to make it safe, reliable and resilient." "I think that, quite frankly, there will be other governments who will finally say, at least for their parts of the Internet, as the Australians have apparently done, we think we can do better." Cybersecurity expert James Lewis, a senior fellow at the Center for Strategic and International Studies, said that Internet providers are nervous about any increase in regulations, and they worry about consumer reaction to monitoring or other security controls. Online customers, he said, may not want their service provider to cut off their Internet access if their computer is infected. And they may balk at being forced to keep their computers free of botnets or infections. But they may be amenable to having their Internet provider warn them of cyberattacks and help them clear the malicious software off their computers by providing instructions, patches or anti-virus programs. They may even be willing to pay a small price each month for the service - much like telephone customers used to pay a minimal monthly charge to cover repairs. Lewis, who has been studying the issue for CSIS, said it is inevitable that one day carriers will play a role in defending online customers from computer attack. Comcast Corp. is expanding a Denver pilot program that alerts customers whose computers are controlled through a botnet. The carrier provides free antivirus software and other assistance to clean the malware off the machine, said Cathy Avgirls, senior vice president at Comcast. The program does not require customers to fix their computers or limit the online usage of people who refuse to do the repairs. Avgrils said that the program will roll out across the country over the next three months. "We don't want to panic customers. We want to make sure they are comfortable. Beyond that, I hope that we pave the way for others to take these steps." Voluntary programs will not be enough, said Dale Meyerrose, vice president and general manager of Cyber Integrated Solutions at Harris Corporation. "There are people starting to make the point that we've gone about as far as we can with voluntary kinds of things, we need to have things that have more teeth in them, like standards," said Meyerrose. For example, he said, coffee shops or airports might limit their wireless services to laptops equipped with certain protective technology. Internet providers might qualify for specific tax benefits if they put programs in place, he said. Unfortunately, he said, it may take a serious attack before the government or industry impose such standards and programs. In Australia, Internet providers will be able to take a range of actions to limit the damage from infected computers, from issuing warnings to restricting outbound e-mail. They could also temporarily quarantine compromised machines while providing customers with links to help fix the problem. --- AP Broadcast National Security Correspondent Sagar Meghani contributed to this report. From rforno at infowarrior.org Mon Oct 18 08:02:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Oct 2010 09:02:18 -0400 Subject: [Infowarrior] - =?windows-1252?q?Banks_Shared_Clients=92_Profits?= =?windows-1252?q?=2C_but_Not_Losses?= Message-ID: Banks Shared Clients? Profits, but Not Losses By LOUISE STORY Published: October 17, 2010 JPMorgan Chase & Company has a proposition for the mutual funds and pension funds that oversee many Americans? savings: Heads, we win together. Tails, you lose ? alone. ?If I were a shareholder, I would say, ?I love Jamie Dimon to death.? ? ? Jerry D. Davis, Chairman of the municipal employee pension fund in New Orleans Here is the deal: Funds lend some of their stocks and bonds to Wall Street, in return for cash that banks like JPMorgan then invest. If the trades do well, the bank takes a cut of the profits. If the trades do poorly, the funds absorb all of the losses. The strategy is called securities lending, a practice that is thriving even though some investments linked to it were virtually wiped out during the financial panic of 2008. These trades were supposed to be safe enough to make a little extra money at little risk. JPMorgan customers, including public or corporate pension funds of I.B.M., New York State and the American Federation of Television and Radio Artists, ended up owing JPMorgan more than $500 million to cover the losses. But JPMorgan protected itself on some of these investments and kept millions of dollars in profit, before the trades went awry. How JPMorgan won while its customers lost provides a glimpse into the ways Wall Street banks can, and often do, gain advantages over their customers. Today?s giant banks not only create and sell investment products, but also bet on those products, and sometimes against them, putting the banks? interests at odds with those of their customers. The banks and their lobbyists also help fashion financial rules and regulations. And banks? traders know what their customers are buying and selling, giving them a valuable edge. < -- > http://www.nytimes.com/2010/10/18/business/18advantage.html From rforno at infowarrior.org Mon Oct 18 08:04:27 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Oct 2010 09:04:27 -0400 Subject: [Infowarrior] - Anti-Piracy Company Pirates Queen-Issued Coat of Arms Message-ID: Anti-Piracy Company Pirates Queen-Issued Coat of Arms Written by enigmax on October 18, 2010 This year has seen an explosion of companies all trying to cash in on the ?turn piracy into profit? mantra. These companies, many of them involving lawyers, are copying other people?s work like crazy ? they?re even copying from each other. Today we bring news that one of these companies has taken a Coat of Arms issued by Elizabeth I in 1600, modified it, and used it for their own commercial purposes. By day they spout their anti-filesharing rhetoric to the world in their inimitable corporate legalese. By night they?re spending the ill-gotten booty generated from their schemes and, surprise, surprise ? infringing other people?s copyrights like top-rate hypocrites. There have been so many ?indiscretions? in recent times it?s hard to keep up, so please excuse us if we accidentally leave a couple of dozen out... < -- > http://torrentfreak.com/anti-piracy-company-pirates-queen-issued-coat-of-arms-101017/ From rforno at infowarrior.org Mon Oct 18 09:45:51 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Oct 2010 10:45:51 -0400 Subject: [Infowarrior] - IP Lawsuit Could Ground CIA Predator Drones Message-ID: <52F37710-5EEB-4CDF-B799-4CEEF6B154B2@infowarrior.org> Inside the Lawsuit That Could Ground Deadly CIA Predator Drones BY Neal UngerleiderFri Oct 15, 2010 A new lawsuit alleges that Predator drone targeting software was pirated, and emails obtained by Fast Company suggest the CIA knew it was sub-par. http://www.fastcompany.com/1695219/cia-predator-drones-facing-ip-lawsuit Al Qaeda and the Taliban haven't been able to bring down the CIA's Predator drones. But a new lawsuit alleging parts of their targeting software are pirated (and faulty) could. On December 7, 2010, Massachusetts Superior Court Judge Margaret Hinkle is expected to issue a decision on a complicated contract and intellectual property-related lawsuit that could ground the CIA's Predator drones. Intelligent Integration Systems (IISi), a small Boston-based software development firm, alleges that their Geospatial Toolkit and Extended SQL Toolkit were pirated by Massachusetts-based Netezza for use by a government client. Subsequent evidence and court proceedings revealed that the "government client" seeking assistance with Predator drones was none other than the Central Intelligence Agency. IISi is seeking an injunction that would halt the use of their two toolkits by Netezza for three years. Most importantly, IISi alleges in court papers that Netezza used a "hack" version of their software with incomplete targeting functionality in response to rushed CIA deadlines. As a result, Predator drones could be missing their targets by as much as 40 feet. (The National Geospatial Intelligence Agency, which assists the Defense Department with combat and homeland security support, also reportedly uses the software named in the intellectual property suit.) According to a 2009 report by the Brookings Institute, 10 or more civilians die for every terrorist killed by drone missiles--and the topic of civilian casualties due to improperly targeted (or simply reckless) drone attacks is a controversial one. Internal emails obtained by Fast Company indicate that both IISi and Netezza were aware of serious flaws in Geospatial, as-is, at the time of the alleged intellectual property fraud. The exact term used by IISi was "far from production ready code." In two emails dated September 16, 2009, IISi CTO Rich Zimmerman complains of "problems with some very intricate floating point calculations that are causing me to fail a lot of my regression tests" and that the software was not "production ready." A Netezza email in the public record from October 13, 2009, indicates that, shortly before the partnership went sour, president Jim Baum wanted "to help our mutual customer reach his requirements" and that he (the client) believes that the expertise on his team is prepared to deal with early release software. He has a previous generation system so he is able to compare results himself. It is obviously in our mutual best interest to meet this client's needs quickly." Copious email evidence and court records indicate that both IISi and Netezza were well aware the client was the CIA and the software was to be used in unmanned drones. One report in the British press sums it up this way: "IISi alleges that Netezza misled the CIA by saying that it could deliver the software on its new hardware, to a tight deadline [ ... ] Netezza illegally and hastily reverse-engineered IISi's code [ ... ] Despite knowing about the miscalculations, the CIA accepted the software." This all goes back to when Netezza and IISi were former partners in a contract to develop software that would be used, among other purposes, for unmanned drones. The relationship between Netezza and IISi soured due to alleged disagreements over the CIA's (apparently rushed) project deadlines. IISi dropped out of their work developing Predator software; Netezza continued working with the CIA on the project. Netezza initially sued IISi over contract-related issues. IISi then prevailed on core counterclaims relating to wrongful termination and put forth IP charges against Netezza. The original complaint by Netezza's counsels put the CIA-related information into the public domain; subsequent court proceedings revealed the specific contours of the unmanned drone targeting connection. IISi's current counterclaim claims that both the software package used by the CIA and the Netezza Spatial product were built using their intellectual property. IBM recently announced that they intend to purchase Netezza for approximately $1.7 billion. Netezza and IISi began collaborating in 2006, when IISi began reselling a bundle of Netezza's data warehousing kit and Geospatial. Their relationship continued through several joint software developments before souring in late 2009. According to statements made by IISi CEO Paul Davis, a favorable ruling in the injunction would revoke the CIA's license to use Geospatial. In real life terms, this would either force the CIA to ground Predator drones or to break the law in their use if the court rules in IISi's favor. It is unknown if the CIA has a third option in case of a ban on the use of IISI's toolkit. ISi's lawyers claimed on September 7, 2010 that "Netezza secretly reverse engineered IISI's Geospatial product by, inter alia, modifying the internal installation programs of the product and using dummy programs to access its binary code [ ... ] to create what Netezza's own personnel reffered to internally as a "hack" version of Geospatial that would run, albeit very imperfectly, on Netezza's new TwinFin machine [ ... ] Netezza then delivered this "hack" version of Geospatial to a U.S. Government customer (the Central Intelligence Agency) [ ... ] According to Netezza's records, the CIA accepted this "hack" of Geospatial on October 23, 2009, and put it into operation at that time." Testimony given by an IISi executive to the court also indicates that the Predator targeting software, as initially acquired by Netezza, was faulty. According to Zimmerman's deposition, his reaction upon finding out deadlines for their Netezza co-project for the CIA would not give enough time to fix software bugs was one of shock. According to the deposition, Zimmerman said "my reaction was one of stun, amazement that they (CIA) want to kill people with my software that doesn't work." The CTO was also nervous of any possible legal liability for IISi in case Predator missiles missed their target; in his words they would not continue participating "without some sort of terms around that indemnifies us in case that code kills people." IISi's official statement, as provided by email, is that "the Superior Court has already ruled that Netezza's termination of IISi was wrongful and that Netezza breached the contract. Further, the Court approved a stipulation under which Netezza may not disclose to IBM any copies (including any portion thereof) of the IISi Geospatial and Extended SQL Toolkit products. We believe that Netezza's denial that it used our software is false and that it is directly contradicted by Netezza's own internal emails to CEO Jim Baum, which show clearly that Netezza "hacked" our software and delivered that hacked and defective version to the government." So could IISi's injunction request shut down Predator drones? Hypothetically, yes. But given the tone, tenor and urgency of the CIA's counterterrorism programs abroad, it is not likely. Nonetheless, Judge Hinkle has been extremely receptive to IISi's claims. A betting man would guess that some sort of face-saving resolution involving escrow will be introduced. But in the meantime, amateur Graham Greenes everywhere can remain fascinated by how ordinary business lawsuits can end up spilling the guts on counterterrorism ops. As of press time, Netezza has not responded to a request for comment. From rforno at infowarrior.org Mon Oct 18 11:21:34 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Oct 2010 12:21:34 -0400 Subject: [Infowarrior] - UK gov promises 'transformative' cyber security programme Message-ID: <7F5D28E0-6293-4F92-8001-58C9635FDC54@infowarrior.org> Gov promises 'transformative' cyber security programme http://www.theregister.co.uk/2010/10/18/national_security_strategy_information_free/ By Lewis Page ? Get more from this author Posted in Government, 18th October 2010 15:25 GMT The Coalition government sought today to suggest that the savings package for the national-security sector is all part of a joined-up plan or strategy, which will feature a 'transformative' cyber security force or capability of some type. This was done by issuing a document today entitled A Strong Britain in an Age of Uncertainty: The National Security Strategy, which can be downloaded in pdf here. In it, the government sets out its view that the four biggest threats to the UK (rated as 'Tier 1' threats under the newly-developed National Security rRisk Assessment method) are as follows: 1 Terrorism - including WMD attacks; 2 A cyber attack; 3 A massive accident or natural disaster; and 4 An international military crisis which draws in the UK. Other kinds of risks (satellite disruption, increases in organised crime etc) are merely Tier 2 or 3. This risk assessment will be updated every two years from now on until some future government replaces it with some other system. What will the government do about this? There are no official details yet. However in broad outline we know that the conventional armed forces and police will be cut, and the intelligence community - foreign spooks MI6/SIS, domestic spooks MI5/SS, and most of all cyber/electronic spooks GCHQ - will get budget increases which are significant to them but much smaller than the savings made from cuts in troops and cops. None of this is in A Strong Britain, however. Instead, the document sets out eight rather meaningless "national security tasks" (for example "tackle at root the causes of instability" ... "work in alliances and partnerships wherever possible"). However it is confirmed that the UK will remain able to "where necessary, intervene overseas". It is also specified that the UK will "develop a transformative programme for cyber security, which addresses threats from states, criminals and terrorists and seizes the opportunities which cyber space provides for our future prosperity and for advancing our national security interests". We here on the Reg defence desk suspect that cyber security capabilities - in some parts of the British government at least - remain rudimentary as of today. After we wrote this recent article on cyber security training in the US military, we received a reader message from an MoD IP address and giving a central-MoD return email, signed by a colonel (Royal Signals) who shall remain nameless. It said: We are looking to set up a similar training facility for our cyberspace technicians and would be really interested to see the modules that you have included in the courseware. Which tends to argue that some people in charge of setting up our transformative cyber security programme can't tell the difference between the Reg and the US Air Force's 333rd Training Squadron, in charge of generating the new American force of "cyber operations officers". Probably not a good start. Once the actual details on the Strategic Defence and Security Review are out, we'll pass them on. ? From rforno at infowarrior.org Mon Oct 18 15:11:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Oct 2010 16:11:01 -0400 Subject: [Infowarrior] - Final IPv4 addresses to be issued within months, NRO warns Message-ID: Final IPv4 addresses to be issued within months, NRO warns Martyn Williams October 18, 2010 (IDG News Service) http://www.computerworld.com/s/article/print/9191518/Final_IPv4_addresses_to_be_issued_within_months_NRO_warns The global body in charge of allocating Internet addresses expects to hand out the final blocks of IPv4 (Internet Protocol version 4) addresses to regional registrars early next year, it said Monday. Those allocations would mark a depletion at the global level of IPv4 addresses -- something that has been anticipated for years -- and put further pressure on network operators to switch to the newer IPv6 address system, which has massively more addresses available. After a recent allocation of IPv4 numbers to APNIC, the Regional Internet Registry (RIR) for the Asia Pacific region, the Number Resources Organization (NRO) said that the global pool of free addresses it manages now stands at just 12 blocks. Each block represents 16 million addresses, or 1/256th of the roughly 4 billion IPv4 addresses available. "This is a major milestone in the life of the Internet, and means that allocation of the last blocks of IPv4 to the RIRs is imminent," said Axel Pawlik, NRO chairman, in a statement. "It is critical that all Internet stakeholders take definitive action now to ensure the timely adoption of IPv6." IP addresses lie at the heart of communication on the Internet. Each computer, server and router connected to the Internet needs its own address and traffic is routed across the global network using these addresses. The IPv4 addresses were defined in the early eighties. At the time the Internet consisted largely of universities and research labs and the 32-bit addresses were deemed sufficient, but about 10 years later people began worrying about a future day when IPv4 addresses would run out. Those worries increased in the mid-nineties when businesses and home users began connecting to the Internet. At about the same time, in 1995, the Internet Engineering Task Force published the specification for a new version of the Internet Protocol, IPv6, which moved from 32-bit addresses to 128-bit addresses. The new protocol brought a massive increase in the number of available addresses, but the two systems were incompatible so adoption was slow. Technologies like NAT (network address translation), which allow several devices to share the same IPv4 address, have delayed the inevitable exhaustion of IPv4 addresses, but now that moment is near. The NRO issues blocks of numbers to five regional registries, which in turn issue them to companies and organizations in their respective regions. The final five blocks will be distributed equally to the registries, meaning there are only seven more blocks available under the normal distribution system, the NRO said. Current depletion rates point to NRO issuing the final blocks in early 2011, it said. The addresses will be held by the regional registries for issue in their region, so the actual issue of the final IPv4 addresses to end-users won't come until sometime later in 2011. The NRO issuing its final IPv4 address blocks shouldn't mean a big change for end users. The switch to IPv6 is already well under way and much of the central infrastructure of the Internet is already running on the protocol. While vast portions of the network are yet to be converted, there doesn't appear to be a last-minute rush for IPv4 addresses. That indicates "strong momentum" behind the adoption of IPv6, NRO said. The NRO acts as a coordinating body for the five regional Internet registries, which are: AfriNIC, serving Africa; APNIC, serving the Asia-Pacific region; ARIN, serving North America and many Caribbean nations; LACNIC, serving Latin America and some Caribbean nations; and RIPE, serving Europe, the Middle East and parts of Central Asia. Martyn Williams covers Japan and general technology breaking news for The IDG News Service. Follow Martyn on Twitter at @martyn_williams. Martyn's e-mail address is martyn_williams at idg.com From rforno at infowarrior.org Mon Oct 18 21:08:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Oct 2010 22:08:33 -0400 Subject: [Infowarrior] - U.S. Pushes to Ease Technical Obstacles to Wiretapping Message-ID: <7561BBEB-AC69-49EC-9863-0AB5474CFE3D@infowarrior.org> U.S. Pushes to Ease Technical Obstacles to Wiretapping By CHARLIE SAVAGE http://www.nytimes.com/2010/10/19/us/19wiretap.html WASHINGTON ? Law enforcement and counterterrorism officials, citing lapses in compliance with surveillance orders, are pushing to overhaul a federal law that requires phone and broadband carriers to ensure that their networks can be wiretapped, federal officials say. The officials say tougher legislation is needed because some telecommunications companies in recent years have begun new services and made system upgrades that create technical obstacles to surveillance. They want to increase legal incentives and penalties aimed at pushing carriers like Verizon, AT&T, and Comcast to ensure that any network changes will not disrupt their ability to conduct wiretaps. An Obama administration task force that includes officials from the Justice and Commerce Departments, the F.B.I. and other agencies recently began working on draft legislation to strengthen and expand a 1994 law requiring carriers to make sure their systems can be wiretapped. There is not yet agreement over the details, according to officials familiar with the deliberations, but they said the administration intends to submit a package to Congress next year. Albert Gidari Jr., a lawyer who represents telecommunications firms, said corporations were likely to object to increased government intervention in the design or launch of services. Such a change, he said, could have major repercussions for industry innovation, costs and competitiveness. ?The government?s answer is ?don?t deploy the new services ? wait until the government catches up,? ? Mr. Gidari said. ?But that?s not how it works. Too many services develop too quickly, and there are just too many players in this now.? Under the 1994 law, the Communications Assistance to Law Enforcement Act, telephone and broadband companies are supposed to design their services so that they can begin conducting surveillance of a target immediately after being presented with a court order. To bolster their case that companies should face greater pressure to stay compliant, security agencies are citing two previously undisclosed episodes in which investigators were stymied from carrying out court-approved surveillance for weeks or even months because of technical problems with two major carriers. The disclosure that the administration is seeking ways to increase the government?s leverage over carriers already subject to the 1994 law comes less than a month after The New York Times reported on a related part of the effort: a plan to bring Internet companies that enable communications ? like Gmail, Facebook, Blackberry and Skype ? under the law?s mandates for the first time, a demand that would require major changes to some services? technical designs and business models. The push to expand and strengthen the 1994 law is the latest example of a dilemma over how to balance Internet freedom with security needs in an era of rapidly evolving ? and globalized ? technology. The issue has added importance because the surveillance technologies developed by the United States to hunt for terrorists and drug traffickers can be also used by repressive regimes to hunt for political dissidents. An F.B.I. spokesman said the bureau would not comment about the telecom proposal, citing the sensitivity of internal deliberations. But last month, in response to questions about the Internet communications services proposal, Valerie E. Caproni, the F.B.I.?s general counsel, emphasized that the government was seeking only to prevent its surveillance power from eroding. Starting in late 2008 and lasting into 2009, another law enforcement official said, a ?major? communications carrier was unable to carry out more than 100 court wiretap orders. The initial interruptions lasted eight months, the official said, and a second lapse lasted nine days. This year, another major carrier experienced interruptions ranging from nine days to six weeks and was unable to comply with 14 wiretap orders. Its interception system ?works sporadically and typically fails when the carrier makes any upgrade to its network,? the official said. In both cases, the F.B.I. sent engineers to help the companies fix the problems. The bureau spends about $20 million a year on such efforts. The official declined to name the companies, saying it would be unwise to advertise which networks have problems or to risk damaging the cooperative relationships the government has with them. For similar reasons, the government has not sought to penalize carriers over wiretapping problems. Under current law, if a carrier meets the industry-set standard for compliance ? providing the content of a call or e-mail, along with identifying information like its recipient, time and location ? it achieves ?safe harbor? and cannot be fined. If the company fails to meet the standard, it can be fined by a judge or the Federal Communication Commission. But in practice, law enforcement officials say, neither option is ever invoked. When problems come to light, officials are reluctant to make formal complaints against companies because their overriding goal is to work with their technicians to fix the problem. That dynamic can create an incentive to let problems linger: Once a carrier?s interception capability is restored ? even if it was fixed at taxpayer expense ? its service is compliant again with the 1994 law, so the issue is moot. The F.C.C. also moves slowly, officials complain, in handling disputes over the ?safe harbor? standard. For example, in 2007 the F.B.I. asked for more than a dozen changes, like adding a mandate to turn over additional details about cellphone locations. The F.C.C. has still not acted on that petition. Civil liberties groups contend that the agency has been far too willing on other occasions to expand the reach of the 1994 law. ?We think that the F.C.C. has already conceded too much to the bureau,? said Marc Rotenberg, the president of the Electronic Privacy Information Center. ?The F.B.I.?s ability to have such broad reach over technical standard-setting was never anticipated in the 1994 act.? The Obama administration is circulating several ideas for legislation that would increase the government?s leverage over carriers, officials familiar with the deliberations say. One proposal is to increase the likelihood that a firm pays a financial penalty over wiretapping lapses ? like imposing retroactive fines after problems are fixed or billing companies for the cost of government technicians who were brought in to help. Another proposal would create an incentive for companies to show new systems to the F.B.I. before deployment. Under the plan, an agreement with the bureau certifying that the system is acceptable would be an alternative ?safe harbor,? ensuring the firm could not be fined. The proposal may also modify how the ?safe harbor? standard is established. Five years ago, the F.B.I. drafted legislation that would have given the Justice Department greater power over the standard while requiring the F.C.C. to act more quickly on petitions. That bill, however, was not ultimately filed. From rforno at infowarrior.org Mon Oct 18 21:18:40 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Oct 2010 22:18:40 -0400 Subject: [Infowarrior] - It's come down to this. Message-ID: (the Latin at the bottom of this pilot's note my well become my new email .sig -- "Better freedom with danger than peace with slavery." ---- rick) http://www.expressjetpilots.com/the-pipe/showthread.php?39523-Well-today-was-the-day My name is Michael Roberts, and I am a pilot for ExpressJet Airlines, Inc., based in Houston (that is, I still am for the time being). This morning as I attempted to pass through the security line for my commute to work I was denied access to the secured area of the terminal building at Memphis International Airport. I have passed through the same line roughly once per week for the past four and a half years without incident. Today, however, the Transportation Security Administration (TSA) agents at this checkpoint were using one of the new Advanced Imaging Technology (AIT) systems that are currently being deployed at airports across the nation. These are the controversial devices featured by the media in recent months, albeit sparingly, which enable screeners to see beneath people?s clothing to an extremely graphic and intrusive level of detail (virtual strip searching). Travelers refusing this indignity may instead be physically frisked by a government security agent until the agent is satisfied to release them on their way in what is being touted as an ?alternative option? to AIT. The following is a somewhat hastily drafted account of my experience this morning. As I loaded my bags onto the X-ray scanner belt, an agent told me to remove my shoes and send them through as well, which I?ve not normally been required to do when passing through the standard metal detectors in uniform. When I questioned her, she said it was necessary to remove my shoes for the AIT scanner. I explained that I did not wish to participate in the AIT program, so she told me I could keep my shoes and directed me through the metal detector that had been roped off. She then called somewhat urgently to the agents on the other side: ?We got an opt-out!? and also reported the ?opt-out? into her handheld radio. On the other side I was stopped by another agent and informed that because I had ?opted out? of AIT screening, I would have to go through secondary screening. I asked for clarification to be sure he was talking about frisking me, which he confirmed, and I declined. At this point he and another agent explained the TSA?s latest decree, saying I would not be permitted to pass without showing them my naked body, and how my refusal to do so had now given them cause to put their hands on me as I evidently posed a threat to air transportation security (this, of course, is my nutshell synopsis of the exchange). I asked whether they did in fact suspect I was concealing something after I had passed through the metal detector, or whether they believed that I had made any threats or given other indications of malicious designs to warrant treating me, a law-abiding fellow citizen, so rudely. None of that was relevant, I was told. They were just doing their job. Eventually the airport police were summoned. Several officers showed up and we essentially repeated the conversation above. When it became clear that we had reached an impasse, one of the more sensible officers and I agreed that any further conversation would be pointless at this time. I then asked whether I was free to go. I was not. Another officer wanted to see my driver?s license. When I asked why, he said they needed information for their report on this ?incident? ? my name, address, phone number, etc. I recited my information for him, until he asked for my supervisor?s name and number at the airline. Why did he need that, I asked. For the report, he answered. I had already given him the primary phone number at my company?s headquarters. When I asked him what the Chief Pilot in Houston had to do with any of this, he either refused or was simply unable to provide a meaningful explanation. I chose not to divulge my supervisor?s name as I preferred to be the first to inform him of the situation myself. In any event, after a brief huddle with several other officers, my interrogator told me I was free to go. As I approached the airport exit, however, I was stopped again by a man whom I believe to be the airport police chief, though I can?t say for sure. He said I still needed to speak with an investigator who was on his way over. I asked what sort of investigator. A TSA investigator, he said. As I was by this time looking eagerly forward to leaving the airport, I had little patience for the additional vexation. I?d been denied access to my workplace and had no other business keeping me there. ?Am I under arrest?? I asked. ?No, he just needs to ask you some more questions.? ?But I was told I?m free to go. So? am I being detained now, or what?? ?We just need to hold you here so he can?? ?Hold me in what capacity?? I insisted. ?Detain you while we?? Okay, so now they were detaining me as I was leaving the airport facility. We stood there awkwardly, waiting for the investigator while he kept an eye on me. Being chatty by nature, I asked his opinion of what new procedures might be implemented if someday someone were to smuggle an explosive device in his or her rectum or a similar orifice. Ever since would-be terrorist Richard Reid set his shoes on fire, travelers have been required to remove their footwear in the security line. And the TSA has repeatedly attempted to justify these latest measures by citing Northwest flight 253, on which Umar Farouk Abdulmutallab scorched his genitalia. Where, then, would the evolution of these policies lead next? ?Do you want them to board your plane?? he asked. ?No, but I understand there are other, better ways to keep them off. Besides, at this point I?m more concerned with the greater threat to our rights and liberties as a free society.? ?Yeah, I know,? he said. And then, to my amazement, he continued, ?But somebody?s already taken those away.? ?Maybe they have,? I conceded, watching the throng of passengers waiting their turn to get virtually naked for the federal security guards. As a side note, I cannot refrain here from expressing my dismay and heartbreak over a civil servant?s personal resignation to the loss of civil liberty among the people by whom he is employed to protect and serve. If he no longer affirms the rights and freedom of his fellow citizens, one can only wonder exactly what he has in view as the purpose of his profession. The TSA investigator arrived and asked for my account of the situation. I explained that the agents weren?t allowing me to pass through the checkpoint. He told me he had been advised that I was refusing security screening, to which I replied that I had willingly walked through the metal detector with no alarms, the same way I always do when commuting to work. He then briefed me on the recent screening policy changes and, apparently confused, asked whether they would be a problem for me. I stated that I did indeed have a problem with the infringement of my civil rights and liberty. His reply: ?That?s irrelevant.? It wasn?t irrelevant to me. We continued briefly in the conversation until I recognized that we were essentially repeating the same discussion I?d already had with the other officers and agents standing by. With that realization, I told him I did not wish to keep going around and around with them and asked whether he had anything else to say to me. Yes, he said he did, marching indignantly over to a table nearby with an air as though he were about to do something drastic. ?I need to get your information for my report,? he demanded. ?The officer over there just took my information for his report. I?m sure you could just get it from him.? ?No, I have to document everything separately and send it to TSOC. That?s the Transportation Security Operations Center where we report?? ?I?m familiar with TSOC,? I assured him. ?In fact, I?ve actually taught the TSA mandated security portion of our training program at the airline.? ?Well, if you?re an instructor, then you should know better,? he barked. ?Really? What do you mean I ?should know better?? Are you scolding me? Have I done something wrong?? ?I?m not saying you?ve done something wrong. But you have to go through security screening if you want to enter the facility.? ?Understood. I?ve been going through security screening right here in this line for five years and never blown up an airplane, broken any laws, made any threats, or had a government agent call my boss in Houston. And you guys have never tried to touch me or see me naked that whole time. But, if that?s what it?s come to now, I don?t want to enter the facility that badly.? Finishing up, he asked me to confirm that I had been offered secondary screening as an alternative ?option? to ATS, and that I had refused it. I confirmed. Then he asked whether I?d ?had words? with any of the agents. I asked what he meant by that and he said he wanted to know whether there had been ?any exchange of words.? I told him that yes, we spoke. He then turned to the crowd of officers and asked whether I had been abusive toward any of them when they wanted to create images of my naked body and touch me in an unwelcome manner. I didn?t hear what they said in reply, but he returned and finally told me I was free to leave the airport. As it turned out, they did reach the chief pilot?s office in Houston before I was able to. Shortly after I got home, my boss called and said they had been contacted by the TSA. I suppose my employment status at this point can best be described as on hold. It?s probably fairly obvious here that I am outraged. This took place today, 15 October 2010. Anyone who reads this is welcome to contact me for confirmation of the details or any additional information I can provide. The dialog above is quoted according to my best recollection, without embellishment or significant alteration except for the sake of clarity. I would greatly appreciate any recommendations for legal counsel ? preferably a firm with a libertarian bent and experience resisting this kind of tyrannical madness. This is not a left or right, red or blue state issue. The very bedrock of our way of life in this country is under attack from within. Please don?t let it be taken from us without a fight. Malo Periculosam Libertatem Quam Quietum Servitium Michael S. Roberts 3794 Douglass Ave. Memphis, TN 38111 901.237.6308 FedUpFlyers at nonpartisan.com From rforno at infowarrior.org Tue Oct 19 06:43:34 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Oct 2010 07:43:34 -0400 Subject: [Infowarrior] - NYSE Breaks Trades of S&P 500 ETF at 9.6% Below Opening Price Message-ID: NYSE Breaks Trades of S&P 500 ETF at 9.6% Below Opening Price By Michael P. Regan and Nina Mehta - Oct 19, 2010 12:00 AM ET Tue Oct 19 04:00:01 GMT 2010 