From rforno at infowarrior.org Fri Jul 1 06:41:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Jul 2011 07:41:47 -0400 Subject: [Infowarrior] - RIAA: LulzSec & Anonymous Show Why We Need PROTECT IP Message-ID: <716E924D-444A-404F-8799-4775065E4D10@infowarrior.org> RIAA: LulzSec & Anonymous Show Why We Need PROTECT IP from the say-what-now? dept http://www.techdirt.com/articles/20110630/02172914918/riaa-lulzsec-anonymous-show-why-we-need-protect-ip.shtml Ah, the RIAA will apparently stoop to pretty much any old ridiculous argument to get PROTECT IP passed, I guess. The RIAA's Mitch Glazier has written a typically ridiculous blog post defending PROTECT IP. Most of it tries (and fails) to counter the very credible claims of folks like Paul Vixie (who knows this stuff) that PROTECT IP (1) won't work and (2) will break the internet and cause tremendous collateral damage. The arguments against Vixie pretty much amount to quoting people, who have known associations with those backing PROTECT IP, saying that "eh, things won't be that bad, and we can minimize unintended consequences." But where it gets totally ridiculous, as noted by ZeroPaid, is at the end, where Glazier honestly tries to claim that PROTECT IP is needed... because of LulzSec. I'm not kidding: "And in a world where hackers set their sights on new targets every day ? most recently the official United States Senate website, allegedly the CIA?s public website and Arizona?s law enforcement database ? do we think a lawless Internet defended to the extreme is a good thing?" If I understand the argument Glazier is making here correctly, it's that "some people totally unrelated to any of this do bad stuff on the internet, thus it's fine to break the internet to protect the obsolete business model of the people who pay me." Is that convincing? The fact that there has been some hactivism going on of late has absolutely nothing to do with PROTECT IP. And, in the meantime, if Glazier's point is that we need to "protect" musicians, perhaps he should focus on doing something about the guy who works for the RIAA who once (as a Congressional staffer) tried (and temporarily succeeded) to take away the right of musicians to reclaim their copyrights by secretly changing the definition of "work for hire," by making an overnight change in an unrelated bill that no one noticed until the bill was already passed. This is the same guy who went to work for the RIAA a few months later, on a half-a-million dollars a year salary. Oh wait... that guy was also named Mitch Glazier. From rforno at infowarrior.org Fri Jul 1 06:43:02 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Jul 2011 07:43:02 -0400 Subject: [Infowarrior] - Hackers are being radicalised by government policy Message-ID: Hackers are being radicalised by government policy LulzSec is not an isolated phenomenon ? official efforts to control the internet are increasing online radicalisation ? Loz Kaye ? guardian.co.uk, Tuesday 28 June 2011 11.00 BST http://www.guardian.co.uk/commentisfree/2011/jun/28/radical-hackers-lulzsec-governments Now that the LulzSec boat has sailed over the horizon, it seems a good moment to take stock of the past weeks' "hacktivism" frenzy. We've been bombarded with images of oddballs lurking in murky chatrooms ? geeky teenagers who are simultaneously global cyber-villains. Given the reporting, we'd be forgiven for thinking that it's all about the personal obsessions of a few nerds. This would be to ignore the wider context. LulzSec wasn't an isolated or unique phenomenon. People with passionate beliefs have been using new technological tools to effect change out of a sense of powerlessness. In the last year, I've watched 38 Degrees using the strength of association online to change government policy, WikiLeaks force transparency on those who'd rather run from it, even the amorphous mass that is Anonymous taking a stand on whatever issue they feel deserves their attention. These tools are now themselves under attack. Lord Mandelson's last gift to us, the Digital Economy Act, is just one of a raft of "three strikes laws" worldwide that threaten to cut off households from the web. Buried in the coalition's Prevent strategy is the assertion that "internet filtering across the public estate is essential". Nor is it solely a British issue; Nicolas Sarkozy called for global online governance at the eG8 in his attempt to civilise the "wild west" of the web. We're starting to see what this civilising process entails. Open Rights Group revealed that Ed Vaizey and lobbyists held a secret meeting discussing the future of web blocking powers. There was no public oversight and no one asked the net natives. Vaizey has relented a little via Twitter, consenting to open up the discussion ? the Pirate Party and I welcome that invitation. It will take more, however, than getting a few NGOs around a table to ease the real sense of anger poisoning the online community. What even the MoD insists on calling "cyberspace" has become contested territory. Many recent events have been fuelled by a fear that the internet is under siege by governments hell-bent on restricting its subversive potential. Nato has added to this perception with violent rhetoric and an expressed desire to penetrate Anonymous. No surprise the response has been "Well, penetrate you, Nato". We've reached a critical juncture: either we sail headlong into escalating confrontation, or we attempt to change tack and reduce the tension by finding a democratic way forward, one that preserves our right to free association. From anonymous bloggers in Iran, to those using Twitter and Facebook in Tahrir Square and even teenagers in the bedrooms of Essex, there is a common thread. A feeling of persecution and dismay that our freedoms are being suppressed. These concerns haven't gone unnoticed; a recent report by the UN special rapporteur on free expression, Frank La Rue, explicitly criticised legislation including the Digital Economy Act, considering it to be a violation of freedom of speech. This broadside from La Rue has finally spurred our MPs into action. An early day motion calling for a review of the most invasive provisions of the Digital Economy Act has been sponsored by Julian Huppert. It is supported by only 26 of his colleagues, which seems to show that there are only a few in the Commons prepared to stand up for an online constituency. In the days ahead it may prove that the real headline last Saturday was not the disbanding of LulzSec, but the fact that ISP Telstra was pulling out of an agreement with the Australian government to implement web filtering due to worries about hacking. This was portrayed as a significant victory. As long as it seems that direct action is more effective than democratic engagement, it's clear that the former will appear a more attractive option to many. The official line that the internet is a dangerous territory to be subdued is responsible for an alarming radicalisation. This is not just an issue for the tabloids' oddballs and nerds, it's an issue for everyone who believes in the fundamental importance of freedom. It's time for governments to turn their ship around and plot a new course. From rforno at infowarrior.org Fri Jul 1 07:04:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Jul 2011 08:04:49 -0400 Subject: [Infowarrior] - Anonymous launches WikiLeaks inspired HackerLeaks site Message-ID: <30AE9E18-3724-49FA-8986-89E3AB53DD3E@infowarrior.org> Anonymous launches WikiLeaks inspired HackerLeaks site Jeff HughesJune 30, 2011 http://www.digitaltrends.com/web/anonymous-launches-wikileaks-inspired-hackerleaks-site/ A new website called HackerLeaks launched by Anonymous wants to fill the vacuum left by WikiLeaks with hacker stolen data. A new website launched by a sub-group of Anonymous aims to provide hackers with a central way to publicize the documents they steal. The HackerLeaks website is modeled on WikiLeaks and says it will provide a secure and anonymous way for sensitive information to receive ?the maximum exposure possible in order to achieve the most profound political impact?. The site launched June 25 and was created by a group spawned in 1985 called the People?s Liberation Front (PLF). This hacktivist group is known for attacking the government websites of countries like Tunisia, Iran, Egypt, and Bahrain alongside AnonOps. Commander X, a founding member of PLF and part of the reason HBGary was hacked, has said that the group is like a scalpel for Anonymous?fast and precise. Now these elite hackers are hoping that HackerLeaks, along with another .tk site they launched geared towards insider whistleblowers called LocalLeaks, will encourage scoops on par with WikiLeaks. The elusive Commander X told Forbes? Andy Greenberg that though hackers use sittes like Pastebin to publish information, Anonymous and the PLF are in a better position to expose the sensitive data because of their media connections. Commander X, who currently acts as the editor in chief for both sites, says, ?We just wanted to make our own offering, compete in the disclosure marketplace and maybe fill a unique role if we can.? HackerLeaks? first anonymous submission was a list of Orlando officials? personal details on Tuesday. The list included income, home values and other data. Hackers have been hitting Orlando-based targets this week because Orlando non-profit workers were arrested for handing out food to the homeless. The data was taken to show that the the people enforcing the law against the poor were obnoxiously rich. We?ll have to wait and see whether hackers decide this to be a useful service. ?You download it, we?ll disclose it for you,? the site?s homepage reads. From rforno at infowarrior.org Fri Jul 1 07:14:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Jul 2011 08:14:03 -0400 Subject: [Infowarrior] - Apple-Led Group to Buy Nortel Patents for $4.5B Message-ID: Apple-Led Group to Buy Nortel Patents for $4.5B By Steven Church, Hugo Miller and Tim Culpan - Jul 1, 2011 http://www.bloomberg.com/news/print/2011-07-01/nortel-sells-patent-portfolio-for-4-5-billion-to-group.html Apple Inc. (AAPL) and five bidding partners agreed to buy Nortel Networks Corp.?s remaining patents for $4.5 billion, trumping a bid from Google Inc. (GOOG) and giving them access to technologies used in mobile phones and tablet computers. The bidding group included Microsoft Corp. (MSFT), Sony Corp. (6758) Research In Motion Ltd. (RIM), Ericsson AB and EMC Corp., Ontario- based Nortel said in a statement. The companies aim to complete the sale this quarter pending approval from U.S. and Canadian courts, it said. The purchase will give Apple and its bidding partners access to more than 6,000 patents and applications in areas including the Internet and chips from a company that was once North America?s largest maker of phone equipment. The winning bid trumped the $900 million Google had offered before the auction for Nortel?s remaining intellectual property. ?It?s most certainly a higher price tag than people were speculating about,? Hakan Wranne, an analyst at Swedbank Markets, said via phone. ?Everyone needed something from the portfolio and none of the companies needed all of it.? Research In Motion, maker of the BlackBerry smartphone, will pay about $770 million for its share of the patents, the Waterloo, Ontario-based company said in a statement. Ericsson will pay $340 million, the Stockholm-based networking-equipment maker said. A Sony spokesman declined to comment how much the company agreed to pay. Spokespeople for Apple, EMC and Microsoft couldn?t immediately be reached. Setback The deal is a setback for Google as the company doesn?t have ?the intellectual property rights portfolio that many of the other companies in the industry have,? Swedbank?s Wranne said. Google had sought the patents partly to bolster its Android operating system, used in handsets made by Samsung Electronics Co., HTC Corp. (2498) and Motorola Mobility Holdings Inc. ?This outcome is disappointing for anyone who believes that open innovation benefits users and promotes creativity and competition,? Mountain View, California-based Google said in an e-mail. ?We will keep working to reduce the current flood of patent litigation that hurts both innovators and consumers.? The patents fetched more than the $3 billion Nortel previously raised for creditors by selling almost all its businesses. The patents also were sold at four times the $1.1 billion estimated in May by Peter Conley, managing director of Santa Monica-based MDB Capital Group LLC, which specializes in intellectual property. Bankruptcy Chipmaker Intel Corp. (INTC) and Rockstar Bidco LP last month received U.S. Federal Trade Commission approval to bid for the patents. Nortel filed for bankruptcy in 2009 after posting a $5.8 billion annual loss as the global recession prompted customers to delay purchases. ?The size and dollar value for this transaction is unprecedented, as was the significant interest in the portfolio, among major companies around the world,? Nortel said in the statement. ?The portfolio touches nearly every aspect of telecommunications and additional markets as well, including Internet search and social networking.? Court approvals will be sought at a joint hearing expected to be held July 