From rforno at infowarrior.org Wed Sep 1 07:06:32 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Sep 2010 08:06:32 -0400 Subject: [Infowarrior] - Judge Rejects Gov't Request For Cell Tower Data, Noting Recent 4th Amendment Rulings Message-ID: Judge Rejects Gov't Request For Cell Tower Data, Noting Recent 4th Amendment Rulings from the probable-cause dept http://www.techdirt.com/blog/wireless/articles/20100831/03283910833.shtml We recently wrote about a somewhat surprising ruling by the appeals court in the DC circuit saying that long-term use of a GPS to track someone without a warrant violated the 4th Amendment. What was surprising about this is that, while state courts had ruled similarly, the federal courts had almost universally ruled that such tracking was legal. While that case will almost certainly be appealed and seems to have a decent likelihood of ending up before the Supreme Court, it's apparently already impacting some rulings elsewhere. Chris Soghoian notes that a federal magistrate judge recently rejected the governments' request for historical cell site data from Sprint, because the government failed to show probable cause (as required under the 4th Amendment): What's notable is that the judge admits to having approved similar requests in the past, but refuses to do so this time, as a result of that recent ruling, and noting that the reasoning highlighted that technology is changing the way many view things concerning privacy and surveillance: The decision in Maynard is just one of several rulings in recent years reflecting a growing recognition, at least in some courts, that technology has progressed to the point where a person who wishes to partake in the social, cultural, and political affairs of our society has no realistic choice but to expose to others, if not to the public as a whole, a broad range of conduct and communications that would previously have been deemed unquestionably private.... As a result of such decisions, I believe that magistrate judges presented with ex parte requests for authority to deploy various forms of warrantless location-tracking must carefully re- examine the constitutionality of such investigative techniques, and that it is no longer enough to dismiss the need for such analysis by relying on cases such as Knotts or, as discussed below, Smith v. Maryland.... For the reasons discussed below, I now conclude that the Fourth Amendment prohibits as an unreasonable search and seizure the order the government now seeks in the absence of a showing of "probable cause, supported by Oath or affirmation[.]" Nice to see some judges recognizing this, though it remains to be seen how many others will agree... and how the Supreme Court reacts to all of this. From rforno at infowarrior.org Wed Sep 1 07:16:54 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Sep 2010 08:16:54 -0400 Subject: [Infowarrior] - William Gibson op-ed on Google Message-ID: <4A83021C-8E53-48FA-A9CA-B3C549462F61@infowarrior.org> August 31, 2010 Google?s Earth By WILLIAM GIBSON Vancouver, British Columbia http://www.nytimes.com/2010/09/01/opinion/01gibson.html?_r=2&ref=opinion&pagewanted=print ?I ACTUALLY think most people don?t want Google to answer their questions,? said the search giant?s chief executive, Eric Schmidt, in a recent and controversial interview. ?They want Google to tell them what they should be doing next.? Do we really desire Google to tell us what we should be doing next? I believe that we do, though with some rather complicated qualifiers. Science fiction never imagined Google, but it certainly imagined computers that would advise us what to do. HAL 9000, in ?2001: A Space Odyssey,? will forever come to mind, his advice, we assume, imminently reliable ? before his malfunction. But HAL was a discrete entity, a genie in a bottle, something we imagined owning or being assigned. Google is a distributed entity, a two-way membrane, a game-changing tool on the order of the equally handy flint hand ax, with which we chop our way through the very densest thickets of information. Google is all of those things, and a very large and powerful corporation to boot. We have yet to take Google?s measure. We?ve seen nothing like it before, and we already perceive much of our world through it. We would all very much like to be sagely and reliably advised by our own private genie; we would like the genie to make the world more transparent, more easily navigable. Google does that for us: it makes everything in the world accessible to everyone, and everyone accessible to the world. But we see everyone looking in, and blame Google. Google is not ours. Which feels confusing, because we are its unpaid content-providers, in one way or another. We generate product for Google, our every search a minuscule contribution. Google is made of us, a sort of coral reef of human minds and their products. And still we balk at Mr. Schmidt?s claim that we want Google to tell us what to do next. Is he saying that when we search for dinner recommendations, Google might recommend a movie instead? If our genie recommended the movie, I imagine we?d go, intrigued. If Google did that, I imagine, we?d bridle, then begin our next search. We never imagined that artificial intelligence would be like this. We imagined discrete entities. Genies. We also seldom imagined (in spite of ample evidence) that emergent technologies would leave legislation in the dust, yet they do. In a world characterized by technologically driven change, we necessarily legislate after the fact, perpetually scrambling to catch up, while the core architectures of the future, increasingly, are erected by entities like Google. Cyberspace, not so long ago, was a specific elsewhere, one we visited periodically, peering into it from the familiar physical world. Now cyberspace has everted. Turned itself inside out. Colonized the physical. Making Google a central and evolving structural unit not only of the architecture of cyberspace, but of the world. This is the sort of thing that empires and nation-states did, before. But empires and nation-states weren?t organs of global human perception. They had their many eyes, certainly, but they didn?t constitute a single multiplex eye for the entire human species. Jeremy Bentham?s Panopticon prison design is a perennial metaphor in discussions of digital surveillance and data mining, but it doesn?t really suit an entity like Google. Bentham?s all-seeing eye looks down from a central viewpoint, the gaze of a Victorian warder. In Google, we are at once the surveilled and the individual retinal cells of the surveillant, however many millions of us, constantly if unconsciously participatory. We are part of a post-geographical, post-national super-state, one that handily says no to China. Or yes, depending on profit considerations and strategy. But we do not participate in Google on that level. We?re citizens, but without rights. Much of the discussion of Mr. Schmidt?s interview centered on another comment: his suggestion that young people who catastrophically expose their private lives via social networking sites might need to be granted a name change and a fresh identity as adults. This, interestingly, is a matter of Google letting societal chips fall where they may, to be tidied by lawmakers and legislation as best they can, while the erection of new world architecture continues apace. If Google were sufficiently concerned about this, perhaps the company should issue children with free ?training wheels? identities at birth, terminating at the age of majority. One could then either opt to connect one?s adult identity to one?s childhood identity, or not. Childhoodlessness, being obviously suspect on a r?sum?, would give birth to an industry providing faux adolescences, expensively retro-inserted, the creation of which would gainfully employ a great many writers of fiction. So there would be a silver lining of sorts. To be sure, I don?t find this a very realistic idea, however much the prospect of millions of people living out their lives in individual witness protection programs, prisoners of their own youthful folly, appeals to my novelistic Kafka glands. Nor do I take much comfort in the thought that Google itself would have to be trusted never to link one?s sober adulthood to one?s wild youth, which surely the search engine, wielding as yet unimagined tools of transparency, eventually could and would do. I imagine that those who are indiscreet on the Web will continue to have to make the best of it, while sharper cookies, pocketing nyms and proxy cascades (as sharper cookies already do), slouch toward an ever more Googleable future, one in which Google, to some even greater extent than it does now, helps us decide what we?ll do next. William Gibson is the author of the forthcoming novel ?Zero History.? From rforno at infowarrior.org Wed Sep 1 17:39:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Sep 2010 18:39:01 -0400 Subject: [Infowarrior] - This applies to infosec certifications, too Message-ID: <7D86B0A1-E079-4E22-9EC2-00DA98EB5007@infowarrior.org> 'nuff said. -rick http://onefte.com/2010/09/02/making-the-short-list/ From rforno at infowarrior.org Wed Sep 1 21:13:29 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Sep 2010 22:13:29 -0400 Subject: [Infowarrior] - More TSA/UA stupidity Message-ID: <7EB4CEEB-9F39-4167-8786-1A20CDC00D27@infowarrior.org> Pakistani officials leaving in protest By Craig Whitlock Washington Post Staff Writer Wednesday, September 1, 2010 https://www.washingtonpost.com/wp-dyn/content/article/2010/08/31/AR2010083106133.html A delegation of senior Pakistani military officials visiting the United States for a major defense conference headed home in protest Tuesday night after they said they were interrogated and rudely treated by security officials at Dulles International Airport. The nine-member group of high-ranking Pakistani officers boarded United Airlines Flight 727 from Washington to Tampa late Sunday but were pulled off the plane after one of them "made a comment to a flight attendant," said Mike Trevino, a United spokesman. United did not provide details, but Pakistani officials said the remark came from a general in the delegation who - weary of a long day of travel that began in Islamabad - said, "I hope this is my last flight," or words to that effect. That sparked a call to Dulles law enforcement officials, who detained the delegation for 2.5 hours and refused to allow the officials to contact their embassy or the U.S. military officials who had invited them to visit, according to a Pakistani military official who spoke on condition of anonymity. The Pakistanis were finally released after police at Dulles determined they did not pose a threat. But instead of proceeding to Tampa, the delegation was ordered to return to Pakistan by their military superiors in Islamabad, in protest of their treatment, the Pakistani official said, adding that they were "verbally abused." The group of officers spent the next 48 hours in Washington, waiting for the next available flight home, and were scheduled to depart the United States on Tuesday evening. The Pakistani officers were originally en route to U.S. Central Command headquarters in Tampa to attend the annual conference of the U.S.-Pakistan Military Consultative Committee, said Maj. David Nevers, a Central Command spokesman. He said Centcom officials hoped to reschedule the conference. Pakistani officials said they received From rforno at infowarrior.org Wed Sep 1 21:16:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Sep 2010 22:16:35 -0400 Subject: [Infowarrior] - Retargeting Ads Follow Surfers to Other Sites Message-ID: <75FE3B2F-67A2-467E-AFD2-8BA94C3C93C6@infowarrior.org> August 29, 2010 Retargeting Ads Follow Surfers to Other Sites By MIGUEL HELFT and TANZINA VEGA http://www.nytimes.com/2010/08/30/technology/30adstalk.html The shoes that Julie Matlin recently saw on Zappos.com were kind of cute, or so she thought. But Ms. Matlin wasn?t ready to buy and left the site. Then the shoes started to follow her everywhere she went online. An ad for those very shoes showed up on the blog TechCrunch. It popped up again on several other blogs and on Twitpic. It was as if Zappos had unleashed a persistent salesman who wouldn?t take no for an answer. ?For days or weeks, every site I went to seemed to be showing me ads for those shoes,? said Ms. Matlin, a mother of two from Montreal. ?It is a pretty clever marketing tool. But it?s a little creepy, especially if you don?t know what?s going on.? People have grown accustomed to being tracked online and shown ads for categories of products they have shown interest in, be it tennis or bank loans. Increasingly, however, the ads tailored to them are for specific products that they have perused online. While the technique, which the ad industry calls personalized retargeting or remarketing, is not new, it is becoming more pervasive as companies like Google and Microsoft have entered the field. And retargeting has reached a level of precision that is leaving consumers with the palpable feeling that they are being watched as they roam the virtual aisles of online stores. More retailers like Art.com, B&H Photo, Diapers.com, eBags.com and the Discovery Channel store use these kinds of ads. Nordstrom says it is considering using them, and retargeting is becoming increasingly common with marketers in the travel, real estate and financial services industries. The ads often appear on popular sites like YouTube, Facebook, MySpace or Realtor.com. In the digital advertising business, this form of highly personalized marketing is being hailed as the latest breakthrough because it tries to show consumers the right ad at the right time. ?The overwhelming response has been positive,? said Aaron Magness, senior director for brand marketing and business development at Zappos, a unit of Amazon.com. The parent company declined to say whether it also uses the ads. Others, though, find it disturbing. When a recent Advertising Age column noted the phenomenon, several readers chimed in to voice their displeasure. Bad as it was to be stalked by shoes, Ms. Matlin said that she felt even worse when she was hounded recently by ads for a dieting service she had used online. ?They are still following me around, and it makes me feel fat,? she said. With more consumers queasy about intrusions into their privacy, the technique is raising anew the threat of industry regulation. ?Retargeting has helped turn on a light bulb for consumers,? said Jeff Chester, a privacy advocate and executive director of the Washington-based Center for Digital Democracy. ?It illustrates that there is a commercial surveillance system in place online that is sweeping in scope and raises privacy and civil liberties issues, too.? Retargeting, however, relies on a form of online tracking that has been around for years and is not particularly intrusive. Retargeting programs typically use small text files called cookies that are exchanged when a Web browser visits a site. Cookies are used by virtually all commercial Web sites for various purposes, including advertising, keeping users signed in and customizing content. In remarketing, when a person visits an e-commerce site and looks at say, an Etienne Aigner Athena satchel on eBags.com, a cookie is placed into that person?s browser, linking it with the handbag. When that person, or someone using the same computer, visits another site, the advertising system creates an ad for that very purse. Mr. Magness, of Zappos, said that consumers may be unnerved because they may feel that they are being tracked from site to site as they browse the Web. To reassure consumers, Zappos, which is using the ads to peddle items like shoes, handbags and women?s underwear, displays a message inside the banner ads that reads, ?Why am I seeing these ads?? When users click on it, they are taken to the Web site of Criteo, the advertising technology company behind the Zappos ads, where the ads are explained. While users are given the choice to opt out, few do once they understand how the ads are selected for them, said Jean-Baptiste Rudelle, the chief executive of Criteo. But some advertising and media experts said that explaining the technology behind the ads might not allay the fears of many consumers who worry about being tracked or who simply fear that someone they share a computer with will see what items they have browsed. ?When you begin to give people a sense of how this is happening, they really don?t like it,? said Joseph Turow, a professor at the Annenberg School for Communication at the University of Pennsylvania, who has conducted consumer surveys about online advertising. Professor Turow, who studies digital media and recently testified at a Senate committee hearing on digital advertising, said he had a visceral negative reaction to the ads, even though he understands the technologies behind them. ?It seemed so bold,? Professor Turow said. ?I was not pleased, frankly.? While start-ups like Criteo and TellApart are among the most active remarketers, the technique has also been embraced by online advertising giants. Google began testing this technique in 2009, calling it remarketing to connote the idea of customized messages like special offers or discounts being sent to users. In March, the company made the service available to all advertisers on its AdWords network. For Google, remarketing is a more specific form of behavioral targeting, the practice under which a person who has visited NBA.com, for instance, may be tagged as a basketball fan and later will be shown ads for related merchandise. Behavioral targeting has been hotly debated in Washington, and lawmakers are considering various proposals to regulate it. During the recent Senate hearing, Senator Claire McCaskill, Democrat of Missouri, said she found the technique troubling. ?I understand that advertising supports the Internet, but I am a little spooked out,? Ms. McCaskill said of behavioral targeting. ?This is creepy.? When Advertising Age, the advertising industry publication, tackled the subject of remarketing recently, the writer Michael Learmonth described being stalked by a pair of pants he had considered buying on Zappos. ?As tracking gets more and more crass and obvious, consumers will rightfully become more concerned about it,? he wrote. ?If the industry is truly worried about a federally mandated ?do not track? list akin to ?do not call? for the Internet, they?re not really showing it.? Some advertising executives agree that highly personalized remarketing not only goes too far but also is unnecessary. ?I don?t think that exposing all this detailed information you have about the customer is necessary,? said Alan Pearlstein, chief executive of Cross Pixel Media, a digital marketing agency. Mr. Pearlstein says he supports retargeting, but with more subtle ads that, for instance, could offer consumers a discount coupon if they return to an online store. ?What is the benefit of freaking customers out?? This article has been revised to reflect the following correction: Correction: August 31, 2010 An article on Monday about online advertising that follows prospective buyers as they browse the Internet misstated, in some editions, the political affiliation of Senator Claire McCaskill of Missouri, who called the practice ?creepy? at a recent Senate hearing. She is a Democrat, not a Republican. From rforno at infowarrior.org Wed Sep 1 22:05:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 1 Sep 2010 23:05:21 -0400 Subject: [Infowarrior] - Twitter breaks story on Discovery Channel gunman Message-ID: <372776DB-9CBA-4145-A27F-3B52E1409330@infowarrior.org> Twitter breaks story on Discovery Channel gunman By Paul Farhi Washington Post Staff Writer Thursday, September 2, 2010; C02 http://www.washingtonpost.com/wp-dyn/content/article/2010/09/01/AR2010090105987_pf.html The news broke around 1 p.m. with a few sketchy details. Gunman. Shots. Hostages. Discovery building. Within minutes, there were photos, including an astonishing one of a man clad in shorts, carrying a rifle and stalking through what looked like an office courtyard. The news of a gunman at the Discovery Channel's headquarters in Silver Spring indeed traveled fast on Wednesday, but none of it came through radio, TV or newspaper Web sites, at least not at first. As it has with other breaking news events -- the landing of a jet on the Hudson River in 2009, the 2008 massacre in Mumbai -- the story unfolded first in hiccupping fits and starts on Twitter, the much-hyped micro-blogging service that has turned millions of people into worldwide gossips, opinion-mongers and amateur news reporters. Before camera crews and reporters could race to the scene, a shot of alleged hostage-taker James Lee was flashing around the world via Twitpic, Twitter's photo-sharing service that lets people see whatever a cellphone camera captures seconds after the shutter snaps. The shot -- full of menace and dread -- was apparently taken by an office worker peering from a window several floors above the Discovery courtyard. The photo was apparently passed from an unidentified Discovery employee to another, who posted it on Twitpic. Another dramatic photo, of Montgomery County SWAT team members clinging to the sides of an armored vehicle as it rushed to the scene, soon followed, along with another, taken from the TV One building across the street, of emergency responders unloading a bomb-detecting robot on a street in Silver Spring. There was poignancy, too, as helpless friends, sympathetic strangers and relatives ("Please pray for my cousin . . . " read one) tweeted their fears and concerns to a communal thread, or hashtag, called #discovery. Others used the thread to signal the all clear: "Thank you everyone for your well wishes," read one, posted around 2 p.m. "@Discovery_News team all safe." There were noteworthy documents linked in the massive tweet stream, too: a rambling manifesto of demands by Lee, his MySpace page and a YouTube video of Lee allegedly throwing money into the air on a busy street a few blocks from the Discovery building, in 2008. TV can offer live pictures of an event (and local stations were on the scene quickly on Wednesday), and newspapers can provide context and fact-checking, but for raw speed and real-time eyewitness accounts, it's now virtually impossible for the mainstream media to keep pace with the likes of Twitter. The service enables anyone equipped with a smartphone to tell the world what he or she sees in 140-character bursts. Twitpic (as well as similar sites) can let them see it. As it often does, the Twitter stream alerted the news media to the unfolding crisis. By around 1:30 p.m., mainstream news organizations, including The Washington Post, were adding brief news tidbits on their Web sites and sending out e-mail and Twitter alerts of their own. News executives say social media sources such as Twitter and Facebook are now regular parts of the news ecology, serving as an early alert system. "It's a valuable resource that no news organization can afford to ignore," says Jim Farley, the vice president of news at WTOP, the all-news radio station. Although the stream of postings and tweets can be chaotic, he says, "there are far more people out there [reporting via social media] than any news organization could ever employ. They can tell you the size and shape of an event, and the right questions to start asking." Among other uses, Twitter is an effective tool for finding personal stories in the midst of massive news events, such as last winter's snowstorms and this summer's earthquake in Montgomery County, Farley said. But as rich as Wednesday's Twitter feed was, it was merely a starting point for reporters. "The initial information may have come to us through these tools, but we have to apply the old-media skills of vetting and serving as a filter" for what's accurate, said Allan Horlick, president and general manager of WUSA-TV. "We can't let raw info to go out over air. The front end is new, but we still have to do our work on the back end." From rforno at infowarrior.org Thu Sep 2 06:04:34 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Sep 2010 07:04:34 -0400 Subject: [Infowarrior] - Of Two Minds About Books Message-ID: Of Two Minds About Books By MATT RICHTEL and CLAIRE CAIN MILLER http://www.nytimes.com/2010/09/02/technology/02couples.html?hpw=&pagewanted=print SAN FRANCISCO ? Auriane and Sebastien de Halleux are at sharp odds over ?The Girl With the Dragon Tattoo,? but not about the plot. The problem is that she prefers the book version, while he reads it on his iPad. And in this literary dispute, the couple says, it?s ne?er the twain shall meet. ?She talks about the smell of the paper and the feeling of holding it in your hands,? said Mr. de Halleux, 32, who says he thinks the substance is the same regardless of medium. He added, sounding mildly piqued, ?She uses the word ?real.? ? By the end of this year, 10.3 million people are expected to own e-readers in the United States, buying about 100 million e-books, the market research company Forrester predicts. This is up from 3.7 million e-readers and 30 million e-books sold last year. The trend is wreaking havoc inside the publishing industry, but inside homes, the plot takes a personal twist as couples find themselves torn over the ?right way? to read. At bedtime, a couple might sit side-by-side, one turning pages by lamplight and the other reading Caecilia font in E Ink on a Kindle or backlighted by the illuminated LCD screen of an iPad, each quietly judgmental. Although there are no statistics on how widespread the battles are, the publishing industry is paying close attention, trying to figure out how to market books to households that read in different ways. A few publishers and bookstores are testing the bundling of print books with e-books at a discount. Barnes & Noble started offering bundles in June at about 50 stores and plans to expand the program in the fall, said Mary Ellen Keating, a Barnes & Noble spokeswoman. Thomas Nelson, a publisher of religious books, offers free e-books with a print book for some titles. It is particularly good for readers who want to share books with family or friends who read in different formats, said Tod Shuttleworth, senior vice president and group publisher at Thomas Nelson. The bundles have sold well, and Thomas Nelson is considering adding more for the holiday shopping season. Meanwhile, Amazon.com is doing its best to convince print lovers that ?reading on Kindle is nothing like reading on a computer screen.? Its Web site promises a display on which ?text ?pops? from the page, creating a reading experience most similar to reading on printed paper? because it produces neither glare in a well-lighted spot nor a glow in the dark. Sony, which introduced a new line of e-readers Wednesday, said they were smaller and lighter than before, with clearer text and touch screens, all to make them feel more like printed books. ?Consistently the No. 1 thing we heard was it needs to feel like a book, so you just forget that you have a device in your hand,? said Steve Haber, president of Sony?s digital reading division. This straddle-the-line marketing underscores a deeper tension: the desire to keep the print business alive so as not to alienate a core market, while establishing a base for a future that publishers see as increasingly digital, said James L. McQuivey, an e-reader industry analyst with Forrester. ?There is much more emotional attachment to the paper book than there is to the CD or the DVD,? said Mike Shatzkin, founder and chief executive of the Idea Logical Company, which advises book publishers on digital change. ?It is not logical ? it?s visceral.? A print book bundled with an e-book would have been useful for Liz Aybar, 35, and Betsy Conti, 31, a Denver couple who like reading together so much that when they read ?The Girl With the Dragon Tattoo? in paperback, Ms. Conti ripped out sections of the book as she finished them so Ms. Aybar could read them. But since Ms. Conti, a director of technology, bought an iPad, she has gone to the other side. They are both reading Ken Robinson?s ?The Element,? but bought two separate copies ? a print book for $15 and a $13 Kindle version for the iPad. ?I feel more connected to a book than I do through the iPad,? said Ms. Aybar, who works at an education nonprofit group. Alexandra Ringe, an editor, and her husband, Jim Hanas, a fiction writer, both 41, fell in love over books, with one of their early dates at a used-book festival in Manhattan. They married in a SoHo bookstore and live in an apartment in the Park Slope neighborhood with floor-to-ceiling bookshelves. She collects vintage yearbooks and self-help books. But he likes to read on his iPhone. ?For me, real reading is for e-books, and books have become this kind of collectors? object,? said Mr. Hanas, who has published short stories in literary journals like McSweeney?s and is publishing his next book, ?Why They Cried,? only in digital format. ?It?s kind of amazing to see people still going through the stages of acceptance that books are going away, saying they like the way books feel and smell. I was there, but I?m past that now.? For Erin and Daniel Muskat, a couple in Brooklyn, the ink-stained quarrel has disrupted the togetherness of their reading habits. Ms. Muskat, 29, bought an iPad for her husband, 33, who works at his family?s shoe business, before their honeymoon in June, but quickly discovered that his electronic reading impinged on her old-fashioned reading. ?I brought a book with me and I barely read it,? said Ms. Muskat, a media consultant. ?We used to go to the beach and we?d both take out books, but he had an iPad, and it was almost distracting because it didn?t feel like he was reading with me.? For Mr. de Halleux, a video game executive, the battle over reading tastes has skipped to a new generation. He and his wife both read to their 3-year-old son, Tristan. He reads Winnie the Pooh to the child on a screen. She reads it in old-fashioned paperback form. Mr. de Halleux said he was confident the boy would eventually favor the digitized version. ?He really likes it because you can zoom in on things,? he said. And he said the discussion in his household had brought in his parents, too. His own father favors paperbacks, arguing they can be more easily shared, while his mother goes for the e-reader, which she says is easier on faltering eyesight as people get older. ?The argument is more heated by the day,? Mr. de Halleux said. ?It?s a topic of intense scrutiny at the moment.? From rforno at infowarrior.org Thu Sep 2 06:10:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Sep 2010 07:10:37 -0400 Subject: [Infowarrior] - Speaking of Books Message-ID: This classic scene from the original Star Trek episode "Court Martial" came to mind when I read that NYT article earlier. Worth reposting here to add some colour to tthings. Techhie that I can be at times, I must confess to siding with Cogley on this one. -rick Source: http://www.tv.com/star-trek/court-martial/episode/24905/trivia.html < -- > Kirk: What is all this? Cogley: I figure we'll be spending some time together, so I moved in. Kirk: I hope I'm not crowding you. Cogley: What's the matter? Don't you like books? Kirk: Oh, I like them fine, but a computer takes less space. Cogley: A computer, huh? I got one of these in my office. Contains all the precedents, a synthesis of all the great legal decisions written throughout time. I never use it. Kirk: Why not? Cogley: I've got my own system. Books, young man, books. Thousands of them. If time wasn't so important, I'd show you something--my library. Thousands of books. Kirk: What would be the point? Cogley: This is where the law is, not in that homogenized, pasteurized, synthesized... do you want to know the law, the ancient concepts in their own language, learn the intent of the men who wrote them, from Moses to the tribunal of Alpha 3? Books. Kirk: You have to be either an obsessive crackpot who's escaped from his keeper or Samuel T. Cogley, attorney-at-law. Cogley: Right on both counts. From rforno at infowarrior.org Thu Sep 2 06:17:56 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Sep 2010 07:17:56 -0400 Subject: [Infowarrior] - Fwd: APPLE-SA-2010-09-01-1 iTunes 10 References: <5E48A582-90B2-4AC4-B5C0-812887B1A217@lists.apple.com> Message-ID: <4328B176-3EF0-474D-ABB0-B63F4155B804@infowarrior.org> Yep, that's Apple --- using a security advisory to market full version product updates. Though I'm sure they're not the only one that does this. And for those wondering, I was not enthused/impressed/amazed by anything they announced yesterday. Apple seems to be less an insanely-great computer company and more of a consumer electronics company a-la Sony. Sad. I really think that "Apple" is modern herd-speak for "oooh, shiny." -rf Begin forwarded message: > From: Apple Product Security > Date: September 2, 2010 12:14:26 AM EDT > To: security-announce at lists.apple.com > Subject: APPLE-SA-2010-09-01-1 iTunes 10 > > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA1 > > APPLE-SA-2010-09-01-1 iTunes 10 > > iTunes 10 is now available and addresses the following: > > WebKit > CVE-ID: CVE-2010-1780, CVE-2010-1782, CVE-2010-1783, CVE-2010-1784, > CVE-2010-1785, CVE-2010-1786, CVE-2010-1787, CVE-2010-1788, > CVE-2010-1789, CVE-2010-1790, CVE-2010-1791, CVE-2010-1792, > CVE-2010-1793 > Available for: Windows 7, Vista, XP SP2 or later > Impact: Multiple vulnerabilities in WebKit > Description: WebKit for Windows is updated to include the security > fixes provided in Safari 5.0.1. Further information is available at > http://support.apple.com/kb/HT4276 From rforno at infowarrior.org Thu Sep 2 06:24:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Sep 2010 07:24:22 -0400 Subject: [Infowarrior] - Potential Twitter Privacy Problem Message-ID: <6EF524F1-9DA9-440B-99A9-016B52EC1F73@infowarrior.org> (Lauren is a great privacy researcher and pundit -- he's more than proven his value to me over the years w/his insight. What he writes, I read. Taking such steps for security purposes is one thing and not necessarily a bad idea. But what will they do with that data or the insight gained therein? Who knows? -- rick) Source: http://www.google.com/buzz/lauren4321/CngZiBEN6kJ/Soon-Twitter-will-be-collecting-data-on-which Soon, Twitter will be collecting data on which Twitter users click any links in any Twitter streams. They will also be able to collect IP address info for any user (even non-Twitter users) who click on any link in any Twitter message via the Twitter Web interface. Hmm. Specifically: "In the coming weeks, we will be expanding the roll-out of our link wrapping service ( http://t.co ), which wraps links in Tweets with a new, simplified link. Wrapped links are displayed in a way that is easier to read, with the actual domain and part of the URL showing, so that you know what you are clicking on. When you click on a wrapped link, your request will pass through the Twitter service to check if the destination site is known to contain malware, and we then will forward you on to the destination URL. All of that should happen in an instant ... Twitter will log that click ..." [emphasis added] This is a significant amount of data. I'd like to know more about how Twitter plans to protect that data, what their data retention and release policies for that specific data will be (if different from their generic privacy policies) and if they will be escrowing the link mappings with a third party for protection (as does bit.ly, for example, with Internet Archive). From rforno at infowarrior.org Thu Sep 2 08:46:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Sep 2010 09:46:53 -0400 Subject: [Infowarrior] - PIR: Cell phones and American adults Message-ID: Cell phones and American adults by Amanda Lenhart Sep 2, 2010 http://www.pewinternet.org/Reports/2010/Cell-Phones-and-American-Adults.aspx Overview Texting by American adults has increased substantially over the past year, but still does not approach the magnitude of text messages exchanged by adolescents. Some 72% of adult cell phone users send and receive text messages now, up from 65% in September 2009. Fully 87% of teen cell users text. Teens text 50 messages a day on average, five times more than the typical 10 text messages sent and received by adults per day. Still, for most adults, voice calling is their primary use of the phone. They make and receive about 5 calls per day on average. ?Texting among adults has reached the mainstream and the charge is being lead by African-Americans, Hispanics and young adults,? said Amanda Lenhart, Senior Research Specialist and author the report. ?Of course, none of these adult groups hold a candle to teens when it comes to texting, who swamp adults in messages sent per day by a factor of 5.? About the Survey This report is based on the findings of a daily tracking survey on Americans? use of the Internet. The re sults in this report are based on data from telephone interviews conducted by Princeton Survey Research Associates International between April 29 and May 30, 2010, among a sample of 2,252 adults, age 18 and older. Interviews were conducted in English. For results based on the total sample, one can say with 95% confidence that the error attributable to sampling and other random effects is plus or minus 2.4 percentage points. For results based Internet users (n=1,756), the margin of sampling error is plus or minus 2.7 percentage points. In addition to sampling error, question wording and practical difficulties in conducting telephone surveys may introduce some error or bias into the findings of opinion polls. The teen data in this report is based on the findings of a telephone survey on teens' and parents? use of mobile phones. The results are based on data from telephone interviews conducted by Princeton Survey Research International between June 26 and September 24, 2009, among a sample of 800 teens ages 12-17 and a parent or guardian. For results based on the total sample, one can say with 95% confidence that the error attributable to sampling and other random effects is plus or minus 3.8 percentage points for the complete set of weighted data. For methodological information about data collected prior to 2009, please visit our data page http://pewinternet.org/Data-Tools/Download-Data.aspx to find the information at the back of the questionnaire file for each data set. For both surveys, a combination of landline and cellular random digit dial (RDD) samples was used to represent all adults in the continental United States who have access to either a landline or cellular telephone. For more information, please see the Methodology section. From rforno at infowarrior.org Thu Sep 2 13:28:09 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Sep 2010 14:28:09 -0400 Subject: [Infowarrior] - FISA Court Proposes New Court Rules Message-ID: <3BF18483-031C-4443-9E04-8A86BAB706D5@infowarrior.org> FISA Court Proposes New Court Rules September 2nd, 2010 by Steven Aftergood http://www.fas.org/blog/secrecy/ The Foreign Intelligence Surveillance Court has proposed new rules to comply with the provisions of the FISA Amendments Act of 2008. The Court reviews government applications for intelligence surveillance and physical search under the Foreign Intelligence Surveillance Act (FISA). The proposed FISA Court rules (pdf) provide new procedures by which telecommunications companies can petition the Court to modify or dismiss a court order or a directive from the Attorney General or the DNI requiring them to assist in electronic surveillance, to provide ?any tangible thing,? or to adhere to a nondisclosure requirement concerning intelligence surveillance. Meanwhile, other procedures would permit the government to petition the Court to compel cooperation by a non-compliant telecommunications provider. A new section in the proposed FISA Court rules accordingly addresses the conduct of ?adversarial proceedings,? a term that does not appear in the current rules (last modified in 2006). The proposed new rules make other minor editorial changes in current procedures. For example, the existing rules provide for publication of FISA Court opinions, but state that ?Before publication, the Opinion must be reviewed by the Executive Branch and redacted, as necessary? to ensure that properly classified information is not disclosed. In a slight but possibly noteworthy revision, the proposed new rules state that ?Before publication, the Court may, as appropriate, direct the Executive Branch to review the order, opinion, or other decision and redact it as necessary?.? The FISA Court has provided an opportunity for public comment on the new rules. Comments are due by October 4, 2010. The FISA Amendments Act of 2008, which provided the impetus for the new rules, was strongly opposed by civil liberties groups because it granted immunity to telecoms that may have violated the FISA by implementing President Bush?s Terrorist Surveillance Program, which circumvented that binding statute altogether. The 2008 Amendments were also opposed by several Senators who went on to become leading figures in the Obama Administration and who expressed concern that the Act did not give the FISA Court enough independent authority. ?Although the bill gives the FISA Court a greater role than earlier bills did, it still fails to provide for a meaningful judicial check on the President?s power,? said Senator Joe Biden during the July 9, 2008 floor debate on the Act. Likewise, ?while the bill nominally calls for increased oversight by the FISA Court, its ability to serve as a meaningful check on the President?s power is debatable,? said Sen. Hillary R. Clinton, explaining her decision to vote against the Amendments. But the FISA Amendments Act was supported by then-Senator Barack Obama, along with a majority of other Senators and Congressmen, and it was enacted into law. From rforno at infowarrior.org Thu Sep 2 17:37:43 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 2 Sep 2010 18:37:43 -0400 Subject: [Infowarrior] - New German ID cards easily hacked Message-ID: <4B75767B-7690-4356-A818-C0D0EAAAAEC3@infowarrior.org> New government ID cards easily hacked Published: 24 Aug 10 12:16 CET Online: http://www.thelocal.de/sci-tech/20100824-29359.html The sensitive personal information found on the new German identification cards with data chips scheduled for nationwide introduction this November can be easily hacked, according to testing done by a TV news show. Public broadcaster ARD?s show ?Plusminus? teamed up with the hacker organisation the Chaos Computer Club to find out how secure the controversial new radio-frequency (RIHD) chips were. Set to air Tuesday evening, the report shows how they used the basic new home scanning machines that will go along with the cards, and found that scammers would have few problems extracting personal information. This includes two fingerprint scans, which German citizens can opt out of, and a new six-digit PIN number meant to be used as a digital signature for official government business and beyond. The home scanners will be necessary for use with home computers to process the personal data for official business and possibly even online shopping. The Interior Ministry has promised to sponsor the distribution of one million scanners with some ?24 million set aside by the government?s recent stimulus package. Some banks and computer magazines also plan to provide free promotional starter kits. In an interview with the show, Interior Minister Thomas de Maizi?re said he saw no immediate reason to act on the alleged security issue. Meanwhile on Tuesday the Federal Office for Information Security (BSI) rejected the Plusminus' criticism of the new ID card. The agency?s personal identification expert Jens Bender said the card was secure and called the combination of an integrated chip with a PIN number a ?significant security improvement compared to today?s standard process of user name and password.? But a classic Trojan horse program that logs keystrokes remained a threat, he admitted, because users must use keyboards in addition to the scanners. From rforno at infowarrior.org Fri Sep 3 11:13:46 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Sep 2010 12:13:46 -0400 Subject: [Infowarrior] - WH Blocks release ACTA trade text Message-ID: <0D27F8B8-E8D0-4CCA-B701-51619308CC14@infowarrior.org> Yessir, that's Change We Can Choke On(tm). Same stuff, different administration. Only the packaging changes; the policies remain. -rick http://www.huffingtonpost.com/james-love/white-house-blocks-disclo_b_704676.html?view=print James Love Director, Knowledge Ecology International Posted: September 3, 2010 09:25 AM White House Blocks Disclosure of Secret intellectual property trade text The Obama Administration has again blocked the public release of the text of an important intellectual property enforcement agreement. The White House has made the completion of the agreement a high priority, which it will describe as something to protect U.S. jobs -- and hopes to complete the global pack in time to influence the November 2010 Congressional elections. The "Anti-Counterfeiting Trade Agreement," known as ACTA, has been shrouded in controversy since its inception in the Bush Administration, because of the secrecy surrounding the negotiations, and the suspected anti-consumer, anti-civil rights, and anti-innovation measures that were thought to be included. Some of us thought the Obama Administration would straighten things out, but almost immediately after taking office the White House declared the ACTA text to be a matter of national security - withholding the text and even the names of the negotiators from Freedom of Information Act (FOIA) requests, while sharing the negotiating text secretly with hundreds of industry lobbyists. The White House also embraced the hard line positions being advocated by various entertainment industry executives, such as Ari Emanuel of Hollywood's William Morris Endeavor Entertainment agency, or Rick Cotten of NBC Universal, and the army of lobbyists working for large publishers. The agreement is being negotiated between the United States, the 27 member countries of the European Union, Switzerland, Canada, Australia, New Zealand, Japan, Korea, Singapore, Mexico and Morocco. All of the other countries in the negotiation are now willing to have the negotiating text made public, recognizing that this transparency would: (1) enhance the legitimacy of the negotiation, and (2) allow a broader community of experts to analyze the consequences of the proposed text. On March 10, 2010, the European Parliament criticized the legitimacy and the substance of the ACTA negotiations, and voted 633 to 13 to force the disclosure of the negotiating text. On March 11, 2010, President Obama came to the defense of ACTA in a speech at the Import-Export bank. The European Parliament vote forced a one time release of the ACTA negotiating text on April 16, 2010,. Since then, the United States has been isolated as the only country to block the additional releases of the text. On August 16, 2010, USTR head Ron Kirk met with ACTA negotators in Washington, DC. That week the US government was again the sole country to block the disclosure of the ACTA negotiating text. Photo from USTR web site. At this point, the White House is desperate to get an agreement that it can advertise as a jobs promoting measure, and is in the process of compromising on a number of important issues, as the European Union tries to capitalizes on what it perceives is panic in the White House over the election. What is ACTA about? In the beginning, ACTA was proposed as a sweeping agreement touching on the criminal and civil enforcement of patents, copyrights, trademarks, trade secrets, industrial designs, computer chip designs, geographic indicators associated with wine, spirits and food products, and pharmaceutical test data, including a host of new global norms involving the surveillance of uses of a wide range of physical and digital goods in order to eliminate alleged infringements -- described by some as a "Patriot Act" for IPR enforcement. Drawing from the lessons of the real Patriot Act, it should not take a genius to recognize that enforcement measures can be problematic. The mere fact that IPR infringements constitute a serious issue does not mean that all measures to deal with alleged infringement are good ideas. In the earlier versions of the ACTA text that have been leaked, it is clear that the U.S. negotiators have screwed up in several areas -- by backing new global norms on injunctions and damages that run counter to U.S. legal traditions, and which would make it next to impossible to deal constructively with orphan works problems for copyrighted works, or facilitate the market entry of legitimate generic biologic drugs. The U.S. has also backed positions that run counter to Congressional efforts on patent reform, in the area of limiting "runaway" verdicts from patent trolls. In the area of trademarks, the earlier versions of the ACTA would have criminalized acts now considered only civil violations in the U.S., in a field where legitimate businesses over argue over trademarks on such items as the term "Windows" or the use of marks like "iPhone." The U.S. negotiators have also failed to support an exception for the enforcement of patents in cases of the transport of "goods in transit," despite the major problem of legitimate generic drugs being seized in airports of countries that have different patent laws -- including a case of AIDS drugs being shipped from India through the Netherlands to the U.S. Embassy in Nigeria, for use in AIDS programs supported by the US taxpayers. There are major concerns about ACTA and privacy. It is also not encouraging that the U.S. reportedly is blocking proposals in the ACTA to address the right of countries to protect public health or to control anticompetitive practices -- the so called safeguard clauses proposed by Australia, New Zealand, Singapore and Canada. (See Article 1.X on page 3 of the leaked version of the July 1, 2010 text.) It is not an unreasonable request that the Obama administration join the 37 other countries in the negotiation to support the release of the ACTA text to the public, so we can see what the negotiators are up to. After all, the Obama Administration does share its positions in the ACTA negotiations with corporate lobbyists. From rforno at infowarrior.org Fri Sep 3 14:35:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Sep 2010 15:35:05 -0400 Subject: [Infowarrior] - Cyberspace Spawns a New Fog of War Message-ID: Cyberspace Spawns a New Fog of War By Col. Alan D. Campen, USAF (Ret.), SIGNAL Magazine September 2010 http://www.afcea.org/signal/articles/templates/Signal_Article_Template.asp?articleid=2375&zoneid=301 An old doctrine illuminates the obsolescence of traditional rules. Military commanders long have complained of limited situational awareness because of faulty intelligence and disruption of their lines of communications. Gen. Carl von Clausewitz called this ?the fog of war.? Today?s military commanders face a distinctly different threat to their lines of communications because cyberwar casts a shadow far beyond Gen. Clausewitz?s conventional battlefield and the rules of engagement that govern armed conflict. Senior military commanders assert that coming to terms with this new threat to information systems requires not only some new technology and revisions in doctrine, organization and management but also a change in military culture itself. U.S. military forces have become too dependent on the data flowing through vulnerable digital information systems they neither own nor control, and they no longer are confident in their ability to function in this highly stressed information environment. Joint Chiefs of Staff Chairman Adm. Mike Mullen, USN, says, ?Cyberspace will change how we fight.? Gen. Keith B. Alexander, USA, commander of the U.S. Cyber Command, and director of the National Security Agency, says that network warfare has evolved so rapidly that there is a ?mismatch between our technical capabilities to conduct operations and the governing laws and policies.? The cadre of U.S. Air Force officials who labored to shape what has since become the 24th Air Force knew they were entering an ill-defined, unexplored and heavily contested domain. Lt. Gen. Robert Elder Jr., USAF, then commander of the 8th Air Force and joint functional component commander for Space and Global Strike, U.S. Strategic Command (STRATCOM), invited the RAND Corporation to advise his military planners on cyberwarfare. In a report titled Cyberdeterrence and Cyberwar, RAND analyst Martin C. Libicki responded with sobering observations on the limits of power in cyberspace. While specifically addressing Air Force hopes to ?fly and fight in cyberspace,? his observations apply to each of the military services and to other government agencies as well. The report makes several key points: Cyberspace is its own medium and must be understood in its own terms and rules; deterrence and warfighting tenets established in land, sea, air and space do not necessarily translate reliably into cyberspace, and attempts to transfer policy constructs from other forms of warfare not only will fail but also will hinder policy and planning; and the medium is fraught with ambiguities about the identity of the attacker, its objective and what damages resulted. Also, as an offensive strategy, cyberwarfare is questionable because its potential for unpredictable collateral damage is high and permanent effects are hard to measure; attempting a cyberattack in the hopes that success will facilitate a combat operation may be prudent, and betting the operation?s success on a particular set of results may not be; and defending military cyber systems is like but not equal to defense of civilian systems. Coming to terms with this new fog of war requires more than simply identifying the ways cyberwar differs from conventional battlefields and making adjustments in technology and tactics deemed prudent. The words used to define the cyberthreat and the objectives and proposed methods of conducting cyber operations are critical, because words carry baggage. As an example, the term psyops has been purged from the military lexicon because it became politically contentious. Another term is information operations, or IO, the meaning of which has morphed so often that members of a vexed Senate Armed Services Committee directed the U.S. Defense Department to define the term, identify the players and explain how it is managed. Words shape debate and mold organizations. What we call ?things? quickly solidify into policy, doctrine, organization and training, and from that, budgets that foment turf battles among equity-entrenched organizations. Cyberwar is a most troublesome term. How can we develop a national or international strategy for waging cyberwarfare when so few agree on the nature, intensity or risks of a cyberthreat? Is it war or something less? Who should be empowered to counter the threat?government, owners or users? And, what form of public-private partnership is needed to defend the nation?s critical information infrastructure? An article in the spring 2010 edition of Air and Space Power Journal calls cyberwar ?a loaded term that invokes various definitions from different organizations and people.? White House cybersecurity coordinator Howard Schmidt finds cyberwar a ?terrible metaphor.? IEEE Computer Society President James Isaak cautions that the term ?war? makes people think that it is exclusively a government problem. In a blog titled Cyberwar or Not Cyberwar, information security veteran Amit Yoran explains, ?A warfare connotation or cyberwar label provides for a natural inclination to place greater emphasis on the role of the military and intelligence community.? The global dimension of this disagreement is clear from papers and remarks from representatives of more than 40 countries at the May 2010 First Worldwide Cybersecurity Conference. Many there complained that the catch-all term ?cyberwarfare? was hurting international efforts to cooperate on Internet security. What lacks is a workable taxonomy, says Microsoft Vice President and former defense official Scott Charney. This taxonomy would categorize and then differentiate among the vastly different actors, motives, threats and risks. National Defense University professor Daniel Kuehl offers a useful taxonomy. He asserts that the base word cyber?a term derived from Norbert Wiener?s cybernetics theory of control and communications between animal and machine?must be parsed into three distinctly different elements. First is the connection?the network; then the content?the message; and finally cognition?the message effect. This deconstruct reveals the vastly different human skill sets and organizations, ranging from computer network operations to public affairs, that are involved in managing information as it flows between the machine and the human animal. Meanwhile, each military service, responding to its differing definitions of the cyber challenge, has assessed its military kit; found where it lacks in doctrine, tools and skills; formed a cyber organization; recruited and is training a work force; and has published interim doctrine and regulations. Reconciliation and deconfliction of the different approaches to cyber operations will be an important initial task for the new subunified U.S. Cyber Command. However, coming to terms with the changes wrought by cyberwar involves more than semantics. It changes not only how we fight?as Adm. Mullen reminds?but also when, where and whom we fight. These nontrivial issues are unaddressed in extant rules of engagement. History, experience, protocols, laws and accords are not helpful; they are little more than launching points for development of a new national security policy to be led by the Defense Department. Senior defense officials, charged with developing a coherent doctrine for cyberwarfare, admit that not everything that happens in cyberspace is an act of war, and they are struggling with nontechnical issues such as defining and establishing doctrine for cyberwar. While affirming that the laws of armed conflict do and will continue to apply to cyberwar, Defense Department Principal Undersecretary for Policy James Miller admits the military ?still has to establish what an act of aggression looks like in cyberspace and decide the rules for responding?both digitally and physically.? Senior U.S. military officials have concluded that neither policy nor doctrine has recognized that personal computers have undergone a change from tools of convenience?exclusively attended by technologists?to tools of absolute necessity in military operations. This, says STRATCOM Commander Gen. Kevin P. Chilton, USAF (SIGNAL Magazine, May 2010), demands a cultural shift that respects information as a weapon, accompanied by doctrine that assigns responsibility and accountability for its protection to commanders and users, not administrators. Joint Chiefs Vice Chairman Gen. James Cartwright, USMC, adds that the military needs a doctrine that shifts away from point defense?a posture that awaits and responds to a catastrophe. Instead, it must move to one that defines a cyberattack and the consequences for those who launch such an attack on the U.S. critical infrastructure, be that in times of peace, crisis or war. ?The military relies too much on technology,? said Gen. James Mattis, USMC, in a lecture to an AFCEA audience. We need to practice with the ?radios turned off? and officers must become comfortable with uncertainty rather than keep grasping for more certainty. ?While we have the most robust communications, we also want to make sure we can operate with none of it,? the general declared. Through a flurry of recent speeches and revised directives, defense officials have recognized there are limits to cyberdefense and have concluded that advantage on any battlefield?albeit episodic and ephemeral?will favor the commanders who best manage what they cannot master. Col. Alan D. Campen, USAF (Ret.), is a SIGNAL Magazine contributing editor and contributing editor to four books on cyberwar. His website is www.cyberinfowar.com. From rforno at infowarrior.org Fri Sep 3 14:44:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Sep 2010 15:44:05 -0400 Subject: [Infowarrior] - Anti-Google campaign on privacy Message-ID: Anti-Google campaign on privacy Maggie Shiels | 09:40 UK time, Friday, 3 September 2010 http://www.bbc.co.uk/blogs/thereporters/maggieshiels/2010/09/anti_google_campaign.html The public advocacy group Consumer Watchdog is no lover of Google. It has in fact been a constant thorn in the search giant's side and has set up a special Google website to log and monitor what it sees as its misdeeds as the firm tracks and collects data on us through our search history and browsing habits. Now Consumer Watchdog has taken it to a whole new level with giant adverts playing on the JumboTron in New York's Times Square. See them here. Google CEO Eric Schmidt is portrayed as a "perverter of privacy" in the guise of an ice cream man. The animated video shows a caricature of Schmidt giving out free treats to children while at the same time spying on them and collecting information on them. Consumer Watchdog's president Jaimie Court said the aim of the adverts was to "make the public aware of how out of touch Schmidt and Google are when it comes to our privacy rights. Google knows more about us than most government agencies." "Google's motto is 'don't be evil' and the way Eric Schmidt has been talking lately proves he has not been living up to that standard." Specifically Mr Court is referring to Mr Schmidt's recent comments about privacy and online behaviour. "Schmidt is out of control," said Mr Court. "When questioned about privacy, he has said, 'If you have something that you don't want anyone to know, maybe you shouldn't be doing it in the first place.' Recently, he suggested children could change their names when they got older if they wanted to escape what was embarrassing and public in their online lives." As well as deriding Google and its CEO in this 540ft video screen in one of America's most populous squares, Consumer Watchdog has a serious message about online privacy in general. It wants Congress to implement a "do not track me" list that prevents Google and any other internet company from tracking users' every move online. The list would work just like the "do not call list" which has been pretty successful at stopping those annoying marketing phone calls you get just as you are about to sit down for dinner/put the baby in the bath/read the toddler a book/or enjoy a sip of wine. Google has taken quite a bit of heat lately over privacy. Its own admission that its Street View cars had mistakenly collected snippets of information leaking from unprotected networks in people's homes resulted in criticism from privacy advocates around the world. Google's foray into social networking with its product Buzz also lead to unwanted headlines about a cavalier attitude towards privacy. But as the Wall Street Journal points out, Consumer Watchdog is not above reproach. The group claimed that the Street view cars could have collected national security information from members of Congress but the Journal pointed out that it made the "allegations after sitting outside the homes of the members itself and sniffing for unsecured traffic". Google's response to the advert is sanguine. "We like ice cream as much as anyone, but we like privacy even more," Google said in response to the BBC. "That's why we provide tools for users to control their privacy online, like Google Dashboard, Ads Preference Manager, Chrome incognito mode and 'off the record' Gmail chat." The California-based internet Titan said that information about its privacy tools can be found online at google.com/privacy. From rforno at infowarrior.org Fri Sep 3 15:05:57 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 3 Sep 2010 16:05:57 -0400 Subject: [Infowarrior] - Book Review: HOMEROOM SECURITY Message-ID: <24AD775D-AF28-4168-8329-66E739C4B611@infowarrior.org> Sunday, Aug 29, 2010 14:01 ET America's real school-safety problem In the wake of Columbine, many educators have instituted zero-tolerance discipline. What is it teaching our kids? By Justin Sullivan http://www.salon.com/books/feature/2010/08/29/homeroom_security_ext2010 Last fall, a Delaware student was suspended from school after bringing a knife into his classroom. Because of his school's zero-tolerance weapons policy, he was suspended for 45 days and forced to attend an alternative school. Swift justice? Perhaps -- except that the student, Zachary Christie, was a first grader at the time and the "weapon" was his Cub Scout-issued fork-spoon-knife tool. When his case received national attention, his punishment and the school's policy were swiftly revised -- part of the growing groundswell of opposition to zero tolerance. Although opponents point to this case and others as evidence that "one size fits all" punishments are ineffective, anxiety about weapons and violence in schools remains high among Americans. In the wake of the 1999 shootings at Columbine High School, high schools in the United States rushed to adopt strict policies and filled schools with armed guards, metal detectors and drug-sniffing dogs. These are now hallmarks of the modern American school. Yet for all these extreme measures, public fears over student safety remain high. Aaron Kupchik's "Homeroom Security: School Discipline in an Age of Fear" is an attempt to explain that paradox and suggest an alternative to this battle-zone mentality. The product of two years of research, "Homeroom" examines four public high schools comprising different race and class demographics. Kupchik compiled more than a hundred hours of interviews with students, administrators, teachers and police officers assigned to each school. Kupchik's writing is meticulous and even-handed, even praising the officers whose methods he strongly disagrees with. Salon talked with Kupchik about the lessons of Columbine, his willingness to appear naive, and hopeful signs for the future. How did these zero-tolerance policies get started and what do they mean? They started in the '90s, and they were spurred by the federal government's Safe and Drug Free Schools Act, which required schools to implement zero tolerance for certain things like weapons. What schools have done across the country in the last 15 years is to expand greatly what falls under zero-tolerance policies. So they extend to not just deadly weapons and drugs but sometimes fighting and prescription drugs and other types of substances. What they mean is that if you're caught violating this broad rule, there's no discussion and no elaboration of why you did this. No investigation. We just punish you with the one-size-fits-all punishment. Why are they so detrimental? We're teaching kids what it means to be a citizen in our country. And what I fear we're doing is teaching them that what it means to be an American is that you accept authority without question and that you have absolutely no rights to question punishment. It's very Big Brother-ish in a way. Kids are being taught that you should expect to be drug tested if you want to participate in an organization, that walking past a police officer every day and being constantly under the gaze of a security camera is normal. And my concern is that these children are going to grow up and be less critical and thoughtful of these sorts of mechanisms. And so the types of political discussions we have now, like for example, whether or not wiretapping is OK, these might not happen in 10 years. So these policies are giving the kids a civics lesson. Exactly. As part of my research, I interviewed students, and one of the questions that seemed like a good idea at the start was asking them whether they liked having the SROs [school resource officers] in their schools. For me, having gone to public schools without cops, this really seemed odd to me, to put police officers in peaceful schools. And the students were puzzled by this question, and I quickly realized that it makes no sense to them because it's all they've ever known. It's completely normal. It makes about as much sense as if you asked them, "Should your school have a principal?" You spent a lot of time in each of the four schools. What are the police officers like who patrol these schools? They were great. I really enjoyed the time that I spent with them. These are people who care about kids and who work hard for little money to do the right thing. I might disagree with what they do and how they do it, but not with their motives. But their role is an odd one for schools. They don't have a counseling background, and they are just not able to deal with kids' problems the way that some of these problems need. Their day-to-day experience trains them and socializes them to deal with kids in not the most productive manner. And their presence in schools creates a law-and-order mindset to govern schools rather than the type of counseling and democratic mindset that we know prevents crime. There's still very much a public perception that crime, violence and drugs are on the rise in schools. Has the addition of school resource officers been effective at all? The jury's still out on whether they've led to a decrease in crime. There have been big decreases in crime, but it's unlikely that the SROs have had an effect on that. There have been only a few studies that have tried to look at effectiveness, and they've been totally mixed. What we do know about preventing crime in schools is that when you have a more democratic and inclusive school, you tend to have less crime. A democratic and inclusive school is one where students feel respected, they feel like they're a part of a school, and where a school deals with students' problems rather than just dismissing them. It's one where the students feel empowered. SROs and zero-tolerance policies do the opposite of this; they erode what we know works. The Columbine shooting is often invoked as a justification for zero-tolerance policies. But what kinds of changes did Columbine High adopt in the wake of the shootings? Columbine is central to the way we think about school security. It redefined the tragedy of school crime in a very dramatic way. In the wake of it, what Columbine High did was quite sensible. They invested in counselors. They recognized that kids who do bad things in school are usually kids who have very serious troubles, and so rather than simply kicking them out of school for a week, they tried to reach out to kids who are dealing with difficult issues -- to solve problems rather than just delaying them for a week while the kid's out of school. They turned away from the more zero-tolerance type of policies and toward what I think is a much more effective way of trying to deal with things. That's pretty surprising. If there's any school where you thought things might become more draconian, it would be that one. It's also interesting that one of the ways that people try to prevent a "Columbine-like incident," a phrase I heard frequently, is to put up surveillance cameras and put in SROs. But they had both of those at Columbine. We can watch the surveillance footage of the police officers. Now perhaps it would have been even more devastating if they had not been there; we'll never know that. But it certainly didn't prevent things from happening. One of your proposed reforms is to place non-school-affiliated counselors in schools. Why? There are good features of having cops in schools. On the balance sheet, I think it is more harmful than beneficial, but one of the good things is that there is somebody outside the school's authority that kids can talk to. But why does that person have to be a police officer? Why can't that person be someone who's trained in adolescent development? Someone who has a good eye for what makes adolescents tick and can deal with their problems as they arise? Why can't be they be someone who can better hold their confidence unless their life or safety is at stake? This could be kind of the best of both worlds. Some would say these ideas are too naive for the harsh realities of the modern high school. That might be true. But they've tried their policies, and there are very clear disadvantages. What I'm arguing against is near-universal in American public high schools. There are harmful consequences which I try to detail throughout the book. I acknowledge I don't have to deal with 30 unruly kids as I teach in front of a class. So I have great sympathy for teachers who have to struggle with that misbehavior. That's not their fault. But what I'm saying is that we have evidence-based ways of dealing with that misbehavior that are much more likely to stop it, and we don't use them. So I might be naive, but I'm willing to be, because I see a lot of harm with the current policies. With a new school year starting, do you see any hope for a shift away from these methods? In my own state of Delaware, I recently took part in a task force in the state Legislature that led to new legislation that was passed to reduce suspensions and arrests in schools -- to curb zero-tolerance polices. So I do see movement in the positive direction. Another encouraging sign is that I'm talking to you and that people are interested in this. We need to be firm. There needs to be discipline in schools, but we must be much more sensible about how we do it. It seems to me that more and more people are catching on to that, so I am hopeful that things will change. Justin Sullivan is an editorial intern at Salon. From rforno at infowarrior.org Sat Sep 4 20:08:59 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 4 Sep 2010 21:08:59 -0400 Subject: [Infowarrior] - Fwd: [IP] I Love the Smell of the First Amendment Being Shredded... References: Message-ID: <446FEB75-89C9-4343-87DC-380FC00A3F28@infowarrior.org> Begin forwarded message: > From: Dave Farber > Date: September 4, 2010 5:36:21 PM EDT > To: "ip" > Subject: [IP] I Love the Smell of the First Amendment Being Shredded... > Reply-To: dave at farber.net > > > > > Begin forwarded message: > >> From: "Brock N. Meeks" >> Date: September 4, 2010 4:40:43 PM EDT >> To: dave at farber.net >> Subject: I Love the Smell of the First Amendment Being Shredded... >> >> Sometime late Friday Craigslist shuttered...er... I mean CENSORED (their word, literally) the ?Adult Services? section for all its sites in the U.S. The story was first reported on TechCrunch; a flood of other outlets have followed, none of them with any more information than TechCrunch, save for an arrogant statement from Conn. AG and governor wannabe, Richard ?I Did So Fight in Vietnam...no, wait? Blumenthal. >> >> Here?s the WPost story: http://www.washingtonpost.com/wp-dyn/content/article/2010/09/04/AR2010090401719.html >> >> Here?s the quote from Blumenthal: >> >> In a statement, Connecticut Attorney General Richard Blumenthal (D) - who was among 17 attorneys general who last month asked Craigslist to shut down its "adult" section - said he welcomed "Craigslist's apparent decision to close" the section. >> >> "We welcome any steps toward eliminating the adult services section and prostitution ads on Craigslist, as we have urged, and we are seeking to verify the site's official policy going forward," Blumenthal said. "If Craigslist is doing the right thing voluntarily in response to our coalition of attorneys general, it could set an example for others." >> >> And yes, that IS the sound of free expression you hear being shredded in the background. >> >> Oh! One more thing... apparently if you live OUTSIDE the U.S., access to these Adult Services is still available. >> >> --Brock > Archives | Modify Your Subscription | Unsubscribe Now -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Sun Sep 5 09:50:49 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 5 Sep 2010 10:50:49 -0400 Subject: [Infowarrior] - Anti-Piracy Outfit Threatens To DoS Uncooperative Torrent Sites Message-ID: Anti-Piracy Outfit Threatens To DoS Uncooperative Torrent Sites Written by enigmax on September 05, 2010 http://torrentfreak.com/anti-piracy-outfit-threatens-to-dos-uncooperative-torrent-sites-100905/ In recent years, technical anti-piracy enforcement has taken a less aggressive approach to that previously demonstrated by the infamous MediaDefender. But now, according to a company being hired to protect Bollywood blockbusters, if BitTorrent sites don?t cooperate by taking down torrents when asked, they will have denial of service attacks launched against them and material taken down by force. While anti-piracy actions had grown steadily more aggressive, it still came as a bit of a surprise when it was revealed in 2008 that a DoS-style attack had been launched against Revision3?s BitTorrent tracker. Founded by Kevin Rose and Jay Adelson of Digg fame along with David Prager of TechTV, Revision3 serves up around 6 million downloads per month. However, their whole operation was turned upside down two years ago when the now-defunct MediaDefender abused Revision3?s tracker for their own ends and when denied access ?threw an epic tantrum? which took down the whole site. Since the demise of MediaDefender, anti-piracy companies certainly haven?t gone away and some have still resorted to DoS-style attacks. Trident Media Guard, the French anti-piracy outfit selected by the music and movie industry to track down French pirates under the new ?Hadopi? law, was recently spotted trying to pointlessly smother a user sharing via BitTorrent. Most groups working in this field keep their techniques private but as we shall see, that?s not true for all of them. According to an India-based company working on behalf of Bollywood studios, there are a number of techniques they can use to deal with movie piracy, from the gentle to the particularly aggressive. According to Girish Kumar, managing director of AiPlex Software ? a company recently hired to combat piracy on the movie My Name is Khan (which trended at #1 on KickAssTorrents earlier this year) ? they begin with a simple notice and takedown. ?When we detect a website offering a link or a download, we contact the server hosts and intimate them about the illegal activity. They issue a notice to the site owner,? Kumar explains. ?If the site owner does not comply, the site is either suspended or dismissed,? he adds optimistically. When a copy of the movie Peepli Live appeared on the private Desi tracker ICTorrent on August 13th 2010, AiPlex promptly ordered it to take down the torrent. Although it?s reported that the site complied, TorrentFreak checked and the file is still there along with several others added in the past few weeks. ?The problem is with torrent sites, which usually do not oblige,? acknowledges Kumar. But AiPlex, which charges between $4,290 and $8,580 to ?protect? movies for a four-week period, have other tricks up their sleeve. ?In such cases, we flood the website with requests, which results in database error, causing denial of service as each server has a fixed bandwidth capacity,? Kumar reveals. And it doesn?t stop there. ?At times, we have to go an extra mile and attack the site and destroy the data to stop the movie from circulating further,? he adds. Given the nature of these pretty outlandish admissions, TorrentFreak contacted AiPlex (who confusingly list ?Bram Cohen? as a type of torrent client on their site) for comment but at time of publication we had received no response. We also contacted the administrators at ICTorrent but they were equally silent. Although it?s long been suspected that ?dirty tricks? have been employed by anti-piracy groups in the past, it is very unusual for a company to openly admit using these type of techniques against torrent sites. Should AiPlex offer us a statement, we will update this post accordingly. From rforno at infowarrior.org Mon Sep 6 11:00:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 6 Sep 2010 12:00:35 -0400 Subject: [Infowarrior] - ACTA Text Leaks: U.S. Concedes on Secondary Liability, Wants To Go Beyond DMCA on Digital Locks Message-ID: ACTA Text Leaks: U.S. Concedes on Secondary Liability, Wants To Go Beyond DMCA on Digital Locks Monday September 06, 2010 http://www.michaelgeist.ca/content/view/5285/125/ Given the history of ACTA leaks, to no one's surprise, the latest version of the draft agreement was leaked last night on KEI's website. The new version - which reflects changes made during an intense week of negotiations last month in Washington - shows a draft agreement that is much closer to becoming reality. Square brackets have been removed from many sections, leaving the core issue of scope of the agreement as the biggest issue to be resolved when the next round of negotiations begins in a few weeks in Japan. Perhaps the most important story of the latest draft is how the countries are close to agreement on the Internet enforcement chapter. The Internet enforcement chapter has been among the most contentious since the U.S. first proposed draft language that would have globalized the DMCA and raised the prospect of three strikes and you're out. In the face of opposition, the U.S. has dropped its demands on secondary liability but is still holding out hope of establishing digital lock rules that go beyond the WIPO Internet treaties and were even rejected by its own courts. The key takeaways from the Internet chapter, noting that Canada has reserved the right to revisit elements of this chapter at a later date: 1. There is still disagreement on scope - the EU wants it to apply to all intellectual property, while the U.S. would limit to copyright and trademark. This disagreement occurs throughout the ACTA text. 2. Each party is now required to provide the means to address infringement in the digital environment, including unlawful file sharing and streaming. There are no specific requirements and the provision notes that these procedures must preserve principles related to freedom of expression, fair process, and privacy. 