http://www.bloomberg.com/news/2010-10-18/nyse-euronext-cancels-trades-of-s-p-500-etf-at-9-6-below-opening-price.html Regulators can add a faulty software update at NYSE Euronext?s electronic Arca stock market to the list of mishaps that have weighed on investor confidence. A system upgrade at Arca triggered what appeared to be a 9.6 percent plunge yesterday in an exchange-traded fund that tracks the Standard & Poor?s 500 Index, a drop that would have erased $7.9 billion from one of the most popular securities in the U.S. Data published by the electronic venue at 4:15 p.m. New York time showed the SPDR S&P 500 ETF Trust at $106.46, compared with its opening level of $117.74. The prices were later voided and the closing price updated to $118.54, up 0.7 percent, exchange officials said. ?Something went wrong, the question is why,? said James Angel, a finance professor at Georgetown University in Washington. ?For them to cancel the trades is probably causing heartburn in back offices across the country.? The glitch in the fund with a market value of more than $80 billion comes as federal regulators are trying to prove U.S. exchanges still work after the May 6 crash that erased $862 billion of share value in 20 minutes. Data showing the decline appeared just as Apple Inc. and International Business Machines Corp. were releasing quarterly profit statements. The apparent plunge in price involved 7.2 million shares in the closing auction on NYSE Arca, according to data compiled by Bloomberg. The S&P 500 rose 0.7 percent to 1,184.71 yesterday. ?Alarming? ?People were very focused on after-market trading because of IBM and Apple earnings so it was very confusing when the price discrepancy happened,? said Andrew Ross, a partner and global equity trader for First New York Securities LLC, who trades ETFs. ?It was alarming that it could happen.? NYSE Arca said the ETF?s official closing price will be recorded as $118.28, a 0.5 percent gain from its Oct. 15 close. The exchange operator said its 4 p.m. closing auction in securities listed on NYSE Arca was delayed for 15 minutes because of an issue with a software release. Auction prices occurring at 4:15 p.m. will be the official closing price for all other securities except for the SPDR S&P 500 ETF. NYSE Arca will ?bust? all the $106.46 trades, according to an e-mail from exchange spokesman Raymond Pellecchia. The fund managed by State Street Global Advisors is one of the most heavily traded securities in the U.S., averaging 223 million shares a day this year, data compiled by Bloomberg show. Issue Revolved ?The issue has been resolved,? Pellecchia said in an interview. ?Operations will be normal tomorrow.? Marie McGehee, a spokeswoman for State Street Corp., declined to comment. Trading in another security linked to the S&P 500, the E- Mini futures contract traded on the Chicago Mercantile Exchange, helped start the May 6 crash that briefly sent the Dow Jones Industrial Average down 998.5 points, according to regulators. A mutual fund company?s automated sale of the contract without regard to price and ?hot potato? trading by computer-driven firms set off the rout, according to the Securities and Exchange Commission and Commodity Future Trading Commission report. The 104-page study released Oct. 1 said trading software known as an algorithm linked the rate at which it traded the E- Mini contract to overall market volume. The initial sales spurred a flurry of buying and selling among high-frequency traders, which in turn led the algorithm to sell faster. SEC Chairman Mary Schapiro is trying to protect investors in a fragmented U.S. stock market while maintaining liquidity on exchanges dominated by firms that profit from computerized trading. Uniform Policy Proposals The May crash prompted exchanges to implement circuit breakers that pause trading in more than 1,300 securities during periods of volatility. Uniform policies for canceling trades and eliminating stub quotes, or bids and offers at prices far away from the stock?s last sale, have also been proposed or adopted. Nasdaq canceled more than 50 trades in Progress Energy Inc. on Sept. 27 after the shares plunged 90 percent, triggering stock circuit breakers imposed after the May 6 crash. The exchange cited an ?inaccurate limit price entered by a trading firm? for the mistaken transactions. Two weeks earlier, a 100-share order for Nucor Corp. that triggered a 99.98 percent decline was canceled by the CBOE Stock Exchange. Nucor fell from $35.71 to 1 cent on the voided purchase, data compiled by Bloomberg show. About 200 trades in Core Molding Securities Inc. were canceled on Aug. 26 after the stock plunged from above $4 to below a penny in two seconds after going untraded for the first 4 1/2 hours of the day. NYSE Amex, the Nasdaq Stock Market and Nasdaq?s BX platform canceled all trades at or below $3.94. Yesterday?s mispricing ?indicates a breakdown in market mechanisms,? Georgetown?s Angel said. ?I hope the regulators are looking at it.? To contact the reporters on this story: Michael P. Regan at mregan12 at bloomberg.net; Nina Mehta in New York at nmehta24 at bloomberg.net. To contact the editor responsible for this story: Chris Nagi at chrisnagi at bloomberg.net From rforno at infowarrior.org Tue Oct 19 07:59:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Oct 2010 08:59:36 -0400 Subject: [Infowarrior] - Ars (correctly) rips Apple Message-ID: Ars rips Apple --- and rightly so, in my view. http://arstechnica.com/apple/guides/2010/10/the-21st-century-guide-to-platform-trolling-apple-edition.ars IMHO, Apple is selling fashion but not really innovating much on the technical front these days. I think the firm's becoming more like Sony as a "consumer products" entity given its shift away from "computer" innovation into mass consumer electronics and promoting the I-Life experience. From rforno at infowarrior.org Tue Oct 19 08:23:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Oct 2010 09:23:24 -0400 Subject: [Infowarrior] - Judge tentatively rejects DADT stay request Message-ID: Judge tentatively rejects 'don't ask, don't tell' stay request The federal government had asked to delay enforcement of the ruling allowing gays to serve openly in the military. A final decision is expected Tuesday. By Phil Willon, Los Angeles Times October 19, 2010 http://www.latimes.com/news/nationworld/nation/la-na-dont-ask-20101019,0,2560559.story A federal judge in Riverside who declared the military's "don't ask, don't tell" policy banning gays unconstitutional issued a tentative ruling Monday rejecting the federal government's request to stay her decision while the case is appealed. U.S. District Judge Virginia Phillips said the government failed to provide sufficient proof that her injunction halting the policy would cause "irreparable harm" to the military or that the government's appeal would be successful. Phillips planned to issue her final decision early Tuesday. Paul Freeborne of the U.S. attorney's office argued that the injunction immediately halting enforcement of the policy, which bans gays and lesbians from serving openly in the military, jeopardized national security. He urged Phillips, who issued the injunction last week, to set aside her decision while the government appealed the ruling and injunction to the U.S. 9th Circuit Court of Appeals. Get breaking news alerts delivered to your mobile phone. Text BREAKING to 52669. In a sworn declaration submitted to the court, Clifford L. Stanley, undersecretary of defense for overall military readiness, cautioned that an abrupt transition would undercut the Pentagon's survey of military commands around the world to determine how best to create a policy that allowed people who are openly homosexual to serve. "The stakes are so high, and the potential harm so great, that caution is in order," he said. But Phillips on Monday rejected that argument. The judge said her ruling ordered an end to all discharge and separation proceedings under "don't ask, don't tell," but did not prohibit the military from crafting a new policy or educating military personnel about serving side by side with openly gay service members. Phillips also said that the government failed to produce any evidence during the two-week trial that showed allowing gays in the military would harm military readiness or troop cohesion. "The arguments by the government are vague ? and belied by the evidence produced at trial," Phillips said Monday. She also chastised the federal government lawyers for not filing their objections when she was considering the injunction. In her initial Sept. 9 ruling, Phillips found that the ban on gays had a "direct and deleterious effect" on the armed services, including the dismissal of crucial military personnel such as translators. She noted that the Pentagon violated the policy when it saw fit, routinely delaying the discharge of service members suspected of violating the law until they completed their deployments in Iraq and Afghanistan. During Monday's hearing, Freeborne also argued that the judge exceeded her authority by issuing an injunction worldwide, as opposed to limiting it to the plaintiffs in the case or within her Southern California district. That argument will be a primary aspect of the government's appeal. The ruling has put President Obama in a tricky spot. He strongly opposes the "don't ask, don't tell" policy, which he once called a threat to national security, but says his administration has an obligation to defend laws passed by Congress. Meanwhile, the military has suspended enforcement of the policy while Phillips' injunction is in place. The challenge to the "don't ask, don't tell" policy was filed in 2004 by the Log Cabin Republicans, the largest gay GOP political organization. It was the first successful broad-based constitutional challenge to the policy since Congress enacted it in 1993. Dan Woods, the lead attorney for the Log Cabin Republicans, argued during Monday's hearing that lifting the judge's injunction would "deprive very patriotic Americans of their constitutional rights" and urged the judge to keep it in place. Former President Clinton adopted the "don't ask, don't tell" policy as a reform to the military's practice of seeking out and discharging gays and lesbians. Under the policy, as long as gays and lesbians keep their sexual orientation secret, they are allowed to serve. More than 13,000 service members have been discharged under the policy. The House of Representatives voted to repeal the policy last spring, contingent on the outcome of a Pentagon study to determine if it can adapt to the change without harming military readiness. The study is expected to be completed by December. The proposed repeal was blocked on the Senate floor, although it may be reconsidered during a lame-duck session after the November election. phil.willon at latimes.com Copyright ? 2010, Los Angeles Times From rforno at infowarrior.org Tue Oct 19 08:25:15 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Oct 2010 09:25:15 -0400 Subject: [Infowarrior] - 25 years for Nintendo Entertainment System Message-ID: <6D14F18B-3E59-42D7-BFD5-4AEA2E6A8267@infowarrior.org> (aaah, yes, I remember 'Duck Hunt' .... --rick) Oct. 18, 1985: Nintendo Entertainment System Launches ? By Chris Kohler ? October 18, 2010 | ? 7:00 am | ? Categories: 20th century, Business and Industry, Games http://www.wired.com/thisdayintech/2010/10/1018nintendo-nes-launches/ 1985: Nintendo releases a limited batch of Nintendo Entertainment Systems in New York City, quietly launching the most influential videogame platform of all time. Twenty-five years ago today, the American videogame market was in shambles. Sales of game machines by Atari, Mattel and Coleco had risen to dizzying heights, then collapsed even more quickly. Retailers didn?t want to listen to the little startup Nintendo of America talk about how its Japanese parent company had a huge hit with the Famicom (the 1983 Asian release of what became NES). In America, videogames were dead, dead, dead. Personal computers were the future, and anything that just played games but couldn?t do your taxes was hopelessly backwards. But Nintendo President Hiroshi Yamauchi, whose grandfather had started Nintendo as a playing-card company almost a century earlier, believed strongly in the quality of the NES. So he told his American executives to launch it in the most difficult market: New York City. If they could make it there, Yamauchi thought, they could make it anywhere. They couldn?t make it there. Retailers wouldn?t take the NES. So Nintendo of America head Minoru Arakawa, Yamauchi?s son-in-law, took a huge gamble that he didn?t share with the president. He told stores that Nintendo would provide them with product and set up all the displays, and they only had to pay for the ones that sold and could return everything else. For the stores, it was a no-risk proposition, and a few agreed to sell NES. Nintendo knew it had to get away from the term videogame. So it took its marketing emphasis off of the traditional games played with a controller ? even though these comprised the vast majority of Nintendo Entertainment System games ? and focused on two accessories that it had released for Famicom in Japan. The Zapper light gun played the target-shooting game Duck Hunt. And R.O.B. the Robot Operating Buddy whirred and spun around, taking commands from the television, helping you play complex games like Gyromite. This was light-years ahead of Atari, went the message: It has a robot! The stench of Atari?s collapse wasn?t the only thing working against Nintendo. In 1985, Japan was not seen as the purveyors of cultural cool. They were the invaders, swallowing up good old homemade American technology with their cheap knockoffs. ?You?re working for the Japs? I hope you fall flat on your ass,? said a security guard to a Nintendo employee as he loaded Nintendo Entertainment System bundles into a store late at night. Nintendo launched the system with 17 games: ? Duck Hunt (included with console) ? Gyromite (included with console) ? 10-Yard Fight ? Baseball ? Clu Clu Land ? Donkey Kong Jr. Math ? Excitebike ? Golf ? Hogan?s Alley ? Ice Climber ? Kung Fu ? Mach Rider ? Pinball ? Stack-Up ? Tennis ? Wild Gunman ? Wrecking Crew What it didn?t have was its trump card: Super Mario Bros., although it had just been released in Japan, was not yet ready for America. The games were in some cases assembled so hastily that many of them were simply the Japanese circuit boards slapped into an American case: Put a copy of Stack-Up into an NES and the first screen just displays the Japanese title Robot Block. At this point in the story, you?re expecting to hear that the Nintendo Entertainment System was a huge surprise hit, flew off the shelves and sent retailers into a frenzy begging for more. But that?s not quite what happened. In fact, Nintendo only sold about 50,000 consoles that holiday season ? half of what it had manufactured. But it was enough to convince Arakawa to soldier on, and to convince retailers that Nintendo had a viable product. In early 1986, Nintendo expanded into Los Angeles, then Chicago, then San Francisco. At the end of that year, Nintendo Entertainment System went national, with Mario leading the charge. Videogames were back. Source: Game Over, by David Sheff; The Ultimate History of Video Games, by Steven Kent; others Photo courtesy Jeremy Parish From rforno at infowarrior.org Tue Oct 19 08:27:58 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Oct 2010 09:27:58 -0400 Subject: [Infowarrior] - Adobe preps sandboxing tech to fight exploits Message-ID: Adobe preps sandboxing tech to fight exploits By John Leyden Posted in Malware, 19th October 2010 11:51 GMT http://www.theregister.co.uk/2010/10/19/adobe_dandboxing/ Adobe has fleshed out its plans to offer sandboxing as a mechanism to limit the impact of attacks against its ubiquitous Adobe Reader PDF reader application. Available from November, Adobe Reader X will incorporate virtual sandboxing technology that will place controls on the application's ability to modify the registry or execute unwanted content. Adobe Reader X Protected Mode is listed as one of six key improvements due in Adobe PDF application suite. Other enhancements include the ability for users to "view and interact with PDF files that contain an even wider variety of content types, including drawings, email messages, spreadsheets, videos, and other multimedia elements". The revamp also includes a new version of Acrobat, as explained in a blog post by Adobe here. Adobe applications have become a hacker favourite over recent years and frequently feature in malware attacks. The addition of sandboxing technology is welcome even though it's certainly no panacea against exploits. Oracle's Java Runtime Environment has long incorporated sandboxing. Despite this Java is more often successfully exploited to compromise PCs through drive-by download web exploits than Adobe Reader, according to new research from Microsoft. Holly Stewart, a Microsoft security analyst, blames a huge upsurge in Java-based attacks recorded since Q3 2009 on attacks on three vulnerabilities, all of which have been patched. The upswing in attacks on Java has been going on for months, without much comment apart from the honourable exception of a blog post by Brian Krebs last week, possibly because IPS systems are not especially converse with Java, according to a theory suggested by Stewart. Clearly this is an area that needs more research. Patrik Runald, senior manager for security research at Websense, said more surfers ought to consider whether they actually needed Java. "Uninstall Java if you don't need it, it's the most attacked software by drive-by kits by far," he said. ? From rforno at infowarrior.org Tue Oct 19 17:15:08 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Oct 2010 18:15:08 -0400 Subject: [Infowarrior] - =?windows-1252?q?NSA=92s_Newest_Recruiters=3A_Car?= =?windows-1252?q?toon_Leopard_Twins_=5BUpdated=5D?= Message-ID: NSA?s Newest Recruiters: Cartoon Leopard Twins [Updated] ? By Spencer Ackerman ? October 19, 2010 | ? 3:27 pm | ? Categories: Bizarro http://www.wired.com/dangerroom/2010/10/nsa-cartoon-animals-lure-youth-into-the-surveillance-arts/ Dudes and dudettes: You know what?s totally radical? Reading your neighbors? email! So don?t you wanna be a junior National Security Agency deputy? If so, the surveillance and cryptology crew at NSA has the right online companions for you: Cy and Cyndi, a pair of anthropomorphic snow leopards now kickin? it with the CryptoKids, the Puzzle Palace?s team of cartoon animal hackers. Known as the CyberTwins and unveiled by NSA yesterday, Cy and Cyndi wear gaming headgear, talk into their hands-free mobile devices, and teach youths about proper online hygiene, all on the NSA website?s kids page, which actually exists. Arriving in time for (the second half of) National Cybersecurity Awareness Month, the CyberTwins have a backstory to appeal to military kids: their mom is a government engineer; their dad is an Army computer scientist; and they ?love to talk with other kids who love computers and cyber space as much as they do.? That fits them right in with the other CryptoKids ? a goateed turtle named T-Top whose uncle works for a computer manufacturer, Sergeant Sam the eagle who joined the military out of high school ? who guide real-live youth through online crypto-themed puzzles and brainteasers. (Only one thing?s missing from the CryptoTwins? rollout: cybersecurity tips for the underage.) All this is a reminder that the most informative element of any spy agency?s website is its Kiddie Korner, where spycraft meets the schoolyard for an awkward, barely-appropriate encounter. CIA offers a world-explorer video game starring Carmen Sandiego-esque junior officer Ava Shoephone, a trenchcoated operative who throws out trivia questions from the agency?s World Factbook. The National Counterterrorism Center introduces you to ?your NCTC friends,? Becker the Eagle and Little Lady Liberty. And the FBI has games ? represented by an icon of the old Nintendo cartridges ? like Special Agent Undercover, in which grade-school kids disguise themselves with mustaches to fool people. As Noah wrote a couple of years ago, only the government knows how earnest or how absurd these sites are intended to be. They do, however, inculcate the message that a career in spycraft is totally extreme. ?Cryptology is making and breaking codes. It?s so cool,? NSA?s kids page explains. ?You might be part of the next generation of America?s codemakers and codebreakers.? Then again, is a kid precocious enough to spend time on a surveillance and crypto agency?s website really going to be impressed by a snow leopard with a BlueTooth in her ear? Updated: The sleuths at Boing Boing have uncovered the CrytpoKids true names: From rforno at infowarrior.org Wed Oct 20 06:29:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Oct 2010 07:29:23 -0400 Subject: [Infowarrior] - UK Defence Review: the RAF is going to target cyber-nerds with drones? Message-ID: (It's nice to see we're not alone in dealing with the military-industrial-political complex.... --- rick) Defence review: So, the RAF is going to target cyber-nerds with drones? Years of capitulation to the defence industry has led to this absurd review, where 'threats' and solutions do not match ? ? Simon Jenkins ? guardian.co.uk, Tuesday 19 October 2010 20.30 BST http://www.guardian.co.uk/commentisfree/2010/oct/19/raf-target-cybernerds-drones-defence-review Sit down gently. Read Monday's list of "threats" facing modern Britain, and then read yesterday's list of how the coalition proposes to meet them. Next you should walk to the nearest wall and bang your head against it, hard, until you have counted to ?45 billion. The two lists simply do not match. The first so-called tier one threat is "attacks on cyberspace and cybercrime". The second is "international terrorism". The third is a foreign crisis "drawing in Britain", and the fourth is a natural hazard ? "such as severe coastal flooding or an influenza pandemic". None of these constitute a military threat to the security of the realm. Lesser threats are listed, including attacks from chemical, biological or radiological weapons, "organised crime" and "severe disruption to information ? collected by satellites". Only in the lowest risk category, at number nine, do we encounter a "large-scale conventional military attack on Britain". This improbable event is put on a par with yet more terrorism, illegal immigration, and "disruption to fuel supplies or price instability", whatever the last may mean. To none of the top threats is an army, navy or air force a sensible response. Almost all Britain's defence spending goes on threat number nine, a concerted attack on British soil, yet this is so unlikely these days, or in the foreseeable future, that it must merit some detailed assessment of balancing of risk against cost. It gets none. The truth is that Britain's defence strategy has become a farrago of dogmas, traditions, maxims and cliches, most of them born of the second world war, the cold war and Tony Blair's fixation with fighting Muslims. Years of capitulating to the arms industry over glamour projects has now descended into this week's absurdities, the building of phantom aircraft carriers, continuing the "at sea" nuclear deterrent, and sending jets screaming over Britain's air space to shoot down 9/11-style terrorists. Even the Royal United Services Institute's Michael Clarke, defence lobby champion, admitted yesterday that the force structure was "slightly eccentric". The security review's threat calibration is intellectually thin. It dares not ponder the implication of what is surely a fact, that Britain is less threatened now than ever in its history. Blair's quest for glory in allowing Britain to be "drawn into" seven foreign wars was just that, a quest for glory. The review offers no analysis of whether abandoning that quest might reduce other threats. It is like listing medieval diseases as "coughs, vapours, spots and lumps". The review is tough on insecurity, but un-tough on the causes of insecurity. The chief threat is apparently from the flavour of the month, cyberspace, but it is hard to see how it is deterred by more ships and planes. Is the RAF going to target cyber-nerds with drones? As for terrorists, if anything has been learned from the last decade it is that "going to war" against them with main force glorifies them and serves their purpose. Nor is it clear how any threats are to be prevented by deploying pseudo-independent nuclear missiles. Do they stop Pakistan training al-Qaida bombers? Policing and intelligence ensure that few terrorist acts occur in Britain; but even where they do, they destroy people and buildings. They do not endanger civil society and are anyway not susceptible to deterrence. The case for nuclear weapons is so weak that the chiefs of staff themselves recently pleaded for them to be removed from military consideration and treated as "political". The whole argument is puerile. The bulk of the listed threats, such as natural disasters, swine flu, satellite interference or something called "price manipulation" should be of no concern to the armed forces. For the military establishment to exploit them to justify its existence is quite wrong, like invoking the brigade of guards to reinforce Asbos. These threats demand regulation, intelligence, policing and civil contingency. They do not need missiles or carriers. The charge levelled at the defence review is that it is driven not by strategy but by money. In Britain there is no other way of conducting a defence review because special interests fight every inch of the way. The last substantive review was pushed through by John Nott in league with the Treasury in 1982. It was bold and was supported by Lady Thatcher, but the Falklands war scotched it, a war fought by the Royal Navy not to save the Falklands but to save the navy from Thatcher's cuts. Since then no defence secretary has had the guts to stand up to the defence lobby, and no prime minister has had the guts to support him if he did. This defence review, in all its absurdity, was made unavoidable by the debt crisis but worsened by a sequence of weak Labour defence ministers and the indiscipline of the chiefs of staff. For the pundits to say the outcome is rushed is absurd. Britain spends millions on research, planning and strategy, in a myriad thinktanks and staff colleges. Their sole job is to think the unthinkable. If they never pondered what they might have to do if their grotesque gravy-train hit the buffers they should be sacked. As for Hillary Clinton's intervention, suggesting in effect that Britain take lessons in value for money from the Pentagon, it is laughable. Only in the last three months have the defence chiefs been prepared to face the music, with some of them finally ridiculing the navy's carriers and Trident and the air force's strike fighters. By then the damage had been done and the procurement documents signed. This is not the coalition's defence review but Gordon Brown's, the outcome of the poison-pill contracts signed to protect jobs and make the coalition's job a nightmare. None of the threats against which Britain's armed forces are deployed is on a par with those for which they were designed 70 years ago. They are second-order risks, requiring non-military agencies of government to counter. Were it not for Labour's foreign policy, subservient to American paranoia, there would be no need for most of the manpower and equipment now in use and planned. The defence establishment is a huge waste of national resources which, if the security review meant anything, could be mothballed against a rainy day. Britain faces many challenges, including some involving violence, but the integrity of the state is not one of them. Those who argue otherwise should be seen for what they are, a chauvinist vested interest with money on the table. From rforno at infowarrior.org Wed Oct 20 08:17:16 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Oct 2010 09:17:16 -0400 Subject: [Infowarrior] - Lynn: Cyberspace is the New Domain of Warfare Message-ID: <31A6F371-51DE-4ED3-9967-118CD8E8296B@infowarrior.org> http://presszoom.com/story_161031.html 10/18/2010 - WASHINGTON (AFNS) -- With the creation of the U.S. Cyber Command in May and last week's cybersecurity agreement between the departments of Defense and Homeland Security, DOD officials are ready to add cyberspace to sea, land, air and space as the latest domain of warfare, Deputy Defense Secretary William J. Lynn III said Oct. 14. (PressZoom) - 10/18/2010 - WASHINGTON (AFNS) -- With the creation of the U.S. Cyber Command in May and last week's cybersecurity agreement between the departments of Defense and Homeland Security, DOD officials are ready to add cyberspace to sea, land, air and space as the latest domain of warfare, Deputy Defense Secretary William J. Lynn III said Oct. 14. "Information technology provides us with critical advantages in all of our warfighting domains, so we need to protect cyberspace to enable those advantages," Secretary Lynn said. Adversaries may be able to undermine the military's advantages in conventional areas by attacking the nation's military and commercial information technology, or IT, infrastructure, Secretary Lynn said. This threat has "opened up a whole new asymmetry in future warfare," the deputy defense secretary said. DOD's focus on cyberdefense began in 2008 with a previously classified incident in the Middle East ,in which a flash drive inserted malware into classified military networks, Secretary Lynn said. "We realized we couldn't rely on passive defenses and firewalls and software patches, and we've developed a more-layered defense," he said. Secretary Lynn laid out a draft cyberstrategy in the September/October issue of "Foreign Affairs" magazine. He said DOD officials are working to finalize the strategy. "There's no agreed-on definition of what constitutes a cyberattack," Secretary Lynn said. "It's really a range of things that can happen, from exploitation and exfiltration of data to degradation of networks, to destruction of networks or even physical equipment, (or) physical property. What we're doing in our Defense cyberstrategy is developing appropriate responses and defenses for each of those types of attacks." One element of the strategy, working with Homeland Defense to protect critical military and civilian IT infrastructure, was put into place Oct. 13, when Defense Secretary Robert M. Gates and Homeland Security Secretary Janet Napolitano announced a new agreement to work together on cybersecurity. The agreement includes a formal mechanism for benefiting from the technical expertise of the National Security Agency which is responsible for protecting national security systems, collecting related foreign intelligence and enabling network warfare. Another element is what Lynn calls a "layered defense, where you have intrusion detection and firewalls, but you also have a ... layer that helps defend against attacks." In his draft strategy, Secretary Lynn described the defense-layer component of cybersecurity in terms of NSA-pioneered systems that "automatically deploy defenses to counter intrusions in real time. Part sensor, part sentry, part sharpshooter, these active defense systems represent a fundamental shift in the U.S. approach to network defense." And, since no cyberdefense system is perfect, DOD officials require "multiple layers of defense that give us better assurance of capturing malware before it gets to us," Secretary Lynn said. "We need the ability to hunt on our own networks to get (intruders who) might get through, and we need to continually improve our defenses," he said. "We can't stand still. The technology is going to continue to advance, and we have to keep pace with it." Envisioned attacks on military networks could impair military power, national security and the economy, Secretary Lynn said. Enemy cyberattacks could deprive the military of the ability to strike with precision and communicate among forces and with headquarters, he said. It could impair logistics or transportation networks and eliminate advantages that information technology has given military forces. "Beyond that, cyberattacks conceivably could threaten the national economy if (adversaries) were to go after the power grid or financial networks or transportation networks, and that, too, would be a national security challenge," Secretary Lynn said. "And over the long run, there's a threat to our intellectual property ... basically a theft of the lifeblood of our economy." Working more closely with allies is an important element of the strategy to ensure a shared defense and an early warning capability, he said. The NATO 2020 report identified the need for the alliance's new 10-year strategic concept to further incorporate cyberdefense concepts Secretary Lynn wrote about in Foreign Affairs. U.S. technological advantages are a critical part of the cyberstrategy, and the Pentagon already is working with industry and with the Defense Advanced Research Projects Agency to put these to work, Secretary Lynn said. As part of a public-private partnership called the Enduring Security Framework, Secretary Lynn wrote, chief executive officers and chief technology officers of major IT and defense companies meet regularly with top officials from the DOD, Homeland Security, and the Office of the Director of National Intelligence. DARPA also is working on the National Cyber Range, a simulated model of the Internet that will enable the military to test its cyberdefenses before deploying them in the field. The Pentagon's IT acquisition process also has to change, Secretary Lynn wrote. It took Apple Inc. 24 months to develop the iPhone, he said, and at DOD, it takes on average about 81 months to develop and field a new computer system after it is funded. "The Pentagon is developing a specific acquisition track for information technology," Secretary Lynn wrote, and it also is bolstering the number of cyberdefense experts who will lead the charge into the new cyberwar era. The military's global communications backbone consists of 15,000 networks and 7 million computing devices across hundreds of installations in dozens of countries, Secretary Lynn wrote. More than 90,000 people work full time to maintain it, he said, but more are needed. Through the establishment of U.S. Cyber Command and the bolstering of cybersecurity at other defense agencies, "we've greatly increased the number of cyber professionals we have at DOD and will continue to increase that," Secretary Lynn said. From rforno at infowarrior.org Wed Oct 20 16:56:17 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Oct 2010 17:56:17 -0400 Subject: [Infowarrior] - UK: Every email and website to be stored Message-ID: Every email and website to be stored By Tom Whitehead, Home Affairs Editor Published: 12:40PM BST 20 Oct 2010 http://www.telegraph.co.uk/technology/news/8075563/Every-email-and-website-to-be-stored.html Every email, phone call and website visit is to be recorded and stored after the Coalition Government revived controversial Big Brother snooping plans. The plans are expected to involve service providers storing all users details for a set period of time It will allow security services and the police to spy on the activities of every Briton who uses a phone or the internet. Moves to make every communications provider store details for at least a year will be unveiled later this year sparking fresh fears over a return of the surveillance state. The plans were shelved by the Labour Government last December but the Home Office is now ready to revive them. It comes despite the Coalition Agreement promised to "end the storage of internet and email records without good reason". Any suggestion of a central "super database" has been ruled out but the plans are expected to involve service providers storing all users details for a set period of time. That will allow the security and police authorities to track every phone call, email, text message and website visit made by the public if they argue it is needed to tackle crime or terrorism. The information will include who is contacting whom, when and where and which websites are visited, but not the content of the conversations or messages. The move was buried in the Government's Strategic Defence and Security Review, which revealed: "We will introduce a programme to preserve the ability of the security, intelligence and law enforcement agencies to obtain communication data and to intercept communications within the appropriate legal framework. "This programme is required to keep up with changing technology and to maintain capabilities that are vital to the work these agencies do to protect the public. "Communications data provides evidence in court to secure convictions of those engaged in activities that cause serious harm. It has played a role in every major Security Service counter terrorism operation and in 95 per cent of all serious organised crime investigations. "We will legislate to put in place the necessary regulations and safeguards to ensure that our response to this technology challenge is compatible with the Government?s approach to information storage and civil liberties." But Isabella Sankey, director of policy at Liberty, said: "One of the early and welcome promises of the new Government was to ?end the blanket storage of internet and email records?. "Any move to amass more of our sensitive data and increase powers for processing would amount to a significant U-turn. The terrifying ambitions of a group of senior Whitehall technocrats must not trump the personal privacy of law abiding Britons.? Guy Herbert, general secretary of the No2ID campaign group, said: "We should not be surprised that the interests of bureaucratic empires outrank liberty. "It is disappointing that the new ministers seem to be continuing their predecessors' tradition of credulousness." From rforno at infowarrior.org Wed Oct 20 21:15:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Oct 2010 22:15:39 -0400 Subject: [Infowarrior] - DoD expanding domestic cyber role Message-ID: <6FF3AEA9-2378-4041-ADF5-85323A29B142@infowarrior.org> DoD expanding domestic cyber role By William Matthews - Staff report Posted : Wednesday Oct 20, 2010 17:25:08 EDT http://www.navytimes.com/news/2010/10/defense-dod-expands-domestic-cyber-role-102010/ The Defense Department is quietly taking on an expanding role in defending U.S. critical infrastructure from cyber attacks. In a break with previous policy, the military now is prepared to provide cyber expertise to other government agencies and to certain private companies to counter attacks on their computer networks, the Pentagon?s cyber policy chief, Robert Butler, said Wednesday. An agreement signed this month with the Department of Homeland Security and an earlier initiative to protect companies in the defense industrial base make it likely that the military will be a key part of any response to a cyber attack. While the Department of Homeland Security officially remains the lead government agency on cyber defense, the new agreement ?sets up an opportunity for DHS to take advantage of the expertise? in the Pentagon, and particularly the secretive electronic spying agency, the National Security Agency, said Butler, who is a deputy assistant defense secretary. The two agencies ? Defense and Homeland Security ? ?will help each other in more tangible ways then they have in the past,? Butler told a group of defense reporters. Among other things, a senior DHS cyber official and other DHS employees will move to the NSA to be closer to the heart of the military?s cyber defense capability. Closer collaboration provides ?an opportunity to look at new ways that we can do national cyber incident response, he said. ?DoD?s focus is really about getting into the mix. We want to plan together and work together with other departments? to ensure that they understand the military?s cyber capabilities and that the military understands what other agencies and private companies can do for cyber defense, Butler said. Improving agency and industry ?situational awareness? in cyberspace is a central objective, Butler said. Developing and maintaining a clear picture of the threats in cyberspace remains difficult, apparently even for the NSA. In part, that?s because new uses for the Internet are invented every day, Butler said, and it?s not always clear whether new activity is harmful or benign. Even the Defense Department is still ?in the mode of understanding.? In the event of a cyber attack, it?s still extremely difficult to tell who is attacking. It?s not even clear what constitutes an attack. ?As we move forward, one of the key things we have is to agree on is the taxonomy,? he said. There is lots of discussion about ?cyberwar,? ?cyber attacks,? and ?hostile intent,? but there is no agreement on exactly what those terms mean. Developing standard definitions remains under discussion among U.S. government agencies and between international governments and organizations, he said. From rforno at infowarrior.org Wed Oct 20 21:17:06 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Oct 2010 22:17:06 -0400 Subject: [Infowarrior] - Pentagon seeks tight ties with cyber contractors Message-ID: UPDATE 1-Pentagon seeks tight ties with cyber contractors By Jim Wolf http://www.reuters.com/article/idUSN2023673520101020 WASHINGTON, Oct 20 (Reuters) - The U.S. Defense Department aims to tighten ties with its cybersecurity contractors in an effort to better protect sensitive computer networks against growing cyber threats. The department's use of top-level system integrators and entrepreneurs will continue to grow, along with the need for so-called "active" defenses that scan incoming code to shield network perimeters, Robert Butler, the Pentagon's top official for cyber policy, said on Wednesday. "And as we thread those together, what we want to do is a very very tight partnership with industry," Butler, the deputy assistant secretary of defense for cyber policy, told reporters at a breakfast session. One key goal, Butler said, was to cut the lag between development of new protective technology and its deployment. He said the department also wants to promote supplier diversity, partly to guard its information technology supply chain against compromise. The Pentagon's biggest suppliers -- including Lockheed Martin Corp (LMT.N), Boeing Co (BA.N), Northrop Grumman Corp (NOC.N), BAE Systems Plc (BAES.L) and Raytheon Co (RTN.N) -- all have big and growing cyber-related product and service lines for a market that has been estimated at $80 billion to $140 billion a year worldwide, depending on how broadly it is defined. Butler declined to comment directly on newly expressed concerns by U.S. lawmakers about buying telecommunications hardware from companies such as Huawei Technologies Co, a China-based network equipment maker founded by a retired Chinese military officer. "Supply chain is a big issue that we are tracking," he said. Part of the approach involves screening to verify components and sub-components, he said. The department is also seeking to understand how manufacturing processes are taking place and to manage risks, Butler said. A group of lawmakers including Senator Joseph Lieberman, chairman of the Senate Homeland Security Committee, asked the Federal Communications Commission on Tuesday to detail any security risks from network equipment made by Huawei [HWT.UL] and ZTE Corp (0763.HK)(000063.SZ), both based in Shenzhen, China. The two "are aggressively seeking to supply sensitive equipment for U.S. telecommunications infrastructure and/or serve as operator and administrator of U.S. networks, and increase their role in the U.S. telecommunications sector through acquisition and merger," Lieberman said in a letter also signed by Senators Jon Kyl and Susan Collins and Representative Sue Myrick. A report commissioned by the congressionally chartered U.S.