11, Nortel said. To contact the reporters on this story: Steven Church in Wilmington at schurch3 at bloomberg.net; Hugo Miller in Toronto at hugomiller at bloomberg.net; Tim Culpan in Taipei at tculpan1 at bloomberg.net To contact the editor responsible for this story: Young-Sam Cho at ycho2 at bloomberg.net From rforno at infowarrior.org Fri Jul 1 07:22:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Jul 2011 08:22:56 -0400 Subject: [Infowarrior] - 2010 Wiretap Report Shows Increase in Authorized Intercepts Message-ID: (via cryptome) 2010 Wiretap Report Shows Increase in Authorized Intercepts June 30, 2011 Federal and state applications for orders authorizing or approving the interception of wire, oral or electronic communications increased 34 percent in 2010, compared to the number reported in 2009. The interceptions are reported in the 2010 Wiretap Report, released today by the Administrative Office of the United States Courts (AOUSC). Current and previous reports are available online at www.uscourts.gov/Statistics/WiretapReports.aspx. Report @ http://www.uscourts.gov/Statistics/WiretapReports/WiretapReport2010.aspx From rforno at infowarrior.org Fri Jul 1 08:17:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Jul 2011 09:17:04 -0400 Subject: [Infowarrior] - Google Loses Bid to Dismiss Street View Suit Over Privacy-Violation Claims Message-ID: <50633FDD-27B8-464C-9A3F-CE75EF20B73E@infowarrior.org> Google Loses Bid to Dismiss Street View Suit Over Privacy-Violation Claims By Joel Rosenblatt - Jun 30, 2011 http://www.bloomberg.com/news/print/2011-06-30/google-loses-bid-to-dismiss-street-view-suit-over-privacy-violation-claims.html Google Inc. must face a lawsuit claiming its data collection using Wi-Fi networks for its Street View program, which allows users see photographs of roadsides, violates wiretapping laws, a judge said. U.S. District Judge James Ware in San Francisco denied Google?s bid to dismiss claims that the data collection, which included e-mails, user names, passwords and other private data, violated federal wiretap laws. Ware granted Google?s request to dismiss claims based on state statutes. The class-action, or group lawsuit was filed on behalf of residents living in nine U.S. states whose homes can be seen depicted on Google Street View. The case is the first in which a federal court is being asked to determine whether a company can be found liable under federal wiretap laws based on allegations that it intentionally intercepted data from a wireless home network, according to Ware?s opinion. While Google publicly disclosed its intent to use vehicles equipped with cameras to capture photos, it failed to say it also intended to capture wireless data, Ware wrote. The Mountain View, California-based company argued it couldn?t be found liable for federal wiretapping violations because the Wi-Fi broadcasts were unencrypted and ?readily accessible? to the general public. Unencrypted Networks ?Although the networks themselves were unencrypted, the networks were configured to prevent the general public from gaining access to the data packets without the assistance of sophisticated technology,? Ware wrote. ?Merely pleading that a network is unencrypted does not render that network readily accessible to the general public? and make interception of communications from that network immune from liability, the judge said. Jay Nancarrow, a Google spokesman, said in an e-mailed statement that the lawsuit?s claims are ?without merit.? Ware should have dismissed all the claims, and the company is ?still evaluating our options at this preliminary stage,? Nancarrow said. Last month, U.S. Senator Richard Blumenthal, a Connecticut Democrat who serves on the Senate Judiciary Committee, asked Google Inc. (GOOG), Apple Inc. and Microsoft Corp. for information about the companies? collection of data from private wireless networks to create maps of Wi-Fi service, saying the practice raises privacy concerns. Google, Apple and Facebook Inc. faced questions on mobile privacy in a Senate Commerce subcommittee hearing last month. The companies also may face tougher European Union restrictions on the way they handle user-location data after a May opinion published by European Union privacy officials. The case is In re Google Inc. Street View Electronic Communications Litigation, 10-2184, U.S. District Court, Northern District of California (San Francisco). To contact the reporter on this story: Joel Rosenblatt in San Francisco at jrosenblatt at bloomberg.net To contact the editor responsible for this story: Michael Hytha at mhytha at bloomberg.net From rforno at infowarrior.org Fri Jul 1 11:56:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Jul 2011 12:56:11 -0400 Subject: [Infowarrior] - Google in preliminary talks to buy Hulu Message-ID: Google Inc. in preliminary talks to buy Hulu July 1, 2011 | 9:40 am http://latimesblogs.latimes.com/entertainmentnewsbuzz/2011/06/google-in-preliminary-talks-to-buy-hulu-.html Google Inc. is in preliminary talks to buy online video pioneer Hulu, people familiar with the situation said. Hulu has begun meeting with potential buyers including Google, Microsoft Corp. and Yahoo Inc. to drum up interest in a sale, said these people, who requested anonymity because the discussions are confidential. The presentations to the potential suitors are a first step as Hulu's owners weigh whether to sell the site after having received an overture from Yahoo. Hulu's financial advisors, Morgan Stanley and Guggenheim Partners, set up the meetings with media, technology and communications companies. The technology heavyweights are seeking to capitalize on the widespread popularity of online video and position themselves to reach the growing number of viewers who watch television shows, movies and short videos on computers, mobile devices and Internet-connected television sets. Hulu's rights to the current season?s TV shows have drawn interest from Google and Yahoo, in part because these popular programs have attracted more than 600 advertisers -- including such major brands as McDonald's, Johnson & Johnson and Toyota. Indeed, the site expects to bring in $500 million in ad revenue this year. Google, which has had a testy relationship with Hollywood, is making a major push to add professionally produced content to its mix of user-created videos on YouTube. It has hired industry veterans to help the Internet search giant make inroads and strike deals. Yahoo is crafting its own strategy of bringing more premium content to its popular portal. Microsoft has had success offering access to movie subscription service Netflix Inc., dominant sports cable channel ESPN and the Hulu Plus paid offering to users of its Xbox game consoles. Key to all three potential suitors are Hulu's licensing deals for popular TV shows such as ?Glee,? "Modern Family" and Comedy Central's "The Daily Show with Jon Stewart." The lure of these top-rated programs quickly vaulted the 3-year-old service to among the top destinations for online video, with some 28 million monthly viewers, according to the measurement firm comScore. Two of the media companies behind the online video service, Walt Disney Co. and News Corp., recently renewed licensing agreements to make Hulu more attractive for a sale. Comcast agreed to give up NBCUniversal?s management control in the venture to get approval for its acquisition of a majority stake in the media conglomerate. Comcast is required to provide programming to Hulu on the same terms as the other owners. But the new agreements may include provisions that would require users to prove they're paying cable or satellite TV subscribers before they can watch current episodes of shows one day after their initial airing. Otherwise, they would be forced to wait. The agreements would remain intact if Hulu is sold. A Hulu spokeswoman declined to comment. A Microsoft spokeswoman could not provide immediate comment. Google and Yahoo could not immediately be reached for comment. A sale would allow Hulu's media owners to make a graceful exit from a service whose success nonetheless created friction with traditional business partners. Cable and satellite distributors complained about paying for the right to carry programs that Hulu offered free online. A transaction would also enable owner Providence Equity Partners, which put $100 million in the venture, to see returns from its its investment. Janney Capital Markets analyst Tony Wible said he expects Hulu?s owners to seek the same valuation for Hulu that Netflix commands from investors, about $2 billion. Hulu earlier scrapped an initial public offering that some investment bankers said could have valued the company at more than $2 billion. Technology companies may be willing to pay a premium to get the kind of original content that draws advertising from major brands, said Andy Hargreaves, an analyst with Pacific Crest Securities. But Arash Amel, research director for digital media for IHS Screen Digest, says he isn?t sure how much of a premium. Google, Microsoft and Yahoo are not buying Hulu?s technology, so they would risk paying through the nose for shows when content deals expire, he said. ?If you had those deals for 10 years, OK, you have time to build a business,? Amel said. ?But look at what they are trying to do to Netflix. They help you until you are successful then they want most of what you make or they try to kill you.? -- Jessica Guynn and Dawn C. Chmielewski From rforno at infowarrior.org Fri Jul 1 21:23:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 1 Jul 2011 22:23:48 -0400 Subject: [Infowarrior] - Righthaven Lawyer to Judge: I Swear My Browser Ate My Homework Message-ID: Lawyer to Judge: I Swear My Browser Ate My Homework ? By David Kravets ? July 1, 2011 | ? 2:46 pm | ? Categories: The Courts, The Ridiculous http://www.wired.com/threatlevel/2011/07/righthaven_browser A lawyer for copyright troll Righthaven is declaring under penalty of perjury that an update to his computer?s browser prohibited him from electronically submitting a legal filing before an angry judge?s deadline. And it was no ordinary filing U.S. District Judge Roger Hunt was demanding. Nevada?s chief judge two weeks ago ordered Righthaven, which sues bloggers and websites for infringement of Las Vegas Review-Journal articles, to explain why the litigation factory made ?dishonest statements to the court.? Hunt wanted the answer by June 28, but Righthaven?s Las Vegas lawyer filed a reply a day late. The reason it was untimely, Righthaven attorney Shawn Mangano said, was because an ?automatic software update for the internet browser? on his computer caused the browser to stop working with the federal judiciary?s electronic filing system, known in legal circles as CM/ECF. ?This automatic software update caused my internet browser to be incompatible with the court?s CM/ECF electronic filing system. While the CM/ECF system was accessible to me, it did not permit any files to be attached (.pdf) for submission,? Mangano wrote the judge. The judiciary?s filing service is generally compatible with the major browsers, including Internet Explorer, Safari, Firefox and Chrome. Mangano did not respond for comment. Mangano?s filing was in response to a June 14 order in which Hunt called Righthaven?s litigation effort ?disingenuous, if not outright deceitful.? (.pdf) Hunt demanded Righthaven explain why Hunt should not sanction it for trying to ?manufacture standing.? Standing is a legal concept that has enabled Righthaven to bring 200-plus lawsuits for infringing the copyrights of Stephens Media, which owns the Review-Journal. Hunt wanted Righthaven to explain why it failed to disclose, under a rule of civil procedure, that Las Vegas firm Stephens Media had a ?pecuniary interest? (.pdf) in the outcome of Righthaven cases. An internal accord between Righthaven and Stephens Media granted the Review-Journal?s owner and Righthaven each a 50 percent stake in any settlements or verdicts. What?s more, Righthaven said in its lawsuits that it owned the copyrights it was suing over. But the internal memo disclosed in the case showed that Stephens Media retains ?an exclusive license to exploit the Stephens Media assigned copyrights for any lawful purpose whatsoever and Righthaven shall have no right or license to exploit or participate in the receipt of royalties from the exploitation of the Stephens Media assigned copyrights other than the right to proceeds in association with a recovery.? With that, Judge Hunt dismissed Righthaven?s suit against the Democratic Underground blog because, he ruled, ?a copyright owner cannot assign a bare right to sue.? Several other cases have been dismissed for the same reason, and many more are likely. Mangano told Judge Hunt he didn?t think it was necessary to disclose the financial link contained in the Strategic Alliance Agreement between Righthaven and Stephens Media, which invested $500,000 in Righthaven. ?I reasonably viewed any contingent payment to Stephens Media under the SAA as constituting an indirect interest that required a two-step payment process assuming any case resulted in a recovery. Simply put, receipt of settlement funds through settlement or recovery by the enforcement of a judgment would be made to Righthaven,? he wrote. ?Righthaven would