3. The secondary liability provisions that focused on ISP liability have been dropped entirely. Instead, the chapter requires countries to promote cooperative efforts with the business community to address infringement and says that countries may provide that authorities have the power to order ISPs to disclose subscriber information. Note that the disclosure power is not a requirement but rather something a country "may" do. 4. The anti-circumvention provisions remain somewhat in play. There is general agreement on a broad provision that largely mirrors the WIPO Internet treaties in calling for "adequate legal protection and effective legal remedies against the circumvention of effective technological measures." If the obligation were to end there, the provision would simply ensure that all ACTA countries establish anti-circumvention rules, with all the flexibility that WIPO allows. However, the U.S. is still pushing for two additional provisions that would define adequate legal protection and effective legal remedies in an effort to limit the flexibility that all countries agreed to with the WIPO Internet treaties in the 1990s. The U.S. approach would mandate protection against circumvention of access controls as well as include several prohibitions against devices that can be used to circumvention, potentially even including marketing circumvention devices. The EU has reserved its position on the entire additional provision, Japan opposes parts of it, and (as mentioned) Canada has reserved on the entire chapter (presumably with this section in mind). Moreover, the U.S. also supports a second provision that makes it clear that circumvention does not even require infringement of copyright. This appears to contradict recent U.S. caselaw and would raise constitutional issues in Canada. The EU has proposed deleting the entire provision. This chapter is far better than the initial U.S. proposal, but other countries - particularly Canada - should hold out for anti-circumvention rules that mirror the WIPO Internet treaties. The U.S. demands would currently have a significant impact on the debate on C-32, effectively constraining the House of Commons' ability to tinker with portions of the digital lock rules. Moreover, the attempt to de-link circumvention from copyright infringement runs counter to a growing body of U.S. jurisprudence and appears to be a USTR attempt to re-write elements of the DMCA as interpreted by U.S. courts. I'll post more on the rest of the leaked agreement shortly. From rforno at infowarrior.org Mon Sep 6 17:29:44 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 6 Sep 2010 18:29:44 -0400 Subject: [Infowarrior] - 9 Years After 9/11, Public Safety Radio Not Ready Message-ID: September 6, 2010 9 Years After 9/11, Public Safety Radio Not Ready http://www.nytimes.com/2010/09/07/business/07rescue.html By EDWARD WYATT WASHINGTON ? The inability of most firefighters and police officers to talk to each other on their radios on Sept. 11, 2001, at the World Trade Center ? one of the most vexing problems on that day nine years ago ? still has not been completely resolved. The problem, highlighted in the 9/11 Commission Report, was seen again in 2005 after Hurricanes Katrina and Rita. Public safety officers from different jurisdictions arrived at the scene of those disasters only to find that, unable to communicate with each other by radio, they had to resort to running handwritten notes between command centers. Despite $7 billion in federal grants and other spending over the last seven years to improve the ability of public safety departments to talk to one another, most experts in public safety communications say that it will be years, if ever, before a single nationwide public safety radio system becomes a reality. In the meantime, public safety and homeland security officials have patched together voice networks in some regions, including New York, that link commanders at various agencies. But the focus in Washington has turned to the development of the next generation of emergency communications ? wireless broadband ? seeking to succeed there where radio failed. Many of the same issues that helped shape the current dysfunctional public safety radio networks threaten the creation of a uniform standard for wireless broadband communications. ?For a brief moment in time, a solution is readily within reach,? James A. Barnett Jr., chief of the Federal Communications Commission?s public safety and homeland security bureau, told a Congressional hearing this summer. ?Unless we embark on a comprehensive plan now, including public funding, America will not be able to afford a nationwide, interoperable public safety network.? Public safety groups, with the backing of some members of Congress, are arguing that they need to be given control of a larger chunk of broadband spectrum ? the airwaves on which wireless devices communicate with each other ? to insure that they have adequate network capacity during emergencies. Officials from the F.C.C. and other legislators disagree, saying that the best way to pay for and build a robust, affordable communications system is to auction some of the airwaves to commercial companies that can build a network and make it available to public safety agencies during an emergency. That disagreement, and the associated Congressional inquiries and lobbying, have stalled development just as wireless phone companies are beginning to construct and deploy their fourth-generation, or 4G, networks. Building public safety networks at the same time as the commercial wireless networks and sharing towers and fiber optic cables would save $9 billion in construction costs and billions more over the lifetime of the network, the F.C.C. believes. Some public safety systems are already under way. Last month, the Commerce Department awarded $220 million to five regional efforts to build some of the first wireless broadband public safety systems. Among the awards was $50 million to Motorola to build a network in the San Francisco Bay area that would allow public safety officials from San Francisco, Oakland and surrounding counties to talk, transfer files and share video. But those initial broadband systems are being built before the various parties have settled on all the appropriate standards for equipment and networks ? meaning that there is no guarantee that other jurisdictions that build their systems at some point in the future will be working on the same wavelength. Because of the specialized nature of much of the equipment, the nation?s 50,000 public safety agencies pay $2,500 to $5,000 a unit for the current generation of rugged, handheld radios that allow different departments to talk to each other. Only mass production of uniform broadband equipment is likely to bring down the costs, officials say. And while the Obama administration, Congress, the F.C.C. and public safety groups are working to reach agreements on standards, turf battles and political posturing have already crept into the debate. ?The history of public safety is one where the vendors have driven the requirements,? Deputy Chief Charles F. Dowd, who oversees the New York Police Department?s communications division, said in an interview. ?We don?t want that situation anymore. We want public safety to do the decision making. And since we?re starting with a clean slate, we can develop rules that everybody has to play by.? The Obama administration has already been conducting meetings of a task force that includes representatives of the Department of Homeland Security, the National Telecommunications and Information Administration, public safety agencies and telecommunications companies. At the end of September, the administration is to convene a public forum to share ideas. Administration officials acknowledge that it will take years to build a nationwide public safety system. ?We?re talking about an endeavor that will take 10 or so years to get completed,? said an administration official. ?We?re starting with a new generation of technology, and that gives us a much better chance to succeed than we had with the legacy systems.? Complicating the debate is the demand by public safety officials that they control their own networks. At issue is a section of the airwaves created when television stations converted from analog to digital signals, freeing up additional space for other applications. A 10 megahertz band was set aside for public safety to build a wireless broadband network, and Congress instructed the F.C.C. to auction off an additional 10 megahertz that would include a network built to public safety specifications. That auction, in 2008, failed because it did not attract the minimum bid. The F.C.C. has proposed another auction with less onerous specifications, but it would still produce a commercial system on which public safety would have priority in case of an emergency. Public safety officials ? associations of police departments, fire chiefs and other law enforcement and rescue agencies ? oppose that plan, saying that they need all 20 megahertz of spectrum to build a wireless broadband system that is theirs alone. F.C.C. officials liken that scenario to building a separate highway for the use of police cars and fire trucks, rather than having the public pull over to the side of the road when a fire truck or ambulance needs to pass. Police and fire officials are difficult constituents to oppose when they combine forces on Capitol Hill, and with the approach of the midterm elections, public safety trade groups have gained considerable support in Congress for their effort to secure the extra spectrum. Competing bipartisan bills have been introduced and will receive hearings beginning this month. Some Homeland Security officials fear that the debate over broadband is obscuring strides that have been made in linking voice systems, which will continue long into the future to be the dominant method of communication for public safety departments during emergencies. Meanwhile, the window to plan a next-generation broadband system is starting to close. ?There is nothing that is inevitable about having a nationwide, interoperable system,? Mr. Barnett told Congress this summer. ?Indeed, the last 75 years of public safety communications teaches us that there are no natural or market forces? that will make it happen. From rforno at infowarrior.org Tue Sep 7 10:42:14 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Sep 2010 11:42:14 -0400 Subject: [Infowarrior] - New lawsuit to challenge laptop searches at U.S. border Message-ID: <3309BDEA-E632-4C4E-B926-5D68D11CA533@infowarrior.org> New lawsuit to challenge laptop searches at U.S. border By Ellen Nakashima Washington Post Staff Writer Tuesday, September 7, 2010; 4:18 AM http://www.washingtonpost.com/wp-dyn/content/article/2010/09/07/AR2010090700845_pf.html Criminal defense lawyers, press photographers and a university student are challenging the Obama administration's search policy permitting officers at U.S. borders to detain travelers' laptop computers and examine their contents even without suspecting the traveler of wrongdoing. In a federal lawsuit to be filed Tuesday in the Eastern District of New York, the plaintiffs allege that the Department of Homeland Security policy violates constitutional rights to privacy and free speech. At issue is the government's contention - upheld by two federal appeals courts - that its broad authority to protect the border extends to reviewing information stored in a traveler's laptop, cellphone or other electronic device, even if the traveler is not suspected of involvement in criminal activity. In the government's view, a laptop is no different than a suitcase. After the Sept. 11, 2001, terrorist attacks, the George W. Bush administration took an expansive view of the government's authority at the border in an effort to stop terrorists from entering the country, and to find evidence of terrorist plots. The Obama administration has followed suit, the plaintiffs said, with a pair of DHS policies issued by U.S. Customs and Border Protection (CBP) and U.S. Immigration and Customs Enforcement in August 2009 that reaffirmed the policy of suspicionless searches at the border. "Keeping Americans safe in an increasingly digital world depends on our ability to lawfully screen materials entering the United States," Homeland Security Secretary Janet Napolitano said when the policies were issued. "The new directives . . . strike the balance between respecting the civil liberties and privacy of all travelers while ensuring DHS can take the lawful actions necessary to secure our borders." But the American Civil Liberties Union, which is filing the case on behalf of the plaintiffs, argues that laptops and smartphones, unlike a suitcase of clothes and toiletries, contain highly personal information, from financial records to family photos. The government should have a "reasonable suspicion" that a crime has been or is about to be committed before reviewing such information, the plaintiffs contend. Justice Department spokesman Charles Miller said that once the lawsuit is filed, "we'll review it and make a determination on how we'll ultimately respond in court." ACLU attorney Catherine Crump said this case may be more likely to succeed than previous challenges, which involved criminal defendants whose laptops contained child pornography. "The plaintiffs in our case are extremely sympathetic, and the harms they suffered are grave," Crump said. "I'm optimistic that a judge seeing that will be more inclined to recognize that the Fourth Amendment requires reasonable suspicion for searches that are this invasive." The plaintiffs are the National Association of Criminal Defense Lawyers (NACDL), the National Press Photographers Association and Pascal Abidor. Abidor, a 26-year-old doctoral student and dual U.S.-French citizen, was on an Amtrak train from Montreal to New York to visit family last spring when his laptop was searched and confiscated by CBP officers. "I had no idea how this would end, what repercussions this would have on any aspect of my life," Abidor said in an interview. "Here my laptop and hard drive were taken away from me, after having done nothing. Having no control over what might happen to me, or over what the government might believe me to be up to, was extremely frightening." The following account is taken from the complaint and the interview. On May 1, at an inspection point at the border of Quebec and New York, a CBP officer who had examined Abidor's two passports, which had visas for Jordan, Syria and Lebanon, asked to inspect his belongings. In the train's cafe car, the officer turned on his laptop, ordered him to enter his password and began to examine its contents. Abidor, whose focus is Islamic studies at Montreal's McGill University, frequently travels internationally to conduct research. She asked him about personal photos as well as pictures he had downloaded from the Internet for research, including images of rallies by the militant Islamist groups Hamas and Hezbollah. She asked him why he had "this stuff" on his computer, the complaint said. He said that his research focused on the modern history of Shiites in Lebanon. He was later handcuffed and detained for three hours, and agents asked him to explain why he had so many "symbolic materials" in his possession. Abidor's laptop and hard drive were returned to him 11 days later. By examining the "last opened" date of files, Abidor saw that officers had examined directory folders on his laptop as well as backup documents stored on his external hard drive. The files included personal photos, a transcript of a chat with his girlfriend, copies of e-mail correspondence, class notes and his tax returns. Today, Abidor travels with less information on his computer. He "self-censors" photos he downloads to his computer. He said he will have to warn people he interviews for research that U.S. officials may have access to the notes, but fears this will discourage interviewees from being candid. The NACDL and the New York Civil Liberties Union are co-counsel in the case. Abidor is among 6,671 travelers whose laptops or other devices were searched between October 2008 and June 2010, according to the ACLU. Slightly less than half - 45 percent - were U.S. citizens. Eighty-three percent were male, 52 percent identified as white, 10 percent as black and 9 percent as Asian. No category was provided for people of Middle Eastern descent. The policy also permits agencies under certain circumstances to share the data found on travelers' devices, which was done 282 times between July 2008 and July 2009, according to the ACLU. From rforno at infowarrior.org Tue Sep 7 11:56:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Sep 2010 12:56:10 -0400 Subject: [Infowarrior] - Pirate Bay down, police raids across Europe Message-ID: <14F3D3AC-A920-4E22-99C5-0A37CCF2C9B6@infowarrior.org> Pirate Bay down, police raids across Europe Co-ordinated swoop in 14 countries 07 September, 2010 http://www.thinq.co.uk/2010/9/7/pirate-bay-down-police-swoop-across-europe/ UPDATE, 15:11 GMT: Site currently unavailable again. UPDATE, 14:02 GMT: Pirate Bay site now back online in UK, though torrent trackers appear not to be working. Further news as soon as it's available. Torrent-tracking site The Pirate Bay is currently unavailable as reports come in of co-ordinated police raids against file sharers across Europe. Police in up to 14 countries carried out raids against suspected file-sharing servers this morning. According to file-sharing news site TorrentFreak, the bulk of police action seems to have taken place in Sweden. Swedish Internet service provider ISP, which hosts both The Pirate Bay and whistle-blowing site WikiLeaks, earlier denied rumours of a police raid, saying that officers had visited them to ask questions over two suspect IP addresses, and that no computers or other goods had been seized. Swedish Prosecutor Frederick Ingblad confirmed to Swedish newspaper Expressen that WikiLeaks was not involved in the current action. "At 9:00 this morning, five policemen were here," PRQ director Mikael Viberg said. "They were interested in who was using two IP addresses from 2009 and onwards. "We have no records of our clients but we're handing over the e-mail addresses for those behind the IPs. However, it's rare that our clients have mail addresses that are traceable." It appears that a number of other locations in Sweden have been the subject of police action, including Stockholm, Malm?, Ume? university and Eskilstuna. Four individuals are said to be being questioned on suspicion of breaching copyright law. Servers and computers are reported to have been seized. Simultaneous raids are also said to have been carried out in The Netherlands, Belgium, Norway, Germany, Great Britain, the Czech Republic and Hungary. The action, targeting the so-called 'Warez Scene', is said to have been in planning for two years, and is believed to have taken place at the request of Belgian authorities. We'll keep you updated as further details emerge. From rforno at infowarrior.org Tue Sep 7 14:55:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Sep 2010 15:55:13 -0400 Subject: [Infowarrior] - Courts May Require Search Warrants for Cell Phone Location Records Message-ID: <39EF0CC4-D420-4090-B542-83826A11FAAB@infowarrior.org> September 7th, 2010 Breaking News on EFF Location Privacy Win: Courts May Require Search Warrants for Cell Phone Location Records News Update by Kevin Bankston http://www.eff.org/deeplinks/2010/09/breaking-news-eff-location-privacy-win-courts-may This morning, the Third Circuit Court of Appeals in Philadelphia issued its highly anticipated ruling in a hotly contested cell phone location privacy case. EFF filed a friend-of-the-court brief and participated at oral argument in the case, arguing that federal electronic privacy law gives judges the discretion to deny government requests for cell phone location data when the government fails to show probable cause that a crime has been committed. The Third Circuit today agreed with EFF, holding that federal law allows judges the discretion to require that the government obtain a probable cause search warrant before accessing cell phone location data. The Court further agreed with EFF that location information that can be used to demonstrate or infer that someone or something was in a private space such as the home may be protected by the Fourth Amendment, rejecting the government's argument that the privacy of location records held by phone companies is never constitutionally protected. Although the court did not definitively rule on the Fourth Amendment status of cell phone location information, it made clear that under some circumstances the privacy of such data could be constitutionally protected, and that judges have the discretion to require a warrant to avoid potentially unconstitutional seizures of location data. The appeals court has remanded the case back to the original magistrate judge that initially denied the government's request to obtain cell phone location data without probable cause, asking the lower court to shore up its original decision with new fact-finding into the government's need for the requested data and the precision of that data in identifying a person's location. EFF looks forward to participating in those proceedings and opposing any attempt by the government to appeal today's decision. Thanks to our colleagues at the Center for Democracy and Technology, the American Civil Liberties Union and the ACLU of Pennsylvania for participating with us as friends-of-the-court in this case, and special thanks to Professor Susan Freiwald of the University of San Francisco Law School, who also submitted a brief and participated at oral argument along with EFF's Kevin Bankston. Attachment From rforno at infowarrior.org Tue Sep 7 17:16:09 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 7 Sep 2010 18:16:09 -0400 Subject: [Infowarrior] - Virginia court: Police can use GPS to track suspect Message-ID: <3C77B70C-722D-472F-97D8-8EF15E9C65EF@infowarrior.org> Virginia court: Police can use GPS to track suspect By LARRY O'DELL Associated Press Writer September 7, 2010 http://www.wtvr.com/news/dp-va--gpstracking-appea0907sep07,0,7510292.story RICHMOND, Va. - The same GPS technology that motorists use to get directions can be used by police without a warrant to track the movements of criminal suspects on public streets, the Virginia Court of Appeals said Tuesday. In a case that prompted warnings of Orwellian snooping by the government, the court unanimously ruled that Fairfax County Police did nothing wrong when they planted a GPS device on the bumper of a registered sex offender's work van without obtaining a warrant. Police were investigating a series of sexual assaults in northern Virginia in 2008 when they focused on David L. Foltz Jr., a registered sex offender on probation. They attached a global positioning system device to the van he drove for a food services company and tracked him as he drove around. After another sexual assault occurred, police checked the GPS log and determined that the van had been a block or two from the scene at the time of the attack. That prompted officers to follow Foltz in person the next day. They saw Foltz knock a woman to the ground and try to unbutton her pants, according to the appeals court. Foltz was arrested. A jury convicted him of abduction with intent to defile and sentenced him to life in prison. Defense attorney Christopher Leibig tried to have the evidence against Foltz suppressed, arguing that the use of the GPS device amounted to unconstitutional search and seizure and violated the defendant's privacy rights. Arlington County Circuit Judge Joanne F. Alper rejected the argument, and the appeals court upheld her ruling. Foltz claimed that if police could track him by GPS without a warrant, all citizens are subject to the sort of "Big Brother" government monitoring that George Orwell wrote about in his novel "1984." The court found no merit in such a dire warning. "Several other appellate courts have acknowledged a very legitimate concern that, if the police are allowed to randomly track whole sections of the population without probable cause or reasonable suspicion, then privacy rights may well be violated,"' Judge Randolph A. Beales wrote for the appeals court. "However, this case does not involve dragnets and mass surveillance, so these warnings are not as relevant here." According to the court, citizens have no expectation of privacy on public streets. The use of the GPS system provided police with the same information they could get by physically tailing a suspect, the court said. Foltz could appeal the ruling to the Virginia Supreme Court, which has never ruled on GPS tracking by police. Leibig did not immediately return a phone message. From rforno at infowarrior.org Wed Sep 8 10:58:38 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Sep 2010 11:58:38 -0400 Subject: [Infowarrior] - Cyber Command Defines Its Mission Message-ID: Cyber Command Defines Its Mission By Paul McLeary Washington http://www.aviationweek.com/aw/generic/story.jsp?id=news/dti/2010/09/01/DT_09_01_2010_p34-248250.xml&headline=Cyber%20Command%20Defines%20Its%20Mission&channel=dti After several delays, U.S. Cyber Command was established in May at Ft. Meade, Md., under the umbrella of the U.S. Strategic Command. At the helm is Air Force Gen. Keith B. Alexander, who is also director of the National Security Agency and head of the Central Security Service. Congress made him responsible for ?directing the operations and defense of the Defense Department?s information networks, the systemic and adaptive planning, integration and synchronization of cyber-activities and . . . for conducting full-spectrum military cyberspace operations to ensure U.S. and allied freedom of action in cyberspace.? But how will the command fulfill this mission? Part of the answer lies in how the command prepares for a mission that requires the integration of IT offices from all five services, all combatant commands, the nation?s intelligence services and by necessity the private sector, including public utilities and industry, and local law enforcement. Factor in as well foreign governments and non-state actors who are involved in cyber-espionage or suspected of attacking the Defense Department?s networks. All of this must be taken into account as Cyber Command identifies, connects and strengthens the latticework of 15,000 different Pentagon networks, 4,000 military installations and more than seven million Defense Department computer and telecommunication tools. The scope of the problem, considering the amount of hardware and software that needs to be cataloged, ordered and protected, is staggering. Since the command has been set up to tackle a new and emerging kind of warfare?one which hasn?t been fully defined?it is critical that Cyber Command breaks out of the rigid historical and structural box that conventional U.S. combatant commands operate in, say several industry experts interviewed by DTI. Michael Tanji, a security consultant who previously worked with the Defense Intelligence Agency, National Security Agency and National Reconnaissance Office, says the command should strive to ?operate in a matrix fashion? and bring in the right staffers regardless of where they sit on the civilian/military divide, or even which service or office they report to, for any given problem. ?A pyramid-shaped organization chart, made up of smaller pyramid-shaped organization charts, is not going to work,? he says. ?Cyber Command has to deal with offense and defense, and the best way to do that is to have [everyone] work together to understand the adversary mindset and techniques. You?re a much better defender if you know how bad guys exploit software; you?re a much better attacker if you know what defenders can do to stop you from succeeding.? The notion that this command needs to find a new way of operating is shared by another analyst, Richard Stiennon, who says ?it?s not like setting up the Air Force or bringing in John Paul Jones to set up the Navy, where you take some people at the beginning of an industry and have them do it. We?re 10-15 years behind the times and playing catch-up.? Stiennon, chief research analyst at IT-Harvest and an IT security adviser who has worked for the Pentagon and private industry, adds, ?Imagine if the Navy decided to get into aircraft carriers today, from scratch,? without having the benefit of decades of developing aircraft and carrier technologies, tactics and procedures in tandem. That, he says, captures the scope of the task ahead. Stiennon says the first priority of the command should be simple: start with the basics. ?On Day 1, if [General] Alexander were to pound the table with his fist, it should be to discover and know every network connection and make sure it?s protected. That?s a huge task. It would be expensive, but it?s got to be done.? An event in Washington in July, sponsored by the Armed Forces Communications and Electronics Association, brought together the major players from industry, cyber-office heads from the individual services and Cyber Command leaders to figure out how some of these problems might be addressed. Bruce Held, director of intelligence and counterintelligence for the Energy Department, warned that ?a static cyber-defense can never win against an agile cyber-offense. No matter how many attacks the U.S. repels in the coming years, there will always be more on the way. ?You beat me 99 times, I will come after you 100 times. Beat me 999 times, I will come after you 1,000 times,? and eventually, ?I will beat you.? Army Brig. Gen. John Davis, director of current operations at U.S. Cyber Command, said it is imperative that the offensive capabilities of the military are linked with other government agencies and the civilian world, so the government can build ?the frameworks to plan across the spectrum of conflict.? Another panelist, Ed Mueller, chairman of the President?s National Security Telecommunications Advisory Committee, added that ?we?ve made a big push over the last several years to become more tactical? when it comes to thwarting cyber-attacks. To continue innovating, ?a bridge between private [industry] and public [government] is absolutely essential.? Given the pervasive nature of the threat from hackers and even disgruntled service members leaking information that each service has to confront?the recent leak of 90,000 pages of tactical reports from Afghanistan to the activist website WikiLeaks shows how pervasive the threat is?one wonders how all of these different cyber commands are going to coalesce into one effective organization under U.S. Cyber Command. The new command?s director of plans and policy, USAF Maj. Gen. Suzanne Vautrinot, moderated a panel of cyber commanders from the services, saying that ?nobody here has one job,? since those tasked with leading their services? cyber-operations are ?dual-hatted? to Cyber Command. USAF Brig. Gen. Gregory Brundidge added that the services have to ?harmonize? their efforts, and quickly. He mentioned that when he was deployed to Iraq, the services ?were fighting to get information because everyone was reporting through their own services. If there is one lesson we?ve learned over the years, it?s that anything that brings our efforts closer together and harmonizes things is going to get us much farther along in our journey . . . what we?re all grappling with today is how . . . we bring all these things together that we have created in our own cocoons.? In comments this summer to a group at the Center for Strategic and International Studies, Alexander outlined some of the difficulties that Cyber Command faces under different scenarios. For example: When the U.S. is at war with another state; a state uses an intermediary to ?bounce? an attack (i.e., conceal its involvement) against U.S. networks; or the U.S. is under attack by stateless entities. ?Each one of those is going to have different standing rules of engagement,? Alexander said. ?What we don?t have now is precision in those standing rules of engagement, [which] we need. And we?re working through those with U.S. defense policy and up through the deputies? committees for the administration.? While the command might not yet have methods to work through these problems, Stiennon says, the danger lies in the fact that ?you can?t do this slowly, the adversaries already know about the networks?they might know more about the network than the owners of the network. You?ve got to slam the door in their face, and you?ve got to do it now.? Tanji sees the success of Cyber Command resting on the issue of whether the leadership can think, organize and behave as an information-age enterprise. ?If their model is that of every other military command, then they will fail,? he says. ?They will spend their time fighting internal and external battles. The only way they will succeed in a military command structure is if their authorities trump other command and service level [structures]. To overcome that you need to be thinking about how to offer solutions or capabilities that multiply the power of operational commands within that construct.? Photo: USAF Copyright ? 2010 Aviation Week, a division of The McGraw-Hill Companies. From rforno at infowarrior.org Wed Sep 8 10:59:30 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Sep 2010 11:59:30 -0400 Subject: [Infowarrior] - Cyber Task Force Passes Mission to Cyber Command Message-ID: <1F1FEAD0-FB9B-4491-A8B7-1D1487B0B462@infowarrior.org> Cyber Task Force Passes Mission to Cyber Command American Forces Press Service, 07 Sep 2010 Army Sgt. 1st Class Michael J. Carden http://www.defense.gov/news/newsarticle.aspx?id=60755 ARLINGTON, Va. - After spending the better part of the past decade defending the Defense Department's computer networks, the Joint Task Force Global Network Operations command cased its colors. The task force was deactivated in a ceremony today here at the Defense Information Systems Agency. The task force?s operations and personnel now fall under U.S. Cyber Command at Fort Meade, Md. Air Force Gen. Kevin P. Chilton, commander of U.S. Strategic Command, presided over the ceremony. Although the ceremony marked the end of the task force?s tenure, its mission continues, he said. ?Today we?re rolling the flag at JTF-GNO, but we?re not rolling the mission,? Chilton said. ?This mission will continue on at U.S. Cyber Command and will be as essential tomorrow as it is today to the United States of America.? The task force was short-lived, but it was the product of 12 years of initiatives and foresight to develop the best ways to operate on the cyber battlefield. JTF Computer Network Defense was created in 1998 under the U.S. Space Command. That task force had a dual mission to conduct offensive and defensive cyber operations. It was reorganized to fall under Stratcom in 2003. By 2004 the task force was redesignated as JTF Computer Network Operations to assume the offensive role. The JTF Global Network Operations also was established. The new task force?s mission was to direct the operation and defense of the global information grid throughout the full spectrum of war fighting, intelligence and business missions within the department. Since its activation, JTF Global Network Operations has ensured support to Operation Iraqi Freedom, Operation Enduring Freedom in Afghanistan, Operation Noble Eagle and the overall global war on terror. Cybercom was activated in May. The JTF Computer Network Operations followed soon after. JTF Global Network Operations? deactivation culminates years of work and effort to integrate Cybercom into its operations, Chilton said. ?It was clear that our missions needed to come together, and we?ve done that,? the general said. ?The transition began this year, and it?s going to continue today.? Chilton praised JTF Global Network?s final commander, Army Lt. Gen. Carroll F. Pollett, who he said changed the culture of network accountability within the department and got leaders involved in cyber security. ?The command and control was not as tight as it needed to be to confront the threats of today,? Chilton said. ?[Pollett] made our networks commanders? business. You brought that focus to every service and DoD agency.? Pollett assumed command of JTF Global Network Operations and duties as director of the Defense Information Systems Agency in November 2008. He remains director of DISA. JTF has played a significant role ?in setting the conditions for the future? of the department, cyberspace operations and the nation, Pollett said. As the JTF Global Network Operations colors are retired for the final time, Pollett said he?s reminded of the historical significance of the transition of the task force to Cybercom. The information environment, he said, has evolved dramatically, and today the information grid is more than something that enhances capabilities. ?[Information] has become an operational imperative in our ability to deliver decisive capabilities to warfighters and our national leaders,? the general said. ?Cyberspace has evolved into a new warfighter domain. ?[Cyberspace has proven equal and just as important as air, sea, land and space as a domain,? he continued. ?It?s clear that it must be defended and operationalized.? Pollett praised the people under his command for their efforts, calling them ?pioneers? on the cyber domain front. ?It?s an honor to recognize the [JTF Global Network Operations] men and women, past and present, for their extraordinary accomplishments in working in the cyber domain,? Pollett said. ?You led the way for dramatic changes in the Department of Defense as the mission, requirements and threats evolved.? From rforno at infowarrior.org Wed Sep 8 19:37:44 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 8 Sep 2010 20:37:44 -0400 Subject: [Infowarrior] - DHS Cybersecurity Watchdogs Miss Hundreds of Vulnerabilities on Their Own Network Message-ID: <2B49C96F-5410-4D48-BB17-5E6F2ADA458F@infowarrior.org> DHS Cybersecurity Watchdogs Miss Hundreds of Vulnerabilities on Their Own Network ? By Kevin Poulsen ? September 8, 2010 | ? 4:39 pm | ? Categories: Cybersecurity http://www.wired.com/threatlevel/2010/09/us-cert/ The federal agency in charge of protecting other agencies from computer intruders was found riddled with hundreds of high-risk security holes on its own systems, according to the results of an audit released Wednesday. The United States Computer Emergency Readiness Team, or US-CERT, monitors the Einstein intrusion-detection sensors on nonmilitary government networks, and helps other civil agencies respond to hack attacks. It also issues alerts on the latest software security holes, so that everyone from the White House to the FAA can react quickly to install workarounds and patches. But in a case of ?physician, heal thyself,? the agency ? which forms the operational arm of DHS?s National Cyber Security Division, or NCSD ? failed to keep its own systems up to date with the latest software patches. Auditors working for the DHS inspector general ran a sweep of US-CERT using the vulnerability scanner Nessus and turned up 1,085 instances of 202 high-risk security holes (.pdf). ?The majority of the high-risk vulnerabilities involved application and operating system and security software patches that had not been deployed on ? computer systems located in Virginia,? reads the report from assistant inspector general Frank Deffer. Einstein, the government?s intrusion-detection system, passed the security scan with flying colors, as did US-CERT?s private portal and public website. But the systems on which US-CERT analysts send e-mail and access data collected from Einstein were filled with the kinds of holes one might find in a large corporate network: unpatched installs of Adobe Acrobat, Sun?s Java and some Microsoft applications. In addition to the 202 high-risk holes, another 106 medium- and 363 low-risk vulnerabilities were found at US-CERT. ?To ensure the confidentiality, integrity, and availability of its cybersecurity information, NCSD needs to focus on deploying timely system-security patches to mitigate risks to its cybersecurity program systems, finalizing system security documentation, and ensuring adherence to departmental security policies and procedures,? the report concludes. In an appendix to the report, which is dated Aug. 18, the division wrote that it has patched its systems since the audit was conducted. DHS spokeswoman Amy Kudwa said in a statement Wednesday that DHS has implemented ?a software management tool that will automatically deploy operating-system and application-security patches and updates to mitigate current and future vulnerabilities.? From rforno at infowarrior.org Thu Sep 9 03:06:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Sep 2010 04:06:42 -0400 Subject: [Infowarrior] - Film industry hires cyber hitmen to take down internet pirates Message-ID: <103B7C5C-43B8-498B-82A4-9B9C51C07DD6@infowarrior.org> How do you spell "thugs"? H-o-l-l-y-w-o-o-d. -rf Film industry hires cyber hitmen to take down internet pirates Ben Grubb September 8, 2010 http://www.smh.com.au/technology/technology-news/film-industry-hires-cyber-hitmen-to-take-down-internet-pirates-20100907-14ypv.html The film industry is launching cyber attacks on websites hosting pirated movies. Illustration: Karl Hilzinger The film industry is using pirate tactics to beat the pirates ? by employing ?cyber hitmen? to launch attacks that take out websites hosting illegal movies. Girish Kumar, managing director of Aiplex Software, a firm in India, told this website that his company, which works for the film industry, was being hired - effectively as hitmen - to launch cyber attacks on sites hosting pirated movies that don't respond to copyright infringement notices sent to them by the film industry. Kumar said 95 per cent of sites hosting illegal movies co-operated with notices, but a few - mostly sites hosting torrents and used primarily for illegal content - did not. Managing director of Aiplex Software, Girish Kumar. Photo: Supplied "Most movies are released on Friday morning at 10am in India," Kumar said in a telephone interview. "The movie is released in the morning [and] by afternoon it's on the internet." His company trawled the net to find movies uploaded, he said. "What we do is we see all those links on the net," he said. "We find the hosting [computer] server and send them a copyright infringement notice because they're not meant to have those links. If they don't remove [the link] we send them a second notice and ask them [again] to remove it." He said that if the provider did not do anything to remove the link or content hosted on its site, his company would launch what is known as a denial-of-service (DoS) attack on the offending computer server. In Australia, distrubuted-denial-of-service (DDoS) attacks are an offence under section 477.3 of the Criminal Code Act 1995, according to the Australian Federal Police. As for DoS attacks, which are different, according to Australian law a person is guilty of an offence if the person causes "any unauthorised impairment of electronic communication to or from a computer". According to news site Daily News & Analysis, Kumar's company sometimes went further in its attacks. "At times, we have to go an extra mile and attack the site and destroy the data to stop the movie from circulating further," the site quoted him as saying. "Generally speaking 95 per cent of ... providers do remove the content. It's only the torrent sites - 20 to 25 per cent of the torrent sites - that do not have respect for any of the copyright notices," Kumar said. "How can we put the site down? The only means that we can put the site down is [by launching a] denial-of-service [attack]. Basically we have to flood [the site] with millions and millions of requests and put the site down." He said commercial sites such as YouTube and Daily Motion were the only sites that responded promptly to infringement notices. "They are immediately responding to our copyright notices and removing the links and this is saving immense revenue to the producers [of movies]," he said. Asked whether his company ever warned when it was to launch a DoS attack on a site if it did not remove pirated content, Kumar said that it did not. "No, we don't do that. We generally ask them to respect the copyright notices under DMCA ruling XYZ." Kumar even pledged to come to Australia to help out on internet piracy here. "If you want me to service any Australian companies I would be really pleased to come down and do a presentation and work for the Australian movie [industry] also if they are willing," he said. Kumar said that at the moment most of the payment for his company's services came from the film industry in India. "We are tied up with more than 30 companies in Bollywood. They are the major production houses." As for Hollywood films, he said they, too, used his services. "We are tied up with Fox STAR Studios - Star TV and 20th Century Fox - who are a joint venture company in India." The Australian Federation Against Copyright Theft, or AFACT, which represents the film industry on piracy in Australia, said it did not condone the activities of Kumar's company. "The methodology [used by Kumar's company] ... is not something that AFACT has undertaken nor sub-contracted to outside vendors," executive director Neil Gane said. Asked whether it, on behalf of the Australian film industry, would use Kumar's services, it said: "AFACT have very talented in-house investigators and a successful track record that does not require outside vendors to assist in ongoing criminal investigations." "AFACT investigates websites that infringe our member companies content and refers such alleged criminal matters to law-enforcement agencies using investigative techniques that are within the law, cost effective and would elicit the necessary level of evidence to support further police inquiries." From rforno at infowarrior.org Thu Sep 9 09:04:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Sep 2010 10:04:01 -0400 Subject: [Infowarrior] - Hackers reveal an IOS 4.1 jailbreak Message-ID: Hackers reveal an IOS 4.1 jailbreak Steve Jobs will need more than a software fix for this one By Lawrence Latif Thu Sep 09 2010, 14:19 http://www.theinquirer.net/inquirer/news/1732232/hackers-reveal-ios-41-jailbreak JUST HOURS after Apple released the latest version of its Iphone operating system, coders have managed to figure out ways to jailbreak it. The Iphone Dev team had already said a while back that it had started to put all its effort on jailbreaking IOS 4.1 and it seems that Apple might have trouble plugging the security hole this time around. Talented hackers have managed to get around Apple's restrictions by exploiting a hole in the boot ROMs of Apple's Iphone and Ipod Touch devices. As this is a boot ROM exploit, IOS is not in the loop, with one developer having already confirmed that the hack works on Iphones that run IOS 4.1. The upshot of this is that a simple firmware update will be unlikely to patch things up and this could mean that Apple will be forced to modify its hardware should it want to stop jailbreaking. Various Iphone hackers have confirmed the viability of the latest jailbreaking exploit, meaning that it won't be long before a 'production release' hits the Internet. It makes you wonder about Apple's technical prowess, given the restrictions that it likes to put on the Iphone. But who's to complain? After all, Apple's incompetence is its users' gain. This time it looks like Apple won't be able to merely release another software patch to cover up its failings. ? From rforno at infowarrior.org Thu Sep 9 09:51:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Sep 2010 10:51:55 -0400 Subject: [Infowarrior] - NC sheriffs want lists of patients using painkillers Message-ID: <46124620-E711-473B-9601-76555182E52E@infowarrior.org> http://www.newsobserver.com/2010/09/08/669723/lists-of-pain-pillpatients-sought.html Sheriffs want lists of patients using painkillers BY LYNN BONNER - staff writer Sheriffs in North Carolina want access to state computer records identifying anyone with prescriptions for powerful painkillers and other controlled substances. The state sheriff's association pushed the idea Tuesday, saying the move would help them make drug arrests and curb a growing problem of prescription drug abuse. But patient advocates say opening up people's medicine cabinets to law enforcement would deal a devastating blow to privacy rights. Allowing sheriffs' offices and other law enforcement officials to use the state's computerized list would vastly widen the circle of people with access to information on prescriptions written for millions of people. As it stands now, doctors and pharmacists are the main users. Nearly 30 percent of state residents received at least one prescription for a controlled substance, anything from Ambien to OxyContin, in the first six months of this year, according to the state Department of Health and Human Services. Nearly 2.5 million people filled prescriptions in that time for more than 375 million doses. The database has about 53.5 million prescriptions in it. Sheriffs made their pitch Tuesday to a legislative health care committee looking for ways to confront prescription drug abuse. Local sheriffs said that more people in their counties die of accidental overdoses than from homicides. For years, sheriffs have been trying to convince legislators that the state's prescription records should be open to them. "We can better go after those who are abusing the system," said Lee County Sheriff Tracy L. Carter. Others say opening up patients' medicine cabinets to law enforcement is a terrible idea. "I am very concerned about the potential privacy issues for people with pain," said Candy Pitcher of Cary, who volunteers for the nonprofit American Pain Foundation. "I don't feel that I should have to sign away my privacy rights just because I take an opioid under doctor's care." Pitcher is receiving treatment for a broken back. The ACLU opposed a bill in 2007 that would have opened the list to law enforcement officials, said ACLU lobbyist Sarah Preston. The organization would likely object to the new proposal. "What really did concern us is the privacy aspect," she said. Opening the record to more users could deter someone from getting necessary medicine because of the fear that others would find out, she said, "particularly in small towns where everybody knows everybody." The state started collecting the information in 2007 to help doctors identify patients who go from doctor to doctor looking for prescription drugs they may not need, and to keep pharmacists from supplying patients with too many pills. But only about 20 percent of the state's doctors have registered to use the information, and only 10 percent of the pharmacies are registered. Many chain pharmacies aren't connected to the Internet, said Andy Ellen, a lobbyist for the N.C. Retail Merchants Association. Pharmacy computers work on closed systems so they won't be vulnerable to viruses that could slow or crash their networks. Pharmacies are trying to figure out a way around that obstacle to the controlled-substance prescriptions list, he said. Bettie Blanchard, a woman from Dare County whose adult son is recovering from addiction to prescription drugs, said doctors should be required to consult the list when prescribing controlled substances. She also wants doctors to get more education on prescribing narcotics. Doctors should be required to tell patients that the medicine they are being prescribed can be addictive, she said. William Bronson, who works in a drug control unit at DHHS, presented what could be a compromise to the sheriffs' request - allowing local drug investigators to request information related to ongoing investigations, but not let them go in to the computer records themselves. Eddie Caldwell, lobbyist for the N.C. Sheriff's Association, said the level of access to the data is up for discussion. "There's a middle ground where the sheriffs and their personnel working on these drug abuse cases get the information they need in a way that protects the privacy of that information," he said. "No one wants every officer in the state to be able to log on and look it up." From rforno at infowarrior.org Thu Sep 9 09:54:52 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Sep 2010 10:54:52 -0400 Subject: [Infowarrior] - Facebook users 'are insecure, narcissistic and have low self-esteem' Message-ID: <27C950BA-420D-42A7-A0F8-1FCE56040539@infowarrior.org> Facebook users 'are insecure, narcissistic and have low self-esteem' By Mail Foreign Service Last updated at 10:43 AM on 9th September 2010 http://www.dailymail.co.uk/sciencetech/article-1310230/Facebook-users-narcissistic-insecure-low-self-esteem.html Using Facebook is the online equivalent of staring at yourself in the mirror, according to a study. Those who spent more time updating their profile on the social networking site were more likely to be narcissists, said researchers. Facebook provides an ideal setting for narcissists to monitor their appearance and how many ?friends? they have, the study said, as it allows them to thrive on ?shallow? relationships while avoiding genuine warmth and empathy. People who constantly check Facebook may be lacking in self-esteem, a study found They also tend to use the site for promoting themselves to friends or people they would like to meet, the study concluded. Researcher Soraya Mehdizadeh from York University in Canada asked 100 students, 50 male and 50 female, aged between 18 and 25 about their Facebook habits. They all took psychology tests to measure their levels of narcissism, which the study defined as ?a pervasive pattern of grandiosity, need for admiration, and an exaggerated sense of self-importance?. Those who scored higher on the narcissism test checked their Facebook pages more often each day than those who did not. There was also a difference between men and women ? men generally promoted themselves by written posts on their Facebook page while women tended to carefully select the pictures in their profile. The findings, published in the journal Cyberpsychology, Behaviour And Social Networking, also suggested that those with low self-esteem also checked their Facebook pages more regularly than normal. This may not be altogether surprising as it is widely thought, however contradictory it may appear, that narcissism is linked to a deep-rooted lack of self-esteem. Miss Mehdizadeh admitted that not everyone would appreciate her findings. She said: ?I think people get sort of defensive about it ? like, ?I don?t use my Facebook for that reason? ? because it?s a label that you don?t want to be slapped with.? Facebook has more than 500million users worldwide and is the world?s biggest social networking website, but it has been involved in a number of controversies. A study earlier this week showed that the grades of students who use Facebook while they study, even if it is only on in the background, are 20 per cent lower on average than those of non-users. From rforno at infowarrior.org Thu Sep 9 15:27:57 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Sep 2010 16:27:57 -0400 Subject: [Infowarrior] - Did Internet founders foresee future filled with paid, prioritized traffic? Message-ID: <17DC6812-4C89-4D84-977E-7CC603423DB7@infowarrior.org> Did Internet founders foresee future filled with paid, prioritized traffic? By Matthew Lasar | Last updated about 3 hours ago http://arstechnica.com/telecom/news/2010/09/did-internet-founders-foresee-future-filled-with-paid-prioritized-traffic.ars AT&T has set off yet another net neutrality firestorm, claiming that a crucial Internet standards-making body gave its blessing to ISP priority access deals way back at the beginning of it all. In the late 1990s, the Internet Engineering Task Force (IETF) added the "DiffServ" field to Internet Protocol (IP), AT&T insists, "to facilitate paid prioritization as a means for encouraging the further growth and development of the Internet." Paid priority access "was fully contemplated" and even "expressly contemplated" by the IETF decades ago, the telco has told the Federal Communications Commission, and is "fully consistent" with that body's standards-making discussions. Baloney, insists the IETF's current chairman. "AT&T's characterization is misleading," Russ Housley told National Journal several days later. "IETF prioritization technology is geared toward letting network users indicate how they want network providers to handle their traffic, and there is no implication in the IETF about payment based on any prioritization." Obviously this is a hot historical debate, given that limiting content prioritization is central to the FCC's proposed net neutrality rules, as well as the Google/Verizon open Internet manifesto. AT&T and various reform groups have been going at it for weeks over the issue. So who is right here? And what is this DiffServ talk anyway? One protocol to rule them all When most people think of inventing, they usually conjure up big corporate labs with lots of equipment or, in earlier times, tinkerers at their basement tables. One of the more interesting aspects of Internet history is how much of the 'Net was invented at meetings?literally people in nice little rooms sitting around talking, with someone taking notes. By 1973, some of the creators of the ARPANET held one of these gatherings at Stanford University, and they were worried. There were already 15 "nodes" in the network, mostly university based extensions. Each was busy experimenting with their own little terminal computer offshoot subnetworks. How would this ever-expanding octopus retain a single, coherent nervous system? The answer they came up with was TCP?Transfer Control Protocol. The P-word is borrowed from diplomacy. Protocols are basically agreed upon standards for how information will be exchanged. TCP would be the master?adopted by all ARPANET connectors. As summarized by Internet historian Janet Abbate, TCP "did much more than just set up a connection between two hosts: it verified the safe arrival of packets using acknowledgements, compensated for errors by re-transmitting lost or damaged packets, and"?pay attention?"controlled the rate of data flow between the hosts by limiting the number of packets in transit." As the discussions continued through 1978, critics argued that TCP as originally envisioned required all portions of the network to do too much work. So they added another: Internet Protocol, which would just move packets from node to node?all of them labeled with numeric IP addresses. IP functions would be performed on packet routing "gateway" machines. TCP would perform the verification tasks on hosts. Together, they would be known as TCP/IP. "We wanted to have a common protocol and a common address space so that you couldn't tell, to first order, that you were actually talking through all these different kinds of nets," recalled Internet pioneer Vinton Cerf. The primary goal As the Internet exploded with users and networks, the future of TCP/IP and the challenge of handling Internet flows became part of the same conversation. By 1998, IETF engineers were pondering generally agreed upon standards for prioritizing IP traffic. In 1998 a small group of Cisco engineers put out two IETF Request for Comments documents (RFC 2474 and RFC 2475) which suggested adding a new feature to the IP protocol for the purpose of "Differentiated Services" or DiffServ. "The primary goal of differentiated services is to allow different levels of service to be provided for traffic streams on a common network infrastructure," RFC 2474 explained. "A variety of techniques may be used to achieve this, but the end result will be that some packets receive different (e.g., better) service than others." This was a concern from the get-go. "The history of the Internet has been one of continuous growth in the number of hosts," RFC 2475 added, "the number and variety of applications, and the capacity of the network infrastructure, and this growth is expected to continue for the foreseeable future. A scalable architecture for service differentiation must be able to accommodate this continued growth." The document proposed to introduce this by replacing an old IP header data field with a new one. Out the door would go an earlier field, known as the Type of Service (TOS) and proposed by RFC 2474, and in would come DS, or "DiffServ" as it came to be called. The latter would facilitate software that could grab "codepoint" data to evaluate the "packet experiences at each node," then prioritize. How would DiffServ users decide how to use the new field? Not our department, these RFC writers explained. "The requirements or rules of each service must be set through administrative policy mechanisms which are outside the scope of this document," they noted early on in RFC 2474. But the docs did acknowledge that DiffServ could be used for a variety of purposes. "Service differentiation is desired to accommodate heterogeneous application requirements and user expectations, and to permit differentiated pricing of Internet service," 2475 explained. Who is responsible? That last sentence is pretty much AT&T's historical gold mine, but was that reference to "differentiated pricing" a recommendation or just an observation? And what did these RFC writers mean by it? And for whom? For business enterprise customers whose users want certain kinds of traffic fast-tracked within an Intranet? Or did they mean AT&T telling The New York Times that if the newspaper pays the carrier a regular fee, the telco will make sure that its DSL and U-Verse customers can access the nytimes.com online edition more quickly and easily? Beyond the quote, AT&T's missive to the FCC doesn't offer much, so it keeps tunneling back into the past, as if adding more words will bolster the point. AT&T notes that RFC 2474 cited RFC 791, legendary Internet architect John Postel's Internet Protocol specification guide, which outlined IP's Type of Service parameters. "If the actual use of these precedence designations is of concern to a particular network," RFC 791 explained, "it is the responsibility of that network to control the access to, and use of, those precedence designations." And in the DiffServ environment, service providers "are free to configure the node parameters in whatever way that is appropriate for their service offerings and traffic engineering objectives," 2474 adds. Misguided projections But it's unclear how telling system administrators that they were free to use TOS or DiffServ as they wished indicates what these RFC writers thought about generating money from Internet services. That's the point that the Center for Democracy and Technology makes in its response to AT&T's claims. "AT&T's projection of the RFC authors' intent is misguided," CDT argues. "While differential pricing may certainly be used in conjunction with DiffServ, other than the single phrase selected by AT&T, the entirety of RFC 2475 is dedicated to describing the technical architecture needed to deploy differential services?not the payment schemes that may be associated with it." True?but there's something else going on here. When societies can't resolve difficult questions like net neutrality via the law, legislation, or negotiations, they often turn to history for guidance. That's clearly what is happening now regarding the priority access fight. From rforno at infowarrior.org Thu Sep 9 15:37:26 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Sep 2010 16:37:26 -0400 Subject: [Infowarrior] - OT: Relignoramus Message-ID: <3DF696D3-5DF3-4E78-A38F-1C5369A924D1@infowarrior.org> I've held off making any comment about this 'story' but Ian Gurvitz pretty much says what I'm thinking. -rick Reverend Terry Jones: Relignoramus http://www.huffingtonpost.com/ian-gurvitz/reverend-terry-jones-reli_b_709579.html One reason many people have soured on religion is the collection of villains, thieves, scoundrels, and morons whose actions and comments demonstrate a perverted sense of its meaning and purpose, whether it's Sharron Angle claiming in a recent anti-abortion statement that "rape and incest are part of God's plan," or Franklin Graham, son of Billy Graham, asserting his belief that "President Obama is a Muslim because he was, in fact, born into that religion due to the 'seed of Islam' being passed to him through his father." Funny, I'd always assumed my sperm were non-denominational. But for sheer gutter stupidity, you can't beat the Rev. Terry Jones of the Dove World Outreach Center in Gainesville, Fla., whose declared intent to burn copies of the Quran on 9/11 as a commemorative protest has the world in a snit. Claiming Islam is "of the Devil," Jones has been all over the media, including an interview with Chris Matthews, who, I'm sure, figured he'd let the guy hang himself with his own words. Unfortunately, that didn't happen, and Jones' media presence has only become more ubiquitous, as we close in on a "will he or won't he burn the Quran" moment, rivaled only by our interest in whether Lindsay will or won't get herself straight. The tension has been building as we get closer to the day of reckoning to see what this idiot will do. And that is sad on several levels. First off, the man is a clown. It is as juvenile to burn someone's holy book as it is primitive to think there's a man in the sky named God who's telling you to do it. And, and even if there were, which there isn't, don't you think that conversation might have been prefaced by God saying, "Ok, Reverend, I will anoint you to preach my message of protest to the world, but before I do, shave off that dumb-ass moustache. This isn't the 70s, and you're not playing for the Oakland Raiders." Why should anyone care about the actions of a dope? Even a religious dope. Second is the media's complicity. I don't live in Gainesville, so why do I know about this? The media told me. Because someone deemed it newsworthy. And as sure as the sun will rise on September 11, they will be in Gainesville in full swarm, covering this non-event. Unfortunately when an idiot like this is taken seriously enough by the media, it conveys an unwarranted legitimacy on him and his actions. After all, in the minds of many, if he didn't matter, he wouldn't be on TV. If he were just some ordinary book-burning rube, no one would care. But because he calls himself "Reverend," suddenly he warrants the attention of the media, which transforms the actions of a local clod into a symbol of national protest. And, once it becomes a story, no news outlet can afford to ignore it. Such is the unhealthy symbiosis between the media and the media whore. Modern culture, if one can call it that, is drowning in non-talented "celebrities" who are famous for being famous, and the fact that the media treats them as celebrities only increases their fame. And this is fine, or at least tolerable, when confined to the world of entertainment. But now it's encroaching into reality. And then there is the expected reaction of Muslims, conveyed by General Petraeus and others. An expectation of violent reprisals over this desecration of their holy book, along the lines of an attack on a Danish cartoonist for drawings of Mohammed. All these are symptoms of our primitive understanding of religion, which unfortunately pervades all traditions. Our devotion to symbols and books, as if they are holy in and of themselves, as opposed to repositories of meaning. Symbols represent an idea. They don't embody or contain it. Burning books is, and has always been, a thuggish activity by those who think they can wipe out an idea by burning a copy of a book that expresses it. Unfortunately, we've become more attached to symbols than the ideas they represent. Otherwise it would seem odd to commit violence against someone who burns a book that contains the mandate to "enjoin goodness and forbid evil in all aspects of life." It's a copy (or copies) of the Quran, not the Quran. People burn the U.S. flag all over the world, and it's seen as a form of protest, and most people don't have a coronary over it. The flag is a symbol. Fine, we get it. You're angry. So, burn it. The country won't evaporate. And we've got more flags. I also doubt the Reverend understands that Islam is part of his own intellectual tradition. It's the Judeo/Christian/Islamic tradition. Exactly where did the devil get involved along the way? But this is part of this notion we've come to accept called "religious differences," which basically amounts to saying: "The things I do to be a kinder, more compassionate person are better than the things you do to be a kinder, more compassionate person. So I'm going to have to kill you." The world is stuck in this cesspool of stupidity when it comes to religion, extending not just to the dumber individuals in various traditions, but to the media and government as well, where we're subjected to politicians who claim their candidacies are divinely sanctioned, goofball ministers who think they're striking a blow for God by burning books, and adherents ready to strike back with violence if their cherished book is burned. But for a moment, let's put the whole thing in perspective and drag it back to reality: Jones is just another American idiot who's going to pervert his own tradition with an action to protest activities that were based in the perversion of another. He's not a national figure. Not a scholar. Not a leader of any kind. Just a clod who doesn't understand his own religion, or anyone else's. The guy's a walking advertisement for atheism. He doesn't speak for all Christians. Or all Americans. Religion, in its purest form, is a system of rites, rituals, and practices that can lead one to a deeper experience of life. It is there to encourage our better natures, not foment our baser instincts. And while it may be too much to expect the entire world to crawl out of the intellectual dark ages in its understanding of religion, how about decent, intelligent people of all religious or intellectual persuasions, including those in the media, making a commitment, as a means of worldwide counter protest, to come together on this sad anniversary and simply ignore this a--hole? From rforno at infowarrior.org Thu Sep 9 16:15:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Sep 2010 17:15:39 -0400 Subject: [Infowarrior] - OT: Fla. minister cancels burning of Qurans on 9/11 Message-ID: <771DC423-FDC6-4D4D-8234-941290D33BEF@infowarrior.org> Fla. minister cancels burning of Qurans on 9/11 http://www.washingtonpost.com/wp-dyn/content/article/2010/09/09/AR2010090900743_pf.html By ANTONIO GONZALEZ, Associated Press Writer Antonio Gonzalez, Associated Press Writer ? 