-China Economic and Security Review Commission said last year that Beijing, at odds with Washington over Taiwan arms sales among other things, appeared to be conducting "a long-term, sophisticated, computer network exploitation campaign" against the U.S. government and U.S. defense industries. China has denied the charge, made in a survey carried out for the commission by Northrop Grumman, the Pentagon's third-biggest supplier by sales. From rforno at infowarrior.org Wed Oct 20 21:18:27 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Oct 2010 22:18:27 -0400 Subject: [Infowarrior] - Military Granted Role in Cyberattack Response Message-ID: <545F1311-487A-4B2C-A0A7-17F684E017F2@infowarrior.org> October 20, 2010 Pentagon Will Help Homeland Security Department Fight Domestic Cyberattacks By THOM SHANKER http://www.nytimes.com/2010/10/21/us/21cyber.html WASHINGTON ? The Obama administration has adopted new procedures for using the Defense Department?s vast array of cyberwarfare capabilities in case of an attack on vital computer networks inside the United States, delicately navigating historic rules that restrict military action on American soil. The system would mirror that used when the military is called on in natural disasters like hurricanes or wildfires. A presidential order dispatches the military forces, working under the control of the Federal Emergency Management Agency. Under the new rules, the president would approve the use of the military?s expertise in computer-network warfare, and the Department of Homeland Security would direct the work. Officials involved in drafting the rules said the goal was to ensure a rapid response to a cyberthreat while balancing concerns that civil liberties might be at risk should the military take over such domestic operations. The rules were deemed essential because most of the government?s computer-network capabilities reside within the Pentagon ? while most of the important targets are on domestic soil, whether within the government or in critical private operations like financial networks or a regional power grid. The new approach will begin with a Department of Homeland Security team deploying to Fort Meade, Md., home to both the National Security Agency, which specializes in electronic espionage, and the military?s new Cyber Command. In exchange, a team of military networking experts would be assigned to the operations center at the Homeland Security Department. The rules were detailed in a memorandum of agreement signed in late September by Janet Napolitano, the secretary of homeland security, and Defense Secretary Robert M. Gates, but they were not released until last week. Robert J. Butler, the Pentagon?s deputy assistant secretary for cyber policy, said the memorandum was intended to cut through legal debates about the authority for operating domestically, and to focus on how best to respond to the threat of attack on critical computer networks. Mr. Butler said teams of lawyers would watch for potential violations of civil liberties. ?We have put protection measures in place,? he said. The Pentagon is expected to release a full National Defense Strategy for Cyber Operations this year, to be followed by broader interagency guidance from the White House, perhaps in the form of a presidential directive, in 2011. Congress also is weighing legislation that would update domestic law to deal with advances in computer-based surveillance and cyberwarfare. William J. Lynn III, the deputy defense secretary, underscored the Pentagon?s ?need to protect our military networks,? but said that ?it?s a national challenge as well.? In an interview with Charlie Rose broadcast Monday by PBS, Mr. Lynn added: ?We need to protect our critical infrastructure. We need to protect our intellectual property. And that?s a whole-of-government effort.? During a visit last week to NATO headquarters in Brussels, Mr. Gates lobbied for new partnerships to combat computer threats, while warning that the NATO networks were vulnerable. ?On cybersecurity, the alliance is far behind,? Mr. Gates said. ?Our vulnerabilities are well known, but our existing programs to remedy these weaknesses are inadequate.? Mr. Gates said he was not concerned that secret intelligence shared with allies would be compromised, but he said NATO had weaknesses in its defenses for computer networks at its headquarters and throughout the shared command structure. From rforno at infowarrior.org Wed Oct 20 21:26:19 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Oct 2010 22:26:19 -0400 Subject: [Infowarrior] - In a Digital Age, Students Still Cling to Paper Textbooks Message-ID: <36F83D16-1B39-40C1-A347-531C6378F562@infowarrior.org> In a Digital Age, Students Still Cling to Paper Textbooks By LISA W. FODERARO http://www.nytimes.com/2010/10/20/nyregion/20textbooks.html CLINTON, N.Y. ? They text their friends all day long. At night, they do research for their term papers on laptops and commune with their parents on Skype. But as they walk the paths of Hamilton College, a poster-perfect liberal arts school in this upstate village, students are still hauling around bulky, old-fashioned textbooks ? and loving it. ?The screen won?t go blank,? said Faton Begolli, a sophomore from Boston. ?There can?t be a virus. It wouldn?t be the same without books. They?ve defined ?academia? for a thousand years.? Though the world of print is receding before a tide of digital books, blogs and other Web sites, a generation of college students weaned on technology appears to be holding fast to traditional textbooks. That loyalty comes at a price. Textbooks are expensive ? a year?s worth can cost $700 to $900 ? and students? frustrations with the expense, as well as the emergence of new technology, have produced a confounding array of options for obtaining them. Internet retailers like Amazon and Textbooks.com are selling new and used books. They have been joined by several Web services that rent textbooks to students by the semester. Some 1,500 college bookstores are also offering rentals this fall, up from 300 last year. Here at Hamilton, students this year have a new way to avoid the middleman: a nonprofit Web site, created by the college?s Entrepreneur Club, that lets them sell used books directly to one another. The explosion of outlets and formats ? including digital books, which are rapidly becoming more sophisticated ? has left some students bewildered. After completing the heavy lifting of course selection, they are forced to weigh cost versus convenience, analyze their own study habits and guess which texts they will want for years to come and which they will not miss. ?It depends on the course,? said Victoria Adesoba, a pre-med student at New York University who was standing outside that school?s bookstore, a powder-blue book bag slung over her shoulder. ?Last semester, I rented for psychology, and it was cheaper. But for something like organic chemistry, I need to keep the book. E-textbooks are good, but it?s tempting to go on Facebook, and it can strain your eyes.? For all the talk that her generation is the most technologically adept in history, paper-and-ink textbooks do not seem destined for oblivion anytime soon. According to the National Association of College Stores, digital books make up just under 3 percent of textbook sales, although the association expects that share to grow to 10 percent to 15 percent by 2012 as more titles are made available as e-books. In two recent studies ? one by the association and another by the Student Public Interest Research Groups, a national advocacy network ? three-quarters of the students surveyed said they still preferred a bound book to a digital version. Many students are reluctant to give up the ability to flip quickly between chapters, write in the margins and highlight passages, although new software applications are beginning to allow students to use e-textbooks that way. ?Students grew up learning from print books,? said Nicole Allen, the textbooks campaign director for the research groups, ?so as they transition to higher education, it?s not surprising that they carry a preference for a format that they are most accustomed to.? Indeed, many Hamilton students waxed passionate about the weighty tomes they still lug from dorm room to lecture hall to library, even as they compulsively check their smartphones for text messages and e-mails. ?I believe that the codex is one of mankind?s best inventions,? said Jonathan Piskor, a sophomore from North Carolina, using the Latin term for book. That passion may be one reason that Barnes & Noble College Booksellers is working so hard to market its new software application, NOOKstudy, which allows students to navigate e-textbooks on Macs and PCs. The company, which operates 636 campus bookstores nationwide, including Hamilton?s, introduced the free application last summer in hopes of luring more students to buy its electronic textbooks. ?The real hurdle is getting them to try it,? said Tracey Weber, the company?s executive vice president for textbooks and digital education. The company is giving away ?College Kick-Start Kits? to students who download NOOKstudy in the fall semester, with ramen noodle recipes and a dozen classic e-books like ?The Canterbury Tales? and ?The Scarlet Letter.? CourseSmart, a consortium of major textbook publishers, is letting students try any e-textbook free for two weeks. But not every textbook is available in digital or rental format. At Hamilton, for instance, only about one-fifth of the titles are sold as e-textbooks this fall. A stroll through the campus store revealed the price difference. A book on constitutional law, for instance, was $189.85 new, $142.40 used and $85.45 for rent. (Typically, an e-textbook is cheaper than a used book, though more expensive than a rental.) The expense of college textbooks, which is estimated to have risen four times the inflation rate in recent years, has become such a concern that some politicians are taking up the cause. Last month, Senator Charles E. Schumer of New York urged more college stores to rent books, after a survey of 38 campus bookstores in New York City and on Long Island by his office found that 16 did not offer the option. On Thursday, students at more than 40 colleges nationwide are planning an Affordable Textbooks Day of Action, organized by the Student Public Interest Research Groups, to encourage faculty members to assign texts that are less expensive, or offered free online. For now, buying books the old-fashioned way ? new or used ? prevails. Charles Schmidt, the spokesman for the National Association of College Stores, said that if a campus store sold a new book for $100, it would typically buy the book back for $50 at semester?s end and sell it to the next student for $75. The buy-back price plummets, however, if the professor drops the book (or edition) from the syllabus or if the bookstore has bought enough books to meet demand. When Louis Boguchwal, a junior at Hamilton who is majoring in economics and math, tried to sell a $100 linear algebra textbook back to the college bookstore, he was offered $15. ?It was insulting,? he said. ?They give you next to nothing.? Thus, the creation of Hamilton?s new nonprofit Web site, getmytextbooks.org. So far, traffic has been light: only about 70 books have been sold this fall. But Jason Mariasis, president of the Entrepreneur Club, said he expected sales to pick up as word spread. The site also lists hundreds of other colleges. Mr. Begolli, a member of the club, recently sold three German novels for $17 on the site. ?If I had sold them back to the bookstore, I would have gotten $7 or $8,? he said. ?The bookstore is king when it comes to textbook sales. We felt there should be something for students, by students.? Yet some students have to go it alone. Rosemary Rocha, 26, an N.Y.U. student pursuing a degree in hospitality and tourism management, tallied up her required reading for the semester: $600. ?It?s harsh,? she said. ?I?m currently collecting unemployment, so that?s not going to happen.? Instead, she waits to borrow the few copies her professors leave on reserve at the library, or relies on the kindness of classmates. ?My friends will let me borrow their books in exchange for coffee or a slice of pizza,? she said. ?I very seldom buy the textbooks, but I?m always like a chicken without a head.? From rforno at infowarrior.org Thu Oct 21 07:54:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Oct 2010 08:54:37 -0400 Subject: [Infowarrior] - Army cyber unit guards computer networks Message-ID: Army cyber unit guards computer networks New command houses service's resources under one roof ? By Henry Kenyon ? Oct 20, 2010 http://fcw.com/Articles/2010/10/20/Cyber-Defense-Army-Cyber-Command.aspx?p=1 The Army launched the Army Cyber Command (ARCYBER), the service's component of the U.S. Cyber Command, this month, centralizing existing resources in the Army's efforts to protect its global computer networks. The new command brings a number of the Army's cyber resources under one roof. That will ensure that the service?s policy, force structure, capabilities development, resources and personnel can securely and effectively work together in cyberspace at the tactical, strategic and national levels, said Army spokesman John Cummings. The new command, which incorporates Army organizations such as the Army Network Enterprise Technology Command/9th Signal Command and parts of the 1st Information Operations Command/Land, will be incorporated into ARCYBER. ARCYBER also will oversee the cyber operations of the Army Intelligence and Security Command. Cummings said ARCYBER's personnel level will exceed 21,000 soldiers and civilians. The Army added that there will be no new growth or effect on the number of active-duty military and civilian personnel in the Army, and existing Army funding will cover the cost of the command. The cyber command achieved an initial operating capability Oct. 1, 2009, by using the Army Space and Missile Defense Command and Army Forces Strategic Command as an interim headquarters. During that period, it was supported by the Army Network Enterprise Technology Command/9th Signal Command, 1st Information Operations Command and Intelligence and Security Command. ARCYBER is adding personnel from other Army commands. Cummings said the Army is reassigning specialists from the Intelligence and Security Command and Fort Huachuca, Ariz., to the new command. When ARCYBER transitioned to becoming fully operational, its interim commander, Lt. Gen. Kevin Campbell, handed over the organization to Maj. Gen. Rhett Hernandez, who will be its commander. The command's location remained uncertain at press time. Army officials have indicated that it will be in the U.S. capital region, and potential sites for the headquarters include Fort Belvoir, Va., and Fort Meade, Md., which is home to the National Security Agency. Earlier reports placed the command at Fort Belvoir, but Army officials said that was not a final decision. The new command gives the Army an organization that can plan, coordinate, integrate, synchronize and conduct cyberspace operations. Cummings said ARCYBER will be the service?s single point of contact for external entities, such as the joint Cyber Command, for reporting, assessments, recommendations, synchronization and integration of cyberspace activity. ARCYBER also will help focus the Army?s cyber research and development in areas such as new applications and combat development. The command will work with the Army?s Training and Doctrine Command on issues such as cyber doctrine, organization, training, materiel, leadership, personnel and facilities. However, as ARCYBER becomes fully operational, the roles of the individual services? cyber commands in the joint Cyber Command will be examined, said Martin Libiki, senior management scientist at Rand. In conventional operations, the services provide units to support specific missions. But with cyber operations, there is no service-specific specialty, he said. Libiki noted that the Defense Department is asking for entire cyber warfare units. For example, the Air Force just established the 659th Intelligence Surveillance and Reconnaissance group, half of which will serve the 24th Air Force and the other half will support the U.S. Cyber Command. ?It?s not inherently obvious that that?s the way you want these guys to operate,? he said. The common element is that the military services are working to understand their core competencies for cyber operations. Regarding the relationship between the joint Cyber Command and each service's networks, Libiki noted that the network is departmentwide, with each of the service?s bases wired into the infrastructure. Although the services can defend their base networks, operations must be managed at a higher authority to sufficiently protect the entire DOD network. That might provide adequate mission areas for service commands such as ARCYBER, he said. Libiki said he believes that many operational strategic issues regarding the combat aspect of cyber warfare must still be resolved. ?Do we have a coherent offensive cyber war policy, as we have a coherent air war and naval war policy? I don?t know. I?d like to believe that we do. But I?d be very surprised if they?ve identified and answered all the questions.? About the Author Henry Kenyon is a staff reporter covering enterprise applications. From rforno at infowarrior.org Thu Oct 21 17:30:14 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Oct 2010 18:30:14 -0400 Subject: [Infowarrior] - OT: Mashup - "Tweet It" Message-ID: An early leap for your Friday yukks...... In this spoof of Michael Jackson's Beat It, Pantless Knights, a group that has made some pretty good musical spoofs, presents TWEET IT. In this video the hipsters, sporting iPhones, and the suits, all with iPads, take it to the streets in a battle of the tweets. http://www.tuaw.com/2010/10/21/found-footage-tweet-it-a-video-parody-of-beat-it/ From rforno at infowarrior.org Thu Oct 21 21:55:41 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Oct 2010 22:55:41 -0400 Subject: [Infowarrior] - Japan has national botnet warriors; why don't we? Message-ID: <0E7C5C4D-65A9-43A1-A077-E623566406DE@infowarrior.org> Japan has national botnet warriors; why don't we? By Matthew Lasar | Last updated about 3 hours ago http://arstechnica.com/tech-policy/news/2010/10/japan-has-a-national-botnet-fighter-wheres-ours.ars October is Cybersecurity Awareness Month here in the United States, which is a good thing, because we come down with more PC botnet infections than any other country in the world. Microsoft reports 2.2 million US PCs hijacked for cybercrime or distributed denial of service (DDOS) attacks on websites in the first half of this year. And in late September, police in the greater New York area busted over 60 members of a botnet ring whose plan was to deploy the Zeus Trojan to clean out banks. Botnets "are the launch pad for much of today's criminal activity on the Internet," Microsoft security expert Adrienne Hall warned last week. "In many ways, they are the perfect base of operations for computer criminals." So what's the government doing about botnets? The Federal Communications Commission is running a proceeding to identify the five most critical cybersecurity threats to the communications infrastructure and come up with solutions. And various bills are floating around Capitol Hill that would unify the nation's already hyperbalkanized cybersecurity apparatus, so Uncle Sam can think with one brain about the problem (Senator Lieberman's here; Senator Rockefeller's here). These measures ought to bear fruit in the next geological era or two. But in the meantime, how about we do what Japan did and set up a national botnet fighter? The five stages of Cyber Clean's anti-botnet program. Rousing your attention Launched in 2006, it's called the Cyber Clean Center?a joint project of Japan's Ministry of Internal Affairs and Communications and its Ministry of Economy, Trade, and Industry. Over sixty of Japan's Internet Service Providers work with the center, as do Symantec, Microsoft, McAfee, and six other security companies. Cyber Clean does the usual good stuff, trying to raise public awareness about the dangers of bots. A "bot"?in case you've gotten this far and are still wondering?is a piece of downloadable malware that allows a remote user to control your computer. PCs often become bot zombies because their owner was "phished"?fooled into clicking an e-mail attachment designed to launch the infection. Once in control of your computer, botnet baddies can follow your keystrokes or turn your machine into a DDoS attack weapon. But the Cyber Clean operation goes a massive step further than public education. It searches for bot-infected PCs, then engages in a series of "attention rousing activities" to get the user to realize that her computer has been hijacked. Stage one of the ongoing campaign involves the regular deployment of "honeypot" PCs, essentially decoys that are easy for botnets to find and infest. Once the honeypot picks up enough bot data, Cyber Clean engineers move to stage two: scouring the machine's log files for intelligence on actual users who have caught the infection. In stage three, the relevant ISPs are alerted. They send those users an "attention rousing mail" directing them to a customized "bot deinfestation" website, where (in stage four) they receive downloads and instructions on how to clean their computer and prevent future attacks. 17 million bots One aspect of Cyber Clean's online documentation that's a bit confusing is whether the operation sends out email or snail mail alerts, or both (the words "mail" and "email" seem to be used interchangeably). But the project's latest "activity report" says that, as of August, it has collected almost 17 million bot samples and deployed over half a million "attention rousing" messages. An estimated 32.3 percent of users contacted actually go to their deinfestation page and download the relevant cleaning software, according to the organization. The campaign says it has counted 1,312,083 disinfectant downloads so far. It's not like nobody's doing anything about bots in the US. Comcast has just deployed a new botnet alert system for its customers. And, of course, there are a wide variety of security guard systems available to consumers. But in its filing with the FCC's cybersecurity proceeding, Microsoft seems skeptical that the botnet problem can be fixed on an individual level. "For various reasons, the awareness and availability of security products does not always result in their deployment and maintenance and, ultimately, results in inadequate risk management," the commentary notes. "As a result, society needs to explore ways to implement collective defenses to help protect consumers who may be unaware that their computers have been compromised, and to reduce the risk that these comprised devices present to the ecosystem as a whole." The software giant cites Cyber Clean as one of a number of international projects that have "had varying degrees of effectiveness." Maybe it's time to test its effectiveness here in the United States of Bots, too. From rforno at infowarrior.org Fri Oct 22 07:12:20 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Oct 2010 08:12:20 -0400 Subject: [Infowarrior] - more on... Japan has national botnet warriors; why don't we? References: <20101022115839.GB21811@gsp.org> Message-ID: <47198E92-BB8A-4298-BB09-56A204FAD1C4@infowarrior.org> Begin forwarded message: > From: Rich Kulawiec > Date: October 22, 2010 7:58:39 AM EDT > Subject: Re: [Infowarrior] - Japan has national botnet warriors; why don't we? > > Unfortunately, this: > >> In stage three, the relevant ISPs are alerted. They send those >> users an "attention rousing mail" directing them to a customized "bot >> deinfestation" website, where (in stage four) they receive downloads and >> instructions on how to clean their computer and prevent future attacks. > > is not only spamming, but ineffective, since of course the bots can be > trivially programmed to prevent the users in question from ever seeing > those email messages. Or to substitute their own. Or to redirect > users to sites of their choosing where more interesting downloads > are available. When a bot has taken over someone's system, *it's not > their computer any more*, and it's therefore silly to believe that it > will permit the former user (or anyone else) to interfere with its operation. > > No doubt botnet operators with systems in Japan will eventually react > to this by doing one or more of those things if the activities of > these "botnet warriors" become a sufficiently-annoying inconvenience. > I think if I were one of The Bad Guys, my first-order attempt at > undercutting this would likely involve making an entry (on all of > my bots) in whatever the Windows equivalent of /etc/hosts is along > these lines: > > 1.2.3.4 disenfectant-stuff.example.ne.jp > > where "disenfectant-stuff.example.ne.jp" is the site that users are > advised to go to, and 1.2.3.4 is of course a fake disenfectant site > under my control. Any user who received the spam advising them to snag > the anti-bot software would thus (a) oblige me by downloading > the latest version of my malware and (b) provide me with some > possibly-useful data on bot detection rates and methods. And of > course the latest version of my malware would include a GUI that > mimics the real disenfectant and dutifully reports to users that > their systems have been cleansed. Optionally, it could modify > their MUA to add a ruleset functionally equivalent to: > > if > (mail "From:" matches domain of botnet-warriors) > then > discard > > so that future messages land in the bit-bucket. > > (Let me note in passing that I really do mean "first-order"; I've > put 30 seconds of thought into this over my first cup of coffee. > No doubt further consideration would suggest far more subtle and > devious methods for retaining bot ownership.) > > The only way to really recover a system from bot infestation is to > boot it from known-clean media, back up all user data, scrub it to bare > metal, reinstall the operating system and all applications, restore all > (sanitized) user data, and then add sufficient protections to prevent > it from being quite-so-easily botted again. However even this is only > a temporary measure: users who insist on using insecurable operating > systems and/or insecurely designed/implemented applications, or who have > poor computing hygiene, will soon enough defeat all those measures and > the cycle will repeat. > > And of course only a tiny fraction of bot'd systems are actually given > this treatment. Nearly all the time, the course of action involves > running a putative anti-virus/spyware/malware package *on a known-infected > system* and vaguely hoping that it might work. As we see here. > > Given that we have watched the worldwide bot population monotonically > increase for the better part of the a decade, and that there are at bare > minimum 100 million of them, it will take more than inept half-measures > like this to seriously attack the problem. > > ---rsk > From rforno at infowarrior.org Fri Oct 22 08:07:07 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Oct 2010 09:07:07 -0400 Subject: [Infowarrior] - Piracy domain seizure bill gains support Message-ID: <6930C359-EADD-4CC3-B8AA-DF036BFB071C@infowarrior.org> October 22, 2010 4:00 AM PDT Piracy domain seizure bill gains support by Declan McCullagh http://news.cnet.com/8301-13578_3-20020408-38.html?part=rss&subj=news&tag=2547-1_3-0-20 A proposed law allowing the government to pull the plug on Web sites accused of aiding piracy received a sizable political boost yesterday. Dozens of the largest content companies, including video game maker Activision, media firms NBC Universal and Viacom, and the Motion Picture Association of America (MPAA) and Recording Industry Association of America (RIAA) endorsed the bill in a letter to the U.S. Senate. So did Major League Baseball and the U.S. Chamber of Commerce. The letter to Sen. Patrick Leahy, a Vermont Democrat and co-sponsor of the bill, said new laws are needed to curb access to increasingly sophisticated "rogue Web sites" that "undermine the growth and stability of many industries and the American jobs that they support." The legislation should be enacted "during the time remaining" this year, meaning after the Democratic-controlled Congress returns in November, the letter says. The proposal is not uncontroversial: Since its introduction a few weeks ago, the idea has alarmed engineers and civil liberties groups, who say that it could balkanize the Internet, jeopardize free speech rights, and endanger even some legitimate Web pages that are part of larger sites. According to its current wording, any domain name "dedicated to infringing activities" could find itself in the U.S. Department of Justice's prosecutorial crosshairs. "We feel that this bill addresses the worst of the worst," MPAA VP Howard Gantman told CNET yesterday. "It's focused on Web sites that are engaged in promoting illegal activity and there needs to be something done about it." The bill, known as COICA for Combating Online Infringement and Counterfeits Act, doesn't authorize the Feds to shut down allegedly infringing sites directly. Rather, the Justice Department would seize the Web site's domain name and require any credit card or bank with U.S. operations to cease doing business with the accused pirate. Someone who knows the Internet Protocol address--the IP address for cnet.com, for instance, is currently 216.239.122.102--would still be able to connect to the Web site even if the computer that normally translates a domain name into its numeric address pretends not to know it. If all copyright-infringing and trademark Web sites were hosted in the United States with their Webmasters living on U.S. soil, Leahy's COICA would be largely unnecessary. A straightforward copyright lawsuit of the sort that the RIAA and the software industry have spent years perfecting would suffice. But that's not the case. Sites like the Russia-hosted MP3Sparks.com are accessible around the world, even though they almost certainly violate U.S. copyright law. ThePirateBay.org in Sweden has not only survived what seem like innumerable attempts to shut it down, but its operators take special pains to mock copyright lawyers who write cease-and-desist letters meant to be both earnest and threatening. A Web site is in danger of having its domain seized (or having U.S. Internet providers encounter a sudden case of amnesia when their customers try to visit it) if it is "primarily designed" and "has no demonstrable, commercially significant purpose or use other than" offering or providing access to unauthorized copies of copyrighted works. Counterfeit trademarks--that's why Chanel, Nike, Tiffany, and LVMH Moet Hennessy Louis Vuitton also signed the letter--are also included. That wording is significant. Because the phrase "providing access" appears, that would sweep in speciality search engines including The Pirate Bay that provide links to copyrighted works, even if the actual BitTorrent streams are hosted elsewhere. If the Leah bill, co-sponsored by Orrin Hatch (R-Utah), becomes law, domain name registries such as Verisign, which owns the rights to .com, .net, .tv, .cc, and others would find themselves under new and uncomfortable legal pressure. The .org registry has been run by the Public Interest Registry since 2003. But registries for top-level domains in other countries would remain unaffected, and The Pirate Bay, perhaps as a precautionary measure, already owns thepiratebay.se. Americans interested in free (if illegal) downloads could simply switch to that or visit the IP address at http://194.71.107.15, a workaround indicating that this congressional effort might accomplish rather less than its backers would like. For civil liberties groups, the bigger problem is that curbing access to a Web site because of some infringing material raises First Amendment problems. The Center for Democracy and Technology has published a six-page analysis (PDF) saying the bill would "set dangerous precedents with serious consequences for free expression, global Internet freedom, and the Internet's open and global architecture." Internet engineers have raised separate concerns. To content producers, and their allies among large trademark holders, there's no time to spare. The U.S. and other countries in the World Trade Organization already have "agreed in a binding international instrument to take action against counterfeiting and piracy on a commercial scale," the letter says. "This legislation simply advances that goal, and should in no way be used by other countries as a pretext to support censorship that takes place outside agreed upon principles of international law." They're pressing for a vote before the new Congress convenes in early 2011, perhaps because of concern that the election could tilt one or both chambers toward Republican control and make enactment of COICA less likely. One possible vehicle is an appropriations bill to fund the federal government for the next 10 months; that debate will resume under Democratic leadership by the time a temporary funding measure expires on December 3. Over the years, this approach has been a favorite way for Congress to enact laws that might not have otherwise have survived strict legislative scrutiny. The Real ID Act, a domain name tax, a school-and-library filtering requirement, and an anti-Internet porn measure were all enacted as part of unrelated government spending bills, usually at the end of the calendar year. So why the rush? Republicans may be--it's a little hard to predict--more skeptical about the need for COICA, even if it has been endorsed by the U.S. Chamber of Commerce. Remember, President Bush threatened to veto an MPAA- and RIAA-backed bill that would let federal prosecutors file civil lawsuits against peer-to-peer pirates. Contrast that with President Obama's choice of RIAA lawyers for senior posts. And Vice President Joe Biden recently put content industry hearts a-flutter when proclaiming: "Piracy is theft. Clean and simple. It's smash and grab." The MPAA couldn't have put it any better itself. From rforno at infowarrior.org Fri Oct 22 08:44:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Oct 2010 09:44:36 -0400 Subject: [Infowarrior] - iMovie blocks studio names in new trailers Message-ID: <9304024E-95FE-4F17-BADA-A37422D3014C@infowarrior.org> iMovie blocks studio names in new trailers By Thomas Ricker posted Oct 22nd 2010 7:21AM Perhaps its testament to the quality of the iMovie '11 trailers that Apple is blocking the use of big name studios in the titles. Ironic since Apple provides templates that ape the Paramount snow-capped mountain (pictured after the break) and familiar Universal Studios globe. So don't try to enter those studio names into the title sequence -- the words "Paramount" and "Universal" will be replaced with hyphens. We suspect other studios are affected as well. Hard to say if this is Apple's doing or the studios as both are notoriously controlling. We'd laugh if only we could stop crying. http://www.engadget.com/2010/10/22/imovie-blocks-studio-name-use-in-new-trailers/ From rforno at infowarrior.org Fri Oct 22 08:45:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Oct 2010 09:45:54 -0400 Subject: [Infowarrior] - NSA to Assist DHS with Domestic Cyberwarfare Operations Message-ID: <310B67B8-97F6-44C6-BF7A-1FF4DEF55970@infowarrior.org> NSA to Assist DHS with Domestic Cyberwarfare Operations http://publicintelligence.net/nsa-to-assist-dhs-with-domestic-cyberwarfare-operations/ From rforno at infowarrior.org Fri Oct 22 08:57:56 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Oct 2010 09:57:56 -0400 Subject: [Infowarrior] - =?windows-1252?q?Video_Shows_=91Stealth=92_Nuclea?= =?windows-1252?q?r_Submarine_Stuck_in_Scottish_Mud?