then be contractually obligated under the SAA to subsequently pay Stephens Media any recovered sums over and above costs incurred.? Mangano said he has started ?taking corrective action? and has filed ?amended disclosures? in 80 pending cases in Nevada and 34 in Colorado. From rforno at infowarrior.org Mon Jul 4 13:48:12 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Jul 2011 14:48:12 -0400 Subject: [Infowarrior] - 76-year-old Army medic on 4th tour in war zones Message-ID: 76-year-old Army medic on 4th tour in war zones By Mandy Clark http://www.cbsnews.com/stories/2011/07/03/eveningnews/main20076580.shtml Finally this evening, the last draftee is set to retire from the army this summer at the age of 58. Command Sergeant-Major Jeff Mellinger was drafted back in 1972. In recent years, he survived 27 roadside bombings while deployed in Iraq. CBS News correspondent Mandy Clark reports on another long-serving veteran with a great story. In Afghanistan being a doctor can be a frontline position. But even back from the fighting, men and women of the U.S. Military have tough jobs and the medical problems to match. An experienced eye makes all the difference, and few are more experienced than Dr. John Burson, an ear, nose and throat specialist from Villa Rica, Georgia. At age 76, he may not have seen it all, but he brings a lot of history to his work at this US military clinic in Kabul. "There not sure if I'm a father figure or a grandfather figure," Dr. Burson says. "I carry with me mostly an appreciation for the incredible sacrifice I see among the young people here. The real dedication, the love of country...it's an opportunity to come back and sort of pay back a little to your country," Dr. Burson is a volunteer with the Reserves. This is his 4th tour since 2005; Two in Iraq and two in Afghanistan. He joined the Army back in 1955, but never saw combat, missing Korea and Vietnam. He was out of uniform for 26 years and he says the nature of war has changed dramatically in that time - modern communications can make dealing with combat stress more difficult. "This is a complicated war. We're in a situation where troops communicate with home every day. They get emails every day. They get text message every day, cell phone messages. They live in two worlds. They live in the world of home and the world of here," Dr. Burson says. In the meantime he patches them up so they can do their jobs. Dr. Burson says this may be his last tour, but he's really not so sure, hinting that in 2 years he will have forgotten the hardships and be ready to help. By then, he'll be close to 80 years old. ? 2011 CBS Interactive Inc.. All Rights Reserved. From rforno at infowarrior.org Mon Jul 4 15:50:57 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 4 Jul 2011 16:50:57 -0400 Subject: [Infowarrior] - US claims all .com and .net websites are in its jurisdiction Message-ID: <6AE84937-BE6F-4A4A-AEBD-A14D7CA75CEE@infowarrior.org> US claims all .com and .net websites are in its jurisdiction Sees an Internet without borders By Lawrence Latif Mon Jul 04 2011, 15:53 http://www.theinquirer.net/inquirer/news/2083906/claims-com-net-websites-jurisdiction THE US Immigration and Customs Enforcement agency (ICE) wants to take down web sites that use the .com and .net top level domains (TLD) regardless of whether their servers are based in the US. Erik Barnett, assistant deputy director of ICE said told the Guardian that the agency will actively target web sites that are breaking US copyright laws even if their servers are not based in the US. According to Barnett, all web sites that use the .com and .net TLDs are fair game and that, since the Domain Name Service (DNS) indexes for those web sites are routed through the US-based registry Versign, ICE believes it has enough to "seek a US prosecution". According to the Guardian, ICE is not focusing its efforts just on web sites that stream dodgy content but those that link to them, something the newspaper claims has "considerable doubt as to whether this is even illegal in Britain". It points out that the only such case to have been heard by a judge in the UK was dismissed. Barnett said, "By definition, almost all copyright infringement and trademark violation is transnational. There's very little purely domestic intellectual property theft." However Barnett's claim that because Verisign is the registry for .com and .net TLDs that gives ICE jurisdiction over servers based in foreign countries seems tenuous at best. Nevertheless he said, "Without wishing to get into the particulars of any case, the general goal of law enforcement is to arrest and prosecute individuals who are committing crimes. That is our goal, our mission. The idea is to try to prosecute." Jim Killock, executive director of the Open Rights Group told the Guardian, "This seems absurd [...] if you don't have some idea that there's a single jurisdiction in which you can be prosecuted for copyright infringement that means you're potentially opening an individual to dozens of prosecutions." ICE is most probably banking on expectations that those it accuses of sharing copyrighted content won't be able to afford a legal team to question its claim that its jurisdiction extends beyond US borders. ? From rforno at infowarrior.org Tue Jul 5 07:05:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jul 2011 08:05:41 -0400 Subject: [Infowarrior] - Cisco Poised To Help China Keep An Eye On Its Citizens Message-ID: <8B28995F-B36C-4AC3-97CD-4A7D03D660BA@infowarrior.org> Wall Street Journal July 5, 2011 Censorship Inc. http://online.wsj.com/article/SB10001424052702304778304576377141077267316.html Cisco Poised To Help China Keep An Eye On Its Citizens By LORETTA CHAO in Beijing and DON CLARK in San Francisco Western companies including Cisco Systems Inc. are poised to help build an ambitious new surveillance project in China -- a citywide network of as many as 500,000 cameras that officials say will prevent crime but that human-rights advocates warn could target political dissent. The system, being built in the city of Chongqing over the next two to three years, is among the largest and most sophisticated video-surveillance projects of its kind in China, and perhaps the world. Dubbed "Peaceful Chongqing," it is planned to cover a half-million intersections, neighborhoods and parks over nearly 400 square miles, an area more than 25% larger than New York City. The project sheds light on how Western tech companies sell their wares in China, the Middle East and other places where there is potential for the gear to be used for political purposes and not just safety. The products range from Internet-censoring software to sophisticated networking gear. China in particular has drawn criticism for treating political dissent as a crime and has a track record of using technology to suppress it. An examination of the Peaceful Chongqing project by The Wall Street Journal shows Cisco is expected to supply networking equipment that is essential to operating large and complicated surveillance systems, according to people familiar with the deal. The U.S. has prohibited export of crime-control products to China (for instance, fingerprinting equipment) ever since Beijing's deadly 1989 Tiananmen Square crackdown. But the U.S. restrictions don't prohibit sale of technologies such as cameras that can be used in many ways -- to tame, say, either traffic jams or democracy marches. This loophole troubles some critics. There is no indication that Cisco is selling products customized for crime control. Western companies' pursuit of sales in China underscores a fundamental question for businesses and policy makers alike: Should companies be held accountable if foreign governments use their products for political suppression? Cisco was brought in to the Chongqing project by Chinese security company Hikvision Digital Technology Co., the project's main contractor, Hikvision officials and others say. It is unclear whether Cisco's participation has been finalized, although one person familiar with the matter says it is close. Officials at Cisco, based in San Jose, Calif., declined to discuss its possible involvement in detail. A company spokesman stressed that Cisco "hasn't sold video cameras or video-surveillance solutions in any of our public infrastructure projects in China." The company has previously said -- including in a June blog post by Cisco's general counsel, Mark Chandler -- that the company strictly abides by the Tiananmen export controls and doesn't supply any gear to China that is "customized in any way" to facilitate repressive uses. Cisco is the world's biggest maker of networking equipment, which includes routing and switching systems that send data between computers and connect systems to the Internet. The company has stirred controversy in the past for its China dealings. The Chongqing project is also attracting interest from other U.S. companies, including Alabama software maker Intergraph Corp. Hewlett-Packard Co. also expects to bid on part of the project, according to a senior H-P executive. The people familiar with the matter said H-P may be looking to supply servers or storage equipment for Peaceful Chongqing. Asked about concerns about political use of the system, Todd Bradley, an executive vice president who oversees H-P's China strategy, said in an interview last week in China, "We take them at their word as to the usage." He added, "It's not my job to really understand what they're going to use it for. Our job is to respond to the bid that they've made." Another possible participant in the Chongqing project is Intergraph, a Huntsville, Ala., company that made a bid through Cisco to provide customized software for the effort, said Bob Scott, head of Intergraph's security group. It is unclear if the company, a unit of Sweden's Hexagon AB, will ultimately be hired. Although sale of surveillance technology to repressive nations is permissible, some critics have harsh words for companies that do so. "The business community is only hearing what it wants to hear and disregarding the rest," said Rep. Frank Wolf, a Virginia Republican who co-chairs the Tom Lantos Human Rights Commission, a nonpartisan rights group made up of members of Congress. Chongqing, a sprawling metropolis in southwestern China, is one of the most populous cities in the nation with an urban population of at least 12 million. The hillside Yangtze River port, famous for spicy hot-pot and often covered in fog, was China's capital from 1938 to 1945. Today, it is being developed as a gateway to the country's western hinterland. Chongqing has gained prominence the past two years because of its Communist Party chief, Bo Xilai, a rising political star who has led a controversial crackdown on organized crime that some lawyers have criticized for what they say are violations of legal due process. Mr. Bo declined to comment. He is expected to become one of China's top leaders next year by being appointed to China's Politburo Standing Committee, the nation's top decision-making body. Chongqing's government has said it plans to invest more than $800 million of its own in building the Peaceful Chongqing system. Another $1.6 billion is coming from other, unspecified sources, the city has said. Hikvision's president, Hu Yangzhong, said in an interview that government funds would go toward building the central surveillance network and installing a portion of the cameras, while more cameras would be installed by owners of residences, office buildings and others -- all of which would be linked to the network. Video-surveillance systems can serve many purposes and are routinely used for benign purposes by cities world-wide to fight crime and ease traffic. Still, civil libertarians raise concerns including in the U.S. that the technology can invade privacy and is poorly regulated. Human-rights advocates say Chinese police have used surveillance footage to identify people in political protests. Jailed Chinese artist-activist Ai Weiwei, who was released last month, complained before he was apprehended on April 3 that police were using cameras to monitor him. Corinna-Barbara Francis, a researcher at Amnesty International, said surveillance footage has been used to identify and apprehend peaceful protesters in China, including in Xinjiang and Tibet. "In China there's ample evidence that they use" video surveillance "to crack down and then criminalize activity which should not be criminalized," Ms. Francis said. The Chongqing government declined to comment, as did China's Ministry of Public Security and the State Council Information Office. Chinese leaders have long argued that maintaining social stability and economic growth takes precedence over political rights. Hikvision's president, Mr. Hu, said he believes the project's goal is to cut crime, not target political dissidents. "China has a very serious public-security problem," he said in an interview last week. He blamed an epidemic of robbery and other crimes on the flood of poor migrants into China's cities and a growing wealth gap. Mr. Hu said Chongqing's new surveillance system will be tied in to an information network that Cisco is already building in the city, where Cisco has announced a high-profile alliance under a program it calls Smart+Connected