5 mins ago GAINESVILLE, Fla. ? The leader of a small Florida church that espouses anti-Islam philosophy says he is canceling plans to burn copies of the Quran on Sept. 11. Pastor Terry Jones said Thursday that he decided to cancel his protest because the leader of a planned Islamic Center near ground zero has agreed to move its controversial location. The agreement couldn't be immediately confirmed. Jones' plans to burn Islam's holiest text Saturday sparked an international outcry. President Barack Obama, the top U.S. general in Afghanistan and several Christian leaders had urged Jones to reconsider his plans. They said his actions would endanger U.S. soldiers and provide a strong recruitment tool for Islamic extremists. Jones' protest also drew criticism from religious and political leaders from across the Muslim world. THIS IS A BREAKING NEWS UPDATE. Check back soon for further information. AP's earlier story is below. GAINESVILLE, Fla. (AP) ? A Christian minister in Florida is canceling plans to burn Qurans on Sept. 11, heeding an international outcry that drew criticism from President Barack Obama and religious and political leaders across the Muslim world. From rforno at infowarrior.org Thu Sep 9 17:43:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Sep 2010 18:43:13 -0400 Subject: [Infowarrior] - Ebyline Wants to Create an iTunes for Journalism Message-ID: Ebyline Wants to Create an iTunes for Journalism By Mathew Ingram Sep. 9, 2010, 1:32pm PDT No Comments http://gigaom.com/2010/09/09/ebyline-wants-to-create-an-itunes-for-journalism/ There are plenty of startups that want to revolutionize the media business or transform the journalism profession. Ebyline ? an angel-financed startup founded by two former Los Angeles Times executives that launched today ? doesn?t want to do any of that. Co-founder Bill Momary says what the company really wants to do is simple: drag the process of producing and syndicating news content into the 21st century. Ebyline believes it can make journalism more efficient by creating an open marketplace: a kind of iTunes for journalism. At the moment, says Momary, the relationship between freelance journalists and the newspapers, magazines and websites they write for is archaic and inefficient (as someone who recently worked for a major newspaper, I can vouch for this). Freelancers have to cold-call publishers and then negotiate their own rates, then they have to invoice and manage their own billing and payment. Ebyline automates that process, handling all the billing and payment between the writer and the publisher. Freelancers can also ?self-syndicate? by putting their content up for bid in Ebyline?s marketplace. ?Having worked at a newspaper, we knew that the economic model around content was really broken ? but not the demand for quality content, because that has actually increased,? Momary said in an interview. ?What publishers really need is a way to cut costs and still provide that quality content, so we built a platform to help publishers and freelancers connect with each other in a more efficient way.? Existing relationships between publishers and newswire services or other content syndication providers are expensive and inefficient, says Momary, because they involve hefty annual fees, and many publishers only make use of a fraction of what they pay for. Ebyline?s ?a la carte? model allows them to pay for only the articles they actually use, and charges a small fee (8 percent of the total) for being the middleman in the process. It also exposes them to a marketplace of other writers they might not be familiar with, and does the same for freelancers, allowing them to broaden their reach. Selling content produced by freelance writers makes Ebyline sound a little like Demand Media, Associated Content and other so-called ?content farms,? but Momary says Ebyline is ?upstream? or higher on the food chain than these other companies, in the sense that it handles only content produced by trained journalists; freelancers are approved either by having their work published by an existing publisher, or by submitting work that is then judged by Ebyline staff, in the same way that Apple determines whose apps will be allowed into the iTunes store. Ebyline is also focused on news-driven content, he says, rather than content generated based on keywords or a search algorithm. Unlike a startup such as NewsTilt ? which launched earlier this year as a platform for independent journalists but folded several months later ? the Ebyline founder says he?s not trying to build a new content business, but simply automating and making more efficient one that already exists. Since traditional publishers such as newspapers are desperately trying to reduce costs and become more efficient in order to remain in business, Ebyline?s pitch seems like it would be a fairly attractive one. The company is already working with Variety magazine, ProPublica, MinnPost and the Texas Observer, and is currently trying to raise a Series A financing round. From rforno at infowarrior.org Thu Sep 9 20:01:14 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Sep 2010 21:01:14 -0400 Subject: [Infowarrior] - China's Great (Quantum) Leap Forward Message-ID: China's Great (Quantum) Leap Forward By Christopher Shay Thursday, Sep. 09, 2010 http://www.time.com/time/world/article/0,8599,2016687,00.html Like a pair of male turkeys puffing up their chests at each other, the U.S. and Chinese militaries are back at it again, engaging in tit-for-tat military exercises in the Yellow Sea. On Sept. 4, the Chinese navy finished live artillery maneuvers, using some of its newest planes, ships and battlefield weaponry in a publicly announced show of military strength. Though Chinese state media called the war games "routine," the timing of the event ? just days before a scheduled U.S.-South Korea anti-submarine exercise in the same waters ? suggests it's more likely an attempt to send the U.S. a simple message: This is our backyard. After watching U.S.-led forces obliterate a Soviet-style Iraqi military in the first Gulf War, China realized it needed to improve its own outdated army. It has increased military expenditures every year for the past two decades. While Chinese officials called the relationship with the U.S. "stable" during talks in Beijing this week, given China's ambitions in the region, tensions between the two are sure to continue. Denny Roy, a senior fellow at the East-West Center in Honolulu, says China is "working towards a sphere of influence," and with their stronger military, they can now "send signals they couldn't before." (See pictures of the making of modern China.) Thanks to a recent technological breakthrough, that's true literally, too. While China has been showing off its new hardware, a potentially more important military advancement has gone largely unnoticed: In May, Chinese scientists announced a demonstration of "quantum teleportation" over 16 kilometers (10 miles), creating what Matthew Luce, a researcher at the Defense Group Inc.'s Center for Intelligence Research and Analysis, calls "secure communications guaranteed by the laws of physics." China is now at the cutting-edge of military communications, transforming the field of cryptography and spotlighting a growing communications arms race. While the People's Liberation Army won't be beaming up objects Star Trek-style anytime soon, the new technology could greatly enhance its command and control capabilities. Scientists use machines to manipulate units of light called photons. By changing the photons' quantum states and creating a new, readable pattern not unlike Morse code, they can pass on simple messages or encryption codes. A group of researchers from Tsinghua University and the Hefei National Laboratory for Physical Sciences entangled pairs of photons ? linking them so changes to one photon will be instantaneously transferred to the other. Using a high-powered blue laser (the type China appears to be investing in for its submarine fleet), they then transported the quantum information farther than anyone had done before, their paper in Nature Photonics claims.(Read "Is the Future of Electric Cars in China?) The process is called teleportation, but the information in the message is not actually moved. Instead, changes to one photon's quantum state will be adopted instantly by the other ? something Einstein famously called "spooky action at a distance." The result is akin to having two pieces of paper 10 miles apart, and as a person writes on one paper the message simultaneously appears on the other. Why is this superior to e-mail or radio? Because, theoretically, this method "cannot be cracked or intercepted," says Luce. If the photons in the laser beam are observed by a third party, the particles themselves will be altered due to a law of physics called the Heisenberg Uncertainty Principle, which states that measuring a particle alters it. As such, the sender and receiver would be immediately informed that someone was snooping. At the 16km distance tested, China would be able to send these secure messages from its network of satellites to units on the ground. Luce also says the choice of a blue laser ? instead of an infrared one like the U.S. has been testing ? was chosen with its growing submarine fleet in mind since blue lasers penetrate farther underwater. Soon, Chinese satellites could be able to communicate with submarines without them needing to surface or give away their location by breaking radio silence. This may sound like science-fiction, but quantum encryption is already used by a few banks and governments for highly sensitive information on a smaller scale. The Chinese scientists write in Nature Photonics that a quantum communication network could be "within reach of current technology on a global scale." The advance in secure communications comes none too soon. With ever-increasing computing power, the expiration date on today's cryptography techniques could be looming, Luce says. Right now, breaking modern encryption techniques require such computing power that one can change the code long before a computer has time to crack it. But "it's become very difficult to 'future proof' the encryption of data," Luce writes for the Jamestown Foundation. Tomorrow's computers will improve and data could suddenly become unprotected, while quantum teleportation, he says, "has a seemingly infinite time horizon." (Comment on this story.) Though the Chinese scientists claim in their peer-reviewed paper that this experiment communicated quantum information more than 20 times farther than previous tests over open space, this may not be entirely true. According to Luce in 2005, a group of universities along with defense corporations with a grant from the Defense Advanced Research Projects Agency (DARPA) transferred quantum information over 23 km (14 miles) in Cambridge, Massachusetts. Though Luce writes that a few differences in the DARPA project "may not technically disqualify the Chinese" from their claims, it's clear the U.S. military is also investing in this technology. Luce says it's difficult to know how far the U.S. is in developing quantum teleportation, "because a lot of the U.S. work is classified." Of course, what's possible in theory ? perfectly secure communication ? is different from what will happen in practice. Luce suspects China's pioneering research in this technology is as much an attempt to find weaknesses in a possible U.S. quantum security network as it is to develop its own. Roy of the East-West Center says one of China's "pockets of excellence" is its cyber-warfare capability. If developed by the U.S., however, this technology could help neutralize China's ability to break into sensitive computer systems. Less than two weeks ago, researchers from Germany and Norway claim to have hacked a commercial quantum cryptography system by exploiting flaws in its detection equipment. It doesn't undermine the fundamental principle of secure quantum messaging, but it is a reminder that there is almost always a loophole. "The security of quantum cryptography relies on quantum physics but not only," Gerd Leuchs, a professor at the University of Erlangen-N?rnberg, says in a press release announcing the vulnerabilities. "It must also be properly implemented." No one claims that the Chinese military will surpass the U.S.' anytime soon, but it isn't just dueling naval exercises that will determine pecking order. It's also how fast China can integrate the newest technologies into its military, maintaining its strengths like cyber-warfare while improving the PLA's precision, coordination and secrecy. In these ways, China has made a quantum leap forward. From rforno at infowarrior.org Thu Sep 9 20:03:17 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Sep 2010 21:03:17 -0400 Subject: [Infowarrior] - Military Seeks to Buy 10, 000 Copies of Book of Secrets Message-ID: <4C7F9D89-8F19-4F5B-B081-277AE86AF37F@infowarrior.org> September 9, 2010 Military Seeks to Buy 10,000 Copies of Book of Secrets http://www.nytimes.com/2010/09/10/us/10books.html?hp=&pagewanted=print By SCOTT SHANE WASHINGTON ? Defense Department officials are negotiating to buy and destroy all 10,000 copies of the first printing of an Afghan war memoir they say contains intelligence secrets, according to two people familiar with the dispute. The publication of ?Operation Dark Heart,? by Anthony A. Shaffer, a former Defense Intelligence Agency officer and a lieutenant colonel in the Army Reserve, has divided military security reviewers and highlighted the uncertainty about what information poses a genuine threat to security. Disputes between the government and former intelligence officials over whether their books reveal too much have become commonplace. But veterans of the publishing industry and intelligence agencies could not recall another case in which an agency sought to dispose of a book that had already been printed. Army reviewers suggested various changes and redactions and signed off on the edited book in January, saying they had ?no objection on legal or operational security grounds,? and the publisher, St. Martin?s Press, planned for an Aug. 31 release. But when the Defense Intelligence Agency saw the manuscript in July and showed it to other spy agencies, reviewers identified more than 200 passages suspected of containing classified information, setting off a scramble by Pentagon officials to stop the book?s distribution. Release of the book ?could reasonably be expected to cause serious damage to national security,? Lt. Gen. Ronald L. Burgess Jr., the D.I.A. director, wrote in an Aug. 6 memorandum. He said reviewers at the Central Intelligence Agency, National Security Agency and United States Special Operations Command had all found classified information in the manuscript. The disputed material includes the names of American intelligence officers who served with Colonel Shaffer and his accounts of clandestine operations, including N.S.A. eavesdropping operations, according to two people briefed on the Pentagon?s objections. They asked not to be named because the negotiations are supposed to be confidential. By the time the D.I.A. objected, however, several dozen copies of the unexpurgated 299-page book had already been sent out to potential reviewers, and some copies found their way to online booksellers. The New York Times was able to buy a copy online late last week. The dispute arises as the Obama administration is cracking down on disclosures of classified information to the news media, pursuing three such prosecutions to date, the first since 1985. Separately, the military has charged an Army private with giving tens of thousands of classified documents to the organization WikiLeaks. Steven Aftergood, who directs the Project on Government Secrecy at the Federation of American Scientists, said the case showed that judgments on what is classified ?are often arbitrary and highly subjective.? But in this case, he said, it is possible that D.I.A. reviewers were more knowledgeable than their Army counterparts about damage that disclosures might do. Mr. Aftergood, who generally advocates open government but has been sharply critical of WikiLeaks, said the government?s move to stop distribution of the book would draw greater attention to the copies already in circulation. ?It?s an awkward set of circumstances,? he said. ?The government is going to make this book famous.? Colonel Shaffer, his lawyer, Mark S. Zaid, and lawyers for the publisher are near an agreement with the Pentagon over what will be taken out of a new edition to be published Sept. 24, with the allegedly classified passages blacked out. But the two sides are still discussing whether the Pentagon will buy the first printing, currently in the publisher?s Virginia warehouse, and at what price. A Pentagon spokesman, Cmdr. Bob Mehal, said the book had not received a proper ?information security review? initially and that officials were working ?closely and cooperatively? with the publisher and author to resolve the problem. In a brief telephone interview this week before Army superiors asked him not to comment further, Colonel Shaffer said he did not think it contained damaging disclosures. ?I worked very closely with the Army to make sure there was nothing that would harm national security,? he said. ?Operation Dark Heart? is a breezily written, first-person account of Colonel Shaffer?s five months in Afghanistan in 2003, when he was a civilian D.I.A. officer based at Bagram Air Base near Kabul. He worked undercover, using the pseudonym ?Christopher Stryker,? and was awarded a Bronze Star for his work. Col. Jose R. Olivero of the Army, who recommended Colonel Shaffer for the honor, wrote that he had shown ?skill, leadership, tireless efforts and unfailing dedication.? But after 2003, Colonel Shaffer was involved in a dispute over his claim that an intelligence program he worked for, code named Able Danger, had identified Mohammed Atta as a terrorist threat before he became the lead hijacker in the Sept. 11, 2001, attacks. An investigation by the Defense Department?s inspector general later concluded that the claim was inaccurate. In 2004, after Colonel Shaffer returned from another brief assignment in Afghanistan, D.I.A. officials charged him with violating several agency rules, including claiming excessive expenses for a trip to Fort Dix, N.J. Despite the D.I.A. accusations, which resulted in the revocation of his security clearance, the Army promoted him to lieutenant colonel from major in 2005. He was effectively fired in 2006 by D.I.A., which said he could not stay on without a clearance, and now works at a Washington research group, the Center for Advanced Defense Studies. Even before the Able Danger imbroglio, Colonel Shaffer admits in his book, he was seen by some at D.I.A. as a risk-taking troublemaker. He describes participating in a midday raid on a telephone facility in Kabul to download the names and numbers of all the cellphone users in the country and proposing an intelligence operation to cross into Pakistan and spy on a Taliban headquarters. In much of the book, he portrays himself as a brash officer who sometimes ran into resistance from timid superiors. ?A lot of folks at D.I.A. felt that Tony Shaffer thought he could do whatever the hell he wanted,? Mr. Shaffer writes about himself. ?They never understood that I was doing things that were so secret that only a few knew about them.? The book includes some details that typically might be excised during a required security review, including the names of C.I.A. and N.S.A. officers in Afghanistan, casual references to ?N.S.A.?s voice surveillance system,? and American spying forays into Pakistan. David Wise, author of many books on intelligence, said the episode recalled the C.I.A.?s response to the planned publication of his 1964 book on the agency, ?The Invisible Government.? John A. McCone, then the agency?s director, met with him and his co-author, Thomas B. Ross, to ask for changes, but they were not government employees and refused the request. The agency studied the possibility of buying the first printing, Mr. Wise said, but the publisher of Random House, Bennett Cerf, told the agency he would be glad to sell all the copies to the agency ? and then print more. ?Their clumsy efforts to suppress the book only made it a bestseller,? Mr. Wise said. From rforno at infowarrior.org Thu Sep 9 20:09:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 9 Sep 2010 21:09:21 -0400 Subject: [Infowarrior] - Massive Cache of Iraq War Docs to Be Published by WikiLeaks Message-ID: Massive Cache of Iraq War Docs to Be Published by WikiLeaks ? By Kim Zetter ? September 9, 2010 | ? 5:31 pm | http://www.wired.com/threatlevel/2010/09/iraq-war-docs/ A massive cache of previously unpublished classified U.S. military documents from the Iraq War is being readied for publication by WikiLeaks, a new report has confirmed. The documents constitute the ?biggest leak of military intelligence? that has ever occurred, according to Iain Overton, editor of the Bureau of Investigative Journalism, a nonprofit British organization that is working with WikiLeaks on the documents. The documents are expected to be published in several weeks. Overton, who discussed the project with Newsweek, didn?t say how many documents were involved or disclose their origin, but they may be among the leaks that an imprisoned Army intelligence analyst claimed to have sent to WikiLeaks earlier this year. Pfc. Bradley Manning, who has been charged with improperly downloading and leaking classified information, disclosed to a former hacker in May that he had given WikiLeaks a database covering 500,000 events in the Iraq War between 2004 and 2009. Manning said the database included reports, dates, and latitude and longitude of events, as well as casualty figures. A leak of this sort would vastly dwarf the cache of about 75,000 documents that WikiLeaks published in July from the Afghanistan War. That cache involved field reports from analysts who compiled information from informants and others on incidents and intelligence. Overton said that his group is working on the new cache of documents with major television networks and print-media outlets in several countries, including the United States, to produce documentaries and stories based on them. The collaboration is similar to what was done in July when WikiLeaks worked with three news outlets ? The New York Times, the Guardian and Der Spiegel ? to simultaneously publish stories on the Afghan War logs. Overton told Newsweek that the media organizations working on the new Iraq documents have taken into consideration the controversy that surrounded the publication of the Afghan War logs. WikiLeaks, which published unredacted raw documents on its website at the same time the news outlets published their stories, was criticized by the Defense Department and others for potentially disclosing identifying information that could put the lives of informants and their families in danger. There has been no evidence to date, however, that anyone has suffered actual harm due to the documents. ?We are hugely aware that this is an issue, and we?re taking it very seriously,? Overton said, noting that his organization would not be publishing raw documents but would instead be mining them for information for stories. The media organizations working with WikiLeaks will each be making financial contributions to the production costs, according to Overton. It?s not clear if this means the media organizations will contribute money to WikiLeaks or will simply be pooling money to produce joint media projects and stories related to the documents. Overton said he would not be answering any more questions about the issue, when contacted by Threat Level for clarification. Newsweek has quoted anonymous sources who say that some of the most-disturbing information in the documents relates to the abusive treatment of detainees by Iraqi security forces. The Defense Department did not respond to a request for comment from Threat Level. From rforno at infowarrior.org Fri Sep 10 06:59:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Sep 2010 07:59:33 -0400 Subject: [Infowarrior] - EU Surveillance Studies Disclosed By Pirate Party Message-ID: <2D355D98-01DF-4A9F-AA52-A91DD730F336@infowarrior.org> (c/o /.) "The German Pirate Party has disclosed some secret documents on how the EU is planning to monitor citizens. The so called INDECT Documents describe how a seamless surveillance could (or should) be implemented across Europe. The use of CCTV cameras, the internet (social networks) and even the use of UAVs are mentioned as data sources. Two of the nine documents can be downloaded from the German Pirate Party's website (PDFs in English)." http://files.piratenpartei.de/indect/ From rforno at infowarrior.org Fri Sep 10 07:57:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Sep 2010 08:57:33 -0400 Subject: [Infowarrior] - Koppel OpEd: Nine years after 9/11, let's stop fulfilling bin Laden's goals Message-ID: <28B5BD2E-A672-4053-8758-ECB6DDCD41BD@infowarrior.org> Couldn't have said it better myself. -rick Ted Koppel: Nine years after 9/11, let's stop fulfilling bin Laden's goals By Ted Koppel Sunday, September 12, 2010; B01 http://www.washingtonpost.com/wp-dyn/content/article/2010/09/09/AR2010090904735_pf.html The attacks of Sept. 11, 2001, succeeded far beyond anything Osama bin Laden could possibly have envisioned. This is not just because they resulted in nearly 3,000 deaths, nor only because they struck at the heart of American financial and military power. Those outcomes were only the bait; it would remain for the United States to spring the trap. The goal of any organized terrorist attack is to goad a vastly more powerful enemy into an excessive response. And over the past nine years, the United States has blundered into the 9/11 snare with one overreaction after another. Bin Laden deserves to be the object of our hostility, national anguish and contempt, and he deserves to be taken seriously as a canny tactician. But much of what he has achieved we have done, and continue to do, to ourselves. Bin Laden does not deserve that we, even inadvertently, fulfill so many of his unimagined dreams. It did not have to be this way. The Bush administration's initial response was just about right. The calibrated combination of CIA operatives, special forces and air power broke the Taliban in Afghanistan and sent bin Laden and the remnants of al-Qaeda scurrying across the border into Pakistan. The American reaction was quick, powerful and effective -- a clear warning to any organization contemplating another terrorist attack against the United States. This is the point at which President George W. Bush should have declared "mission accomplished," with the caveat that unspecified U.S. agencies and branches of the military would continue the hunt for al-Qaeda's leader. The world would have understood, and most Americans would probably have been satisfied. But the insidious thing about terrorism is that there is no such thing as absolute security. Each incident provokes the contemplation of something worse to come. The Bush administration convinced itself that the minds that conspired to turn passenger jets into ballistic missiles might discover the means to arm such "missiles" with chemical, biological or nuclear payloads. This became the existential nightmare that led, in short order, to a progression of unsubstantiated assumptions: that Saddam Hussein had developed weapons of mass destruction, including nuclear weapons; that there was a connection between the Iraqi leader and al-Qaeda. Bin Laden had nothing to do with fostering these misconceptions. None of this had any real connection to 9/11. There was no group known as "al-Qaeda in Iraq" at that time. But the political climate of the moment overcame whatever flaccid opposition there was to invading Iraq, and the United States marched into a second theater of war, one that would prove far more intractable and painful and draining than its supporters had envisioned. While President Obama has, only recently, declared America's combat role in Iraq over, he glossed over the likelihood that tens of thousands of U.S. troops will have to remain there, possibly for several years to come, because Iraq lacks the military capability to protect itself against external (read: Iranian) aggression. The ultimate irony is that Hussein, to keep his neighbors in check, allowed them and the rest of the world to believe that he might have weapons of mass destruction. He thereby brought about his own destruction, as well as the need now for U.S. forces to fill the void that he and his menacing presence once provided. As for the 100,000 U.S. troops in or headed for Afghanistan, many of them will be there for years to come, too -- not because of America's commitment to a functioning democracy there; even less because of what would happen to Afghan girls and women if the Taliban were to regain control. It has to do with nuclear weapons. Pakistan has an arsenal of 60 to 100 nuclear warheads. Were any of those to fall into the hands of al-Qaeda's fundamentalist allies in Pakistan, there is no telling what the consequences might be. Again, this dilemma is partly of our own making. America's war on terrorism is widely perceived throughout Pakistan as a war on Islam. A muscular Islamic fundamentalism is gaining ground there and threatening the stability of the government, upon which we depend to guarantee the security of those nuclear weapons. Since a robust U.S. military presence in Pakistan is untenable for the government in Islamabad, however, tens of thousands of U.S. troops are likely to remain parked next door in Afghanistan for some time. Perhaps bin Laden foresaw some of these outcomes when he launched his 9/11 operation from Taliban-secured bases in Afghanistan. Since nations targeted by terrorist groups routinely abandon some of their cherished principles, he may also have foreseen something along the lines of Abu Ghraib, "black sites," extraordinary rendition and even the prison at Guantanamo Bay. But in these and many other developments, bin Laden needed our unwitting collaboration, and we have provided it -- more than $1 trillion spent on two wars, more than 5,000 of our troops killed, tens of thousands of Iraqis and Afghans dead. Our military so overstretched that one of the few growth industries in our battered economy is the firms that provide private contractors, for everything from interrogation to security to the gathering of intelligence. We have raced to Afghanistan and Iraq, and more recently to Yemen and Somalia; we have created a swollen national security apparatus; and we are so absorbed in our own fury and so oblivious to our enemy's intentions that we inflate the building of an Islamic center in Lower Manhattan into a national debate and watch, helpless, while a minister in Florida outrages even our friends in the Islamic world by threatening to burn copies of the Koran. If bin Laden did not foresee all this, then he quickly came to understand it. In a 2004 video message, he boasted about leading America on the path to self-destruction. "All we have to do is send two mujaheddin . . . to raise a small piece of cloth on which is written 'al-Qaeda' in order to make the generals race there, to cause America to suffer human, economic and political losses." Through the initial spending of a few hundred thousand dollars, training and then sacrificing 19 of his foot soldiers, bin Laden has watched his relatively tiny and all but anonymous organization of a few hundred zealots turn into the most recognized international franchise since McDonald's. Could any enemy of the United States have achieved more with less? Could bin Laden, in his wildest imaginings, have hoped to provoke greater chaos? It is past time to reflect on what our enemy sought, and still seeks, to accomplish -- and how we have accommodated him. Ted Koppel, who was managing editor of ABC's "Nightline" from 1980 to 2005, is a contributing analyst for BBC World News America. From rforno at infowarrior.org Fri Sep 10 18:09:45 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 10 Sep 2010 19:09:45 -0400 Subject: [Infowarrior] - Appeals Court: First-Sale Doctrine doesnt apply to software Message-ID: <312C58D6-FC67-4FD6-8627-1A62F73EA263@infowarrior.org> Guess What, You Don?t Own That Software You Bought ? By David Kravets ? September 10, 2010 | ? 2:01 pm | ? Categories: Digital Millennium Copyright Act, intellectual property http://www.wired.com/threatlevel/2010/09/first-sale-doctrine/ A federal appeals court said Friday that software makers can use shrink-wrap and click-wrap licenses to forbid the transfer or resale of their wares, an apparent gutting of the so-called first-sale doctrine. The first-sale doctrine is an affirmative defense to copyright infringement that allows legitimate owners of copies of copyrighted works to resell those copies. That defense, the court said, is ?unavailable to those who are only licensed to use their copies of copyrighted works.? (.pdf) The 3-0 decision by the 9th U.S. Circuit Court of Appeal, if it stands, means copyright owners may prohibit the resale of their wares by inserting clauses in their sales agreements. ?The terms of the software license in the case are not very different from the terms of most software licensing. So I think it?s safe to say that most people don?t own their software,? said Greg Beck, the defense attorney in the case who represented an eBay seller sued by Autodesk. ?The other ramification, there is no reason a similar license could not be put into the cover of a book. It wouldn?t be difficult for everybody to implement this.? Beck said he will ask the San Francisco-based appeals court to rehear the case with 11 judges. The Software & Information Industry Association, whose members include Google, Adobe, McAfee, Oracle and dozens of others, urged the court to rule as it did. The Motion Picture Association of America also sided with Autodesk. The American Library Association and eBay argued against the outcome. The library association said it feared that the software industry?s licensing practices could be adopted by other copyright owners, including book publishers, record labels and movie studios. That assertion was not lost on the appeals court, saying Congress is free to modify copyright law ?if it deems these or other policy considerations ? require a different approach.? It was believed to be the first appellate ruling directly addressing whether a user agreement could forbid resales of software, though the appellate courts have previously backed companies that have imposed terms on how software may be used. The decision covers the nine western states, including California. The appeals court reversed a lower court judge that said the first-sale doctrine applied whenever the consumer is entitled to keep the copy of the work, entitling consumers to resell their purchased software at will. The case concerns Autodesk?s AutoCAD Release 14, which was for sale on eBay. Autodesk, invoking the Digital Millennium Copyright Act, demanded eBay remove the item from the site, and it promptly did in 2007. Timothy Vernor, the seller, who purchased at least four copies of the software from a company that was required to dispose of the software under a licensing agreement, re-posted the sale and his eBay account was terminated after Autodesk complained. Litigation ensued. Autodesk, of San Rafael, California, imposed a significant number of transfer restrictions: it stated that the software could not be transferred or leased without Autodesk?s written consent, and the software could not be transferred outside the Western Hemisphere. The first-sale doctrine of 1909, in its current form, allows the ?owner of a particular copy? of a copyrighted work to sell or dispose of his copy without the copyright owner?s authorization. ?The first sale doctrine does not apply to a person who possesses a copy of the copyrighted work without owning it, such as a licensee,? the court ruled. From rforno at infowarrior.org Sat Sep 11 11:51:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Sep 2010 12:51:21 -0400 Subject: [Infowarrior] - History of the Internet and the Digital Future (release date) Message-ID: <9908DD63-628F-4104-BE70-9669FC35BBF8@infowarrior.org> (c/o Johnny Ryan) Announce the Release Date of 'A History of the Internet and the Digital Future' ... Release in the UK and Ireland by Reaktion Books on 20 October 2010, and in the United States by the University of Chicago Press on 15 November 2010. I am delighted to report that Marc Benioff (Chairman and founder of Salesforce.com), Prof Tim Wu (Columbia Law School), and Prof Jonathan Zittrain (Berkman Centre, Harvard Law School) have endorsed the book. Other endorsements come from Suzanne Dirks (Leader, Global Centre for Economic Development, IBM Institute for Business Value) and Phil Madsen (online politics pioneer and manager of the Jesse Ventura campaign '98). Read their endorsements at the pre-order link on AMAZON.COM http://t.co/P9sxD1x This book relies on primary material and first hand interviews and may be of interest to AIR readers. Here is a little of what to expect in the book (summary blurb): A great adjustment in human affairs is underway. Political, commercial and cultural life is changing from the centralized, hierarchical and standardized structures of the industrial age to something radically different: the economy of the emerging digital era. A History of the Internet and the Digital Future tells the story of the development of the Internet from the 1950s to the present, and examines how the balance of power has shifted between the individual and the state in the areas of censorship, copyright infringement, intellectual freedom and terrorism and warfare. Johnny Ryan explains how the Internet has revolutionized political campaigns; how the development of the World Wide Web enfranchised a new online population of assertive, niche consumers; and how the dot-com bust taught smarter firms to capitalize on the power of digital artisans. In the coming years, platforms such as the iPhone and Android rise or fall depending on their treading the line between proprietary control and open innovation. The trends of the past may hold out hope for the record and newspaper industry. From the government-controlled systems of the ColdWar to today's move towards cloud computing, user-driven content and the new global commons, this book reveals the trends that are shaping the businesses, politics, and media of the digital future. Johnny Ryan -- A History of the Internet and the Digital Future (my next book) http://johnnyryan.wordpress.com/books/net-history-2010/ London: Reaktion, 20 September 2010 Chicago: University of Chicago Press, 20 November 2010 From rforno at infowarrior.org Sat Sep 11 12:25:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 11 Sep 2010 13:25:55 -0400 Subject: [Infowarrior] - Subpoenas for Internet users Message-ID: <4435E490-FA81-4C22-ABD0-68E83C7626B0@infowarrior.org> Subpoenas for Internet users story posted Sep 11, 2010 8:39 AM http://skunkpost.com/news.sp?newsId=3163 WASHINGTON (AP) ? A federal judge on Friday allowed the holder of a movie copyright to subpoena the names of people accused of illegally downloading and distributing a film over the Internet. Courts have held that Internet subscribers do not have an expectation of privacy once they convey subscriber information to their Internet service providers, U.S. District Judge Rosemary Collyer ruled. Collyer denied motions by some computer users to quash subpoenas for subscriber information. The decision came in the case of a German limited partnership which is suing some Internet users for copyright infringement of the movie "Far Cry," a video game adaptation. Achte/Neunte Boll Kino Beteiligungs Gmbh & Co KG, a creator and distributor of motion pictures, holds an exclusive license to the copyright of "Far Cry" in which two reporters investigate the deaths of mercenaries on an island off the coast of the Pacific Northwest. The partnership identified the Internet protocol addresses of computers associated with the alleged infringement. It then subpoenaed the Internet service providers seeking names of individuals associated with those addresses. Notified by their provider, some of the customers challenged the subpoenas. Copyright 2010 The Associated Press. From rforno at infowarrior.org Sun Sep 12 09:27:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 12 Sep 2010 10:27:03 -0400 Subject: [Infowarrior] - Russia Uses Microsoft to Suppress Dissent Message-ID: <241E2DB7-854D-43EC-BF8C-529A23FA4DCD@infowarrior.org> September 11, 2010 Russia Uses Microsoft to Suppress Dissent http://www.nytimes.com/2010/09/12/world/europe/12raids.html By CLIFFORD J. LEVY IRKUTSK, Russia ? It was late one afternoon in January when a squad of plainclothes police officers arrived at the headquarters of a prominent environmental group here. They brushed past the staff with barely a word and instead set upon the computers before carting them away. Taken were files that chronicled a generation?s worth of efforts to protect the Siberian wilderness. The group, Baikal Environmental Wave, was organizing protests against Prime Minister Vladimir V. Putin?s decision to reopen a paper factory that had polluted nearby Lake Baikal, a natural wonder that by some estimates holds 20 percent of the world?s fresh water. Instead, the group fell victim to one of the authorities? newest tactics for quelling dissent: confiscating computers under the pretext of searching for pirated Microsoft software. Across Russia, the security services have carried out dozens of similar raids against outspoken advocacy groups or opposition newspapers in recent years. Security officials say the inquiries reflect their concern about software piracy, which is rampant in Russia. Yet they rarely if ever carry out raids against advocacy groups or news organizations that back the government. As the ploy grows common, the authorities are receiving key assistance from an unexpected partner: Microsoft itself. In politically tinged inquiries across Russia, lawyers retained by Microsoft have staunchly backed the police. Interviews and a review of law enforcement documents show that in recent cases, Microsoft lawyers made statements describing the company as a victim and arguing that criminal charges should be pursued. The lawyers rebuffed pleas by accused journalists and advocacy groups, including Baikal Wave, to refrain from working with the authorities. Baikal Wave, in fact, said it had purchased and installed legal Microsoft software specifically to deny the authorities an excuse to raid them. The group later asked Microsoft for help in fending off the police. ?Microsoft did not want to help us, which would have been the right thing to do,? said Marina Rikhvanova, a Baikal Environmental Wave co-chairwoman and one of Russia?s best-known environmentalists. ?They said these issues had to be handled by the security services.? Microsoft executives in Moscow and at the company?s headquarters in Redmond, Wash., asserted that they did not initiate the inquiries and that they took part in them only because they were required to do so under Russian law. After The New York Times presented its reporting to senior Microsoft officials, the company responded that it planned to tighten its oversight of its legal affairs in Russia. Human rights organizations in Russia have been pressing Microsoft to do so for months. The Moscow Helsinki Group sent a letter to Microsoft this year saying that the company was complicit in ?the persecution of civil society activists.? Tough Ethical Choices Microsoft, like many American technology giants doing business in authoritarian countries, is often faced with ethical choices over government directives to help suppress dissent. In China, Microsoft has complied with censorship rules in operating its Web search service, preventing Chinese users from easily accessing banned information. Its archrival Google stopped following censorship regulations there, and scaled back its operations inside China?s Internet firewall. In Russia, leaders of advocacy groups and newspapers subjected to antipiracy raids said Microsoft was cooperating with the authorities because the company feared jeopardizing its business in the country. They said Microsoft needed to issue a categorical public statement disavowing these tactics and pledging to never cooperate in such cases. Microsoft has not done that, but has promised to review its policies in Russia. ?We take the concerns that have been raised very seriously,? Kevin Kutz, director of public affairs for Microsoft, said in a statement. Mr. Kutz said the company would ensure that its lawyers had ?more clearly defined responsibilities and accountabilities.? ?We have to protect our products from piracy, but we also have a commitment to respect fundamental human rights,? he said. ?Microsoft antipiracy efforts are designed to honor both objectives, but we are open to feedback on what we can do to improve in that regard.? Microsoft emphasized that it encouraged law enforcement agencies worldwide to investigate producers and suppliers of illegal software rather than consumers. Even so, it has not publicly criticized raids against small Russian advocacy groups. With pirated software prevalent in this country, it is not surprising that some of these groups might have some on their computers. Yet the issue, then, is why the police choose to focus on these particular targets ? and whether they falsify evidence to make the charges more serious. Microsoft also says it has a program in Russia to provide free and low-cost software to newspapers and advocacy groups so that they are in compliance with the law. But the review of these cases indicates that the security services often seize computers whether or not they contain illegal software. The police immediately filed reports saying they had discovered such programs, before even examining the computers in detail. The police claims have in numerous instances been successfully discredited by defendants when the cases go before judges. Given the suspicions that these investigations are politically motivated, the police and prosecutors have turned to Microsoft to lend weight to their cases. In southwestern Russia, the Interior Ministry declared in an official document that its investigation of a human rights advocate for software piracy was begun ?based on an application? from a lawyer for Microsoft. In another city, Samara, the police seized computers from two opposition newspapers, with the support of a different Microsoft lawyer. ?Without the participation of Microsoft, these criminal cases against human rights defenders and journalists would simply not be able to occur,? said the editor of the newspapers, Sergey Kurt-Adzhiyev. The plainclothes officers who descended upon the Baikal Wave headquarters said they were from the division that investigated commercial crime. But the environmentalists said they noticed at least one officer from the antiextremism department, which tracks opposition activists and had often conducted surveillance on the group. The officers said they had received a complaint from a man named Dmitri Latyshev, who claimed that he had been in the headquarters and spotted unlicensed Microsoft software on the computers. The police produced a handwritten complaint from Mr. Latyshev, dated Jan. 27. The raid occurred the next day. People at Baikal Wave said they had never seen or heard of Mr. Latyshev. Located in Irkutsk recently, Mr. Latyshev said by phone that he had filed the complaint but would not say why. Baikal Wave?s leaders said they had known that the authorities used such raids to pressure advocacy groups, so they had made certain that all their software was legal. But they quickly realized how difficult it would be to defend themselves. They said they told the officers that they were mistaken, pulling out receipts and original Microsoft packaging to prove that the software was not pirated. The police did not appear to take that into consideration. A supervising officer issued a report on the spot saying that illegal software had been uncovered. Before the raid, the environmentalists said their computers were affixed with Microsoft?s ?Certificate of Authenticity? stickers that attested to the software?s legality. But as the computers were being hauled away, they noticed something odd: the stickers were gone. In all, 12 computers were confiscated. The group?s Web site was disabled, its finances left in disarray, its plans disclosed to the authorities. The police also obtained personnel information from the computers. In the following weeks, officers tracked down some of the group?s supporters and interrogated them. ?The police had one goal, which was to prevent us from working,? said Galina Kulebyakina, a co-chairwoman of Baikal Wave. ?They removed our computers because we actively took a position against the paper factory and forcefully voiced it.? ?They can do pretty much what they want, with impunity,? she said. A Company?s Pollution The paper factory is located on Lake Baikal, the world?s oldest and deepest lake, which is home to hundreds of species that exist nowhere else, including a freshwater seal. Over the years, the factory has spewed mercury, chlorine, heavy metals and other pollutants into the water. Baikal Wave rejoiced when the factory closed in 2008, having succumbed to sizable losses, as well as pressure from environmentalists. But after the financial crisis hit, the Kremlin worried about unrest from unemployment. In January, Mr. Putin reopened the factory, which has employed as many as 2,000 people, saying that it no longer polluted the lake. Baikal Wave, which was founded in Irkutsk, one of Russia?s largest cities, as the Soviet Union was collapsing, began planning a protest. That was when the officers showed up. In a statement, the Irkutsk police said the raid was proper. ?The inspection of Baikal Environmental Wave was intended to protect intellectual property and had no connection whatsoever with the activities of the advocacy organization,? the statement said. It said a forensic examination of the computers in February showed that several contained illegal software that would have cost more than $3,300. Baikal Wave said the examination was fraudulent. Prosecutors say they are now weighing whether to press charges against Baikal Wave or its leaders. It is possible, though unlikely, that they could face jail time if convicted. Neither Microsoft?s Moscow office nor its local lawyer contacted Baikal Wave to hear its side. The lawyer did provide testimony to the police about the value of the software that Baikal Wave was accused of illegally obtaining. Baikal Wave sent copies of its software receipts and other documentation to Microsoft?s Moscow office to show that it had purchased the software legally. The group said it believed that the authorities would be under pressure to drop the case if Microsoft would confirm the documents? authenticity. Microsoft declined to do so. In a letter to Baikal Wave, the company said it would forward the materials only to the authorities in Irkutsk, which already had copies of them. ?A determination of the actual circumstances of this case and the question of whether a violation of the law took place is the duty of the court,? Microsoft said. The company also told Baikal Wave that it was willing to have its specialists assist the police in Irkutsk in evaluating the computers. In response to written questions, Alexander Strakh, Microsoft?s chief antipiracy lawyer in Moscow, said that in all these cases, Microsoft assisted the authorities only as called for under Russian law. Mr. Strakh was asked whether Microsoft believed that these raids were a tool to suppress the opposition. ?We have no direct knowledge of decisions by authorities to use investigations in that manner,? he said. Microsoft has hired numerous private lawyers across Russia who represent the company in piracy cases. Several of the lawyers have cropped up in these politically sensitive inquiries. This year, prosecutors in the southwestern city of Krasnodar brought a piracy case against an immigrant rights activist named Anastasia Denisova. She said in an interview that she was surprised at the aggressive posture of Microsoft?s local lawyer. In an official document, the Interior Ministry said the case against Ms. Denisova was begun ?based on an application? from the lawyer. (Microsoft?s Moscow office said that statement was not correct.) Ms. Denisova said the lawyer overestimated the value of the allegedly pirated software. As a result, the accusations were more serious. ?The Microsoft lawyer was very active, coming to the court all the time, even though he was not summoned,? she said. ?He also claimed that he was going to sue me, despite the fact that Microsoft had publicly stated that it would not do so against an advocacy group.? In May, after Ms. Denisova had spent several months under the threat of a prison sentence, the charges were dropped. Prosecutors acknowledged that the investigation had been mishandled. Samara, in Russia?s industrial heartland, has been a focal point for these raids. In May 2007, when Mr. Putin was holding a summit meeting there with European leaders, the police sought to prevent protests by seizing computers from several organizations, including Golos, an election monitoring and human rights group, and the local edition of Novaya Gazeta, the country?s most influential opposition newspaper. Last year, they took computers from another newspaper, Samarskaya Gazeta. According to case records, the police conducted that search based upon a complaint from a man who admitted that he had never been in the newspaper?s offices or seen its computers. Mr. Kurt-Adzhiyev, the editor of both newspapers, said Microsoft?s lawyer in the case regularly appeared at court hearings to back prosecutors and the police. He said the lawyer testified that seized computers contained pirated software even though it was later shown that the computers had never been examined. ?Microsoft says publicly that they have no claims in these cases, but then their lawyers come into the court and say whatever the police want them to say,? Mr. Kurt-Adzhiyev said. The Damage Is Done Prosecutors eventually dropped or suspended the charges against Mr. Kurt-Adzhiyev after he was able to discredit them. But he said the damage was done. He said the newspapers lost computers and data, and he spent an enormous amount of time ensnared in legal proceedings. The local edition of Novaya Gazeta had to close. Mr. Kurt-Adzhiyev said he now realized that the authorities were not so much interested in convictions as in harassing opponents. Even if the inquiries are abandoned, they are debilitating when they require months to defend. Microsoft?s Moscow office said its lawyers had conducted themselves properly in the cases in Krasnodar and Samara. In Irkutsk, Baikal Environmental Wave has also struggled to recover from the raid. It located some old computers and was still able to hold protests against the paper factory. The seized computers were not returned by the police until July, five months after they were removed. Their hard drives had been inspected by police experts in February. The environmentalists do not know whether all their data remain, and they are sure that files were copied. Ms. Rikhvanova, one of the group?s co-founders, who has been fighting to defend Lake Baikal since the 1960s, was unable to use her computer. When she got it back, she discovered that it had been disabled by a virus. From rforno at infowarrior.org Mon Sep 13 13:22:19 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Sep 2010 14:22:19 -0400 Subject: [Infowarrior] - DHS to test iris scanners Message-ID: <34FED9B6-8E42-45EF-8184-6E089B02D908@infowarrior.org> (Minority Report, anyone? -rick) Homeland Security to test iris scanners Updated 3h 44m ago | By Thomas Frank, USA TODAY http://www.usatoday.com/tech/news/surveillance/2010-09-13-1Airis13_ST_N.htm WASHINGTON ? The Homeland Security Department plans to test futuristic iris scan technology that stores digital images of people's eyes in a database and is considered a quicker alternative to fingerprints. The department will run a two-week test in October of commercially sold iris scanners at a Border Patrol station in McAllen, Texas, where they will be used on illegal immigrants, said Arun Vemury, program manager at the department's Science and Technology branch. "The test will help us determine how viable this is for potential (department) use in the future," Vemury said. Iris scanners are little used, but a new generation of cameras that capture images from 6 feet away instead of a few inches has sparked interest from government agencies and financial firms, said Patrick Grother, a National Institute of Standards and Technology computer scientist. The technology also has sparked objections from the American Civil Liberties Union. ACLU lawyer Christopher Calabrese fears that the cameras could be used covertly. "If you can identify any individual at a distance and without their knowledge, you literally allow the physical tracking of a person anywhere there's a camera and access to the Internet," he said. Iris scans can be quicker than fingerprints. "You can walk up to a wall-mounted box, look at the camera, and that's it," Grother said. Homeland Security will test cameras that take photos from 3 or 4 feet away, including one that works on people as they walk by, Vemury said. In 2007, the U.S. military began taking iris scans of thousands of Iraqis to track suspected militants. The technology was used in about 20 U.S. airports from 2005 to 2008 to identify passengers in the Registered Traveler program, who could skip to the front of security lines. Financial companies hope the scans can stop identity fraud, said Jeff Carter of Global Rainmakers, a New York City firm developing the technology. "Iris is going to completely reshape the fraud environment," he said. From rforno at infowarrior.org Mon Sep 13 16:17:43 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Sep 2010 17:17:43 -0400 Subject: [Infowarrior] - Canadian Government Muzzling Scientists Message-ID: Tightened muzzle on scientists is 'Orwellian' Documents reveal federal researchers, whose work is financed by taxpayers, need approval from Ottawa before speaking with media By Margaret Munro, Postmedia NewsSeptember 13, 2010 http://www.vancouversun.com/news/Tightened+muzzle+scientists+Orwellian/3515345/story.html The Harper government has tightened the muzzle on federal scientists, going so far as to control when and what they can say about floods at the end of the last ice age. Natural Resources Canada (NRC) scientists were told this spring they need "pre-approval" from Minister Christian Paradis' office to speak with journalists. Their "media lines" also need ministerial approval, say documents obtained by Postmedia News through access-to-information legislation. The documents say the "new" rules went into force in March and reveal how they apply to not only to contentious issues including the oilsands, but benign subjects such as floods that occurred 13,000 years ago. They also give a glimpse of how Canadians are being cut off from scientists whose work is financed by taxpayers, critics say, and is often of significant public interest -- be it about fish stocks, genetically modified crops or mercury pollution in the Athabasca River. "It's Orwellian," says Andrew Weaver, a climatologist at the University of Victoria. The public, he says, has a right to know what federal scientists are discovering and learning. Scientists at NRC, many of them planetary experts, study everything from seabeds to melting glaciers. They have long been able to discuss their research, until the rules changed this spring. "We have new media interview procedures that require pre-approval of certain types of interview requests by the minister's office," wrote Judy Samoil, NRC's western regional communications manager, in a March 24 e-mail to colleagues. The policy applies to "high-profile" issues such as "climate change, oilsands" and when "the reporter is with an international or national media organization (such as the CBC or the Canwest paper chain)," she wrote. The Canwest papers are now part of Postmedia Network Inc. Samoil later elaborated, saying "the regional communications managers were advised of this change a couple of weeks ago." The documents show the new rules being so broadly applied that one scientist was not permitted to discuss a study in a major research journal without "pre-approval" from political staff in Paradis' office. NRC scientist Scott Dallimore coauthored the study, published in the journal Nature on April 1, about a colossal flood that swept across northern Canada 13,000 years ago, when massive ice dams gave way at the end of the last ice age. The study was considered so newsworthy that two British universities issued releases to alert the international media. It was, however, deemed so sensitive in Ottawa that Dallimore, who works at NRC's laboratories outside Victoria, was told he had to wait for clearance from the minister's office. Dallimore tried to tell the department's communications managers the flood study was anything but politically sensitive. "This is a blue sky science paper," he said noting: "There are no anticipated links to minerals, energy or anthropogenic climate change." But the bureaucrats in Ottawa insisted. "We will have to get the minister's office approval before going ahead with this interview," Patti Robson, the department's media relations manager, wrote in an e-mail after a reporter from Postmedia News (then Canwest News Service) approached Dallimore. Robson asked Dallimore to provide the reporter's questions and "the proposed responses," saying: "We will send it up to MO (minister's office) for approval." Robson said interviews about the flood study needed ministerial approval for two reasons: the inquiring reporter represented a "national news outlet" and the "subject has wide-ranging implications." The documents show several communications managers, policy advisers, political staff and senior officials were involved drafting and vetting "media lines" on the ancient flood study. Dallimore finally got clearance to talk to reporters from Margaux Stastny, director of communication in Paradis' office, on March 31, a week after NRC communications branch was told the study was appearing in Nature, and two days after reporters began approaching Dallimore for interviews. By then, the reporters' deadlines had passed and they had already completed their stories about the ancient flood. Canwest News Service, CBC, ABC, Reuters and other organizations based their reports on interviews with co-authors of the study from universities outside Canada that responded to interview requests promptly. This effectively "muzzled" Dallimore by not allowing him to do timely interviews, says Weaver, at the University of Victoria, who says the incident shows how "ridiculous" the situation has got in Ottawa. "If you can't get access to a nice, feel-good science story about flooding at the end of last glaciation, can you imagine trying to get access to scientists with information about cadmium and mercury in the Athabasca River? Absolutely impossible," says Weaver, in reference to growing controversy over contaminants downstream from Alberta's oilsands. Environment Canada and Health Canada now tightly control media access to researchers and orchestrate interviews that are approved. Environment Canada has even produced "media lines" for federal scientists to stick to when discussing climate studies they have coauthored with Weaver and are based on research paid for through his university grants. "There is no question that there is an orchestrated campaign at the federal level to make sure that their scientists can't communicate to the public about what they do," says Weaver, adding that the crackdown is seriously undermining morale in federal labs. "Science is about generating new knowledge and communicating it to others." ? Copyright (c) The Vancouver Sun From rforno at infowarrior.org Mon Sep 13 17:50:26 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Sep 2010 18:50:26 -0400 Subject: [Infowarrior] - Geekish Password Lessons Message-ID: <0FA43A96-9D91-421F-B782-77381ECDEA22@infowarrior.org> Must be the week for clever, pithy password cartoons, eh? -rick http://onefte.com/2010/09/14/too-many-secrets/ http://xkcd.com/792/ From rforno at infowarrior.org Mon Sep 13 17:56:57 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Sep 2010 18:56:57 -0400 Subject: [Infowarrior] - Police say IPhones can store a treasure trove of incriminating evidence Message-ID: <4FCF3546-A8C5-49BA-97A6-0E0CC5D9B79E@infowarrior.org> Police say IPhones can store a treasure trove of incriminating evidence By Amber Hunt USA Today Posted: 09/05/2010 12:03:00 PM PDT http://www.siliconvalley.com/ci_15986753?nclick_check=1 DETROIT -- Got an iPhone in your pocket? Then you might be storing even more personal information than you realize. And some of it could be used against you if you're ever charged with a crime. A burgeoning field of forensic study deals with iPhones specifically because of their popularity, the demographics of those who own them and what the phone's technology records during its use. Law-enforcement experts said iPhone technology records a wealth of information that can be tapped more easily than BlackBerry and Droid devices to help police learn where you've been, what you were doing there and whether you've got something to hide. "Very, very few people have any idea how to actually remove data from their phone," said Sam Brothers, a cell-phone forensic researcher with U.S. Customs and Border Protection who teaches law-enforcement agents how to retrieve information from iPhones in criminal cases. "It may look like everything's gone," he said. "But for anybody who's got a clue, retrieving that information is easy." Two years ago, as iPhone sales skyrocketed, former hacker Jonathan Zdziarski decided law-enforcement agencies might need help retrieving data from the devices. So he set out to write a 15-page, how-to manual that turned into a 144-page book ("iPhone Forensics," O'Reilly Media). That, in turn, led to Zdziarski being tapped by law-enforcement agencies nationwide to teach them just how much information Advertisement is stored in iPhones -- and how that data can be gathered for evidence in criminal cases. "These devices are people's companions today," said Zdziarski, 34, who lives in Maine. "They're not mobile phones anymore. They organize people's lives. And if you're doing something criminal, something about it is probably going to go through that phone." It's an area of forensic science that's just beginning to explode, law-enforcement and cell phone experts said. Zdziarski said the focus of forensics