= Message-ID: <74BD895A-EA99-4B78-9C31-5594F89F9107@infowarrior.org> Video Shows ?Stealth? Nuclear Submarine Stuck in Scottish Mud By ROBERT MACKEY http://thelede.blogs.nytimes.com/2010/10/22/video-shows-stealth-nuclear-submarine-stuck-in-scottish-mud/?hp Video uploaded to YouTube on Friday by a wildlife biologist on Scotland?s Isle of Skye shows a Royal Navy submarine that ran aground just off the coast. For all the talk about which high-tech weapons systems the British military might have to do without as the country slashes budgets to reduce its debt, officers in the Royal Navy must be glad they still have tugboats and ropes at their disposal, since those were what they were using Friday to try to dislodge a nuclear submarine that ran aground just yards off the coast of Scotland. Video of the HMS Astute, and the tugboat that was trying to pull it to deeper water, was shot and posted on YouTube by Paul Yoxon, a wildlife biologist on the Isle of Skye, who normally uploads images of rescued and rehabilitated otters being released into the wild. The BBC reports that the new nuclear submarine has been described as Britain?s ?stealthiest? because of ?39,000 acoustic panels which cover its surface mask its sonar signature, meaning it can sneak up on enemy warships and submarines alike, or lurk unseen and unheard at depth.? Right now, though, the Astute would have a hard time sneaking up on an otter, as Helen Birch, a colleague of Mr. Yoxon?s at the International Otter Survival Fund on the Isle of Skye, confirmed in a telephone interview with The Lede minutes ago. After explaining that Mr. Yoxon had shot the video of the beached submarine uploaded to YouTube, Ms. Birch was kind enough to put the phone down, go to an upstairs window of the otter group?s offices and look to make sure that the Astute was still stuck. It was. Britain?s defense ministry posted a short statement on its Web site, assuring the public that the stranded Astute posed no danger: We are aware of an incident involving one of our submarines off the Isle of Skye. This is not a nuclear incident. We are responding to the incident and can confirm that there are no injuries to personnel and the submarine remains watertight. There is no indication of any environmental impact. Another resident of Skye, Ross McKerlich, told the BBC that he was surprised to see the submarine outside his home when he awoke this morning. He added: There was a helicopter hovering over the top ? it?s now gone back and there are two Naval vessels from the local base, Kyle of Lochalsh, standing off to the north of her. Earlier in the day they did have ropes and they were trying to tow but now the tide has gone back and they?re just standing off. That the stealth submarine is currently so hard to miss brings to mind the mocking Serbian apology offered in 1999 after its military shot down an American F-117A stealth fighter during NATO?s bombing campaign on behalf of Kosovo?s Albanian population: ?Sorry, we didn?t know you were invisible.? From rforno at infowarrior.org Fri Oct 22 09:32:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Oct 2010 10:32:05 -0400 Subject: [Infowarrior] - China Has Ability to Hijack U.S. Military Data, Report Says Message-ID: China Has Ability to Hijack U.S. Military Data, Report Says By Jeff Bliss and Tony Capaccio - Oct 21, 2010 2:20 PM ET Thu Oct 21 18:20:37 GMT 2010 http://www.bloomberg.com/news/2010-10-21/china-has-ability-to-hijack-u-s-military-data-report-says.html China in the past year demonstrated it can direct Internet traffic, giving the nation the capability to exploit ?hijacked? data from the U.S. military and other sources, according to a new report. Recent actions raise questions that ?China might seek intentionally to leverage these abilities to assert some level of control over the Internet,? according to excerpts from the final draft of an annual report by the U.S.-China Economic and Security Review Commission. ?Any attempt to do this would likely be counter to the interests of the United States and other countries.? On April 8, China Telecom Corp., the nation?s third-largest mobile-phone company, instructed U.S. and other foreign-based Internet servers to route traffic to Chinese servers, the report said. The 18-minute re-routing included traffic from the U.S. military, the Senate and the office of Defense Secretary Robert Gates. ?Although the commission has no way to determine what, if anything, Chinese telecommunications firms did to the hijacked data, incidents of this nature could have a number of serious implications,? the report said. The re-routing showed how data could be stolen and communications with websites could be disrupted, the report said. Chinese Denial Wang Baodong, a spokesman for the Chinese Embassy in the U.S., denied that China had any intention of using the capability to harm the U.S. or other nations. ?Chinese laws strictly forbid hacking or any other illegal activities that?ll compromise the legitimate interests of China or any other countries,? he said in an e-mail. The report reaches ?unacceptable? conclusions, Wang said in an interview. ?The report was based on unfounded, groundless information,? Wang said. Created by Congress in 2000, the commission has been documenting what China?s economic and military rise means for the U.S. An October 2009 report Northrop Grumman Corp. prepared for the commission detailed the importance the Chinese military places on computer networks. China?s Internet policies raised concerns in the Obama administration after Google Inc., owner of the world?s most popular search engine, said in January it would stop censoring search results in China following a security breach. Shortly after Mountain View, California-based Google?s announcement in January, Secretary of State Hillary Clinton said perpetrators of cyber attacks such as the one made on Google must face consequences. The Chinese government repeatedly has said it wasn?t behind the attacks on Google, which the company said originated in China. Decline in Attacks The report also focuses on how China is interested in stripping away the Internet?s anonymity. China wants to create a system that would require people to provide their given names and potentially other information to gain access to the Internet, the report said, citing a Chinese official?s speech. The Chinese government has farmed out much of its censorship activities to the private sector, such as Baidu Inc., which operates the country?s most popular search engine, according to the report. Executives at Beijing-based Baidu have criticized the censorship, which they?re required to fund, the report said. While the government?s strategy is to control as much of the Chinese Internet dialogue as possible, it?s been ?selectively responsive? to grievances aired on the Web, giving citizens a sense of empowerment, the report said. The commission?s report also said that 2010 ?could be the first year in a decade? the Defense Department recorded a decline in attacks against its computer networks. The department said the decrease is the result of pre-emptive measures it?s taken to thwart attacks. To contact the reporters on this story: Jeff Bliss in Washington at jbliss at bloomberg.net Tony Capaccio in Washington at acapaccio at bloomberg.net To contact the editor responsible for this story: Mark Silva in Washington at msilva34 at bloomberg.net From rforno at infowarrior.org Fri Oct 22 16:08:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Oct 2010 17:08:18 -0400 Subject: [Infowarrior] - =?windows-1252?q?Leaked_Letter_Exposes_Sarkozy=92?= =?windows-1252?q?s_Repressive_Anti-Piracy_Agenda?= Message-ID: <1D80B813-AC92-43EE-BD08-0011D4DACB1C@infowarrior.org> Leaked Letter Exposes Sarkozy?s Repressive Anti-Piracy Agenda Written by Ernesto on October 22, 2010 http://torrentfreak.com/leaked-letter-exposes-sarkozys-repressive-anti-piracy-agenda-101022/ Next week France will host a European conference on online freedom of expression. The conference is a French-Dutch initiative to draft a code of conduct against Internet censorship. However, a leaked memo makes clear that French President Sarkozy is urging his Minister of Foreign Affairs to turn it into a promotional campaign for the Hadopi anti-piracy legislation instead. For years, French President Nicolas Sarkozy has been at the forefront of the war against Internet piracy. Earlier this year he booked a major victory when he got Hadopi, his three-strikes anti-piracy bill, signed into law. Under France?s new Hadopi law, alleged copyright infringers will be hunted down systematically in an attempt to decrease piracy. Alleged offenders have to be identified by their Internet providers and they will be reported to a judge once they have received three warnings, of which the first were sent out recently. Now that Sarkozy has got his way in France, the President is eager to conquer the rest of Europe with his draconian anti-piracy measures. To do so, he goes as far as hijacking an upcoming conference aimed at drafting clear rules against censorship and for freedom of expression on the Internet. In a leaked letter that was exposed by the citizen advocacy group La Quadrature du Net, Sarkozy makes it clear that he has other plans for the conference that was initiated by the French and Dutch governments. The letter was sent by Sarkozy to the French Minister of Foreign affairs, and details how the conference can be used to promote France?s anti-piracy agenda. According to Sarkozy, the October 29 conference offers an ?opportunity to promote the balanced regulatory initiatives carried on by France during these past three years, and in particular the HADOPI law in the field of copyright, which has recently been supported by the European Parliament, as well as the measures taken to fight the new cybercrime phenomena.? Not only does this letter show how far the French President is willing to go to spread his ideals, Sarkozy is also twisting the facts while doing so. The European Parliament has never openly supported Hadopi. Sarkozy is most likely referring to the recently passed Gallo report, but although that allows for more strict anti-piracy measures, it does not explicitly endorse three-strikes legislation. The letter makes it apparent that Sarkozy is indifferent to the massive critique of his plans, and that?s he?s bold enough to use a conference that should strengthen freedom of expression online, to push his own agenda. A dangerous development according to his opposition. ?This international conference on freedom of expression could become the Trojan horse of Sarkozy and his friends? repressive and obsolete vision of the Internet,? J?r?mie Zimmermann, spokesperson for La Quadrature du Net said. ?This coarse manipulation of French diplomacy, disregarding our most fundamental values, is one more example of the alliance between the entertainment industries and a few politicians, who seek to control the public space to remain in power. There is now a huge risk that this repressive vision of the Internet spreads out to the rest of the world?, Zimmermann concluded. Indeed, there is no doubt that the French President would rather protect the interests of the entertainment industry than the rights of European citizens. And he?s determined to succeed, whatever it takes. From rforno at infowarrior.org Fri Oct 22 16:57:34 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Oct 2010 17:57:34 -0400 Subject: [Infowarrior] - DOD still doesn't 'get' the Internet Message-ID: <567C1783-F5A1-460E-959C-BAC2CFF14B7E@infowarrior.org> Someone care to explain how the process outlined by Morrell will do anything to fix the Pentagon's problem here? In 2010, even saying such things in an official capability suggests that the USG still does not conceptually understand the nature of modern information flows.....or else why even say such idiotic things as part of its official statement? -rick "The only responsible course of action for WikiLeaks at this point is to return the stolen material and expunge it from their Web sites as soon as possible." - Geoff Morrell, the Defense Department press secretary (Source: http://www.nytimes.com/2010/10/23/world/middleeast/23response.html) From rforno at infowarrior.org Fri Oct 22 17:19:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Oct 2010 18:19:03 -0400 Subject: [Infowarrior] - Debt collectors may join antipiracy fight Message-ID: <7A0F2B04-B265-46D9-915B-325FAEB87DC3@infowarrior.org> October 22, 2010 1:26 PM PDT Debt collectors may join antipiracy fight by Greg Sandoval http://news.cnet.com/8301-31001_3-20020495-261.html First it was the lawyers. Then it was the politicians. Now debt collectors may be coming after people accused of film piracy, even before they have their day in court. A group calling itself the Copyright Enforcement Group (CEG), which according to its Web site specializes in media rights enforcement, appears to advocate the use of debt collectors even before the courts have rendered a judgment against accused copyright violators. CNET has obtained a copy of CEG's "service contract," which specifies the terms the group offers to client copyright owners. "In the event that the opposing parties fail to pay in full, the client grants power of attorney to and instructs the debt collection agencies and [legal office] to proceed with the further recovery and enforcement of claims for payment by means of debt collection procedures and legal proceedings." The new tactic targets computer users accused of illegally sharing films over peer-to-peer networks who refuse to settle out of court with copyright owners. Most of the attorneys doing this kind of work typically take accused content pirates to court. To this point, none of the other firms have even mentioned debt collectors. But the CEG appears to be taking a more aggressive stance. The contract has been seen by other attorneys who are working for the entertainment industry and they expressed shock, questioning whether the tactic is even legal. Who exactly is behind CEG is still unclear. Ira Siegel, a Beverly Hills-based attorney who earlier this month filed a suit against 1,568 accused file sharers, has represented the group in some legal dealings. In a phone interview with CNET, Siegel said he only participates in the lawsuits for CEG, apparently suggesting that someone else at CEG handled other business aspects. He declined to comment further. CEG did not respond to an interview request. Clearly, there are a number of unanswered questions about CEG and the service contract. The copy of the contract obtained by CNET is heavily redacted and identities of the parties who had entered into the agreement weren't visible. Would the debt collectors be used for administrative purposes? Would the collection agencies employ heavy-handed tactics, such as using abusive language and calling at odd hours? Such practices by some in the collections industry have come under scrutiny recently by the Federal Trade Association, according to a report last month by ABC News. The specter of debt collectors joining the downloading fray is yet another sign the movie industry is taking an increasingly tough line with accused pirates. In the last several months, attorneys from across the country have filed lawsuits accusing thousands of people of illegal file sharing. Thomas Dunlap, founder of the law firm of Dunlap, Grubb & Weaver, likely led the way when he filed suit against thousands of accused film pirates on behalf of indie filmmakers, including the makers of "The Hurt Locker," this year's Oscar winner for Best Picture. Since then, much of the porn industry has embraced the idea of suing individual file sharers. Porn impresario Larry Flynt has filed suit in Texas against people who illegally shared Hustler's "This Ain't Avatar XXX." Third World Media, a maker of so-called fetish porn, has filed suits in West Virginia and California. And Vivid Entertainment, one of the best known and largest adult-film producers in the world, has hired Ken Ford, an attorney already in involved in four different copyright cases brought by pornographers. Ford told CNET yesterday that he will file a suit on the studio's behalf within the next two weeks. Cindy Cohn, legal director for the Electronic Frontier Foundation, was sent a copy of the CEG contract by CNET yesterday. She cautioned it wasn't entirely clear what the debt collectors would be asked to do, but she called some of the contract's wording "troubling." "All cases which do not entail a settlement of payments in full by the party who received the warning," the contract reads, "will be handed over to debt collection agencies immediately after the [expiration] of the allotted payment period for further extra judicial recovery (debt collection)." Translation: the line suggests that once a person accused of pirating a movie declines to settle, his or her case will be handed over to debt collectors. There's no mention of first winning a court judgment. This hardball approach isn't how most attorneys representing copyright owners operate. Instead, they typically collect the Internet Protocol addresses belonging to thousands of people they say illegally shared their films on P2P networks and then file suits against them in federal court. Since at that point the lawyers only know the accused person's IP address, in the suits the defendants are listed as "John Does." To obtain the name, the copyright owners request that the court issue subpoenas to each defendant's Internet service providers. After obtaining the names, the copyright owner contacts the accused person and offers to settle, typically for between $1,000 and $2,000. If the alleged file sharer refuses to settle, then some of the lawyers, including Dunlap and Ford, say they will name the person in a federal copyright complaint. To this point, neither of the attorneys has filed such a complaint. But those attorneys say that in such situations, there is no other legal way to obtain payment. Mark Litvack, the Motion Picture Association of America's former chief legal council for antipiracy, agreed. "You need a judgment before you can collect," Litvack said. "Otherwise you don't have a debt." The law is very specific about when and how lenders can collect a debt, said Vincent Howard, managing partner of the Anaheim, Calif., law firm Howard-Nassiri. His firm represents clients in cases of predatory lending and violations of the Fair Debt Collections Practice Act, the law designed to eliminate abusive practices in the collection of consumer debts. He questioned the language of the CEG contract. "It seems to me that sending in debt collectors there is premature because it assumes you have the judgment against the alleged defendant," Howard said. "But you have to prove your case in court first. These people may not have committed any violation. What would happen if this person pays and then after trial isn't found liable?" Just the introduction of debt collectors into the antipiracy discussion adds a new worry to those who illegally share movies. In the investigative piece by ABC News last month, the network focused on one agency employed by Bank of America that used racial slurs and foul language during calls to one African American who owed the bank $80. The man later won a $1 million judgment against the collections agency. Greg Sandoval covers media and digital entertainment for CNET News. He is a former reporter for The Washington Post and the Los Angeles Times. E-mail Greg, or follow him on Twitter at @sandoCNET. From rforno at infowarrior.org Sat Oct 23 08:50:43 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Oct 2010 09:50:43 -0400 Subject: [Infowarrior] - An Iraq Surge Vet on Wikileaks Message-ID: <121F9B42-4F96-4929-A3BF-B02E24A0B32C@infowarrior.org> Weekend Edition October 22 - 24, 2010 http://www.counterpunch.org/stieber10222010.html An Open Letter on the Needed Response to the Upcoming Wikileaks Report An Iraq Surge Vet on Wikileaks By JOSH STIEBER Dear members of the House Permanent Select Committee on Intelligence and other willing parties, This is an anticipatory letter aimed to advise you on your response and responsibility for the coming Wikileaks release, expected on October 23rd. Based on the White House?s response to the last leak about Afghanistan, the temptation seems strong to once again divert attention away from accountability. I write as a young veteran who once fully embraced the concept of a preemptive war to keep my fellow citizens safe and, as President Bush declared, because ?America is a friend to the people of Iraq.? I now hope to preempt your response to the information regarding that war in which I fought. When I learned in school about the design of the American system of government and all the noble qualities it represented, invading Iraq seemed to me, at the time, to be a surefire way to make the world a better place. On the front-lines however, I saw those very values that had so inspired me seldom put into practice. Despite claims of goodwill, infantry training left my comrades and I desensitized; how could we scream ?Kill them all, let God sort them out? on a regular basis and still believe that we were caring for the oppressed people of Iraq? The glorious history I?d been taught--where colonists could no longer tolerate harsh British rule and revolted over taxes, lack of representation, quartering of homes, and other offenses--was turned on its head when we displaced Iraqi families from their homes to build an outpost. The will of the people?what a democracy is supposed to rest on?was brushed aside as we stormed past a peaceful protest where Iraqi men, women, and children had gathered, asking us not to occupy their neighborhood. Though many of those ideals have fallen, one American ideal that can still be shown, depending on how you react, is that of accountability. Our founding fathers established a system of checks and balances to keep decision makers accountable. However, there has been little accountability in the wars that my friends and I once thought represented everything that was noble about our country. Of course it highlights some of those qualities when investigations find soldiers who kill Afghans for sport; but if legislators, the media, and the American public had been paying attention to the testimonies of veterans, instances like these would be understood a systemic, perhaps extreme, but certainly not exceptional. While government statements may be able to divert the attention of U.S. media and public opinion, our national reputation continues to fade in the eyes of people who have been at both ends of the gun. Do you think an Afghan whose loved one was killed by mistake?perhaps the families of the seven children mistakenly killed by Task Force 373 on June 17, 2007 in the Khelof province(1) cares what Bradley Manning, accused leaker, said to a hacker? Do you think a soldier who was asked to betray his or her beliefs and conscience cares if Jullian Assange, Wikileaks founder, has a fierce temper? The coming leak about Iraq is your chance, your obligation to make up for what was largely ignored last time. For every question you ask of Manning and Assange and their characters, the much greater question needs to be asked of where the accountability in U.S. foreign policy has gone. Pentagon officials said there was blood on Assange?s hands over the last leak; can you back those claims? And how do you respond to the blood that has been needlessly spilled throughout the war? Just as you demand accountability for leakers, you owe accountability to those whose names these wars are carried out in. While you focus on only questioning the messengers, it seems highly likely that allies of the U.S. will question our priorities and honor, while our adversaries will be further assured that our noble claims of caring for humanity and wanting to save their countries is cheap rhetoric. Director of National Intelligence, James Clapper, griped that he "was ashamed to have to sit there and listen to the president express his great angst about the leaking that is going on here in this town." (2) I write on behalf of those around the world who are ashamed to have to listen to the President, along with military and political officials, express their great angst over leaks while seeming to ignore the realities of what those leaks reveal about the very nature of these wars. When you fail to take account for what has been done in our names, funded by our taxes, and fought by those who believe that the U.S. should represent something noble, we will search for and tell the truth; if you are ashamed by citizens practicing the accountability that our country was designed to demand, then that says more about you than about us. Please do something different; take accountability for these wars and the full truth about them. More specifically, please take account for what is detailed in both the Iraq and Afghanistan leaks by running the needed investigations, addressing the policies and practices that have gone unchecked, and beginning a much needed reconciliation process. If you need soldiers who are willing to collaborate what is detailed in the reports, I will be the first to step forward for this rounds of leaks. Veterans have been stepping forward, partnered with civilian allies, to tell the truth that the ?official story? chases away: Civilian Soldier Alliance. We have taken part in campaigns to prevent the deployment of troops traumatized by what they?ve been asked to do: Operation Recovery; we have partnered with organizations delivering aid on the ground in Iraq: Iraqi Health Now and have begun to repair the some of the damage that these leaks expose: IVAW Reparations . We are living out the care for humanity and personal responsibility that this nation prides itself on; we have a long way to go, and your participation, rather than dismissal, is highly needed. Thank you for your consideration, Josh Stieber, SPC, 2-16 Infantry Battalion, Combat Veteran Josh Stieber deployed in ?The Surge? from Feb 07-Apr 08. Assigned to a district near Sadr City in Baghdad, the Infantry Company that Stieber deployed with was shown in the Wikileaks? ?Collateral Murder? video release in Apr ?10. Stieber has shared his experiences on two cross countries tours and has met with elected representatives to inform them of the reality on the ground while trying to educate the public. Notes. 1. Wikileaks' Afghan/Iraq Logs: Searching for Accountability, Andrew Kennis, October 11, 2010 by Al Jazeera 2. U.S. rethinks intelligence sharing after leaks anger Obama, Eli Lake, The Washington Post, Oct 6, 2010 From rforno at infowarrior.org Sat Oct 23 08:53:27 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Oct 2010 09:53:27 -0400 Subject: [Infowarrior] - MySpace, Apps Leak User Data Message-ID: MySpace, Apps Leak User Data Site Sends Personal IDs When Ads Are Clicked, a Journal Investigation Finds http://online.wsj.com/article/SB10001424052702303738504575568460409331560.html From rforno at infowarrior.org Sat Oct 23 09:12:40 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Oct 2010 10:12:40 -0400 Subject: [Infowarrior] - =?windows-1252?q?=93It=92s_a_Book=94?= Message-ID: <51A987EB-1D2F-40C1-9E96-D096654CED95@infowarrior.org> Children?s Books iRead From ?It?s a Book? By ADAM GOPNIK Published: October 15, 2010 http://www.nytimes.com/2010/10/17/books/review/Gopnik-t.html In Lane Smith?s new book, called, simply, ?It?s a Book,? a mouse, a jackass and a monkey ? all drawn with the kind of early-?60s geometric-minded stylization that requires a gentle reminder of which animal is which on the title page ? discover a new thing. Flat and rectangular, with a hard cover and a soft, yielding inside, it baffles the jackass, while the behatted monkey tries patiently to explain its curious technology. ?Do you blog with it?? the jackass says. ?No, it?s a book,? the monkey explains. This only makes the donkey?s exasperation keener: Where?s the mouse? Does it need a password? Can you make the characters fight? Can it text, tweet, toot? No, none of that, the monkey explains, and then Monkey hands the book to Jackass, who takes it worriedly, like a nut too hard to crack. The book, it turns out, is ?Treasure Island,? though, wisely, this isn?t explicitly announced to the reader, but must be inferred from a quotation. (In the book?s single finest comic moment, the anxious jackass offers a reduced text-message version of the famous sequence he has just read: ?LJS: rrr! K? lol! JIM: : ( ! : )? Then, in a memorable two-page spread, sure to be especially cherished by parents, the jackass reads the thing. A clock runs above him, counting out the hours, and his ears and eyes, with wonderful caricatural economy, express first puzzlement, then absorption and at last the special quality of readerly happiness: a mind lost in a story. Those of us for whom books are a faith in themselves ? who find the notion that pixels, however ordered, could be any kind of substitute for the experience of reading in a chair with the strange thing spread open on our lap ? will love this book. Though it will surely draw a laugh from kids, it will give even more pleasure to parents who have been trying to make loudly the point that Smith?s book makes softly: that the virtues of a book are independent of any bells, whistles or animation it might be made to contain. That two-page spread of the jackass simply reading is the key moment in the story, and one of the nicest sequences in recent picture books. For in trying to make the case for books to our kids, exactly the case we want to make is not that they can compete with the virtues of computer or screens, but that they do something else: that they allow for a soulfulness the screens, with their jumpy impersonality, cannot duplicate ? any more than the movies can duplicate the intimate intensity of theater, or than the computer can reproduce the shared-hearth-in-living-room experience of television that we now, ironically, recall nostalgically. (?Would you please get off your computer and come and watch television with the rest of the family,? I?ve found myself calling out to my own plugged-in children.) The moral of Smith?s book is the right one: not that screens are bad and books are good, but that what books do depends on the totality of what they are ? their turning pages, their sturdy self- sufficiency, above all the way they invite a child to withdraw from this world into a world alongside ours in an activity at once mentally strenuous and physically still. The only flaw this gentle and pointed book contains, in truth, is a too-easy joke on the last page at the expense of the converted burro. But one can glide by the false note, or at least talk it over as it?s read ? after all, it?s a book. Adam Gopnik is a staff writer at The New Yorker and the author of a new book, ?The Steps Across the Water.? From rforno at infowarrior.org Sat Oct 23 09:31:16 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Oct 2010 10:31:16 -0400 Subject: [Infowarrior] - OpEd: The Way We Treat Our Troops Message-ID: October 22, 2010 The Way We Treat Our Troops By BOB HERBERT http://www.nytimes.com/2010/10/23/opinion/23herbert.html You can only hope that the very preliminary peace efforts in Afghanistan bear fruit before long. But for evidence that the United States is letting its claim to greatness, and even common decency, slip through its fingers, all you need to do is look at the way we treat our own troops. The idea that the United States is at war and hardly any of its citizens are paying attention to the terrible burden being shouldered by its men and women in uniform is beyond appalling. We can get fired up about Lady Gaga and the Tea Party crackpots. We?re into fantasy football, the baseball playoffs and our obsessively narcissistic tweets. But American soldiers fighting and dying in a foreign land? That is such a yawn. I would bring back the draft in a heartbeat. Then you wouldn?t have these wars that last a lifetime. And you wouldn?t get mind-bending tragedies like the death of Sgt. First Class Lance Vogeler, a 29-year-old who was killed a few weeks ago while serving in the Army in his 12th combat tour. That?s right, his 12th ? four in Iraq and eight in Afghanistan. Twelve tours may be unusual, but multiple tours ? three, four, five ? are absolutely normal. We don?t have enough volunteers to fight these endless wars. Americans are big on bumper stickers, and they like to go to sports events and demonstrate their patriotism by chanting, ?U-S-A! U-S-A!? But actually putting on a uniform and going into harm?s way? No thanks. Sergeant Vogeler was married and the father of two children, and his wife was expecting their third. It?s a quaint notion, but true: with wars come responsibilities. The meat grinder of war takes its toll in so many ways, and we should be paying close attention to all aspects of it. Instead, we send our service members off to war, and once they?re gone, it?s out of sight, out of mind. If we were interested, we might notice that record numbers of soldiers are killing themselves. At least 125 committed suicide through August of this year, an awful pace that if continued would surpass last year?s all-time high of 162. Stressed-out, depressed and despondent soldiers are seeking help for their mental difficulties at a rate that is overwhelming the capacity of available professionals. And you can bet that there are even higher numbers of troubled service members who are not seeking help. In the war zones, we medicate the troubled troops and send them right back into action, loading them up with antidepressants, sleeping pills, anti-anxiety drugs and lord knows what other kinds of medication. One of the things we have long known about warfare is that the trouble follows the troops home. The Times published an article this week by Aaron Glantz, a reporter with The Bay Citizen news organization in San Francisco, that focused on the extraordinary surge of fatalities among Afghanistan and Iraq veterans. These young people died, wrote Mr. Glantz, ?not just as a result of suicide, but also of vehicle accidents, motorcycle crashes, drug overdoses or other causes after being discharged from the military.? An analysis of official death certificates showed that, from 2005 through 2008, more than 1,000 California veterans under the age of 35 had died. That?s three times the number of service members from California who were killed in Afghanistan and Iraq during the same period. Veterans of the two wars were two-and-a-half times as likely to commit suicide as people the same age with no military service. ?They were twice as likely,? Mr. Glantz reported, ?to die in a vehicle accident, and five-and-a-half times as likely to die in a motorcycle accident.? The torment that wars put people through is not something that can be turned on and off like a switch. It?s a potentially deadly burden that demands attention and care. People shouldn?t be exposed to it if there is any possible alternative. The wars in Afghanistan and Iraq have been world-class fiascos. To continue them without taking serious account of the horrors being endured by our troops and their families is just wrong. The war in Afghanistan, the longest in our history, began on Oct. 7, 2001. It?s now in its 10th year. After all this time and all the blood shed and lives lost, it?s still not clear what we?re doing. Osama bin Laden hasn?t been found. The Afghan Army can?t stand on its own. Our ally in Pakistan can?t be trusted, and our man in Kabul is, at best, flaky. A good and humane society would not keep sending its young people into that caldron. Shakespeare tells us to ?be not afraid of greatness.? At the moment, we are acting like we?re terrified. From rforno at infowarrior.org Sat Oct 23 09:34:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Oct 2010 10:34:02 -0400 Subject: [Infowarrior] - Apple dumps Flash from Mac OS X Message-ID: <4E1850B3-33B1-4742-9804-E6A87818D6BA@infowarrior.org> Apple dumps Flash from Mac OS X New Macs come without Adobe's Flash, leaving users to install the software and security updates themselves Gregg Keizer October 22, 2010 (Computerworld) http://www.computerworld.com/s/article/9192699/Apple_dumps_Flash_from_Mac_OS_X Apple will stop bundling Adobe's Flash with Mac OS X, the company confirmed Friday. The new MacBook Air, which debuted earlier in the week, is the first Flash-less system from Apple. Other systems will follow suit as the company clears out inventory of Mac desktops and notebooks that include Flash. Mac users will still be able to install Flash themselves, and Apple has done nothing to block Flash from running. "We're happy to continue to support Flash on the Mac, and the best way for users to always have the most up to date and secure version is to download it directly from Adobe," Apple spokesman Bill Evans said in reply to questions on Friday. The move also puts an end to Apple supplying Flash security updates to Mac OS X users as part of the operating system's patch process. Instead, users will have to know about, locate, download and install those fixes themselves. That's not smart, said Andrew Storms, director of security operations at nCircle Security. "What Apple is doing is separating themselves from the security community," said Storms, who didn't cotton to Apple's decision. "Users, who are likely running an outdated version, typically don't even know when Adobe issues patches." "I just don't see the upside of this. Apple's not helping out," Storms said. In the absence of Apple patching Flash, Adobe said Mac users were on their own for now. "Adobe recommends that users download the most up to date version of Adobe Flash Player from Adobe.com," a spokeswoman said. She urged Mac users to regularly monitor Adobe's security blog, which posts news of impending and available Flash updates, or subscribe to its RSS feed to stay atop fixes. Adobe plans to produce an auto-update notification feature in a future release of Flash Player for the Mac, but declined to set a release date. The feature would be similar to what's now offered to Windows users. People running Mozilla's Firefox or Google's Chrome will have an edge during the interim. Firefox, for example, includes a plug-in checker that detects out-of-date add-ons, including Flash Player, and provides a link to Adobe's download site. Chrome, meanwhile, automatically upgrades Flash Player in the background. While Evans made no mention of Apple's anti-Flash stance, Storms saw the decision as another example of the rocky relationship between Apple and Adobe over the technology. "Apple's trying to separate themselves even further from Flash," Storms said. "Microsoft doesn't update Flash either, but they seem more interested in working with vendors than Apple. Adobe is a good example." Microsoft last bundled Flash Player with the nine-year-old Windows XP. Windows Vista and Windows 7 do not include a pre-installed version of Adobe's player program. However, Microsoft and Adobe collaborate on security, Storms argued, pointing to the latter's July announcement to join the Microsoft Active Protections Program (MAPP), which gives select security companies early warning on upcoming patches. Adobe has also adopted a version of Microsoft's Software Development Lifecycle (SDL), a program designed to bake security awareness into products, and picked Microsoft developers' brains to create the "sandbox" technology, slated to show up in Reader next month. Storms, who in the past has criticized Apple for patching Flash months after the same fixes were available for Windows, wondered why the company singled out Adobe's software. "If they're going to say they're doing it so that users have the most up-to-date versions, then they should stop issuing patches for every other third-party application in Mac OS X," Storms said. Apple and Adobe have been at loggerheads over Flash ever since the former refused to allow the popular technology on its iPhone. The dispute has been heated this year, as the two companies traded blows over Flash content on Apple's iOS mobile operating system, with CEO Steve Jobs trashing Flash in an April public missive and the co-chairs of Adobe's board of directors accusing Apple of undermining the Web in mid-May. Today, Adobe declined to comment on why Apple pulled Flash, or whether Apple had given it advanced warning. "In terms of why Apple will no longer provide the latest updates, we need to defer to Apple," the Adobe spokeswoman said. "Generally speaking, Adobe is eager to work with anyone who can help our users stay up to date." Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is gkeizer at computerworld.com. From rforno at infowarrior.org Sun Oct 24 09:00:17 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Oct 2010 10:00:17 -0400 Subject: [Infowarrior] - OT: What Happened to Change We Can Believe In? Message-ID: <9FF83F21-79C7-4B56-91D0-966933316201@infowarrior.org> October 23, 2010 What Happened to Change We Can Believe In? By FRANK RICH http://www.nytimes.com/2010/10/24/opinion/24rich.html PRESIDENT Obama, the Rodney Dangerfield of 2010, gets no respect for averting another Great Depression, for saving 3.3 million jobs with stimulus spending, or for salvaging GM and Chrysler from the junkyard. And none of these good deeds, no matter how substantial, will go unpunished if the projected Democratic bloodbath materializes on Election Day. Some are even going unremembered. For Obama, the ultimate indignity is the Times/CBS News poll in September showing that only 8 percent of Americans know that he gave 95 percent of American taxpayers a tax cut. The reasons for his failure to reap credit for any economic accomplishments are a catechism by now: the dark cloud cast by undiminished unemployment, the relentless disinformation campaign of his political opponents, and the White House?s surprising ineptitude at selling its own achievements. But the most relentless drag on a chief executive who promised change we can believe in is even more ominous. It?s the country?s fatalistic sense that the stacked economic order that gave us the Great Recession remains not just in place but more entrenched and powerful than ever. No matter how much Obama talks about his ?tough? new financial regulatory reforms or offers rote condemnations of Wall Street greed, few believe there?s been real change. That?s not just because so many have lost their jobs, their savings and their homes. It?s also because so many know that the loftiest perpetrators of this national devastation got get-out-of-jail-free cards, that too-big-to-fail banks have grown bigger and that the rich are still the only Americans getting richer. This intractable status quo is being rubbed in our faces daily during the pre-election sprint by revelations of the latest banking industry outrage, its disregard for the rule of law as it cut every corner to process an avalanche of foreclosures. Clearly, these financial institutions have learned nothing in the few years since their contempt for fiscal and legal niceties led them to peddle these predatory mortgages (and the reckless financial ?products? concocted from them) in the first place. And why should they have learned anything? They?ve often been rewarded, not punished, for bad behavior. The latest example is Angelo Mozilo, the former chief executive of Countrywide and the godfather of subprime mortgages. On the eve of his trial 10 days ago, he settled Securities and Exchange Commission charges for $67.5 million, $20 million of which will be footed by what remains of Countrywide in its present iteration at Bank of America. Even if he paid the whole sum himself, it would still be a small fraction of the $521 million he collected in compensation as he pursued his gambling spree from 2000 until 2008. A particularly egregious chunk of that take was the $140 million he pocketed by dumping Countrywide shares in 2006-7. It was a chapter right out of Kenneth Lay?s Enron playbook: Mozilo reassured shareholders that all was peachy even as his private e-mail was awash in panic over the ?toxic? mortgages bringing Countrywide (and the country) to ruin. Lay, at least, was convicted by a jury and destined to decades in the slammer before his death. The much acclaimed new documentary about the global economic meltdown, ?Inside Job,? has it right. As its narrator, Matt Damon, intones, our country has been robbed by insiders who ?destroyed their own companies and plunged the world into crisis? ? and then ?walked away from the wreckage with their fortunes intact.? These insiders include Dick Fuld and four other executives at Lehman Brothers who ?got to keep all the money? (more than $1 billion) after Lehman went bankrupt. And of course Robert Rubin, who encouraged Citigroup to step up its investment in high-risk bets like Countrywide?s mortgage-backed securities. Rubin, now back as a rainmaker on Wall Street, collected more than $115million in compensation during roughly the same period Mozilo ?earned? his half a billion. Citi, which required a $45 billion taxpayers? bailout, recently secured its own slap-on-the-wrist S.E.C. settlement ? at $75 million, less than Rubin?s earnings and less than its 2003 penalty ($101 million) for its role in hiding Enron profits. It should pain the White House that its departing economic guru, the Rubin prot?g? Lawrence Summers, is an even bigger heavy in ?Inside Job? than in the hit movie of election season, ?The Social Network.? Summers ? like the former Goldman Sachs chief executive and Bush Treasury secretary Hank Paulson ? is portrayed as just the latest in a procession of policy makers who keep rotating in and out of government and the financial industry, almost always to that industry?s advantage. As the star economist Nouriel Roubini tells the filmmaker, Charles Ferguson, the financial sector on Wall Street has ?step by step captured the political system? on ?the Democratic and the Republican side? alike. But it would be wrong to single out Summers or any individual official for the Obama administration?s image of being lax in pursuing finance?s bad actors. This tone is set at the top. Asked in ?Inside Job? why there?s been no systematic investigation of the 2008 crash, Roubini answers: ?Because then you?d find the culprits.? With the aid of the ?Manhattan Madam? (and current stunt New York gubernatorial candidate) Kristin Davis, the film also asks why federal prosecutors who were ?perfectly happy to use Eliot Spitzer?s personal vices to force him to resign in 2008? have not used rampant sex-and-drug trade on Wall Street as a tool for flipping witnesses to pursue the culprits behind the financial crimes that devastated the nation. The Obama administration seems not to have a prosecutorial gene. It?s shy about calling a fraud a fraud when it occurs in high finance. This caution was exemplified most recently by the secretary of housing and urban development, Shaun Donovan, whose response to the public outcry over the banks? foreclosure shenanigans was to take to The Huffington Post last weekend. ?The notion that many of the very same institutions that helped cause this housing crisis may well be making it worse is not only frustrating ? it?s shameful,? he wrote. Well, yes! Obama couldn?t have said it more eloquently himself. But with all due respect to Secretary Donovan?s blogging finesse, he wasn?t promising action. He was just stroking the liberal base while the administration once again punted. In our new banking scandal, as in those before it, attorneys general in the states, where many pension funds were decimated by Wall Street Ponzi schemes, are pursuing the crimes Washington has not. The largest bill of reparations paid out by Bank of America for Countrywide?s deceptive mortgage practices ? $8.4 billion ? was to settle a suit by 11 state attorneys general on the warpath. Since Obama has neither aggressively pursued the crash?s con men nor compellingly explained how they gamed the system, he sometimes looks as if he?s fronting for the industry even if he?s not. Voters are not only failing to give the White House credit for its economic successes but finding it guilty of transgressions it didn?t commit. The opposition is more than happy to pump up that confusion. When Mitch McConnell appeared on ABC?s ?This Week? last month, he typically railed against the ?extreme? government of ?the last year and a half,? citing its takeover of banks as his first example. That this was utter fiction ? the takeover took place two years ago, before Obama was president, with McConnell voting for it ? went unchallenged by his questioner, Christiane Amanpour, and probably by many viewers inured to this big lie. The real tragedy here, though, is not whatever happens in midterm elections. It?s the long-term prognosis for America. The obscene income inequality bequeathed by the three-decade rise of the financial industry has societal consequences graver than even the fundamental economic unfairness. When we reward financial engineers infinitely more than actual engineers, we ?lure our most talented graduates to the largely unproductive chase? for Wall Street riches, as the economist Robert H. Frank wrote in The Times last weekend. Worse, Frank added, the continued squeeze on the middle class leads to a wholesale decline in the quality of American life ? from more bankruptcy filings and divorces to a collapse in public services, whether road repair or education, that taxpayers will no longer support. Even as the G.O.P. benefits from unlimited corporate campaign money, it?s pulling off the remarkable feat of persuading a large swath of anxious voters that it will lead a populist charge against the rulers of our economic pyramid ? the banks, energy companies, insurance giants and other special interests underwriting its own candidates. Should those forces prevail, an America that still hasn?t remotely recovered from the worst hard times in 70 years will end up handing over even more power to those who greased the skids. We can blame much of this turn of events on the deep pockets of oil billionaires like the Koch brothers and on the Supreme Court?s Citizens United decision, which freed corporations to try to buy any election they choose. But the Obama White House is hardly innocent. Its failure to hold the bust?s malefactors accountable has helped turn what should have been a clear-cut choice on Nov. 2 into a blurry contest between the party of big corporations and the party of business as usual. From rforno at infowarrior.org Sun Oct 24 09:03:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Oct 2010 10:03:05 -0400 Subject: [Infowarrior] - Scanners at JFK; Big Sis doesn't volunteer to demo Message-ID: <12FA26D6-4F4A-4D2E-9159-19E54B81A416@infowarrior.org> Body scanners unveiled at JFK Airport; Homeland Security Sect. Janet Napolitano doesn't volunteer BY Christina Boyle DAILY NEWS STAFF WRITER Friday, October 22nd 2010, 6:07 PM http://www.nydailynews.com/ny_local/2010/10/22/2010-10-22_body_scanners_unveiled_at_jfk_airport_homeland_security_sect_janet_napolitano_do.html Airline passengers might want to consider a trip to the gym before heading to the airport now that high-tech body scanners have been unveiled at Kennedy Airport. Department of Homeland Security Secretary Janet Napolitano yesterday hailed them as an important breakthrough for airport security and the fight against terrorism. Yet when it came to testing the devices - which produce chalky, naked X-ray images of passengers - she turned the floor over to some brave volunteers. "These machines represent an important way to stay ahead of the ever-evolving threat that faces the aviation industry," Napolitano said. About 300 of the Advanced Imaging Technology (AIT) machines are operational already at 62 airports across the country, and 450 will be in place by the end of the year, officials said. JFK will have a "substantial" number, but officials would not reveal the exact figure. Machines will be installed at Newark and LaGuardia airports within weeks. The machines work by projecting low-level X-ray beams at the passenger's body to produce an image. Any nonmetal objects hidden on the passenger's body that wouldn't be detected by the old-style scanners are easily spotted. Going through one is optional for all travelers, but Napolitano hoped to ease any fears that airport staff would use them to leer at passengers. "Those who read the images are not actually physically at the gate, so they cannot associate an image with an individual person at all," she said. "And the machines are set so that no image is retained." cboyle at nydailynews.com From rforno at infowarrior.org Sun Oct 24 09:08:51 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Oct 2010 10:08:51 -0400 Subject: [Infowarrior] - =?windows-1252?q?Just_Because_Google_Exists_Doesn?= =?windows-1252?q?=92t_Mean_You_Should_Stop_Asking_People_Things?= Message-ID: <4A3DD610-4DFA-44CB-B10E-AE5B49E7E111@infowarrior.org> Just Because Google Exists Doesn?t Mean You Should Stop Asking People Things Alexia Tsotsis http://techcrunch.com/2010/10/23/google-vs-humans/ If you spend any amount of time online you?re probably very familiar with the above website, ?Let Me Google That For You.? LMGTFY is a super smug and hilarious site built for those sick of ?all those people that find it more convenient to bother you with their question rather than google it for themselves.? As all of us know, it is super annoying when your co-worker or worse boss sends you an email (!) asking an easily google-able question, therefore making you google the answer to send back and wasting your and their precious time. Granted. The issue is, just like cell phones have made it easier to forget phone numbers, ?google? as verb is now a replacement for the word and action ?think.? The search engine has become such a stand-in repository for human knowledge that it has, among other things, compromised the entire genre of games based on trivia. Consider the example of how Google put an end to the ?Phone A Friend? lifeline on ?Who Wants To Be A Millionaire?; ?Because of Google,? Mecurio said. ?Everyone would call their friend and the friend would start Googling to get the answer. The contestant would be like, ?Hey Joe, aspirin. A-S-P-I-R-I-N.? We could hear them typing on their keyboard!? Google has basically become an extension of our brain, the epitome of Steve Jobs? ?bicycle for our minds.? Twice this week I have asked questions that would be better suited to a human rather than an search engine algorithm and both times I?ve been met with a ?just Google it?-esque response. One of those inquiries was about directions to a local restaurant and the Google Maps walking directions and the directions I needed to get there safely while walking and biking were two very different things (yes, I know about Google Biking directions, still unavailable on the iPhone). I ended up getting lost in the rain because in the mist I couldn?t see the very narrow bridge across the 101 freeway that the Google Maps directions indicated. Google is not omniscient. It doesn?t understand that the shouting coming from next door is probably a faster and more importantly more viscerally satisfying indicator of whether the SF Giants just won the NL Championship Series than any keywords I could search. There are countless examples of ?Google fail? (available, yes, through Google) that are constant reminders of how the service cannot account for all the intricacies and subtleties of the human experience. And while it?s great to have access to an index of the largest compilation of information humanity has ever seen at my literal fingertips, I?m going to continue to ask people things like, ?What?s the best place to get pizza in San Francisco?? or ?How do you complete this function on Excel?,? even if it is on forums like Quora. How do you think Google got all that information in the first place? From rforno at infowarrior.org Sun Oct 24 10:54:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Oct 2010 11:54:55 -0400 Subject: [Infowarrior] - UK: Cyber Security Test Range Opens In Hampshire Message-ID: <5F4AAF3B-DFF5-409E-AD9B-5A6ED76E0FEC@infowarrior.org> Cyber Security Test Range Opens In Hampshire A cyber security test range, where institutions can test their own networks and infrastructure against hackers and viruses, has opened in Hampshire Tom Jowitt October 22, 2010 http://www.eweekeurope.co.uk/news/cyber-security-test-range-opens-in-hampshire-10833 Businesses, banks and utilities now have somewhere where they can test their own networks and infrastructure against a co-ordinated cyber attack, but in a safe and controlled manner. The idea behind the ?first commercially available federated cyber test range in the UK?, which has now been formally opened by defence contractor Northrop Grumman Corp at its Fareham, Hampshire facility, is that organisations and management can use it to evaluate their resilience to cyber attacks. Attending the launch ceremony was Gerald Howarth MP, Minister for International Security Strategy at the Ministry of Defence. However other guests included Jean Valentine, one of the first operators of the bombe decryption device at Bletchley Park during the Second World War. Infrastructure Survivability ?The cyber range will be used for emulating large complex networks and for conducting cyber experiments and assessments of infrastructure survivability and assurance within a safe and controlled experimental environment to evaluate their resilience to cyber attacks,? said Northrop Grumman. Indeed, the UK cyber range has been designed to work with other cyber ranges anywhere in the world, so that large-scale experiments can be carried out ?beyond the scope of a single facility.? To this end, the UK range will be federated with the existing US cyber range and Internet research laboratory located in Northrop Grumman?s Cyberspace Solutions Centre (CSSC) in Maryland. ?One of the challenges for research into computer network operations and cyber security is experimentation and testing under controlled conditions,? said Dr Robert Brammer, vice president and chief technology officer for Northrop Grumman?s Information Systems Sector. ?We need a test platform that is large enough to provide realistic environments and flexible enough to create many scenarios without creating risk for Internet users.? Safe Experiments ?Because our cyber range is federated we are able to address this challenge on a larger scale than previously possible, creating a robust, safe experimental environment for emulating, attacking and evaluating large network operations and cyber security defence,? he added. ?A wide variety of host domains can be built and subjected to many types of both external and internal cyber exploits and the results recorded and analysed.? The UK cyber range will initially be used by Northrop Grumman in collaboration with BT, Oxford University (Said Business School), Warwick University (School of Engineering) and Imperial College (Electrical and Electronic Engineering) to conduct a series of experiments under the SATURN (Self-organising Adaptive Technology Under Resilient Networks) network defence research programme - a research project that aims to improve the resilience of the UK critical national infrastructure. Government Recognition The dangers posed by cyber attacks are now being officially recognised by UK authorities. For example the coalition government announced this week that ?650 million has been earmarked for a cyber security initiative. ?This money will significantly enhance our ability to detect and defend against cyber attacks and fix shortfalls in the critical cyber infrastructure on which the whole country now depends,? said Prime Minister David Cameron. And earlier this month the boss of GCHQ, the UK agency responsible for gathering intelligence, eavesdropping and breaking codes, warned that the UK is facing ?real and credible? threats from cyber attacks on its critical infrastructure. GCHQ director Ian Lobban said that government systems are targeted 1,000 times each month. He said that such attacks threatened Britain?s economic future and added some countries were already using cyber assaults to put pressure on other nations. ?Cyberspace is contested every day, every hour, every minute, every second,? he said. The Internet lowered ?the bar for entry to the espionage game,? he was quoted as saying by Reuters. One such example came recently from Symantec, when it said that early versions of Stuxnet were targeting industrial control systems. And in the UK, events like the Cyber Security Challenge, have been created to help create the necessary skills to fight cyber attacks. So far, this challenge has seen almost 4,000 people registering to take part. From rforno at infowarrior.org Sun Oct 24 13:01:50 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 24 Oct 2010 14:01:50 -0400 Subject: [Infowarrior] - iPhone Jailbreak Tool Sets Stage for Mobile Malware Message-ID: <0ED22E69-506F-4616-A7BD-5F32585A7108@infowarrior.org> iPhone Jailbreak Tool Sets Stage for Mobile Malware By Paul Roberts Created 10/23/2010 - 2:54am http://threatpost.com/en_us/print/7188 SAN DIEGO--The success of a group of hackers in compromising the security of Apple's iPhone may set the stage for more malware for the popular handset, including rootkit-style remote monitoring tools and data stealing malware. In a presentation at the ToorCon Hacking Conference here on Saturday, Eric Monti, a Senior Researcher at Trustwave's Spider Labs demonstrated how the same kind of vulnerabilities and exploits that allowed a team of hackers to "jailbreak" iPhones and iPads from Apple's content restrictions could be used to push rootkit-style malware onto those devices and intercept credit card data from an iPhone-based transaction. For his presentation, Monti designed a proof of concept iPhone rootkit, dubbed "Fat" by modifying the original jailbreakme code to create a stripped down remote monitoring application. "Fat" was an effort to learn from the work of the team that created jailbreak by "weaponizing" the code, Monti said in an interview with Threatpost. Among other things, the researcher removed system prompts created by the jailbreakme app and added a rootkit feature to remotely control such key iPhone features as the microphone, camera and geolocation services, as well as SMS, he said. The program is harmless and the vulnerabilities in question were patched by Apple in early August. However, Monti warns that more and more high value applications on the iPhone will increase the attractiveness of the platform for malicious parties, including banking and e-commerce. "There are lots of different applications for causing mayhem," Monti said. "We talking about some pretty sensitive apps: banking, credit card processing, point of sale, SCADA," he said. As an example, Monti used a free iPhone credit card transaction reader,"Square," on a rooted iPhone, showing how magnetic stripe data could be silently siphoned by the rootkit. Monti hopes the presentation will be a wakeup call to enterprises that don't yet see iPhone devices as serious threats. "These devices are just as complicated as desktops and laptops or server - and that's before you ship a point of sale application on it," he said. The biggest threat posed by mobile phones may be the false sense of security that users and enterprises have about mobile device security. The amount of malware targeting such devices is small, but mobile platforms like IOS and Android are more similar to their progenitors (OS X and Linux) than they are different. "The resources are there for attackers," Monti said. As a result, malware and attacks for mobile systems will overlap with those for the original OS, rather than run along parallel paths. And, as third parties introduce more sensitive applications for mobile devices, intererest from the malicious hacking community will increase. From rforno at infowarrior.org Mon Oct 25 08:42:57 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Oct 2010 09:42:57 -0400 Subject: [Infowarrior] - Sy Hersh: The Online Threat Message-ID: Annals of National Security The Online Threat Should we be worried about a cyber war? by Seymour M. Hersh November 1, 2010 http://www.newyorker.com/reporting/2010/11/01/101101fa_fact_hersh On April 1, 2001, an American EP-3E Aries II reconnaissance plane on an eavesdropping mission collided with a Chinese interceptor jet over the South China Sea, triggering the first international crisis of George W. Bush?s Administration. The Chinese jet crashed, and its pilot was killed, but the pilot of the American aircraft, Navy Lieutenant Shane Osborn, managed to make an emergency landing at a Chinese F-8 fighter base on Hainan Island, fifteen miles from the mainland. Osborn later published a memoir, in which he described the ?incessant jackhammer vibration? as the plane fell eight thousand feet in thirty seconds, before he regained control. The plane carried twenty-four officers and enlisted men and women attached to the Naval Security Group Command, a field component of the National Security Agency. They were repatriated after eleven days; the plane stayed behind. The Pentagon told the press that the crew had followed its protocol, which called for the use of a fire axe, and even hot coffee, to disable the plane?s equipment and software. These included an operating system created and controlled by the N.S.A., and the drivers needed to monitor encrypted Chinese radar, voice, and electronic communications. It was more than two years before the Navy acknowledged that things had not gone so well. ?Compromise by the People?s Republic of China of undestroyed classified material . . . is highly probable and cannot be ruled out,? a Navy report issued in September, 2003, said. The loss was even more devastating than the 2003 report suggested, and its dimensions have still not been fully revealed. Retired Rear Admiral Eric McVadon, who flew patrols off the coast of Russia and served as a defense attach? in Beijing, told me that the radio reports from the aircraft indicated that essential electronic gear had been dealt with. He said that the crew of the EP-3E managed to erase the hard drive??zeroed it out??but did not destroy the hardware, which left data retrievable: ?No one took a hammer.? Worse, the electronics had recently been upgraded. ?Some might think it would not turn out as badly as it did, but I sat in some meetings about the intelligence cost,? McVadon said. ?It was grim.? The Navy?s experts didn?t believe that China was capable of reverse-engineering the plane?s N.S.A.-supplied operating system, estimated at between thirty and fifty million lines of computer code, according to a former senior intelligence official. Mastering it would give China a road map for decrypting the Navy?s classified intelligence and operational data. ?If the operating system was controlling what you?d expect on an intelligence aircraft, it would have a bunch of drivers to capture radar and telemetry,? Whitfield Diffie, a pioneer in the field of encryption, said. ?The plane was configured for what it wants to snoop, and the Chinese would want to know what we wanted to know about them?what we could intercept and they could not.? And over the next few years the U.S. intelligence community began to ?read the tells? that China had access to sensitive traffic. The U.S. realized the extent of its exposure only in late 2008. A few weeks after Barack Obama?s election, the Chinese began flooding a group of communications links known to be monitored by the N.S.A. with a barrage of intercepts, two Bush Administration national-security officials and the former senior intelligence official told me. The intercepts included details of planned American naval movements. The Chinese were apparently showing the U.S. their hand. (?The N.S.A. would ask, ?Can the Chinese be that good?? ? the former official told me. ?My response was that they only invented gunpowder in the tenth century and built the bomb in 1965. I?d say, ?Can you read Chinese?? We don?t even know the Chinese pictograph for ?Happy hour.? ?) Why would the Chinese reveal that they had access to American communications? One of the Bush national-security officials told me that some of the aides then working for Vice-President Dick Cheney believed?or wanted to believe?that the barrage was meant as a welcome to President Obama. It is also possible that the Chinese simply made a mistake, given the difficulty of operating surgically in the cyber world. Admiral Timothy J. Keating, who was then the head of the Pacific Command, convened a series of frantic meetings in Hawaii, according to a former C.I.A. official. In early 2009, Keating brought the issue to the new Obama Administration. If China had reverse-engineered the EP-3E?s operating system, all such systems in the Navy would have to be replaced, at a cost of hundreds of millions of dollars. After much discussion, several current and former officials said, this was done. (The Navy did not respond to a request for comment on the incident.) Admiral McVadon said that the loss prompted some black humor, with one Navy program officer quoted as saying, ?This is one hell of a way to go about getting a new operating system.? The EP-3E debacle fuelled a longstanding debate within the military and in the Obama Administration. Many military leaders view the Chinese penetration as a warning about present and future vulnerabilities?about the possibility that China, or some other nation, could use its expanding cyber skills to attack America?s civilian infrastructure and military complex. On the other side are those who argue for a civilian response to the threat, focussed on a wider use of encryption. They fear that an overreliance on the military will have adverse consequences for privacy and civil liberties. In May, after years of planning, the U.S. Cyber Command was officially activated, and took operational control of disparate cyber-security and attack units that had been scattered among the four military services. Its commander, Army General Keith Alexander, a career intelligence officer, has made it clear that he wants more access to e-mail, social networks, and the Internet to protect America and fight in what he sees as a new warfare domain?cyberspace. In the next few months, President Obama, who has publicly pledged that his Administration will protect openness and privacy on the Internet, will have to make choices that will have enormous consequences for the future of an ever-growing maze of new communication techniques: Will America?s networks be entrusted to civilians or to the military? Will cyber security be treated as a kind of war? Even as the full story of China?s EP-3E coup remained hidden, ?cyber war? was emerging as one of the nation?s most widely publicized national-security concerns. Early this year, Richard Clarke, a former White House national-security aide who warned about the threat from Al Qaeda before the September 11th attacks, published ?Cyber War,? an edgy account of America?s vulnerability to hackers, both state-sponsored and individual, especially from China. ?Since the late 1990s, China has systematically done all the things a nation would do if it contemplated having an offensive cyber war capability,? Clarke wrote. He forecast a world in which China might unleash havoc: Within a quarter of an hour, 157 major metropolitan areas have been thrown into knots by a nationwide power blackout hitting during rush hour. Poison gas clouds are wafting toward Wilmington and Houston. Refineries are burning up oil supplies in several cities. Subways have crashed in New York, Oakland, Washington, and Los Angeles. . . . Aircraft are literally falling out of the sky as a result of midair collisions across the country. . . . Several thousand Americans have already died. Retired Vice-Admiral J. Michael McConnell, Bush?s second director of National Intelligence, has issued similar warnings. ?The United States is fighting a cyber war today, and we are losing,? McConnell wrote earlier this year in the Washington Post. ?Our cyber-defenses are woefully lacking.? In February, in testimony before the Senate Commerce, Science, and Transportation Committee, he said, ?As a consequence of not mitigating the risk, we?re going to have a catastrophic event.? A great deal of money is at stake. Cyber security is a major growth industry, and warnings from Clarke, McConnell, and others have helped to create what has become a military-cyber complex. The federal government currently spends between six and seven billion dollars annually for unclassified cyber-security work, and, it is estimated, an equal amount on the classified portion. In July, the Washington Post published a critical assessment of the unchecked growth of government intelligence agencies and private contractors. Benjamin Powell, who served as general counsel for three directors of the Office of National Intelligence, was quoted as saying of the cyber-security sector, ?Sometimes there was an unfortunate attitude of bring your knives, your guns, your fists, and be fully prepared to defend your turf. . . . Because it?s funded, it?s hot and it?s sexy.? Clarke is the chairman of Good Harbor Consulting, a strategic-planning firm that advises governments and companies on cyber security and other issues. (He says that more than ninety per cent of his company?s revenue comes from non-cyber-related work.) McConnell is now an executive vice-president of Booz Allen Hamilton, a major defense contractor. Two months after McConnell testified before the Senate, Booz Allen Hamilton landed a thirty-four-million-dollar cyber contract. It included fourteen million dollars to build a bunker for the Pentagon?s new Cyber Command. American intelligence and security officials for the most part agree that the Chinese military, or, for that matter, an independent hacker, is theoretically capable of creating a degree of chaos inside America. But I was told by military, technical, and intelligence experts that these fears have been exaggerated, and are based on a fundamental confusion between cyber espionage and cyber war. Cyber espionage is the science of covertly capturing e-mail traffic, text messages, other electronic communications, and corporate data for the purpose of gathering national-security or commercial intelligence. Cyber war involves the penetration of foreign networks for the purpose of disrupting or dismantling those networks, and making them inoperable. (Some of those I spoke to made the point that China had demonstrated its mastery of cyber espionage in the EP-3E incident, but it did not make overt use of it to wage cyber war.) Blurring the distinction between cyber war and cyber espionage has been profitable for defense contractors?and dispiriting for privacy advocates. Clarke?s book, with its alarming vignettes, was praised by many reviewers. But it received much harsher treatment from writers in the technical press, who pointed out factual errors and faulty assumptions. For example, Clarke attributed a severe power outage in Brazil to a hacker; the evidence pointed to sooty insulators. The most common cyber-war scare scenarios involve America?s electrical grid. Even the most vigorous privacy advocate would not dispute the need to improve the safety of the power infrastructure, but there is no documented case of an electrical shutdown forced by a cyber attack. And the cartoonish view that a hacker pressing a button could cause the lights to go out across the country is simply wrong. There is no national power grid in the United States. There are more than a hundred publicly and privately owned power companies that operate their own lines, with separate computer systems and separate security arrangements. The companies have formed many regional grids, which means that an electrical supplier that found itself under cyber attack would be able to avail itself of power from nearby systems. Decentralization, which alarms security experts like Clarke and many in the military, can also protect networks. In July, there were reports that a computer worm, known as Stuxnet, had infected thousands of computers worldwide. Victims, most of whom were unharmed, were able to overcome the attacks, although it sometimes took hours or days to even notice them. Some of the computers were inside the Bushehr nuclear-energy plant, in Iran, and this led to speculation that Israel or the United States might have developed the virus. A Pentagon adviser on information warfare told me that it could have been an attempted ?semantic attack,? in which the virus or worm is designed to fool its victim into thinking that its computer systems are functioning properly, when in fact they are not, and may not have been for some time. (This month, Microsoft, whose Windows operating systems were the main target of Stuxnet, completed a lengthy security fix, or patch.) If Stuxnet was aimed specifically at Bushehr, it exhibited one of the weaknesses of cyber attacks: they are difficult to target and also to contain. India and China were both hit harder than Iran, and the virus could easily have spread in a different direction, and hit Israel itself. Again, the very openness of the Internet serves as a deterrent against the use of cyber weapons. Bruce Schneier, a computer scientist who publishes a widely read blog on cyber security, told me that he didn?t know whether Stuxnet posed a new threat. ?There?s certainly no actual evidence that the worm is targeted against Iran or anybody,? he said in an e-mail. ?On the other hand, it?s very well designed and well written.? The real hazard of Stuxnet, he added, might be that it was ?great for those who want to believe cyber war is here. It is going to be harder than ever to hold off the military.? A defense contractor who is regarded as one of America?s most knowledgeable experts on Chinese military and cyber capabilities took exception to the phrase ?cyber war.? ?Yes, the Chinese would love to stick it to us,? the contractor told me. ?They would love to transfer economic and business innovation from West to East. But cyber espionage is not cyber war.? He added, ?People have been sloppy in their language. McConnell and Clarke have been pushing cyber war, but their evidentiary basis is weak.? James Lewis, a senior fellow at the Center for Strategic and International Studies, who worked for the Departments of State and Commerce in the Clinton Administration, has written extensively on the huge economic costs due to cyber espionage from China and other countries, like Russia, whose hackers are closely linked to organized crime. Lewis, too, made a distinction between this and cyber war: ?Current Chinese officials have told me that we?re not going to attack Wall Street, because we basically own it??a reference to China?s holdings of nearly a trillion dollars in American securities??and a cyber-war attack would do as much economic harm to us as to you.? Nonetheless, China ?is in full economic attack? inside the United States, Lewis says. ?Some of it is economic espionage that we know and understand. Some of it is like the Wild West. Everybody is pirating from everybody else. The U.S.?s problem is what to do about it. I believe we have to begin by thinking about it??the Chinese cyber threat??as a trade issue that we have not dealt with.? The bureaucratic battle between the military and civilian agencies over cyber security?and the budget that comes with it?has made threat assessments more problematic. General Alexander, the head of Cyber Command, is also the director of the N.S.A., a double role that has caused some apprehension, particularly on the part of privacy advocates and civil libertarians. (The N.S.A. is formally part of the Department of Defense.) One of Alexander?s first goals was to make sure that the military would take the lead role in cyber security and in determining the future shape of computer networks. (A Department of Defense spokesman, in response to a request to comment on this story, said that the department ?continues to adhere to all laws, policies, directives, or regulations regarding cyberspace. The Department of Defense maintains strong commitments to protecting civil liberties and privacy.?) The Department of Homeland Security has nominal responsibility for the safety of America?s civilian and private infrastructure, but the military leadership believes that the D.H.S. does not have the resources to protect the electrical grids and other networks. (The department intends to hire a thousand more cyber-security staff members over the next three years.) This dispute became public when, in March, 2009, Rodney Beckstrom, the director of the D.H.S.?s National Cybersecurity Center, abruptly resigned. In a letter to Secretary Janet Napolitano, Beckstrom warned that the N.S.A. was effectively controlling her department?s cyber operations: ?While acknowledging the critical importance of N.S.A. to our intelligence efforts . . . the threats to our democratic processes are significant if all top level government network security and monitoring are handled by any one organization.? Beckstrom added that he had argued for civilian control of cyber security, ?which interfaces with, but is not controlled