Communities -- an initiative under which Cisco consults with governments around the world to use technology to tackle civic problems such as transportation, healthcare and education. According to the Chongqing government's website, Cisco Chief Executive John Chambers told the city's mayor in a meeting last year that he hoped the Smart+Connected project could create a "model in Chongqing which can be popularized in China." Executives at Western companies say they must weigh the possibility that technology could be misused against the business risks of missing out on a lucrative market. "We do have concerns," said Intergraph's Mr. Scott. "On the other hand, we want to do business there," he said, noting that the company's software is also used for environmental and other projects in China. "We're just the technology platform," he said, adding that it is the responsibility of the buyers "to meet and adhere to laws and policies" of their jurisdictions. Ultimately, Intergraph has "to manage the risk against the gain." In an April interview with the Journal, Bill Stuntz, general manager of Cisco's physical-security business, said Cisco gives careful consideration to how its products are used in China and doesn't want them to be used for repressive purposes. He declined to discuss specific projects in China but noted that sales of security equipment there have been expanding rapidly. He said Cisco is providing products that include networking equipment and servers along with support for some large video-surveillance systems, though not video cameras. China has become the fastest growing market for surveillance equipment, although it isn't yet the biggest, according to IMS Research, a U.K. firm that studies the market. The surveillance markets in the U.S. and Europe are growing at single-digit rates while surveillance-related revenue in China is growing at 23% a year. Surveillance-equipment sales alone, not including networking gear or software, totaled $1.7 billion last year. Chongqing's government says on its website that its current surveillance system is outdated, allowing police to directly tap into just 15,000 of the total 300,000 cameras. It wants the new system to be among the world's most advanced. Mr. Scott of Intergraph says Chongqing wants not only to increase camera count, but also to have video managed and delivered to dozens of police precincts and other organizations. The project presents challenges "that have not really been done anywhere else in the world," he said. Mr. Scott said his company spent three years developing software that enables multiple agencies to control cameras and also analyzes video feeds for unusual situations like fires or the formation of crowds. The number of surveillance cameras in Chinese cities including Chongqing appears to dwarf that of other cities around the world, though comparisons are tough because cities generally don't disclose their camera counts. A 2008 report by the state-run Xinhua news agency said Beijing had some 280,000 cameras in its system. By comparison, privacy advocates in the U.S., including the American Civil Liberties Union, estimate Chicago has 10,000 cameras. The New York Civil Liberties Union estimated in 2009 that there were 8,000 cameras in New York. Kersten Zhang, Yoli Zhang, Jason Dean and Cari Tuna contributed to this article. From rforno at infowarrior.org Tue Jul 5 07:27:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jul 2011 08:27:54 -0400 Subject: [Infowarrior] - Hackers Select a New Target: Other Hackers Message-ID: https://www.nytimes.com/2011/07/05/technology/05hack.html?_r=1&hp=&pagewanted=print July 4, 2011 Hackers Select a New Target: Other Hackers By SOMINI SENGUPTA and NICK BILTON The hackers, calling themselves the A-Team, assembled a trove of private information and put it online for all to see: names, aliases, addresses, phone numbers, even details about family members and girlfriends. But their targets were not corporate executives, government officials or clueless bank customers. They were other hackers. And in trying to unmask the identities of the members of a group known as Lulz Security, the A-Team was aiming to take them down a peg ? and, indirectly, to help law enforcement officials lock them up. The core members of Lulz Security ?lack the skill to do anything more than go after the low-hanging fruit,? the A-Team sneered in its posting last month. In recent weeks, attacks on companies like Sony and government sites like senate.gov have raised concerns about increasingly organized and brazen hackers. On Monday, a Twitter account for Fox News was hijacked. But much of the hacking scene is a fractious free-for-all, with rival groups and lone wolves engaged in tit-for-tat attacks on each other, often on political or ideological grounds but sometimes for no better reason than to outwit ? or out-hack ? the other guy. The members of Lulz Security, or LulzSec, have been at the center of the sniping lately. The group won global attention through attacks on the C.I.A., Sony, the Arizona state police and other organizations, putting at risk the personal information of tens of thousands of people in the process. Even as they attacked, the LulzSec members craftily concealed their own identities, all the while articulating an ever-changing menu of grievances, from government corruption to consumer rights. LulzSec?s provocative attacks and flamboyant style made it a tempting target. Other hackers, equally adept at maintaining their anonymity, have been seeking to penetrate the online aliases of the group?s members. Late last month, LulzSec announced that it was disbanding, and that its members would continue their activities under other banners. But the F.B.I. and other agencies are continuing their pursuit, aided by information unearthed by other hackers. In fact, the Lulz Security members face the real possibility that if they are caught, it will be their fellow hackers who led the authorities to their doorsteps. ?This unfortunately represents one of few ways law enforcement gets good inroads into this community,? said Bill Woodcock, research director at the Packet Clearing House, a nonprofit group in Berkeley, Calif., that tracks Internet traffic. In hacker parlance, to be unmasked is to be dox?d, as in documented. And by hacker logic, to be dox?d is to be put out of business. An online alias is an essential weapon: it conceals a person?s name and whereabouts, while allowing the creation of an alternate identity. Indeed, the handbook for new recruits to Anonymous, the global hacker collective from which Lulz Security sprang earlier this year, contains tips on safeguarding one?s identity ? from how to steer clear of Web sites that track online activity to masking one?s Internet provider. One of the tools it suggests is Tor, a network of virtual tunnels originally developed by the United States Naval Research Laboratory to protect online government communications. ?In our world,? the handbook concludes, ?a good defense is the best offense.? Despite the detailed profiling by the A-Team and other hacker groups including Team Poison and Web Ninjas, no professed Lulz Security member has admitted to being dox?d, and some have merrily denied it. But the campaign seems to have had some effect. The A-Team?s supposed outing of seven of Lulz Security?s members coincided with the group?s announcement that it was disbanding. And a spokesman for the group, using the alias Topiary, bid a public farewell in typically impish language: ?Sailing off ? watch your backs and follow the north wind, brazen sailors of the ?verse.? The A-Team posting about LulzSec included mundane personal details. The sister of one purported LulzSec member, it said, was a bartender in a bowling alley in a small British town. Another member was described as ?very ugly.? A third, the group railed, cannot hack at all: ?He doesn?t actually do anything except give interviews.? Part of the posting, complete with misspellings, went to the heart of the hackers? paradox: ?If your anonymous no one can find you. No one can hurt you, so your invincible,? it said. ?The problem with this idealogy, is it?s on the internet. The internet by definition is not anonymous. Computers have to have attribution. If you trace something back far enough you can find its origins.? Lulz Security was not above outing one of its own. A member known as m_nerva leaked some of its chat room discussions to the media. In retaliation the group posted what it said was m_nerva?s personal information, including an address in Hamilton, Ohio. Last week the F.B.I. raided a home in Hamilton but made no arrests, according to local media reports. An F.B.I. spokeswoman, Jenny Shearer, would not comment on what she said was a continuing investigation. In an interview with the BBC Web site, a spokesman for LulzSec who called himself Whirlpool said of the group?s opponents: ?They keep trying to bring us down, we mock them, they get flustered and make snide comments, we laugh.? Meanwhile the Web Ninjas, who publish a blog called LulzSec Exposed, declared their intentions this way: ?We have tried our best doxing LulzSec and keep doing it until we see them behind bars.? Topiary?s fellows do not seem to be in a mood to venture off into the north wind forever. Since announcing its dissolution, LulzSec has melted into a broader movement called AntiSec, which potentially has thousands of hackers on its side, including those associated with Anonymous. Hackers have continued to torment the Arizona police because of their role in a state crackdown on illegal immigrants, leaking officers? personal e-mail last week. Security companies and government agencies have a long history of relying on current or former hackers in the fight against computer crimes. One new wrinkle is the way that attacks on government targets have given rise to a small but loud faction of patriotic, presumably American hackers who are fighting back on their own, said Gabriella Coleman, an assistant professor at New York University who is researching a book on Anonymous. The fights have also become more public and spectacular, in part because of platforms like Twitter. ?Warring becomes an art form itself,? Ms. Coleman said. ?There is that game quality to it. They?re claiming they can?t be found. It?s a huge trophy if you can.? From rforno at infowarrior.org Tue Jul 5 07:43:19 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jul 2011 08:43:19 -0400 Subject: [Infowarrior] - Popular FTP package download tarball poisoned Message-ID: Popular FTP package download tarball poisoned By John Leyden ? Get more from this author Posted in Malware, 5th July 2011 11:23 GMT http://www.theregister.co.uk/2011/07/05/ftp_backdoor_shenanigans/ A backdoor has been discovered in the source code of a widely used FTP package. Version 2.3.4 of the source code for vsftpd ? billed as probably the most secure and fastest FTP server for Unix-like systems ? was replaced with a compromised version with an invalid signature. The dodgy tarball version of the code was uploaded onto the main download site and available for around three days before the hack was detected by Chris Evans, the author of vsftpd, on Sunday (3 July). Evans has moved the main download to a new site, https://security.appspot.com/vsftpd.html, which is hosted by Google App Engine. The counterfeit code was poorly disguised and it is unlikely that too many of the tech-savvy users of vsftpd fell victim to the hack. Nonetheless the incident illustrates that code repositories can be poisoned and the importance of checking digital signatures as a safeguard against falling victim to such shenanigans. Evans reckons the whole incident is more likely the result of a prank than a serious attempt to compromise corporate file transfer facilities. "The backdoor payload is interesting," Evans writes. "In response to a :) smiley face in the FTP username, a TCP callback shell is attempted. There is no obfuscation. "More interestingly, there's no attempt to broadcast any notification of installation of the bad package. So it's unclear how victims would be identified; and also pretty much guaranteed that any major redistributor would notice the badness. Therefore, perhaps someone was just having some lulz instead of seriously trying to cause trouble." ? From rforno at infowarrior.org Tue Jul 5 08:08:13 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jul 2011 09:08:13 -0400 Subject: [Infowarrior] - Woman Escorted Off US Air Flight For Snapping Photo Message-ID: I'm not sure what's worse: knowing that you can be called a 'security threat' for anything and instantly be judged so regardless of the circumstance, or that US Airways continues to be the most hated companies in the States. (I know which is worse, I'm still getting caffeinated.) Welcome to the New Normal. -- rick July 2, 2011 @ 1:24PM Woman Escorted Off US Airways Flight For Snapping Photo Deemed a "security risk" for photographing nametag of rude employee By Carlos Miller -... http://www.pixiq.com/article/woman-escorted-off-us-airways-flight-for-snapping-iphone-photo Miami photographer Sandy DeWitt was ordered off a US Airways flight after being deemed a "security risk" A Miami photographer was escorted off a US Airways plane and deemed a ?security risk? after she snapped