recovery has been on the iPhone over other smartphones in large part because of its popularity. Although some high-stakes criminal cases have used cell phone towers to estimate a suspect or victim's whereabouts, few have laid out the information that iPhones have to offer. For example: ? Every time an iPhone user closes out of the built-in mapping application, the phone snaps a screenshot and stores it. Savvy law-enforcement agents armed with search warrants could use those snapshots to see if a suspect is lying about whereabouts during a crime. ? iPhone photos are embedded with GEO tags and identifying information, meaning that photos posted online might not only include GPS coordinates of where the picture was taken, but also the serial number of the phone that took it. ? Even more information is stored by the applications themselves, including the user's browser history. That data is meant in part to direct custom-tailored advertisements to the user, but experts said that some of it could prove useful to police. Clearing out user histories isn't enough to clean the device of that data, said John B. Minor, a communications expert and member of the International Society of Forensic Computer Examiners who has written articles for law enforcement about iPhone evidence. "With the iPhone, even if it's in the deleted bin, it may still be in the database," Minor said. "Much is contained deep within the phone." Some of that usable data is in screenshots. Just as users can take and store a picture of their iPhone's screen, the phone itself automatically shoots and stores hundreds of such images as people close out one application to use another. "Those screen snapshots can contain images of e-mails or proof of activities that might be inculpatory, or exculpatory," Minor said. Most iPhone users agree to let the device locate them so they can use fully the phone's mapping functions, as well as various global positioning system applications. The free application Urbanspoon is primarily designed to help users locate restaurants. Yet the data stored there might not only help police pinpoint where a victim was shortly before dying, but it also might lead to the restaurant that served the victim's last meal. "Most people enable the location services because they want the benefits of the applications," Minor said. "What they don't know is that it's recording your GPS coordinates." Bill Cataldo, an assistant Macomb County, Mich., prosecutor who heads the office's homicide unit, said iPhones are treated more like small computers than mobile phones. "People are keeping a tremendous amount of information on there," he said. Cataldo said he has found phone call histories and text messages most useful in homicide cases. But Zdziarski, who has helped federal and state law-enforcement agencies gather evidence, said those elements are just scratching the surface when it comes to the information police and prosecutors soon will start pulling from iPhones. "There are some terrorists out there who obtained some information about a network from an iPhone," he said. Even people who don't take pictures or leave GPS coordinates behind often unwittingly leave other trails, Zdziarski said. "Like the keyboard cache," he said. "The iPhone logs everything that you type in to learn autocorrect" so that it can correct a user's typing mistakes. Apple doesn't store that cache very securely, Zdziarski contended, so someone with know-how could recover months of typing in the order in which it was typed, even if the e-mail or text it was part of has long since been deleted. Apple did not return phone calls or an e-mail seeking comment. From rforno at infowarrior.org Mon Sep 13 18:05:41 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Sep 2010 19:05:41 -0400 Subject: [Infowarrior] - The Bomb Chroniclers Message-ID: September 13, 2010 The Bomb Chroniclers By WILLIAM J. BROAD http://www.nytimes.com/2010/09/14/science/14atom.html They risked their lives to capture on film hundreds of blinding flashes, rising fireballs and mushroom clouds. The blast from one detonation hurled a man and his camera into a ditch. When he got up, a second wave knocked him down again. Then there was radiation. While many of the scientists who made atom bombs during the cold war became famous, the men who filmed what happened when those bombs were detonated made up a secret corps. Their existence and the nature of their work has emerged from the shadows only since the federal government began a concerted effort to declassify their films about a dozen years ago. In all, the atomic moviemakers fashioned 6,500 secret films, according to federal officials. Today, the result is a surge in fiery images on television and movie screens, as well as growing public knowledge about the atomic filmmakers. The images are getting ?seared into people?s imaginations,? said Robert S. Norris, author of ?Racing for the Bomb? and an atomic historian. They bear witness, he added, ?to extraordinary and terrifying power.? Two new atomic documentaries, ?Countdown to Zero? and ?Nuclear Tipping Point,? feature archival images of the blasts. Both argue that the threat of atomic terrorism is on the rise and call for the strengthening of nuclear safeguards and, ultimately, the elimination of global arsenals. As for the atomic cameramen, there aren?t that many left. ?Quite a few have died from cancer,? George Yoshitake, 82, one of the survivors, said of his peers in an interview. ?No doubt it was related to the testing.? The cinematographers focused on nuclear test explosions in the Pacific and Nevada. Electrified wire ringed their headquarters in the Hollywood Hills. The inconspicuous building, on Wonderland Avenue in Laurel Canyon, had a sound stage, screening rooms, processing labs, animation gear, film vaults and a staff of more than 250 producers, directors and cameramen ? all with top-secret clearances. When originally made, the films served as vital sources of information for scientists investigating the nature of nuclear arms and their destructiveness. Some movies also served as tutorials for federal and Congressional leaders. Today, arms controllers see the old films as studies in gung-ho paranoia. ?They have this very odd voice,? said Mark Sugg, a film producer at the World Security Institute, a private group in Washington. ?You and I would be appalled that some hydrogen bomb vaporized a corner of what used to be paradise. But they?ve got a guy bragging about it.? A 2006 book, ?How to Photograph an Atomic Bomb,? explores the nature of the cameramen?s secretive enterprise, its pages full of declassified photographs and technical diagrams. ?They?re kind of unrecognized patriots,? said Peter Kuran, the book?s author and a special-effects filmmaker in Hollywood. ?The images that they captured will, for a long time, be a snapshot of what our last century was like.? After inaugurating the nuclear age and dropping two atomic bombs on Japan in World War II, the United States threw itself into expanding its nuclear arsenal. New designs required test detonations to make sure they worked properly. Between 1946 and 1962, the nation set off more than 200 atmospheric blasts. The secret film unit, established in 1947 by the military, was known as the Lookout Mountain Laboratory. Surrounded by the lush greenery of Laurel Canyon, just minutes from the Sunset Strip, the lab drew on Hollywood talent and technology to pursue its clandestine ends. ?The neighbors were suspicious because the lights were on all night long,? Mr. Yoshitake recalled. Film historians say the unit tested many technologies that Hollywood later embraced, including advanced lenses and cameras, films and projection techniques. The cameramen fanned out from Wonderland Avenue to governmental test sites in the South Pacific and the Nevada desert, their job to chronicle the age?s fury. It put them as close as two miles from the blasts. The visual records helped scientists do everything from estimating the size of nuclear detonations to measuring their destructive power. Mock towns went up in flames. Mr. Yoshitake recalled documenting what a fiery explosion did to pigs ? whose skin resembles that of humans. ?Some were still squealing,? he said. ?You could smell the meat burning. It made you sick. I thought, ?Oh, how terrible. If they were humans they would have suffered terribly.? ? The cameramen were allowed to simply witness, not photograph, their first hydrogen bomb explosions, which were roughly one thousand times more powerful than atomic blasts. The goal was to get them accustomed to the level of violence. ?The purple glow in the sky ? that was so eerie,? Mr. Yoshitake recalled. ?And we were not even close, about 20 miles way. It filled the whole sky.? Hollywood stars appeared in some of the films. Reed Hadley, star of the 1950s television show ?Racket Squad,? portrayed a pipe-smoking military observer who, in 1952, witnessed the world?s first hydrogen blast. ?As you can imagine, feeling is running pretty high,? he said, standing aboard a warship in the Pacific. ?And there?s reason for it. If everything goes according to plan, we?ll soon see the largest explosion ever set off on the face of the earth.? Official Washington saw many of the films. Members of Congress, who controlled the appropriation of atomic funds, got special viewings. Atomic leaders ?put on their best shows? for Congress, Charles P. Demos, a former classification official with the Department of Energy, which runs the nation?s nuclear weapons program, recalled in an interview. ?They probably affected a lot of the decisions.? The guarded enterprise lost its subject matter in 1963 when the superpowers agreed to move all testing of nuclear weapons underground, ending the spectacle of atmospheric blasts and what governments had come to regard as serious risks to human health from radioactive fallout. In 1997, Hazel R. O?Leary, the secretary of energy under President Bill Clinton, sought to declassify the old movies. At a news conference, Ms. O?Leary called the archive ?a treasure trove? and promised to release the films after they had undergone any needed redactions for purposes of national security. Nuclear specialists say the shape and size of a weapon ? especially a hydrogen bomb ? can reveal design secrets. The department?s goal was to make public up to 20 films a month and complete the declassification project in five to seven years. Late in 1997, an event in Hollywood at the American Film Institute honored the atomic filmmakers. Present were some two dozen of the survivors. ?You had to have the cameras running before the detonation,? Douglas Wood, 75, a cinematographer, told a reporter at the gathering. If not, he said, the blinding flash ?would burn the film and jam the film gate.? Mr. Kuran, the filmmaker, organized and filmed the Hollywood event. Impressed with the skill and courage of the cinematographers, he mixed the event footage with declassified bomb imagery to produce ?Atomic Filmmakers,? a video he sells on his Web site, www.atomcentral.com. The declassifications stopped in 2001. The arrival of the Bush administration, and an outbreak of atomic jitters after the terrorist attacks on New York City and the Pentagon, combined to bring about the program?s demise. Today, the Energy Department says it has released publicly some 100 movies from the vast stockpile, which the military controls. ?What you see is what we have,? said Darwin Morgan, a department spokesman in Las Vegas. A page on the department?s Web site features links to clips from the atomic films that visitors can view free of charge and sells full versions as videodiscs for $10, plus shipping. It calls them ?an enduring, awesome visual documentation of the power and destruction of nuclear weapons.? Many are available free on YouTube under the search heading ?declassified U.S. nuclear test film.? Mr. Kuran continues to work on the old movies, using high-tech methodologies to improve their clarity and restore faded images to their original glory. ?He fixes things pixel by pixel,? said Mr. Sugg of the World Security Institute. ?He?s this fanatical quality guy.? ?My passion is to find ways of fixing them up,? Mr. Kuran said in an interview. ?The whole point is not to lose something that needs to be preserved. I doubt very much that they?re going to be shooting off these bombs again in the atmosphere.? Viewers include President Obama. In April, he hosted a White House screening of ?Nuclear Tipping Point.? The documentary profiles a bipartisan group of former atomic officials who are promoting a vision of the world free of nuclear arms ? an objective in line with Mr. Obama?s own policies. Mr. Yoshitake, the atomic cameraman, said the release and restoration of the images were healthy developments because their disclosure improved public understanding of the nuclear threat. ?It?s a good thing to show the horror,? he said. And he wondered ? now that the cold war is over ? why advanced nations still retain more than 20,000 of the deadliest of all weapons. ?Do we need all these bombs?? Mr. Yoshitake asked. ?It?s scary.? From rforno at infowarrior.org Mon Sep 13 21:20:03 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Sep 2010 22:20:03 -0400 Subject: [Infowarrior] - Security absurdity: US in sensitive information quagmire Message-ID: <288D779F-286E-4246-B5DE-3D713A5EE7A5@infowarrior.org> Security absurdity: US in sensitive information quagmire Feds have over 100 ways of classifying, 230 ways of handling sensitive information By Layer 8 on Mon, 09/13/10 - 11:09am. http://www.networkworld.com/community/node/66215 Protecting and classifying sensitive information such as social security numbers shouldn't be that hard, but perhaps not surprisingly the US government has taken complicating that task to an art form. It seems that designating, safeguarding, and disseminating such important information involves over 100 unique markings and at least 130 different labeling or handling routines, reflecting a disjointed, inconsistent, and unpredictable system for protecting, sharing, and disclosing sensitive information, according to the watchdogs at the Government Accountability Office. The GAO noted the security classification mess in a report that looked at the challenges government contractors face in protecting private information last week. That report found that at least three federal agencies were not fully safeguarding private information increasing the risk of unauthorized disclosure or misuse. Part of the problem was the way such information is handled. And as you might imagine, this is not a new problem. In 2006 the GAO reported on a survey of federal agencies that showed 26 were using 56 different designations to protect information they deemed critical to their missions-such as law-enforcement sensitive, sensitive security information, and unclassified controlled nuclear information. Because of the many different and sometimes confusing and contradictory ways that agencies identify and protect sensitive but unclassified information, the sharing of information about possible threats to homeland security has been difficult, the GAO stated. It seems the problem has only grown worse since then, despite efforts to streamline and simplify the process. Without trying to define what exactly each one of these designations mean, here are just 50 of the ways sensitive but unclassified is carved up. 1. SENSITIVE 2. DO NOT DISSEMINATE 3. SBU-NF 4. SBU/ NOFORN 5. UNLIMITED RIGHTS 6. GOVERNMENT PURPOSE RIGHTS 7. LIMITED RIGHTS 8. RESTRICTED RIGHTS 9. SPECIAL LICENSE RIGHTS 10. PRE-EXISTING MARKINGS 11. COMMERCIAL MARKINGS 12. CLOSE HOLD 13. RSEN 14. PREDECISIONAL PRODUCT 15. SOURCE SELECTION SENSITIVE 16. DEA SENSITIVE (DEAS) 17. SENSITIVE (SENS) 18. COPYRIGHT (DATE) (OWNER) 19. DELIBERATE PROCESS PRIVILEGE 20. RELIDO 21. EYES ONLY 22. BANK SECRECY ACT INFORMATION (BSA) 23. ACQUISITION SENSITIVE 24. ATTORNEY WORK PRODUCT 25. LIMITED ACCESS 26. RESTRICTED ACCESS 27. MEDICAL RECORDS 28. LAN INFRASTRUCTURE 29. IT SECURITY RELATED 30. LAN BACKUP SENSITIVE INFORMATION 31. SOURCE SELECTION INFORMATION 32. TRADE SECRET 33. ATTORNEY CLIENT 34. BUDGETARY INFORMATION 35. PRE-DECISIONAL 36. FOR INTERNAL USE ONLY 37. NOT FOR DISTRIBUTION SAFEGUARDS INFORMATION (SGI) 38. AGENCY INTERNAL USE ONLY (U//AIUO) 39. TRADE SENSITIVE INFORMATION 40. SENSITIVE BUT UNCLASSIFIED (SBU) 41. HEALTH RELATED INFORMATION (EM) 42. NO DISTRIBUTION (NODIS OR ND) 43. LAW ENFORCEMENT SENSITIVE (LES) 44. EXCLUSIVE DISTRIBUTION (EXDIS OR XD) 45. FOR OFFICIAL USE ONLY (FOUO) 46. SENSITIVE STUDENT RECORDS (STR) 47. CONFIDENTIAL BUSINESS INFORMATION (CBI) 48. LIMITED OFFICIAL USE (LOU) 49. LIMITED DISTRIBUTION 50. LIMITED DISTRIBUTION (LIMDIS) From rforno at infowarrior.org Mon Sep 13 21:21:50 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Sep 2010 22:21:50 -0400 Subject: [Infowarrior] - Intel's walled garden plan to put A/V vendors out of business Message-ID: <6CFB707A-2748-4CAB-BB14-0C7E0D1BEA36@infowarrior.org> Intel's walled garden plan to put A/V vendors out of business By Jon Stokes | Last updated about an hour ago http://arstechnica.com/business/news/2010/09/intels-walled-garden-plan-to-put-av-vendors-out-of-business.ars SAN FRANCISCO ? In describing the motivation behind Intel's recent purchase of McAfee for a packed-out audience at the Intel Developer Forum, Intel's Paul Otellini framed it as an effort to move the way the company approaches security "from a known-bad model to a known-good model." Otellini went on to briefly describe the shift in a way that sounded innocuous enough--current A/V efforts focus on building up a library of known threats against which they protect a user, but Intel would live to move to a world where only code from known and trusted parties runs on x86 systems. It sounds sensible enough, so what could be objectionable about that? Depending how enamored you are of Apple's App Store model, where only Apple-approved code gets to run on your iPhone, you may or may not be happy in Intel's planned utopia. Because, in a nutshell, the App Store model is more or less what Intel is describing. Regardless of what you think of the idea, its success would have at least two unmitigated upsides: 1) everyone will get vPro by default (i.e., it seems hard to imagine that Intel will still charge for security as an added feature), and 2) it would put every security company (except McAfee, of course), out of business. (The second one is of course a downside for security vendors, but it's an upside for users who despise intrusive A/V software.) From a jungle to an ecosystem of walled gardens For a company that made its fortune on the back of the x86 ISA, the shift that Intel envisions is nothing less than tectonic. x86 became the world's most popular ISA in part because anything and everything could (and eventually would) run on it. And don't forget Microsoft's role in all of this--remember the "Wintel" duopoly of years gone by? Like x86, Windows ended up being the default OS for the desktop software market, and everything else was niche. And, like x86, Windows spread because everyone who wanted it could get it and run anything they wanted on it. The fact that x86 was so popular and open gave rise to today's A/V industry, where security companies spend 100 percent of their effort trying to identify and thwart every conceivable form of bad behavior. This approach is extremely labor-intensive and failure-prone, which the security companies love because it keeps them in business. What Intel is proposing is that the entire x86 ecosystem move to the opposite approach, and run only the code that has been blessed as safe by some trusted authority. Now, there are a few ways that this is likely to play out, and none of these options are mutually exclusive. One way should be clear from Intel's purchase of McAfee: the company plans to have two roles as a security provider: a component provider role, and an end-to-end platform/software/services provider role. First, there's the company's traditional platform role, where Intel provides OEMs the basic tools for building their own walled gardens. Intel has been pushing this for some time, mainly in its ultramobile products. If anyone is using Intel's ingredients (an app store plus hardware with support for running only signed code) to build their own little version of the App Store ecosystem, it's probably one of the European or Asian carriers that sells rebadged Intel mobile internet devices (MIDs). It's clear that no one is really doing this on the desktop with vPro, though. Then there's the McAfee purchase, which shows that Intel plans to offer end-to-end security solutions, in addition to providing the pieces out of which another vendor can build their own. So with McAfee, Intel probably plans to offer a default walled garden option, of sorts. At the very least, it's conceivable that Intel could build its own secure app store ecosystem, where developers send code to McAfee for approval and distribution. In this model, McAfee would essentially act as the "Apple" for everyone making, say, MeeGo apps. In the world described above, the x86 ecosystem slowly transitions from being a jungle to network of walled gardens, with Intel tending one of the largest gardens. If you're using an x86-based GoogleTV, you might participate in Google's walled garden, but not be able to run any other x86 code. Or, if you have an Intel phone from Nokia, you might be stuck in the MeeGo walled garden. A page from the web None of the walled garden approaches described above sound very attractive for the desktop, and they'll probably be rejected outright by many Linux and open-source users. But there is another approach, one which Intel might decide to pursue on the desktop. The company could set up a number of trusted signing authorities for x86 code, and developers could approach any one of them to get their code signed for distribution. This is, of course, the same model used on the web, where e-commerce sites submit an application for an https certificate. This distributed approach seems to work well enough online, and I would personally be quite happy to use it on all my PCs. I would also love to hear from users who object to this approach--please jump into the comments below and sound off. Pick any two Obviously, security has always been a serious problem in the wild and woolly world of x86 and Windows. This is true mainly because Wintel is the biggest animal in the ecosystem, so bad actors get the most bang for their buck by targeting it. So why has Intel suddenly gotten so serious about it that the company is making this enormous change to the very nature of its core platform? The answer is fairly straightforward: Intel wants to push x86 into niches that it doesn't currently occupy (phones, appliances, embedded), but it can't afford to take the bad parts along for the ride. Seriously, if you were worried about a particular phone or TV being compromised, you just wouldn't buy it. Contrast this to the Windows desktop, which many users may be forced to use for various reasons. So Intel's dilemma looks like this: open, secure, ubiquitous--pick any two, but given the economics of the semiconductor industry, "ubiquitous" has to be one of them. Open and ubiquitous have gotten Intel where it is today, and the company is betting that secure and ubiquitous can take it the rest of the way. From rforno at infowarrior.org Mon Sep 13 21:25:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 13 Sep 2010 22:25:02 -0400 Subject: [Infowarrior] - Wikileaks is an Extremist Website Message-ID: (c/o RP - http://www.cryptome.org/) Wikileaks is an Extremist Website That is how the Army Criminal Investigation Division describes Wikileaks in a document that I have posted an analyzed here: http://historyanarchy.blogspot.com/2010/09/wikileaks-extremist-website.html Army CID also noted that Wikileaks is not a member of the Better Business Bureau. From rforno at infowarrior.org Tue Sep 14 06:23:07 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Sep 2010 07:23:07 -0400 Subject: [Infowarrior] - Pentagon's craziest Powerpoint Slide Message-ID: Figures such a slide would deal with acquisition .... or maybe not!!! Hey Pentagon -- Ed Tufte is on Line 2...... -rick Pentagon?s Craziest PowerPoint Slide Revealed The ?Integrated Acquisitions Technology and Logistics Life Cycle Management? diagram is kind of a precis to the whole interminable progression, from ?decompose concept functional definition into component concepts & assessment objective? to ?execute support program that meets materiel readiness and operational support performance requirements and sustains system in most cost-effective manner.? http://www.wired.com/dangerroom/2010/09/revealed-pentagons-craziest-powerpoint-slide-ever/ From rforno at infowarrior.org Tue Sep 14 09:58:47 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Sep 2010 10:58:47 -0400 Subject: [Infowarrior] - HDCP Master Key Leaked / Calculated? Message-ID: http://pastebin.com/kqD56TmU ? HDCP MASTER KEY (MIRROR THIS TEXT!) ? ? This is a forty times forty element matrix of fifty-six bit ? hexadecimal numbers. ? ? To generate a source key, take a forty-bit number that (in ? binary) consists of twenty ones and twenty zeroes; this is ? the source KSV. Add together those twenty rows of the matrix ? that correspond to the ones in the KSV (with the lowest bit ? in the KSV corresponding to the first row), taking all elements ? modulo two to the power of fifty-six; this is the source ? private key. ? ? To generate a sink key, do the same, but with the transposed ? matrix. < -- > http://pastebin.com/kqD56TmU From rforno at infowarrior.org Tue Sep 14 17:50:15 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Sep 2010 18:50:15 -0400 Subject: [Infowarrior] - A New Name for High-Fructose Corn Syrup Message-ID: A New Name for High-Fructose Corn Syrup By TARA PARKER-POPE http://well.blogs.nytimes.com/2010/09/14/a-new-name-for-high-fructose-corn-syrup/ Many consumers are concerned that high-fructose corn syrup poses a health risk. Would high-fructose corn syrup, by any other name, have sweeter appeal? The Corn Refiners Association, which represents firms that make the syrup, has been trying to improve the image of the much maligned sweetener with ad campaigns promoting it as a natural ingredient made from corn. Now, the group has petitioned the United States Food and Drug Administration to start calling the ingredient ?corn sugar,? arguing that a name change is the only way to clear up consumer confusion about the product. ?Clearly the name is confusing consumers,? said Audrae Erickson, president of the Washington-based group, in an interview. ?Research shows that ?corn sugar? better communicates the amount of calories, the level of fructose and the sweetness in this ingredient.? According to the market research firm NPD Group, about 58 percent of Americans say they are concerned that high-fructose corn syrup poses a health risk. Some scientists over the years have speculated that high-fructose corn syrup may contribute to obesity by somehow disrupting normal metabolic function, but the research has been inconclusive. As a result, most leading scientists and nutrition experts agree that in terms of health, the effect of high-fructose corn syrup is the same as regular sugar, and that too much of either ingredient is bad for your health. Marion Nestle, a professor in New York University?s department of nutrition and a longtime food industry critic, says that Americans consume too much of all types of sugar, but that there is no biochemical difference between table sugar and high-fructose corn syrup. ?I?m not eager to help the corn refiners sell more of their stuff,? Dr. Nestle wrote in an e-mail. ?But you have to feel sorry for them. High-fructose corn syrup is the new trans fat. Everyone thinks it?s poison, and food companies are getting rid of it as fast as they can.? Dr. Nestle says she thinks the plural ?corn sugars? is a better description of high-fructose corn syrup, which is actually a mixture of glucose and fructose. But she agrees that the corn refiners ?have lots of reasons to want the change.? ?Even I have to admit that it?s not an unreasonable one,? Dr. Nestle said. High-fructose corn syrup, which came into widespread use in the 1970s, isn?t particularly high in fructose, but was so named to distinguish it from ordinary, glucose-containing corn syrup, according to a report in The American Journal of Clinical Nutrition. High-fructose corn syrup and sucrose (also known as table sugar) contain about the same amount of glucose and fructose. In fact, one commonly used version of the ingredient known as HFCS-42 actually contains less fructose (42 percent) than table sugar, which has 50 percent fructose, according to the report. ?The name is confusing, and consumers don?t understand that it has the same calories as sugar,? said Ms. Erickson, of the Corn Refiners? Association. ?They also think it?s sweeter tasting. That?s why the alternate name provides clarity for consumers when it comes to the ingredient composition and helps them better understand what?s in their foods.? Table sugar comes primarily from sugar cane or sugar beets. High-fructose corn syrup is made essentially by soaking corn kernels to extract corn starch, and using enzymes to turn the glucose in the starch into fructose. The ingredient is a favorite of food makers for practical reasons. Compared with sucrose, high-fructose corn syrup doesn?t mask flavors, has a lower freezing point and retains moisture better, which is useful in making foods like chewy granola bars. And because the corn crop in the United States is heavily subsidized, high-fructose corn syrup is also cheap. As a result, it?s now used in so many foods, from crackers to soft drinks, that it has become one of the biggest sources of calories in the American diet. But the public perception of high-fructose corn syrup as unhealthful has prompted many food companies to stop using it in their products, including Hunt?s Ketchup, Ocean Spray Cranberry Juice and Wheat Thins crackers. The F.D.A. has six months to respond to the name-change petition. If the agency accepts it, the decision on whether to allow the name ?corn sugar? on food labels may take another 12 to 18 months. Although food label changes aren?t common, the F.D.A. has allowed name changes in the past. The ingredient first called ?low erucic acid rapeseed oil? was changed to ?canola oil? in the 1980s. More recently, the F.D.A. allowed prunes to be called ?dried plums.? ?It?s rare that food ingredient labels are changed, and when they are it?s always been to provide clarity to consumers,? Ms. Erickson said. ?This is a classic case for consumers to better understand an ingredient.? From rforno at infowarrior.org Tue Sep 14 19:54:45 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Sep 2010 20:54:45 -0400 Subject: [Infowarrior] - Hello MPAA, I'm a Pirate Message-ID: <13224876-AE15-4F23-9000-9340A76ECEE6@infowarrior.org> http://attrition.org/security/rant/piracy/ Hello MPAA, I'm a Pirate Tue Sep 14 18:00:54 CDT 2010 jericho Dear Motion Picture Association of America (MPAA), That's right, I am one of those dastardly pirates that engages in Peer-to-Peer (P2P) theft, downloading movies when so inclined. I do not do it because I have a fascination with breaking the law, nor am I struggling for money. I do it because it is convenient, and the movie industry has done an incredibly poor job meeting consumer demands, most notably mine. Until the movie industry provides more reasonable and convenient services, I will continue to break the law. But wait MPAA, there is a silver lining! First, I will write a check for the movies I pirated, based on the value I perceive the viewing to be worth. Second, I will stop my evil ways if your organization is dissolved. Rather than seeking innovative ways to deliver content in a manner that financially benefits the industry you 'protect', you resort to suing individuals, resort to scare tactics, peddle bogus statistics all the while violating copyright law yourselves. Cries of piracy hurting the movie industry and absurd claims of losing billions of dollars come in the midst of a record year in 2007, record sales in 2008 and $10 billion record breaking year in 2009. Further, cries of a hurting industry while increasing ticket prices by 50% over the last 10 years, well above cost of living increases, point to a flawed business model if any part of the industry is really hurting. [..] From rforno at infowarrior.org Tue Sep 14 20:12:58 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 14 Sep 2010 21:12:58 -0400 Subject: [Infowarrior] - 'Appalled' Pa. gov. shuts down reports on protests Message-ID: 'Appalled' Pa. gov. shuts down reports on protests By MARC LEVY (AP) ? 56 minutes ago http://www.google.com/hostednews/ap/article/ALeqM5gtDwVxKz9w-Cmlio-XZTBHjbJfIwD9I810AO0 HARRISBURG, Pa. ? An embarrassed Gov. Ed Rendell apologized Tuesday to groups whose peaceful protests or events, from an animal rights demonstration to a gay and lesbian festival, were the subject of regular anti-terrorism bulletins being distributed by his homeland security director. Rendell said that the information was useless to law enforcement agencies and that distributing it was tantamount to trampling on constitutional rights. Bulletins also went to members of Pennsylvania's booming natural gas industry because of several acts of vandalism at drilling sites. A Philadelphia rally organized by a nonprofit group to support Rendell's push for higher spending on public schools even made a bulletin, as did a protest at a couple of Rendell news conferences in recent weeks as he pressed for a tax on the natural gas industry. "This is ludicrous. This is absolutely ludicrous," Rendell said. "And I apologize to any of the groups who had this information disseminated about their activities. They have the right to protest." Rendell said he was "deeply embarrassed," and said the fact that the state was paying for such rudimentary information was "stunning." Rendell said he ordered an end to the $125,000 contract with the Philadelphia-based organization, the Institute of Terrorism Research and Response, that supplied the information, but said he was not firing his homeland security director, James Powers. The 12-page bulletin included a list of municipal zoning hearings on Marcellus Shale natural gas drilling, a forestry industry conference and a screening of the documentary "Gasland" as events likely to be attended by anti-drilling activists. Aside from the drilling-related events, the bulletin mentioned other potential security concerns that it said could involve "anarchists and Black Power radicals." It listed demonstrations by anti-war groups, deportation protesters in Philadelphia, mountaintop removal mining protesters in West Virginia and an animal rights protest at a Montgomery County rodeo. It also included "Burn the Confederate Flag Day," the Jewish high holidays and the Muslim holy month of Ramadan as potential sources of risk. Rendell said he learned of the matter from a story in the Patriot-News of Harrisburg on Tuesday morning, and was appalled that aides did not notify him before inking the contract a year ago. "I think I would have said 'no' to this contract before we ever spent a dime and before we sent out any information that was wrong and violative of, in my judgment, the constitution," Rendell said. Mike Perelman, a co-director of the institute, would not respond to questions about the contract or the bulletins, saying by telephone Tuesday that he does not discuss client matters. Rendell said the bulletin was being used ? wrongly ? as a way to satisfy a federal requirement to protect "critical infrastructure" and notify law enforcement of credible information about real threats. He said he has asked several top aides, including state police Commissioner Frank Pawlowski, to come up with a way to satisfy the requirement. Powers did not respond to interview requests Tuesday. The bulletins, which went out multiple times a week, were not intended for public distribution. But someone who received the Aug. 30 bulletin gave a copy to Virginia Cody, a retired Air Force officer who lives in Factoryville and is concerned about the rapid expansion of Marcellus Shale drilling in northeastern Pennsylvania. "The idea that my government thinks that what I'm doing is worthy of anti-terrorism interest goes against everything I stand for and everything I ever stood for," Cody, 54, said. Cody gave the document to a friend, who posted it on an online forum largely read by drilling opponents in the area, Cody said. She would not say who gave her the bulletin, just that the person works for a private company and was an intended recipient of it. After it was posted online, Powers sent Cody an e-mail saying that the bulletin was intended for owners, operators and security personnel associated with the state's "critical infrastructure and key resources." He closed by saying, "We want to continue providing this support to the Marcellus Shale Formation natural gas stakeholders while not feeding those groups fomenting dissent against those same companies." Copyright ? 2010 The Associated Press. All rights reserved. From rforno at infowarrior.org Wed Sep 15 06:59:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Sep 2010 07:59:02 -0400 Subject: [Infowarrior] - Mirror: HDCP Master Key Message-ID: As a followup to yesterday's post, even though it's appearing elsewhere, I'm mirroring the key just to contributie to the Good Geek Cause. ;) http://infowarrior.org/users/mirrors/hdcp-master.txt Have a nice day, Hollywood. --rick From rforno at infowarrior.org Wed Sep 15 07:35:13 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Sep 2010 08:35:13 -0400 Subject: [Infowarrior] - Cyber security challenge organisers in email privacy blunder Message-ID: Cyber security challenge organisers in email privacy blunder http://www.theregister.co.uk/2010/09/15/cyber_security_challenge_bcc_snafu/ By John Leyden ? Get more from this author Posted in Enterprise Security, 15th September 2010 11:23 GMT Organisers of the UK's cyber security challenge committed an embarrassing email blunder by inadvertently revealing the email addresses of everyone who entered a forensics challenge to each other. A single challenge registration confirmation was CCed to everyone who entered, handing over a complete email list in the process. The BCC failure gaffe was brought to our attention by a Reg reader who questioned the mistake, a violation of the challenge's privacy policy. He received a reply blaming "human and administrative error" for the cock-up, so we can rule out the possibility that the CC to BCC error was somehow part of the forensic challenge itself. Of course, this was a trivial mistake and no real harm was done, but people are entitled to hold the Cyber Security Challenge team to a higher standard of security aware behaviour than would otherwise be the case. The email, which was sent on Monday, contained 370 unique email addresses. ? From rforno at infowarrior.org Wed Sep 15 19:58:02 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Sep 2010 20:58:02 -0400 Subject: [Infowarrior] - OT: Health Care observation Message-ID: I'm not one to go in for conspiracy theories, but doesn't it look a bit odd that within the past year, both of the two most recurring health screenings/exams for adult men and women have been downplayed and/or been recommended to be done less frequently?? --rick Should mammograms be annual? http://chippewa.com/lifestyles/article_7180bdbc-c033-11df-bbe5-001cc4c002e0.html In November 2009, the United States Preventive Service Task Force (USPSTF) issued new recommendations for screening mammography. The recommendations contradicted what seemed to have been a consensus on breast imaging.....The task force recommended that women between the ages of 40 and 49 not receive routine mammographic screening but instead decide what is right for them in terms of screening. The task force also recommended that women between the ages of 50 and 74 receive mammograms every other year instead of yearly screening mammograms, which has been the standard of care. They recommend that women over age 75 forgo screening altogether. ... and now today we see this: Routine Population Prostate Screening Not Recommended, Single Test At 60 Perhaps http://www.medicalnewstoday.com/articles/201220.php Researchers have found that according to existing evidence from randomized controlled trials, routinely screening large populations of men for prostate cancer is not recommended. Their report appears in today's issue of the BMJ (British Medical Journal). Another study published today in the same medical journal, though, recommends a single test at 60 years of age to identify males most like to develop and possibly die from prostate cancer. These patients could then be monitored, while others would be exempt from further tests. From rforno at infowarrior.org Wed Sep 15 21:01:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 15 Sep 2010 22:01:21 -0400 Subject: [Infowarrior] - School for Hackers Message-ID: <2066E921-B2AD-45BE-BCF2-D52389F6E13B@infowarrior.org> School for Hackers The do-it-yourself movement revives learning by doing. By Mark Frauenfelder http://www.theatlantic.com/magazine/archive/2010/10/school-for-hackers/8218 IMAGINE A SCHOOL where kids could do the following: clone jellyfish DNA; build gadgets to measure the electrical impulses of cockroach neurons; make robotic blackjack dealers; design machines that can distinguish between glass, plastic, and aluminum beverage containers and sort them into separate bins; and convert gasoline-burning cars to run on electric power. No such school exists, but in August I went to Detroit and met the kids who did all these things, and more. They?along with 22,000 other people?had come from all over the United States and Canada to demo their creations at Maker Faire, a two-day festival of do-it-yourselfers, crafters, musicians, urban homesteaders, kit makers, scientists, engineers, and curious visitors who congregated to present projects, give performances, and swap ideas. Having attended eight Maker Faire events since 2006 (they?re put on by the same company that owns the magazine I edit), I?ve become convinced of two things about children and education: (1) making things is a terrific way to learn, and (2) schools are failing to teach kids to learn with their hands. The ideal educational environment for kids, observes Peter Gray, a professor of psychology at Boston College who studies the way children learn, is one that includes ?the opportunity to mess around with objects of all sorts, and to try to build things.? Countless experiments have shown that young children are far more interested in objects they can control than in those they cannot control?a behavioral tendency that persists. In her review of research on project-based learning (a hands-on, experience-based approach to education), Diane McGrath, former editor of the Journal of Computer Science Education, reports that project-based students do as well as (and sometimes better than) traditionally educated students on standardized tests, and that they ?learn research skills, understand the subject matter at a deeper level than do their traditional counterparts, and are more deeply engaged in their work.? In The Upside of Irrationality, Dan Ariely, a behavioral psychologist at Duke University, recounts his experiments with students about DIY?s effect on well-being and concludes that creating more of the things we use in daily life measurably increases our ?feelings of pride and ownership.? In the long run, it also changes for the better our patterns of thinking and learning. Unfortunately, says Gray, our schools don?t teach kids how to make things, but instead train them to become scholars, ?in the narrowest sense of the word, meaning someone who spends their time reading and writing. Of course, most people are not scholars. We survive by doing things.? So it makes sense that members of the DIY movement see education itself as a field that?s ripe for hands-on improvement. Instead of taking on the dull job of petitioning schools to change their obstinate ways, DIYers are building their own versions of schools, in the form of summer camps, workshops, clubs, and Web sites. Tinkering School in Northern California helps kids build go-karts, watchtowers, and hang gliders (that the kids fly in). Competitions like FIRST Robotics (founded by Segway inventor Dean Kamen) bring children and engineers together to design and build sophisticated robotics. ?Unschooler? parents are letting their kids design their own curricula. Hacker spaces like NYC Resistor in Brooklyn and Crash Space in Los Angeles offer shop tools and workshops for making anything from iPad cases to jet packs. Kids in the Young Makers Program (just launched by Maker Media, Disney-Pixar, the Exploratorium, and TechShop) have built a seven-foot animatronic fire-breathing dragon, a stop-motion camera rig, a tool to lift roofing supplies, and new skateboard hardware. When a kid builds a model rocket, or a kite, or a birdhouse, she not only picks up math, physics, and chemistry along the way, she also develops her creativity, resourcefulness, planning abilities, curiosity, and engagement with the world around her. But since these things can?t be measured on a standardized test, schools no longer focus on them. As our public educational institutions continue down this grim road, they?ll lose value as places of learning. That may seem like a shame, but to the members of the growing DIY schooling movement, it?s an irresistible opportunity to roll up their sleeves. From rforno at infowarrior.org Thu Sep 16 06:16:22 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Sep 2010 07:16:22 -0400 Subject: [Infowarrior] - Cyber-Attack Deploys In Israeli Forces Message-ID: <596CD428-783A-4120-9291-7A35DF7F968B@infowarrior.org> Cyber-Attack Deploys In Israeli Forces By David Eshel Tel Aviv http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=defense&id=news/dti/2010/09/01/DT_09_01_2010_p42-248207.xml Geopolitical concerns and two wars in recent years have put Israel at the forefront of cyberwar and cyber-defense. As the most computerized country in the Middle East, Israel stands to lose a great deal if its military and civilian networks prove vulnerable to cyber-attack. According to Maj. Gen. (ret.) Isaac Ben-Israel, a professor at Tel Aviv University and an expert on digital warfare, Israel?s defense community has been aware of the dangers of cyberspace for two decades. In the late 1990s, the government established a special authority to supervise all aspects of national information security. The internal security authority (Shin Bet) took responsibility for civilian and national assets, while military security supervised defense networks. These activities eventually came under the supervision of the national security council, which also advised on national research and development initiatives in cyber-security systems. This initiative led to the formation of high-tech companies specializing in cyber-security, which became market leaders internationally. Most of these firms were founded by former Israel Defense Force (IDF) veterans who became experts in computer systems during their service. Israel is also involved in developing an offensive cyber-doctrine. While air force Maj. Gen. Amos Yadlin, chief of intelligence, is concerned about defensive capabilities in cyberspace, he also promotes an offensive dimension to cyberwarfare, stating that both fit well within Israel?s combat doctrine. According to Yadlin, cyberwarfare covers three areas?intelligence-gathering, defense and attack. The IDF plans to be active in all three. Although authorities keep a low profile on such activities, foreign sources highlight some of the latest Israeli successes in the field. In an interview with DTI, Ben-Israel stressed the importance of fast reactions when a critical computer network, national or military, comes under attack. This creates a dilemma for decision-makers over who should be responsible for cyberwarfare and cyber-defense. Heated discussions have, in fact, been underway between military intelligence and top army brass about which group should have control of current and future assets. Since the question ultimately involves intelligence-gathering and operational considerations, the decision will probably be made by the prime minister, perhaps with guidance from the national security council. While the decision is pending, there have been successful cyberwar operations. Although official versions are unavailable, reports from foreign experts indicate that the Israeli air attack in September 2007 on a Syrian structure believed to be housing a nuclear weapons development program illustrated how a cyber-attack can affect a defense infrastructure. During the attack the Syrian skies seemed empty and safe to air-defense radars even as Israeli jets penetrated the airspace. Israeli cyberwarriors had hacked into the air defenses and controlled them during the attack. While Israel officially remains silent about the attack, it should be noted that Israeli technicians discovered compromising operational details about the Soviet SA-6 surface-to-air missile system during the 1973 Yom Kippur War, some of which they could have used on the SA-6 batteries in Syria?s air-defense network. Cyberwar is not only fought by the military. In a small country like Israel, critical systems controlling banks, national water supplies, the electrical grid?indeed almost all aspects of life?are vulnerable to a cyber-attack that could paralyze life for days or weeks. Israel?s security communities have been aware of this threat for decades and measures have been taken to defend the most vulnerable national systems. Nevertheless, efforts to attack, sabotage or deny critical computer network access continue to be aimed at Israel. Some events have been leaked to the media. During Operation Cast Lead in 2009, while the IDF was involved in heavy fighting in Gaza, an initially unidentified source attacked Israel?s Amos 3 spy satellite. The aim was to manipulate TV broadcasts of a major network, by inserting malware (malicious software) that would distribute demoralizing news about troop losses and defeats. The attacker transmitted modulated digital video broadcasting to Amos 3 and inserted a TV program called ?Qassam? (also the name of a crude rocket fired repeatedly at Israel from Gaza). The frequency used by the attacker was identified as the feed-channel of ArabSat, which normally transmits the Al Aksa TV channel of Hamas. Although immediate countermeasures prevented serious problems, it was the first time Israel faced a cyber-attack on its satellite transmissions. Israel got its licks in as well. A U.K. newspaper reported that Air Chief Marshal Sir Stephen Dalton of the Royal Air Force said, ?Britain should take lessons from the Israeli military in Gaza in the use of sophisticated measures to engage in 21st-century cyberwarfare.? According to Dalton, Israel transmitted accurate and timely information critical to the military, cleverly using operations in cyberspace, parallel with action on the ground and the air. An information campaign was also waged on the Internet with the Israel Air Force downloading sensor imagery onto the YouTube social website warning Israelis of hostile rocket attacks from Gaza. A so-called ?help-us-win.com? blog was also created to mobilize public support in Israel. The website was manned by social media experts and Israeli students, and overseen by a reserve officer. During the 2006 Second Lebanon War, Hezbollah guerrillas were able to hack into Israeli communications, achieving an unprecedented intelligence breakthrough that enabled them to thwart tank assaults by emplacing long-range armor-piercing munitions on pre-identified approach routes. Using technology supplied by Iran?s Revolutionary Guards, who were assisting them, Hezbollah teams monitored and deciphered constantly changing radio frequencies that the IDF operated with advanced frequency-hopping communication systems. This gave Hezbollah constant access to a situational picture of Israeli troop movements, casualty reports and supply routes. Although the IDF has refused to comment officially, a former senior officer revealed that Hezbollah?s ability to hack into military transmissions had ?disastrous? consequences for the Israeli offensive. The IDF learned its lesson and took precautions that reportedly made operations more secure during Operation Cast Lead. Much more has been done since to secure computer and radio communications. With the IDF having fielded its digital army network system, communication security has become a major challenge, as critical operational data is now being transmitted down to junior tactical command levels, which are prone to security lapses. Among the latest measures planned is an extended high-speed broadband fiber-optic network known as ?Gold Avnet,? which will be added to mobile ground, air and naval units by 2012. The plan is to use wide-area point-to-point and point-to-multipoint wireless technology. To enhance secure communications between tactical command levels, the IDF is considering a new telephone model for use by commanders that would replace the bulky ?Mountain Rose? encrypted military cellular network. According to reports, the IDF?s C4I directorate is testing the secure BlackBerry system and planning to expand network bandwidth, enabling the device to receive live video footage from unmanned aerial vehicles and secure video-conference calls among commanders. The IDF computer network is considered secure, operating with encryption and independent of the Internet. Many military offices, however, use unsecured computers for non-operational open-message traffic, and this raises security issues. Recently, unauthorized copying of sensitive classified information was leaked to the media this way. While Israel?s military computer network still challenges cyber-attackers, much of the nation?s civilian infrastructure is vulnerable to hackers. Following the recent tension with Turkey over the Gaza flotilla fiasco, Turkish hackers launched denial-of-service attacks on Israel?s public Internet and attempted to plant malware on it. Anonymous hackers deluged more than 100,000 e-mail addresses with spam, circulated passwords and accessed major financial companies, government ministries and even computer security firms. Israeli hackers are also capable of attacks. One group recently took over the official Hamas website, uploading Israel?s national anthem onto it. But more serious activities are being reported by foreign sources, in which Mossad or some of its allies have infiltrated secret Iranian computer networks by highly sophisticated means, introduced malware to them and disrupted or contaminated critical networks, allegedly causing unexplained malfunctions in Iran?s nuclear enrichment process. Cyber-tactics may become as important to Israel as conventional military operations. The ability to destroy the networks of an enemy?s defenses along with infrastructure assets could be one way of achieving a relatively bloodless but decisive victory in a region that is embracing the potential of cyberwar. From rforno at infowarrior.org Thu Sep 16 16:41:24 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Sep 2010 17:41:24 -0400 Subject: [Infowarrior] - =?windows-1252?q?Aggressive_Alzheimer=92s_Disease?= =?windows-1252?q?_Gene_Discovered=2C_Scientists_Say?= Message-ID: Aggressive Alzheimer?s Disease Gene Discovered, Scientists Say September 16, 2010, 5:16 PM EDT By Elizabeth Lopatto http://www.businessweek.com/news/2010-09-16/aggressive-alzheimer-s-disease-gene-discovered-scientists-say.html Sept. 16 (Bloomberg) -- Scientists may be able to uncover the speed that Alzheimer?s disease progresses using a genetic test, researchers say. Patients with a gene variation linked to higher levels of a protein associated with the disease get sicker two to seven times as fast as others, according to a study published today in PLoS Genetics. The finding may be a boon to drugmakers looking to test Alzheimer?s treatments by pinpointing which patients would develop symptoms more quickly, said Alison Goate, a professor of genetics at the Washington University in St. Louis who was an author of the study. Pfizer Inc., Johnson & Johnson and Eli Lilly & Co. are testing medicines aimed at treating the disease. ?Clinical trials are immensely expensive and we want to see a meaningful change in a short period of time,? Goate said in a telephone interview. ?If individuals are progressing at different speeds, that?s hard to do, but if you pick individuals who are more likely to progress more rapidly, you may see a meaningful change in a shorter period.? Alzheimer?s and other dementias will afflict 35.6 million people this year, according to a report from Alzheimer?s Disease International, a London-based federation. The ailment destroys brain cells progressively, making it difficult for patients to think, remember, and function. Decline Varies The time it takes patients to decline because of Alzheimer?s varies, from five or six years to more than two decades, Goate said. The gene variation doesn?t predict who will get the condition, said Carlos Cruchaga, a researcher in psychiatry at the Washington University School of Medicine and an author of the study. The gene, known as rs1868402, normally removes phosphate from tau, a protein that helps supply nutrients to cells in the brain and has been shown to be involved in Alzheimer?s. An abnormal form of the gene may leave phosphate in tau, causing the protein to become tangled and stop working, Goate said. ?This work suggests that if you could modify tau levels in mildly demented individuals, you could slow the progression of disease,? said Goate. That could mean patients stay independent longer, she said. The association was made by examining the genes of hundreds of patients from multiple studies to see if there were any genetic segments in common related to the tau protein found in the Alzheimer?s patients. Once the abnormal gene was located, researchers examined samples of cerebral-spinal fluid and confirmed the patients also had bad tau. Examining Patients To examine the progression, the researchers used 109 patients from one study and 150 patients from another. Previous genetic discoveries in Alzheimer?s research have been linked to a different protein, amyloid. Amyloid is the target of the experimental drugs being tested by New York-based Pfizer, Johnson & Johnson of New Brunswick, New Jersey, and Indianapolis-based Lilly. ?This indicates that tau may be a better marker for rate and progression of the disease than amyloid,? said Bill Thies, chief medical and scientific officer for the Chicago-based Alzheimer?s Association. In July, the group said guidelines that have been in use in the U.S. for 25 years need to change so doctors can make earlier and more-accurate diagnoses. TauRX Pharmaceuticals Ltd., a closely held Singaporean drugmaker, is working on an Alzheimer?s treatment based on tau, and is collaborating with German drugmaker Bayer AG to make an imaging test for the protein. The study was partly funded by a grant from London-based drugmaker AstraZeneca Plc. --Editors: Bruce Rule, Andrew Pollack To contact the reporter on this story: Elizabeth Lopatto in New York at elopatto at bloomberg.net. To contact the editor responsible for this story: Reg Gale at rgale5 at bloomberg.net. From rforno at infowarrior.org Thu Sep 16 17:52:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Sep 2010 18:52:42 -0400 Subject: [Infowarrior] - Intel Confirms HDCP Master Key for Blu-ray Is Real Message-ID: <854FBA77-0A79-4A5C-A6E9-160E309DE218@infowarrior.org> Intel Confirms HDCP Master Key for Blu-ray Is Real Lindsey Mastis 27 mins ago http://www.wusa9.com/news/local/story.aspx?storyid=111403&catid=158 WASHINGTON, DC (WUSA) -- A spokesman for Intel confirms the HDCP Master Key for Blu-ray released online, is real. Tom Waldrop, spokesman for Intel says the company has tested the code, and found it to work. Waldrop says they believe the code was generated using a computer system, and was not leaked by anyone internally. He says to rip Blu-rays using the code, hardware would have to be created. He says it is costly and he believes it is unlikely anyone will use it to rip Blu-rays. Waldrop says HDCP will continue to be used in Blu-ray discs and is still a secure way to keep people from pirating the movies. From rforno at infowarrior.org Thu Sep 16 18:18:06 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Sep 2010 19:18:06 -0400 Subject: [Infowarrior] - Book: 'News Online: Transformations and Continuities' Message-ID: <83E4D4D0-2C06-4746-915C-4F170FCEFE5F@infowarrior.org> Some of you may be interested in this book, 'News Online: Transformations and Continuities', published today by Palgrave Macmillan http://www.palgrave.com/products/title.aspx?PID=349976 Introduction: Transformation and Continuity - Graham Meikle and Guy Redden 1) Journalism, Public Service and BBC News Online - Stuart Allan and Einar Thorsen 2) Managing the online news revolution: the UK experience - Brian McNair 3) The crisis of journalism and the Internet - Robert W. McChesney 4) When magical realism confronted virtual reality: online news and journalism in Latin America - Jairo Lugo-Ocando and Andr?s Ca?iz?lez 5) Newsgames: an introduction - Ian Bogost, Simon Ferrari and Bobby Schweizer 6) The intimate turn of mobile news - Gerard Goggin 7) News to me: Twitter and the personal networking of news - Kate Crawford 8) News produsage in a pro-am mediasphere: why citizen journalism matters - Axel Bruns 9) OComment is free, facts are sacred?: journalistic ethics in a changing mediascape - Natalie Fenton and Tamara Witschge 10) Journalism without journalists: on the power shift from journalists to employers and audiences - Mark Deuze and Leopoldina Fortunati 11) Web 2.0, citizen journalism and social justice in China - Xin Xin 12 Marrying the professional to the amateur: strategies and implications of the OhmyNews model - An Nguyen Conclusion - Guy Redden and Graham Meikle From rforno at infowarrior.org Thu Sep 16 18:55:18 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 16 Sep 2010 19:55:18 -0400 Subject: [Infowarrior] - Felten: Understanding the HDCP Master Key Leak Message-ID: Understanding the HDCP Master Key Leak By Ed Felten - Posted on September 16th, 2010 at 9:54 am http://www.freedom-to-tinker.com/blog/felten/understanding-hdcp-master-key-leak On Monday, somebody posted online an array of numbers which purports to be the secret master key used by HDCP, a video encryption standard used in consumer electronics devices such as DVD players and TVs. I don't know if the key is genuine, but let's assume for the sake of discussion that it is. What does the leak imply for HDCP's security? And what does the leak mean for the industry, and for consumers? HDCP is used to protect high-def digital video signals "on the wire," for example on the cable connecting your DVD player to your TV. HDCP is supposed to do two things: it encrypts the content so that it can't be captured off the wire, and it allows each endpoint to verify that the other endpoint is an HDCP-licensed device. From a security standpoint, the key step in HDCP is the initial handshake, which establishes a shared secret key that will be used to encrypt communications between the two devices, and at the same time allows each device to verify that the other one is licensed. As usual when crypto is involved, the starting point for understanding the system's design is to think about the secret keys: how many there are, who knows them, and how they are used. HDCP has a single master key, which is supposed to be known only by the central HDCP authority. Each device has a public key, which isn't a secret, and a private key, which only that device is supposed to know. There is a special key generation algorithm ("keygen" for short) that is used to generate private keys. Keygen uses the secret master key and a public key, to generate the unique private key that corresponds to that public key. Because keygen uses the secret master key, only the central authority can do keygen. Each HDCP device (e.g., a DVD player) has baked into it a public key and the corresponding private key. To get those keys, the device's manufacturer needs the help of the central authority, because only the central authority can do keygen to determine the device's private key. Now suppose that two devices, which we'll call A and B, want to do a handshake. A sends its public key to B, and vice versa. Then each party combines its own private key with the other party's public key, to get a shared secret key. This shared key is supposed to be secret---i.e., known only to A and B---because making the shared key requires having either A's private key or B's private key. Note that A and B actually did different computations to get the shared secret. A combined A's private key with B's public key, while B combined B's private key with A's public key. If A and B did different computations, how do we know they ended up with the same value? The short answer is: because of the special mathematical properties of keygen. And the security of the scheme depends on this: if you have a private key that was made using keygen, then the HDCP handshake will "work" for you, in the sense that you'll end up getting the same shared key as the party on the other end. But if you tried to use a random "private key" that you cooked up on your own, then the handshake won't work: you'll end up with a different shared key than the other device, so you won't be able to talk to that device. Now we can understand the implications of the master key leaking. Anyone who knows the master key can do keygen, so the leak allows everyone to do keygen. And this destroys both of the security properties that HDCP is supposed to provide. HDCP encryption is no longer effective because an eavesdropper who sees the initial handshake can use keygen to determine the parties' private keys, thereby allowing the eavesdropper to determine the encryption key that protects the communication. HDCP no longer guarantees that participating devices are licensed, because a maker of unlicensed devices can use keygen to create mathematically correct public/private key pairs. In short, HDCP is now a dead letter, as far as security is concerned. (It has been a dead letter, from a theoretical standpoint, for nearly a decade. A 2001 paper by Crosby et al. explained how the master secret could be reconstructed given a modest number of public/private key pairs. What Crosby predicted---a total defeat of HDCP---has now apparently come to pass.) The impact of HDCP's failure on consumers will probably be minor. The main practical effect of HDCP has been to create one more way in which your electronics could fail to work properly with your TV. This is unlikely to change. Mainstream electronics makers will probably continue to take HDCP licenses and to use HDCP as they are now. There might be some differences at the margin, where manufacturers feel they can take a few more liberties to make things work for their customers. HDCP has been less a security system than a tool for shaping the consumer electronics market, and that is unlikely to change. From rforno at infowarrior.org Fri Sep 17 11:37:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Sep 2010 12:37:39 -0400 Subject: [Infowarrior] - IHOP Sues IHOP Over IHOP Trademark Message-ID: <0ED5F417-C6F1-4722-9E6A-001779DCD3B8@infowarrior.org> IHOP Sues IHOP Over IHOP Trademark http://consumerist.com/2010/09/ihop-sues-ihop-over-ihop-trademark.html By Chris Morran on September 15, 2010 5:15 PM 0 views It's a battle of biblical proportions as one IHOP -- better known as the International House of Pancakes -- fights another IHOP -- the International House of Prayer -- over the use of those four famous letters. Last week, pancake IHOP filed suit against church IHOP, alleging trademark dilution and infringement. You probably are all familiar with pancake IHOP, home of the Rooty Tooty Fresh 'n' Fruity breakfast and pancakes stuffed with cheesecake. The breakfast chain has been around since the late '50s and using the IHOP acronym since the early '70s. Meanwhile, there's the other IHOP, a megachurch in Kansas City, MO, that is open 24/7, every day of the year for folks who want to pop in and pray. This IHOP was founded in 1999. Pancake IHOP claims six registered trademarks with the IHOP acronym. The lawsuit alleges that prayer IHOP's use of the name causes "great and irreparable injury and confuses the public." The suit also alleges that prayer IHOP deliberately chose its name to ride on the coattails of the restaurant chain. The company says it has filed the suit to protect the chain's franchisees: "We are compelled to protect the 350 small-business owners who own IHOP franchises and the IHOP good name that's been around for 52 years." The eatery's rep also points out that some prayer IHOPs have begun serving food. It could be argued that this would put the two IHOPs in competition with each other. The lawsuit against prayer IHOP isn't seeking monetary damages beyond attorney fees and costs of litigation. From rforno at infowarrior.org Fri Sep 17 13:17:11 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Sep 2010 14:17:11 -0400 Subject: [Infowarrior] - Fwd: Insightful commentary "The Internet Freedom Fallacy and the Arab Digital activism" References: Message-ID: <3D9FB44A-F1B2-4502-B1F0-6FD6D03E390C@infowarrior.org> c/o JD.A. Begin forwarded message: > Insightful commentary and examination of the Internet Freedom concepts > as presented by the US government and its effects upon Arab (and > non-Arab) digital activism. Well worth reading. > > "The Internet Freedom Fallacy and the Arab Digital activism" by Sami > Ben Gharbia, Tunisian blogger based in the Netherlands & director of > Advocacy Director at Global Voices. > > http://samibengharbia.com/2010/09/17/the-internet-freedom-fallacy-and-the-arab-digital-activism/ From rforno at infowarrior.org Fri Sep 17 17:18:40 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 17 Sep 2010 18:18:40 -0400 Subject: [Infowarrior] - Arrr, antivirus! Message-ID: <65A16206-5233-4095-8DA9-B484A4F35F5B@infowarrior.org> (The screenshots arrrrrrre amusing, mateys. Now where's the bloody rum?? -rick) September 17, 2010 9:30 AM PDT Avast says, 'Yer ship be secure' by Seth Rosenblatt Security vendor Avast takes a cue from its own name and a slightly aged Internet meme to bring you a pirate-themed approach to home computer protection. In honor of the upcoming annual "Talk like a pirate day" on September 19, Avast rebrands its main interface in pirate-speak for people who opt in to the feature through September 22. There's not a lot to the changes, but check out the our slideshow of the four newly rechristened pirate-themed windows in Avast. http://download.cnet.com/8301-2007_4-20016771-12.html From rforno at infowarrior.org Sat Sep 18 08:24:14 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Sep 2010 09:24:14 -0400 Subject: [Infowarrior] - 4chan DDoS Takes Down MPAA and Anti-Piracy Websites Message-ID: <68207F88-B1E1-4071-8FA9-ABA85F9E8C02@infowarrior.org> 4chan DDoS Takes Down MPAA and Anti-Piracy Websites Written by enigmax on September 18, 2010 http://torrentfreak.com/4chan-ddos-takes-down-mpaa-and-anti-piracy-websites-100918/ Following a call to arms yesterday, the masses inhabiting the anonymous 4chan boards have carried out a huge assault on a pair of anti-piracy enemies. The website of Aiplex Software, the anti-piracy outfit which has been DDoSing torrent sites recently, is currently down having been DDoS?d. They are joined in the Internet wasteland by the MPAA?s website, also currently under huge and sustained attack. Don?t mess with the Internet they say. Well, actually stronger terms than that are often used, but the end result is the same. When people get organized on the Internet, very strange and powerful things can happen and in few places can this be more true than on the 4chan message boards. Sometimes things need sorting out, and what better way than getting hundreds of thousands of anonymous users of this notorious message board to work together to achieve it. If they?re not trying to bring down Scientology, they?re teaching foul-mouthed pre-teen girls a lesson or using their combined forces to destroy the lives of stupid bankers who think it?s ?funny? to throw cats in the trash. Yesterday two new targets hit the radars of ?Anonymous?, the faceless and powerful hoards who carry out 4chan attacks. The beauty is that anyone can join in the action, 4chan ?membership? is not even required. People wishing to participate can simply load up their Low Orbit Ion Cannon (LOIC) and enter the IP address they want to attack. The resulting assaults are massively distributed making defending against them almost impossible. Yesterday?s target one was everyone?s favorite Indian anti-piracy company, AiPlex Software. A completely unknown entity until a couple of weeks ago when they stupidly admitted to DDoSing uncooperative torrent sites (then unsuccessfully trying to backtrack), it seems their rise to fame came at a price. Following claims that AiPlex