by, the N.S.A.? General Alexander has done little to reassure critics about the N.S.A.?s growing role. In the public portion of his confirmation hearing, in April, before the Senate Armed Services Committee, he complained of a ?mismatch between our technical capabilities to conduct operations and the governing laws and policies.? Alexander later addressed a controversial area: when to use conventional armed forces to respond to, or even pre?mpt, a network attack. He told the senators that one problem for Cyber Command would be to formulate a response based on nothing more than a rough judgment about a hacker?s intent. ?What?s his game plan? Does he have one?? he said. ?These are tough issues, especially when attribution and neutrality are brought in, and when trying to figure out what?s come in.? At this point, he said, he did not have ?the authority . . . to reach out into a neutral country and do an attack. And therein lies the complication. . . . What do you do to take that second step?? Making the same argument, William J. Lynn III, the Deputy Secretary of Defense, published an essay this fall in Foreign Affairs in which he wrote of applying the N.S.A.?s ?defense capabilities beyond the ?.gov? domain,? and asserted, ?As a doctrinal matter, the Pentagon has formally recognized cyberspace as a new domain of warfare.? This definition raises questions about where the battlefield begins and where it ends. If the military is operating in ?cyberspace,? does that include civilian computers in American homes? Lynn also alluded to a previously classified incident, in 2008, in which some N.S.A. unit commanders, facing penetration of their bases? secure networks, concluded that the break-in was caused by a disabling thumb drive; Lynn said that it had been corrupted by ?a foreign intelligence agency.? (According to press reports, the program was just as likely to be the product of hackers as that of a government.) Lynn termed it a ?wakeup call? and a ?turning point in U.S. cyber defense strategy.? He compared the present moment to the day in 1939 when President Franklin D. Roosevelt got a letter from Albert Einstein about the possibility of atomic warfare. But Lynn didn?t mention one key element in the commanders? response: they ordered all ports on the computers on their bases to be sealed with liquid cement. Such a demand would be a tough sell in the civilian realm. (And a Pentagon adviser suggested that many military computer operators had simply ignored the order.) A senior official in the Department of Homeland Security told me, ?Every time the N.S.A. gets involved in domestic security, there?s a hue and cry from people in the privacy world.? He said, though, that co?peration between the military and civilians had increased. (The Department of Homeland Security recently signed a memorandum with the Pentagon that gives the military authority to operate inside the United States in case of cyber attack.) ?We need the N.S.A., but the question we have is how to work with them and still say and demonstrate that we are in charge in the areas for which we are responsible.? This official, like many I spoke to, portrayed the talk about cyber war as a bureaucratic effort ?to raise the alarm? and garner support for an increased Defense Department role in the protection of private infrastructure. He said, ?You hear about cyber war all over town. This??he mentioned statements by Clarke and others??is being done to mobilize a political effort. We always turn to war analogies to mobilize the people.? In theory, the fight over whether the Pentagon or civilian agencies should be in charge of cyber security should be mediated by President Obama?s co?rdinator for cyber security, Howard Schmidt?the cyber czar. But Schmidt has done little to assert his authority. He has no independent budget control and in a crisis would be at the mercy of those with more assets, such as General Alexander. He was not the Administration?s first choice for the cyber-czar job?reportedly, several people turned it down. The Pentagon adviser on information warfare, in an e-mail that described the lack of an over-all policy and the ?cyber-pillage? of intellectual property, added the sort of dismissive comment that I heard from others: ?It?s ironic that all this goes on under the nose of our first cyber President. . . . Maybe he should have picked a cyber czar with more than a mail-order degree.? (Schmidt?s bachelor?s and master?s degrees are from the University of Phoenix.) Howard Schmidt doesn?t like the term ?cyber war.? ?The key point is that cyber war benefits no one,? Schmidt told me in an interview at the Old Executive Office Building. ?We need to focus on that fact. When people tell me that these guys or this government is going to take down the U.S. military with information warfare I say that, if you look at the history of conflicts, there?s always been the goal of intercepting the communications of combatants?whether it?s cutting down telephone poles or intercepting Morse-code signalling. We have people now who have found that warning about ?cyber war? has become an unlikely career path??an obvious reference to McConnell and Clarke. ?All of a sudden, they have become experts, and they get a lot of attention. ?War? is a big word, and the media is responsible for pushing this, too. Economic espionage on the Internet has been mischaracterized by people as cyber war.? Schmidt served in Vietnam, worked as a police officer for several years on a SWAT team in Arizona, and then specialized in computer-related crimes at the F.B.I. and in the Air Force?s investigative division. In 1997, he joined Microsoft, where he became chief of security, leaving after the 9/11 attacks to serve in the Bush Administration as a special adviser for cyber security. When Obama hired him, he was working as the head of security for eBay. When I asked him about the ongoing military-civilian dispute, Schmidt said, ?The middle way is not to give too much authority to one group or another and to make sure that we share information with each other.? Schmidt continued, ?We have to protect our infrastructure and our way of life, for sure. We do have vulnerabilities, and we do talk about worst-case scenarios? with the Pentagon and the Department of Homeland Security. ?You don?t see a looming war and just wait for it to come.? But, at the same time, ?we have to keep our shipping lanes open, to continue to do commerce, and to freely use the Internet.? How should the power grid be protected? It does remain far too easy for a sophisticated hacker to break into American networks. In 2008, the computers of both the Obama and the McCain campaigns were hacked. Suspicion fell on Chinese hackers. People routinely open e-mails with infected attachments, allowing hackers to ?enslave? their computers. Such machines, known as zombies, can be linked to create a ?botnet,? which can flood and effectively shut down a major system. Hackers are also capable of penetrating a major server, like Gmail. Guesses about the cost of cyber crime vary widely, but one survey, cited by President Obama in a speech in May, 2009, put the price at more than eight billion dollars in 2007 and 2008 combined. Obama added, referring to corporate cyber espionage, ?It?s been estimated that last year alone cyber criminals stole intellectual property from businesses worldwide worth up to one trillion dollars.? One solution is mandated encryption: the government would compel both corporations and individuals to install the most up-to-date protection tools. This option, in some form, has broad support in the technology community and among privacy advocates. In contrast, military and intelligence eavesdroppers have resisted nationwide encryption since 1976, when the Diffie-Hellman key exchange (an encryption tool co-developed by Whitfield Diffie) was invented, for the most obvious of reasons: it would hinder their ability to intercept signals. In this sense, the N.S.A.?s interests align with those of the hackers. John Arquilla, who has taught since 1993 at the U.S. Naval Postgraduate School in Monterey, California, writes in his book ?Worst Enemies,? ?We would all be far better off if virtually all civil, commercial, governmental, and military internet and web traffic were strongly encrypted.? Instead, many of those charged with security have adopted the view that ?cyberspace can be defended with virtual fortifications?basically the ?firewalls? that everyone knows about. . . . A kind of Maginot Line mentality prevails.? Arquilla added that America?s intelligence agencies and law-enforcement officials have consistently resisted encryption because of fears that a serious, widespread effort to secure data would interfere with their ability to electronically monitor and track would-be criminals or international terrorists. This hasn?t stopped sophisticated wrongdoers from, say, hiring hackers or encrypting files; it just leaves the public exposed, Arquilla writes. ?Today drug lords still enjoy secure internet and web communications, as do many in terror networks, while most Americans don?t.? Schmidt told me that he supports mandated encryption for the nation?s power and electrical infrastructure, though not beyond that. But, early last year, President Obama declined to support such a mandate, in part, Schmidt said, because of the costs it would entail for corporations. In addition to the setup expenses, sophisticated encryption systems involve a reliance on security cards and on constantly changing passwords, along with increased demands on employees and a ceding of control by executives to their security teams. General Alexander, meanwhile, has continued to press for more authority, and even for a separate Internet domain?another Maginot Line, perhaps. One morning in September, he told a group of journalists that the Cyber Command needed what he called ?a secure zone,? a separate space within the Internet to shelter the military and essential industries from cyber attacks. The secure zone would be kept under tight government control. He also assured the journalists, according to the Times, that ?we can protect civil liberties, privacy, and still do our mission.? The General was more skeptical about his ability to please privacy advocates when he testified, a few hours later, before the House Armed Services Committee: ?A lot of people bring up privacy and civil liberties. And then you say, ?Well, what specifically are you concerned about?? And they say, ?Well, privacy and civil liberties.? . . . Are you concerned that the anti-virus program that McAfee runs invades your privacy or civil liberties?? And the answer is ?No, no, no?but I?m worried that you would.? ? This summer, the Wall Street Journal reported that the N.S.A. had begun financing a secret surveillance program called Perfect Citizen to monitor attempted intrusions into the computer networks of private power companies. The program calls for the installation of government sensors in those networks to watch for unusual activity. The Journal noted that some companies expressed concerns about privacy, and said that what they needed instead was better guidance on what to do in case of a major cyber attack. The N.S.A. issued a rare public response, insisting that there was no ?monitoring activity? involved: ?We strictly adhere to both the spirit and the letter of U.S. laws and regulations.? A former N.S.A. operative I spoke to said, of Perfect Citizen, ?This would put the N.S.A. into the job of being able to watch over our national communications grid. If it was all dot-gov, I would have no problem with the sensors, but what if the private companies rely on Gmail or att.net to communicate? This could put the N.S.A. into every service provider in the country.? The N.S.A. has its own hackers. Many of them are based at a secret annex near Thurgood Marshall International Airport, outside Baltimore. (The airport used to be called Friendship Airport, and the annex is known to insiders as the FANX, for ?Friendship annex.?) There teams of attackers seek to penetrate the communications of both friendly and unfriendly governments, and teams of defenders monitor penetrations and attempted penetrations of U.S. systems. The former N.S.A. operative, who served as a senior watch officer at a major covert installation, told me that the N.S.A. obtained invaluable on-the-job training in cyber espionage during the attack on Iraq in 1991. Its techniques were perfected during the struggle in Kosovo in 1999 and, later, against Al Qaeda in Iraq. ?Whatever the Chinese can do to us, we can do better,? the technician said. ?Our offensive cyber capabilities are far more advanced.? Nonetheless, Marc Rotenberg, the president of the Electronic Privacy Information Center and a leading privacy advocate, argues that the N.S.A. is simply not competent enough to take a leadership role in cyber security. ?Let?s put the issue of privacy of communications aside,? Rotenberg, a former Senate aide who has testified often before Congress on encryption policy and consumer protection, said. ?The question is: Do you want an agency that spies with mixed success to be responsible for securing the nation?s security? If you do, that?s crazy.? Nearly two decades ago, the Clinton Administration, under pressure from the N.S.A., said that it would permit encryption-equipped computers to be exported only if their American manufacturers agreed to install a government-approved chip, known as the Clipper Chip, in each one. It was subsequently revealed that the Clipper Chip would enable law-enforcement officials to have access to data in the computers. The ensuing privacy row embarrassed Clinton, and the encryption-equipped computers were permitted to be exported without the chip, in what amounted to a rebuke to the N.S.A. That history may be repeating itself. The Obama Administration is now planning to seek broad new legislation that would enable national-security and law-enforcement officials to police online communications. The legislation, similar to that sought two decades ago in the Clipper Chip debate, would require manufacturers of equipment such as the BlackBerry, and all domestic and foreign purveyors of communications, such as Skype, to develop technology that would allow the federal government to intercept and decode traffic. ?The lesson of Clipper is that the N.S.A. is really not good at what it does, and its desire to eavesdrop overwhelms its ability to protect, and puts at risk U.S. security,? Rotenberg said. ?The N.S.A. wants security, sure, but it also wants to get to capture as much as it can. Its view is you can get great security as long as you listen in.? Rotenberg added, ?General Alexander is not interested in communication privacy. He?s not pushing for encryption. He wants to learn more about people who are on the Internet??to get access to the original internal protocol, or I.P., addresses identifying the computers sending e-mail messages. ?Alexander wants user I.D. He wants to know who you are talking to.? Rotenberg concedes that the government has a role to play in the cyber world. ?We privacy guys want strong encryption for the security of America?s infrastructure,? he said. He also supports Howard Schmidt in his willingness to mandate encryption for the few industries whose disruption could lead to chaos. ?Howard is trying to provide a reasoned debate on an important issue.? Whitfield Diffie, the encryption pioneer, offered a different note of skepticism in an e-mail to me: ?It would be easy to write a rule mandating encryption but hard to do it in such a way as to get good results. To make encryption effective, someone has to manage and maintain the systems (the way N.S.A. does for D.O.D. and, to a lesser extent, other parts of government). I think that what is needed is more by way of standards, guidance, etc., that would make it easier for industry to implement encryption without making more trouble for itself than it saves.? More broadly, Diffie wrote, ?I am not convinced that lack of encryption is the primary problem. The problem with the Internet is that it is meant for communications among non-friends.? What about China? Does it pose such a threat that, on its own, it justifies putting cyber security on a war footing? The U.S. has long viewed China as a strategic military threat, and as a potential adversary in the sixty-year dispute over Taiwan. Contingency plans dating back to the Cold War include calls for an American military response, led by a Navy carrier group, if a Chinese fleet sails into the Taiwan Strait. ?They?ll want to stop our carriers from coming, and they will throw whatever they have in cyber war?everything but the kitchen sink?to blind us, or slow our fleet down,? Admiral McVadon, the retired defense attach?, said. ?Our fear is that the Chinese may think that cyber war will work, but it may not. And that?s a danger because it??a test of cyber warfare??could lead to a bigger war.? However, the prospect of a naval battle for Taiwan and its escalation into a cyber attack on America?s domestic infrastructure is remote. Jonathan Pollack, an expert on the Chinese military who teaches at the Naval War College in Newport, Rhode Island, said, ?The fact is that the Chinese are remarkably risk-averse.? He went on, ?Yes, there have been dustups, and the United States collects intelligence around China?s border, but there is an accommodation process under way today between China and Taiwan.? In June, Taiwan approved a trade agreement with China that had, as its ultimate goal, a political rapprochement. ?The movement there is palpable, and, given that, somebody?s got to tell me how we are going to find ourselves in a war with China,? Pollack said. Many long-standing allies of the United States have been deeply engaged in cyber espionage for decades. A retired four-star Navy admiral, who spent much of his career in signals intelligence, said that Russia, France, Israel, and Taiwan conduct the most cyber espionage against the U.S. ?I?ve looked at the extraordinary amount of Russian and Chinese cyber activity,? he told me, ?and I am hard put to it to sort out how much is planning for warfare and how much is for economic purposes.? The admiral said that the U.S. Navy, worried about budget cuts, ?needs an enemy, and it?s settled on China,? and that ?using what your enemy is building to justify your budget is not a new game.? There is surprising unanimity among cyber-security experts on one issue: that the immediate cyber threat does not come from traditional terrorist groups like Al Qaeda, at least, not for the moment. ?Terrorist groups are not particularly good now in attacking our computer system,? John Arquilla told me. ?They?re not that interested in it?yet. The question is: Do vulnerabilities exist inside America? And, if they do, the terrorists eventually will exploit them.? Arquilla added a disturbing thought: ?The terrorists of today rely on cyberspace, and they have to be good at cyber security to protect their operations.? As terrorist groups get better at defense, they may eventually turn to offense. Jeffrey Carr, a Seattle-based consultant on cyber issues, looked into state and non-state cyber espionage throughout the recent conflicts in Estonia and Georgia. Carr, too, said he was skeptical that China or Russia would mount a cyber-war attack against the United States. ?It?s not in their interest to hurt the country that is feeding them money,? he said. ?On the other hand, it does make sense for lawless groups.? He envisaged ?five- or six-year-old kids in the Middle East who are working on the Internet,? and who would ?become radicalized fifteen- or sixteen-year-old hackers.? Carr is an advocate of making all Internet service providers require their customers to use verifiable registration information, as a means of helping authorities reduce cyber espionage. Earlier this year, Carr published ?Inside Cyber Warfare,? an account, in part, of his research into cyber activity around the world. But he added, ?I hate the term ?cyber war.? ? Asked why he used ?cyber warfare? in the title of his book, he responded, ?I don?t like hype, but hype sells.? Why not ignore the privacy community and put cyber security on a war footing? Granting the military more access to private Internet communications, and to the Internet itself, may seem prudent to many in these days of international terrorism and growing American tensions with the Muslim world. But there are always unintended consequences of military activity?some that may take years to unravel. Ironically, the story of the EP-3E aircraft that was downed off the coast of China provides an example. The account, as relayed to me by a fully informed retired American diplomat, begins with the contested Presidential election between Vice-President Al Gore and George W. Bush the previous November. That fall, a routine military review concluded that certain reconnaissance flights off the eastern coast of the former Soviet Union?daily Air Force and Navy sorties flying out of bases in the Aleutian Islands?were redundant, and recommended that they be cut back. ?Finally, on the eve of the 2000 election, the flights were released,? the former diplomat related. ?But there was nobody around with any authority to make changes, and everyone was looking for a job.? The reality is that no military commander would unilaterally give up any mission. ?So the system defaulted to the next target, which was China, and the surveillance flights there went from one every two weeks or so to something like one a day,? the former diplomat continued. By early December, ?the Chinese were acting aggressively toward our now increased reconnaissance flights, and we complained to our military about their complaints. But there was no one with political authority in Washington to respond, or explain.? The Chinese would not have been told that the increase in American reconnaissance had little to do with anything other than the fact that inertia was driving day-to-day policy. There was no leadership in the Defense Department, as both Democrats and Republicans waited for the Supreme Court to decide the fate of the Presidency. The predictable result was an increase in provocative behavior by Chinese fighter pilots who were assigned to monitor and shadow the reconnaissance flights. This evolved into a pattern of harassment in which a Chinese jet would maneuver a few dozen yards in front of the slow, plodding EP-3E, and suddenly blast on its afterburners, soaring away and leaving behind a shock wave that severely rocked the American aircraft. On April 1, 2001, the Chinese pilot miscalculated the distance between his plane and the American aircraft. It was a mistake with consequences for the American debate on cyber security that have yet to be fully reckoned. ? From rforno at infowarrior.org Mon Oct 25 09:19:12 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Oct 2010 10:19:12 -0400 Subject: [Infowarrior] - Treasury Shields Citigroup as Deletions Undercut Disclosure Message-ID: <865EDA3D-8880-4348-8600-EB3A7E25E3D2@infowarrior.org> Treasury Shields Citigroup as Deletions Undercut Disclosure By Bob Ivry - Oct 25, 2010 http://www.bloomberg.com/news/print/2010-10-25/u-s-treasury-shielding-of-citigroup-with-deletions-make-foia-meaningless.html The late Bloomberg News reporter Mark Pittman asked the U.S. Treasury in January 2009 to identify $301 billion of securities owned by Citigroup Inc. that the government had agreed to guarantee. He made the request on the grounds that taxpayers ought to know how their money was being used. More than 20 months later, after saying at least five times that a response was imminent, Treasury officials responded with 560 pages of printed-out e-mails -- none of which Pittman requested. They were so heavily redacted that most of what?s left are everyday messages such as ?Did you just try to call me?? and ?Monday will be a busy day!? None of the documents answers Pittman?s request for ?records sufficient to show the names of the relevant securities? or the dates and terms of the guarantees. Even so, the U.S. government considers the collection of e-mails a partial response to an official request under the federal Freedom of Information Act, or FOIA. The Justice Department in July cited an increase in such responses as evidence that ?more information is being released? under the law. President Barack Obama vowed to usher in a new era of open government. On Jan. 21, 2009, the day after his inauguration and a week before Pittman submitted his FOIA request, Obama directed agencies to ?adopt a presumption in favor of disclosure, in order to renew their commitment to the principles embodied in FOIA.? Limits of Transparency The saga of Pittman?s request shows that the promise of transparency has its limits when it comes to the government?s intervention in the financial industry, which at its peak reached $12.8 trillion in commitments. From the 2008 Bear Stearns Cos. rescue to the Federal Reserve?s policy of quantitative easing in 2010, the Obama administration has delayed disclosures and defended its right to secrecy in court, said Tom Fitton, president of Judicial Watch Inc., which describes itself as a conservative foundation. ?This is an unprecedented crisis for open government,? said Fitton, whose Washington-based organization sued the Bush administration more than 200 times over disclosure issues. ?When it comes to the bank bailout, the Obama administration has made a decision to err on the side of secrecy.? The Justice Department, which oversees disclosure for the executive branch, is ?working specifically to encourage agencies to be as transparent as possible and release as much as possible,? said Melanie Ann Pustay, director of the department?s Office of Information Policy. ?We view our efforts as an ongoing process.? Openness Aids Recovery More openness concerning the causes of the crisis and the government?s response would help the economy recover, said Joseph Mason, a finance professor at the Ourso College of Business at Louisiana State University in Baton Rouge. ?Investors who don?t have information are investors who refuse to place funds in markets,? Mason said. ?If we want investment and economic growth to resume, we want to be forthright about what happened. The longer we keep investors in the dark, the longer that low economic growth will persist.? The public has a particular interest in transparency regarding the government?s unprecedented intervention in capital markets because of its sheer size, said U.S. Representative Darrell Issa of California, the ranking Republican on the Committee on Oversight and Government Reform. He called the Obama administration ?woefully inadequate? at fulfilling its promise of transparency. Right to Know ?At a time when the role of government and more specifically the Treasury Department, through bailouts and stimulus, is responsible for administering trillions of dollars, there couldn?t be a more important time to uphold the American people?s right to know,? Issa said in an e-mail. On Jan. 28, 2009, Pittman asked Treasury officials for details related to guarantees the agency had provided on securities held by Citigroup, American International Group Inc. and Bank of America Corp. Among other things, he asked for any contracts with outside firms hired to calculate the assets? values. In its response, Treasury said AIG didn?t participate in its Asset Guarantee Program. Likewise, despite some negotiations, the government and Charlotte, North Carolina-based Bank of America ?never entered into a definitive agreement,? the response said. Citigroup?s Largest Shareholder That left Citigroup, in which the U.S. government was the largest shareholder as of Oct. 1, according to regulatory filings. Taxpayers? stake, 12.4 percent, was three times the second-largest investor?s. In the 560 pages of e-mails exchanged in the last two months of 2008 and January 2009, Treasury employees and their colleagues at the Federal Reserve Bank of New York discuss with attorneys the department?s $20 billion investment in New York- based Citigroup and the $301 billion in guarantees. Both followed an initial $25 billion investment in Citigroup through the Troubled Asset Relief Program in October 2008. The Treasury Department also released 169 pages that included a ?Securities Purchase Agreement? between the bank, the agency and the Federal Deposit Insurance Corp. The document had previously been disclosed in a Jan. 16, 2009, Citigroup regulatory filing -- almost two weeks before Pittman sent his request. Exemptions Cited The department held back 866 more pages, saying each was exempt from disclosure on one of four grounds: trade secrets, personnel rules and practices, memos subject to attorney-client privilege and violations of personal privacy. Treasury also cited the trade-secrets exemption in responding to a separate, similar FOIA request by Bloomberg News for details about Citigroup?s segregated bad assets. In that response, 73 of 104 pages were completely blacked out except for headings. Only six pages -- the cover, contents, a boilerplate list of legal disclosures and a paragraph titled ?FOIA Request for Confidential Treatment? -- were free of redactions. The department?s reply to Pittman?s request will count statistically as a ?partial response,? in government reports, said Hugh Gilmore, Treasury?s FOIA public liaison. The response ?adhered to the rules, regulations, U.S. attorney general guidance and relevant case law that govern FOIA,? Steven Adamske, a Treasury spokesman, said in an e-mail. Right of Appeal People who aren?t satisfied with federal agencies? responses under FOIA can appeal to them first, and then file civil lawsuits in U.S. District Court to try to force more disclosure. Bloomberg LP, the parent company of Bloomberg News, sued the Fed over another Pittman FOIA request that sought the names of banks that took emergency loans from the central bank. The company has prevailed in U.S. District Court and on appeal. The Fed, which has not released the information, has until tomorrow to decide whether to ask the U.S. Supreme Court to consider the case. Like the Treasury Department, the central bank cited the exemption for trade secrets, known as exemption 4, in withholding details about borrowers. Its lawyers argued that disclosing the banks? identities would put the institutions at a competitive disadvantage and make them less likely to seek emergency loans in the future. In an Aug. 24, 2009, ruling, Chief U.S. District Judge Loretta A. Preska in Manhattan disagreed. ?An Inherent Risk? ?The risk of looking weak to competitors and shareholders is an inherent risk of market participation; information tending to increase that risk does not make the information privileged or confidential,? Preska wrote. The Fed ?would seemingly sweep within the scope of Exemption 4 all information about borrowers that anyone throughout the entire marketplace might consider to be negative. The exemption cannot withstand such inflation.? Pittman?s request for the Treasury Department records spent months in limbo, according to discussions with the agency?s employees. He had waited about 10 months for a response when he died on Nov. 25, 2009. Shortly afterward, Michael Galleher, an attorney working on contract for the Treasury Department, called Bloomberg News, asking where he could send the responsive documents. Attempts to return Galleher?s call failed; he couldn?t be found at the agency. A December call to Gilmore, the FOIA liaison, was returned by Daneisha White, a FOIA officer, who suggested calling Michael C. Bell, the FOIA manager in the Office of Financial Stability. Bell referred questions back to Gilmore. Meanwhile, that month, Citigroup repaid $20 billion of its bailout money and terminated the asset guarantees. Searching for Records Gilmore called back in January, saying Galleher had left the agency at the end of 2009. He and his colleagues would search for Pittman?s FOIA documents, he said, because they weren?t sure where they were. In April came a call from Galleher. He said that he had returned to work at Treasury?s FOIA office, that he had the relevant documents for Pittman?s request and that he would send them that week. ?I need to clear the old requests,? he said. The office where Gilmore works, which has the equivalent of 26 fulltime employees, handled 890 FOIA requests in fiscal 2009, according to Treasury?s annual FOIA report to the attorney general. It had 1,766 requests pending at year?s end. Government bureaucracies often aren?t staffed enough to respond adequately to requests for public records, said Lucy Dalglish, executive director of the Reporters Committee for Freedom of the Press in Arlington, Virginia. In addition, she said, they?re simply not motivated to disclose. ?Disappointed? Yeah? ?Agencies get in far more trouble for releasing information than they do for not,? she said. ?Am I disappointed in the Obama administration? Yeah.? In May, Galleher reported that he would have something to send soon. He said the same thing in June, and then in July. Part of the holdup was caused by the governmentwide practice of giving private companies a chance to object to the disclosure of requested documents, he said. Doing so ensures that companies continue to cooperate with the executive branch by providing records without fear they?ll be made public without review, said Pustay of the Justice Department. Neither Citigroup nor the Treasury Department would discuss which redactions, if any, the bank sought on Pittman?s request. Shannon Bell, a spokeswoman for the bank, declined to comment. ?We have no obligation to explain how much of Citi?s recommendations we accepted and in what ways we decided to differ,? Adamske, the Treasury spokesman, said in an e-mail. To contact the reporter on this story: Bob Ivry in New York at bivry at bloomberg.net. To contact the editor responsible for this story: Gary Putka at gputka at bloomberg.net. From rforno at infowarrior.org Mon Oct 25 09:42:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Oct 2010 10:42:10 -0400 Subject: [Infowarrior] - Google CEO: "You can always move if you don't like Street View" Message-ID: <5FAD7C08-B5A8-4E27-AA9F-CAAA59DCD0EA@infowarrior.org> Not sure what's more disturbing -- Schmidt's ongoing cavalier public statements about privacy over the years or that CNN reportedly removed his latest comments from their segment, according to this article. ---rick Schmidt: Don?t Like Google Street View Photographing Your House? Then Move. by John Paczkowski Posted on October 25, 2010 at 3:00 AM PT http://digitaldaily.allthingsd.com/20101025/schmidt-dont-like-google-street-view-photographing-your-house-then-move/ ?The problem with Google is that Eric Schmidt is creepy?.The industry is filled with eccentric CEOs?billionaires who, say, wear a wardrobe that consists of nothing but identical black shirts and Levi?s 501 jeans, or who dress as a samurai warrior, including swords, at their home. But Schmidt doesn?t seem eccentric (or at least not merely so). He seems creepy.? ? John Gruber, Daring Fireball Google CEO Eric Schmidt says the company?s ?policy is to get right up to the creepy line and not cross it.? And while that may be true of Google, it?s clearly not true of Schmidt who lately has been happily high stepping across the creepy line like the grand marshal of the Tone-Deaf Technocrat Parade. In the past year alone he has: ? Addressed criticisms of Google?s stance on privacy by saying, ?If you have something that you don?t want anyone to know, maybe you shouldn?t be doing it in the first place.? ? Claimed people want Google to ?tell them what they should be doing next.? ? Said of Google, ?We know where you are. We know where you?ve been. We can more or less know what you?re thinking about.? ? Said this: ?One day we had a conversation where we figured we could just try to predict the stock market. And then we decided it was illegal. So we stopped doing that.? ? Suggested name changes to protect adults from the Web?s record of their youthful indiscretions. ? Said this: ?What we?re really doing is building an augmented version of humanity, building computers to help humans do the things they don?t do well better.? Nice selection of remarks with which to begin a Bartlett?s Unsettling Quotations From Powerful CEOs, right? And Schmidt?s far from done. Appearing on CNN?s ?Parker Spitzer? program last week, he said that people who don?t like Google?s Street View cars taking pictures of their homes and businesses ?can just move? afterward to protect their privacy. Ironically, he said this on the very day that Google admitted those cars captured more than just fragments of personal payload data. Interestingly, CNN has since edited that quote out of Schmidt?s segment. Did Google ask them to remove it? Who knows. Perhaps the company has finally realized that Schmidt?s penchant for indulging in this sort of pedantic dorkery doesn?t do much for its public image. Freaking people out with asinine power-tripping pronouncements might be great fun for Schmidt, but it isn?t a wise PR strategy, particularly when Google is a company about which the public and government are increasingly concerned. Schmidt really should know this. Actually, it?s hard to believe he doesn?t. Which is just?creepy. From rforno at infowarrior.org Mon Oct 25 09:44:09 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Oct 2010 10:44:09 -0400 Subject: [Infowarrior] - WH Launches Interagency Subcommittee on Privacy & Internet Policy Message-ID: (Definately looks USG-focussed .... nobody there from the private sector. --rick) White House Council Launches Interagency Subcommittee on Privacy & Internet Policy Posted by Cameron Kerry and Christopher Schroeder on October 24, 2010 at 10:10 AM EDT http://www.whitehouse.gov/blog/2010/10/24/white-house-council-launches-interagency-subcommittee-privacy-internet-policy As part of the Obama Administration?s commitment to promoting the vast economic opportunity of the Internet and protecting individual privacy, the National Science and Technology Council has launched a new Subcommittee on Privacy and Internet Policy. Populated by representatives from more than a dozen Departments, agencies and Federal offices, and co-chaired by the two of us, the subcommittee will develop principles and strategic directions with the goal of fostering consensus in legislative, regulatory, and international Internet policy realms. In this digital age, a thriving and dynamic economy requires Internet policies that promote innovation domestically and globally while ensuring strong and sensible protections of individuals? private information and the ability of governments to meet their obligations to protect public safety. Recognizing the global nature of the digital economy and society, the Subcommittee will monitor and address global privacy policy challenges and develop approaches to meeting those challenges through coordinated U.S. government action. The Subcommittee is committed to fostering dialogue and cooperation between our Nation and its key trading partners in support of flexible and robust privacy and innovation policies. Such policies are essential to the health of competitive marketplaces for online goods and services. The public policy direction developed by the Subcommittee will be closely synchronized to privacy practices in federal Departments and agencies, resulting in a comprehensive and forward-looking commitment to a common set of Internet policy principles across government. These core principles include facilitating transparency, promoting cooperation, empowering individuals to make informed and intelligent choices, strengthening multi-stakeholder governance models, and building trust in online environments. At the same time, the Subcommittee will work closely with private stakeholders to identify Internet policy principles that promote innovation and economic expansion, while also protecting the rule of law and individual privacy. Throughout this process, the Subcommittee will endeavor to strike the appropriate balance between the privacy expectations of consumers and the needs of industry, law enforcement and other public-safety governmental entities, and other Internet stakeholders. The Subcommittee is made up of representatives from the following Federal agencies: ? Department of Commerce (Co-Chair) ? Department of Justice (Co-Chair) ? Department of Education ? Department of Energy ? Department of Health and Human Services ? Department of Homeland Security ? Department of State ? Department of Transportation ? Department of the Treasury ? Small Business Administration ? Other departments and agencies designated by the co-chairs. Of note, the Federal Trade Commission and the Federal Communications Commission will be invited to participate. The following organizations in the Executive Office of the President shall also be represented on the Subcommittee: ? Domestic Policy Council ? National Economic Council ? National Security Council and National Security Staff ? Office of Management and Budget ? Office of Science and Technology Policy ? United States Trade Representative ? Office of the U.S. Intellectual Property Enforcement Coordinator ? National Security Staff Cybersecurity Directorate Cameron Kerry is General Counsel at the Department of Commerce Christopher Schroeder is Assistant Attorney General at the Department of Justice From rforno at infowarrior.org Tue Oct 26 16:23:26 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Oct 2010 17:23:26 -0400 Subject: [Infowarrior] - Power Failure Shuts Down ICBM Squadron Message-ID: <8056CB4D-29D7-41D3-869D-21E669D05234@infowarrior.org> Power Failure Shuts Down Squadron of Nuclear Missiles Oct 26 2010, 4:36 PM ET http://www.theatlantic.com/politics/archive/2010/10/power-failure-shuts-down-sqaudron-of-icbms/65207/ President Obama was briefed this morning on a power failure at F.E. Warren Air Force Base in Wyoming that took 50 nuclear intercontinental ballistic missiles (ICBMs), one-ninth of the U.S. missile stockpile, temporarily offline on Saturday. The base is a main locus of the United States' strategic nuclear forces. The 90th Missile Wing, headquartered there, controls 150 Minuteman III intercontinental ballistic nuclear missiles. They're on full-time alert and are housed in a variety of bunkers across the base. On Saturday morning, according to people briefed on what happened, a squadron of ICBMs suddenly dropped down into what's known as "LF Down" status, meaning that the missileers in their bunkers could no longer communicate with the missiles themselves. LF Down status also means that various security protocols built into the missile delivery system, like intrusion alarms and warhead separation alarms, were offline. In LF Down status, the missiles are still technically launch-able, but they can only be controlled by an airborne command and control platform like the Boeing E-6 NAOC "Kneecap" aircraft, or perhaps the TACAMO fleet, which is primarily used to communicate with nuclear submarines. "At no time did the president's ability decrease," an administration official said. Still, the Chairman of the Joint Chiefs of Staff, Adm. Michael Mullen, was immediately notified, and he, in turned, briefed Secretary of Defense Robert Gates. "We've never had something as big as this happen," a military officer who was briefed on the incident said. Occasionally, one or two might blink out, the officer said, and several warheads are routinely out of service for maintenance. At an extreme, "[w]e can deal with maybe 5, 6, or 7 at a time, but we've never lost complete command and control and functionality of 50 ICBMs." The military contends that command and control -- "C2" in their parlance -- was not lost. An Air Force spokesperson, Christy Nolta, said the power failure lasted less than an hour. "There was a temporary interruption and the missiles themselves were always protected by multiple, redundant, safety, security and command and control features. At no time was there any danger to the public," she said. Another military official said the failure triggered an emergency inspection protocol, and sentries were dispatched to verify in person that all of the missiles were safe and properly protected. When on alert, the missiles are the property of the U.S. Strategic Command, which controls all nuclear forces. When not on alert status, the missiles belong to the Global Strike Command. A White House spokesperson referred questions about the incident to the Office of the Secretary of Defense and to the Air Force. A spokesperson for the Global Strike Command did not immediately respond to questions. The cause of the failure remains unknown, although it is suspected to be a breach of underground cables deep beneath the base, according to a senior military official. It is next to impossible for these systems to be hacked, so the military does not believe the incident was caused by malicious actors. A half dozen individual silos were affected by Saturday's failure. There are about 450 ICBMs in America's nuclear arsenal, some of them bearing multiple warheads. 