a photo of an employee?s nametag at Philadelphia International Airport Friday. Sandy DeWitt said the employee, whose name was Tonialla G., was being rude to several passengers in the boarding area of the flight to Miami. So DeWitt snapped a photo of her nametag with her iPhone because she planned to complain about her in a letter to US Airways. But the photo didn?t come out because it was too dark. However, once DeWitt was settled in her seat, preparing for take-off, Tonialla G. entered the plane and confronted her. ?She told me to delete the photo,? DeWitt said in an interview with Photography is Not a Crime Saturday morning. DeWitt, who already had her phone turned off in preparation for take-off, turned the phone back on to show her that it didn?t come out, but deleted the photo anyway. ?I complied with her wishes but it?s not something I would normally do,? she said. ?It just wasn?t usable.? But Tonialla G. wouldn?t let the issue go. She then walked into the cockpit to inform the pilot that DeWitt was a ?security risk.? Next thing DeWitt knew, she was being escorted off the plane by two flight attendants. Her husband followed. ?I announced to the other passengers that I was being removed because I took a photo,? she said. ? I announced that photography is not a crime.? By this time, she had Tonialla G.'s named memorized, so she didn't even need the photo anymore. Off the plane, she spoke to a Michael Lofton, a US Airways manager at Philadelphia International Airport, who told her she would not be allowed back on the plane because she was a security risk. But even though she was supposedly a security risk, Lofton directed her to American Airlines where they supposedly had a flight back to Miami leaving soon. However, that flight had already departed and it was already after 7 p.m., so there were no other flights back to Miami until the following morning. ?We were expecting to spend the night at the airport,? she said. They eventually boarded a Southwest Airlines flight to Fort Lauderdale at 11 p.m. They landed at 1:15 a.m. and had to wake up a friend to drive them to Miami International Airport, about a 45 minute drive, where their car was parked. ?Southwest really stepped up to the plate for us,? she said. ?I can?t say enough about them.? DeWitt is a commercial photographer who graduated from the Rhode Island School of Photography. UPDATE: Sandy DeWitt is not the only traveler who has had issues with US Airways. Check out Tracy Reed's story. UPDATE II: Business Insider ranked US Airways sixth in a list of the 19 Most Hated Companies in America. From rforno at infowarrior.org Tue Jul 5 14:47:02 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jul 2011 15:47:02 -0400 Subject: [Infowarrior] - Swiss party makes dislike of PowerPoint a political issue Message-ID: <242DD655-8B8D-4C38-8A22-0A5ECA016955@infowarrior.org> Swiss party makes dislike of PowerPoint a political issue Switzerland's Anti-PowerPoint Party wants a referendum on banning the use of presentation software ? Peter Sayer (IDG News Service) ? 05 July, 2011 04:57 http://www.cio.com.au/article/392397/ Many people dislike PowerPoint, Microsoft's ubiquitous application for creating business presentations, but few would take a political stand over it. However, that's exactly what Switzerland's Anti-PowerPoint Party (APPP) seeks to do -- along with making a bit of money. According to the APPP, the use of presentation software costs the Swiss economy 2.1 billion Swiss francs (US$2.5 billion) annually, while across the whole of Europe, presentation software causes an economic loss of ?110 billion (US$160 billion). APPP bases its calculations on unverified assumptions about the number of employees attending presentations each week, and supposes that 85 percent of those employees see no purpose in the presentations. Switzerland's democratic system is famously participative, with citizens able to call for a nationwide referendum on almost any subject if they can obtain the signatures of 100,000 voters. The APPP is seeking support for a national referendum to ban the use of PowerPoint and other presentation software in presentations throughout Switzerland. It also plans to present candidates for national elections in October. The party's ambitions don't stop there: Its website is published in three of Switzerland's official languages, German, French and Italian, with parts of it also available in Croatian, English, Russian, Slovak and Spanish. "We want the world to take note of this cause. And the whole world can talk and can be involved if it is opened for the people from all over the world. We are open for all the other world languages, we just need the volunteers to translate the website to those languages," said party founder and president Matthias Poehm, a public speaking trainer from Bonstetten, just outside Zurich. "We have members, volunteers who were so happy to participate and they have translated the entire website to Croatian. The same is with the website in Slovakian." Poehm is not the first to express a distaste for PowerPoint. In 2003, Edward Tufte, a specialist in the visual representation of numerical data, published an essay "The Cognitive Style of PowerPoint" accusing the software of hurting our ability to think. And last year, The New York Times warned: "We Have Met the Enemy and He Is PowerPoint," an essay on the U.S. military's use of incomprehensible slide presentations to convey its strategy. International backing for the APPP's goals may be there, but the party is still some way off the 100,000 Swiss supporters it needs to force a referendum: Since its creation on May 5, APPP has signed up 245 members -- not a huge number for a party that's free to join. One thing party members do have to pay for is the full party manifesto, set out in the book "The PowerPoint Fallacy" authored by Poehm. Party members pay ?17, a reduction of ?10 on the regular price. So is this just a promotional gimmick? "Yes, it is a tool to promote my book. But it doesn't end there," Poehm said via e-mail. "This issue will be raised in the awareness of the all people who still don't know that there is an alternative to PowerPoint and with this alternative you, provably, achieve three to five times more effect and excitement with the audience than with the PowerPoint," he said. "We want ... that pupils in schools are not punished by a mark reduction if they don't use PowerPoint," he said. The alternative, for Poehm, is the humble flipchart, which he values for the creativity it encourages, and the appeal of seeing the presentation created live. Poehm's goal with the APPP is not really to prohibit the use of presentation software, he said. "We just want the people to become aware of this issue and the alternative to it. The solutions are available, but nobody is using them." Microsoft did not respond to a request for comment on Monday about the APPP's position and plans. From rforno at infowarrior.org Tue Jul 5 14:50:10 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jul 2011 15:50:10 -0400 Subject: [Infowarrior] - MS admits Patriot Act can access EU-based cloud data Message-ID: <8103D4A6-FCFC-4F48-A800-05B2E573E8E3@infowarrior.org> Microsoft admits Patriot Act can access EU-based cloud data By Zack Whittaker | June 28, 2011, 8:10am PDT http://www.zdnet.com/blog/igeneration/microsoft-admits-patriot-act-can-access-eu-based-cloud-data/11225 Microsoft?s UK head admitted today that no cloud data is safe from the Patriot Act ? and Microsoft will hand it over to U.S. authorities. LONDON ? At the Office 365 launch, Gordon Frazer, managing director of Microsoft UK, gave the first admission that cloud data ? regardless of where it is in the world ? is not protected against the USA PATRIOT Act. It was honestly music to my ears. After a year of researching the Patriot Act?s breadth and ability to access data held within protected EU boundaries, Microsoft finally and openly admitted it. The question put forward: ?Can Microsoft guarantee that EU-stored data, held in EU based datacenters, will not leave the European Economic Area under any circumstances ? even under a request by the Patriot Act?? Frazer explained that, as Microsoft is a U.S.-headquartered company, it has to comply with local laws (the United States, as well as any other location where one of its subsidiary companies is based). Though he said that ?customers would be informed wherever possible?, he could not provide a guarantee that they would be informed ? if a gagging order, injunction or U.S. National Security Letter permits it. He said: ?Microsoft cannot provide those guarantees. Neither can any other company?. While it has been suspected for some time, this is the first time Microsoft, or any other company, has given this answer. Any data which is housed, stored or processed by a company, which is a U.S. based company or is wholly owned by a U.S. parent company, is vulnerable to interception and inspection by U.S. authorities. Last week, Microsoft opened up its Online Services Trust Center which explained in great detail how data was managed, handled and if necessary, handed over to the authorities. From rforno at infowarrior.org Tue Jul 5 19:27:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 5 Jul 2011 20:27:43 -0400 Subject: [Infowarrior] - NIST cybersecurity standards would apply to Defense contractors under proposed rule Message-ID: <72E47392-898A-4015-B048-4F6906E4A70B@infowarrior.org> NIST cybersecurity standards would apply to Defense contractors under proposed rule July 4, 2011 ? 6:02pm ET | By David Perera http://www.fiercegovernmentit.com/story/nist-cybersecurity-standards-would-apply-defense-contractors-under-proposed/2011-07-04 Certain Defense Department contractors in possession of unclassified yet nonpublic information would become subject to National Institute of Standards and Technology cybersecurity standards under a proposed rule change to the Defense Acquisition Regulation Supplement published in the Federal Register June 29. Under the proposed rule, the DoD would set up two standards of cybersecurity that private sector contractors would have to contractually affirm an ability to implement: A "basic" standard for any contractor in possession of nonpublic DoD data, and an "enhanced" standard for other contractors. The requirement would apply at least to first-tier subcontractors; the discussion of the rule printed in the Federal Register says the requirement would "be passed down through the supply chain." The enhanced standard would apply to contractors in possession of critical program information (under DoD Directive 5200.39 [.pdf]); critical information (under DoD 5205.02 [.pdf]); any information with a controlled access designation such as "sensitive but unclassified;" data subject to export controls under International Traffic in Arms Regulations and Export Administration Regulations; technical data; anything exempt from the Freedom of Information Act; and, personally identifiable information. Contractors under the enhanced security standard would have to implement cybersecurity standards codified by NIST in Special Publication 800-53 (.pdf)--not all of them, just 58 of the standards enumerated in the document. Enhanced security standard contractors would also come under a reporting requirement whereby they could have to report any cyber incident affecting DoD information with 72 hours of its occurrence. DoD policy would be that a "properly reported" cyber incident "shall not, by itself, be interpreted as evidence that the contractor has failed to provide adequate information safeguards," the proposed rule states. The basic standard would apply to information exempt from disclosure under FOIA or not yet released to the public. Basic standard contractors would have a far-less onerous set of requirement to adhere to under the proposal rule, such as attesting that employees don't access DoD information on public computers, and that storage media is sanitized before disposal. The DoD acknowledges that small businesses are more likely to be affected by the rule than large Defense contractors, since most large contractors handling sensitive information already have information assurance controls and could implement 800-53 standards with minimal additional cost. About 76 percent of DoD small business contractors would be required to implement the enhanced standard, the Pentagon estimates. Comments are due by the end of August 29. For more: - download the proposed rule, DFARS 2011-D039 (.pdf) - download NIST SP 800-53, Rev. 3 (.pdf) From rforno at infowarrior.org Wed Jul 6 06:48:26 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Jul 2011 07:48:26 -0400 Subject: [Infowarrior] - Apple users complain over MobileMe 'censorware' Message-ID: Apple users complain over MobileMe 'censorware' By John Leyden ? Get more from this author Posted in Security, 6th July 2011 08:00 GMT http://www.theregister.co.uk/2011/07/06/mobileme_censorware_row/ Apple has reportedly begun the filtering of outbound messages sent via its MobileMe service. The fruity one has applied inbound filtering to inbound emails as a precaution against spam since last year. Last month, however, it began filtering messages that users sent using the service ? for questionable reasons. The upshot is that whatever