had DDoS?d The Pirate Bay, a few hours ago their website was taken down and remains that way at the time of writing. Along with the downtime came this message (pic): How fast you are in such a short time! Aiplex, the bastard hired gun that DDoS?d TPB (The Pirate Bay), is already down! Rejoice, /b/rothers, even if it was at the hands of a single anon that it was done, even if ahead of schedule. now we have our lasers primed, but what do we target now? We target the bastard group that has thus far led this charge against our websites, like The Pirate Bay. We target MPAA.ORG! The IP is designated at ?216.20.162.10?, and our firing time remains THE SAME. All details are just as before, but we have reaimed our crosshairs on this much larger target. We have the manpower, we have the botnets, it?s time we do to them what they keep doing to us. REPEAT: AIPLEX IS ALREADY DOWN THANKS TO A SINGLE ANON. WE ARE MIGRATING TARGETS. While it?s claimed that AiPlex was taken down by a single attacker, the ongoing assault on the MPAA.org website is definitely a group effort. The site was attacked on schedule (9pm eastern time yesterday) and taken down in minutes. It remains down at the time of writing. From rforno at infowarrior.org Sat Sep 18 08:33:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Sep 2010 09:33:48 -0400 Subject: [Infowarrior] - The red pill of Alzheimer's: Would you take it? Message-ID: <92999C46-7EBA-4347-913D-02F5C8FFFD43@infowarrior.org> September 17, 2010 3:09 PM PDT The red pill of Alzheimer's: Would you take it? by Elizabeth Armstrong Moore http://news.cnet.com/8301-27083_3-20016874-247.html?part=rss&subj=news&tag=2547-1_3-0-20 It appears that a single gene variation provides clues as to how rapidly Alzheimer's disease will progress, according to an international investigation of tau proteins in cerebrospinal fluid (CSF), which was led by Washington University School of Medicine in St. Louis. The findings were reported online yesterday in the journal Public Library of Science Genetics. It has recently been established in multiple studies that elevated levels of this protein in cerebrospinal fluid indicate Alzheimer's, and that because symptoms can reveal themselves slowly, testing levels of tau would offer a glimpse into the future--a red pill, if you will, on the nature of our own cognition as we age. But the red pill has grown more sophisticated. It seems we can now tell not only whether we carry some dormant beginnings of Alzheimer's within, but also whether it will progress slowly or more like wildfire. "Until now, most studies of genetic risks associated with Alzheimer's disease have looked at the risk of developing the disease, not the speed at which you will progress once you have it," says senior investigator Alison Goate. "The genetic marker we've identified deals with progression." The team of experts analyzed 846 patients with elevated levels of tau, looking specifically at single DNA variations. What they discovered was that a genetic marker--a phosphorylated form of the protein (ptau)--is associated with rapid progression of the disease, and those who carry this marker have higher tau levels at all stages of the disease than those who do not. "We have looked at data from three separate, international studies, and in all three, we found the same association," says first author Carlos Cruchaga, an assistant professor of psychiatry at Washington University. "So we are confident that it is real and that this gene variant is associated with progression in Alzheimer's disease. Other neurodegenerative conditions, like Parkinson's disease, don't produce elevated ptau in the CSF. It's only found in Alzheimer's disease." In their news release, the authors suggest that knowing the rate of progression may actually be more useful than knowing whether the disease is present, because dealing with mild impairment is entirely different (for the afflicted as well as the caregivers) than dealing with severe dementia. For those who prescribe to the blue pill approach when it comes to aging and death, there may be some comfort in knowing that in our lifetime we may be able to decrease or manipulate ptau in such a way as to at least slow the progression of Alzheimer's, the researchers say. And as with so many diseases, the earlier the diagnosis, the greater the chance of survival--or, to be more accurate, postponement. I am reminded of the September 10, 2001 New Yorker essay, My Father's Brain, by Jonathan Franzen, who belongs to that rare breed of authors who make the cover of Time and inspire all sorts of intellectual crushes (OK, mine), and who happens to hail from St. Louis, where this research was conducted. In the essay, which happened to be published the day I turned 22, which was the day before the towers fell and the country began to undergo its own experiment in the collective memory of tragedy, Franzen describes dealing with a parent afflicted by Alzheimer's more elegantly than anything I've yet read on the subject: After we'd kissed him goodbye and signed the forms that authorized the brain autopsy, after we'd driven through flooding streets, my mother sat down in our kitchen and uncharacteristically accepted my offer of undiluted Jack Daniel's. "I see now," she said, "that when you're dead you're really dead." This was true enough. But in the slow-motion way of Alzheimer's, my father wasn't much deader now than he'd been two hours or two weeks or two months ago. We'd simply lost the last of the parts out of which we could fashion a living whole. There would be no new memories of him. The only stories we could tell now were the ones we already had. If you had the chance, would you take the red pill? Save your loved ones the pain of guessing? The legions of people who suffer through colonoscopies and mammograms and biopsies suggest that many of us would. It's the yearning to know so that we might better manipulate the outcome. So the question then becomes, what do we do if we carry the marker that points to rapid decline? It is the ultimate irony--not wanting to lose self-awareness, yet suffering because of it. From rforno at infowarrior.org Sat Sep 18 08:38:16 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 18 Sep 2010 09:38:16 -0400 Subject: [Infowarrior] - Skyhook: Google Wanted Access to Our Data Message-ID: Skyhook: Google Wanted Access to Our Data posted by Thom Holwerda on Fri 17th Sep 2010 23:12 UTC http://www.osnews.com/story/23817/Skyhook_Google_Wanted_Access_to_Our_Data Yesterday's news regarding the lawsuit Skyhook has filed against Google seems to have made quite an impact here and there. If you read through the complaint (at Daring Fireball), Skyhook makes some interesting claims about how Google abuses its position to strongarm OEMs into using Google Location services, but the big claim, something everyone seems to overlook, is this one: Skyhook says Google tried to gain access to Skyhook's data. Skyhook's complaint basically comes down to this (quoted from the complaint): "Google publicly represents Android as open source and pro-innovation, then unfairly uses its exclusive oversight of the platform to force OEMs to use Google Location Service". You can't get much more straightforward than that - props to Skyhook for being this clear in a legal document (although there is a pretty severe grammar mistake in there - cookie if you can find it). Skyhook's claim is that Andy Rubin himself issued a "stop ship" order to Motorola and 'Company x' (likely Samsung) when it found out that their upcoming Android phones (the Droid X and - likely - the Galaxy S line) would use Skyhook's technologies instead of Google Location Services. According to Skyhook, Google stated that using Skyhook's technologies would make the devices incompatible with Android. A little background: Android devices need to pass two tests to be declared Android compatible (and therefore, gain access to the Android Market and select other Google services). The first test is the Compatibility Test Suite, a software-based test platform. Little meddling Google can do with this one. The second test is subjective, and is done entirely by Google's own engineers. Android devices and their software are reviewed based on the Compliance Definition Document, a set of dos and don'ts regarding the device and its software. According to Skyhook, this is the problematic part of the compatibility test, and the means by which Google applies its pressure on OEMs. "This entirely subjective review, conducted solely by Google employees with ultimate authority to interpret the scope and meaning of the CDD as they see fit, effectively gives Google the ability to arbitrarily deem any software, feature or function 'non-compatible' with the CDD," Skyhook states in its claim. Unlike some, I took a look at this document, and in all honesty, it all looks rather straightforward. It literally is a simple list of what you can and cannot do; considering Skyhook is arguing that Google uses this document to strongarm OEMs, I expected it to be vague, full of obtuse legalese that can be interpreted in ten different ways. None of that, however - even I, as a non-developer, can clearly understand this document. The requirements set forth in this document are not only pretty clear and understandable, they're also remarkably easy-going at times. Even core Android applications like the Dialler, the Camera, the Browser, and so on, may be replaced by alternatives. Then there's this other strange thing about the CDD. Skyhook claims that the CDD can be interpreted however Google wants so they can use it to arbitrarily declare devices incompatible. However, the CDD has absolutely nothing to say about location services, so I'm wondering how Skyhook can use the CDD in its argument! Worse yet - Verizon is shipping Android devices without Google search even present as an option, opting to use Bing instead! Just as the CDD has nothing to say about location services, it also has nothing to say about which web search engine is installed, or which one is used by default. Do you really think Google would allow Android phones to ship without Google Search, while giving two donkeys about what location services are in use? You'd think no, but this is where it gets really, really interesting. This part of the filing is overlooked by just about any analysis that I've read, yet I think this is maybe the single-most important point in the entire filing. Skyhook claims in the filing that Google was okay with Android devices shipping with Skyhook's XPS location services, as long as Google's own Location Services were running alongside it. "Google knew that if its Google Location Service is collecting local data, on the same device at the same time as XPS, that will enable Google to collect more and better location data because of Skyhook's accuracy and precision," Skyhook claims in the filing. In other words, Skyhook is claiming that Google tried to make it so that it could benefit from Skyhook's location data - incredibly valuable data if you're an advertisement company such as Google. This is the core aspect of this entire case, yet most people overlook it in their lust for sensation (ANDROID IS CLOSED ZOMGWTFBBQ). This leaves us with one mystery yet to solve: if Google can't use the CDD to force Motorola and Company X to use Google Location Service - what else could it be using as leverage? To answer this question, you need to understand one thing about Android. While it is open source, it also sports an optional set of Google applications that are not. These applications, like Maps and Gmail, fall under a different agreement and set of requirements that OEMs need to agree to. This includes access to the Android Market as well. Sadly, this agreement and set of requirements remain a secret until this day, so we simply don't know if e.g. a requirement for Google Maps is that it needs to use Google Location Service. It would seem, however, that location services are not an aspect of these requirements, and Skyhook itself provides the evidence for that. First, both Motorola and Company X told Skyhook that after reviewing the agreements with Google, they concluded they could replace Google Location Service with Skyhook's XPS. Second, Skyhook points out that other Android devices have shipped with a different location service than Google's. This means either of two things: Skyhook is lying, or the Apps/Market agreement is secret for a reason - they're vague, and allow Google to arbitrarily declare devices incompatible if it suits their interests. Because Skyhook is focussing on the CDD as Google's leverage, and not the secret Apps/Market agreement, it is likely to assume Skyhook has no access to the latter either. As such, Skyhook is pretty much forced to throw everything on the CDD, since it cannot make any hard claims about an agreement it doesn't have access to. In doing so, however, they make one big mistake in their filing that Google will likely pick up on in their counterargument: they claim the CDD governs whether or not applications gain access to the Android Market. This is clearly false, as this is governed by the secret agreement. The CDD has nothing to say about access to the market at all. All in all, I get the impression that Skyhook sees the writing on the wall. They already lost Apple in the mobile space, since they developed their own location services. Google has done the same, and I'm sure Microsoft is not far behind. This leaves Skyhook in a sticky situation, and as we all know - if you can't compete, litigate. However, that is a rather simplistic view and ignores the fact that Google is a very big company, and by rule, big companies do bad things. I certainly wouldn't put it past Google to do the things described in Skyhook's claim - it's just that Skyhook's claim isn't particularly convincing. I am dying to see Google's response to this. From rforno at infowarrior.org Sat Sep 18 23:14:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Sep 2010 00:14:53 -0400 Subject: [Infowarrior] - Does the Digital Classroom Enfeeble the Mind? Message-ID: <448F50F0-40ED-4337-B860-B304611B016F@infowarrior.org> September 16, 2010 Does the Digital Classroom Enfeeble the Mind? By JARON LANIER http://www.nytimes.com/2010/09/19/magazine/19fob-essay-t.html Adding to an already rich life, my father decided in middle age to become an elementary-school teacher in a working-class neighborhood in New Mexico. To this day, people who run grocery stores and work on construction sites, and who are now in late middle age themselves, come out when I?m visiting to tell me how Mr. Lanier changed their lives. Go up to any adult with a good life, no matter what his or her station, and ask if a teacher made a difference, and you?ll always see a face light up. The human element, a magical connection, is at the heart of successful education, and you can?t bottle it. My father would have been unable to ?teach to the test.? He once complained about errors in a sixth-grade math textbook, so he had the class learn math by designing a spaceship. My father would have been spat out by today?s test-driven educational regime. But this is not the whole story. Probe one of those illuminated faces further, and you can also usually elicit memories of a particularly bad teacher. It?s a romantic notion, the magic of teaching, but magic always has a dark side. Trusting teachers too much also has its perils. For every good teacher who is too creative to survive in the era of ?no child left behind,? there?s probably another tenacious, horrid teacher who might be dethroned only because of unquestionably bad outcomes on objective tests. So we face a quandary: How do we use the technologies of computation, statistics and networking to shed light ? without killing the magic? This is more than a practical question. It goes to the heart of what we are after as humans. A career in computer science makes you see the world in its terms. You start to see money as a form of information display instead of as a store of value. Money flows are the computational output of a lot of people planning, promising, evaluating, hedging and scheming, and those behaviors start to look like a set of algorithms. You start to see the weather as a computer processing bits tweaked by the sun, and gravity as a cosmic calculation that keeps events in time and space consistent. This way of seeing is becoming ever more common as people have experiences with computers. While it has its glorious moments, the computational perspective can at times be uniquely unromantic. Nothing kills music for me as much as having some algorithm calculate what music I will want to hear. That seems to miss the whole point. Inventing your musical taste is the point, isn?t it? Bringing computers into the middle of that is like paying someone to program a robot to have sex on your behalf so you don?t have to. And yet it seems we benefit from shining an objectifying digital light to disinfect our funky, lying selves once in a while. It?s heartless to have music chosen by digital algorithms. But at least there are fewer people held hostage to the tastes of bad radio D.J.?s than there once were. The trick is being ambidextrous, holding one hand to the heart while counting on the digits of the other. How can you be ambidextrous in the matter of technology and education? Education ? in the broadest sense ? does what genes can?t do. It forever filters and bequeaths memories, ideas, identities, cultures and technologies. Humans compute and transfer nongenetic information between generations, creating a longitudinal intelligence that is unlike anything else on Earth. The data links that hold the structure together in time swell rhythmically to the frequency of human regeneration. This is education. Now we have information machines. The future of education in the digital age will be determined by our judgment of which aspects of the information we pass between generations can be represented in computers at all. If we try to represent something digitally when we actually can?t, we kill the romance and make some aspect of the human condition newly bland and absurd. If we romanticize information that shouldn?t be shielded from harsh calculations, we?ll suffer bad teachers and D.J.?s and their wares. Right now, many of these decisions are being made by the geeks of Silicon Valley, who run a lot of things that other people pretend to run. The crucial choice of which intergenerational information is to be treated as computational grist is usually not made by educators or curriculum developers but by young engineers. The results are mixed. There is a youthful energy applied to some questions, like how to rate teachers. It would be wonderful if computation remained forever associated with youth. Maybe that will happen, and in a hundred years, or a thousand, algorithms and databases will conjure spring flings and all-night parties. The geeks often get things wrong, however. In some cases, simple design solutions can fix problems that geeks have created. An example is concern over the effects of constant mental multitasking. If this problem turns out to be serious in the long term, it can probably be addressed by small changes to digital designs. For instance, maybe it will cost a penny every time you look at your Facebook wall in the future, so you?ll have to actually be aware of when you do it. The deeper concern, for me, is the philosophy conveyed by a technological design. Some of the top digital designs of the moment, both in school and in the rest of life, embed the underlying message that we understand the brain and its workings. That is false. We don?t know how information is represented in the brain. We don?t know how reason is accomplished by neurons. There are some vaguely cool ideas floating around, and we might know a lot more about these things any moment now, but at this moment, we don?t. You could spend all day reading literature about educational technology without being reminded that this frontier of ignorance lies before us. We are tempted by the demons of commercial and professional ambition to pretend we know more than we do. This hypnotic idea of omniscience could kill the magic of teaching, because of the intimacy with which we let computers guide our brains. At school, standardized testing rules. Outside school, something similar happens. Students spend a lot of time acting as trivialized relays in giant schemes designed for the purposes of advertising and other revenue-minded manipulations. They are prompted to create databases about themselves and then trust algorithms to assemble streams of songs and movies and stories for their consumption. We see the embedded philosophy bloom when students assemble papers as mash-ups from online snippets instead of thinking and composing on a blank piece of screen. What is wrong with this is not that students are any lazier now or learning less. (It is probably even true, I admit reluctantly, that in the presence of the ambient Internet, maybe it is not so important anymore to hold an archive of certain kinds of academic trivia in your head.) The problem is that students could come to conceive of themselves as relays in a transpersonal digital structure. Their job is then to copy and transfer data around, to be a source of statistics, whether to be processed by tests at school or by advertising schemes elsewhere. What is really lost when this happens is the self-invention of a human brain. If students don?t learn to think, then no amount of access to information will do them any good. I am a technologist, and so my first impulse might be to try to fix this problem with better technology. But if we ask what thinking is, so that we can then ask how to foster it, we encounter an astonishing and terrifying answer: We don?t know. The artifacts of our past accomplishments can become so engrossing in digital form that it can be harder to notice all we don?t know and all we haven?t done. While technology has generally been the engine that propels us into unknowable changes, it might now lull us into hypnotic complacency. To the degree that education is about the transfer of the known between generations, it can be digitized, analyzed, optimized and bottled or posted on Twitter. To the degree that education is about the self-invention of the human race, the gargantuan process of steering billions of brains into unforeseeable states and configurations in the future, it can continue only if each brain learns to invent itself. And that is beyond computation because it is beyond our comprehension. Learning at its truest is a leap into the unknown. Roughly speaking, there are two ways to use computers in the classroom. You can have them measure and represent the students and the teachers, or you can have the class build a virtual spaceship. Right now the first way is ubiquitous, but the virtual spaceships are being built only by tenacious oddballs in unusual circumstances. More spaceships, please. Jaron Lanier, a partner architect at Microsoft Research and the innovator in residence at the Annenberg School at the University of Southern California, is the author, most recently, of ?You Are Not a Gadget.? From rforno at infowarrior.org Sun Sep 19 08:34:51 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Sep 2010 09:34:51 -0400 Subject: [Infowarrior] - Intel + DRM: a crippled processor that you have to pay extra to unlock Message-ID: <581614FD-0D52-4836-ACAD-AC93514D56DD@infowarrior.org> Intel + DRM: a crippled processor that you have to pay extra to unlock Cory Doctorow at 12:05 AM Sunday, Sep 19, 2010 http://www.boingboing.net/2010/09/19/intel-drm-a-crippled.html Intel's latest business-model takes a page out of Hollywood's playbook: they're selling processors that have had some of their capabilities crippled (some of the cache and the hyperthreading support are switched off). For $50, they'll sell you a code that will unlock these capabilities. Conceptually, this is similar to the DRM notion that I can sell you a movie that you can watch on one screen for $5 today, and if you want to unlock your receiver's wireless output so you can watch it upstairs, it'll be another $5. I remember the first time someone from the studios put this position to me. It was a rep from the MPAA at a DRM standards meeting, and that was just the example he used. He said: "When you buy a movie to watch in your living room, we're only selling you the right to see it in your living room. Sending the same show upstairs to watch in your bedroom has value, and if it has value, we should be able to charge money for it." This idea, which Siva Vaidhyanathan calls "If value, then right," sounds reasonable on its face. But it's a principle that flies in the face of the entire human history of innovation. By this reasoning, the company that makes big tins of juice should be able to charge you extra for the right to use the empty cans to store lugnuts; the company that makes your living room TV should be able to charge more when you retire it to the cottage; the company that makes your coat-hanger should be able to charge more when you unbend it to fish something out from under the dryer. Moreover, it's an idea that is fundamentally anti-private-property. Under the "If value, then right" theory, you don't own anything you buy. You are a mere licensor, entitled to extract only the value that your vendor has deigned to provide you with. The matchbook is to light birthday candles, not to fix a wobbly table. The toilet roll is to hold the paper, not to use in a craft project. "If value, then right," is a business model that relies on all the innovation taking place in large corporate labs, with none of it happening at the lab in your kitchen, or in your skull. It's a business model that says only companies can have the absolute right of property, and the rest of us are mere tenants. If there's one industry where "If value, then right," is a dead letter, it's computing. The first processors Intel ever sold went into PCs did practically nothing. It was only the addition of unlicensed, unauthorized, independent third-party innovation -- software, peripherals, networks -- that made them valuable enough to send more business Intel's way. Intel is a direct beneficiary of our property rights in our computers: the company's best customers are hobbyists who buy Intel processors directly in order to upgrade their PCs. What if Dell asserted "If value, then right," and told its customers that they had only purchased the right to run their PCs as-is, an if they wanted a faster processor, they'd have to pay Dell to unlock this latent value? One thing remains to be seen: will Intel try to sue people who figure out how to unlock their processors without paying Intel? Under the more exotic interpretations of the US Digital Millennium Copyright Act, showing your neighbor how to unlock her Intel processor is a copyright violation (though a recent court decision went the other way). Just this week, Intel's spokesman sang the praises of the DMCA's anti-circumvention rules and promised to use them to club down its competitors. Let's hope that this anti-property mania doesn't extend to attempts at shutting down websites that distribute software that let us unlock our own processors. From rforno at infowarrior.org Sun Sep 19 12:46:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 19 Sep 2010 13:46:42 -0400 Subject: [Infowarrior] - IE: A Loophole Big Enough for a Cookie to Fit Through Message-ID: <46C7B59B-0642-4BB0-8D37-03446E5ED56C@infowarrior.org> September 17, 2010, 2:39 pm A Loophole Big Enough for a Cookie to Fit Through By RIVA RICHMOND http://bits.blogs.nytimes.com/2010/09/17/a-loophole-big-enough-for-a-cookie-to-fit-through/ If you rely on Microsoft?s Internet Explorer?s privacy settings to control cookies on your computer, you may want to rethink that strategy. Large numbers of Web sites, including giants like Facebook, appear to be using a loophole that circumvents I.E.?s ability to block cookies, according to researchers at CyLab at the Carnegie Mellon University School of Engineering. A technical paper (note: clicking on the link will initiate a download of a pdf) published by the researchers says that a third of the more than 33,000 sites they studied have technical errors that cause I.E. to allow cookies to install, even if the browser has been set to reject them. Of the 100 most visited destinations on the Internet, 21 sites had the errors, including Facebook, several of Microsoft?s own sites, Amazon, IMDB, AOL, Mapquest, GoDaddy and Hulu. Typos and honest mistakes likely explain many of the errors, says Lorrie Faith Cranor, director of the CyLab Usable Privacy and Security Laboratory and one of the paper?s authors. But she estimates that more than half represent deliberate efforts to keep I.E. from blocking certain types of third-party cookies based on privacy policies. Cookies are used to store information about a user or computer?s Web use so sites can customize that user?s experience, including what ads they see. So-called persistent or tracking cookies are data placed not by the site visited, but by other third-party Web sites that have placed content or advertising on the visited Web page. These types of cookies can stay on computers for long periods of time and gather data about surfing habits, and have long raised hackles among those concerned about privacy online. The loophole resides deep in an exchange of data between browser and site. Normally, Internet Explorer checks the privacy policy of a site to see if it complements the browser?s own security settings. This checking is done through ?compact policies?: lines of computer code (in this case, three- or four-letter codes) that reflect the content of the tomelike privacy policies that sites have written out in English. For illustrative purposes, imagine an interaction between browser and site that goes something like this: Browser: I don?t allow cookies that store personally identifiable information that could be used to contact me without permission. Site: I do have some cookies to place here, but none do that. Browser: That sounds fine. Come on in. Compact policies are voluntary and are part of an Internet standard called Platform for Privacy Preferences, or P3P, that was developed in the 1990s. Dr. Cranor was on the standards committee that developed P3P. The goal of compact policies was to create a way of describing sites? privacy practices when it comes to cookies that computers could read and use. Microsoft?s I.E. browser is the only major browser to make meaningful use of P3P; it uses compact policies to block and control certain cookies by default with its ?medium? privacy setting. (Access the settings in I.E. Version 8 by clicking ?Tools,? then ?Internet Options? and then ?Privacy.? Change your setting using the slider.) And it has been the power of I.E.?s market share?60 percent, according to NetMarketshare?that has led sites that want to install cookies onto PCs to use compact policies, say experts like Dr. Cranor and Ari Schwartz, vice president at the Center for Democracy and Technology until he joined the Obama administration last month. Browsers like Chrome, Firefox and Safari have simpler security settings. Instead of checking a site?s compact policy, these browsers simply let people choose to block all cookies, block only third-party cookies or allow all cookies. The loophole sites are using to evade I.E.?s cookie blocker shows up in the process the browser uses to check compact policies. I.E. checks only for codes that indicate a site doesn?t have the right privacy protections, Dr. Cranor says. If it finds a compact policy with bad inputs ? say, the codes are wrong (there are certain three- and four-letter combinations) or there aren?t enough of the codes to complete a proper policy (at least five) ? it simply lets the cookies install. When students at Carnegie Mellon started investigating these bad codes, they noticed the exact same insufficient three-code combination showing up in more than 2,700 Web sites. Curious how everyone could make the same mistake, they searched for the code in Google and found, surprisingly, a Microsoft support page. Microsoft says it has now ?retired? the page cited by CyLab (you can see it, cached, here), adding that the codes shown there were meant only to be an example, not a recommendation. It notes it also provides an article to guide Web developers on how to properly configure P3P so it matches their written privacy policy. CyLab found that some of the Internet?s largest sites make use of the loophole, and through other means than the inaccurate Microsoft codes. For instance, Facebook last year had a compact policy with the cheeky entry ?HONK,? Dr. Cranor says. (?Honk? is not a valid compact-policy code, nor does it resemble any valid codes, which would explain codes that were mistyped.) Facebook now has a policy with two correct codes, which is unusable because there must be at least five codes. A Facebook spokesman said in an e-mailed statement: ?We?re committed to providing clear and transparent policies, as well as comprehensive access to those policies. We?re looking into the paper?s findings to see what, if any, changes we can make.? Ben Maurer, a software engineer at Facebook, said that the site used only two codes instead of five because current compact-policy codes do not ?allow a rich enough description to accurately represent our privacy policy.? Mr. Maurer said he did not know the history of how ?HONK? made it into a compact policy. The paper also notes that 134 sites with TRUSTe seals, which are meant to reassure consumers that strong privacy measures are in place at a Web site, have faulty compact policies. Only 391 of more than 3,000 sites with the seal had compact policies at all. TRUSTe?s president, Fran Maier, said in a blog post that the group was investigating the matter and contacting customers mentioned in the paper. She noted that customers self-attest to the accuracy of their policies, though TRUSTe will help them accomplish that. She said P3P adoption has been poor across the Internet because it was difficult to put into effect and because consumers didn?t see value in it. Dr. Cranor says she thinks the real trouble is the lack of a regulatory requirement to use P3P, noting that few consumers know what P3P is. ?I?m hoping companies will do the right thing, and it may take pressure form regulators to make that happen,? she says. ?Beyond companies that are basically trying to look good on privacy, there is no incentive because you don?t have to do it.? From rforno at infowarrior.org Mon Sep 20 06:47:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Sep 2010 07:47:36 -0400 Subject: [Infowarrior] - rant: 7 Ways That I Can Tell That the Security Industry Bores Me Message-ID: Amen, brother!! -rick Mon Sep 20 06:13:29 CDT 2010 Lyger One of the questions I'm occasionally asked is how long I've been "in security". I guess the answer really depends on your definition of "in security"; I've had a job title of "Security X" or have been employed by a "security vendor" since early 2004, but much like the way other people get involved in security, there were security-related duties in previous positions as early as 2000 and a general interest in the field since about 1998. Those duties and the general interest doesn't necessarily qualify as "in security" time, but I like to think it was a good start. It never hurts to get your feet wet and get some basic experience when choosing a career path, especially one that is considered to be somewhat specialized. Well, over ten years have gone by and the landscape has changed somewhat. Security is a hot topic, much more mainstream than it was several years ago, and has never been a more interesting and exciting field, right? Just like your definition of "in security", that probably depends on your definition of "interesting and exciting" too. Sure, there's "cyber-whatever" now, flavor-of-the-week exploits, the marriage of compliance and security, and dozens of other topics that keep Twitter and RSS feeds humming at all hours of the day and night, but for all of that there's still the debate over vulnerability disclosure, whining about how "Vendor X is still [insert whatever they're still doing here]" and overall whining about the general suckiness of the industry as a whole. To be honest about it, I've come to realize over the last couple of years that *all* of the topics listed above are, well, boring to me. This isn't to say that those topics in and of themselves are inherently boring, or even that the security industry as a whole has nothing of interest to anyone, but to *me* the industry has become the equivalent of a company party that goes... on... forever. You're there and it's supposed to be fun at first, but then you end up hearing the same old rehashed stories from the same people you would rather avoid in the hallways, and just about the time you find the exit and start heading for it, someone stops you to ask if you heard the latest about [insert "hot topic" here] and what you think about it. Again, that's just my take. Other metaphors may work better for you (or not at all), so like the old saying goes, YMMV. Before I go on with how I finally realized that the security industry bores me, I'll address what will possibly be some reader feedback saying "if it bores you or if you don't like it, why don't you just quit?". There's actually a good reason why (besides the obvious need to eat and have shelter): I don't *want* it to be boring. I'd like to be around when something that is interesting *to me* happens, but nothing has in quite a while. Keep in mind that I'd rather not see some sort of cyber-armeggedon happen in my quest for something unique and fun, but anything has to be better than a rehash of any topic that has been popular over the last ten years. Anything. Being bored is, well, boring. There were some warning signs; if you recognize any of these, maybe we're in the same boat. [...] http://attrition.org/security/rants/bored/ From rforno at infowarrior.org Mon Sep 20 08:13:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Sep 2010 09:13:35 -0400 Subject: [Infowarrior] - =?windows-1252?q?EU=3A_Global_=91internet_treaty?= =?windows-1252?q?=92_proposed?= Message-ID: Global ?internet treaty? proposed Deal would enshrine in law the founding principles of open standards and net neutrality, and protect the web from political interference. By Claudine Beaumont, Technology Editor Published: 11:46AM BST 20 Sep 2010 http://www.telegraph.co.uk/technology/internet/8013233/Global-internet-treaty-proposed.html Proposals put before the Internet Governance Forum would enshrine in law the principles of free speech and net neutrality for the web The proposal was presented at the Internet Governance Forum in Lithuania last week, and outlined 12 ?principles of internet governance?, including a commitment from countries to sustain the technological foundations that underpin the web?s infrastructure. The draft law has been likened to the Space Treaty, signed in 1967, which stated that space exploration should be carried out for the benefit of all nations, and guaranteed ?free access to all areas of celestial bodies?. Under the proposed terms of the law, there would be cross-border co-operation between countries to identify and address security vulnerability and protect the network from possible cyber attacks or cyber terrorism. It would also uphold rights to freedom of expression and association, and the principle of net neutrality, in which all internet traffic is treated equally across the network. "The fundamental functions and the core principles of the internet must be preserved in all layers of the internet architecture with a view to guaranteeing the interoperability of networks in terms of infrastructures, services and contents," reads the proposal. "The end-to-end principle should be protected globally.? The proposal was drawn up by the Council of Europe, an organisation, based in Strasbourg, with 47 member states that aims to promote human rights, the rule of law and democracy in Europe. Senior figures within the internet industry have become increasingly concerned about the potential for government interference in the running of the web. William Dutton, director of the Oxford Internet Institute, told technology blog Thinq that the recent Digital Economy Bill, in which the government sought to regulate and manage the internet unilaterally, was a good example of this. "Everyone's worried about national governments asserting regulatory authority over the internet," he said. From rforno at infowarrior.org Mon Sep 20 15:48:52 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Sep 2010 16:48:52 -0400 Subject: [Infowarrior] - Lawmakers want power to shut down 'pirate sites' Message-ID: Leahy is sounding like Hatch on the queston of Internet piracy. He used to be a more principled voice of reason on the committee. Le sigh......but my first reaction to this news story is "good luck with that one." -rick September 20, 2010 11:35 AM PDT Lawmakers want power to shut down 'pirate sites' by Greg Sandoval http://news.cnet.com/8301-31001_3-20016995-261.html A group of senators want to hand the U.S. Department of Justice the power to shut down Web sites dedicated to the illegal sharing online of film, music, software, and other intellectual property. "The Combating Online Infringement and Counterfeits Act will give the Department of Justice an expedited process for cracking down on these rogue Web sites regardless of whether the Web site's owner is located inside or outside of the United States," according to a statement from Sen. Patrick Leahy (D-Vt.), chairman of the Senate Judiciary Committee, and committee member Sen. Orin Hatch (R-Utah). Under the proposed legislation, the Justice Department would file a civil action against accused pirate domain names. If the domain name resides in the U.S., the attorney general could then request that the court issue an order finding that the domain name in question is dedicated to infringing activities. The Justice Department would have the authority to serve the accused site's U.S.-based registrar with an order to shut down the site. According to a staffer from Leahy's office, if the site resides outside the United States, the bill would authorize "the attorney general to serve the court order on other specified third parties, such as Internet service providers, payment processors, and online ad network providers." The way it sounds, the Justice Department would try to block these sites from being accessed by people in the United States or cut them off from credit card transactions or receiving ad revenue from U.S. companies. This is one of the most ambitious attempts yet from the U.S. government to fight online piracy. President Barack Obama and Vice President Joe Biden have pledged this year to help protect U.S. intellectual property. In June, Biden made headlines when he said: "Piracy is theft, clean and simple. It's smash and grab." The proposed legislation comes after years of failed attempts by the United States to battle alleged pirate sites based overseas. None of those sites is more well-known than The Pirate Bay, a BitTorrent search engine whose three founders are from Scandinavia. The site has managed to thwart numerous international efforts to shut it down. If the bill passes, it could mark the most significant antipiracy victory for the film and music industries in quite awhile. The Motion Picture Association of America and The Recording Industry Association of America have tried lobbying ISPs to adopt policies that would culminate with a potential suspension or termination of service. While some ISPs have agreed to implement such policies, some of the bigger companies, such as AT&T have refused to boot alleged illegal file sharers without a court order. Bob Pisano, interim CEO of the MPAA, applauded Leahy and his committee for combating "efforts to steal the lifeblood" of their industries. Update 1 p.m. PT: Added information on the proposed legislation's handling of accused pirate sites that reside overseas. From rforno at infowarrior.org Mon Sep 20 16:26:17 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Sep 2010 17:26:17 -0400 Subject: [Infowarrior] - NBER offers the idiotic statement of the year Message-ID: <85DCD8DB-DDE5-4BA9-B43B-9A63B7138AB5@infowarrior.org> NBER is paid and praised for their economic insights and proclaimations, which have been breathelssly covered by the news media today The fact anyone listens to these people is in itself a testament to the collective idiocy of the financial news environment. (Translation: "Funny, it dosen't FEEL like the recession is over.") We can all be 100% accurate in our statements with the gift of 20/20 hindsight. --rick September 20, 2010 at 10:30 AM http://seattletimes.nwsource.com/html/soundeconomywithjontalton/2012948582_tell_me_the_recessions_over_te.html Tell me the recession's over. Tell me another one Posted by Jon Talton I return with good news. The recession ended in June. Of 2009. This is not a joke but the pronouncement of the National Bureau of Economic Research, the group given the dismal but important task of "officially" dating the beginning and end of recessions. The NBER, a group of respected academic economists, didn't color itself in glory in the run-up to its official call of the recession's start. It didn't take a Ph.D. to know the economy was very sick well before December 2007. The new statement will only make average Americans wonder if any common sense remains in the ranks of those who guide and watch the economy. The problem with this entire slapstick is that most Americans doubt the recession is over. And with good reason. Jobs are especially in short supply: When this or that report says that a statistic is the worst since 1948 or World War II, that's because modern measurement began then. So we're talking unemployment stress not seen since the Depression. Poverty is rising. A record number are on food stamps. Consumer spending is anemic, prolonging state and local budget crises, maintaining a feedback loop that keeps recovery from taking hold. Some fundamental illnesses are raging inside the American economy, and the idea that it really, really is a recovery, but with lagging jobs, incomes, small-business lending, etc. etc. becomes laughable. In addition, the yardsticks of general prosperity seem to have changed as the economy has become more complex, global and unequal. The many resets made and postponed by this severe meltdown have created different dynamics, making it difficult to distinguish the cyclical from the secular. We're not going back to 1992 or 2001. Thus measures such as the NBER's become ever more irrelevant. If it makes you feel any better, most of the causes of the recent recession are still in place. From rforno at infowarrior.org Mon Sep 20 17:24:58 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 20 Sep 2010 18:24:58 -0400 Subject: [Infowarrior] - Checkpoint resorts to scare tactics Message-ID: <39866B80-AEB6-4353-AA3A-C8F3D097FC59@infowarrior.org> "Check Point Software appears to be ripping a page from the 'scum it claims to fight,' running a scare-tactic warning dialog to frighten users into upgrading to a paid version of the company's ZoneAlarm firewall product. Preying on fears of ZeuS.Zbot, the Check Point warning dialog tells users their PCs 'may be in danger' without having found ZeuS.Zbot, nor having checked to see whether you're running an antivirus product. 'The program doesn't care if you're infected with ZeuS.Zbot, or if you have protection in place. It just wants to sell you an upgrade to the firewall that may or may not detect future ZeuS.Zbot variants' activities ? some day.' Check Point's customers have inundated the ZoneAlarm forums with complaints." http://it.slashdot.org/story/10/09/20/2037233/ZoneAlarm-Employs-Scare-Tactics-Against-Its-Users?from=rss See the discussion at Checkpoint forums: http://forums.zonealarm.com/showthread.php?t=75332 From rforno at infowarrior.org Tue Sep 21 09:19:06 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Sep 2010 10:19:06 -0400 Subject: [Infowarrior] - Twitter Rolls Out Fix for Security Flaw Message-ID: <92FE82BC-3488-4A9F-928C-B4069490D267@infowarrior.org> Twitter Rolls Out Fix for Security Flaw Reported hack exploited thousands of accounts By LAUREN BERTOLINI Updated 7:11 AM PDT, Tue, Sep 21, 2010 http://www.nbcbayarea.com/news/tech/Twitter-Security-Flaw-Widely-Exploited-103431764.html Twitter has patched a security flaw that allowed thousands of accounts to be exploited, sending automated Tweets and redirecting users to websites without their consent. The hack, which only affected the Twitter.com interface, allowed users to insert a piece of JavaScript code into a URL, creating pop-up windows when users hovered their mouse over a link. In effect, users "clicked" and shared a link whenever they hovered over it. The issue was first addressed by Sophos, a company that makes web security software, in a blog post early this morning after a number of high-profile Twitter accounts were affected by the bug. The site points out that initially it had been used only for "fun and games," redirecting users to porn sites rather than exposing users to malware. Among the high-profile victims is Press Secretary Robert Gibbs. After an auto-tweet appeared on his account, Gibbs posted, "My Twitter went haywire - absolutely no clue why it sent that message or even what it is...paging the tech guys..." Tech bloggers like Caroline McCarthy over at CNET and the folks at Mashable suggest avoiding Twitter.com and using a third-party Twitter app for the time being until the issue has been resolved. The folks at TechCrunch also have a handy guide for avoiding and fixing the bug. First Published: Sep 21, 2010 6:32 AM PDT on NBC Los Angeles Find this article at: http://www.nbcbayarea.com/news/tech/Twitter-Security-Flaw-Widely-Exploited-103431764.html From rforno at infowarrior.org Tue Sep 21 10:26:08 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Sep 2010 11:26:08 -0400 Subject: [Infowarrior] - =?windows-1252?q?Code_That_Tracks_Users=92_Browsi?= =?windows-1252?q?ng_Prompts_Lawsuits?= Message-ID: <347B198D-71B9-4256-B493-749F009C4CBD@infowarrior.org> September 20, 2010 Code That Tracks Users? Browsing Prompts Lawsuits By TANZINA VEGA http://www.nytimes.com/2010/09/21/technology/21cookie.html Sandra Person Burns used to love browsing and shopping online. Until she realized she was being tracked by software on her computer that she thought she had erased. Ms. Person Burns, 67, a retired health care executive who lives in Jackson, Miss., said she is wary of online shopping: ?Instead of going to Amazon, I?m going to the local bookstore.? Ms. Person Burns is one of a growing number of consumers who are taking legal action against companies that track computer users? activity on the Internet. At issue is a little-known piece of computer code placed on hard drives by the Flash program from Adobe when users watch videos on popular Web sites like YouTube and Hulu. The technology, so-called Flash cookies, is bringing an increasing number of federal lawsuits against media and technology companies and growing criticism from some privacy advocates who say the software may also allow the companies to create detailed profiles of consumers without their knowledge. Unlike other so-called HTML cookies, which store Web site preferences and can be managed by changing privacy settings in a Web browser, Flash cookies are stored in a separate directory that many users are unaware of and may not know how to control. Ms. Person Burns, a claimant who is to be represented by KamberLaw, said she knew cookies existed but did not know about Flash cookies. ?I thought that in all the instructions that I followed to purge my system of cookies, I thought I had done that, and I discovered I had not,? she said. ?My information is now being bartered like a product without my knowledge or understanding.? Since July, at least five class-action lawsuits filed in California have accused media companies like the Fox Entertainment Group and NBC Universal, and technology companies like Specific Media and Quantcast of surreptitiously using Flash cookies. More filings are expected as early as this week. The suits contend that the companies collected information on the Web sites that users visited and from the videos they watched, even though the users had set their Web browser privacy settings to reject cookies that could track them. ?What these cases are about is the right of a computer user to dictate the terms by which their personal information is harvested and shared. This is all about user control,? said Scott A. Kamber, 44, a privacy and technology lawyer with KamberLaw who is involved with some of the cases. The suits have been filed by firms including Parisi & Havens and the law office of Joseph H. Malley. One lawsuit contends that Clearspring Technologies and media companies including the Walt Disney Internet Group ?knowingly authorized? the use of online tracking devices that would ?allow access to and disclosure of Internet users? online activities as well as personal information.? Others say that the information was gathered to sell to online advertisers. In August, Clearspring and Quantcast issued statements on their company blogs addressing the suits. Clearspring clarified its use of Flash cookies and said the legal filings were ?factually inaccurate.? The company said it used Flash cookies, also known as Flash local storage, ?to deliver standard Web analytics to publishers.? The post also stated that data was collected at the aggregate level including unique users and interaction time, but did not include personally identifiable information. Quantcast?s blog post said that the company ?uses Flash cookies for measurement purposes only and not for any form of targeted content delivery.? Specific Media did not respond to requests for comment. Counsel for the media companies in the cases declined to comment; representatives of companies that had not yet been served with the suits also declined to comment. Some privacy advocates said that despite the companies? claims, if enough data is collected over time, advertisers can create detailed profiles of users including personally identifiable data like race and age in addition to data about what Web sites a user visits. They also take issue with the fact that Flash cookies can be used to restore HTML cookies that have been deleted from a user?s computer, circumventing a user?s privacy settings. ?The core function of the cookie is to link what you do on Web site A to what you do on Web site B,? said Peter Eckersley, a technologist at the Electronic Frontier Foundation. ?The Flash cookie makes it harder for people to stop that from happening.? According to Adobe, more than 75 percent of online videos are delivered using Flash technology, with media companies also using it to serve games and animation to users. The company says that Flash cookies are intended to be used for basic Web functions like saving a user?s volume and language preferences or remembering where a user left off on a video game. In a public letter to the Federal Trade Commission in January, Adobe condemned the practice of restoring cookies after they had been deleted by a user. The company provides an online tool on its Web site to erase Flash cookies and manage Flash player settings. At least one suit, however, claims that the controls are not easy to reach and are not obvious to most Web users. Chris Jay Hoofnagle, 36, one of the authors of a University of California, Berkeley, study about Internet privacy and Flash cookies that has been used in several of the legal filings, said the recent spate of suits pointed to a weakness in federal rules governing online privacy. ?Consumer privacy actions have largely failed,? Mr. Hoofnagle said. The lawsuits, he added, ?actually are moving the policy ball forward in the ways that activists are not.? Complaints about online privacy are now migrating to mobile technology. Last week, a lawsuit was filed by three California residents against a technology company called Ringleader Digital saying that the company used a product called Media Stamp that ?acquired information from plaintiff?s phone and assigned a unique ID to their mobile device.? The suit says that the information collected by the unique ID, using a technology called HTML 5, allowed Web site operators ?to track the mobile devices? Internet activities over multiple Web sites.? In a statement, Bob Walczak Jr., Ringleader?s chief executive, said, ?Our intent since the inception of the company has been to build a mobile advertising platform that users can control.? He added that Ringleader was working on ?new ways for consumers to be able to verify for themselves that their opt-outs have taken effect.? John Verdi, senior counsel at the Electronic Privacy Information Center, faulted the Federal Trade Commission for not being more aggressive on privacy issues, focusing largely, instead, on self-regulation. ?The F.T.C. has been inactive on this front and has failed to present meaningful regulation on this,? he said. ?There?s wide evidence that online tracking is not being controlled by self-regulation.? Christopher Olsen, an assistant director in the division of privacy and identity protection at the agency, said it had hosted a series of roundtable discussions about online and offline privacy challenges from December to March and planned to issue a report in the next few months to address those issues. The agency is investigating several companies, but Mr. Olson declined to comment on the specifics. Other efforts to address online privacy are taking place at the Congressional level. In July, Representative Bobby L. Rush, Democrat of Illinois, introduced an online privacy bill that would, among other things, require companies to disclose how they collect, use and maintain the personal information on users and to make those disclosures easy for users to understand. From rforno at infowarrior.org Tue Sep 21 10:27:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Sep 2010 11:27:23 -0400 Subject: [Infowarrior] - Google Says Brazil, Libya Make Most Demands to Pull Content From Internet Message-ID: <6D467884-4DF0-495F-BFF7-27C1E57D3E53@infowarrior.org> Google Says Brazil, Libya Make Most Demands to Pull Content From Internet By Douglas MacMillan - Sep 21, 2010 http://www.bloomberg.com/news/print/2010-09-21/google-says-brazil-libya-make-most-government-demands-to-pull-web-content.html Google Inc. was asked by Brazilian officials to remove content from the Web 398 times in the first half of the year, the most by a government, according to a report published today by the Internet-search company. Brazil?s requests were more than double the total from Libya, which came in second with 149. The U.S. and Germany followed with 128 and 124 requests, respectively, Google said in its second report on government transparency, which lists 35 countries that make such demands. Google, owner of the world?s largest search engine, aims to share information about its dealings with foreign governments in order to promote free expression and competition in emerging Internet markets. Mountain View, California-based Google closed its search engine in China earlier this year after clashing with the country over censorship. Users in China are now redirected to its Hong Kong site. ?We care about this because we care about free expression as a value,? Niki Fenwick, a spokeswoman for Google, said in an interview. ?We also care about it because it?s core to our business. When our services are blocked or filtered, we can?t serve our users.? In addition to ranking the number of government requests to remove content and plotting them on an interactive map, Google today opened access to a new tool that graphs the traffic of Web users in individual countries. If traffic drops off, Google plans to add notes to the site explaining whether the interruption is the result of government blocking or from a technical glitch, Fenwick said. Brazil Requests Access to Google?s website in China became briefly unavailable in July, causing some news outlets to speculate authorities there had completely blocked access to the site. The service became available again to Chinese users the same day, and the company said the problem may have been a measurement error. Many requests to remove content from Brazil, where Google?s Orkut social-networking service has the most users, are related to people the government alleges committed crimes of impersonation or defamation, Google said. Earlier this year, a Brazilian court ordered the removal of more than 18,000 photos from Google?s photo site, Picasa, after a lawsuit claimed they contained images from copyrighted books, Google said. Brazil also topped Google?s list of government requests for the second half of 2009, issued in April. So-called takedown requests in the country rose 37 percent in the first half of 2010 from the previous six months. To contact the reporter on this story: Douglas MacMillan in San Francisco at Dmacmillan3 at bloomberg.net. To contact the editor responsible for this story: Tom Giles at tgiles5 at bloomberg.net From rforno at infowarrior.org Tue Sep 21 11:06:08 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Sep 2010 12:06:08 -0400 Subject: [Infowarrior] - Movie Producers Want Sole Ownership Of Facebook Fans Message-ID: <63EF0D7B-7CA9-41C7-B285-C1CE2FCCBCE0@infowarrior.org> Movie Producers Want Sole Ownership Of Facebook Fans from the alternate-destinations dept http://www.techdirt.com/articles/20100913/20473110993/movie-producers-want-sole-ownership-of-facebook-fans.shtml chunlou apparently is involved with a Facebook fanpage for the movie Let Me In. For over a year, the fan page has built up a nice collection of photos and videos related to the movie -- much of it created by fans (fanart, parodies, etc.) along with promotional material from the film (trailers and promotional photos released by the studio) which you would think would make the studio happy to see spread. Not so much, apparently. Rather than embracing these fans, Overture Films apparently has freaked out about losing "control" of fans -- and has had a partner issue a takedown notice to Facebook, demanding all of the artwork be taken down as infringing. What's noteworthy is that in the letter itself, the company demanding the takedown, Mammoth Advertising, is pretty upfront that the reason isn't that the works are harming the market for those same works -- but that Overture doesn't want fans going anywhere but its official site to learn about the movie. The key passage in the letter: "... we fear that they are establishing themselves as an alternate destination and authority for the film. They could post false, misleading, or inappropriate content about the film which would be seen by Facebook users." Of course, if they posted false or misleading content, then the filmmakers would be able to make claims against them. That they're trying to misuse copyright law to take down such a fan effort seems deeply troubling. It's an abuse of copyright law, which is designed not to prevent someone from potentially doing something "misleading," but supposedly to give the producer a monopoly solely for the purpose of creating the incentive to create the content. Is Overture really suggesting that if this fanpage is allowed to continue it won't have incentive to make movies any more? There's also a pretty strong case for fair use here again. While I haven't seen the fanart, so that could depend, if we go through the basic four factors test, it's hard to see how any of them side with Overture. The purpose is clearly non-commercial for the creators of the fanpage. The nature of the work is that it's a fanpage, designed to promote the original work and to provide commentary on it. It's not showing the movie itself, but rather promotional clips that were released by the filmmakers to gain interest in the film, so it's not using much of the actual movie. And, the user-generated content sounds at least somewhat transformative (though, again, it would help to actually see what was taken down). Finally, while the letter accuses the fan page of pulling content off of the official site, chunlou insists that that did not happen, and claims that the official site was way too slow to update, and they usually had the content first. Frankly, the whole thing seems pretty silly. A decade ago, we would hear about movie studios freaking out about fanpages, but it had seemed like most of them had figured out that such things are a good thing. Apparently, some filmmakers aren't quite there yet. Anyway, we've posted the full takedown letter after the jump, where they admit that they're happy that there is a fan group, but they're afraid too many people will go there. Chunlou has filed a counternotice claiming fair use, so we'll see if Overture takes this any further. < -- > http://www.techdirt.com/articles/20100913/20473110993/movie-producers-want-sole-ownership-of-facebook-fans.shtml From rforno at infowarrior.org Tue Sep 21 11:09:53 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 21 Sep 2010 12:09:53 -0400 Subject: [Infowarrior] - McAfee Jumps On The URL Shortening Bandwagon Message-ID: McAfee Jumps On The URL Shortening Bandwagon With McAf.ee Robin Wauters http://techcrunch.com/2010/09/21/mcafee-url-shortener/ Antivirus and security software company McAfee, for reasons unknown, has apparently decided the world needs yet another URL shortening service. The company this morning launched the beta version of McAf.ee, which it purports is a service that lets people create safe short URLs. Which I think means that, unlike all the others, you don?t need to wear leather safety gloves to use it. Actually, McAf.ee is using, and promotes, McAfee Labs? real-time Global Threat Intelligence solution, which aims to protect users from new threats before they strike by using millions of sensors to gather real-time intelligence from host IP addresses, Internet domains, specific URLs, files, images, and email messages. Why the company thought it?d be a good idea to give birth to another URL shortening service (frame included) is anyone?s guess, but according to this brief launch post the idea came from their PR firm and was internally championed by the corporate communications chief. That explains a lot. From rforno at infowarrior.org Wed Sep 22 06:04:30 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Sep 2010 07:04:30 -0400 Subject: [Infowarrior] - Former NSC Official Criticizes Cyber Security Policies Message-ID: <302773E7-DF18-495D-8E8E-53D44CA18ABC@infowarrior.org> Former NSC Official Criticizes Cyber Security Policies By Siobhan Gorman http://blogs.wsj.com/washwire/2010/09/21/former-nsc-official-criticizes-cyber-security-policies/ The Obama administration?s cyber security policies came under fire today from unexpected quarters?former National Security Council official Richard Clarke, who advised the administration?s transition team. ?The Obama administration so far has failed to do the necessary with regard to cyberwar,? said Clarke, who now heads a security consulting firm, Good Harbor Consulting, and recently co-authored a book on cyber security. In a speech in Washington to the Cyber Conflict Studies Association, he acknowledged several times that he was critiquing his friends. The Obama administration was quick to fire back. ?The Obama administration is very focused on this,? said one administration official. ?The president has designated [cyber security] as a strategic national asset.? The administration hasn?t articulated a strategy to tackle computer network security in the U.S. The Pentagon has hinted that such a strategy exists but hasn?t described it publicly, Clarke said. He said the Pentagon is working to extend its cyber protection efforts to the private sector because the Department of Homeland Security isn?t providing that security. Among other failings, Clarke said the Homeland Security?s cyber security programs are underfunded and the department has ?done nothing? about cyber threats to critical infrastructure such as the electric grid, which is increasingly dependent on the Internet to stay up and running. The administration?s failure to engage the public on cyber security matters is dangerous, Clarke said, adding that history suggests the government is apt to make mistakes when it refuses to communicate openly with the public about its activities. The administration official countered that the agencies responsible for cyber security have been staffing up quickly and the Homeland Security has created SWAT teams to respond to cyber attacks affecting critical infrastructure. In the coming weeks, Homeland Security will launch an exercise to test out its new response plan for cyber attacks, which the official called ?a playbook for everybody to work from.? From rforno at infowarrior.org Wed Sep 22 07:53:32 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Sep 2010 08:53:32 -0400 Subject: [Infowarrior] - =?windows-1252?q?SCOTUS_Eyeing_RIAA_=91Innocent_I?= =?windows-1252?q?nfringer=92_Case?= Message-ID: Supreme Court Eyeing RIAA ?Innocent Infringer? Case ? By David Kravets ? September 21, 2010 | ? 