150 are based at Minot AFB in North Dakota and 200 are housed at Malmstrom AFB in Montana. The chessboard of nuclear deterrence, a game-theory-like intellectual contraption that dates from the Cold War, is predicated upon those missiles being able to target specific threat locations across the world. If a squadron goes down, that means other missiles have to pick up the slack. The new START treaty would reduce the number of these missiles by 30 percent, but the cuts are predicated upon the health of the current nuclear stockpile, from warhead to delivery system to command and control. An administration official said that "to make too much out of this would be to sensationalize it. It's not that big of a deal. Everything worked as planned." Senate Republicans have been pressing Senate Democrats to spend more money ensuring the current strategic nuclear arsenal, which dates to the early 1980s, is ready to go. The treaty requires the vote of two-thirds of the Senate to be ratified. In 2008, Gates fired the Secretary of the Air Force and its chief of staff after a series of incidents suggested to Gates that the service wasn't taking its nuclear duties seriously enough. At one point, a B-52 bomber flew across the continental U.S. without realizing that its nuclear weapons were "hot." From rforno at infowarrior.org Tue Oct 26 18:09:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Oct 2010 19:09:18 -0400 Subject: [Infowarrior] - Website for Leaked Data Shines Spotlight on WikiLeaks Message-ID: OCTOBER 26, 2010 Website for Leaked Data Shines Spotlight on WikiLeaks By JEANNE WHALEN http://online.wsj.com/article/SB10001424052702303467004575574462119793480.html WikiLeaks publishes top-secret documents about government and corporate intrigue. Then there is John Young, who publishes documents about WikiLeaks. From his apartment on New York City's Upper West Side, the 70-something architect, computer buff and self-described "cypherpunk" runs a website, http://cryptome.org, that seeks to hold accountable the site that boasts of holding others to account. Mr. Young said his scrutiny is meant not to undermine WikiLeaks, but to harden it for battle. "Doing what they're doing," he said in a telephone interview, "they have to be just as tough as nails. And they can't get tough by having people praise them. They can only get tough by having people attack them." WikiLeaks has posted hundreds of thousands of classified U.S. military documents about the wars in Iraq and Afghanistan, with the most recent trove released last weekend. Among the posts on Mr. Young's site?which covers a broad range of subjects?are internal WikiLeaks emails showing the group debating strategy for attracting funds and supporters. The Cryptome posts have provocative labels such as "wikileaks-fear," "wikileaks-snitch" and "WL Hate." In a July item titled "wikileaks-buck," Cryptome published an anonymous letter from someone claiming to be a WikiLeaks insider, who complained that WikiLeaks provides "absolutely no accounting" of funds it receives and spends. WikiLeaks founder Julian Assange disputes that claim, and says all the alleged "insider" posts on Cryptome are fakes. In an email, Mr. Assange called the "insider" posts on Cryptome "fabricated from top to bottom." He declined to elaborate, or to comment further on Cryptome. Mr. Young said he receives some documents anonymously, through an encrypted submission system. Asked whether some might be fake, Mr. Young said he was "agnostic on issues of fakeness." "There's no way to tell the difference between a real one and a fake in general," Mr. Young said. "So let people decide for themselves." After WikiLeaks' weekend publication of 400,000 documents about the Iraq war, Cryptome has been busy. In an Oct. 23 item, Mr. Young posted a variety of barbs about WikiLeaks, including an accusation that it holds "dramatic, rigged, press shindigs" to announce its leaks. Cryptome isn't the only one watching the watchers. A cottage industry based on scrutinizing WikiLeaks has sprung up in recent years. Wikileak.org?singular, no "s"?opines on WikiLeaks' tactics and links to articles about WikiLeaks. Wikileads.net offered "WikiLeaks buzz, news and analysis" before petering out in 2008. Media blog Gawker also posts information about Mr. Assange and company on the site wikileakileaks.org. Mr. Young founded Cryptome in 1996 as one of the Web's first repositories of leaked documents and top-secret information, publishing documents such as lists of alleged British spies and the alleged site of former Vice President Dick Cheney's famed "undisclosed location" following the Sept. 11, 2001, terror attacks on New York and Washington. Like WikiLeaks founder Mr. Assange, Mr. Young crusades for full disclosure but is stingy with details about his own life. He grew up in Texas but won't say exactly where, and declines to give his age. Wikileaks, founded by Julian Assange, above, is a focus of Cryptome. Mr. Young said he generates some material for Cryptome by filing Freedom of Information requests about WikiLeaks. On Aug. 9, he posted on the site a letter he said he sent to the Central Intelligence Agency "requesting information or records on Wikileaks.org, Julian Assange and others unknown associated with Wikileaks and its affiliates." The CIA couldn't immediately confirm receipt of the FOIA request. In the mid-1990s, Mr. Young said, he became acquainted with Mr. Assange through the "cypherpunks" movement, which united programmers, hackers and others interested in Internet privacy. The movement draws its name from the word "cipher," which means, among other things, a system of writing in secret code. Mr. Young said in 2006 Mr. Assange asked him to become the public face of WikiLeaks in the U.S., where he was supposed to register the wikileaks.org domain in his name. But a few months later Mr. Young fell out with the group, alleging that its goal of raising $5 million was excessive and that such sums "could not be needed so soon except for suspect purposes." Mr. Young sent a heated farewell message to a WikiLeaks Internet mailing list: "Wikileaks is a fraud: F? your cute hustle and disinformation campaign against legitimate dissent. Same old s?, working for the enemy," he wrote. Then he posted the message?and a stream of WikiLeaks insider emails?to Cryptome as a leak. It was the first of dozens of WikiLeaks items he has posted, their number intensifying in recent months as WikiLeaks has attracted more attention. Write to Jeanne Whalen at jeanne.whalen at wsj.com From rforno at infowarrior.org Tue Oct 26 18:26:30 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Oct 2010 19:26:30 -0400 Subject: [Infowarrior] - LimeWire file-sharing service shut down by US court Message-ID: (I didn't know anyone still used it!! -rick) LimeWire file-sharing service shut down by US court http://news.yahoo.com/s/afp/20101026/tc_afp/usitmusicjusticecopyrightinternetlimewire/print NEW YORK (AFP) ? Popular online file-sharing service LimeWire was shut down by a US federal court on Tuesday following a lawsuit filed by the music industry. The move came a little more than five months after a US judge ruled in favor of 13 music companies in a copyright infringement and unfair competition case brought against LimeWire. LimeWire.com featured a legal notice on its home page on Tuesday stating it was "under a court-ordered injunction to stop distributing and supporting its file-sharing software." The legal notice linked to the court order from US District Court Judge Kimba Wood ordering the closure of the service. LimeWire chief executive George Searle said in a statement he was "disappointed with this turn of events." "We are extremely proud of our pioneering history and have, for years, worked hard to bridge the gap between technology and content rights holders," Searle said. "However, at this time, we have no option but to cease further distribution and support of our software." Searle thanked users of the service and said "our team of technologists and music enthusiasts are creating a completely new music service that puts you back at the center of your digital music experience." "We'll be sharing more details about our new service and look forward to bringing it to you in the future," he said. The 13 music companies filed their complaint against LimeWire in 2006 and Judge Wood ruled in their favor in May. In June, eight members of the National Music Publishers' Association filed a separate copyright suit against LimeWire. LimeWire software was released in August 2000 and uses peer-to-peer, or P2P, technology to allow users to share music or other files over the Internet. LimeWire is owned by the Lime Group, a New York-based company. Copyright ? 2010 Yahoo! Inc. All rights reserved. ? Questions or Comments ? Privacy Policy ? About Our Ads ? Terms of Service ? Copyright/IP Policy From rforno at infowarrior.org Wed Oct 27 08:50:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Oct 2010 09:50:03 -0400 Subject: [Infowarrior] - =?windows-1252?q?UK_should_not_put_up_with_US_air?= =?windows-1252?q?port_security_=96_BA_chairman?= Message-ID: <04CD8246-C489-447B-9B3C-57959318DEBA@infowarrior.org> UK should not put up with US airport security ? BA chairman Martin Broughton says the US does not enforce many of the checks it demands of British airports ? James Meikle ? The Guardian, Wednesday 27 October 2010 ? Article history http://www.guardian.co.uk/world/2010/oct/27/airport-security-rules-uk-us Britain should stop "kowtowing" to US demands over airport security, the chairman of British Airways, Martin Broughton, has said, adding that American airports did not implement some checks on their own internal flights. He suggested the practice of forcing passengers on US-bound flights to take off their shoes and to have their laptops checked separately in security lines should be dropped, during a conference of UK airport operators in London. There was no need to "kowtow to the Americans every time they wanted something done", said Broughton. "America does not do internally a lot of the things they demand that we do. We shouldn't stand for that. We should say 'we'll only do things which we consider to be essential and that you Americans also consider essential'." The remarks, reported in the Financial Times, were not disputed by BA. No one wanted weak security, Broughton said, but added: "We all know there's quite a number of elements in the security programme which are completely redundant and they should be sorted out." These included the requirement to remove footwear, brought in after British "shoe bomber" Richard Reid hid explosives in his trainers on a flight from Paris to Miami in December 2001, and differing approaches to checking laptops and other equipment. "Take the iPad, they still haven't decided if it is a laptop or it isn't a laptop. So some airports think you should take it out and some think you shouldn't," Broughton said. Rules on airport checks and items that can be carried in hand-luggage have got progressively tougher ever since the 9/11 attacks in the US. Colin Matthews, chief executive of BAA, owner of Heathrow, told the FT: "Today's arrangements are incremental and I think there is a case for saying let's start from a clean sheet of paper to achieve what we want to achieve." On Monday, transport minister Philip Hammond told the conference he wanted a new regulatory system ? where the government concentrated on setting security outcomes that needed to be achieved, while operators devised security processes needed to deliver them in line with EU requirements. However his department told the FT there were no plans to change rules on checking shoes and laptops. From rforno at infowarrior.org Wed Oct 27 08:54:12 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Oct 2010 09:54:12 -0400 Subject: [Infowarrior] - MySpace 2.0 Message-ID: October 27, 2010 For Myspace, a Redesign to Entice Generation Y By MIGUEL HELFT http://www.nytimes.com/2010/10/27/technology/27myspace.html SAN FRANCISCO ? All but eclipsed by Facebook and Twitter, Myspace is aiming for a comeback. The onetime king of social networking plans to revamp its Web site beginning on Wednesday, narrowing its focus on entertainment for people 13 to 35 years of age, also known as Generation Y. ?Over time, Myspace got very broad and lost focus of what its members were using it for,? Michael Jones, the president of Myspace, a unit of Rupert Murdoch?s News Corporation, said in an interview. Mr. Jones said that the more than 120 million Myspace members were primarily using the site to listen to music and share opinions and information about that music, as well as about movies and television shows. The new site will emphasize that content with a simplified service that removes much of the clutter that Myspace was known for, Mr. Jones said. And Mr. Jones said that Myspace would no longer seek to compete with Facebook, but rather to complement it. ?Our focus is social entertainment,? he said. ?Niche players have long staying power.? Analysts say that burnishing Myspace?s tarnished brand, even with a more narrow focus, will not be easy. While Myspace, founded in 2003, still has a large audience, its fortunes have steadily eroded in the last few years. Ad spending on Myspace is expected to decline to $297 million in 2011, from $470 million in 2009, according to estimates from eMarketer , a research firm. During the same period, Facebook?s ad revenue is expected to soar to $1.7 billion from $665 million. As the business shrunk, Myspace suffered from a whirlwind of management changes. Chris DeWolfe, the co-founder and chief executive, left in April of 2009, less than a month after the News Corporation appointed Jonathan Miller, a former chief executive of AOL, to oversee its digital media businesses. Mr. DeWolfe was replaced with Owen Van Natta, a former Facebook executive, who left in February after just 10 months on the job. Mr. Miller then appointed two executives, Mr. Jones and Jason Hirschhorn, to be co-presidents of Myspace. Mr. Hirschhorn left in June, leaving Mr. Jones as the sole president. The new design is part of a long-expected plan to refocus Myspace on the audience and content areas that first made the site popular. ?They are definitely trying to become more relevant again,? said Debra Aho Williamson, a senior analyst at eMarketer. ?But it going to be hard, because so much time has gone by.? Ms. Williamson said that outside of the entertainment world, where Myspace still has strong appeal, many marketers have lost interest in the company. Still, even a diminished Myspace is far from irrelevant. Ads on Myspace currently reach about 24 percent of online users in the United States, according to comScore, the online measurement company. (Facebook reaches 62 percent.) With the new design, Mr. Jones, who worked with Mr. Miller at AOL, is borrowing ideas from Facebook, Twitter and Foursquare, the mobile social ?check-in? service. The home page focuses on constantly updating items about music, movies and television shows that are most discussed on the site at any one time. The profile pages of individual users will be more streamlined and consistent in format, helping others navigate them more easily. Users who are especially active in creating playlists or commenting on a television show ? Mr. Jones calls them ?curators? ? will earn virtual badges and be rewarded by having their links highlighted. Myspace is also creating thousands of pages for television shows, movies and bands, that are meant to become hubs for discussion of those topics on the site. The new Myspace design will roll out gradually, starting Wednesday and continuing through the end of November. Mr. Jones said that Myspace had also rebuilt the technical underpinnings of the site, making it easier to do future updates. From rforno at infowarrior.org Wed Oct 27 12:51:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Oct 2010 13:51:42 -0400 Subject: [Infowarrior] - US rolls out invasive pat-downs this week Message-ID: <3AED3DC4-5FEA-49E4-AC91-354E0F84DC6D@infowarrior.org> (c/o DS) http://bostonherald.com/business/general/view.bg?articleid=1291536 National rollout of invasive pat-downs this week By Donna Goodison Tuesday, October 26, 2010 Airline passengers nationwide will be subjected to new aggressive and controversial body searches likened to ?foreplay? pat-downs under the expansion of a program tested at Logan International Airport. Beginning Friday, the Transportation Security Administration will start using the new front-of-the-hand, slide-down screening technique for passengers at all 450 of the nation?s commercial airports. The more invasive pat-downs - which include over-the-clothes searches of passengers? breast and genital areas - have raised privacy issues among civil liberties advocates. TSA screeners previously used pat-down hand motions to search passengers, switching to the backs of their hands when covering sensitive areas such as the torso. As first reported by the Herald in August, the TSA implemented the new body-search procedures at Logan and Las Vegas-McCarran International Airport because they were using the largest number of walk-through full-body scanners at security checkpoints. Also controversial, the scanners use low-dose X-rays to produce two-sided, head-to-toe images of passengers? bodies - including discernible but indistinct images of private parts - while blurring facial features. The TSA declined comment on the national rollout date, but two sources confirmed it. The pat-down techniques will be included in the TSA?s new set of standard operating procedures for screening issued Friday. Passengers who opt not to walk through the full-body scanners are subject to the searches, as well as passengers who set off metal detectors at checkpoints without the scanners. The TSA also picks random passengers for the searches. Lots of airline passengers are in for a surprise, said Chris Ott, spokesman for the American Civil Liberties Union of Massachusetts, which assailed the new pat-downs when they started at Logan. ?We question the effectiveness of the methods that are being presented and the choice that travelers are being given,? he said. ?. . . Travelers are being asked to choose between being scanned ?naked? and exposed to radiation, or getting what people are describing as just a highly invasive search by hands of their entire bodies.? Kate Hinni, founder of the non-profit FlyersRights.org consumer group, said the new searches amount to a ?foreplay pat-down? that for many people is going to ?feel like a moral issue.? ?It?s like having to choose the lesser of two evils,? Hinni said. ?Both are horribly invasive.? From rforno at infowarrior.org Wed Oct 27 14:17:52 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Oct 2010 15:17:52 -0400 Subject: [Infowarrior] - Online travel coalition fights Google's ITA deal Message-ID: <666B844C-75A5-4CA0-8E4B-DBFE7EBAA9C6@infowarrior.org> (c/o DS) http://flightaware.com/news/ap/Online-travel-coalition-fights-Googles-ITA-deal/1645 Online travel coalition fights Google's ITA deal Tuesday, October 26 2010 09:44PM SAN FRANCISCO (AP) ? Several leading Internet travel agencies and search engines are trying to convince U.S. government regulators to block Google Inc. from buying a technology supplier that plays an instrumental role in finding the best airline fares. The opponents, led by Expedia Inc., have formed a coalition called FairSearch.org to fight Google Inc.'s proposed $700 million acquisition of ITA Software. Other members of the group, which was announced Tuesday, include Farelogix Inc., Kayak, which also owns SideStep; and Sabre Holdings, which owns Travelocity. The U.S. Department of Justice is already investigating the deal, which was announced four months ago. FairSearch argues that combining Google's dominant Internet search engine with ITA's influential flight software would stifle competition and threaten to drive up air fares. ITA's technology plays a role in most online searches for airline tickets, providing Google with the means to manipulate one of the biggest markets in electronic commerce, according to FairSearch. The proposed deal "raises some serious concerns for travelers and the online travel industry as a whole," said Expedia CEO Dara Khosrowshahi. To help make its case with the Justice Department, FairSearch hired Thomas Barnett, who ran the agency's antitrust division from 2005 through 2008. Before leaving the government, Barnett threatened to sue Google to block a proposed search partnership with rival Yahoo Inc. after he steered an investigation into the alliance. Google backed out of the Yahoo deal to avoid a court fight. Google contends ITA would allow it to build better travel tools that help both consumers and the travel industry. To ease concerns that the deal could make it even more powerful, Google has pledged that it won't attempt to book airline reservations nor will it try to withhold ITA's software from other websites that already depend on the technology to find and recommend the best fares. Those assurances have helped persuade some online travel services that Google's ITA acquisition wouldn't harm them. Priceline.com Inc., Travelport and Orbitz Worldwide Inc. have said they don't have any serious objections to the deal. "Our reason for making this acquisition is simple: ITA will help us provide better results for our users," Andrew Silverman, a senior product manager for Google, wrote in a post on the company's website. Google has navigated through other rigorous government inquiries to gain regulatory approval to buy online ad service DoubleClick Inc. for $3.2 billion in 2008 and mobile ad service AdMob for $681 million earlier this year. From rforno at infowarrior.org Wed Oct 27 16:12:31 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Oct 2010 17:12:31 -0400 Subject: [Infowarrior] - How The Defense Department And NSA Is Hyping Cyberwar To Better Spy On You Message-ID: <8EF457A3-FBBF-4907-BDC1-FC0FC5FF9898@infowarrior.org> How The Defense Department And NSA Is Hyping Cyberwar To Better Spy On You from the not-cool dept http://www.techdirt.com/articles/20101026/04340211587/how-the-defense-department-and-nsa-is-hyping-cyberwar-to-better-spy-on-you.shtml We've discussed multiple times the massive unsubstantiated hype around the concept of "cyberwar", which mostly has been led by former government officials who are seriously cashing in on the hype. Yet, every time we mention this, we get people insisting that we just don't know the "real story" and the "threat" is really big. But we keep waiting for some evidence to support that theory. Seymour Hersh, over at the New Yorker, who tends to be the most connected reporter around when it comes to getting the inside scoop on what's happening in the US military, has a (typically) long and worth reading analysis of the whole "cyberwar" concept that effectively agrees with exactly what we've been saying all along: it's totally hyped up beyond reality, in an effort to build the reputations of a few people and to cash in on a trend. People on all sides of the issue all seemed to point out to Hersh that "cyberwar" is blowing things out of proportion. There's plenty of espionage going on, but that's quite different (and a lot less sexy when it comes to trying to make money). But what's even scarier than the people seeking to get money is the way the Defense Department has been using this to try to basically take control of the whole "cyber defense" aspect. Back in August, we discussed how there was this ongoing fight between the Defense Department (military) and Homeland Security (civilian) to manage the "cyber" threats, with the Defense Department basically using its experience in being incompetent to argue that it knows better. And, as you look at the details, the Defense Department isn't just looking at "cyber defense," it keeps on making the argument that part of "cyber defense" is also "securing" private networks and usage. Jerry Brito, over at the Tech Liberation Front, just had a post questioning whether or not the military should have a role in civilian cybersecurity, and Hersh's long article gives plenty of reasons why it absolutely should not. Multiple people note that one of the best ways to make various networks and systems more secure from espionage attacks is to increase (or even mandate) widespread encryption. That would certainly make things more difficult for espionage. But the NSA (part of the Defense Department) doesn't want that because that makes it much harder to spy on people. In fact, the very same NSA has been pushing the feds to put in place a mandatory backdoor to any encryption so that it can keep on spying. But, of course, any such backdoor can (and absolutely will) be used by those trying to spy from elsewhere as well. So when you put the NSA in charge of "cyber security," it seems to focus on using that mandate to actually improve its ability to spy on everyone (including on domestic soil), rather than actually doing stuff related to actual "cyber security." We've had various pieces of similar stories over the past few months, but Hersh does a great job pulling it all together in a way that makes it pretty clear that this whole thing is a huge boondoggle for most of the players. The ex-gov't officials screaming "cyberwar" are making tons of cash, while the Defense Department and the NSA are using all that hype to gain more control over the internet and the ability to spy on people -- but not necessarily to make anyone more secure. From rforno at infowarrior.org Wed Oct 27 16:40:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Oct 2010 17:40:54 -0400 Subject: [Infowarrior] - Google Privacy Probe Dropped by FTC After Assurances Message-ID: <408426CB-E7F3-44C7-93B4-6E0DC1F9AF06@infowarrior.org> Google Privacy Probe Dropped by FTC After Assurances By Jeff Bliss - Oct 27, 2010 http://www.bloomberg.com/news/print/2010-10-27/google-privacy-probe-is-dropped-by-ftc-after-assurances-on-data-collection.html The U.S. Federal Trade Commission ended its investigation of Google Inc.?s collection of data over unsecured wireless networks after the company said it will improve privacy safeguards in its Street View mapping project. The agency said the Mountain View, California-based company also agreed not to use the data, according to a letter today from David Vladeck, director of the FTC?s Bureau of Consumer Protection, to Albert Gidari, a lawyer for Google. The company?s pledge not to include the information in any Google products ?is critical to mitigate the potential harm to consumers from the collection of payload data,? Vladeck wrote. ?Because of these commitments, we are ending our inquiry into this matter.? Google, owner of the world?s most popular search engine, uses cars to photograph streets and houses to update Street View. The company admitted the cars also collected data from Wi- Fi networks, prompting an outcry by privacy advocates and lawmakers and spurring private lawsuits, European investigations and the FTC probe. ?We welcome the news that the FTC has closed its inquiry and recognized the steps we have taken to improve our internal controls,? said Christine Chen, a Google spokeswoman, in an e- mailed statement. ?We did not want and have never used the payload data.? Apology by Google In a separate e-mailed message today, Google apologized for collecting the data. Prosecutors in Rome opened an investigation into alleged violations of privacy law, Ansa newswire reported today. In May, German regulators began their own probe. With this decision and its prior approvals of Google?s acquisitions of AdMob Inc. and DoubleClick Inc., the FTC isn?t safeguarding privacy, said Jeffrey Chester, executive director of the Center for Digital Democracy, a Washington-based nonprofit group. ?The FTC keeps giving Google a pass to collect consumer data,? he said in an e-mail. ?The agency should have done more in this matter.? Democratic Representatives Henry Waxman of California and Edward Markey of Massachusetts and Republican Joe Barton of Texas have pressed Google to provide more details about the company?s collection of data from unsecured wireless networks. To contact the reporter on this story: Jeff Bliss in Washington at jbliss at bloomberg.net To contact the editor responsible for this story: Mark Silva in Washington at msilva34 at bloomberg.net From rforno at infowarrior.org Wed Oct 27 21:15:08 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Oct 2010 22:15:08 -0400 Subject: [Infowarrior] - fwd: Critical security risk posed by new 'Boonana' Trojan horse for OS X In-Reply-To: <201010280152.o9S1qeQk029925@synergy.ecn.purdue.edu> References: <201010280152.o9S1qeQk029925@synergy.ecn.purdue.edu> Message-ID: I don't see it as a "critical" problem for Mac folks --- unless a person is stupid enough to type in their password because omething out of the blue wants to be installed, in which case they deserve what they get. :) Just another social enginering vector. --rick On Oct 27, 2010, at 21:52 PM, Joe Cychosz wrote: > Hi Richard, > > Here's one probably of interest to the group: > > http://reviews.cnet.com/8301-13727_7-20020892-263.html > > A new Trojan horse malware that affects Mac OS X has been uncovered by > Macintosh Security site SecureMac. The Trojan is called > "trojan.osx.boonana.a" and is being disguised as a video and distributed > through social-networking sites like Facebook. > > Cheers, > Joe > From rforno at infowarrior.org Thu Oct 28 08:19:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Oct 2010 09:19:39 -0400 Subject: [Infowarrior] - Russia to create 'Windows rival' Message-ID: <375618C6-338D-49E1-81AF-71FDD7F3374B@infowarrior.org> Russia to create 'Windows rival' http://news.yahoo.com/s/afp/20101027/tc_afp/russiagovernmentinternet MOSCOW (AFP) ? The Russian state plans to revamp its computer services with a Windows rival to reduce its dependence on US giant Microsoft and better monitor computer security, a lawmaker said Wednesday. Moscow will earmark 150 million rubles (3.5 million euros, 4.9 million dollars) to develop a national software system based on the Linux operating system, Russian deputy Ilia Ponomarev told AFP, confirming an earlier report in the Vedomosti daily. "The devil is in the details," said Ponomarev, a computer expert, adding those details would be hashed out during a December meeting headed by vice-prime minister Sergei Ivanov. "We will become independent of Windows ... but it risks becoming an unthinking implantation of Linux," he added. Similar concerns about achieving technological independence prompted the Russian military to create the GLONASS satellite navigation system in the 1980s, to compete with the US Global Positioning System (GPS) and competition in the future from Europe's Galileo. From rforno at infowarrior.org Thu Oct 28 08:58:25 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Oct 2010 09:58:25 -0400 Subject: [Infowarrior] - 70 law profs public call to halt ACTA Message-ID: (c/o MG) Over 70 Law Profs Call for Halt of ACTA Negotiation - focus on secrecy, lack of Congressional involvement http://www.wcl.american.edu/pijip/go/blog-post/academic-sign-on-letter-to-obama-on-acta From rforno at infowarrior.org Thu Oct 28 14:57:16 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Oct 2010 15:57:16 -0400 Subject: [Infowarrior] - Military wants to scan communications to find internal threats Message-ID: Military wants to scan communications to find internal threats By Charley Keyes, CNN National Security Producer October 27, 2010 4:23 p.m. EDT http://www.cnn.com/2010/US/10/27/pentagon.e.mail.profiling/index.html Washington (CNN) -- The Pentagon wants computers to see into the future -- and stop crimes before they happen. As the U.S Army considers whether Maj. Nidal Hasan, the suspect in last year's Fort Hood massacre, should face a court-martial, it also is looking at whether the military missed signals that might have indicated what was about to happen. Now a Pentagon research arm is asking scientists to create a way to scan billions of e-mails to identify suspects in advance so that crimes can be stopped before they are committed. That's the goal of the latest $35 million project announced by DARPA, the Defense Advanced Research Projects Agency, which is credited with breakthroughs like the internet, GPS and stealth technology. But this latest idea is already is drawing fire from privacy and security experts. In a request for proposals, the think tank highlights the Fort Hood shootings. "Each time we see an incident like a soldier in good mental health becoming homicidal or suicidal or an innocent insider becoming malicious, we wonder why we didn't see it coming," DARPA says. "When we look through the evidence after the fact, we often find a trail -- sometimes even an "obvious" one. The question is: Can we pick up the trail before the fact, giving us time to intervene and prevent an incident." The agency calls the project ADAMS, for "Anomaly Detection at Multiple Scales." Simply tracking messages to and from people around a single location like Fort Hood would be a vast task. There are 65,000 people at Fort Hood and in a single year they may create 4.68 billion electronic messages between almost 15 million people. The challenge is to cope with and get accurate results from all this data. The agency said it would primarily use ADAMS to look at "trusted person(s) in a secure environment with access to sensitive information and information systems and sources." "There are currently no established techniques for detecting anomalies in data sets of this size at acceptable false positive rates," the agency notes in the request for proposals. "The focus is on malevolent insiders that started out as 'good guys.' The specific goal of ADAMS is to detect anomalous behaviors before or shortly after they turn," the agency says. "Operators in the counterintelligence community are the target end-users for ADAMS insider threat detection technology." Even more than the technological challenges, the project raises both policy and legal implications, according to James Lewis of the Center for Strategic and International Studies. He says DARPA and the U.S. government have been struggling for a while with how to use computer software to screen millions of transactions, something credit card companies already do. "But credit card companies can screen your transactions because you've entered into a contract with them and because it is in your interest to keep your account safe. The same isn't necessarily true for e-mail," Lewis said in an e-mail. "If you are sending e-mail from your work account, your company has the right to screen it. But if you are sending it from your personal account, no one has the right to screen it unless they get a court order, and getting the court order requires some sort of advance knowledge of malicious intent, which defeats the purpose of screening, Lewis said. Bruce Schneier, author of "Secrets and Lies" and other books on security technology, criticized the DARPA idea as "un-American" and a police state ploy. "This is what a police state does -- everyone watching what everyone does and the police watching your every move," Schneier told CNN in a telephone interview. "And what we learn from history is that police states never work. It never is safer." He added, "We are American. We don't spy on everybody else. And as a security guy, it works great in the movies but in real life you aren't going to be any safer. ... The false claims are going to kill you." DARPA doesn't like