email client a MobileMe user uses, their message will be blocked without notification, reportedly even if the offending content in question contains mild political criticism. Reg reader Mike Conley, who was the first to tell us of the problem, said that one of three offending messages he sent was blocked because it mentioned the phrase "growing hostility against Frankfurt and Brussels". An email about civil unrest in Greece about the sovereign debt crisis/austerity budget was also dropped. Conley realised there was a problem because he sends messages to himself via bcc. He complained and one of the offending messages was transmitted only for the problem to reappear days later. As a result, Conley has decided to stop using the service after having been a loyal fan for more than 10 years. Conloy started a thread on the problem on an Apple user forum. The post was picked up by Reg reader Harris Upham, who confirmed that censorship seems to be taking place. "I have a mobileme account myself, and I have tested this myself and I'm now convinced that mobileme is censoring outbound mail based on message body content," Upham told El Reg. Generally speaking we're much more inclined to attribute this sort of thing to a technical screw-up rather than a deliberate policy. The alternative is truly chilly. All-American firm Apple has decided to sensor political debate occurring via email for reasons unknown, exactly the sort of behaviour routinely practiced in China and roundly condemned across the political spectrum in the West. It's very likely there's some innocent explanation to this, but since Apple consistently refuses to speak to us on information security, we don't know what this might be. Enterprise email security firms we asked were unable to shed much light on the behaviour, presumably since it is restricted to Apple's user-base and only visible internally. ? From rforno at infowarrior.org Wed Jul 6 06:55:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Jul 2011 07:55:55 -0400 Subject: [Infowarrior] - The Latest Attempt By The Obama Administration To Punish Whistleblowers Message-ID: The Latest Attempt By The Obama Administration To Punish Whistleblowers from the thomas-drake,-part-II dept http://www.techdirt.com/articles/20110702/00451614941/latest-attempt-obama-administration-to-punish-whistleblowers.shtml Earlier this year, we noted Daniel Ellsberg's comments about how very few people realized that President Obama -- a man who ran on a platform of transparency and who has repeatedly said he supports whistleblowing efforts -- has been the most aggressive President ever in trying to punish whistleblowers. He pointed out that President Obama has brought more indictments for leaking info than all other presidents combined. And it's resulted in absolutely ridiculous prosecutions like the Thomas Drake affair, which finally collapsed after it became clear that the feds were merely being vindictive against Drake for his whistleblowing activities, rather than finding any actual case of espionage. Now we have the sequel to the Drake situation, with much higher stakes in some ways. Conor Friedersdorf has a story at The Atlantic, about the administration's efforts to put reporter James Risen in jail. The full story is a worth a read, but it's pretty ridiculous. Risen is famous for exposing the Bush administrations warrantless wiretapping regime, as well as a few other clearly illegal programs. He so infuriated the Bush administration that Dick Cheney wanted to put him in jail... but realized there was no legitimate way to do so. Along comes President Barack Obama. Part of Obama's campaign was actually built off of the information that Risen exposed: You'd think that President Obama would take a different view. After all, he might not be in the White House today if the Bush Administration would've succeeded in keeping all its secrets: the torture, the detainee deaths, the abuses at Abu Ghraib, the spying on Americans, the faulty pre-war intelligence in Iraq, and all the rest. One would expect Obama of all people to see the value in Risen's reporting - the real ways in which he has helped to preserve civil liberties, American freedom, and accountability in government - and to weigh that against the national security implications of reporting in 2006 on a bungled CIA effort that happened way back in the year 2000. You'd think. Instead, we get the opposite. The Obama administration has come down even harder on Risen than the Bush administration did, and is now threatening him with jail for not exposing his sources for some of his stories. This showdown may come soon, as a judge has indicated that she may require Risen to give up his sources. As Glenn Greenwald has noted, this whole thing seems to be a part of the "climate of fear" that was certainly present among the previous administration, but which has ratcheted up dramatically with the current administration. The key "fear" element is to make it known to both insiders who leak and reporters who publish those stories, that they could face jail time, even as the administration claims that it's encouraging whistleblowing. Ellsberg speculated that President Obama's reason for being so much more aggressive on these issues was one of embarrassment . That is, the President recognizes that the federal government is doing all sorts of questionable stuff -- the type of stuff he actively campaigned against -- and is embarrassed by it. But since he (for whatever reason) is unable to put a stop to it, he's trying to do the next best thing: which is threaten and or punish anyone who might reveal what's being done. I'm not sure I buy that theory, but either way the situation is clearly troubling, and completely counter to the image that Obama has tried to portray of openness and transparency, and a willingness to respond directly to critics rather than punish them. If you're concerned about freedom of speech and freedom of the press, this story should concern you. If you believe in the importance of whistleblowers to keep governments accountable when they do things like break the clear letter and intent of the law, this story should concern you. Tragically, however, it's not getting very much attention at all. From rforno at infowarrior.org Wed Jul 6 07:05:24 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Jul 2011 08:05:24 -0400 Subject: [Infowarrior] - =?windows-1252?q?Court_Should_Not_Recognize_=93Go?= =?windows-1252?q?od_Leaks=2C=94_Govt_Says?= Message-ID: <3BC9FF4F-D18C-46F5-B077-36C647729281@infowarrior.org> Court Should Not Recognize ?Good Leaks,? Govt Says http://www.fas.org/blog/secrecy/2011/07/no_good_leaks.html http://www.fas.org/blog/secrecy/?p=5360 To admit the possibility of a ?good leak? of classified information would undermine the entire classification system, government attorneys told a court (pdf) last week, and therefore it should not do so. The government?s statement was presented in a response to New York Times reporter James Risen?s June 21 motion to quash a subpoena to compel him to testify in the case of Jeffrey A. Sterling, a former CIA officer who is accused of disclosing classified information to Risen without authorization. In his motion to quash, Mr. Risen had urged the court to consider ?the public interest in newsgathering, measured by the leaked information?s value? and the damage to the public interest which would ensue from compelling him to testify. But the government said the court should do no such thing. ?[E]xplicitly recognizing ?good leaks? of classified information? would effectively destroy the system through which the country protects that information,? the government said in its July 1 response. ?It would encourage government employees who are provided access to classified information to betray their commitment to safeguard it by suggesting that they, too, should undertake their own independent analysis of the effect of their disclosure of that information should they desire to do so. It would also provide a ready-made defense for every disgruntled intelligence community employee or contractor who discloses such information to the press because he harbors a grudge against the institution for which he works,? the government attorneys argued (p. 28). From a different perspective, ?good leaks? are a uniquely effective remedy to what President Obama once called ?the problem of over classification.? Unless and until overclassification can be curtailed through other means, some types of leaks serve as a necessary safety valve, especially when they reveal classified information involving criminal activity, misconduct or mismanagement. In its response to Risen, the government argued forcefully against Risen?s invocation of a reporter?s privilege and urged the Court to require him to testify in the Sterling case. The legal issues will be argued before the court at a July 7 hearing. See related coverage in Politico and the Washington Post. From rforno at infowarrior.org Wed Jul 6 07:12:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Jul 2011 08:12:14 -0400 Subject: [Infowarrior] - Drivers Stopping Means Miami Red-Light Cameras Fail to Yield Promised Cash Message-ID: Drivers Stopping Means Miami Red-Light Cameras Fail to Yield Promised Cash By Christopher Palmeri and Simone Baribeau - Jul 6, 2011 12:01 AM ET http://www.bloomberg.com/news/2011-07-06/drivers-stopping-means-miami-red-light-cameras-fail-to-yield-promised-cash.html July 6 (Bloomberg) -- Los Angeles City Councilmen Tony Cardenas and Paul Koretz speak at a city council meeting on June 21 about whether the city should allow its contract with a supplier of red-light cameras to expire. The Los Angeles Police Commission voted last month to end its agreement with American Traffic Solutions Inc., citing the expense. (Source: Bloomberg) Miami, which counted on $10 million in fines from motorists caught on camera running red lights, is planning to furlough some workers in part because penalties didn?t come close to forecasts as drivers began obeying the law. Houston, where voters banned cameras in November, will receive about $10 million less than anticipated and faces a potential claim from supplier American Traffic Solutions Inc. for canceling a contract. The Los Angeles Police Commission voted last month to let its agreement with American Traffic expire, citing the expense. Since cameras began spying on motorists in the late 1980s, they?ve faced lawsuits challenging their constitutionality, been banned in voter initiatives and restricted by legislation. That hasn?t stopped U.S. cities from deploying them: The number of municipalities with cameras has doubled to 539 since 2007, according to the Washington-based Insurance Institute for Highway Safety. ?This is about money and not about safety,? Ted Hollander, a Fort Lauderdale attorney who defends people charged with traffic offenses, said in an interview.[bn:WBTKR=RDF:AU] Redflex Holdings Ltd. (RDF), [] a South Melbourne, Australia-based camera supplier, successfully defended itself against lawsuits challenging its product in 10 states last year and legislation that would ban them in six, according to its annual report. An Arizona employee of the company was shot and killed while monitoring a speed-detecting camera in 2009. Enforcement Battleground ?Photo enforcement is very much a battleground,? said Gary Biller, executive director of the Waunakee, Wisconsin-based National Motorists Association, a drivers? rights organization. The group?s website lists 10 reasons for opposing cameras, including that vehicle owners who get tickets in the mail may be forced to snitch on friends or family who borrowed their car. Studies diverge on whether cameras, which have been endorsed by the World Health Organization and the National Safety Council, actually reduce traffic accidents. A September 2007 review by the National Highway Traffic Safety Administration concluded they reduced fatal side-angle collisions. It also said less-serious rear-end collisions increased as drivers braked after spotting cameras. ?These cameras are never installed as revenue generators,? said Charles Territo, a spokesman for American Traffic in Scottsdale, Arizona. ?They are installed with the purpose of enhancing public safety.? Cost-Neutral Contracts Most contracts are ?cost neutral,? Territo said. ?A city will never pay more in fees than the cameras generate,? he said. ?If a camera is contracted at $4,000 a month and it generates $6,000, they pay $4,000. But if the cameras generate $2,000, they only pay that.? In Florida, where legislation allowed cameras beginning last year, American Traffic donated $159,000 to state-level candidates and committees during the 2010 election cycle, according to the Florida Elections Division. The payments included $64,500 to Florida?s Republican Party and $37,500 to the Democratic Party. The state, which splits camera revenue with cities, expects about a third less income than initially projected from the program, according to a March report from the Legislature?s research office. There are 28 class-action lawsuits in Florida against municipalities related to the cameras, said Michael Popok, a partner with Weiss, Serota, Helfman, Pastoriza, Cole & Boniske in Coral Gables, Florida, who represents six cities. Warning Signs ?If it was