7:18 pm | http://www.wired.com/threatlevel/2010/09/supreme-court-riaa/ The U.S. Supreme Court is weighing into the first RIAA file sharing case to reach its docket, requesting that the music labels? litigation arm respond to a case testing the so-called ?innocent infringer? defense to copyright infringement. The case pending before the justices concerns a federal appeals court?s February decision ordering a university student to pay the Recording Industry Association of America $27,750 ? $750 a track ? for file-sharing 37 songs when she was a high school cheerleader. The appeals court decision reversed a Texas federal judge who, after concluding the youngster was an innocent infringer, ordered defendant Whitney Harper to pay $7,400 ? or $200 per song. That?s an amount well below the standard $750 fine required under the Copyright act. Harper is among the estimated 20,000 individuals the RIAA has sued for file-sharing music. The RIAA has decried Harper as ?vexatious,? because of her relentless legal jockeying. The justices, without comment, asked the RIAA to respond (.pdf) to Harper?s petition to review the appellate court?s ruling. Harper?s challenge weighs whether the innocent-infringer defense to the Copyright Act?s minimum $750-per-music-track fine may apply to online file sharing. Generally, an innocent infringer is someone who does not know she or he is committing copyright infringement. The justices have not granted review of Harper?s case, but Wednesday?s action by the high court substantially increases the chances that an RIAA file sharing case targeting an individual will be heard for the first time, sometime in the upcoming term that begins Oct. 4. The high court usually grants less than 1 percent of petitions sent to it. According to a recent study, if the court requests briefing on a petition, as it did on the Harper case, the odds increase to 34 percent. The RIAA had originally waived its right to respond to the petition. A Texas federal judge had granted Harper the innocent-infringer exemption to the Copyright Act?s minimum fine, because the teen claimed she did not know she was violating copyrights. She said she thought file sharing was akin to internet radio streaming. The appeals court, however, said she was not eligible for such a defense, even though she was between 14 and 16 years old when the infringing activity occurred on LimeWire. The reason, the appeals court concluded, is that the Copyright Act precludes such a defense if the legitimate CDs of the music in question carry copyright notices. ?Harper cannot rely on her purported legal naivety,? the New Orleans?based 5th U.S Circuit Court of Appeals ruled, 3-0. Attorneys for Harper told the justices (.pdf) that she should get the benefit of the $200 innocent-infringer fine, because the digital files in question contained no copyright notice. From rforno at infowarrior.org Wed Sep 22 16:07:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Sep 2010 17:07:33 -0400 Subject: [Infowarrior] - Family's Titanic secret revealed Message-ID: <7C26030D-9B59-42F7-B617-49E97A467EA9@infowarrior.org> 22 September 2010 Last updated at 10:02 ET http://www.bbc.co.uk/news/uk-northern-ireland-11390144 Family's Titanic secret revealed The Titantic's bow railing filmed by remote control cameras Confusion about steering orders was responsible for the Titanic sinking, according to a relative one of the ship's officers. Novelist Louise Patten, granddaughter of Titanic's Second Officer Charles Lightoller, said an officer had steered into an iceberg instead of away. The Belfast-built luxury liner sank in the Atlantic Ocean on her maiden voyage in April 1912 with the loss of 1,500 lives. Ms Patten said the tragedy had occurred during a period when shipping communications were in transition from sail to steam. Two different systems were in operation at the time, Rudder Orders (used for steam ships) and Tiller Orders (used for sailing ships). Crucially, Ms Patten said, the two steering systems were the complete opposite of one another, so a command to turn 'hard a-starboard' meant turn the wheel right under one system and left under the other." She said when the helmsman, who had been trained in sail, received the direction, he turned the vessel towards the iceberg with tragic results. Titantic Second Officer Charles Lightoller, who kept the secret from the outside world Ms Patten has worked the story of the catastrophe into her latest novel, Good As Gold. She said that while Charles Lightoller was not on watch at the time of the collision, a dramatic final meeting of the four senior officers took place in the first officer's cabin shortly before Titanic went down. There, Lightoller heard not only about the fatal mistake, but also what happened next up on the bridge. While the helmsman had made a straightforward error, what followed was a deliberate decision, she claimed. Lightoller was the only survivor to know that after the iceberg was hit, Bruce Ismay, chairman of Titanic's owner, the White Star Line, persuaded Captain Smith to continue sailing. The truth of what happened on that historic night was deliberately buried, she said. Louise Patten's grandfather decided not to disclose what he knew and even kept his story from an official enquiry into the sinking. "By his code of honour, he felt it was his duty to protect his employer - White Star Line - and its employees," Ms Patten said. "It was made clear to him by those at the top that, if the company were found to be negligent, it would be bankrupted and every job would be lost. "The enquiry had to be a whitewash. The only person he told the full story to was his beloved wife Sylvia, my grandmother." From rforno at infowarrior.org Wed Sep 22 18:35:41 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 22 Sep 2010 19:35:41 -0400 Subject: [Infowarrior] - PG&E's secret pipeline map Message-ID: PG&E's secret pipeline map By marke Created 09/21/2010 - 2:39pm The utility won't release its pipeline locations ? even to the Fire Department ? but we managed find the info http://www.sfbg.com/print/2010/09/21/pges-secret-pipeline-map >>CLICK HERE TO VIEW THE FULL-SIZE PG&E SECRET PIPELINE MAP (PDF) [2] It's been nearly two weeks since the pipeline in San Bruno exploded and killed four people, injuring many more and destroying 37 homes. And it's left a lot of people in San Francisco wondering: could it happen here? Of course it could. PG&E has more than 200 miles of major gas pipelines under the city streets that are scheduled to be replaced ? and that means they're reaching the end of their useful life. Just like the pipe that blew up in San Bruno. Are any running under your home or business? PG&E isn't going to tell you. That's bad. "The public has a right to this information," City Attorney Dennis Herrera told us. And Sup. Ross Mirkarimi has introduced a resolution calling on PG&E to make the locations of its pipelines, electric lines, and other potentially parts of the company's infrastructure public. But here's what worse: even the city's public safety departments ? the ones that would have to respond to a catastrophic event involving a gas main break ? don't know where those lines are. "I'm still looking for that map myself," said Lt. Mindy Talmadge, a spokesperson for the Fire Department. The city's Public Utilities Commission, which, among other things, digs its own trenches to install and repair water pipes, doesn't have the PG&E map. Neither does the the California PUC, which regulates PG&E. It might also make sense for the City Planning Department to have the map; after all, zoning an area for the future development of dense housing that sits on top of an explosive gas main might be an issue. "People need to start holding PG&E accountable," Planning Commission member Christina Olague told us. "Why shouldn't PG&E release [the map] given the recent tragedy?" PG&E insists that the exact location of the gas mains should remain secret because someone might want to use the information for a terrorist attack. But if the San Francisco Fire Department and Department of Emergency Services can't get the map of the pipelines, something is very wrong. Even Sup. Sean Elsbernd, who has been allied with PG&E against public power issues, agreed that "the public safety agencies should certainly have that information." The Mirkarimi resolution urges PG&E "to cooperate with the city's request for infrastructure information." Mayor Gavin Newsom has already appointed the fire chief and city administrator to conduct a utility infrastructure safety review that would evaluate the location, age, and maintenance history of every pipeline underneath city streets. Not every state allows utilities to keep this information secret. In both Washington and Texas, maps of underground pipelines are easily accessible, said Carl Weimer, executive director of the Bellingham, Washington-based nonprofit Pipeline Safety Trust. Texas even has an online system, he said. But in California, PG&E keeps even essential safety agencies in the dark. If a fire came near where a PG&E pipeline was buried ? or if an earthquake fractured some of the lines and gas started to leak ? Talmadge said the San Francisco Fire Department wouldn't be able to do anything about the explosive gas except call PG&E. Only the private utility can shut off the gas, which is under high pressure in the main lines. "We radio to our dispatch center and request PG&E to respond ... They would contact PG&E and have them respond," she explained. The department doesn't prepare specifically for that sort of event. "We do not have a specific gas leak training ... it would be more of a hazardous material training," Talmadge said. The remarkable thing is that much of the data the city doesn't have ? and PG&E won't give up ? can be pulled together from publicly accessible data. The major news media, particularly The Bay Citizen, have been pursuing the story and have run pieces of the map. Several newspapers and websites have published rough maps outlining where the major underground pipes are. But as far as we know, nobody's done a full-scale look at what the existing public records show. Using information that the U.S. Department of Transportation has put on the Web, we've managed to put together a pretty good approximation of the secret map PG&E doesn't want you to see. We took a map from the DOT's Pipeline and Hazardous Materials Safety Administration and layered it over a map of San Francisco. The maps of the southeast part of the city are more accurate; the information on gas mains going through the north and west side of town are sketchier. But the lines appear to run parallel to major streets, and we've put together a guide that at the very least can tell you if there's a potentially explosive gas line in your neighborhood ? and maybe even under your street. Obviously, every house or business that has natural gas service ? and that's most of San Francisco ? is hooked up to a gas pipe, and those feeder pipes run under almost every street. But the gas in those lines is under much lower pressure than the gas in the 30-inch main lines shown on this map, where pressure can reach 200 pounds per square inch. It was a main pipe that blew up under San Bruno. It's not surprising that the southeast ? traditionally the dumping ground for dangerous and toxic materials ? would have the most gas mains, and the most running through residential areas. One line, for example, snakes up Ray Street and jogs over to Delta Street on the edge of McLaren Park and near a playground. It continues under Hamilton and Felton streets, under the Highway 280 and onto Thornton Street before heading into the more industrial areas near Evans Avenue. Another main line goes under the south side of Bernal Heights, running below Banks Street, around the park, then down Alabama Street to Precita Street, where it connects with 25th Street. That line then heads to Potrero Hill, where it follows Rhode Island Street to 20th Street. Research assistance by Nichole Dial. Source URL: http://www.sfbg.com/2010/09/21/pges-secret-pipeline-map From rforno at infowarrior.org Thu Sep 23 06:40:55 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Sep 2010 07:40:55 -0400 Subject: [Infowarrior] - T-Mobile Claims Right to Censor Text Messages Message-ID: <998E933A-56AE-4000-A423-5E1511AD1C4F@infowarrior.org> T-Mobile Claims Right to Censor Text Messages http://gizmodo.com/5645446/t+mobile-claims-right-to-censor-text-messages T-Mobile told a federal judge Wednesday it may pick and choose which text messages to deliver on its network in a case weighing whether wireless carriers have the same "must carry" obligations as wire-line telephone providers. The Bellevue, Washington-based wireless service is being sued by a texting service claiming T-Mobile stopped servicing its "short code" clients after it signed up a California medical marijuana dispensary. In a court filing, T-Mobile said it had the right to pre-approve EZ Texting's clientele, which it said the New York-based texting service failed to submit for approval. EZ Texting offers a short code service, which works like this: A church could send its schedule to a cell phone user who texted "CHURCH" to 313131. Mobile phone users only receive text messages from EZ Texting's customers upon request. Each of its clients gets their own special word. T-Mobile, the company wrote in a filing (.pdf) in New York federal court, "has discretion to require pre-approval for any short-code marketing campaigns run on its network, and to enforce its guidelines by terminating programs for which a content provider failed to obtain the necessary approval." Such approval is necessary, T-Mobile added, "to protect the carrier and its customers from potentially illegal, fraudulent, or offensive marketing campaigns conducted on its network." It's the first federal case testing whether wireless providers may block text messages they don't like. The legal flap comes as the Federal Communications Commission has been dragging its feet over clarifying the rules for wireless carriers. The FCC was asked in 2007 to announce clear rules whether wireless carriers, unlike their wireline brethren, may ban legal content they do not support. The so-called "network neutrality" issue made huge headlines last month, when Google, along with Verizon, urged Congress not to bind wireless carriers to the same rules as wireline carriers. EZ Texting claims it will go out of business if a judge does not promptly order T-Mobile to transmit its texts. T-Mobile accounts for 15 percent of the nation's wireless subscribers. A similar text-messaging flap occurred in 2007, but ended without litigation, when Verizon reversed itself and allowed an abortion-rights group to send text messages to its supporters. From rforno at infowarrior.org Thu Sep 23 07:57:27 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Sep 2010 08:57:27 -0400 Subject: [Infowarrior] - Net Neutrality Compromise Being Weighed by U.S. Lawmakers Message-ID: <2C1D8189-6A93-4A26-B76D-F77146EF0572@infowarrior.org> Net Neutrality Compromise Being Weighed by U.S. Lawmakers By Todd Shields - Sep 23, 2010 12:00 AM ET Thu Sep 23 04:00:01 GMT 2010 http://www.bloomberg.com/news/2010-09-22/congress-said-to-seek-net-neutrality-compromise-for-u-s-fcc.html Federal Communications Commission, FCC, chairman Julius Genachowski has said he may claim power using rules written for monopoly telephone service in the 20th century. Companies led by AT&T and Verizon oppose such action. Photographer: Andrew Harrer/Bloomberg U.S. regulators would get authority over Internet-traffic practices of companies such as AT&T Inc. and Comcast Corp. for two years in a plan being weighed by congressional staff, two people involved with the talks said. Legislation letting the Federal Communications Commission regulate Internet service providers was being discussed with industry representatives yesterday by aides to Representative Henry Waxman, chairman of the House Energy and Commerce Committee, according to the people, who asked not to be identified discussing the private talks. The two years would give the FCC and Congress time to permanently resolve a long-running fight over rules on net neutrality. Internet-service providers would be barred under such regulations from selectively blocking or slowing content going to subscribers while favoring their own offerings and those of business partners. The compromise would let the FCC claim authority over Web service delivered over wires, such as by cable and fiber-optic lines, while allowing the agency to write less-stringent rules for wireless services such as mobile phones, the people said. Google, operator of the most-used Internet search engine, and Verizon Communications Inc., the second-largest U.S. phone company after AT&T, proposed in August that providers of wired Internet service be barred from unreasonably slowing or speeding Web content. Their proposal contained two exemptions: It wouldn?t apply to unspecified ?additional services? developed in the future or to Internet service over wireless devices. The Google-Verizon proposal was rejected by net-neutrality advocates such as the Washington-based group Free Press. Comcast Ruling The FCC?s authority has been under question since a federal court in April said the agency lacked authority to censure Comcast for its Web practices. FCC Chairman Julius Genachowski has said he may claim power using rules written for monopoly telephone service in the 20th century. Companies led by AT&T and Verizon oppose such action. Any compromise would need to satisfy service providers including the telephone companies, Comcast and Time Warner Cable Inc., and Internet and technology companies such as Amazon.com Inc. and Sony Corp., Rebecca Arbogast and David Kaut, analysts with Stifel Nicolaus & Co., said in a Sept. 21 note to investors. It will be difficult ?to thread such a narrow needle? before lawmakers leave Washington to campaign for the Nov. 2 election, perhaps as early as next week, Arbogast and Kaut said in their note. Efforts could continue after the election, ?but the momentum may be lost,? they said. Karen Lightfoot, a spokeswoman for Waxman, a California Democrat, didn?t reply to telephone and e-mail inquiries. To contact the reporter on this story: Todd Shields in Washington at tshields3 at bloomberg.net To contact the editor responsible for this story: Larry Liebert at lliebert at bloomberg.net. From rforno at infowarrior.org Thu Sep 23 10:59:16 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Sep 2010 11:59:16 -0400 Subject: [Infowarrior] - Cyber Command chief proposes secure network for government, key industries Message-ID: Cyber Command chief proposes secure network for government, key industries By Ellen Nakashima Thursday, September 23, 2010; 10:13 AM http://www.washingtonpost.com/wp-dyn/content/article/2010/09/23/AR2010092302171_pf.html The commander of the new Pentagon unit charged with protecting the military's computer networks wants to create a "secure" network for government computer systems and those of critical industries, such as power and water. That strategy of walling off critical computer networks from the rest of the Internet "is probably where you're going to get to, and it makes a lot of sense," said Army Gen. Keith B. Alexander, who heads the recently launched U.S. Cyber Command. Alexander also directs the National Security Agency, which conducts electronic surveillance on foreign targets. Alexander is testifying before the House Armed Services Committee Thursday morning on the role of the Cyber Command in defending its networks and helping to secure those of the critical private industries. In remarks to reporters Wednesday, he said that adequately securing the critical systems likely will require the formation of a team including the FBI, Department of Homeland Security and the Department of Defense. Each agency has its own authorities - the FBI to investigate crimes such as computer hacking, for instance. DHS is the lead agency in working with the critical sectors. The Defense Department currently has authority to defend only its own networks but may assist DHS if asked, Alexander said. The White House is conducting a review to determine the best approach and whether it will require Congress to grant new authorities, he said. Creating what some have called a dotsecure is not a new idea. Several companies proposed it in 2005, but it did not gain traction. The former director of national intelligence, Mike McConnell, advocated it earlier this year. And in a floor speech in July, Sen. Sheldon Whitehouse (D-R.I.) drew an analogy to medieval castles protecting water wells and granaries and asked, "Can certain critical private infrastructure networks be protected now within virtual castle walls, in secure domains where those pre-positioned defenses could be both lawful and effective?" Such an undertaking would have to be done "in a transparent manner, subject to very strict oversight," Whitehouse said. "But with the risks as grave as they are, this question cannot be overlooked." But some in industry were skeptical of the notion. It would be impractical and "unbelievably expensive," said Joe Weiss, a cybersecurity expert for control systems in critical industries. He said he researched the concept of a secure "Utility Net" in 2001-2002 for the Electric Power Research Institute. "It would be very difficult to try to interconnect all these different companies, including the government," Weiss said. "This isn't just one entity where you walk a wire around Potomac Electric. You have all the neighboring utilities that you need to connect to. You would also have all the other major industrial operations - and with Smart Grid, conceptually, every home-owner. This is not simple." Whatever the solution the Obama administration puts forward for safeguarding the private sector, Alexander said, it will have to involve the companies. "If we're going to defend networks that are owned and operated in part by industry, the solution can't be a government-only solution," he said. "It has to be joint. How do you do that? That's the key issue." He added, "There is a real probability that in the future this country will get hit with a destructive attack, and we need to be ready for it." From rforno at infowarrior.org Thu Sep 23 13:49:50 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Sep 2010 14:49:50 -0400 Subject: [Infowarrior] - Seeing The Internet As An 'Information Weapon' Message-ID: Seeing The Internet As An 'Information Weapon' by Tom Gjelten September 23, 2010 http://www.npr.org/templates/story/story.php?storyId=130052701 The United States and other world powers have agreed to arms control measures in recent years that limit the deployment and use of nuclear, biological and chemical weapons, as well as tanks and other artillery pieces. So why is there no arms control measure that would apply to the use of cyberweapons? It is not for lack of attention to the issue. Government and military leaders around the world have warned that the next world war is likely to be fought at least partly in cyberspace, and cyber "disarmament" discussions have been under way at the United Nations for more than a decade and more recently at the International Telecommunications Union, the leading U.N. agency for information technology issues. The problem is that governments have widely varying ideas of what constitutes a "cyberweapon" ? and what a "cyberwar" might look like. Advanced industrial democracies are likely to see a cyberattack as an assault on the computer infrastructure that underlies power, telecommunications, transportation and financial systems. AFP After Iran blocked text messages and much of the Internet in an effort to deal with anti-government protesters in February, the U.S. accused the country of imposing "a near total information blockade." This image, from a video posted on You Tube, allegedly shows Iranian police arresting and beating an opposition protester in Tehran. Part I Of This Report Extending The Law Of War To Cyberspace But many developing countries see cyberwar in political terms. The Russian government, the leading advocate for a cyber-arms-control agreement, prefers the term "information war" and describes the threat in terms that make cyber conflict sound like a battle of ideas. Each year since 1998, Russia has introduced a resolution at the United Nations calling for an international agreement to combat what it calls "information terrorism." Russian leaders worry that the Internet makes it so easy for people to communicate that a government could use the Internet to challenge another country's political system. Some Russian diplomats have actually revived an old Soviet term ? "ideological aggression" ? to describe what governments could do to each other via the Internet. At a U.N. disarmament conference in 2008, Sergei Korotkov of the Russian Defense Ministry argued that anytime a government promotes ideas on the Internet with the goal of subverting another country's government ? even in the name of democratic reform ? it should qualify as "aggression." And that, in turn, would make it illegal under the U.N. Charter. "Practically any information operation conducted by a state or a number of states against another state would be qualified as an interference into internal affairs," Korotkov said through an interpreter. So any good cause, like [the] promotion of democracy, cannot be used as a justification for such actions." The United States has consistently opposed efforts to limit Internet communication, but the Russians are not alone in their interpretation of the "information" threat. James Lewis, who has advised the U.N. Institute for Disarmament Research, says he's heard similar views from several governments. "The thing that really unites them is their desire to control information, to control content," Lewis says. "They see information as a weapon. An official from one of those countries told me [that] Twitter is an American plot to destabilize foreign governments. That's what they think. And so they're asking, 'How do we get laws that control the information weapon?' " Last year, Russia successfully sponsored an even sharper version of its cyber disarmament proposal at a summit of the Shanghai Cooperation Organization, which includes China and four Central Asian countries as well as Russia. The accord defined "information war," in part, as an effort by a state to undermine another's "political, economic, and social systems." Using the term "mass psychologic [sic] brainwashing," the agreement said that the dissemination of information "harmful to the spiritual, moral and cultural spheres of other states" should be considered a "security threat." U.S. diplomats suspect the Russians view the Shanghai accord as a blueprint for the kind of cyber disarmament agreement they would like to see approved at the U.N. Given the open nature of the Internet, the implementation of content controls in the name of cyberpeace may require some changes in the way the Internet is governed. In recent months, the debate over Internet governance and cyber-arms control has moved to the International Telecommunications Union. The ITU secretary-general, Hamadoun Toure, has even suggested that his organization could "broker" a cyber disarmament accord. "My dream is to have a cyberpeace treaty," Toure said in London earlier this month. U.S. officials are wary of Toure's agenda, in part because he has linked his cyber disarmament ideas to proposals for restructuring Internet governance in ways that would boost government controls. But his ideas have considerable support in the developing world. "India feels this way. Brazil feels this way. China feels this way," says Lewis, who directs the Technology and Public Policy program at the Center for Strategic and International Studies. "They want a bigger role for government on the Internet." Harvard law professor Jack Goldsmith, author of Who Controls the Internet, sees a parallel between broad geopolitical trends and the changing international lineup on cyber governance. Just as emerging economic powers are redefining the global economy, he says, those same countries are also trying to influence the Internet. "How could it be any other way?" Goldsmith says. "[The Internet] is a hugely important [and] consequential political, social and economic tool. And powerful nations are going to try to wield it and shape it to reflect their interests. The network will increasingly, I fear, look like what they want it to look like." The desire of many countries to see more regulation in cyberspace has prompted the Obama administration to work with Russia and other governments to establish some norms of "appropriate government behavior" in cyberspace. But the United States would not support information controls ? and continuing disagreements over the definition of cyberweapons are likely to complicate any effort to reach international agreement on a broad cyber disarmament accord. From rforno at infowarrior.org Thu Sep 23 13:56:42 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Sep 2010 14:56:42 -0400 Subject: [Infowarrior] - At U.S. Cyber Command, an army of tech-savvy war fighters Message-ID: <6AC60B01-6874-4B92-9BAC-417E615D4ED6@infowarrior.org> At U.S. Cyber Command, an army of tech-savvy war fighters By Ellen Nakashima Washington Post Staff Writer Thursday, September 23, 2010; 12:02 PM http://www.washingtonpost.com/wp-dyn/content/article/2010/09/23/AR2010092303000_pf.html They were Air Force fighter pilots, Army rangers and Marine tank commanders. There was even a Navy fighter jet radar officer who had been taken prisoner during the Persian Gulf War. Warriors all. But in 1998 they fought in a different realm - their weapons bits and bytes, their foxholes temperature-controlled computer operations rooms. In the new battleground of cyberspace, they battled shadowy foes whose computer attacks were given names like Moonlight Maze and Titan Rain. These were the men and women of the Joint Task Force Computer Network Defense, 24 tech-savvy war fighters who were part of the pioneering group tasked with protecting the Pentagon's computer networks - vital for everything from directing troop movements to passing intelligence to issuing commands to fire missiles. To the surprise and approval of the group's first leaders, the task force has not only endured, it has evolved into what is today the U.S. Cyber Command, arguably the world's most potent computer network fighting force. The recently launched Cyber Command is much larger, with about 1,000 personnel, and with authority not only to defend, but to attack adversaries. It will leverage the abilities of the National Security Agency to penetrate foreign networks and spy on targets. But one thing remains constant, the veterans say: In the world of defending military networks, it takes fighters - not merely techies - to do the job. "It was supposed to be a war fighter unit, not a geek unit," said task force veteran Jason Healey, who had served as an Air Force signals intelligence officer. A fighter would understand, for instance, if an enemy had penetrated the networks and changed coordinates or target times, said Dusty Rhoads, a retired Air Force colonel and former F-117 pilot who recruited the original task force members. "A techie wouldn't have a clue," he said. "What was cool about it was they thought like war fighters," said Michele Iversen, an original task force member and the only woman in an operational role. The roots of JTF-CND, as it was called, lay in a 1997 Joint Staff exercise called Eligible Receiver. In the exercise, a National Security Agency "red team" hacked the classified networks of Pacific Command in Honolulu. The team also proved to exercise referees that it had the capability to penetrate the civilian power grids in Hawaii, though it did not actually do so. "The bottom line was it really did scare a lot of people and made us aware of the fact that we just weren't well-positioned to defend against that," said retired Gen. John "Soup" Campbell, the task force's first commander. Senior officials agreed that they needed a plan to defend the networks. They debated for months. In the end, Campbell said, they decided on a joint task force because it would have authority to take defensive and potentially offensive action. It would also be able to direct the services to take action. Even as they were debating options, the Pentagon's networks were under assault. In early 1998, as the United States was preparing for potential military action against Iraq, a series of massive intrusions occurred across unclassified military systems. The attackers were leaving "backdoors," or ways to reenter the networks and potentially take them down. The attacks, dubbed Solar Sunrise, appeared to be coming from overseas, including from the United Arab Emirates. Intelligence officials thought Iraqi President Saddam Hussein might have ordered them. "It looked as though Saddam was about to take down massive amounts of infrastructure . . . because we were threatening to bomb him," recalled one former intelligence official. Tensions were building. President Bill Clinton was briefed. Senior officials convened another meeting in the Pentagon's "tank," the Joint Chiefs' conference room. The threat was no longer hypothetical, it seemed. Then the real culprits were identified: A pair of 16-year-old boys in California and a teenager from Israel who had exploited a known vulnerability in the Solaris (UNIX) operating system. Solar Sunrise, like Eligible Receiver, underscored just how weak the Pentagon's defenses were. More attacks would follow. Moonlight Maze, which was discovered in 1998 and lasted several years, marked the beginning of the widespread exploitation of unclassified networks and was thought to have been conducted by the Russians to steal technology. Titan Rain was a series of intrusions into hundreds of military and other government networks from 2003 to 2005 that were said to be Chinese in origin. The original task force set up shop in a vinyl-sided trailer in Arlington in 1998, not far from the Pentagon and on the premises of the Defense Information Systems Agency (DISA), which runs the military's computer networks. Intelligence was important to the mission, Campbell said. The unit's intelligence officer, Robert Gourley, said he worked to "achieve deep penetration of the adversary so we'll know what they're thinking." The intelligence could be obtained through computers, satellites or other technology, or by more traditional means, he said, recalling the time he sent "a human agent into a foreign marketplace to buy a CD of hacker tools" to better understand a particular attack that had taken place. The focus initially was on defense. In 2000, the task force, which had more than doubled in size, took on the offensive mission. But a few years later, it was split in two, with offense assigned to one group and defense to another. The launch of U.S. Cyber Command has reunited the missions. Though the task force in the early years lacked clout, it did have some notable successes, veterans said. During Moonlight Maze, it issued the first military-wide order to change passwords, said Marc Sachs, who had been an Army engineer. And it instituted precautions to ensure that military networks would be protected against any "Y2K" calamity. On New Year's Eve 2000, a group of task force members watched a bank of clocks as first Japan, then Australia passed into the new millennium without incident. When that happened, they were confident the United States would follow suit, Sachs recalled. A few minutes after midnight, Campbell and several other members ascended to the DISA roof top. They gazed across the Potomac River and saw the lights in the capital city still blazing. They lit their cigars and watched the fireworks shoot across From rforno at infowarrior.org Thu Sep 23 13:58:15 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Sep 2010 14:58:15 -0400 Subject: [Infowarrior] - FCC OKs white spaces for long-range free wireless Message-ID: <0106AFE9-8A0A-42E0-93DB-CFC725436708@infowarrior.org> FCC OKs white spaces for long-range free wireless http://www.electronista.com/articles/10/09/23/fcc.oks.white.spaces.for.long.range.free.wireless/ The FCC today voted unanimously for using the white space frequencies between TV signals for unlicensed wireless access. The decision will let anyone develop devices that can operate at long range without having to get permission, giving them a form of 'super' Wi-Fi that could connect all of a user's devices even when well outside of the home. Dell, Google, Microsoft, Motorola, Nokia and others have all expressed interest in the technology. As conditions to opening up the unused space, the FCC said it would require a white space database that makes clear which frequencies are clear in a given area. To allay fears from broadcasters over interference with equipment, two TV channels will always be set aside to make sure as many as 16 wireless microphones can run without issue. Officials will have the option of clearing up extra frequency at times when more wireless TV hardware is needed, such as at a political rally or a sports match. FCC Chairman Julius Genachowski was confident the move would "unleash American ingenuity" by creating devices and services that hadn't been previously expected. Apart from handhelds and notebooks, it could lead to public wireless hotspots that need only one access point to cover an entire area or speed up rural Internet coverage by reaching small neighborhoods with wireless where they would have otherwise needed expensive lines to each house. Practical use of white space may take as much as two years, since companies will both need to develop the initial chipsets and then have them integrated into finished products. Read more: http://www.electronista.com/articles/10/09/23/fcc.oks.white.spaces.for.long.range.free.wireless/#ixzz10Nf3MO1w From rforno at infowarrior.org Thu Sep 23 21:37:28 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Sep 2010 22:37:28 -0400 Subject: [Infowarrior] - Malicious computer worm launched at industrial targets Message-ID: <0DF2777F-DF89-42E4-834F-765065B522A7@infowarrior.org> WTF is a critical infrastructure system running Windows???? No, don't answer that, I don't want to be depressed. -rick Malicious computer worm launched at industrial targets By Joseph Menn in San Francisco and Mary Watkins in London Published: September 23 2010 19:38 | Last updated: September 23 2010 19:38 http://www.ft.com/cms/s/0/e9d3a662-c740-11df-aeb1-00144feab49a.html A piece of highly sophisticated malicious software that has infected an unknown number of power plants, pipelines and factories over the past year is the first program designed to cause serious damage in the physical world, security experts are warning. The Stuxnet computer worm spreads through previously unknown holes in Microsoft?s Windows operating system and then looks for a type of software made by Siemens and used to control industrial components, including valves and brakes. Stuxnet can hide itself, wait for certain conditions and give new orders to the components that reverse what they would normally do, the experts said. The commands are so specific that they appear aimed at an industrial sector, but officials do not know which one or what the affected equipment would do. While cyber attacks on computer networks have slowed or stopped communication in countries such as Estonia and Georgia, Stuxnet is the first aimed at physical destruction and it heralds a new era in cyberwar. At a closed-door conference this week in Maryland, Ralph Langner, a German industrial controls safety expert, said Stuxnet might be targeting not a sector but perhaps only one plant, and he speculated that it could be a controversial nuclear facility in Iran. According to Symantec, which has been investigating the virus and plans to publish details of the rogue commands on Wednesday, Iran has had far more infections than any other country. ?It is not speculation that this is the first directed cyber weapon?, or one aimed at a specific real-world process, said Joe Weiss, a US expert who has testified to Congress on technological security threats to the electric grid and other physical operations. ?The only speculation is what it is being used against, and by whom.? Experts say Stuxnet?s knowledge of Microsoft?s Windows operating system, the Siemens program and the associated hardware of the target industry make it the work of a well-financed, highly organised team. They suggest that it is most likely associated with a national government and that terrorism, ideological motivation or even extortion cannot be ruled out. Stuxnet began spreading more than a year ago but research has been slow because of the complexity of the software and the difficulty in getting the right industry officials talking to the right security experts. Microsoft has patched the vulnerabilities in Windows but experts remain concerned because of the worm?s ability to hind once it is in a system. Experts have only begun publishing more of their analyses in the last few weeks, hoping that such steps will get more answers from private companies and government leaders. Siemens said that since July 15, when it first learnt about Stuxnet, 15 of its customers had reported being infected by the worm. The company would not name the customers but said that five were in Germany and the rest were spread around the world. Siemens said critical infrastructure had not been affected by the virus and in each case the worm had been removed. The German conglomerate said it had offered its customers a fix for the virus and that since the Stuxnet virus was detected, there had been 12,000 downloads of its anti-virus software. Copyright The Financial Times Limited 2010. You may share using our article tools. Please don't cut articles from FT.com and redistribute by email or post to the web. From rforno at infowarrior.org Thu Sep 23 22:08:17 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 23 Sep 2010 23:08:17 -0400 Subject: [Infowarrior] - White House reviews nation's cybersecurity Message-ID: White House reviews nation's cybersecurity By Ellen Nakashima Washington Post Staff Writer Thursday, September 23, 2010; 5:45 PM http://www.washingtonpost.com/wp-dyn/content/article/2010/09/23/AR2010092305431_pf.html The White House is reviewing whether to ask for new authorities for the Defense Department and other government agencies to ensure that the nation's critical computer systems are protected in the event of a major attack, the commander of the Pentagon's new Cyber Command said Thursday. If an adversary were to penetrate the U.S. power grid or other critical systems with an "unknown capability," those systems probably would "shut down," Gen. Keith Alexander told members of the House Armed Services Committee. Cyber Command is tasked with protecting only military computer networks. "It is not my mission to defend, today, the entire nation," Alexander said. Deciding who should execute what role in defending the nation against cyberattack is a thorny issue, complicated by the fact that the agency tasked with assisting the private sector - the Department of Homeland Security - lags the Defense Department in personnel, resources and capabilities. Alexander said the White House is discussing how to form a team with the FBI, Cyber Command, DHS and other agencies to "ensure that everybody has the exact authorities and capabilities that they would need to protect the country." The White House may have to ask Congress for new authorities. The $120 million Cyber Command was launched in May and will be fully operational on Oct. 1. It has the authority to defend the military networks, and if directed by the president, to attack adversaries. It works side by side with the National Security Agency, the electronic spy organization, which has authority to penetrate foreign networks for surveillance purposes. Using this ability, former officials said, it has been able to detect never-used malicious software that an adversary might be planning to use in an attack. Alexander, who also directs the NSA, sought to reassure lawmakers that the agency and Cyber Command respect privacy and civil liberties. He said that allaying those concerns requires "transparency" and ensuring that the public understands the functions of the NSA and Cyber Command. He added: "What we can't do is say, 'Here's a specific threat we're defending against and how we're defending against it, because the adversary will have in three days a way to work around it." At a roundtable with reporters on Wednesday, Alexander advocated creation of a "secure" network for government computer systems and those of critical sectors, such as the power grid. That strategy - walling off critical computer networks from the rest of the Internet - "is probably where you're going to get to, and it makes a lot of sense," he said. But some in industry were skeptical. It would be impractical and "unbelievably expensive," said Joe Weiss, a cybersecurity expert who has researched the issue. "It would be very difficult to try to interconnect all these different companies, including the government," Weiss said. "This isn't just one entity where you walk a wire around Potomac Electric. You have all the neighboring utilities that you need to connect to. You would also have all the other major industrial operations - and with Smart Grid, conceptually, every homeowner. This is not simple." From rforno at infowarrior.org Fri Sep 24 14:19:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Sep 2010 15:19:10 -0400 Subject: [Infowarrior] - Rickrolling Countermeasures Message-ID: <13A9E07D-FAB7-4826-99F8-00EF4F284DA1@infowarrior.org> 'Rickroll' protection hits Firefox in add-on form by Josh Lowensohn Are you the victim of frequent Rickrolls? The time-honored, and now passe trend of being tricked into thinking you were seeing one video and ending up seeing a rendition of Rick Astley's "Never Gonna Give You Up" instead? Well then we have some good news for you: there's a new Firefox add-on called RickRemoval that solves this problem entirely. Install it, and it will do a quick check on the page, as it's loading, to spot Astley's video and keep it from playing. It's also nice enough to put up a little message alerting you to the fact, and offering to load it anyway. http://news.cnet.com/8301-27076_3-20017569-248.html From rforno at infowarrior.org Fri Sep 24 14:20:15 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Sep 2010 15:20:15 -0400 Subject: [Infowarrior] - Judge puts hammer down on Hurt Locker P2P subpoena Message-ID: <2B1517D1-3E3B-4490-A729-D5B8901325A4@infowarrior.org> Judge puts hammer down on Hurt Locker P2P subpoena By Nate Anderson | Last updated about an hour ago http://arstechnica.com/tech-policy/news/2010/09/judge-puts-hammer-down-on-hurt-locker-p2p-subpoenas.ars A federal judge in South Dakota this week quashed a US Copyright Group subpoena targeting an ISP in his state. Why? Jurisdiction, and a fax machine. Regional Internet service provider Midcontinent wasn't amused when it received, by fax, a subpoena on August 9 that demanded Midcontinent turn over the name, address, telephone numbers, e-mail addresses, and Mac addresses of several ?Doe? defendants accused of pirating the film The Hurt Locker. But instead of interacting with the Washington, DC court that issued the subpoena in the first place, Midcontinent instead went to its local federal court, the US District Court for the Southern Division of South Dakota. Midcontinent presented numerous reasons why the subpoena should not apply, including the fact that ?money was not attached to the subpoena to reimburse Midcontinent for their costs of producing information.? US Magistrate Judge John Simko didn't even address the issue of payment, however, because jurisdictional and service issues were enough to quash the subpoena. Federal Rule 45 describes how subpoenas must be handled. 45(b)(2) lays out the geographic considerations. Subpoenas must be: (A) within the district of the issuing court; (B) outside that district but within 100 miles of the place specified for the deposition, hearing, trial, production, or inspection; (C) within the state of the issuing court if a state statute or court rule allows service at that place of a subpoena issued by a state court of general jurisdiction sitting in the place specified for the deposition, hearing, trial, production, or inspection; or (D) that the court authorizes on motion and for good cause, if a federal statute so provides. According to Simko, this subpoena was "not in compliance with any of the four descriptions of Rule 45(b)(2)." Furthermore, it was delivered only by fax (service should generally by registered mail or in person), and "service by facsimile transmission is not an authorized method of service under the Rule. The motion to quash is GRANTED for insufficient service of process." US Copyright Group lawyers never replied to the court, and now they'll never know the identities of several dozen accused file-sharers with Midcontinent IP addresses. Given Midcontinent's small size, though, this may simply be a return-on-investment calculation; US Copyright Group has litigated hard against similar motions to quash by big ISPs like Time Warner Cable. From rforno at infowarrior.org Fri Sep 24 14:28:08 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Sep 2010 15:28:08 -0400 Subject: [Infowarrior] - Citigroup invokes DMCA -- but the document lives on....as usual Message-ID: Citigroup Gets DMCA Takedown A sends: http://lbo-news.com/2010/09/24/citigroup-feels-violated/ LBO News from Doug Henwood Citigroup feels violated 24 September 2010 This morning, WordPress informed me that they?d received a ?valid DMCA notice??as in Digital Millennium Copyright Act?notice about a Citigroup research report I posted here in February 2009. Until the issue could be ?resolved??meaning I acknowledged this grave offense against intellectual property?I couldn?t post anything to this blog. Once I said ?Yes, Sir,? my posting privileges were restored. The document was, of course, deleted. The report was an analysis of the Treasury?s proposed bank capital requirements in the run-up to the stress tests. Citi?s conclusion?and I think even the DMCA allows me to quote a phrase this brief from the doc?was that ?the US government is following a relatively bank-friendly, investor-friendly approach.? So there you have it, just for the record. PDF version of the Citigroup report rebuilt from Google Docs: http://cryptome.org/0002/citigroup-dmca/citigroup-dmca.pdf From rforno at infowarrior.org Fri Sep 24 16:29:31 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Sep 2010 17:29:31 -0400 Subject: [Infowarrior] - CIA used 'illegal, inaccurate code to target kill drones' Message-ID: <4A9EFFD6-78DB-4CAC-9E22-23C87D008668@infowarrior.org> Original URL: http://www.theregister.co.uk/2010/09/24/cia_netezza/ CIA used 'illegal, inaccurate code to target kill drones' 'They want to kill people with software that doesn't work' By Chris Williams Posted in Storage, 24th September 2010 11:12 GMT The CIA is implicated in a court case in which it's claimed it used an illegal, inaccurate software "hack" to direct secret assassination drones in central Asia. The target of the court action is Netezza, the data warehousing firm that IBM bid $1.7bn for on Monday. The case raises serious questions about the conduct of Netezza executives, and the conduct of CIA's clandestine war against senior jihadis in Afganistan and Pakistan. The dispute surrounds a location analysis software package - "Geospatial" - developed by a small company called Intelligent Integration Systems (IISi), which like Netezza is based in Massachusetts. IISi alleges that Netezza misled the CIA by saying that it could deliver the software on its new hardware, to a tight deadline. When the software firm then refused to rush the job, it's claimed, Netezza illegally and hastily reverse-engineered IISi's code to deliver a version that produced locations inaccurate by up to 13 metres. Despite knowing about the miscalculations, the CIA accepted the software, court submissions indicate. IISi is now seeking an injunction to ban Netezza and the CIA from using the software or any derivative of it, in any context. The relationship between the two firms dates back to 2006, when IISi signed up to resell Netezza data warehousing kit combined with Geospatial. The code allows users, for example, "to incorporate and cross-reference vast amounts of business data with geographic location within the same database, and enable events (such as... a cell phone signal moving from one tower to another) to be matched with personal characteristics in the database (such as... the identity of the person whose cell phone signal has moved from one tower to another)", according to IISi's court filings. Such techniques - quickly combining intelligence with live mobile phone surveillance from the air - are reportedly central to the CIA's targeting of missile strikes by unmanned aircraft. They want to kill people with my software that doesn't work The partnership between the two firms strengthened, and in August 2008 Netezza acquired exclusive rights to distribute Geospatial, alongside its NPS hardware. By August last year, Netezza was starting to promote its next generation appliance, TwinFin. Whereas NPS was based on IBM's Power PC chip architecture, the TwinFin relies on cheaper x86 silicon. As a result, Geospatial would not run on the new gear. Nevertheless, Netezza sales staff sold Geospatial running on TwinFin to a "US government customer", which later turned out to be the CIA. The purchase order, totalling $1.18m, via an obscure Virginia IT consultancy, came through on 11 September last year. This despite - as claimed in IISi court documents - that the software product referred to on the order "in fact did not exist". Up to this point IISi had done little work porting Geospatial, as its engineers had not had physical access to a TwinFin. Indeed, the agreement between the two firms did not require IISi to support the new machines - a fact confirmed last month by a Boston judge - but it agreed to begin the process in September 2009. Netezza supplied the software firm with TwinFin hardware on 1 October. Within a week, Richard Zimmerman, IISi's CTO reported that porting Geospatial was "proving fraught with difficulties" and would take at least two months. Two days later, on 9 October, the relationship took a strange turn. Jon Shepherd, Netezza's "general manager, location-based solutions" called Zimmerman to pressure him to deliver the code quicker, court documents say. "He basically told me the CIA... wanted to use [Geospatial] to target Predator drones in Afganistan and that, quote/unquote, it was our patriotic duty to work with them to get [Geospatial] ported to the TwinFin as fast as possible and that we need to have a phone conversation the next day to discuss that," Zimmerman said in a sworn deposition to the court. "Frankly, that response suggests a cavalier sales approach to a profound issue. Lives are at stake." During a conference call the next day, Netezza CEO Jim Baum repeated Shepherd's claims that national security demanded IISi's help, according to the deposition. Shepherd suggested the CIA would accept untested code in chunks, Zimmerman said. "My reaction was one of stun, amazement that they want to kill people with my software that doesn't work," he said. According to the affidavit of IISi CEO Paul Davis, who was also on the conference call, his firm did not previously know Netezza had sold the undeveloped product, let alone for deadly application by the CIA. In an email to Baum two days later, on Columbus day 2009, Davis wrote: "Jon [Shepherd's] statement, apparently endorsed by Jim [Baum] that the customer can 'just work with whatever we give them' is not consistent with how IISi works. And we don't really believe that is how our national security agencies work. Frankly, that response suggests a cavalier sales approach to a profound issue. Lives are at stake." Enter Skip Yet according to Baum's response, that is how the CIA worked. "It is the CUSTOMER who has indicated that he is willing to work with IISi and Netezza to accept code progressively," he wrote. As a follow up, Davis got a call from a man who identified himself as Skip McCormick, of the CIA, to discuss speeding up the port of Geospatial. Davis was recuperating from a heart attack and could not speak at any length. Straight after the the call, however, he received an email from McCormick with a CIA address. Hays W. "Skip" McCormick III, from his book [1] "We depend on the Geospatial tools here every day," it said. "We just upgraded to a [TwinFin], but it doesn't yet have the Geospatial tools. I'm trying to figure out what options are available for getting them asap." Davis had doubts the contact was genuine but The Register has established that a Hays W. "Skip" McCormick III, co-author of a 1998 book on software project management, has worked at the CIA for several years. Sources including conference guest lists record his involvement in software projects at the agency. According to book publicity he previously worked as a consultant to DARPA, Northrop Grumman and the Office of the Secretary of Defense. Further evidence of the CIA's apparent acceptance of untested software is offered by an internal Netezza email from the same day as the crucial conference call. "A US Gov customer is expecting the toolkit to be available as soon as Monday for use in a mission-critical project," wrote project manager Razi Raziuddin. "They do understand we won't have a fully-qualified, production-ready release and are OK with it." Immediately after IISi's refusal to deliver untested Geospatial code, internal emails disclosed to the court show Netezza executives began making alternative arrangements. "I want to set up some time on Thursday to get on the phone with you guys to talk about some options in the event we need an alternative TwinFin solution," Shepherd told Netezza engineers in an email. Thank God for optimists On the Thursday one of the engineers told Jim Baum via email that "it appears" Geospatial was working on TwinFin. On Friday it emerged that however Netezza adapted the software, the results were inaccurate. "For some strange reason many of the calculations are a little off, from 1 to 13 metres," wrote Joe Wiltshire, a federal account manager at Netezza. Jim Baum: "We are likely screwed" "The customer is not confident they can live with the uncertainty in meters unless we can tell them a bit about why this is happening." "No matter how you slice this, we are likely screwed," Netezza CEO Baum replied. The unreliable results were traced to a floating point problem, but less than a week later Wiltshire reported to Shepherd that in fact "they are satisfied" and believed "the minor discrepancy in metrics... is due to [TwinFin] doing a better job". "Thank God for optimists," came Shepherd's reply. The solution was later referred to as "the spatial toolkit hack" in Netezza emails when it began producing further errors in November. The existence of the hack, and its use at the CIA was only revealed after Netezza sued IISi, claiming it breached its 2008 contract by refusing to port Geospatial to TwinFin. That case was dismissed last month, with the judge finding that contrary to Netezza's repeated claims, IISi was under no obligation to carry out the work. Discovery also revealed that Shepherd had called on staff to develop "our own version of the spatial toolkit", which was introduced in January this year as "Netezza Spatial" [2], which is available on the open market. Now IISi claims both the hack and Netezza's own software are illegally based on reverse engineering and misappropriation of its trade secrets, and is pursuing an injunction that if granted would block their use by anyone. It's unclear which, if either, is currently in use at the CIA. A hearing on the injunction application is scheduled next week. The complex case, which has so far received scant press attention, has the potential to embarrass the CIA, and the White House. President Obama has significantly expanded use of clandestine drone assassinations, despite heavy criticism from the UN and others. Questions remain over whether repeated Netezza claims that the CIA needed Geospatial for drone assassination operations were correct, and the full truth is unlikely to be made public. However, the suggestion the agency accepted a rushed job and saw inaccuracies in an optimistic light is likely to draw further controversy to the programme. Netezza and IISi both declined to comment for this story. A CIA spokeswoman said the agency does not comment on pending litigation, especially if it is not a party to the lawsuit. ? Links ? http://www.antipatterns.com/mccormick.htm ? http://www.netezza.com/data-warehouse-appliance-products/spatial-analytics.aspx From rforno at infowarrior.org Fri Sep 24 16:38:29 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Sep 2010 17:38:29 -0400 Subject: [Infowarrior] - Apple in 873-page legal claim to word 'Pod' Message-ID: <6477E331-CC9B-41E1-A54D-803CBF3B25A6@infowarrior.org> Apple in 873-page legal claim to word 'Pod' http://www.theregister.co.uk/2010/09/24/apple_pod_row/ By Dan Goodin in San Francisco ? Get more from this author Posted in Music and Media, 24th September 2010 20:37 GMT Free whitepaper ? The Register Guide to Enterprise Virtualization Apple really, really, really wants exclusive rights to the word ?Pod,? in names for tech products, the company has argued in an 873-page legal brief filed earlier this week. Steve Jobs & Co submitted the voluminous document in a dispute with Sector Labs, a startup that's developing a projector called the Video Pod, Wired.com reported. The Reg has been unable to confirm this because the filing (PDF, we're told) was evidently more than the Patent and Trademark Office website could bear. Apple is reportedly arguing that a video projector with the word ?Pod? in its name would cause confusion with its own iPod products. Apple has a long history of attacking tech companies that use the name, going after MyPodder, TightPod, PodShow and Podium. And, of course, one can't forget the company's threats against the iPood, a small spade used by Aussie campers to bury their shit. But according to Wired.com, Sector Labs is the only outfit to take Apple on. The dispute is scheduled to go to trial over the next month. A lawyer representing Sector Labs tells the publication there's a growing trend of dominant tech firms trying to assume ownership of ordinary words. A trademark infringement suit Facebook filed against a company called Teachbook is one example. ?What I'm hoping to do with this case is to really reach a lot broader of an audience and make it so entrepreneurs and small businesses can use the English language as they see fit in branding their products,? she says. ? From rforno at infowarrior.org Fri Sep 24 20:34:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 24 Sep 2010 21:34:00 -0400 Subject: [Infowarrior] - US ISP Claims DMCA Requires They Disconnect Users Message-ID: US ISP Suddenlink Claims The DMCA Requires They Disconnect Users http://www.techdirt.com/articles/20100924/14433211160/us-isp-suddenlink-claims-the-dmca-requires-they-disconnect-users.shtml TorrentFreak has the news that US cable ISP Suddenlink has implemented its own form of a three strikes policy, and defends it by falsely claiming the DMCA requires it. Torrentfreak has the transcript of a discussion between a customer who has been cut off and a Suddenlink rep blaming the DMCA: Customer: I want to reconnect my internet service. They said I got 3 DMCA letters and they said that by law I had to be disconnected. Is that true? Suddenlink rep: Yes, your internet was disconnected due to DMCA. When the internet is disconnected due to DMCA, it can not be reconnected for a minimum of 6 months. Customer: The DMCA makes that requirement? Suddenlink rep: Yes. Customer: So you're stating, for the record, that by law, the DMCA law, that you have to disconnect users for receiving 3 DMCA letters? Suddenlink rep: You have no choice in the matter. Suddenlink rep: It is the DMCA policy that it can not be reconnected for 6 months. Suddenlink rep: It may be the DMCA policy or it may be the way we go about following the DMCA guidelines. Customer: The law states that? Suddenlink rep: Once the 3rd offense occurs, it can not be reconnected for 6 months. Suddenlink Rep: The information I have on the DMCA states: This law was enacted in 1998 to protect against illegal downloading of copyrighted material like movies, music, etc. As an Internet Service Provider (ISP), Suddenlink , and other ISPs, must implement a policy of terminating internet service of customers who repeatedly share copyrighted files. This is, of course, not true. The DMCA has no requirement that ISPs disconnect people after three accusations (not convictions) -- and it especially doesn't say that ISPs don't need to offer a refund when they do this. For all the fighting by the record labels trying to get a three strikes policy into law and complaining about the DMCA, perhaps it makes them happy to know that some ISPs are simply pretending the DMCA is a three strikes policy. Of course, customers may think otherwise, and may prefer to find an ISP that actually believes in due process and actually supports its users against unsubstantiated accusations of file sharing. From rforno at infowarrior.org Sat Sep 25 08:28:44 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 25 Sep 2010 09:28:44 -0400 Subject: [Infowarrior] - MS DRM scheme vulnerabilities Message-ID: <1005E484-7E5C-4908-9A95-EE87D895F0D8@infowarrior.org> Microsoft's DRM makes your computer vulnerable to attack http://www.boingboing.net/2010/09/24/microsofts-drm-makes.html The msnetobj.dll library is an ActiveX control used by Microsoft's DRM; it is intended to prevent the owner of a computer from saving or viewing certain files except under limited circumstances, and to prevent the computer's owner from disabling it or interfering with it. As if that wasn't bad enough, it is also vulnerable to three separate attacks -- buffer overflow, integer overflow and denial of service -- any of which can compromise your computer's working, leaving your data vulnerable to crooks and vandals. Proof of Concept @ http://www.exploit-db.com/exploits/15061/ From rforno at infowarrior.org Sat Sep 25 08:34:43 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 25 Sep 2010 09:34:43 -0400 Subject: [Infowarrior] - UK Anti-Piracy Firm E-mails Reveal Cavalier Attitude Toward Legal Threats Message-ID: http://yro.slashdot.org/story/10/09/25/0413236/UK-Anti-Piracy-Firm-E-mails-Reveal-Cavalier-Attitude-Toward-Legal-Threats "A recent DDoS attack against a UK-based anti-pirating firm, ACS:Law, has resulted in a large backup archive of the server contents being made available for download, [and this archive] is now being hosted by the Pirate Bay. Within this archive are e-mails from Andrew Crossley basically admitting that he is running a scam job, sending out thousands of frivolous legal threats on the premise that a percentage pay up immediately to avoid legal hassles." From rforno at infowarrior.org Sat Sep 25 09:10:49 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 25 Sep 2010 10:10:49 -0400 Subject: [Infowarrior] - Fwd: German face of Wikileaks steps down in anger References: Message-ID: <8A751604-4613-43B7-8979-E8BF2B0DFF7A@infowarrior.org> Begin forwarded message: > From: "Dissent" > Date: September 25, 2010 10:00:53 AM EDT > To: rforno at infowarrior.org > Subject: German face of Wikileaks steps down in anger > Reply-To: admin at pogowasright.org > > Thought this might be of interest to you: > > ----- > > German face of Wikileaks steps down in anger > http://www.thelocal.de/society/20100925-30075.html > Published: 25 Sep 10 13:12 CET > > The German spokesman for whistle-blowing journalism site Wikileaks, > Daniel Schmitt, has resigned his post following internal problems in > the organisation and arguments with the founder Julian Assange. > > Schmitt, who recently described to The Local in an exclusive interview > how the site was changing the journalism and investigations game, told > Der Spiegel over the weekend, he had had enough and was leaving. > > ?We all had crazy stress over the last months. Mistakes happened, > which is ok as long as one learns from them. But to do that one has to > admit them. Above all, it seems the trust that we are all pulling in > the same direction has been lost,? he said. > > The website created headlines over the summer when it published 92,000 > classified US documents concerning the Afghanistan war, which provided > insight into what is actually happening there. > > Schmitt says he is unhappy that such large international projects have > taken priority over smaller national documents ? and blames Assange > for this change in emphasis. > > ?I have tried several times to talk about it but Julian Assange > reacted to all criticism with the allegation that I am not obeying him > and have become disloyal to the project,? said Schmitt. > > He said he would not be the only one to leave the group. ?There is a > lot of discontent and some will leave like me,? he said. > > Schmitt also revealed his real identity in the magazine, saying his > name was actually Daniel Domscheit-Berg and that he had previously > worked in the IT security sector. He said he was recruited to > Wikileaks via personal contacts and gave up his regular work to devote > himself full time to the project. > > Assange has been increasingly under attack since the publication of > the US documents, with allegations of sexual attacks made against him > in Sweden, which he said were part of a campaign against him. > From rforno at infowarrior.org Sat Sep 25 16:22:56 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 25 Sep 2010 17:22:56 -0400 Subject: [Infowarrior] - Iran confirms massive Stuxnet infection of industrial systems Message-ID: <6008CFD8-8C13-401B-887B-4F068FC9FD52@infowarrior.org> Iran confirms massive Stuxnet infection of industrial systems Nation's atomic energy experts met last week to discuss ways to eradicate worm, say reports By Gregg Keizer September 25, 2010 05:10 PM ET http://www.computerworld.com/s/article/9188018/Iran_confirms_massive_Stuxnet_infection_of_industrial_systems Computerworld - Officials in Iran have confirmed that the Stuxnet worm infected at least 30,000 Windows PCs in the country, multiple Iranian news services reported on Saturday. Experts from Iran's Atomic Energy Organization also reportedly met this week to discuss how to remove the malware. Stuxnet, considered by many security researchers to be the most sophisticated malware ever, was first spotted in mid-June by VirusBlokAda, a little-known security firm based in Belarus. A month later Microsoft acknowledged that the worm targeted Windows PCs that managed large-scale industrial-control systems in manufacturing and utility companies. Those control systems, called SCADA, for "supervisory control and data acquisition," operate everything from power plants and factory machinery to oil pipelines and military installations. According to researchers with U.S.-based antivirus vendor Symantec, Iran was hardest hit by Stuxnet. Nearly 60% of all infected PCs in the earliest-known infection were located in that country. Since then, experts have amassed evidence that Stuxnet has been attacking SCADA systems since at least January 2010. Meanwhile, others have speculated that Stuxnet was created by a state-sponsored team of programmers, and designed to cripple Iran's Bushehr nuclear reactor. The reactor, located in southwestern Iran near the Persian Gulf, has been the focus of tension between Iran and the West, including the U.S., which believes that spent fuel from the reactor could be reprocessed into high-grade plutonium and used to build one or more nuclear weapons. According to the Tehran-based Mehr News Agency, Mahmoud Alyaie, an IT official with Iran's industries and mines ministry, said that 30,000 IP addresses in the country had been infected with Stuxnet. Multiple computers can access the Internet via a single IP address, so the total number of infected Windows PCs may be considerably larger. A working group composed of experts from several Iranian government ministries has been established to deal with the Stuxnet infection, Alyaie said. Other sources quoted by Mehr claimed that Iran has the capability to craft the necessary antivirus tools to detect and destroy the worm. Also on Saturday, the Associated Press (AP) news service said that experts from Iran's nuclear energy agency met last Tuesday to plan how to remove Stuxnet from infected PCs. Citing the ISNA news agency, another Tehran-based organization, the AP said no victimized plants or facilities had been named. Speculation about Stuxnet's likely target has focused on the Bushehr reactor. Saturday, the Web site of Iran's Atomic Energy Organization included a link to a lengthy Mehr story on Stuxnet. That story noted that government officials said that "serious damage that caused damage and disablement" had been reported to officials. Although Bushehr is not yet operational, workers began loading nuclear fuel into the reactor last month. Stuxnet, called "groundbreaking" by one analyst who pulled apart its code, used multiple unpatched, or "zero-day" vulnerabilities in Windows, relied on stolen digital certificates to disguise the malware, hid its code by using a rootkit, and reprogrammed PLC (programmable logic control) software to give new instructions to the machinery that software managed. Microsoft has patched two of the four zero-day vulnerabilities exploited by Stuxnet, and has promised to fix the remaining two flaws at some point. From rforno at infowarrior.org Sun Sep 26 11:25:17 2010 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 26 Sep 2010 12:25:17 -0400 Subject: [Infowarrior] - New lows among smartphones Message-ID: <934D4657-FCC3-472B-83EA-E409A8833FAB@infowarrior.org> Verizon's Fascinate reaches new lows among smartphones run amok By Rob Pegoraro Saturday, September 25, 2010; 7:42 PM http://www.washingtonpost.com/wp-dyn/content/article/2010/09/25/AR2010092503456_pf.html A "Google phone" hand-cuffed to Microsoft's Bing search engine sounds like a bad joke. But it's a real product, one for whichVerizon Wireless charges $199.99. This device, Samsung's Fascinate, is the latest - and the worst - example of an ugly trend among smartphones running Google's Android operating system. Instead of being content to sell an attractive, open alternative to Apple' s iPhone, wireless carriers have decided they'd rather treat the screens of Android phones as billboard space to be sold to the highest bidder. Anyone who's spent an hour on a new laptop deleting desktop shortcuts, uninstalling trial applications and peeling off stickers should know this concept. But while some PC manufacturers have realized that customers hate getting a computer full of "crapware,"the carriers refuse to learn from their example - and on an Android phone, the effects are much worse. The extra applications that a carrier installs not only clutter the screen, they also eat up precious system memory that would be better used on programs you actually want. And because carriers implant these add-ons in a protected area of the phone's storage, you can't uninstall them. Carriers have abused their privileges to weld on such extras as $10/month navigation tools that duplicate what Google's own map software does for free; a movie player for a little-used online service from the newly bankruptBlockbuster's; NASCAR and football applications; demos of various games; and advertisements for their services that eat up space in the notification bar at the top of the screen. AT&T, Sprint, T-Mobile and Verizon Wireless all offer the same excuse: They're trying to make the phone "experience" better. But they fail to explain why they don't let customers decline this help. With the Fascinate, however, Verizon has outdone them all. Not only does this slim device arrive with a cartload of Verizon apps bolted on, but its search button comes locked to Bing, and it leaves out Google Maps in favor of Microsoft's inferior alternative. Your only warning of these dramatic changes is the absence of Google's logo from the box and the back of the phone. A Verizon spokeswoman wrote that "by adding this option to our Android portfolio, we are giving customers more choice." Still more "choice" will come later this year when the company (having already coaxed Skype into offering its Android Internet calling application only for Verizon users) launches its own, separate Android app store - even though there's already a well-stocked, open and compatible Android Market. This arrogant control-freakery is what I feared when Google announced Android in 2007: Carriers have exploited Android's openness to treat their customers like their servants. Don't expect liberation from Google. The company gave up on the Nexus One, its attempt to sell an Android phone independently of carriers. And although Verizon's Fascinate seems to have exceeded whatever rules govern the use of the Google logo, the company imposes few requirements on access to Android Market - the one part of Android it controls. A "Compatibility Definition" fileallows phone vendors to write their own replacements for all of its 16 defined core applications. When Google wrote this document, it apparently forgot that the wireless carriers have no taste. What about simply leaning on these firms? Although Google has no problem throwing its weight around in some areas - the location-service provider Skyhook Wireless is suing the company for forcing carriers to drop its own offering - it thinks it would be unfair to push carriers to sell clean versions of their Android phones. Chief executive Eric Schmidt recently told reporters that such a move would violate "the principle of open source." But if Google chooses to be spineless, some of its users have not. Android's open-source roots - it's based on the Linux operating system- made it easy for Android experts to figure out how to unlock, or "root," their phones and then remove unwanted apps. This step has gotten a little simpler over time, as I discovered when I rooted anAndroid phone a few days ago. Android developers have since moved on to cooking up their own "ROMs," bundles of the core Android system and related applications. Adventurous users can use this to replace all of their phones' existing software - often gaining a healthy performance improvement in the process. These things aren't easy to do and will void a phone's warranty. But that might seem a fair price to be free of a marketing department's idea of how your phone should work. It's wonderful that Android's open-source core has let users take action on their own. It's pathetic that the arrogance of the carriers has left them no other option. From rforno at infowarrior.org Mon Sep 27 06:53:10 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Sep 2010 07:53:10 -0400 Subject: [Infowarrior] - SemiOT: Gossip Machine for Versailles on the Potomac Message-ID: <24B8D80C-162E-4652-9712-F8088AD865D2@infowarrior.org> (From a friend who's a very well-known and now retired retired senior DOD analyst: "The attached essay by Andrew Bacevich (Colonel USA ret.) portrays one of the very worst aspects of the imperial court of Versailles on the Potomac -- collective amnesia that opens the door the the grotesque influence of its courtiers." --- rick) The Washington Gossip Machine by Andrew J. Bacevich and Tom Engelhardt, September 27, 2010 http://original.antiwar.com/engelhardt/2010/09/26/the-washington-gossip-machine/ We know the endpoint of the story: another bestseller for Bob Woodward, in this case about a president sandbagged by his own high command and administration officials at one another?s throats over an inherited war gone wrong. But where did the story actually begin? Well, here?s the strange thing: in a sense, Woodward?s new book, Obama?s Wars, which focuses heavily on an administration review of Afghan war policy in the fall of 2009, begins with? Woodward. Of course ? thank heavens for American media amnesia ? amid all the attention his book is getting, no one seems to recall that part of the tale. Here it is: President Obama got sandbagged by the leaked release of what became known as ?the McChrystal plan,? a call by his war commander in the field Gen. Stanley McChrystal (and assumedly the man above him, then-Centcom Commander General David Petraeus) for a 40,000-troop counterinsurgency ?surge.? As it happened, Bob Woodward, Washington Post reporter, not bestselling book writer, was assumedly the recipient of that judiciously leaked plan from a still-unknown figure, generally suspected of being in or close to the military. On Sept. 21, 2009, Woodward was the one who then framed the story, writing the first stern front-page piece about the needs of the U.S. military in Afghanistan. Its headline laid out, from that moment on, the president?s options: ?McChrystal: More Forces or ?Mission Failure?? And its first paragraph went this way: ?The top U.S. and NATO commander in Afghanistan warns in an urgent, confidential assessment of the war that he needs more forces within the next year and bluntly states that without them, the eight-year conflict ?will likely result in failure,? according to a copy of the 66-page document obtained by The Washington Post.? The frustration of a commander-in-chief backed into a corner by his own generals, the angry backbiting Woodward reportedly reveals in his book, all of it was, at least in part, a product of that leak and how it played out. In other words, looked at a certain way, Woodward facilitated the manufacture of the subject for his own bestseller. A nifty trick for Washington?s leading stenographer. The set of leaks ? how appropriate for Woodward ? that were the drumbeat of publicity for the new book over the last week also offered a classic outline of just how limited inside-the-Beltway policy options invariably turn out to be (no matter how fierce the debate about them). As one Washington Post piece put it: ?