to talk about this or other pending projects. One person affiliated with the agency who insisted on anonymity because this person lacked authorization to speak to journalists, said the agency admits there are unresolved questions, including "How do you do this without invading privacy." "It's too early to comment," the person said. "... We rarely talk about a DARPA program as an idea until it's become a full-fledged program of record." Government Security News, which first reported on the project, compares it to the Tom Cruise movie "Minority Report." That science fiction film from Steven Spielberg was based on the premise that computers had kept the city of Washington murder-free for six years by using "astounding technology" to predict crimes and discover about-to-be criminals. An earlier DARPA plan, called Total Information Awareness, run by a former national security adviser, Adm. John Poindexter, was developed months after the 9/11 attacks to identify terrorists by combing through huge amounts of credit card, financial, travel and other electronic information. After a uproar over privacy and before it was implemented, the project was scrapped by Congress in 2003. Similar data mining projects are used by U.S. intelligence agencies to monitor international threats. From rforno at infowarrior.org Thu Oct 28 14:59:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Oct 2010 15:59:18 -0400 Subject: [Infowarrior] - Chinese Supercomputer Likely to Prompt Unease in U.S. Message-ID: Chinese Supercomputer Likely to Prompt Unease in U.S. By DON CLARK http://online.wsj.com/article/SB10001424052702303443904575579070132492654.html A newly built supercomputer in China appears poised to take the world performance lead, another sign of the country's growing technological prowess that is likely to set off alarms about U.S. competitiveness and national security. The system was designed by China's National University of Defense Technology and is housed at the National Supercomputing Center in the city of Tianjin. It is part of a new breed that exploits graphics chips more commonly used in playing videogames?supplied by Nvidia Corp.?as well as standard microprocessors from Intel Corp. A new supercomputer in China appears poised to take the world performance lead, another sign of the country's growing technological prowess. Don Clark joins Digits to discuss. Supercomputers are massive machines that help tackle the toughest scientific problems, including simulating commercial products like new drugs as well as defense-related applications such as weapons design and breaking codes. The field has long been led by U.S. technology companies and national laboratories, which operate systems that have consistently topped lists of the fastest machines in the world. But Nvidia says the new system in Tianjin?which is being formally announced Thursday at an event in China?was able to reach 2.5 petaflops. That is a measure of calculating speed ordinarily translated into a thousand trillion operations per second. It is more than 40% higher than the mark set last June by a system called Jaguar at Oak Ridge National Laboratory that previously stood at No. 1 on a twice-yearly ranking of the 500 fastest supercomputers. "I don't know of another system that is going to be anywhere near the performance and the power of this machine" in China, said Jack Dongarra, a supercomputer expert on the Oak Ridge research staff who is a professor at the University of Tennessee and recently inspected the system in Tianjin last week. "It is quite impressive." The development was not altogether unexpected. China placed 24 systems in the so-called Top 500 supercomputer ranking last June; a system called Nebulae, for example, took second place that also used chips from Nvidia and Intel. But Mr. Dongarra and other researchers said the machine should nevertheless serve as a wake-up call that China is threatening to take the lead in scientific computing?akin to a machine from Japan that took the No. 1 position early in the past decade and triggered increased U.S. investment in the field. "It's definitely a game-changer in the high performance market," said Mark Seager, chief technology officer for computing at Lawrence Livermore National Laboratory. "This is a phase transition, representative of the shift of economic competitiveness from the West to the East." Nearly all components of the high-profile Japanese system, called the Earth Simulator, were created in Japan. By contrast, most of the Tianjin system relies on chips from Intel and Nvidia, which are both based in Santa Clara, Calif. So U.S. customers could presumably construct a system with similar performance, noted Horst Simon, deputy lab director at Lawrence Berkeley Lab. But Mr. Dongarra noted that communications chips inside the machine were proprietary and designed in China, and the country is also working on its own microprocessors. Moreover, while the Japanese system was a single machine, Tianjin is part of a multi-year strategy by China to develop a range of machines to create a dominant position in both military and commercial applications. "In that sense, I would say this is a much more important event than the Earth Simulator," Mr. Simon said. The new supercomputer will be operated as an "open access" system, available to other countries outside of China to use for large scale scientific computation, said Ujesh Desai, an Nvidia vice president of product marketing. It reflects a major design shift to use graphics chips to help accelerate the number-crunching functions most often carried out by so-called x86 chips, which evolved from personal computers and have long dominated supercomputing. Advanced Micro Devices, which makes both graphics chips and x86 microprocessors, is another company besides Nvidia that is promoting the technology shift. Write to Don Clark at don.clark at wsj.com From rforno at infowarrior.org Thu Oct 28 15:07:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Oct 2010 16:07:21 -0400 Subject: [Infowarrior] - fyi....MacX DVD Ripper Pro for Free Message-ID: <15BA87D2-C7D7-4ABF-9103-8107CF7C4188@infowarrior.org> MacX DVD Ripper Pro for Free Today Only http://lifehacker.com/5675861/download-macx-dvd-ripper-pro-for-free-today-only While Windows and Linux users abound with free DVD ripping software, OS X isn't quite as lucky?but today, you can grab the incredibly full-featured MacX DVD Ripper Pro for free. While we've featured some great programs in the past, like MacTheRipper, there are few free rippers out there that are as fully featured as other premium apps. MacX DVD Ripper Pro will not only rip a DVD into any video format you want, but it can also rip straight to iPhone, iPod, Apple TV, iPad, and PSP-friendly formats. This is particularly handy, since other popular programs required you to use other apps like our favorite encoder HandBrake to play it on other devices. Obviously, we still love Handbrake, but it's nice to avoid that second step and just rip straight to your iPhone. The only downside is that it won't rip your DVD into an ISO or uncompressed VIDEO_TS files, so if you want menus and extras, you'll have to look elsewhere. You can rip it into a full-quality MPEG-4 file, however, so if your goal is only to rip the movie, it's a pretty great program for it. The program is usually $50, but is free for the rest of today. Just hit the link to download the program, and enter the license code BD-TGTXUVYO-OONQRP to activate the full version. http://lifehacker.com/5675861/download-macx-dvd-ripper-pro-for-free-today-only From rforno at infowarrior.org Thu Oct 28 18:50:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Oct 2010 19:50:21 -0400 Subject: [Infowarrior] - Government Withholds Records on Need for Expanded Surveillance Law Message-ID: October 28th, 2010 Government Withholds Records on Need for Expanded Surveillance Law White House Pushes for New Powers, Yet Feds Won't Release Data to Justify Changes San Francisco - The Electronic Frontier Foundation (EFF) filed suit against three agencies of the Department of Justice (DOJ) today, demanding records about problems or limitations that hamper electronic surveillance and potentially justify or undermine the Administration's new calls for expanded surveillance powers. The issue has been in the headlines for more than a month, kicked off by a New York Times report that the government was seeking to require "back doors" in all communications systems -- from email and webmail to Skype, Facebook and even Xboxes -- to ease its ability to spy on Americans. The head of the FBI publicly claimed that these "back doors" are needed because advances in technology are eroding agents' ability to intercept information. EFF filed a Freedom of Information Act (FOIA) request with the Federal Bureau of Investigation (FBI), the Drug Enforcement Agency (DEA), and the DOJ Criminal Division to see if that claim is backed up by specific incidents where these agencies encountered obstacles in conducting electronic surveillance. "The sweeping changes the government is proposing, to require 'back doors' into all private communications technologies, would have enormous privacy and security ramifications for American Internet users," said EFF Staff Attorney Jennifer Lynch. "Any meaningful debate must be based on the information we're seeking in the FOIA requests, so the government's failure to comply in a timely manner is troubling." EFF also requested records on communications that DOJ agencies had with technology companies, trade organizations and Congress about potential expansion of surveillance laws. The FBI has already agreed that the records should be disclosed quickly due to the urgency to inform the public about this issue. However, neither it nor the other DOJ agencies released documents within the time limit set by Congress to respond to a FOIA request, forcing today's lawsuit. "A mandate requiring an easy-to-open 'back door' to electronic communications is an idea that was proposed and rejected over fifteen years ago because it would be ineffective, cause security vulnerabilities, and hurt American business -- on top of the damage it would do to Americans' privacy and free speech rights," said EFF Legal Director Cindy Cohn. "Any attempt to require the same mandate today should start with a concrete and realistic evaluation of how often the government investigations are stymied by the lack of a 'back door.' Anything less than that is asking the public to blindly rubber stamp a flawed plan at a very high cost to Americans and American business." For the full complaint: https://www.eff.org/files/filenode/surveillancereco/calea_foia_complaint... For more on expanding surveillance law: https://www.eff.org/deeplinks/2010/10/eight-epic-failures-regulating-cry... Contact: Jennifer Lynch Staff Attorney Electronic Frontier Foundation jlynch at eff.org From rforno at infowarrior.org Fri Oct 29 07:04:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Oct 2010 08:04:37 -0400 Subject: [Infowarrior] - $105 Fix Could Protect You From Copyright-Troll Lawsuits Message-ID: The $105 Fix That Could Protect You From Copyright-Troll Lawsuits ? By David Kravets ? October 27, 2010 | ? 1:54 pm | ? Categories: Copyrights and Patents, Digital Millennium Copyright Act http://www.wired.com/threatlevel/2010/10/dmca-righthaven-loophole/ Call it ingenious, call it evil or call it a little of both: Copyright troll Righthaven is exploiting a loophole in intellectual property law, suing websites that might have avoided any trace of civil liability had they spent a mere $105. That?s the fee for a blog or other website to register a DMCA takedown agent with the U.S. Copyright Office, an obscure bureaucratic prerequisite to enjoying a legal ?safe harbor? from copyright lawsuits over third-party posts, such as reader comments. There?s no better time to become acquainted with that requirement. Founded in March, the Las Vegas-based Righthaven has begun buying out the copyrights to newspaper content of the Las Vegas Review-Journal for the sole purpose of suing blogs and websites that re-post, or even excerpt, those articles without permission. The company has settled about 60 of 160 cases for a few thousand dollars each, and plans to expand its operations to other newspapers across the country. Many of its lawsuits arise, not from articles posted by a website?s proprietors, but from comments and forum posts by the site?s readers. Under the Digital Millennium Copyright Act, a website enjoys effective immunity from civil copyright liability for user content, provided they, promptly remove infringing material at the request of a rightsholder. That?s how sites like YouTube are able to exist, and why Wired.com allows users to post comments to our stories without fear that a single user?s cut-and-paste will cost us $150,000 in court. But to dock in that legal safe harbor, a site has to, among other things, register an official contact point for DMCA takedown notices, a process that involves filling out a form and mailing a check to the government. An examination of Righthaven?s lawsuits targeting user content suggests it?s specifically going after sites that failed to fill out that paperwork. ?The DMCA is a good deterrent from being sued,? says Kurt Opsahl, a staff attorney with the Electronic Frontier Foundation, ?Complying with conditions of eligibility for the safe harbor is a good thing to do. It probably will prevent somebody from suing you in the first place.? The EFF is defending political community site Democratic Underground from a Righthaven suit stemming from a user?s posting of four paragraphs from a 34-paragraph Review-Journal story on Sharron Angle, the Republican Nevada candidate for Senate entitled ?Tea party fuels Angle.? The brevity of the excerpt, and the fact that the post links back to the original story, gives Democratic Underground a strong fair use defense. But had it registered with the Copyright Office, it wouldn?t even have to make that argument. Opsahl doesn?t believe any of the sites Righthaven has sued had a designated agent, though not all of the cases involve user posts. (Righthaven did not respond to inquiries for this story.) If you run a U.S. blog or a community site that accepts user content, you can register a DMCA agent by downloading this form (.pdf) and sending $105 and the form to Copyright RRP, Box 71537, Washington, D.C., 20024. Opsahl and other experts note that failing to qualify for the DMCA safe harbor still leaves you with fact-based defenses from a lawsuit, including the defense, supported by some case law, that infringing third-party posts aren?t your responsibility. Ben Sheffner, a Hollywood copyright attorney and the man behind the must-read blog Copyrights & Campaigns, says there is a reason the DMCA demands a takedown agent, which is supported by a recent court ruling. ?The idea is you need to make it easy for copyright owners to locate who you send infringement notices to,? he says. ?They shouldn?t have to go hunting around.? From rforno at infowarrior.org Fri Oct 29 07:07:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Oct 2010 08:07:18 -0400 Subject: [Infowarrior] - Intelligence spending at record $80.1 billion in first disclosure of overall figure Message-ID: <1B2AB406-CCB8-4A8C-90BB-91D0AFDB151A@infowarrior.org> Intelligence spending at record $80.1 billion in first disclosure of overall figure By Walter Pincus Washington Post Staff Writer Thursday, October 28, 2010; 9:06 PM http://www.washingtonpost.com/wp-dyn/content/article/2010/10/28/AR2010102807237_pf.html The government announced Thursday that it had spent $80.1 billion on intelligence activities over the past 12 months, disclosing for the first time not only the amount spent by civilian intelligence agencies but also by the military. The so-called National Intelligence Program, run by the CIA and other agencies that report to the Director of National Intelligence, cost $53.1 billion in fiscal 2010, which ended Sept. 30, while the Military Intelligence Program cost an additional $27 billion. Spending on intelligence for 2010 far exceeded the $42.6 billion spent on the Department of Homeland Security and the $48.9 billion spent on the State Department and foreign operations. The cost of the Military Intelligence Program has always remained classified. But as undersecretary of defense for intelligence, James R. Clapper Jr., now the director of national intelligence, secured approval to release the figure. "I pushed through and got Secretary [Robert M.] Gates to approve revelation of the Military Intelligence Program budget," Clapper told the Senate Select Committee on Intelligence in July. In disclosing the military intelligence figure, which includes more than $3.5 billion spent in Iraq and Afghanistan, Defense Department official said no program details will be released. Although an overall intelligence budget was not released last year, then-Director Dennis C. Blair told reporters in a teleconference that the overall budget was $75 billion. At that time, the officially released budget for the National Intelligence Program was $49.5 billion. The disclosure Thursday that intelligence spending had risen to $80.1 billion, an increase of nearly 7 percent over the year before and a record high, led to immediate calls for fiscal restraint on Capitol Hill. The new total is more than double what was spent in 2001, noted Sen. Dianne Feinstein (D-Calif.), chairman of the Senate Select Committee on Intelligence. However, that was before the terrorist attacks of Sept. 11, 2001, prompted major shifts by the intelligence community. "I intend to identify and remove any waste and unnecessary duplication in the intelligence budget and to reduce funding for lower-priority activities," Feinstein said in a statement. She added: "It is clear that the overall spending on intelligence has blossomed to an unacceptable level in the past decade." Rep. Silvestre Reyes (D-Tex.), chairman of the House Permanent Select Committee on Intelligence, joined Feinstein in calling for fiscal restraint on the part of the intelligence community. He said that, along with Feinstein and her vice chairman, Sen. Christopher S. Bond (R-Mo.), he had put cost controls on major systems, such as intelligence satellites, and looked forward to helping to "eliminate the waste, fraud and irresponsible use of taxpayer dollars." The Washington Post series "Top Secret America" described the growth and spread of the U.S. intelligence community since 2001. In an interview for the series, Gates said he didn't believe the intelligence bureaucracy and its contractors had grown too large to manage. But he added: "Nine years after 9/11, it makes sense to sort of take a look at this and say, 'OK, we've built tremendous capability, but do we have more than we need?' " Gates has commissioned a major review of the Pentagon budget, with a goal of finding $100 billion in excess spending over five years, thus reducing the growth of the Defense Department budget to about 2 percent annually excluding the costs of the wars in Iraq and Afghanistan. CIA Director Leon Panetta told The Post that he knew intelligence spending faced reductions and that he was working on a five-year plan for his agency. Steven Aftergood, who publishes the Secrecy News blog for the Federation of American Scientists, has pushed for disclosure of the top line intelligence budget for years. He said Thursday that the release of the new figure permits the government "to speak realistically about the level of intelligence spending." He also said it took 30 years to get to this point, after convincing skeptics that the release of the figure would not harm national security. "I don't see now an avalanche of intelligence disclosures," he said From rforno at infowarrior.org Fri Oct 29 09:19:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Oct 2010 10:19:48 -0400 Subject: [Infowarrior] - Despite Scare Talk, Attacks on Pentagon Networks Drop Message-ID: Despite Scare Talk, Attacks on Pentagon Networks Drop ? By Noah Shachtman ? October 28, 2010 | ? 7:00 am | ? Categories: Info War http://www.wired.com/dangerroom/2010/10/despite-scare-talk-attacks-on-pentagon-networks-drop-in-2010 Listen to the generals speak, and you?d think the Pentagon?s networks were about to be overrun with worms and Trojans. But a draft federal report indicates that the number of ?incidents of malicious cyber activity? in the Defense Department has actually decreased in 2010. It?s the first such decline since the turn of the millennium. In the first six months of 2010, there were about 30,000 such incidents, according to statistics compiled by the U.S.-China Economic and Security Review Commission. Last year, there were more than 71,000. ?If the rate of malicious activity from the first half of this year continues through the end of the year,? the commission notes in a draft report on China and the internet, ?2010 could be the first year in a decade in which the quantity of logged events declines.? The figures are in stark contrast to the sky-is-falling talk coming out of the Beltway. ?Over the past ten years, the frequency and sophistication of intrusions into U.S.military networks have increased exponentially,? Deputy Defense Secretary William Lynn wrote in a recent issue of Foreign Affairs. In his April Senate Armed Services Committee confirmation hearing, U.S. Cyber Command and National Security Agency chief Lt. Gen. Keith Alexander said he was ?alarmed by the increase, especially this year? in the number of attempts to scan military networks for potential vulnerabilities. His NSA predecessor, retired Adm. Mike McConnell, took things three steps further, writing: ?the United States is fighting a cyber-war today, and we are losing.? The report cautioned that the drop in ?malicious activity ? may or may not represent a decrease in the volume of attempts to penetrate defense and military networks.? Instead, the Pentagon seems to be doing a little better job in securing its networks, ever since a relatively-unsophisticated worm made its way onto hundreds of thousands of military computers in late 2008. During ?Operation Buckshot Yankee,? the subsequent clean-up effort, military leaders found that they were unable to gather even the most basic information about how their computers were configured ? and what programs might be living in their networks. In response, implementation of a new, Host-Based Security System was accelerated, for better threat detection. Information security training and patch updates are mandatory. And there?s now a Cyber Command responsible for coordinating threat monitoring, network defense and information attack. Leaders now have ?greater visibility of threat activity, vulnerability, and ultimately risk? into network threats, the report says. ?Greater resources, enhanced perimeter defenses, and the establishment of U.S. Cyber Command? have all helped, as well. Does that mean the Pentagon is suddenly safe from hack attacks? Of course not. Could some adversaries be in the process of trading malware quantity for malware quality? Of course they could. But, at least in this most basic of measures, there are indications that the threat to Defense Department networks may not be quite as overwhelming and unstoppable as some in the military brass have led us to believe. Illo: DoD From rforno at infowarrior.org Fri Oct 29 10:49:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Oct 2010 11:49:01 -0400 Subject: [Infowarrior] - Help Citi learn about the Streissand Effect Message-ID: Citigroup Sends Cryptome Inept Takedown Notice http://cryptome.org/0002/citigroup-dmca/citigroup-dmca2.htm PDF version of the Citigroup report rebuilt from Google Docs: http://cryptome.org/0002/citigroup-dmca/citigroup-dmca.pdf From rforno at infowarrior.org Fri Oct 29 15:17:28 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Oct 2010 16:17:28 -0400 Subject: [Infowarrior] - OT: Poe's "Raven," performed by Star Trek's Q Message-ID: <6BDF3DC6-6F0A-45A9-87AC-B5672DB1F4FF@infowarrior.org> Enjoy ... Happy Halloween! Poe's "Raven," performed by Star Trek's Q http://www.boingboing.net/2010/10/29/poes-raven-performed.html From rforno at infowarrior.org Fri Oct 29 18:16:50 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Oct 2010 19:16:50 -0400 Subject: [Infowarrior] - The real reason for TSA patdowns Message-ID: <7721FEFE-C658-4899-9083-CAD2F5D7969F@infowarrior.org> I think the last line of thie Ars article neatly summarises the reasons for this new policy. http://arstechnica.com/tech-policy/news/2010/10/assume-the-position-tsa-begins-new-ball-busting-patdowns.ars < -- > "...the obvious goal of the TSA is to make the pat-down embarrassing enough for the average passenger that the vast majority of people will choose high-tech humiliation over the low-tech ball check." < -- > As for me, I agree with others who have chimed in today; I'll sigh contentedly, moan arousedly, and gaze lustily at my government-issued fondler, and perhaps overtly and obviously flirt with them -- gender notwithstanding. That'll be my version of quasi-civil-disobedience to protest (if not publicise) the forcing of citizens to chose (and thus "accept") two idiotic evils that don't contribute to fundamentally effective security. ---rick PS: With respect to Joss and River, I propose the new 'security' recordings at TSA checkpoints creepily sing "Two by two, mitts of blue." From rforno at infowarrior.org Sat Oct 30 10:07:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Oct 2010 11:07:10 -0400 Subject: [Infowarrior] - U.S. Says Genes Should Not Be Eligible for Patents Message-ID: October 29, 2010 U.S. Says Genes Should Not Be Eligible for Patents By ANDREW POLLACK http://www.nytimes.com/2010/10/30/business/30drug.html Reversing a longstanding policy, the federal government said on Friday that human and other genes should not be eligible for patents because they are part of nature. The new position could have a huge impact on medicine and on the biotechnology industry. The new position was declared in a friend-of-the-court brief filed by the Department of Justice late Friday in a case involving two human genes linked to breast and ovarian cancer. ?We acknowledge that this conclusion is contrary to the longstanding practice of the Patent and Trademark Office, as well as the practice of the National Institutes of Health and other government agencies that have in the past sought and obtained patents for isolated genomic DNA,? the brief said. It is not clear if the position in the legal brief, which appears to have been the result of discussions among various government agencies, will be put into effect by the Patent Office. If it were, it is likely to draw protests from some biotechnology companies that say such patents are vital to the development of diagnostic tests, drugs and the emerging field of personalized medicine, in which drugs are tailored for individual patients based on their genes. ?It?s major when the United States, in a filing, reverses decades of policies on an issue that everyone has been focused on for so long,? said Edward Reines, a patent attorney who represents biotechnology companies. The issue of gene patents has long been a controversial and emotional one. Opponents say that genes are products of nature, not inventions, and should be the common heritage of mankind. They say that locking up basic genetic information in patents actually impedes medical progress. Proponents say genes isolated from the body are chemicals that are different from those found in the body and therefore are eligible for patents. The Patent and Trademark Office has sided with the proponents and has issued thousands of patents on genes of various organisms, including on an estimated 20 percent of human genes. But in its brief, the government said it now believed that the mere isolation of a gene, without further alteration or manipulation, does not change its nature. ?The chemical structure of native human genes is a product of nature, and it is no less a product of nature when that structure is ?isolated? from its natural environment than are cotton fibers that have been separated from cotton seeds or coal that has been extracted from the earth,? the brief said. However, the government suggested such a change would have limited impact on the biotechnology industry because man-made manipulations of DNA, like methods to create genetically modified crops or gene therapies, could still be patented. Dr. James P. Evans, a professor of genetics and medicine at the University of North Carolina, who headed a government advisory task force on gene patents, called the government?s brief ?a bit of a landmark, kind of a line in the sand.? He said that although gene patents had been issued for decades, the patentability of genes had never been examined in court. That changed when the American Civil Liberties Union and the Public Patent Foundation organized various individuals, medical researchers and societies to file a lawsuit challenging patents held by Myriad Genetics and the University of Utah Research Foundation. The patents cover two genes, BRCA1 and BRCA2, and the over $3,000 analysis Myriad performs on the genes to see if women carry mutations that predispose them to breast and ovarian cancers. In a surprise ruling in March, Judge Robert W. Sweet of the United States District Court in Manhattan ruled the patents invalid. He said that genes were important for the information they convey, and in that sense, an isolated gene was not really different from a gene in the body. The government said that that ruling prompted it to re-evaluate its policy. Myriad and the University of Utah have appealed. Saying that the questions in the case were ?of great importance to the national economy, to medical science and to the public health,? the Justice Department filed an amicus brief that sided with neither party. While the government took the plaintiffs? side on the issue of isolated DNA, it sided with Myriad on patentability of manipulated DNA. Myriad and the plaintiffs did not comment on the government?s brief by deadline for this article. Mr. Reines, the attorney, who is with the firm of Weil Gotshal & Manges and is not involved in the main part of the Myriad case, said he thought the Patent Office opposed the new position but was overruled by other agencies. A hint is that no lawyer from the Patent Office was listed on the brief. From rforno at infowarrior.org Sat Oct 30 23:23:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Oct 2010 00:23:36 -0400 Subject: [Infowarrior] - USB "Dead Drops" in NYC Message-ID: ?Dead Drops? preview http://datenform.de/blog/dead-drops-preview/ I am pleased to preview ?Dead Drops? a new project which I started off as part of my ongoing EYEBEAM residency in NYC the last couple weeks. ?Dead Drops? is an anonymous, offline, peer to peer file-sharing network in public space. I am ?injecting? USB flash drives into walls, buildings and curbs accessable to anybody in public space. You are invited to go to these places (so far 5 in NYC) to drop or find files on a dead drop. Plug your laptop to a wall, house or pole to share your files and date. Each dead drop contains a readme.txt file explaining the project. ?Dead Drops? is still in progress, to be continued here and in more cities. Full documentation, movie, map and ?How to make your own dead drop? manual coming soon! Stay tuned. http://datenform.de/blog/dead-drops-preview/ From rforno at infowarrior.org Sun Oct 31 08:05:58 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Oct 2010 09:05:58 -0400 Subject: [Infowarrior] - Why do people accept faulty operating systems? Message-ID: <72194458-26F4-4EEF-A505-C1911F1675DA@infowarrior.org> Why do people accept faulty operating systems? http://it.toolbox.com/blogs/locutus/why-do-people-accept-faulty-operating-systems-42185 Average people, the kind you see walking down the street, buying milk at the grocery store and frequenting Walmart, Kmart and other similar retail chains are a very fickle bunch. They are also very demanding. Not one of them would accept damaged goods willingly. If they buy a television and it doesn't work they take it back. If they buy an item of clothing and it is damaged in some manner it is sent back post haste. If they buy a piece of meat and two hours later it is green, that piece of meat is forcefully returned to the butcher (LLBC). Yet, when it comes to computers. These same people who throw a raving screaming tantrum when a button on their new DVD player is loose will accept a computer with a faulty operating system. Sure they will throw the same tantrums with a physical computer fault however, on the software side of things they will accept without a murmur and actually request to install the most bug ridden, virus infected and unstable operating systems in the history of computing. They will use these systems and not care that it is sending spam to the four corners of the world (why do people say that? The world is round) or some fifty odd viruses are siphoning off their passwords, credit card numbers and personal details for sale on the black market. Even when these people know about spam and malicious programs they still allow those into their system, and live with it crashing and running slow for months. When asked why they allow this to happen they shrug their shoulders and say they do not know. Yet most of these people are intelligent, successful at their trade and are able to raise families. When it comes to computers however, it seems that their brain shuts down and they revert back to Neanderthal ways of thinking. WHY? I don't blame these people. As much as I become exasperated at uncle Pron Surfer or cousin Email Link Clicker when I have to reinstall their operating system for the n'th time I still don't blame them. They are simply a product of their environment. It is the environment which I blame. The environment, created by software and service companies, that end (L)users don't know how to properly use a computer, is responsible for this sheeple mentality. These companies act on the premise that people are dumb and design their operating systems and programs on that principle. Throughout the years of this patronizing by the software companies, the average person has been trained like Pavlov's dog to accept sub-quality products. The attitudes that people have in that computers crash, viruses and malware are a fact of life and programs are always buggy are brought about when these software companies release improperly tested software. When the end (L)user rings up to complain they are told that unfortunately this is how it is and things will be different in the next release. The customer has no other choice but to accept this and thus the brain washing begins. If I remember correctly, the computers of yesteryear were of higher quality and far more reliable than the latest personal computers of today. The excuse that the code is more complex and does more does not wash with me. The real reason is that not enough quality control is exercised. The design of these operating systems is also at fault. They are designed on the assumption that computer users are dumb and just want things to work without having to think. So these companies try to build an operating system which does all of the customers thinking for them. The computer is then turned from a useful, powerful and complex machine into a mysterious beige box which does nothing very well except chew up resources. It pains me to think that computers which were less powerful than a modern mobile phone could send people to the moon while modern computers, thousands of times more powerful, are harnessed into sending spam, propagating viruses and surfing pron. I think it is a huge waste and a crying shame that people have this attitude about computer software. What can be done about this? I think that, as with everything, it starts with education. Educating people that they don't have to live with this computing situation. Educating people that a computer is more than a black box. Educating people that, like the family car, a computer is a complex machine which needs regular maintenance. Finally, educating people that they do not have to accept sub-standard software and that there are alternatives available. That is the main reason people return faulty goods in stores. They know there are alternatives. The software alternatives are hidden and slandered by companies so the end users do not feel they have a choice. Once they realise they have a choice then perhaps the quality of software will return to it's previous level of excellence. Perhaps then, people will be thought of as valued customers, instead of dumb (L)users. What do you think? "I get paid to support Windows, I use Linux to get work done." From rforno at infowarrior.org Sun Oct 31 12:56:12 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Oct 2010 13:56:12 -0400 Subject: [Infowarrior] - VLC developer takes a stand against DRM enforcement in Apple's App Store Message-ID: VLC developer takes a stand against DRM enforcement in Apple's App Store Posted by Brett Smith at October 29, 2010 17:35 | Permalink http://www.fsf.org/blogs/licensing/vlc-enforcement/ R?mi Denis-Courmont is one of the primary developers of the VLC media player, which is free software and distributed under the GPL. Earlier this week, he wrote to Apple to complain that his work was being distributed through their App Store, under terms that contradict the GPL's conditions and prohibit users from sharing the program. He explained in his announcement: VLC media player is free software licensed solely under the terms of the... GNU General Public License (a.k.a. GPL). Those terms are contradicted by the products usage rules of the AppStore through which Apple delivers applications to users of its mobile devices. We've written before about the Usage Rules in the App Store's legal terms, and how they conflict with the GNU GPL and AGPL. That's because we went through a similar enforcement action against Apple when we learned that a port of GNU Go (which is copyrighted by the FSF) was being distributed through the App Store. Unfortunately, Apple chose to make the issue go away by simply removing the software from the App Store. R?mi expects that Apple will do the same for this VLC port. He says that if they do, "users of iOS-based devices [will] be deprived of VLC media player, as a consequence of the intransigently tight control Apple maintains over its mobile applications platform." He's exactly right about the source of the problem. The GPL gives Apple permission to distribute this software through the App Store. All they would have to do is follow the license's conditions to help keep the software free. Instead, Apple has decided that they prefer to impose Digital Restrictions Management (DRM) and proprietary legal terms on all programs in the App Store, and they'd rather kick out GPLed software than change their own rules. Their obstinance prevents you from having this great software on Apple devices?not the GPL or the people enforcing it. Apple continues to use more DRM in their products: they just announced that a Mac App Store will be coming soon to their laptops and desktops, and you can bet it will have the same draconian restrictions as today's App Store. Meanwhile, people enforcing the GPL like R?mi are fighting against DRM, so that everyone can be in full control of their own computers. We're thankful to him for taking a stand. If you want to show your support, too, it's easy: just steer clear of Apple's DRM-infested App Store. From rforno at infowarrior.org Sun Oct 31 13:40:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Oct 2010 14:40:37 -0400 Subject: [Infowarrior] - Spaf's new TSA-massage clothing line Message-ID: <7D006303-F730-46E3-AEDB-35FCA0F03516@infowarrior.org> > From: Eugene Spafford > Date: October 31, 2010 10:41:40 AM EDT > > OK, here's a slightly different strategy.... > > http://www.cafepress.com/TSAMassage > > If enough of us go through security, opt out for the manual screening and make a statement that we believe that they are doing it for sexual gratification (or similar), it is probably going to make it unpopular among the screeners. And this is one way to make the statement. > > (These are being sold at cost.) > > Suggestions for other designs cheerfully accepted.