really about the money, we?d hide the cameras,? Popok said. ?There are big signs warning people that they?re there.? The lawsuits had a ?slightly chilling effect? on the rollout, leading to the lower revenue, said Amy Baker, the Florida Legislature?s chief economist. Territo disagreed, saying 80 communities in the state use cameras. Miami planned for $10 million from 32 cameras installed this year. Instead, projected revenue is less than $2 million, Mayor Tomas Regalado said in an interview. The shortfall will contribute to a $15 million projected fiscal 2012 budget deficit that may force the city to give employees unpaid days off one day a week. Miami based its estimate on tickets issued at comparable intersections in other cities, Regalado said. Visibility of the cameras and news coverage led to fewer violations, a 25 percent reduction in accidents and less revenue. ?They worked too well,? Regalado said. Goldman Investment American Traffic, which supplied Miami?s cameras, had 19 cities sign up in the first six months of this year, Territo said. The closely held company received an investment in 2008 from Goldman Sachs Group Inc. (GS), which remains a stakeholder. Redflex?s stock plunged 30 percent on May 10 after shareholders rejected a takeover offer from Macquarie Group Ltd. and Carlyle Group, a private-equity firm. On June 17, Carlyle announced it had withdrawn as an investor in Redflex. The firm, which held a 12 percent stake in February, didn?t respond to a request for comment. Los Angeles has seen a 62 percent reduction in red-light- related collisions at its 32 camera-monitored intersections since 2004 and no increase in rear-end crashes, according to a report Chief Charlie Beck gave the Police Commission last month. The program would cost the city $2.3 million over three years if American Traffic is kept as the contractor at the same intersections, the report said. Territo said the estimate includes costs not directly tied to cameras and that the contract could be structured so the city doesn?t lose money. Lapsed Contract The five-member commission voted unanimously June 7 to let the contract expire. During a public meeting, it cited the department?s $41 million deficit, potential changes in California law that could increase the program?s expenses and the City Council?s boycott of Arizona-based companies over the state?s immigration law. Houston, which raised almost $16 million in fiscal 2010 with red-light monitors, stopped ticketing in November after residents voted to turn off its 70 cameras by amending the city charter. The city received about $10 million less than expected because of the ban, according to budget documents. That loss was ?one of numerous factors? contributing to a budget deficit for fiscal 2011, which ended June 30, said Janice Evans, a spokeswoman for Mayor Annise Parker. A judge ruled last month that the vote, where 53 percent of residents favored stopping the cameras, wasn?t valid and couldn?t be used to end American Traffic?s contract. The company maintains Houston must honor its agreement, Territo said. The city hasn?t decided whether it?s going to resume the program, Evans said. The unpopularity of red-light cameras has spawned a business in alerting drivers when they may be photographed. Radar detectors linked to satellites and centralized databases can tip off motorists before the shutters snap. ?Public opinion is awful on the cameras,? said Aaron Thomas, a marketing manager at Escort Inc., a West Chester, Ohio-based maker of warning devices. ?Everyone?s looking for a solution to get around them.? To contact the reporters on this story: Christopher Palmeri in Los Angeles at cpalmeri1 at bloomberg.net; Simone Baribeau in Miami at sbaribeau at bloomberg.net. To contact the editor responsible for this story: Mark Tannenbaum at mtannen at bloomberg.net From rforno at infowarrior.org Wed Jul 6 14:20:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 6 Jul 2011 15:20:04 -0400 Subject: [Infowarrior] - DHS Alert on Movie Plot Airport Threat Message-ID: <32F1D76E-FEE2-45E1-B567-8428B66C660B@infowarrior.org> Methinks DHS finally saw "The Dark Knight" ..... either that or they need something to distract people about the horrible economy. -- rick http://www.businessinsider.com/us-warns-terrorists-may-try-to-surgically-implant-explosives-in-humans-2011-7 U.S. Warns Terrorists May Try To Surgically Implant Explosives In Humans To Blow Up Jets Zeke Miller | Jul. 6, 2011, 9:56 AM | Federal law enforcement officials have warned airlines that terrorists seeking to blow up commercial jets may seek to surgically implant explosives in their bodies, the Associated Press is reporting. Citing an unnamed security official, the AP says the warning is not in response to a specific plot, but that there is new intelligence terrorist groups are considering using the tactic. The Transportation Security Administration says passengers may experience longer-than-usual screening procedures when traveling into the United States in response to the advisory. From rforno at infowarrior.org Thu Jul 7 06:56:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jul 2011 07:56:36 -0400 Subject: [Infowarrior] - OT: History of American Flight Message-ID: <4CEF3734-2370-4BB4-8261-6A4D508B47AF@infowarrior.org> The History of American Flight -- http://abstrusegoose.com/377 Sad thing is, I think the artist is 100% correct in his prediction. How sad. -- rick From rforno at infowarrior.org Thu Jul 7 07:07:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jul 2011 08:07:14 -0400 Subject: [Infowarrior] - It's Back: WIPO Broadcasting Treaty Returns From The Grave Message-ID: July 6th, 2011 It's Back: WIPO Broadcasting Treaty Returns From The Grave News Update by Gwen Hinze Co-authored by Richard Esguerra https://www.eff.org/deeplinks/2011/07/its-back-wipo-broadcasting-treaty-returns-grave Longtime readers will remember the WIPO Broadcasting Treaty, which EFF has opposed since 2004 because it would harm consumers, citizen journalists, the free flow of information on the Internet, and innovation. Since 2006, EFF and a broad coalition [PDF] of public interest groups, libraries, creative industry members, telecommunications and technology companies have been explaining how granting broadcasters and cablecasters the intellectual property rights envisaged by the draft Treaty would wreak havoc on the Internet community. After much debate and little agreement about key aspects of the Treaty, such as its objectives, specific scope, and object of protection, negotiations stalled in 2007. But it now seems to have come back from the dead in a little-noticed but highly-coordinated effort to grant broadcasters exclusive, 50-year intellectual property rights over Internet transmissions. WIPO member states agreed on June 24 [PDF] to meet for two days before the next Copyright committee meeting in November specifically to try to reach agreement on a new treaty proposal, with the goal of asking WIPO member states in 2012 to schedule an intergovernmental Diplomatic Conference at which the revised Treaty could be adopted. The renewed interest in the Broadcasting Treaty has been spurred both by complaints from incumbent broadcasting organizations, and a campaign from the WIPO Secretariat to conclude the Treaty after more than 12 years of negotiations with no consensus. The Secretariat commissioned three studies, organized several regional seminars, and in April held an informal consultation which led to the creation of a new document with "elements" for a treaty. Meanwhile South Africa submitted a new treaty proposal of its own, and sports broadcasters have been lobbying hard for a treaty at both the April and June meetings in Geneva. All of this was aimed at kick-starting the stalled negotiations and finalizing a Broadcasting Treaty. For now, it appears to have worked. Why should we be worried about this? Broadcasters claim that a treaty is needed to protect against signal piracy, and that the Broadcasting Treaty is simply "updating" their rights for the digital age. But what's really at stake here is something more far-reaching. This Treaty will set the legal rules that will govern the distribution of information on the Internet. The current draft Treaty would grant exclusive, 50-year intellectual property rights to distributors of information that apply in parallel with copyright protections, even when transmitters have had no role in creating the content being transmitted. Although it's not entirely clear, the new South African proposal [PDF] and the "Non-Paper" [PDF] on elements for a new treaty also seem to contemplate intellectual property rights for broadcasters and cablecasters. This move raises the same set of public policy concerns brought up by the existing draft Treaty, which threatens to stifle innovation and the creative freedom of anyone working with audio or visual content in the Internet environment. Granting broadcasters and cablecasters intellectual property rights that apply independently of copyright in the programs being broadcast, together with legally enforceable technological protection measures, raises concerns for access to public domain works. These measures would add complexity to copyright clearance regimes for creators of podcasts and documentary films, and interfere with consumers? ability to make home recordings permitted under national copyright laws. Granting broadcasters and cablecasters exclusive rights to authorize retransmissions of broadcasts over the Internet will harm competition and innovation by allowing broadcasters and cablecasters to control the types of devices that can receive transmissions. It will also create new liability risks for Internet intermediaries that retransmit information on the Internet. On top of the problems posed by the current draft Treaty, there?s now a move to expand the scope of the Treaty to webcasting. The recent South African proposal [PDF] and the new Non-Paper [PDF] both advocate the need to account for "technological developments" and propose a "technology-neutral" approach. This sounds innocuous, but should be understood in the context of the history of the WIPO negotiations. "Technology-neutral" is code for extending new rights to transmissions via the Internet. This is a brazen effort to re-open a long-standing agreement that the Treaty would only give rights to "traditional" broadcasters and cablecasters. Many countries objected to expanding the Treaty to Internet broadcasters because of the harm it could cause to other Internet communications. This move is also inconsistent with the 2007 mandate given by the WIPO General Assembly?to finalize a treaty for broadcasting "in the traditional sense." The key issue here is the scope of the treaty. Broadcasters claim that they need a new treaty to deal with "signal piracy." No one disputes that signal piracy is a serious issue that needs to be addressed. The disagreement is how to address this problem in a way that does not cause significant harm to citizens? freedom of expression, and all the other stakeholders in the Internet economy. No empirical evidence has been presented that demonstrates what exact harm is not already being addressed by the existing copyright regime and remedies in national laws, and why broadcasters need intellectual property rights to deal with signal theft. We continue to believe the preferable model for addressing these issues is the narrower signal-based approach in the Brussels Satellite Convention. But broadcasters continue to push for intellectual property rights that would overlap with copyright. This would trigger unintended consequences for freedom of expression and stakeholders in the Internet economy at a time when the future of broadcasting is already unclear. Giving broadcasters an unprecedented set of legal privileges is a sure-fire way to damage speech and innovation on the global Internet. If "signal piracy" is the concern, then a narrow, signal-focused approach is what is called for, not a global replication of the existing copyright regime. From rforno at infowarrior.org Thu Jul 7 09:43:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jul 2011 10:43:22 -0400 Subject: [Infowarrior] - TSA doesn't like 'poofy' hair Message-ID: TSA to woman: 'We're going to have to examine your hair' by ALLEN SCHAUFFLER / KING 5 News Bio | Email | Follow: @schauff | Follow: @schauff Posted on July 6, 2011 at 5:36 PM Updated yesterday at 5:36 PM http://www.king5.com/news/local/TSA-to-woman-Were-going-to-have-to-examine-your-hair-125112189.html SHORELINE, Wash. -- Laura Adiele wasn't expecting any trouble when she put her hair up, packed her bags, and headed for SeaTac to catch a flight to Texas. So, she was quite surprised when she was pulled out of the security line after having gone through the Advance Imaging system (that see-through technology) and told she needed a pat-down. "When I first heard her say, 'We're going to have to pat you down,' I thought she was talking about my body. I was turning around and putting my arms out and she said, 'no, we're going to have to examine your hair,' and I said, 'no, we're not going to do that today and you're going to have to get security or your supervisor,'" said Adiele. Adiele claims she looked around, saw plenty of other women with "big