[T]he only options that were seriously considered in the White House involved 30,000 to 40,000 more troops.? All in all, it?s a striking example of how the system really works, of how incestuously and narrowly ? to cite the title of Andrew Bacevich?s bestselling new book ? Washington rules. Tom..... Prisoners of War Bob Woodward and all the president?s men (2010 edition) by Andrew J. Bacevich Once a serious journalist, the Washington Post?s Bob Woodward now makes a very fine living as chief gossip-monger of the governing class. Early on in his career, along with Carl Bernstein, his partner at the time, Woodward confronted power. Today, by relentlessly exalting Washington trivia, he flatters power. His reporting does not inform. It titillates. A new Woodward book, Obama?s Wars, is a guaranteed blockbuster. It?s out this week, already causing a stir, and guaranteed to be forgotten the week after dropping off the bestseller lists. For good reason: when it comes to substance, any book written by Woodward has about as much heft as the latest potboiler penned by the likes of James Patterson or Tom Clancy. Back in 2002, for example, during the run-up to the invasion of Iraq, Woodward treated us to Bush at War. Based on interviews with unidentified officials close to President George W. Bush, the book offered a portrait of the president-as-resolute-war-leader that put him in a league with Abraham Lincoln and Franklin Roosevelt. But the book?s real juice came from what it revealed about events behind the scenes. ?Bush?s war cabinet is riven with feuding,? reported the Times of London, which credited Woodward with revealing ?the furious arguments and personal animosity? that divided Bush?s lieutenants. Of course, the problem with the Bush administration wasn?t that folks on the inside didn?t play nice with one another. No, the problem was that the president and his inner circle committed a long series of catastrophic errors that produced an unnecessary and grotesquely mismanaged war. That war has cost the country dearly ? although the people who engineered that catastrophe, many of them having pocketed handsome advances on their forthcoming memoirs, continue to manage quite well, thank you. To judge by the publicity blitzkrieg announcing the arrival of Obama?s Wars in your local bookstore, the big news out of Washington is that, even today, politics there remains an intensely competitive sport, with the participants, whether in anger or frustration, sometimes speaking ill of one another. Essentially, news reports indicate, Woodward has updated his script from 2002. The characters have different names, but the plot remains the same. Talk about jumping the shark. So we learn that Obama political adviser David Axelrod doesn?t fully trust Secretary of State Hillary Clinton. National security adviser James Jones, a retired Marine general, doesn?t much care for the likes of Axelrod, and will say so behind his back. Almost everyone thinks Richard Holbrooke, chief State Department impresario of the AfPak portfolio, is a jerk. And ? stop the presses ? when under the influence of alcohol, Gen. David Petraeus, commander of U.S. and allied forces in Afghanistan, is alleged to use the word ?f**ked.? These are the sort of shocking revelations that make you a headliner on the Sunday morning talk shows. Based on what we have learned so far from those select few provided with advance copies of the book ? mostly reporters for the Post and the New York Times who, for whatever reason, seem happy to serve as its shills ? Obama?s Wars contains hints of another story, the significance of which seems to have eluded Woodward. The theme of that story is not whether Dick likes Jane, but whether the Constitution remains an operative document. The Constitution explicitly assigns to the president the role of commander in chief. Responsibility for the direction of American wars rests with him. According to the principle of civilian control, senior military officers advise and execute, but it?s the president who decides. That?s the theory, at least. Reality turns out to be considerably different and, to be kind about it, more complicated. Obama?s Wars reportedly contains this comment by President Obama to Secretary Clinton and Secretary of Defense Robert Gates regarding Afghanistan: ?I?m not doing 10 years? I?m not doing long-term nation-building. I am not spending a trillion dollars.? Aren?t you, Mr. President? Don?t be so sure. Obama?s Wars also affirms what we already suspected about the decision-making process that led up to the president?s announcement at West Point in December 2009 to prolong and escalate the war. Bluntly put, the Pentagon gamed the process to exclude any possibility of Obama rendering a decision not to its liking. Pick your surge: 20,000 troops? Or 30,000 troops? Or 40,000 troops? Only the most powerful man in the world ? or Goldilocks contemplating three bowls of porridge ? could handle a decision like that. Even as Obama opted for the middle course, the real decision had already been made elsewhere by others: the war in Afghanistan would expand and continue. And then there?s this from the estimable Gen. David Petraeus: ?I don?t think you win this war,? Woodward quotes the field commander as saying. ?I think you keep fighting. ? This is the kind of fight we?re in for the rest of our lives and probably our kids? lives.? Here we confront a series of questions to which Woodward (not to mention the rest of Washington) remains steadfastly oblivious. Why fight a war that even the general in charge says can?t be won? What will the perpetuation of this conflict cost? Who will it benefit? Does the ostensibly most powerful nation in the world have no choice but to wage permanent war? Are there no alternatives? Can Obama shut down an unwinnable war now about to enter its tenth year? Or is he ? along with the rest of us ? a prisoner of war? President Obama has repeatedly stated that in July 2011 a withdrawal of U.S. troops from Afghanistan will commence. No one quite knows exactly what that means. Will the withdrawal be symbolic? Gen. Petraeus has already made it abundantly clear that he will entertain nothing more. Or will July signal that the Afghan War ? and by extension the Global War on Terror launched nine years ago ? is finally coming to an end? Between now and next summer attentive Americans will learn much about how national security policy is actually formulated and who is really in charge. Just don?t expect Bob Woodward to offer any enlightenment on the subject. Andrew J. Bacevich is professor of history and international relations at Boston University. His new book is Washington Rules: America?s Path to Permanent War. Copyright 2010 Andrew J. Bacevich From rforno at infowarrior.org Mon Sep 27 07:44:47 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Sep 2010 08:44:47 -0400 Subject: [Infowarrior] - Wiretapped phones, now Internet? Message-ID: <548574E9-F857-4438-8203-9AA46C25C689@infowarrior.org> Wiretapped phones, now Internet? To better track criminals, U.S. wants to be able to wiretap online communications. By CHARLIE SAVAGE, New York Times Last update: September 26, 2010 - 11:08 PM http://www.startribune.com/nation/103836983.html WASHINGTON - Federal law enforcement and national security officials are preparing to seek sweeping new regulations of the Internet, arguing that their ability to wiretap criminal and terrorism suspects is "going dark" as people increasingly communicate online instead of by telephone. Essentially, officials want Congress to require all services that enable communications -- including encrypted e-mail transmitters such as BlackBerry, social networking websites such as Facebook and software that allows direct "peer-to-peer" messaging such as Skype -- to be technically capable of complying if served with a wiretap order. The mandate would include being able to intercept and unscramble encrypted messages. The legislation, which the Obama administration plans to submit to Congress next year, raises fresh questions about how to balance security needs with protecting privacy and fostering technological innovation. And because security services around the world face the same problem, it could set an example that is copied globally. James Dempsey, vice president of the Center for Democracy and Technology, an Internet policy group, said the proposal had "huge implications" and challenged "fundamental elements of the Internet revolution" -- including its decentralized design. "They are really asking for the authority to redesign services that take advantage of the unique, and now pervasive, architecture of the Internet," he said. "They basically want to turn back the clock and make Internet services function the way that the telephone system used to function." But law enforcement officials contend that imposing such a mandate is reasonable and necessary to prevent the erosion of their investigative powers. "We're talking about lawfully authorized intercepts," said Valerie Caproni, general counsel for the FBI. "We're not talking expanding authority. We're talking about preserving our ability to execute our existing authority in order to protect the public safety and national security." Keeping up with technology Investigators have been concerned for years that changing communications technology could damage their ability to conduct surveillance. In recent months, officials from the FBI, the Justice Department, the National Security Agency, the White House and other agencies have been meeting to develop a proposed solution. There is not yet agreement on important elements, such as how to word statutory language defining who counts as a communications service provider, according to several officials familiar with the deliberations. But they want it to apply broadly, including to companies that operate from servers abroad, such as Research In Motion, the Canadian maker of BlackBerry devices. In recent months, that company has come into conflict with the governments of Dubai and India over their inability to conduct surveillance of messages sent via its encrypted service. In the United States, phone and broadband networks are already required to have interception capabilities, under a 1994 law called the Communications Assistance to Law Enforcement Act. It aimed to ensure that government surveillance abilities would remain intact during the evolution from a copper-wire phone system to digital networks and cell phones. Often, investigators can intercept communications at a switch operated by the network company. But sometimes -- like when the target uses a service that encrypts messages between his computer and its servers -- they must instead serve the order on a service provider to get unscrambled versions. Like phone companies, communication service providers are subject to wiretap orders. But the 1994 law does not apply to them. While some maintain interception capacities, others wait until they are served with orders to try to develop them. That can cause big delays, which the new regulations would seek to forestall. From rforno at infowarrior.org Mon Sep 27 08:46:36 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Sep 2010 09:46:36 -0400 Subject: [Infowarrior] - USG wants ALL foreign money transfers reported to it Message-ID: <97D3CF4A-731B-4277-9745-7632CCAB962E@infowarrior.org> Money transfers could face anti-terrorism scrutiny By Ellen Nakashima Washington Post Staff Writer Monday, September 27, 2010; 2:50 AM http://www.washingtonpost.com/wp-dyn/content/article/2010/09/26/AR2010092603941_pf.html The Obama administration wants to require U.S. banks to report all electronic money transfers into and out of the country, a dramatic expansion in efforts to counter terrorist financing and money laundering. Officials say the information would help them spot the sort of transfers that helped finance the al-Qaeda hijackers who carried out the Sept. 11, 2001, attacks. They say the expanded financial data would allow anti-terrorist agencies to better understand normal money-flow patterns so they can spot abnormal activity. Financial institutions are now required to report to the Treasury Department transactions in excess of $10,000 and others they deem suspicious. The new rule would require banks to disclose even the smallest transfers. Treasury officials plan to post the proposed regulation on their Web site Monday and in the Federal Register this week. The public could comment before a final rule is published and the plan takes effect, which officials say will probably not be until 2012. The proposal is a long-delayed response to the 2004 Intelligence Reform and Terrorism Prevention Act, which specified reforms to better organize the intelligence community and to avoid a repeat of the 20S01 attacks. The law required that the Treasury secretary issue regulations requiring financial institutions to report cross-border transfers if deemed necessary to combat terrorist financing. "By establishing a centralized database, this regulatory plan will greatly assist law enforcement in detecting and ferreting out transnational organized crime, multinational drug cartels, terrorist financing and international tax evasion," said James H. Freis Jr., director of Treasury's Financial Crimes Enforcement Network (FinCEN). But critics have called it part of a disturbing trend by government security agencies in the wake of the 2001 attacks to seek more access to personal data without adequately demonstrating its utility. Financial institutions say that they already feel burdened byanti-terrorism rules requiring them to provide data, and that they object to new ones. "These new banking surveillance programs are testing the boundaries of privacy," said Marc Rotenberg, executive director of the Electronic Privacy Information Center. "Many consumers both in the United States and outside are likely to object." "This regulation is outrageous," said Peter Djinis, a lawyer who advises financial institutions on complying with financial rules and a former FinCEN executive assistant director for regulatory policy. "Consider me old-fashioned, but I believe you need to show some evidence of criminality before you are granted unfettered access to the private financial affairs of every individual and company that dares to conduct financial transactions overseas." Djinis said he does not think the department has made a case that it could analyze such volumes of data effectively or needs so much raw data. "It's presumed that the information will be valuable in anti-terrorism activity," he said. "We're told, 'Trust us. Once we get the data, we'll determine what's legal or not.' " John J. Byrne, formerly a longtime banking industry official and now executive vice president of the Association of Certified Anti-Money Laundering Specialists, said: "Just because it's easier to provide the data and to collect the data, it doesn't always mean it should be collected." If the government collects such information, he said, it "has the burden of explaining how it is being utilized." Each year, financial institutions file with the Treasury Department about 1.3 million suspicious-activity reports and 14 million reports on transactions greater than $10,000. Such reports have been "extremely valuable" in financial crime investigations, but the additional data would provide new opportunities, FinCEN spokesman Steve Hudak said. "Current investigations mainly look at individual trees," he said. "Using this data, FinCEN, and others, will be able to see the forest." For instance, Hudak said, officials currently do not know how much money is wired to any one country every year. "With this data, we'll be able to establish baseline numbers so we can then spot what's abnormal and suspicious," he said. "John Smith may use a bank to wire money abroad in amounts that don't raise suspicion. But he may be using 10 banks to wire significant funds to dozens of counties." Also, he said, the data can be cross-referenced with suspicious-activity reports and other data to make it "easier to follow the money." The department said that the Sept. 11 hijackers were wired about $130,000 from overseas to help finance the attacks, but that the transactions fell outside reporting requirements. No suspicious-activity reports were filed, officials said. Having such data "would have really helped us a lot" in the post-attack investigation, said Dennis M. Lormel, a former FBI agent who ran the Terrorist Finance Operations Section set up after the 2001 attacks. "We would have linked the group of hijackers together quicker." Under the plan, money-transfer businesses such as Western Union would report transactions of $1,000 or more. ATM and credit card transactions would not be reported. Authorities plan to funnel the information - about 750 million transfers a year - into a database for use by law enforcement and regulatory agencies. Information typically accompanying a wire transfer includes the name, address and account number of the sender and recipient - and with money-service businesses, an identifier such as a driver's license or passport number. The proposal also calls for banks to provide annually the Social Security numbers for all wire-transfer senders and recipients. Brian Lynch, who was until May 2009 head of the FBI's terrorist financing section, said the plan is "great news" and would provide "more granularity" into the movement of money in financing crime. Before the plan can take effect, the Treasury secretary must certify that the database can securely hold large volumes of information, and that the technology exists to analyze it effectively. The United States reached agreement this year with the European Union allowing European banks' financial-transaction data to continue to be shared for terrorist-finance tracking purposes, but with stricter controls to guard against abuse. For instance, U.S. officials can request European data relevant to a specific terrorist investigation, but only if they substantiate the need. The records are held by a Brussels-based bank consortium, the Society for Worldwide Interbank Financial Telecommunication, or SWIFT. But if the proposed rule goes into effect, transactions between European and U.S. banks would be captured regardless of whether there is a substantiated need. Sophie in't Veld, a member of the European Parliament from the Netherlands, said lawmakers undertook "painstaking" negotiations to restrict the amount of financial data to which the United States would have access. "It seems they're getting it anyway," she said. Hudak had no comment. From rforno at infowarrior.org Mon Sep 27 11:54:45 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Sep 2010 12:54:45 -0400 Subject: [Infowarrior] - GPU-Assisted Malware Message-ID: <0DA61FCF-7449-4B1E-9AF3-CA5E571C608B@infowarrior.org> Abstract: Malware writers constantly seek new methods to obfus- cate their code so as to evade detection by virus scanners. Two code-armoring techniques that pose significant chal- lenges to existing malicious-code detection and analysis systems are unpacking and run-time polymorphism. In this paper, we demonstrate how malware can increase its ro- bustness against detection by taking advantage of the ubiq- uitous Graphics Processing Unit. We have designed and implemented unpacking and run-time polymorphism for a GPU, and tested them using existing graphics hardware. We also discuss how upcoming GPU features can be utilized to build even more robust, evasive, and functional malware. http://dcs.ics.forth.gr/Activities/papers/gpumalware.malware10.pdf From rforno at infowarrior.org Mon Sep 27 13:11:23 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Sep 2010 14:11:23 -0400 Subject: [Infowarrior] - Stop the Internet Blacklist! Message-ID: <59377B0D-7344-4063-AD9A-F621AD9062FA@infowarrior.org> Stop the Internet Blacklist! Just the other day, President Obama urged other countries to stop censoring the Internet. But now the United States Congress is trying to censor the Internet here at home. A new bill being debated this week would have the Attorney General create an Internet blacklist of sites that US Internet providers would be required to block. This is the kind of heavy-handed censorship you'd expect from a dictatorship, where one man can decide what web sites you're not allowed to visit. But the Senate Judiciary Committee is expected to pass the bill this week -- and Senators say they haven't heard much in the way of objections! That's why we need you to sign our urgent petition to Congress demanding they oppose the Internet blacklist. http://demandprogress.org/blacklist/?source=bb From rforno at infowarrior.org Mon Sep 27 15:09:01 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Sep 2010 16:09:01 -0400 Subject: [Infowarrior] - From $44 To $4 In Less A Second: Today's Flash Crash Message-ID: <4703E82A-3C72-40F4-BDEF-C003AFED8F5B@infowarrior.org> From $44 To $4 In Less A Second: Today's Flash Crash Brought To You Courtesy Of The Nasdaq And A Clueless And Corrupt SEC http://www.zerohedge.com/article/44-4-less-second-todays-flash-crash-brought-you-courtesy-nasdq-and-broken-circuit-breakers Today's reverse engineered HFT algo strategy: if price drops more than x% in a millisecond, then enter order y% below bid, else pull all bids, especially when price is 90% below most recent NBBO posted a mere second earlier. Which is precisely what happened to Progress Energy (PGN), which dropped from $44 to $4 in less than second, but not in quantized fashion (i.e. fat finger), but in a gradual, than exponentially accelerating manner, as an algo took out all the bids. We can't wait for this week's 21st sequential outflow from equity funds: luckily investors are now all too aware that holding a stock, any stock, is dangerous to one's sanity, not to mention stop loss orders. And where the hell was the circuit breaker on this one? The market is and continues to be a miserable joke, especially courtesy of Nasdaq and the 160 trades in PGN that occurred at ridiculous, HFT-exaggerated prices. And of course, all those lucky fools who bought the stock at a 90% discount are about to be DKed, because it is Nasdaq's prerogative to protect its HFT paying clients, and not investors. < - > From rforno at infowarrior.org Mon Sep 27 17:46:09 2010 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 27 Sep 2010 18:46:09 -0400 Subject: [Infowarrior] - MD state police videotaping claim dismissed Message-ID: http://weblogs.baltimoresun.com/news/crime/blog/2010/09/motorcyclist_wins_taping_case.html September 27, 2010 Motorcyclist wins taping case against state police A Harford County Circuit Court judge ruled this afternoon that a motorcyclist who was arrested for videotaping his traffic stop by a Maryland State Trooper was within his rights to record the confrontation. Judge Emory A Pitt Jr. tossed all the charges filed against Anthony Graber, leaving only speeding and other traffic violations, and most likely sparing him a trial that had been scheduled for Oct. 12. The judge ruled that Maryland's wire tap law allows recording of both voice and sound in areas where privacy cannot be expected. He ruled that a police officer on a traffic stop has no expectation of privacy. "Those of us who are public officials and are entrusted with the power of the state are ultimately accountable to the public," the judge wrote. "When we exercise that power in public fora, we should not expect our actions to be shielded from public observation." From rforno at infowarrior.org Tue Sep 28 11:05:52 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Sep 2010 12:05:52 -0400 Subject: [Infowarrior] - Cyber Storm III uses Internet to attack itself Message-ID: Cyber Storm III uses Internet to attack itself September 28, 2010 - 7:00am WFED's Max Cacas http://www.federalnewsradio.com/?nid=35&sid=2064207 In places like Arlington, Va.; Washington, D.C.; across the U.S. and around the world, a global cybersecurity exercise is underway designed to test the limits not only of the "network of networks," but the ingenuity of the people charged with protecting it. Welcome to Cyber Storm III. This is the third time that the Department of Homeland Security, in conjunction with other federal agencies, is holding this global cybersecurity exercise. Previous Cyber Storm exercises were conducted in 2006, and again in 2008. For the first time, DHS will manage its response to Cyber Storm III from its new National Cybersecurity and Communications and Integration Center. Normally, this facility, located in a nondescript office building in Arlington is classified and closed to the public. But the NCCIC recently opened its doors for an inside look to let DHS officials brief the media on Cyber Storm III, a worldwide cybersecurity response exercise that has been underway since late Monday. Brett Lambo, the director of the Cybersecurity Exercise Program with DHS's National Cybersecurity Division, is the architect, or game master for this global cybersecurity exercise. "The overarching philosophy," he told reporters in a recent briefing at the NCCIC, "is that we want to come up with something that's a core scenario, something that's foundational to the operation of the Internet." Cyber Storm III includes many players in places across the U.S. and around the world: ? Seven federal departments: Homeland Security, Defense, Commerce, Energy, Justice, Treasury and Transportation. ? Eleven states: California, Delaware, Illinois, Iowa, Michigan, Minnesota, North Carolina, New York, Pennsylvania, Texas, Washington, plus the Multi-State Information Sharing and Analysis Center (ISAC). This compares with nine states that participated in Cyberstorm II. ? Twelve international partners: Australia, Canada, France, Germany, Hungary, Japan, Italy, the Netherlands, New Zealand, Sweden, Switzerland, and the United Kingdom (up from four countries that participated in Cyber Storm II). DHS officials also say 60 private sector companies will participate in Cyber Storm III, up from 40 who participated in Cyber Storm II. Firms include banking and finance, chemical, communications, defense industrial, information technology, nuclear, transportation and water. Lambo said to preserve the exercise's value as a vigorous test of cybersecurity preparedness, exact details of the scenario which participants will deal with over the next three days are secret. However, he did share some of the broad parameters of the scenario he helped write, and which he will administer. "In other exercises, you do have specific attack vectors; you have a denial of service attack, you have a website defacement, or you have somebody dropping a rootkit," he said. "But we wanted to take that up a level to say, 'All of those things can still happen, and based on what you do, if you're concerned about the availability of infrastructure, we can look at what happens when the infrastructure is unavailable.'" Lambo said another way to look at the scenario is that it builds upon what they learned from previous exercises. "In Cyber Storm I, we attacked the Internet, in Cyber Storm II, we used the Internet as the weapon, in Cyber Storm III, we're using the Internet to attack itself," he said. Lambo added under normal circumstances, the Internet operates based on trust that a file, or a graphic, or a computer script is what it says it is, and comes from a trusted source. But what if that source was not what it said it was, or the source has a malicious intent? "What we're trying to do is compromise that chain of trust," he said, in further explaining in broad strokes of the Cyber Storm III exercise scenario. Lambo and his colleagues at the Cyber Storm control center also will introduce new, and hopefully unexpected conditions to the scenario to further test participants. "We have the ability to do what we call dynamic play," he said. "If we get a player action coming back into the exercise that is either different from what we expected it to be, if it's something we'd like to chase down further, or if it's something we'd like to pursue, we have the ability to write injects on the fly." He said those injects could include new attacks. The Cyber Storm exercise will be conducted primarily using secure messaging systems like e-mail or text messages to relay intersects to participants and that the simulated attacks are not being conducted over a live or a virtual network now in operation on the Internet, he said. For the U.S. government, Cyber Storm III also offers the opportunity to test the DHS' National Cyber Incident Response Plan. "We want to focus on information sharing issues,:" he said. "We want to know how all of the different organizations are compiling, acting on, aggregating information that they're sharing, especially when you're thinking about classified lines coming into the unclassified domain. There's a concept called tearlining, in which we take classified information, and get it below the tearline, so that those without security clearances and get it, and act on it." The Cyber Storm III exercise is expected to conclude by Oct. 1. (Copyright 2010 by FederalNewsRadio.com. All Rights Reserved.) From rforno at infowarrior.org Tue Sep 28 11:06:29 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Sep 2010 12:06:29 -0400 Subject: [Infowarrior] - Cyber takes centre stage in Israel's war strategy Message-ID: <2B105320-50B6-49FB-A49C-88661CF22A4A@infowarrior.org> EXCLUSIVE-Cyber takes centre stage in Israel's war strategy 28 Sep 2010 12:37:52 GMT Source: Reuters * Iran's Stuxnet worm has fingers pointing at Israel * Israelis seen weighing "deniable" tactics against foe By Dan Williams http://www.alertnet.org/thenews/newsdesk/LDE68R0GB.htm JERUSALEM, Sept 28 (Reuters) - Cyber warfare has quietly grown into a central pillar of Israel's strategic planning, with a new military intelligence unit set up to incorporate high-tech hacking tactics, Israeli security sources said on Tuesday. Israel's pursuit of options for sabotaging the core computers of foes like Iran, along with mechanisms to protect its own sensitive systems, were unveiled last year by the military intelligence chief, Major-General Amos Yadlin. The government of Prime Minister Benjamin Netanyahu has since set cyber warfare as a national priority, "up there with missile shields and preparing the homefront to withstand a future missile war", a senior source said on condition of anonymity. Disclosures that a sophisticated computer worm, Stuxnet, was uncovered at the Bushehr atomic reactor and may have burrowed deeper into Iran's nuclear programme prompted foreign experts to suggest the Israelis were responsible. [nLDE68Q1MG] Israel has declined to comment on any specific operations. Analysts say cyber capabilities offer it a stealthy alternative to the air strikes that it has long been expected to launch against Iran but which would face enormous operational hurdles as well as the risk of triggering regional war. [nLDE5BE29K] According to security sources, over the last two years the military intelligence branch, which specialises in wiretaps, satellite imaging and other electronic espionage, has set up a dedicated cyber warfare unit staffed by conscripts and officers. They would not say how much of the unit's work is offensive, but noted that Israeli cyber defences are primarily the responsibility of the domestic intelligence agency Shin Bet. DENIABILITY In any event, fending off or inflicting damage to sensitive digital networks are interconnected disciplines. Israeli high-tech firms, world leaders in information security, often employ veterans of military computing units. Security sources said Israel awoke to the potential of cyber warfare in the late 1990s, when the Shin Bet hacked into a fuel depot to test security measures and then realised the system could be reprogrammed to crash or even cause explosions. Israel's defence priorities suggest it may be shying away from open confrontation with the Iranians, whose nuclear facilities are distant, numerous, dispersed and well-fortified. Even were its warplanes to manage a successful sortie, Israel would almost certainly suffer retaliatory Iranian missile salvoes worse than the short-range rocket attacks of Lebanese and Palestinian guerrillas in the 2006 and 2009 wars. There would be a wider diplomatic reckoning: World powers are in no rush to see another Middle East conflagration, especially while sanctions are still being pursued against an Iranian nuclear programme which Tehran insists is peaceful. An Israeli security source said Defence Ministry planners were still debating the relative merits of cyber warfare. "It's deniable, and it's potent, but the damage it delivers is very hard to track and quantify," the source said. "When you send in the jets -- the target is there, and then it's gone." (Editing by Jon Boyle) From rforno at infowarrior.org Tue Sep 28 11:07:46 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Sep 2010 12:07:46 -0400 Subject: [Infowarrior] - =?windows-1252?q?New_Cybersecurity_Bill_Gives_Oba?= =?windows-1252?q?ma_=91Power_To_Shut_Down_Companies=92?= Message-ID: <4CB5F9A5-EFBA-409A-BEE9-E565B26C8225@infowarrior.org> (Not thrilled with the tone of much of the stuff on this site, but the article is interesting in its interpretation. --rick) New Cybersecurity Bill Gives Obama ?Power To Shut Down Companies? ? Businesses who don?t follow government orders would be suspended for at least 90 days with no congressional oversight http://www.prisonplanet.com/new-cybersecurity-bill-gives-obama-power-to-shut-down-companies.html Paul Joseph Watson Prison Planet.com Tuesday, September 28, 2010 An amalgamated cybersecurity bill that lawmakers hope to pass before the end of the year includes new powers which would allow President Obama to shut down not only entire areas of the Internet, but also businesses and industries that fail to comply with government orders following the declaration of a national emergency ? increasing fears that the legislation will be abused as a political tool. The draft bill is a combination of two pieces of legislation originally crafted by Senators Lieberman and Rockefeller. One of the differences between the new bill and the original Lieberman version is that the Internet ?kill switch? power has been limited to 90 days without congressional oversight, rather than the original period of four months contained in the Lieberman bill. In other words, President Obama can issue an emergency declaration that lasts 30 days and he can renew it for a further 60 days before congress can step in to oversee the powers. The new powers would give Obama a free hand to not only shut down entire areas of the Internet and block all Internet traffic from certain countries, but under the amalgamated bill he would also have the power to completely shut down industries that don?t follow government orders, according to a Reuters summary of the new bill. ?Industries, companies or portions of companies could be temporarily shut down, or be required to take other steps to address threats,? states the report, citing concerns about an ?imminent threat to the U.S. electrical grid or other critical infrastructure such as the water supply or financial network.? The only protection afforded to companies under the new laws is that they would have to be defined as ?critical? in order to come under government regulation, but since the government itself would decide to what companies this label applies, it?s hardly a comforting layer of security. ?Even in the absence of an imminent threat, companies could face government scrutiny. Company employees working in cybersecurity would need appropriate skills. It also would require companies to report cyber threats to the government, and to have plans for responding to a cyber attack,? states the report. As we have highlighted, the threat from cyber-terrorists to the U.S. power grid or water supply is minimal. The perpetrators of an attack on such infrastructure would have to have direct physical access to the systems that operate these plants to cause any damage. The recent Stuxnet malware attack, for example, was introduced and spread through a physical USB device, not via the public Internet. Any perceived threat from the public Internet to these systems is therefore completely contrived and strips bare what many fear is the real agenda behind cybersecurity ? to enable the government to regulate free speech on the Internet. Handing Obama the power to shut down certain companies or businesses is likely to heighten already existing fears that the new cybersecurity federal bureaucracy could be used as a political tool. As we reported back in March, the Obama administration?s release of the Comprehensive National Cybersecurity Initiative, a government plan to ?secure? (or control) the nation?s public and private sector computer networks, coincided with Democrats attempting to claim that the independent news website The Drudge Report was serving malware, an incident Senator Jim Inhofe described as a deliberate ploy ?to discourage people from using Drudge?. Senator Joe Lieberman appeared to admit that the legislation had more to do with simply protecting US infrastructure when he told CNN?s Candy Crowley that the bill was intended to mimic the Communist Chinese system of Internet policing. ?Right now China, the government, can disconnect parts of its Internet in case of war and we need to have that here too,? said Lieberman. As we have documented, the Chinese government does not disconnect parts of the Internet because of genuine security concerns, it habitually does so only to oppress and silence victims of government abuse and atrocities, and to strangle dissent against the state, a practice many fear is the ultimate intention of cybersecurity in the United States. The implementation of the cybersecurity apparatus would represent another huge expansion of the federal government, creating an Office of Cyber Policy within the executive branch and also ?A new National Center for Cybersecurity and Communications (NCCC) within the Department of Homeland Security, led by a separate director who would enforce cybersecurity policies throughout the government and the private sector.? Lawmakers have indicated that they intend to push through the bill before the end of the year, though with Congress set to leave Friday amidst deadlock on a number of issues, cybersecurity looks like it will have to wait until mid-November, providing its opponents with extra time to point out the inherent threats the legislation poses to free speech and free enterprise. ********************* Paul Joseph Watson is the editor and writer for Prison Planet.com. He is the author of Order Out Of Chaos. Watson is also a fill-in host for The Alex Jones Show. Watson has been interviewed by many publications and radio shows, including Vanity Fair and Coast to Coast AM, America?s most listened to late night talk show. From rforno at infowarrior.org Tue Sep 28 11:16:15 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Sep 2010 12:16:15 -0400 Subject: [Infowarrior] - Internet Wiretapping Proposal Met With Silence Message-ID: <86E76CB9-6EFF-425E-A78C-EA963DB6DEC1@infowarrior.org> September 28, 2010, 10:49 am Internet Wiretapping Proposal Met With Silence By VERNE G. KOPYTOFF http://bits.blogs.nytimes.com/2010/09/28/internet-wiretapping-proposal-met-with-silence/ An Obama administration plan to make wire tapping the Internet easier for law enforcement and national security agencies was met with silence by online companies Monday. Google, Facebook, Microsoft, Yahoo and Research in Motion ? never shy about issuing press releases ? all declined to talk about what would be a major shift in privacy law. Next year, the Obama administration intends to ask Congress for new regulations that it says are necessary as more people ? and criminals ? communicate online rather than the telephone. The rules would require Internet companies to create an easy way for law enforcement and security officials to monitor encrypted e-mails and messaging services like Skype, which allow users to talk ?peer to peer.? The government would still need to get legal approval to intercept and decode messages. Privacy advocates criticize the plan as a threat to free speech and open to abuse. However, major technology companies, which vociferously defend their privacy records, today declined to weigh in on the proposal ? never mind that it could affect their users and require some technical gymnastics to implement. Only Facebook would comment, if only generally, saying in a statement: ?We will examine any proposal when and if it materializes but we can?t comment on something we haven?t seen. Generally, it?s our policy to only comply with valid, legal requests for data.? Granted, the Obama administration has yet to offer many specifics, making it difficult for the companies to comment in detail. The silence may also be a case of the companies not wanting to antagonize government officials. Under the proposal, the Internet companies will have to have systems in place that would allow law enforcement to intercept messages if asked to do so by law enforcement. Some companies already have such technology in place, but some do not and have to build such systems after being served. Lee Tien, senior staff attorney for the Electronic Frontier Foundation, a privacy advocacy group, said that there are ?obvious civil liberty and privacy issues? with the Obama administration plan. Existing law already allows law enforcement to get user information from Internet companies, although it may not get it as quickly as they want. ?The government has to bear the burden of proof for why we need this,? Mr. Tien said. ?But they tend to get a pass.? From rforno at infowarrior.org Tue Sep 28 17:03:05 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Sep 2010 18:03:05 -0400 Subject: [Infowarrior] - An Open Letter From Internet Engineers to the Senate Judiciary Committee Message-ID: <37AF1C75-1FD5-4801-BC36-5879DA5F2743@infowarrior.org> September 28th, 2010 An Open Letter From Internet Engineers to the Senate Judiciary Committee Announcement by Peter Eckersley https://www.eff.org/deeplinks/2010/09/open-letter Today, 89 prominent Internet engineers sent a joint letter the US Senate Judiciary Committee, declaring their opposition to the "Combating Online Infringement and Counterfeits Act" (COICA). The text of the letter is below. Readers are encouraged to themselves write the Senate Judiciary Committee and ask them to reject this bill. We, the undersigned, have played various parts in building a network called the Internet. We wrote and debugged the software; we defined the standards and protocols that talk over that network. Many of us invented parts of it. We're just a little proud of the social and economic benefits that our project, the Internet, has brought with it. We are writing to oppose the Committee's proposed new Internet censorship and copyright bill. If enacted, this legislation will risk fragmenting the Internet's global domain name system (DNS), create an environment of tremendous fear and uncertainty for technological innovation, and seriously harm the credibility of the United States in its role as a steward of key Internet infrastructure. In exchange for this, the bill will introduce censorship that will simultaneously be circumvented by deliberate infringers while hampering innocent parties' ability to communicate. All censorship schemes impact speech beyond the category they were intended to restrict, but this bill will be particularly egregious in that regard because it causes entire domains to vanish from the Web, not just infringing pages or files. Worse, an incredible range of useful, law-abiding sites can be blacklisted under this bill. These problems will be enough to ensure that alternative name-lookup infrastructures will come into widespread use, outside the control of US service providers but easily used by American citizens. Errors and divergences will appear between these new services and the current global DNS, and contradictory addresses will confuse browsers and frustrate the people using them. These problems will be widespread and will affect sites other than those blacklisted by the American government. The US government has regularly claimed that it supports a free and open Internet, both domestically and abroad. We can't have a free and open Internet without a global domain name system that sits above the political concerns and objectives of any one government or industry. To date, the leading role the US has played in this infrastructure has been fairly uncontroversial because America is seen as a trustworthy arbiter and a neutral bastion of free expression. If the US suddenly begins to use its central position in the DNS for censorship that advances its political and economic agenda, the consequences will be far-reaching and destructive. Senators, we believe the Internet is too important and too valuable to be endangered in this way, and implore you to put this bill aside. The letter is signed by the following: ? David P. Reed, who played an important role in the development of TCP/IP and invented the UDP protocol that makes real-time applications like VOIP possible today; Professor at MIT ? Paul Vixie, author of BIND, the most widely-used DNS server software, and President of the Internet Systems Consortium ? Jim Gettys, editor of the HTTP/1.1 protocol standards, which we use to do everything on the Web. ? Bill Jennings, who was VP of Engineering at Cisco for 10 years and responsible for building much of the hardware and embedded software for Cisco's core router products and high-end Ethernet switches. ? Steve Bellovin, one of the originators of USENET; found and fixed numerous security flaws in DNS; Professor at Columbia. ? Gene Spafford, who analyzed the first catastrophic Internet worm and made many subsequent contributions to computer security; Professor at Purdue. ? Dan Kaminsky, who in 2008 found and helped to fix a grave security vulnerability in the entire planet's DNS systems. ? David Ulevitch, CEO of OpenDNS, which offers alternative DNS services for enhanced security. ? John Vittal, Created the first full email client and the email standards. ? Esther Dyson, chairman, EDventure Holdings; founding chairman, ICANN; former chairman, EFF; active investor in many start-ups that support commerce, news and advertising on the Internet; director, Sunlight Foundation ? Brian Pinkerton, Founder of WebCrawler, the first big Internet search engine. ? Dr. Craig Partridge, Architect of how email is routed through the Internet, and designed the world's fastest router in the mid 1990s. ? John Gilmore, co-designed BOOTP (RFC 951), which became DHCP, the way you get an IP address when you plug into an Ethernet or get on a WiFi access point. ? Karl Auerbach, Former North American publicly elected member of the Board of Directors of ICANN, the Internet Corporation for Assigned Names and Numbers. ? Paul Timmins, designed and runs the multi-state network of a medium sized telephone and internet company in the Midwest. ? Lou Katz, I was the founder and first President of the Usenix Association, which published much of the academic research about the Internet, opening networking to commercial and other entities. ? Walt Daniels, IBM?s contributor to MIME, the mechanism used to add attachments to emails. ? Gordon E. Peterson II, designer and implementer of the first commercially available LAN system, and member of the Anti-Spam Research Group of the Internet Engineering Task Force (IETF). ? John Adams, operations engineer at Twitter, signing as a private citizen ? Alex Rubenstein, founder of Net Access Corporation. We are an Internet Service Provider for nearly 15 years, and I have served on the ARIN AC. ? Roland Alden, Originator of the vCard interchange standard; builder of Internet infrastructure in several developing countries. ? Lyndon Nerenberg, Author/inventor of RFC3516 IMAP BINARY and contributor to the core IMAP protocol and extension. ? James Hiebert, I performed early experiments using TCP Anycast to track routing instability in Border Gateway Protocol. ? Dr. Richard Clayton, designer of Turnpike, widely used Windows-based Internet access suite. Prominent Computer Security researcher at Cambridge University. ? Brandon Ross, designed the networks of MindSpring and NetRail. ? James Ausman, helped build the first commercial web site and worked on the Apache web server that runs two-thirds of the Web. ? Michael Laufer, worked on the different networks they dealt with including the Milnet, other US Govt nets, and regional (NSF) nets that became the basis of the Internet. Also designed, built, and deployed the first commercial VPN infrastructure (I think) as well as dial up nets that were part of AOL and many other things. ? Janet Plato, I worked for Advanced Network and Service from 1992 or so running the US Internet core before it went public, and then doing dial engineering until we were acquired by UUNet. While at UUnet I worked in EMEA Engineering where I helped engineer their European STM16 backbone. ? Thomas Hutton, I was one of the original architects of CERFnet - one of the original NFSnet regional networks that was later purchased by AT&T. In addition, I am currently chair of the CENIC HPR (High Performance Research) technical committee. This body directs CENIC in their managment and evolution of Calren2, the California research and education network. ? Phil Lapsley, co-author of the Internet Network News Transfer Protocol (NNTP), RFC 977, and developer of the NNTP reference implementation in 1986 ... still in use today almost 25 years later. ? Stephen Wolff. While at NSF I nurtured, led, and funded the NSFNET from its infancy until by 1994 I had privatized, commercialized, and decommissioned the NSFNET Backbone; these actions stimulated the commercial activity that led to the Internet of today. ? Bob Schulman , worked on University of Illinois? ANTS system in the Center for Advanced Computation in 1976 when ANTS connected a few hosts to the ARPAnet. ? Noel D. Humphreys, As a lawyer I worked on the American Bar Association committee that drafted guidelines for use of public key encryption infrastructure in the early days of the internet. ? Ramaswamy P. Aditya, I built various networks and web/mail content and application hosting providers including AS10368 (DNAI) which is now part of AS6079 (RCN), which I did network engineering and peering for, and then I did network engineering for AS25 (UC Berkeley), followed and now I do network engineering for AS177-179 and others (UMich). ? Haudy Kazemi, Implemented Internet connections (from the physical lines, firewalls, and routers to configuring DNS and setting up Internet-facing servers) to join several companies to the Internet and enable them to provide digital services to others. ? Mike Meyer, I helped debug the NNTP software in the 80s, and desktop web browsers and servers in the 90s. ? Richard S. Kulawiec, 30 years designing/operating academic/commercial/ISP systems and networks. ? Michael Alexander, I have been involved with networking since before the Internet existed. Among other things I was part of the team that connected the MTS mainframe at Michigan to the Merit Network. I was also involved in some of the early work on Email with Mailnet at MIT and wrote network drivers for IP over ISDN for Macintosh computers. ? Gordon Cook, I led the OTA study between 1990 and 1992 and since April 1992 have been self employed as editor publisher of the cook report. ? Thomas Donnelly, I help support the infrastructure for the world?s most widely used web server control panel. ? Peter Rubenstein, I helped design and run the ISP transit backbone of AOL, the ATDN. ? Owen DeLong, I am an elected member of the ARIN Advisory Council. I am the resource holder of record on a number of domains. I have been active on the internet for more than 20 years. I was involved in getting some of the first internet connections into primary and secondary schools before commercial providers like AT&T started sponsoring events like Net-Day. ? Erik Fair, co-author, RFC 1627, RFC 977, former postmaster at apple.com. ? Tony Rall, I was involved in providing Internet access to the IBM corporation - from the late 80s until last year. I worked within the company to ensure that Internet access was as "open" and transparent as possible. ? Bret Clark, Spectra Access. We are New Hampshire's largest wireless Internet service providers and have built a large footprint of Internet Access for businesses in New Hampshire. ? Paul Fleming, Run as33182 as a large hosting provider (5gbps+). develop monitoring software suite. ? David M. Kristol, Co-author, RFCs 2109, 2965 ("HTTP State Management") Contributor, RFC 2616 ("Hypertext Transfer Protocol") ? Anthony G. Lauck, I helped design and standardize routing protocols and local area network protocols and served on the Internet Architecture Board. ? Judith Axler Turner, I started the first NSF-approved commercial service on the Internet, the Chronicle of Higher Education's job ads, in 1993. ? Jason Novinger , I was the Network Administrator for Lawrence Freenet, a small wireless ISP in Lawrence, KS. ? Dustin Jurman, I am the CEO of Rapid Systems Corporation a Network Service Provider, and Systems builder responsible for 60 Million of NOFA funding. ? Blake Pfankuch, Over the years I have implemented thousands if not tens of thousands of webservers, DNS servers and supporting infrastructure. ? Dave Shambley, retired engineer (EE -rf-wireless- computers) and active in the design of web site and associated graphics. ? Stefan Schmidt, I had sole technical responsibility for running all of the freenet.de / AS5430 DNS Infrastructure with roughly 120.000 Domains and approximately 1.5 million DSL subscribers for the last 9 years and have been actively involved in the ? development of the PowerDNS authoritative and recursive DNS Servers for the last 4 years. ? Dave Skinner, I was an early provider of net connectivity in central Oregon. Currently I provide hosting services. ? Richard Hartmann, Backbone manager and project manager at Globalways AG, a German ISP. ? Curtis Maurand, founder of a small internet company in Maine in 1994. started delivering low cost broadband to municipalities and businesses before acquired by Time-Warner. ? James DeLeskie, internetMCI Sr. Network Engineer, Teleglobe Principal Network Architect ? Bernie Cosell, I was a member of the team at BBN that wrote the code for the original ARPAnet IMP. I also did a big chunk of the redesign of the TELNET protocol [addding DO/DONT/WILL/WONT]. ? Eric Brunner-Williams, I contributed to rfc1122 and 1123, and co-authored rfc2629, Domain Name System (DNS) IANA Considerations, and authored the "sponsored registry" proposal, implemented as .aero, .coop and .museum, and assisted with .cat, authored the privacy policy for HTTP cookies, and contribute to both the IETF and to ICANN. ? Nathan Eisenberg, Atlas Networks Senior System Administrator, manager of 25K sq. ft. of data centers which provide services to Starbucks, Oracle, and local state ? Jon Loeliger, I have implemented OSPF, one of the main routing protocols used to determine IP packet delivery. At other companies, I have helped design and build the actual computers used to implement core routers or storage delivery systems. At another company, we installed network services (T-1 lines and ISP service) into Hotels and Airports across the country. ? Tim Rutherford, managed DNS (amongst other duties) for an C4.NET since 1997. ? Ron Lachman , I am co-founder of Ultra DNS. I am co-founder of Sandpiper networks (arguably, inventor of the CDN) I am "namesake" founder of Lachman TCP/IP (millions of copies of TCP on Unix System V and many other other platforms) Joint developer of NFS along with Sun MicroSystems. ? Jeromie Reeves, Network Administrator & Consultant. I have a small couple hundred user Wireless ISP and work with or have stakes in many other networks. ? Alia Atlas, I designed software in a core router (Avici) and have various RFCs around resiliency, MPLS, and ICMP. ? Marco Coelho, As the owner of Argon Technologies Inc., a company that has been in the business of providing Internet service for the past 13 years. ? David J. Bowie, intimately involved in deployment and maintenance of the Arpanet as it evolved from 16 sites to what it is today. ? Scott Rodgers, I have been an ISP on Cape Cod Massachusetts for 17 years and I agree that this bill is poison. ? William Schultz, for the past 10 years I've worked on hundreds of networks around the US and have worked for a major voice and data carrier. I do not agree with Internet censorship in any degree, at all. ? Rebecca Hargrave Malamud, helped advance many large-scale Internet projects, and have been working the web since its invention. ? Kelly J. Kane - Shared web hosting network operator. Tom DeReggi, 15yr ISP/WISP veteran, RapidDSL. Doug Moeller, Chief Technical Officer, Autonet Mobile, Inc. ? David Boyes, Operations Coordinator, SESQUInet, First mainframe web server, First Internet tools for VM/CMS, Caretaker, NSS1, Caretaker ENSS3, Author, Chronos Appt Management Protocol, Broadcast operator, IETF telepresence, IETF 28/29 ? Jim Warren, I was one of Vint Cerf?s grad students and worked for a bit on the early protocols for the old ARPAnet ... back before it became the DARPAnet ? Christopher Nielsen, I have worked for several internet startups, building everything from email and usenet infrastructure to large-scale clusters. I am currently a Sr. Operations Engineer for a product and shopping search engine startup. ? David Barrett, Founder and CEO of Expensify, former engineering manager for Akamai. I helped build Red Swoosh, which delivers large files for legitimate content owners, and was acquired by Akamai, which hosts 20% of the internet by powering the world's top 20,000 websites. ? David Hiers, I have designed dozens of Internet edge networks, several transit networks, and currently operate a VOIP infrastructure for 20,000 business subscribers. ? Jay Reitz, Co-founder and VP of Engineering of hubpages.com, the 60th largest website in the US with 14M monthly US visitors. ? Peter H. Schmidt, I co-founded the company (Midnight Networks) that created the protocol test software (ANVL) that ensured routers from all vendors could actually interoperate to implement the Internet. ? Harold Sinclair, design, build, and operate DNS, Mail, and Application platforms on the Internet. ? Dan Kaminsky, security researcher and the Chief Scientist for Recursion Ventures. He formerly worked for Cisco , Avaya, and IOActive, where he was the Director of Penetration Testing. He is known among computer security experts for his work on DNS cache poisoning (AKA "The Kaminsky Bug"), and for showing that the Sony Rootkit had infected at least 568,200 computers. ? John Todd, I invented and operate a DNS-based telephony directory "freenum.org" which uses the DNS to replace telephone numbers. ? Christopher Gerstorff, technician for a wireless broadband internet provider, Rapid Systems, Inc. Robert Rodgers, Engineer at Juniper and Cisco. Worked on routers and mobile systems. Illene Jones, I have had a part in creating the software that runs on the servers. Brandon Applegate, I have worked in the ISP sector since the mid-1990s as a network engineer. Leslie Carr, Craigslist Network Engineer From rforno at infowarrior.org Tue Sep 28 17:10:31 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Sep 2010 18:10:31 -0400 Subject: [Infowarrior] - Appeals Court Tells ASCAP: A Download Is Not A Performance Message-ID: <52EAC970-F0E4-4692-8CEE-B0536414EEB5@infowarrior.org> http://www.techdirt.com/articles/20100928/11271611198/appeals-court-tells-ascap-a-download-is-not-a-performance.shtml Appeals Court Tells ASCAP: A Download Is Not A Performance from the get-it-straight dept A few years back, we covered the legal fight pitting ASCAP against Yahoo and RealNetworks, where the two internet companies were told to pay up based on a ridiculously arbitrary fee formula, including a totally made up multiplier called the "music-use-adjustment-fraction." The really scary part was that it calculated the revenue based on all of Yahoo's revenue. So, yes, even though Yahoo makes most of its revenue in ways that have nothing to do with music, its total revenue is used as part of the calculation. The one good thing that came out of the legal fight was the court making it clear to ASCAP that a download is not a performance, which requires a separate fee. As you may recall, ASCAP has been trying to claim just about anything involving music is a "public performance," in a weak attempt to get more cash. Both sides appealed. Yahoo and RealNetworks appealed the crazy fee formula, and ASCAP appealed the claim that a download was not a public performance. The Second Circuit appeals court has now ruled and gone against ASCAP on both issues. It reaffirmed that a download is not a public performance (and thus, performance rights fees are not applicable) and rejected the bizarre calculation method used, as not "adequately supported" as being reasonable. A few highlights: The fact that the statute defines performance in the audio-visual context as "show[ing]" the work or making it "audible" reinforces the conclusion that "to perform" a musical work entails contemporaneous perceptibility. ASCAP has provided no reason, and we can surmise none, why the statute would require a contemporaneously perceptible event in the context of an audio-visual work, but not in the context of a musical work. The downloads at issue in this appeal are not musical performances that are contemporaneously perceived by the listener. They are simply transfers of electronic files containing digital copies from an on-line server to a local hard drive. The downloaded songs are not performed in any perceptible manner during the transfers; the user must take some further action to play the songs after they are downloaded. Because the electronic download itself involves no recitation, rendering, or playing of the musical work encoded in the digital transmission, we hold that such a download is not a performance of that work.... The court also scolds ASCAP for blatantly misreading other opinions on what constitutes a public performance and points out that ASCAP appears to "misread the definition of 'publicly,'" noting that ASCAP's definition of a public performance seems to "render superfluous" the term "a performance" in the Copyright Act. Ouch. As for the royalty fees, the court is pretty clear that it doesn't buy the formula being used: First, the district court did not adequately support the reasonableness of its method for measuring the value of the Internet Companies' music use. Second, the district court did not adequately support the reasonableness of the 2.5% royalty rate applied to the value of the Internet Companies' music use. In other words, you don't just get to make up numbers out of nowhere. That said, the court does say that it isn't necessarily against using such a "music-use-adjustment-fraction," it just needs the number to actually be supported. This is unfortunate, as it leads to improperly using non-music revenue as part of the calculation for how much should be paid for the music license. However, the court tries to deal with this by saying that the reasonable support needed would justify what the multiplier factor would be. Its main concern with the lower court's ruling was that it didn't take this into account and used a measure that made little sense (time spent listening to streams) which had little bearing on ad revenue: The district court's MUAF accounts for the value of Yahoo!'s music use by using the amount of time that music is streamed. Streaming time, however, neither drives nor correlates with Yahoo!'s advertising revenue. The record evidence makes plain that Yahoo!'s advertising revenue model more accurately correlates with the number of times a particular page is accessed by users than to the duration of streaming time. From rforno at infowarrior.org Tue Sep 28 17:15:14 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Sep 2010 18:15:14 -0400 Subject: [Infowarrior] - DOC RFC: Global Free Flow of Information on the Internet Message-ID: <10EBA61A-E664-402D-83AD-D5B28A40DE08@infowarrior.org> Full document @ http://cryptome.org/0002/doc092910.pdf Global Free Flow of Information on the Internet AGENCY: Office of the Secretary, U.S. Department of Commerce; National Telecommunications and Information Administration, U.S. Department of Commerce; International Trade Administration, U.S. Department of Commerce; and National Institute of Standards and Technology, U.S. Department of Commerce. ACTION: Notice of Inquiry. SUMMARY: The Department of Commerce?s Internet Policy Task Force is examining issues related to the global free flow of information on the Internet. Specifically, the Department seeks public comment from all stakeholders, including the commercial, academic, and civil society sectors, on government policies that restrict information flows on the Internet. The Task Force seeks to understand why these restrictions have been instituted; what, if any, impact they have had on innovation, economic development, global trade and investment; and how best to address negative impacts. After analyzing the comments responding to this Notice, the Department intends to publish a report which will contribute to the Administration?s domestic policy and international engagement on these issues. DATES: Comments are due on or before [INSERT DATE 45 DAYS AFTER DATE OF PUBLICATION IN THE FEDERAL REGISTER]. ADDRESSES: Written comments may be submitted by mail to the National Telecommunications and Information Administration at U.S. Department of Commerce, 1401 Constitution Avenue, NW, Room 4701, Washington, DC 20230. Submissions may be in any of the following formats: HTML, ASCII, Word (.doc and .docx), .odf, .rtf, or .pdf. Online submissions in electronic form may be sent to freeflow-noi-2010 at ntia.doc.gov. Paper submissions should include a three and one-half inch computer diskette or compact disc (CD). Diskettes or CDs should be labeled with the name and organizational affiliation of the filer and the name of the word processing program used to create the document. Comments will be posted at http://www.ntia.doc.gov/internetpolicytaskforce/gffi/index.html. FOR FURTHER INFORMATION CONTACT: For questions about this Notice contact: Chris Hemmerlein, Office of International Affairs, National Telecommunications and Information Administration, U.S. Department of Commerce, 1401 Constitution Avenue, NW, Room 4706, Washington DC 20230; telephone (202) 482-1885; email chemmerlein at ntia.doc.gov. Please direct media inquiries to NTIA?s Office of Public Affairs at (202) 482-7002. From rforno at infowarrior.org Tue Sep 28 18:32:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Sep 2010 19:32:35 -0400 Subject: [Infowarrior] - =?iso-8859-1?q?FBI_Drive_for_Encryption_Backdoors?= =?iso-8859-1?q?_Is_D=E9j=E0_Vu_for_Security_Experts?= References: Message-ID: <9BC49EF3-E6EA-4BBF-9522-5B83984C9100@infowarrior.org> FBI Drive for Encryption Backdoors Is D?j? Vu for Security Experts By Ryan Singel September 27, 2010 10:47 pm The FBI now wants to require all encrypted communications systems to have backdoors for surveillance, according to a New York Times report, and to the nation?s top crypto experts it sounds like a battle they?ve fought before. Back in the 1990s, in what?s remembered as the crypto wars, the FBI and NSA argued that national security would be endangered if they did not have a way to spy on encrypted e-mails, IMs and phone calls. After a long protracted battle, the security community prevailed after mustering detailed technical studies and research that concluded that national security was actually strengthened by wide use of encryption to secure computers and sensitive business and government communications. Now the FBI is proposing a similar requirement that would require online service providers, perhaps even software makers, to only offer encrypted communication unless the companies have a way to unlock the communications. In the New York Times story that unveiled the drive, the FBI cited a case where a mobster was using encrypted communication, and the FBI had to sneak into his office to plant a bug. One of the named problems was RIM, the maker of Blackberrys, which provides encrypted email communications for companies and governments, and which has come under pressure from India and the United Arab Emirates to locate its severs in its countries. According to the proposal, any company doing business in the States could not create an encrypted communication system without having a way for the government to order the company to decrypt it, and those who currently do offer that service would have to re-tool it. It?s the equivalent of outlawing whispering in real life. Cryptographers have long argued that backdoors aren?t a feature ? they are just a security hole that will inevitably be abused by hackers or adversarial governments. The proposal also contradicts a congressionally-ordered 1996 National Research Council report that found that requiring backdoors was not a sensible policy for the government. ?While the use of encryption technologies is not a panacea for all information security problems, we believe that adoption of our recommendations would lead to enhanced protection and privacy for individuals and businesses in many areas, ranging from cellular and other wireless phone conversations to electronic transmission of sensitive business or financial documents,? said committee chair Kenneth W. Dam, professor of American and foreign law at the University of Chicago. ?It is true that the spread of encryption technologies will add to the burden of those in government who are charged with carrying out certain law enforcement and intelligence activities. But the many benefits to society of widespread commercial and private use of cryptography outweigh the disadvantages.? Moreover, cases of encryption tripping up law enforcement are extremely rare, according the government?s own records. In 2009, for instance, the government got court approval for 2,376 wiretaps and encountered encryption only once ? and was able to get the contents of the communication. Statistics for other years show no problems whatsoever for the government. Jim Dempsey, the West Coast director of the Center for Democracy and Technology, told Wired.com that the FBI is now saying that the numbers are mistaken ? and they?ll issue new ones in the spring. Despite that, the FBI is saying that its spying capabilities could be degraded unless the Congress requires companies using encryption to re-make their current systems so that the companies have some way to spy on the communications. The FBI did not return a call seeking comment, but the FBI?s general counsel Valerie Caproni told the New York Times that companies ?can promise strong encryption. They just need to figure out how they can provide us plain text.? While the scope of the proposal isn?t clear, it would seem to target Hushmail, Skype, RIM and PGP, each of which use encryption to make it possible for users to communicate without fear of being eavesdropped on by the company making the service, hackers, criminals, business competitors, and governments (authoritarian or otherwise). There?s also a number of open source software packages that might also get swept up by the proposal, including OpenPGP (an open protocol for sending encrypted e-mails), TOR (a system for disguising the origin of web traffic), and OTR (a system for encrypting instant messages). University of Pennsylvania computer science professor Matt Blaze, a cryptography exert co-authored a paper in 1998 about the technical limitations of requiring back doors in crypto, says he?s confused by the return of the dream of perfect surveillance capabilities. ?This seems like a far more baffling battle in a lot of ways,? Blaze said. ?In the 1990s, the government was trying to prevent something necessary, good and inevitable.? ?In this case they are trying to roll back something that already happened and that people are relying on,? Blaze said. Few net users realize that they rely on cryptography every day. For instance, online shopping relies on browsers and servers communicating using SSL. Government employees, NGOs and businesses use RIM and PGP?s e-mail encryption systems to safely protect diplomatic secrets, confidential business documents and human rights communications. It?s not clear how those services could continue since they work by having each user create special decryption keys on their own devices, so that no one, including PGP or RIM, could decrypt the communication if they wanted to. In PGP?s case, the company doesn?t even run a mail server. Skype routes calls through peer-to-peer connections in order to be able to offer free internet calls, uses encryption to prevent the computers in the middle from being able to listen in. Under the FBI?s proposed rules, that architecture would be illegal. Targeted calls would have to be routed through Skype. ?It would make Skype illegal,? said Peter Neumann, a scientist who testified to Congress in the 1990s on the earlier proposal. ?The arguments haven?t changed,? Neumann said. ?9/11 was something long predicted and it hasn?t changed the fact hat if you are going to do massive surveillance using the ability to decrypt ? even with warrants, it would have to be done with enormously careful oversight. Given we don?t have comp systems that are secure, the idea we will have adequate oversight is unattainable.? ?Encryption has life critical consequences,? Neumann added. The CDT?s Dempsey, who spent years working on the Hill on digital policy issues, says the issue won?t get to Congress until next year, and depending on the election, could face Republican backlash, especially given that the Tea Party movement is driven in part by a distrust of big government. Most importantly, for encryption advocates is getting the government to describe in detail what their problems are and what they propose as a solution. In the 1990s, the NSA created the Clipper chip intended for telecoms to use to encrypt phone calls. The NSA initially refused to let outsiders see the chip, which had a backdoor for the government. ?We, meaning Matt Blaze, Peter Neumann and [Columbia University professor] Steven Bellovin, got them to show us details,? Dempsey said. ?Then Matt broke the Clipper chip.? That put an end to that proposal. ?No disrespect to Matt, but there are 10,000 people who can do what he did, and my worry is half of them work for Moldovian criminal hacker groups,? Dempsey said. Another concern is that wiretapping requirements in software have a tendency to be used not just by governments bound to the rule of law. For instance, Nokia and Siemens were lambasted last year for selling telecom equipment to Iran that included the ability to wiretap mobile phones at will. Lost in that uproar was the fact that sophisticated wiretapping capabilities became standard issue for technology thanks to the U.S. government?s CALEA rules that require all phone systems, and now broadband systems, to include these capabilities. Blaze says he?s just confused by the proposal. ?If the point is to discourage the use of encryption broadly, that contradicts the policy position of this administration and the two before it,? Blaze said. ?We need to protect the country?s information infrastructure. I was at meeting of the White House and the very same officials backing this were talking about the rollout of DNSSEC [a technology that protects the internet's lookup system from hackers]. ?So how do you reconcile that with the policy of discouraging encyrption broadly?,? Blaze asked. From rforno at infowarrior.org Tue Sep 28 19:56:35 2010 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 28 Sep 2010 20:56:35 -0400 Subject: [Infowarrior] - Sony Targets PS JailBreak, PSFreedom and PSGroove PS3 Hacks Message-ID: <30EA1D1D-8840-4257-946F-35EC8F55EBDE@infowarrior.org> Sony Targets PS JailBreak, PSFreedom and PSGroove PS3 Hacks Category: PS3 Hacks Submitter: PS3 News - (http://psx-scene.com) http://www.ps3news.com/PS3-Hacks/sony-targets-ps-jailbreak-psfreedom-and-psgroove-ps3-hacks/ Today garyopa at PSX-Scene.com (linked above) reports that Sony appears to be targeting the PS JailBreak, PSFreedom and PSGroove related PS3 hacks and has shared numerous court documents for those interested. From one of the documents, to quote: "Similarly targeted document subpoenas or deposition notices to any other third party who SCEA learns may be involved in the distribution or sale of the PS Jailbreak software, known as, for example, PSGroove, OpenPSJailbreak, and PSFreedom, or who may have knowledge of the distribution or sale of this illicit software." PS3 hacker Mathieulh is also mentioned in one of the documents as recently proclaiming to be one of 20 individuals behind PSGroove, to quote: "Mathieu Hervais told BBC News he was one of about 20 hackers involved in PSGroove's development." Just under a month ago Sony was granted an injunction by Australian Courts on the sale of PSJailBreak PS3 modchips, followed by blocking PS JailBreak and PS3 proxy methods with the release of the PS3 Firmware 3.42 update, so only time will tell what their next move is. From rforno at infowarrior.org Wed Sep 29 11:36:45 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Sep 2010 12:36:45 -0400 Subject: [Infowarrior] - A Field Guide to Copyright Trolls Message-ID: September 28th, 2010 A Field Guide to Copyright Trolls Commentary by Corynne McSherry https://www.eff.org/deeplinks/2010/09/field-guide-copyright-trolls With all of this talk about copyright trolls and spamigation, it is easy to get confused. Who is suing over copies of Far Cry and The Hurt Locker? Who is suing bloggers? Who is trying to protect their anonymity? Who is defending fair use? What do newspapers have to do with any of this? In order to cut through the confusion, here?s a concise guide to copyright trolls currently in the wild, with status updates. Leading the pack for sheer numbers is a Washington, D.C., law firm calling itself the U.S. Copyright Group (USCG), that has filed several "John Doe" lawsuits in D.C., implicating well over 14,000 individuals. This firm has learned one lesson from the RIAA suits: the only group whose bottom line benefits from this kind of mass litigation is the lawyers. As we reported last week, several of the Does in these cases are fighting back in earnest, albeit with mixed results: on the one hand the judge in two of the cases has rejected various efforts to protect the anonymity of the Does, insisting that they cannot file papers anonymously. However, the same judge has issued orders requiring USCG to justify suing two of the Does in the District of Columbia, as the Defendants claim to have no contacts with the District. Meanwhile, in South Dakota, ISP MidContinent Communications stood up for its customers and moved to quash an improperly issued subpoena for their identities. Last week, a federal judge granted that motion. Righthaven LLC, which has brought over 130 lawsuits in Nevada federal court claiming copyright infringement, has a different angle, preferring to acquire the copyrights rather than represent the owner. Righthaven focuses on news: it trolls by (a) scouring the Internet for newspaper stories (or parts thereof) originating with the Las Vegas Review-Journal that have been posted on blogs, forums and webpages, (b) acquiring the copyright to that particular newspaper story, and then (c) suing the poster for copyright infringement. Righthaven demands sums up to $150,000, and uses the threat of these out-of-proportion damages to push defendants into quick settlements. Some attorneys are advising bloggers to simply follow the rule laid down by the Las Vegas Review-Journal's parent company and refrain from quoting anything more than the headline and first paragraph of news articles. Following this advice essentially allows a newspaper to decide what constitutes fair use, a term they are motivated to construe as narrowly as possible. Still others suggest that "the easiest way to avoid copyright infringement claims is to avoid copying," which is true only in the sense that the easiest way to avoid getting robbed is to have no possessions. Quoting, linking, aggregating all involve "copying" and all are integral to any number of perfectly legal creative, often non-commercial, uses of copyrighted works. Indeed, these uses are what makes the internet such a remarkable tool for fostering innovation. Some Righthaven defendants are fighting back. For example, Democratic Underground, an independent discussion forum that was sued based on a 5-sentence excerpt a user posted on the forum. Democratic Underground filed its Answer and Counterclaim Monday; more on that here. And just last week, a judge in another Righthaven case strongly suggested that a post on another site was protected by the legal doctrines of fair use and implied license. Then there?s the relative newbies, such as Lucas Entertainment and Mick Haig Productions, both represented by attorney Evan Stone. Lucas has sued 53 BitTorrent users it alleged uploaded and downloaded the Kings of New York, a gay porn movie. After suing the users as ?Does,? based on their IP addresses, it promptly subpoenaed the identities of people associated with those IP addresses. Unfortunately, many of those people, who are not comfortable being publicly identified in connection with pornography, will feel they have no choice but to settle rather than having their name publicly disclosed, no matter how meritorious their defenses. Mick Haig upped the ante by suing 670 BitTorrent users, and Larry Flynt Publications has gotten in on the act as well. Subpoenas and threat letters are likely to follow soon. These lawsuit reflect a business model that depends on two things: ? Cookie-cutter litigation tactics, such as filing one lawsuit against thousands of legally unrelated people in a court convenient to the lawyers, even if it means the targets will have to defend themselves thousands of miles from home; or creating a ?model pleading? which can be quickly revised with a few new facts to sue a new person. These tactics are crucial: they keep costs down, which in turn boosts profits. ? Vulnerable defendants. Many defendants will be eager to settle because they cannot afford the risk of an award of substantial damages if the case went to trial. Others may have strong defenses that would win at trial, but are unable to obtain counsel far from home (e.g., the defendants in the USCG cases, many of whom appear to be located thousands of miles away from the court where they?ve been sued), unable to afford counsel (e.g., the numerous nonprofits and individual bloggers targeted by Righthaven), or afraid of the consequence of having their personal information made public (e.g., the defendants targeted by Lucas Entertainment). EFF is trying to help by assisting people in finding lower cost or pro bono counsel, allowing people to fight back without the costs of defense bankrupting them. But in the meantime, these lawsuits are causing tremendous collateral damage ? to the individuals targeted, to due process, and to the legal profession (which doesn?t need another example of unscrupulous lawyering). To be clear, no one is arguing that copyright owners don?t have a legal right to protect their works. But it?s quite another thing to game the legal system ? and waste judicial resources, i.e., your tax dollars ? to make a profit. From rforno at infowarrior.org Wed Sep 29 12:30:33 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Sep 2010 13:30:33 -0400 Subject: [Infowarrior] - HDCP Encryption/Decryption Code Message-ID: <4C048276-FFA9-419C-8AFF-DE9FF0BB5D1E@infowarrior.org> HDCP Encryption/Decryption Code Rob Johnson (rob at cs.sunysb.edu) Mikhail Rubnich (rubnich at gmail.com) This is a software implementation of the HDCP encryption algorithm. We are releasing this code in hopes that it might be useful to other people researching or implementing the HDCP protocol. DOWNLOAD: hdcp-0.1.tgz COMPILE: make TEST: ./hdcp -t (If there is any "!" in the output, then there was an error) BENCHMARK: ./hdcp -S The HDCP cipher is designed to be efficient when implemented in hardware, but it is terribly inefficient in software, primarily because it makes extensive use of bit operations. Our implementation uses bit-slicing to achieve high speeds by exploiting bit-level parallelism. We have created a few high-level routines to make it as easy as possible to implement HDCP, as shown in the following example. http://www.cs.sunysb.edu/~rob/hdcp.html From rforno at infowarrior.org Wed Sep 29 12:32:39 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Sep 2010 13:32:39 -0400 Subject: [Infowarrior] - RIAA Claims That If COICA Isn't Passed, Americans Are 'Put At Risk' Message-ID: <9BAF59DA-0FB3-42D8-AF9E-C4A178A6815C@infowarrior.org> RIAA Claims That If COICA Isn't Passed, Americans Are 'Put At Risk' from the um,-who-exactly? dept http://www.techdirt.com/articles/20100928/23171111206/riaa-claims-that-if-coica-isn-t-passed-americans-are-put-at-risk.shtml With the Senate trying to rush through COICA, the online censorship bill that ignores history and appears to violate both the principles of the First Amendment and due process, a bunch of concerned citizens have been speaking out against the bill, and asking the Senate not to rush it through without at least holding hearings about the massive problems with the bill. Considering the serious concerns raised by the bill, you would think that everyone would be fine with holding such hearings. But, of course, when you know damn well that the bill almost certainly isn't Consitutional and its sole purpose is to censor upstart competitors and technologies that threaten your business model, you probably are less thrilled about hearings. And, so, it should come as no surprise that, at the end of this National Journal article about the request for hearings, the RIAA makes one of its more ridiculous statements in a while (and that takes some doing): "The answer from these self-styled public interest groups can't always be 'no.' Congressional and administration leaders have made it clear that doing nothing is no longer an option. If these groups have a better idea than the meaningful, bipartisan approach like the one put forward by Chairman Leahy, we welcome their ideas on how to insure that the Internet is a civilized medium instead of a lawless one where foreign sites that put Americans at risk are allowed to flourish." Of course, the answer isn't always "no," but the answer absolutely can and should be "no," when the proposal involves censoring websites, removing due process, and favoring certain legacy industries over new technologies. But the really ridiculous part is the claim that, without this law, "foreign sites that put Americans at risk are allowed to flourish." Just what are these sites, and which Americans are "at risk" from them? So, let's see if the RIAA can tell us which Americans are put at risk by which site -- and I'm sorry, but your inability to adapt your business model to a changing market does not put you "at risk." So, once again, it's time for the RIAA to answer a straight question: which sites are putting Americans at risk, and how will this law protect them? From rforno at infowarrior.org Wed Sep 29 13:29:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Sep 2010 14:29:37 -0400 Subject: [Infowarrior] - Idiotic Copyright QOTD Message-ID: <4135B3EB-F9CB-4F81-8641-F6CE932E9948@infowarrior.org> The full interview with the guy in charge of the "US Copyright Group" can be found at: http://news.cnet.com/8301-31001_3-20018004-261.html Two choice answers from this fellow, whom I shall refer to now as Sir Twerpalot: Q: "People at EFF have said that they think your IT team has flagged a lot of people who appear to be innocent. Can you tell us about what safeguards you have in place to ensure you aren't going after innocent people?" A: "The people at the EFF, whomsoever they may be, also think there is a First Amendment right to remain anonymous when downloading copyrighted content. " How is being anonymous while downloading copyrighted content (even "legitimately" paid-for stuff) any different than paying cash to buy a "legitimate" CD or DVD in the brick-n-mortar store or vendor? Does Sir Twerpalot think that's unacceptable practice in the real world? Has he ever paid cash for a newspaper, CD, book, or movie? ... and then later.... Q: "Some people from the music industry told me that they don't think suing individuals can be profitable. They say the costs associated with their five-year litigation campaign were much too high. They suspect that for you guys, once someone claims they are innocent and is prepared to fight all the way, similar to Jammie Thomas, it will eat up all your profits. Is that true? Can you share anything at all about your business model." A: "We look at the film industry in a different light. Each film contains one to two hours of video content. The quantum of damages in a copyright case is, in part, tied to the content at issue and similarly to the conduct. Film content is significantly more dense and expensive to make than music content on a per film basis when compared to individual songs." So because it takes longer to make a movie than record a song, or because a movie file is bigger than a song file, Sir Twerpalot assumes that means there MUST be increased penalties/damages? Puh-lease. It's idiotic statements like this, facilitated by equally idiotic copyright laws requested by clueless and frightened industries, supported by purchased-and-equally-clueless politicians, that lead to lunatic statements or actions taken by twerps like this that are, and will continue to be, the bane of the modern Internet. Again. My apologies to legitimate twerps for using that analogy. -rick From rforno at infowarrior.org Wed Sep 29 18:54:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Sep 2010 19:54:21 -0400 Subject: [Infowarrior] - Behind the Censorship of Operation Dark Heart Message-ID: <4F521771-4735-4F11-A486-6567747D8EF9@infowarrior.org> Behind the Censorship of Operation Dark Heart September 29th, 2010 by Steven Aftergood http://www.fas.org/blog/secrecy/2010/09/behind_the_censor.html By censoring Anthony Shaffer?s new book ?Operation Dark Heart? even though uncensored review copies are already available in the public domain, the Department of Defense has produced a genuinely unique product: a revealing snapshot of the way that the Obama Administration classifies national security information in 2010. With both versions before them (excerpts), readers can see for themselves exactly what the Pentagon classifiers wanted to withhold, and can judge for themselves whether the secrecy they tried to impose can be justified on valid national security grounds. In the majority of instances, the results of such an inspection seem disappointing, if not very surprising, and they tend to confirm the most skeptical view of the operation of the classification system. The most commonly repeated ?redaction? in Operation Dark Heart is the author?s cover name, ?Christopher Stryker,? that he used while serving in Afghanistan. Probably the second most common redactions are references to the National Security Agency, its heaquarters location at Fort Meade, Maryland, the familiar abbreviation SIGINT (referring to ?signals intelligence?), and offhand remarks like ?Guys on phones were always great sources of intel,? which is blacked out on the bottom of page 56. Also frequently redacted are mentions of the term TAREX or ?Target Exploitation,? referring to intelligence collection gathered at a sensitive site, and all references to low-profile organizations such as the Air Force Special Activities Center and the Joint Special Operations Command, as well as to foreign intelligence partners such as New Zealand. Task Force 121 gets renamed Task Force 1099. The code name Copper Green, referring to an ?enhanced? interrogation program, is deleted. Perhaps 10% of the redacted passages do have some conceivable security sensitivity, including the identity of the CIA chief of station in Kabul, who has been renamed ?Jacob Walker? in the new version, and a physical description of the location and appearance of the CIA station itself, which has been censored. Many other redactions are extremely tenuous. The name of character actor Ned Beatty is not properly classified in any known universe, yet it has been blacked out on page 15 of the book. (It still appears intact in the Index.) In short, the book embodies the practice of national security classification as it exists in the United States today. It does not exactly command respect. A few selected pages from the original and the censored versions of Operation Dark Heart have been posted side-by-side for easy comparison here (pdf). The New York Times reported on the Pentagon?s dubious handling of the book in ?Secrets in Plain Sight in Censored Book?s Reprint? by Scott Shane, September 18. From rforno at infowarrior.org Wed Sep 29 19:23:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 29 Sep 2010 20:23:37 -0400 Subject: [Infowarrior] - 'Pre-crime' Comes to the HR Dept. Message-ID: itmanagement.earthweb.com/features/article.php/3905931 'Pre-crime' Comes to the HR Dept. By Mike Elgan September 29, 2010 In the Steven Spielberg movie Minority Report, police belonging to a special Pre-crime unit arrest people for crimes they would do in the future. It's science fiction, and it will probably never happen in our lifetimes. However, the pre-crime concept is coming very soon to the world of Human Resources (HR) and employee management. A Santa Barbara, Calif., startup called Social Intelligence data-mines the social networks to help companies decide if they really want to hire you. While background checks, which mainly look for a criminal record, and even credit checks have become more common, Social Intelligence is the first company that I'm aware of that systematically trolls social networks for evidence of bad character. Using automation software that slogs through Facebook, Twitter, Flickr, YouTube, LinkedIn, blogs, and "thousands of other sources," the company develops a report on the "real you" -- not the carefully crafted you in your resume. The service is called Social Intelligence Hiring. The company promises a 48-hour turn-around. Because it's illegal to consider race, religion, age, sexual orientation and other factors, the company doesn't include that information in its reports. Humans review the reports to eliminate false positives. And the company uses only publically shared data -- it doesn't "friend" targets to get private posts, for example. The reports feature a visual snapshot of what kind of person you are, evaluating you in categories like "Poor Judgment," "Gangs," "Drugs and Drug Lingo" and "Demonstrating Potentially Violent Behavior." The company mines for rich nuggets of raw sewage in the form of racy photos, unguarded commentary about drugs and alcohol and much more. The company also offers a separate Social Intelligence Monitoring service to watch the personal activity of existing employees on an ongoing basis. The service is advertised as a way to enforce company social media policies, but given that criteria are company-defined, it's not clear whether it's possible to monitor personal activity. The service provides real-time notification alerts, so presumably the moment your old college buddy tags an old photo of you naked, drunk and armed on Facebook, the boss gets a text message with a link. Two aspects of this are worth noting. First, company spokespeople emphasize liability. What happens if one of your employees freaks out, comes to work and starts threatening coworkers with a samurai sword? You'll be held responsible because all of the signs of such behavior were clear for all to see on public Facebook pages. That's why you should scan every prospective hire and run continued scans on every existing employee. In other words, they make the case that now that people use social networks, companies will be expected (by shareholders, etc.) to monitor those services and protect the company from lawsuits, damage to reputation, and other harm. And they're probably right. Second, the company provides reporting that deemphasizes specific actions and emphasizes character. It's less about "what did the employee do" and more about "what kind of person is this employee?" Because, again, the goal isn't punishment for past behavior but protection of the company from future behavior. It's all about the future. The Future of Predicting the Future Predicting future behavior, in fact, is something of a growth industry. A Cambridge, Mass., company called Recorded Future, which is funded by both Google and the CIA, claims to use its "temporal analytics engine" to predict future events and activities by companies and individual people. Like Social Intelligence, Recorded Future uses proprietary software to scan all kinds of public web sites, then use some kind of magic pixie dust to find both invisible logical linkages (as opposed to HTML hyperlinks) that lead to likely outcomes. Plug in your search criteria, and the results come in the form of surprisingly accurate future predictions. Recorded Future is only one of many new approaches to predictive analytics expected to emerge over the next year or two. The ability to crunch data to predict future outcomes will be used increasingly to estimate traffic jams, public unrest, and stock performance. But it will also be used to predict the behavior of employees. Google revealed last year, for example, that it is developing a search algorithm that can accurately predict which of its employees are most likely to quit. It's based on a predictive analysis of things like employee reviews and salary histories. They simply turn the software loose on personnel records, then the system spits out a list of the people who are probably going to resign soon. (I?m imagining the results laser-etched on colored wooden balls.) HR professionals wear many hats, and one of them is crystal ball reader. All hiring and promotion, and some firing, are based on predictions about the future. They take available data (resumes, interviews, references, background checks, etc.) and advise hiring managers on what kind of asset a person will be in the future. Will they interact well with other employees? Will they be a good manager? Will they keep company secrets? Will they show up on time? Okay, let's put this all together. What happens when social networking analysis and predictive analytics are combined for HR goals? Following the current trend lines, very soon social networking spiders and predictive analytics engines will be working night and day scanning the Internet and using that data to predict what every employee is likely to do in the future. This capability will simply be baked right in to HR software suites. When the software decides that you're going to quit, steal company secrets, break the law, post something indecent on a social network or lie on your expense report, the supervising manager will be notified and action will be taken -- before you make the predicted transgression. If you think that's unlikely, consider the following two facts. First, think about how fast we got to where we are today. Three years ago you had never heard of Twitter and were not a member of Facebook. Today, you could be passed over for a job because of something you or even someone else posted on one of these services. Second, contrast personnel actions with legal actions. When you stand before the law accused of wrongdoing, you get to face your accuser. You can't legally be thrown in jail for bad character, poor judgment, or expectations of what you might do in the future. You have to actually break the law, and they have to prove it. Personnel actions aren't anything like this. You don't get to "face your accuser." You can be passed over for hiring or promotion based on what kind of person you are or what they think you might do in the future. You don't have to actually violate company rules, and they don't have to prove it. When it comes to firing you, the company merely has to weigh the risk of a wrongful termination lawsuit against the risk of your predicted future behavior. If the social network scanning, predictive analytics software of the future decides that you are going to do something in future that's inconsistent with the company's interests, you're fired. The practice of using available data to predict the future has always been a big part of HR. But now and increasingly, the tools are becoming monstrously sophisticated, efficient, powerful, far-reaching and invasive. There's no way around it: The Minority Report Pre-crime concept is coming to HR. From rforno at infowarrior.org Thu Sep 30 09:34:48 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Sep 2010 10:34:48 -0400 Subject: [Infowarrior] - Astronomers Discover 'Class M' Planet Message-ID: <9E9103EC-8195-4BE6-99C8-2EBB58754857@infowarrior.org> Astronomers Discover 'Class M' Planet Breakthrough suggests the Milky Way may be "teaming" with potentially habitable bodies. By Paul McDougall InformationWeek September 30, 2010 10:15 AM http://www.informationweek.com/news/hardware/desktop/showArticle.jhtml Researchers have discovered a planet they believe is capable of supporting humanoid-like life. The celestial body, known as GJ 581g, has a climate that's not too dissimilar from that found on Earth, according to scientists at the Lick-Carnegie Exoplanet Survey. "The estimated equilibrium temperature of GJ 581g, is 228 K, placing it squarely in the middle of the habitable zone of the star and offering a very compelling case for a potentially habitable planet around a very nearby star," the researchers said in a paper submitted to The Astrophysical Journal. "That a system harboring a potentially habitable planet has been found this nearby, and this soon in the relatively early history of RV [Radial Velocities] indicates that eta-Earth, the fraction of stars with potentially habitable planets, is likely to be substantial," the astronomers said. Radial velocity measures the speed at which an object is moving toward or away from the observer. Scientists use the measurement to detect planets based on the gravitational pull of the stars around which they orbit. GJ 581g is "a minimum mass 3.1 M_Earth planet orbiting at .146 AU with a period of 36.6 days," said the scientists from Lick-Carnegie. "This detection, coupled with statistics of the incompleteness of present-day precision RV surveys for volume limited samples of stars in the immediate solar neighborhood suggests that eta_Earth could well be on the order of a few tens of percent," said the team. "If the local stellar neighborhood is a representative sample of the galaxy as a whole, our Milky Way could be teeming with potentially habitable planets," the said. The term "Class M" was coined by Star Trek creatory Gene Roddenberry, who used it to describe planets that had Earth-like temperatures and atmospheres in the fictional TV series. From rforno at infowarrior.org Thu Sep 30 13:32:19 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Sep 2010 14:32:19 -0400 Subject: [Infowarrior] - OT but interesting: Germany finally pays off WWI debt Message-ID: <78ECEDEB-25F0-4B1B-9601-9A0696013C74@infowarrior.org> (c/o DS) http://news.smh.com.au/breaking-news-world/germany-finally-pays-off-wwi-debt-20100930-15ydu.html Germany finally pays off WWI debt Simon Sturdee September 30, 2010 - 12:39PM *AFP * Germany not only celebrates 20 years since reunification this weekend, it will also pay off the last of its World War I debts, 92 years after the 1914-18 conflict ended. These "reparations" were intended partly by the Allies, particularly France, to keep Germany weak. But historians say the ultimate effect was the opposite, playing a key role in Adolf Hitler's rise to power and World War II. Interest on loans taken out to pay will finally be redeemed this Sunday. In 1919, as the loser of the "War To End All Wars", in which more than nine million people were killed and countless more maimed and traumatised by the horrors of trench warfare, Germany was held to be responsible. The victors forced the Germans to admit, in effect, in the 1919 Versailles treaty that the war was their fault, and to commit to pay crippling amounts for decades to come. "The French wanted compensation for the terrible losses they had suffered, but also wanted to use reparations as a means of keeping the Germans weak for years to come," historian Martin Kitchen wrote in "Europe between the Wars." After much bickering among the Allies -- who were also in debt to each other from the war -- the defeated country, on the brink of starvation and revolution, was presented with a bill of 269 billion gold marks. It soon became clear that Germany could not pay. First came hyperinflation, which saw at its height a billion-mark note, and France, frustrated by the lack of payment, occupied Germany's Ruhr industrial area in 1923, the same year as Hitler's abortive Beer Hall Putsch in Munich. The 1924 Dawes plan and the 1929 Young plan dramatically reduced the burden, and the 1932 Lausanne Conference suspended all repayments in the wake of the Great Depression. Many historians say, in fact, that Germany could have paid, particularly after the reparations were sharply reduced and Germany was loaned huge amounts of money. But it was their symbolism that counted and Hitler was able to play on resentment to the reparations -- and the famous "War Guilt Clause" in the Versailles Treaty -- to gain support in the chaotic inter-war years. "The point is that it's not so much the financial burden but a political burden," Richard Bessel, professor of history at York University in Britain, told AFP. "Financially it probably was doable." After World War II, the new West Germany -- but not the communist East Germany -- agreed at the 1953 London conference to repay its inter war debts, albeit a much reduced amount, something it completed in 1980. One loose end though was interest payments on loans taken out under the Dawes and Young plans that piled up between 1945 and this conference in the British capital. It was agreed that this would be paid when and if East and West Germany ever reunified. This was seen as so unlikely at the time that it was akin to forgiving the debt, and the original loan certificates became historical curiosities, for sale at flea markets. But in 1990, the unthinkable happened, and Germany -- whilst celebrating unity after decades of painful division -- said it would repay, costing it around 200 million euros ($A281.35 million). The debts have been resold so many times that nobody really knows whom exactly Germany now owes. But on Sunday, at midnight, they will receive their final instalment of some 70 million euros ($A98.47 million), and a chapter of Germany's traumatic 20th century will be quietly closed. From rforno at infowarrior.org Thu Sep 30 14:49:12 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Sep 2010 15:49:12 -0400 Subject: [Infowarrior] - The ties that bind at the Federal Reserve Message-ID: <61B5681E-83EA-4D50-AD25-4F8704EC8093@infowarrior.org> Special Report: The ties that bind at the Federal Reserve http://www.reuters.com/assets/print?aid=USTRE68S01020100930 11:42am EDT By Kristina Cooke, Pedro da Costa and Emily Flitter NEW YORK/WASHINGTON (Reuters) - To the outside world, the Federal Reserve is an impenetrable fortress. But former employees and big investors are privy to some of its secrets -- and that access can be lucrative. On August 19, just nine days after the U.S. central bank surprised financial markets by deciding to buy more bonds to support a flagging economy, former Fed governor Larry Meyer sent a note to clients of his consulting firm with a breakdown of the policy-setting meeting. The minutes from that same gathering of the powerful Federal Open Market Committee, or FOMC, are made available to the public -- but only after a three-week lag. So Meyer's clients were provided with a glimpse into what the Fed was thinking well ahead of other investors. His note cited the views of "most members" and "many members" as he detailed increasingly sharp divisions among the officials who determine the nation's monetary policy. The inside scoop, which explained how rising mortgage prepayments had prompted renewed central bank action, was simply too detailed to have come from anywhere but the Fed. A respected economist, Meyer charges clients around $75,000 for his product, which includes a popular forecasting service. He frequently shares his research with reporters, though he kept this note out of the public eye. Reuters obtained a copy from a market source. Meyer declined to comment for this story, as did the Federal Reserve. By necessity, the Fed spends a considerable amount of time talking to investment managers, bank economists and market strategists. Doing so helps it gather intelligence about the market and the economy that is invaluable in informing the bank's decisions on borrowing costs and lending programs. But a Reuters investigation has found that the information flow sometimes goes both ways as Fed officials let their guard down with former colleagues and other close private sector contacts. This selective dissemination of information gives big investors a competitive edge in the market. In the past, Fed officials themselves have privately expressed discomfort about the cozy ties between the central bank and consultants to big investors, though their concerns have largely fallen on deaf ears. No one is accusing Meyer and his firm, Macroeconomic Advisers -- or any other purveyors of Fed insights for that matter -- of wrongdoing. They are not prohibited from sharing such information with their hedge fund and money manager clients. But critics question whether it is proper for Fed officials to parcel out details that have the potential to move markets around the world, especially with the government's involvement in the economy being so pronounced. "It's certainly not what Fed officials should be doing," said Alice Rivlin, a former Fed governor and now a fellow at the Brookings Institute think tank. "The rules when I was there were you don't talk to anybody about anything that could be used for commercial purposes." In an effort to counter concerns about close ties between business and government, U.S. President Barack Obama issued an "ethics pledge" that forbids appointees of his administration from contacting the agencies they worked under for at least two years after leaving. But such measures are tough to enforce. And in the case of the Fed's Washington-based board, governors are allowed to transition directly into a banking sector job immediately after they leave the central bank, though they must first serve out a rather lengthy 14-year term, which many do not. "COLOR" IN GRAY AREA Against the backdrop of today's shaky recovery and the Fed's efforts to provide ongoing support to growth, information about what central bank officials agree or disagree on can be even more valuable than usual. Haag Sherman, chief investment officer of Salient Partners, a Houston-based money management firm that oversees around $8 billion in assets, says even the slightest hint of the possible direction of policy can give investors a huge leg up. "The fact is that government today is driving the markets more than any time in recent history and having insight into near-term and long-term plans provides a money manager with a significant competitive advantage," Sherman said. Markets have been particularly sensitive to Fed policy in recent months as renewed weakness in the economy sparked widespread speculation that the central bank would try to ease borrowing conditions further, probably by ramping up its purchases of U.S. government bonds. By adding to the over $1.7 trillion in such purchases undertaken in response to the financial crisis so far, the Federal Reserve would be providing further incentives for banks to lend and consumers to borrow -- despite the fact that official interest rates are already effectively at zero. In his note, Meyer said many Fed officials hadn't found out about the pace of mortgage prepayments -- which meant the central bank's support for the economy was ebbing -- until just before the August 10 meeting. "For a few members, it was too late to affect their decisions; for others it was a very important factor, even the most influential factor," wrote Meyer. "Shouldn't the FOMC at least have a neutral balance sheet policy given the weaker outlook? This was obvious to the doves, persuasive to the center, but not the hawks." Fed-watching, of course, has long been a cottage industry, albeit a fairly wealthy one. Investors are constantly looking for clues about what officials may or may not be thinking, parsing their language much like Kremlinologists of yore. And markets can jump at the first whiff of a change in tone. For example, five days after Meyer's note, the Wall Street Journal published a more detailed account of the divisions on the Fed's policy-setting committee. The newspaper report was credited with moving bond yields 0.20 percentage point, a relatively steep decrease. Small wonder that large funds are willing to shell out tens of thousands of dollars a year to receive "color" -- as investors refer to the useful tidbits that plugged-in consultants supply. The precise number of former Federal Reserve employees tapping their network of old colleagues can't be determined, but by most accounts they are a sizable group. "The revolving door between the Fed and the private financial sector is quite significant," said Timothy Canova, professor of international economic law at Chapman University School of Law in Orange, California. There is no required registration process for economic and monetary policy consultants, former Fed lawyers say. Some especially high-profile former Fed officials now have their own shops, too: Former Fed Chairman Alan Greenspan's Greenspan Associates offers policy consulting to Pimco, the world's biggest bond fund. For graphic on Fed insight and yields see: link.reuters.com/wuc26p "THREE BIG FEDDIES" Though rarer, access is sometimes also bestowed upon outsiders. Paul Markowski, a China expert who counts hedge funds and foreign central banks among his consulting clients, has never worked at the Fed but says his relationships with officials there date back to the 1960s. For him, he says, it's a question of knowing the individuals on the committee well enough to understand their sometimes cryptic signals. "You have to establish a relationship over time. If you go and see someone once or twice you are not going to be able to read what they are saying to you properly," he said. "They look at me, for one, as someone who has deep relations with the financial markets. It's a two-way street." On the same day as the Fed's eventful August meeting, Markowski wrote to his clients: "While I thought they could hold off doing what they did, a senior Fed official told me that after measuring the risk of doing nothing they had little to lose and more to gain." On Friday, September 24, three days after the September 21 meeting, he described a string of conversations with "three big Feddies." Earlier in the year, just a day after the April 27-28 gathering, Markowski offered clients the type of material that, if true, went beyond anything even the minutes from the meeting would offer three weeks later: "I had two interesting phone conversations with senior Fed officials -- one last night and another this morning. What I heard was that going into the meeting the staff were split 50:50 as to the recommendation on rates; there were 6 members who favored some change in the asset sales issue and 3-4 who favored changing (the Fed's commitment to keep rates low for an extended period), with another 1-3 suggesting putting the change off to the next meeting." QUID PRO QUO Of course, speaking to one or two officials at the central bank does not necessarily provide the full story, especially at a time when policymakers diverge on key issues such as the outlook for the economy and appropriate policy actions. Niche analysts may also have a vested interest in exaggerating the extent of their access -- it makes their offering all the more enticing. Some investors point out that markets are inherently volatile, and inklings into the broad contours of policy do not necessarily translate into an obvious short-term trading strategy. "Having this information from the Fed would be beneficial only if you understood what the effects of what the Fed is doing might be," said Joseph Calhoun, strategist at Alhambra Investments in Miami. Even those who seem to be in the know are not always right: both Meyer and Markowski called the August 10 meeting wrong, thinking the Fed would hold pat when it in fact chose to provide additional stimulus. But Canova, the Chapman law professor, says the immediate investment value of the information is not the main issue. For him, the backroom exchanges are part of a bigger problem of financial industry influence over economic decision-making. "This is one of many quid pro quos in a system of opaque subsidies," Canova said. "It seems to me naive to think private investors would routinely share proprietary information without any legal obligation or subpoena unless they were getting some tangible benefits in return." A DIFFERENT COMMUNICATIONS CHALLENGE Over the past two decades, the Fed has become much more transparent than it once was. In the 1990s, it began releasing the results of its interest rate decisions and minutes of its policy meetings, as well as transcripts of those gatherings with a five-year lag. Yet as institutions go, the Fed is hardly a paragon of openness. Chairman Ben Bernanke seldom speaks to the press on the record. When he does, it is often during well-orchestrated, pre-vetted events. During the financial crisis, Fed lending to troubled financial institutions, including the infamous rescues of AIG and Bear Stearns, was done hurriedly and behind closed doors, fostering public suspicion and political ire. The Fed's opaque communications structure makes it easy for markets to misinterpret the rather terse policy statements released after each meeting, adding to the demand for kernels of wisdom about their decisions. The pitfalls of the Fed's communication strategy were highlighted by the August 10 meeting. Just a few weeks earlier, Bernanke had spent the bulk of his testimony to Congress discussing the central bank's eventual exit from its ultra-accomodative policies. And the Fed had done little to explain to markets the link between the economic outlook and the size of its balance sheet. For many investors, therefore, the policy pivot on August 10 -- the decision to buy more bonds -- came out of the blue. Markets broadly took the Fed's move as a significant shift toward more support for the economy. Some market participants also interpreted it as a sign the Fed was more worried about the economy than it was letting on. When its policymakers are on the same page, the Fed often has no trouble making its position known following its FOMC meetings. But when policymakers disagree, as has been the case recently, the cacophony of voices can merely confuse markets. That may be one reason Fed officials feel the need to help investors better understand the public statements they make. Other central banks around the world try to avoid such risks by taking a different approach. Some strip away some of the mystery around policy by stipulating a specific inflation target. The European Central Bank holds a press conference after its key meetings that gives its president, Jean-Claude Trichet, a chance to explain the reasoning behind its actions in a public forum. "If Bernanke can't stop the leaks he ought to have a full press conference after the meeting. It's inappropriate for certain people to gain an advantage on information from the Fed," said Ernest Patrikis, a former No. 2 official at the Federal Reserve Bank of New York and now a partner at law firm White & Case. CLUB FED For the U.S. Federal Reserve, the willingness to share market-sensitive information may reflect the institution's history and culture. Critics have long argued that the central bank has been too close to the financial industry. The Fed was established in 1913, in part as a response to the panic of 1907, by bankers who wanted a lender of last resort to help prevent frequent runs on the nation's financial institutions. Bankers still serve on boards of directors of regional Fed banks and former Fed staffers are hotly sought after on Wall Street and in the investment community. Meyer founded his consulting firm, then called Laurence H. Meyer and Associates Ltd, before joining the Fed in 1996. When he left the Fed in 2002, he returned to his firm, now called Macroeconomic Advisers. Another example is Susan Bies, who retired from the Fed's board in 2007, and took a job on the board of Bank of America in 2009. A number of chief economists at top U.S. banks at some point have also held staff positions at the Fed. Going the other way, William Dudley, head of the powerful New York Federal Reserve Bank, was the chief economist at Goldman Sachs and a partner at the firm. Critics say this revolving door structure makes it difficult for Fed staffers to be disciplined in not inadvertently revealing too much in conversations with old colleagues and friends. Fed board staffers who retire even get to keep their pass for the central bank's building, which boasts fitness facilities, a barber and a dining room. Though their identification badges designate their "retired" status, they are not restricted to where they can go once inside the building -- even if they now work in the private sector. Nowhere is the sense of cliquish old-world camaraderie more evident than at the Fed's annual gathering for world central bankers in Jackson Hole, Wyoming. Receiving an invitation to the exclusive event is no small feat, and economists take pains to get themselves on the short list. Being there means face time with Fed officials in an informal setting -- and more importantly, a stamp of legitimacy that is difficult to put a price tag on. This year's conference, held in late August, featured not only panels on monetary policy and a string of speeches from leading central bankers and academics, but also an unusual evening excursion to watch a horse-whisperer tame a wild stallion. "Too often, the Federal Reserve believes that rules do not apply to them," said Sherman at Salient Partners. "If we allow some to have access, then how are we different than those that follow 'crony capitalism' in the Third World?" From rforno at infowarrior.org Thu Sep 30 16:17:52 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Sep 2010 17:17:52 -0400 Subject: [Infowarrior] - Waddell & Reed E-Mini Trades Said to Help Trigger May 6 Crash Message-ID: <305BF5A7-44DF-4A13-BEED-0658547C5769@infowarrior.org> Of course, by not naming the firm in the SEC's report, it only helps cover the culprits in the eyes of the terrified investing public. -rick Waddell & Reed E-Mini Trades Said to Help Trigger May 6 Crash By Jesse Westbrook and Nina Mehta - Sep 30, 2010 5:00 PM ET Thu Sep 30 21:00:35 GMT 2010 http://www.bloomberg.com/news/2010-09-30/waddell-reed-e-mini-trades-are-said-to-have-helped-trigger-may-6-crash.html U.S. regulators have concluded that Waddell & Reed Financial Inc.?s trading of Standard & Poor?s 500 Index futures spooked traders on May 6, turning an orderly selloff into a crash that erased $862 billion from the value of American equities in less than 20 minutes, according to two people with direct knowledge of the findings. Waddell & Reed?s selling of the E-mini futures was part of a normal hedging strategy, according to a report from the Securities and Exchange Commission and Commodity Futures Trading Commission that may be released as soon as today, said the people, who declined to be identified before the findings are made public. The Overland Park, Kansas-based company didn?t attempt to do anything nefarious, and its actions may not have prompted a retreat had there not been other concerns in the market, such as the European debt crisis, the people said. The SEC has come under pressure from Congress to explain the May 6 crash and prescribe solutions to keep it from happening again. All U.S. equity exchanges adopted circuit breakers in June that pause trading in more than 1,300 securities during periods of volatility to prevent selling from snowballing. SEC Chairman Mary Schapiro said earlier this month that regulators should examine stiffening the obligations faced by market makers who provide orders to buy and sell stocks. Waddell & Reed will not be identified by name in the report, the people said. The document won?t make any policy recommendations, they said. SEC spokesman John Nester declined to comment. ?Downside Risk? ?I?m not sure it?s appropriate to comment on a report that doesn?t name us specifically, but it?s clear we were one of many traders that day,? said Roger Hoadley, director of communications at Waddell & Reed. ?We were merely trying to manage downside risk in our portfolios.? Lawmakers have asked if the high-frequency firms that have supplanted specialists and market makers with strategies that transact thousands of shares a second destabilized trading by stepping away when they were needed most. Schapiro is trying to protect investors in a fragmented U.S. stock market while maintaining liquidity -- the ease with which investors can buy and sell shares -- on exchanges dominated by firms that profit from computerized trading. About 250 trading firms processed transactions in E-mini S&P 500 futures from 2 p.m. to 3 p.m. New York time on May 6, regulators said in their May 18 preliminary report on the rout. One of the largest firms selling the E-mini contract accounted for about 9 percent of volume from 2:32 p.m. until 2:51 p.m., they said. The firm, which wasn?t named, sold the contract short to hedge other positions and ?only entered orders to sell,? according to the May 18 report. ?Prior Trades? ?The trader sold on the way down and continued to do so even as the price level recovered,? the report said four months ago. ?This trader and others have executed hedging strategies of similar size previously.? Regulators said in their earlier report they were examining possible linkages between price declines in equity index futures, exchange-traded funds and individual securities and the ?extent to which activity in one market may have led the others.? CME data indicate trading volume in E-mini S&P 500 futures was high on May 6, with many more sell orders than buy requests from 2:30 p.m. to 2:45 p.m., according to the May 18 report from the SEC and CFTC. Data also showed that the bid-ask spread, or difference between the highest price at which investors can sell contracts and the lowest at which they can buy, ?widened significantly at or about 2:45 p.m. and that certain active traders partially withdrew from the market.? Half a Second E-mini S&P 500 futures are the largest contract by volume traded on the Chicago Mercantile Exchange, owned by CME Group Inc. Chief Executive Officer Craig Donohue said on June 22 that volume in the June E-mini S&P 500 futures on May 6 was 5.7 million contracts, with about 1.6 million, or 28 percent, trading from 2 p.m. to 3 p.m. New York time. At about 2:45:28 p.m. the contracts declined 12.75 points in half a second when 1,100 were sold by multiple traders, he said. ?Considerable selling pressure at this vulnerable period in time may have contributed to declining prices in the E-mini S&P 500 -- and other equivalent products such as? the SPDR S&P 500 ETF Trust, an exchange-traded fund tracking the benchmark measure of U.S. stocks, the report said. ?All of these markets are closely linked by a complex web of traders and trading strategies,? regulators wrote four months ago. ?The precipitous decline in price in one market on May 6 may have influenced a sustained series of selling in other financial markets.? To contact the reporters on this story: Jesse Westbrook in Washington at jwestbrook1 at bloomberg.net; Nina Mehta in New York at nmehta24 at bloomberg.net. To contact the editors responsible for this story: Nick Baker at nbaker7 at bloomberg.net; Lawrence Roberts at lroberts13 at bloomberg.net. From rforno at infowarrior.org Thu Sep 30 16:21:21 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Sep 2010 17:21:21 -0400 Subject: [Infowarrior] - WH Asking Registrars To Voluntarily Censor 'Infringing' Sites Message-ID: <176B8CFD-0073-44B2-8E8A-F136FE6EC1DE@infowarrior.org> Even Without COICA, White House Asking Registrars To Voluntarily Censor 'Infringing' Sites from the censorship-through-political-pressure? dept http://www.techdirt.com/articles/20100929/20293711230/even-without-coica-white-house-asking-registrars-to-voluntarily-censor-infringing-sites.shtml While there's been increasing attention paid to the "Combating Online Infringement and Counterfeits Act" (COICA), the proposed law that would allow the government to require ISPs and registrars to block access to websites deemed to be "dedicated to infringing activities," it looks like the White House (which we had thought was against censoring the internet) appears to be working on a backup plan in case COICA doesn't pass. That is, while most folks have been focused on COICA, the White House's Intellectual Property Enforcement Coordinator (IP Czar) Victoria Espinel has apparently been holding meetings with ISPs, registrars, payment processors and others to get them to agree to voluntarily do what COICA would mandate. While the meeting is carefully focused on stopping websites that sell gray market pharmaceuticals, if registrars start agreeing to censoring websites at the behest of the government, it's as if we're halfway to a COICA-style censorship regime already. ICANN, who manages the internet domain name system was asked to attend the meeting, but felt that it "was not appropriate to attend" such a meeting. While Espinel has certainly been a lot more open to talking with those of us concerned about the state of intellectual property laws (and has actually seemed quite willing to pay attention to what we're saying -- which I appreciate), these kinds of meetings appear quite troubling. I understand why the meetings are focused on so-called "illegal pharmacies," because then everyone supporting these actions can hide behind the claim of "protecting Americans from dangerous fake drugs." But the truth is that while some online pharmacies are quite questionable, many are simply "gray market" attempts to import drugs to the US from elsewhere where the identical drugs are sold for much less. In a global economy, that should be allowed. In fact, one could argue that keeping drugs artificially expensive in the US does a lot more harm to Americans than the chance of them getting a fake pill. On top of that, it seems out of line for the US government to be involved in pressuring these companies, whether they're ISPs, domain registrars, payment processors or ICANN itself, to "voluntarily" block websites without a trial or due process. Yes, I can recognize that there can be legitimate health concerns with some of these websites, but those are better dealt with elsewhere. If a company is selling fake or harmful drugs, then laws within that country should be able to deal with it. If there are concerns about such drugs getting across the border, then it seems like a matter for border control. Asking internet companies to act as de facto "voluntary" censors seems like a big step too far. And, of course, if it starts with such gray market pharmacies, you can only imagine how long it will take until the RIAA/MPAA/etc. come calling for the same sort of "voluntary cooperation" from the same companies for sites "dedicated to infringing activities," potentially killing off all sorts of innovation, before the market has a chance to adapt. When world wide web inventor Tim Berners-Lee and tons of other internet luminaries have come out against COICA, shouldn't the White House be a bit more careful before trying to get various internet players to voluntarily do the same thing with even less due process? From rforno at infowarrior.org Thu Sep 30 16:22:00 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Sep 2010 17:22:00 -0400 Subject: [Infowarrior] - Fwd: Android apps surreptitiously phone home with user location data References: Message-ID: <309959F8-4279-4496-AC1F-24ACACC478B8@infowarrior.org> fron anonymous Begin forwarded message: > ertly-send-gps-data-to-advertisers.ars> > > Some Android apps caught covertly sending GPS data to advertisers > > By Ryan Paul | Last updated > about 9 hours ago > > > The results of a study conducted by researchers from Duke University, Penn > State University, and Intel Labs have revealed that a significant number of > popular Android applications transmit private user data to advertising > networks without explicitly asking or informing the user. The researchers > developed a piece of software called TaintDroid that uses dynamic taint > analysis to detect and report when applications are sending potentially > sensitive information to remote servers. > > They used TaintDroid to test 30 popular free Android applications selected > at random from the Android market and found that half were sending private > information to advertising servers, including the user's location and phone > number. In some cases, they found that applications were relaying GPS > coordinates to remote advertising network servers as frequently as every 30 > seconds, even when not displaying advertisements. These findings raise > concern about the extent to which mobile platforms can insulate users from > unwanted invasions of privacy. > > > The Android operating system has an access control mechanism that limits the > availability of key platform features and private user information. > Third-party applications that rely on sensitive features have to request > permission during the installation process. The user has the option of > canceling the installation if they do not wish to give the application > access to the specific features that it requests. If a user starts to > install a simple arcade-style game and finds out that it wants access to the > user's GPS coordinates, for example, the seemingly suspicious permission > request might compel the user to refrain from completing the installation > process. > > It's a practical security measure, but one critical limitation is that there > is no way for the user to discern how and when the application will use a > requested feature or where it will send the information. To build on our > previous example, the user might decide to grant an Android game access to > their GPS coordinates so that the software can facilitate multiplayer > matches with nearby users. The user has no way of knowing, however, whether > the application is also transmitting that information to advertisers or > using it for malicious purposes. Making the permission system more granular > might potentially address those kinds of problems, but would also have the > undesired affect of making it too complex for some users to understand. > Indeed, there are already a lot of careless users who simply don't take the > time to look at the permission listing or don't understand the implications. > > Concerns about unauthorized access to private information by Android > applications were raised earlier this year when a popular wallpaper > application was found surreptitiously transmitting the user's phone number > to a remote server in China > . Google's > investigation of the matter revealed that the developer of the application > was simply using the phone number as a unique identifier for user accounts > and was not threatening the user's security or doing anything nefarious. > Google responded by publishing > android.html> an overview of best practices for handling sensitive user > information. Google temporarily disabled the application in the Android > Market while performing a security review, but later reenabled it after > finding no evidence of a serious threat. > > Google's ability to remove unambiguously malicious applications from the > Android Market protects users from the most egregious kinds of attacks, but > obviously doesn't really address the multitude of gray areas where the > implications of data collection and disclosure are more nuanced and don't > constitute blatant abuse. It's really important to recognize that even > highly invasive data collection by mobile applications doesn't necessarily > pose a threat to users. There are millions of users who are happy to > voluntarily concede privacy in exchange for free access to useful services. > The key is that it has to be voluntary, which means that users have to know > in advance that the information is going to be collected. > > When a mobile advertising widget embedded in Android applications collects > IMEI numbers so that it can correlate a user's activity across multiple > applications for the purpose of extrapolating a behavioral profile that will > support more effective targeted advertising, it's really not all that > different from what prominent Internet advertising networks are already > doing with cookies in the Web browser. > > For a more invasive example, consider a mobile application that perhaps > reads your SMS messages looking for information about what kind of products > your friends mention so that it can advertise to you more effectively. In > practice, it's not profoundly different from what Google does with > contextual advertising in GMail. It wouldn't surprise me at all if the > possibility of doing exactly these kinds of things was a major factor in > inspiring Google to create Android in the first place. As smartphones become > ubiquitous, it's likely that users will be expected to give up more of their > privacy in order to get access to the next generation of hot mobile > applications and services. > > Invasive mobile data collection by advertisers isn't necessarily bad if > users are getting something of value in return. The real issue is whether > the practice is coupled with an appropriate level of transparency and > disclosure to the end user. What separates a legitimate business practice > from an unacceptable abuse in data collection is whether the user was made > aware in advance of how data is collected, used, and shared so that they can > choose to opt out or refrain from using the product if it shares their > sensitive information in ways that make them uncomfortable. Such problems > are obviously not specific to Android or mobile operating systems in > general, but the fact that smartphone platforms provide standardized APIs > for accessing certain kinds of sensitive information make them higher-risk > targets for subtle privacy invasions. > > As Google says in its list of best practices that developers should adopt > for data collection, providing users with easy access to a clear and > unambiguous privacy policy is really important. Google should enhance the > Android Market so that application developers can make their privacy > policies directly accessible to users prior to installing, a move that would > be really advantageous for end users. When applications share information > improperly, don't conform with the stipulations of their privacy policies, > or aren't suitably transparent about their data collection practices, tools > like TaintDroid will be a powerful asset for enabling savvy users and > privacy watchdogs to expose such abuses. The researchers behind the > TaintDroid project will soon be publishing their results and plan to make > the TaintDroid application available to the public in order to encourage > further investigations. Their efforts to raise awareness of data collection > by mobile applications is an important contribution to the advancement of > safe mobile computing. > > These results are being presented next week at the Usenix OSDI conference > . From rforno at infowarrior.org Thu Sep 30 17:31:37 2010 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 30 Sep 2010 18:31:37 -0400 Subject: [Infowarrior] - COICA delayed for now Message-ID: September 30th, 2010 Victory: Internet Censorship Bill is Delayed, For Now Deeplink by Tim Jones This morning's Politico brought with it great news for those who care about free speech and fair use online: A markup on SJC Chairman Leahy?s IP infringement bill was postponed late Wednesday, as staffers anticipated the chamber would finish legislative work and adjourn for recess before the hearing could commence. The change in plans should delight some of the bill?s critics, at least, who expressed concern that the legislation was moving forward quickly. Translation: The Senate Judiciary Committee won't be considering the dangerously flawed "Combating Online Infringement and Counterfeits Act" (COICA) bill until after the midterm elections, at least. This is a real victory! The entertainment industry and their allies in Congress had hoped this bill would be quickly approved by the Senate Judiciary Committee with no debate before the Senators went home for the October recess. Massive thanks to all of you who used our Action Center to write to your Senators to oppose this bill. Thanks as well to the 87 Internet scientists and engineers whose open letter to Congress played a key role in today's success, and to all the other voices that helped sound the alarm. Make no mistake, though: this bill will be back soon enough, and Congress will again need to hear from concerned citizens like you. So stay tuned to EFF.org for any new developments.