hair, ponytails" who weren't being searched, and it made her mad. She felt it was discrimination, that she as a black woman with an afro tucked up into a curly bun, was being selected for hand-screening when women of other races weren't. She had nothing to hide but just didn't want strangers feeling her hair. "It's just totally a violation of my personal space and my biggest question is if I'm going through a full body X-ray what more do you need to find, after that?" Adiele said. Actually the Advanced Imaging isn't an X-ray and should have shown any object, metal or not. Not wanting to miss her flight she finally relented. "They put the gloves on and now they're really just digging around in my hair and I'm like, arrgg! Why is this happening?" said Adiele. We couldn't find any specific mention on the TSA website about how travelers should wear their hair, or what to expect hair-wise when going through airport searches. A spokesperson points out there are very specific descriptions of "head-coverings" and the agency makes it very clear that any such coverings that raise concerns among security agents may be subject to further examination. Adiele says the agent who searched her described the policy in more blunt terms. "The supervisor shows up and she says, 'It's our policy that we examine anything that poofs from the body,' and I'm looking around me at all these women with bigger hair if you will and I'm thinking 'why am I the only one being singled out here for poofy hair?" Adiele said. She laughs just thinking about it. "They are required to investigate and examine anything that poofs from the body? That sounds like a bogus policy to me. It just sounds bogus. Poofs?!" said Adiele. She has filed a complaint about the incident but hasn't heard back from the agency yet. It could take a few days for that online form to work its way through the system. The agency's regional spokesperson says they'll be glad to deal with any problems with Adiele when they see the details of her complaint. He adds the TSA takes any charges of racism seriously but is confident this is a case of security officer doing their jobs and being very thorough in their efforts to protect the travelling public. From rforno at infowarrior.org Thu Jul 7 09:45:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jul 2011 10:45:25 -0400 Subject: [Infowarrior] - The Great Recession, Part II Message-ID: <4325EC8C-636C-4484-8050-073308718F88@infowarrior.org> (c/o JC) The Great Recession, Part II The world could be headed for another economic disaster if we continue to listen to free-market ideologues. http://www.slate.com/id/2298580/ From rforno at infowarrior.org Thu Jul 7 15:38:10 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jul 2011 16:38:10 -0400 Subject: [Infowarrior] - Congress Tries To Hide Massive Data Retention Law By Pretending It's An Anti-Child Porn Law Message-ID: Congress Tries To Hide Massive Data Retention Law By Pretending It's An Anti-Child Porn Law from the oh-come-on dept http://www.techdirt.com/articles/20110707/04402514995/congress-tries-to-hide-massive-data-retention-law-pretending-its-anti-child-porn-law.shtml We all know the cynical and obnoxious trick by politicians to get questionable laws passed by claiming that it's "for the children." The latest, however, is particularly nefarious. Some politicians (and lots of folks in law enforcement) have been pushing for the US government to adopt data retention laws for years. These laws would require online service providers to keep all sorts of data about users for many months, just in case law enforcement wants to come knocking later to get the details. Of course, data retention is controversial. You know what's not controversial? Being against child porn. We're all against child porn... so, rather than calling your bill a data retention law, why not refer to it as the Protecting Children from Internet Pornographers Act of 2011. Yes, that's the bill put forth by Texas Congressional Rep. Lamar Smith, and co-sponsored by Reps. Bill Flores, Randy Forbes, Dutch Ruppersberger and Debbie Wasserman Schultz. The bill actually has very little to do with stopping child pornographers, but a lot to do with requiring online service providers to retain certain information (mainly IP addresses) on users for 18 months. Of course, as Chris Soghoian points out, the bill exempts WiFi providers, so it's woefully ineffective at stopping child porn, since anyone who wanted to do that just needs to go to Starbucks. But, for legitimate service providers, there are serious costs. On top of that, there are significant privacy issues -- and this is at the same time that we keep hearing about data leaks. You want to encourage more data leaks? Require companies hold onto data much longer than they need to do so. The really pernicious part in all of this is that it's really just a way for law enforcement to do an end run around the 4th Amendment. Julian Sanchez explains how this works: Thanks to an unwise Supreme Court decision dating from the 70s, information about your private activites loses its Fourth Amendment protection when its held by a ?third party? corporation, like a phone company or Internet provider. As many legal scholars have noted, however, this allows constitutional privacy safeguards to be circumvented via a clever two-step process. Step one: The government forces private businesses (ideally the kind a citizen in the modern world can?t easily avoid dealing with) to collect and store certain kinds of information about everyone?anyone might turn out to be a criminal, after all. No Fourth Amendment issue there, because it?s not the government gathering it! Step two: The government gets a subpoena or court order to obtain that information, quite possibly without your knowledge. No Fourth Amendment problem here either, according to the Supreme Court, because now they?re just getting a corporation?s business records, not your private records. It makes no difference that they?re only keeping those records because the government said they had to. Current law already allows law enforcement to require retention of data about specific suspects?including e-mails and other information as well as IP addresses?to ensure that evidence isn?t erased while they build up enough evidence for a court order. But why spearfish when you can lower a dragnet? Blanket data requirements ensure easy access to a year-and-a-half snapshot of the online activities of millions of Americans?every one a potential criminal. But, of course, if you complain about this or argue against the law, the title alone makes it sound like you're defending child pornography. How nice. From rforno at infowarrior.org Thu Jul 7 15:39:31 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jul 2011 16:39:31 -0400 Subject: [Infowarrior] - RIAA Accounting: How To Sell 1 Million Albums And Still Owe $500, 000 Message-ID: <89E39BB2-D94A-4549-885B-0099531E3312@infowarrior.org> RIAA Accounting: How To Sell 1 Million Albums And Still Owe $500,000 from the who's-ripping-off-whom-again? dept http://www.techdirt.com/articles/20110707/03264014993/riaa-accounting-how-to-sell-1-million-albums-still-owe-500000.shtml Last year, we had a post on RIAA accounting, detailing how labels screw over many musicians, even some of the best selling ones, such that they never actually make a dime in royalties. Bas points us to an excellent 14 minute video from lawyer Martin Frascogna, entitled How To Sell 1 Million Albums and Owe $500,000: It definitely covers a lot of the same ground (in fact, his advance numbers and sales numbers match up exactly with the numbers we quoted last time from Courtney Love), but it also delves into some of the sneakier aspects of record label contracts with musicians -- things that many musicians simply won't know about or understand when they sign their contract. Using those points, he breaks down how a band might think it's getting royalties on $20 million worth of sales but then find out that, thanks to some of these fun tricks, the basis for calculating the royalty takes that number all the way down to $4.9 million (and then with a 10% royalty, the official take is $490,000 -- but if the advance is $1 million... the band still technically "owes" $500,000). And, as we noted in the post last year, don't think that because a band goes "unrecouped" that the label loses money on them. The "recouping" only comes from the 10% royalty rates, which are really much, much lower (in this example, the "real" royalty rate is more like 2.5% due to the clauses in the contract). That leaves 97.5% of the money in play. Obviously, some of that is covering costs and expenses. But there's plenty of cash that makes its way into the label's bank account, when an album sells $20 million. As for what kinds of tricks the labels use, well, Frascogna notes "breakage fees" of 20%, which are based on breakage rates for vinyl from half a century ago. That CDs don't break so much and that digital files don't break at all, doesn't matter. The labels still try to get a super high breakage rate that they get to deduct. For them, it's pure profit. Then there are "uncollected account" withholdings, on the basis that some retailers go bankrupt and don't pay for the stock they had. The way it's described here, that's often just a set number, rather than based on any actual, documented cases of uncollected fees. Next up? "Free goods." Now, we talk about the importance of free goods all the time. But here it's used in a different manner. Basically the labels deduct the "cost" of providing reviewers/radio stations/etc. with "free" copies of your album. That money comes straight out of the gross that the royalty is calculated on. The fact that you could just email the mp3 to those folks yourself? Well, pay no attention to that newfangled technology. Next up, there are "container charges." That's for things like the jewel cases and inserts for CDs. Again, the fact that digital music doesn't have such expenses is pretty much ignored. Also, the fact that all of these expenses get deducted from the artists' share? That also seems wrong. Even more insane? Apparently the standard "container charge" is an additional 30% off the revenue. Again, in many cases that's just pure profit for the labels. Finally, there's the ever lovely and totally amorphous "reserves." As Frascogna notes: "no one really knows what reserves entail." It's basically a blank check for the record labels to claim they have to keep some of the money themselves for "other stuff," which is mostly undefined. In this case, some labels simply set a straight percentage, up to 20% more of the gross that artists never get to see as part of their own royalties. Bring all that together, and the 10% royalty looks more like a 2.5% royalty, and that's not enough to even get halfway to recouping even if you sell 1 million albums at the high high price of $20/album. And that doesn't even touch on splitting up any money you get between band members and paying the manager/agent, etc. When you dig in to things like this, you can understand how artists like Lyle Lovett can say they've sold 4.6 million albums and never made a dime in royalties from album sales. Now, many of these points can be negotiable if you're knowledgeable about them. But many artists sign such contracts without realizing what that fine print really means -- and that's just what a lot of the labels are counting on. From rforno at infowarrior.org Thu Jul 7 15:45:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jul 2011 16:45:03 -0400 Subject: [Infowarrior] - Dropbox Revises its TOS Message-ID: <15729DB6-ECBF-4B48-B7FA-0A330C1E2F04@infowarrior.org> ... in light of the recent broo-haa-haa over their alleged claim of ownership over customer information. See: http://blog.dropbox.com/?p=867 for more information. -- rick From rforno at infowarrior.org Thu Jul 7 15:47:52 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jul 2011 16:47:52 -0400 Subject: [Infowarrior] - =?windows-1252?q?MPAA=2C_RIAA_Team_Up_With_ISPs_t?= =?windows-1252?q?o_=91Alert=92_Pirates?= Message-ID: <6B3798DE-30C6-4BE8-9A84-0B8A83E7B86A@infowarrior.org> MPAA, RIAA Team Up With ISPs to ?Alert? Pirates http://torrentfreak.com/mpaa-riaa-team-up-with-isps-to-curb-piracy-110707/ A breakthrough coalition of the MPAA, RIAA and other copyright holders have signed an agreement with AT&T, Cablevision, Comcast, Time Warner Cable and Verizon to curb piracy. Under the agreement the ISPs agree to send ?copyright alerts? to subscribers whose Internet connections are used for copyright infringement. Repeated offenders will not be disconnected from the Internet, but could be slowed down instead. As unofficially announced last month, a coalition of entertainment industry groups and several major U.S Internet providers have teamed up to curb online piracy. At the center of their plan is a system to notify and educate suspected copyright infringers by sending them so-called ?copyright alerts?. According to the participants, including the MPAA, RIAA and all major ISPs, the warning system is likely to result in a massive decrease in online piracy in the U.S. All partners stress, however, that the agreement is merely a ?common framework? to deal with copyright infringements and it doesn?t oblige ISPs to disconnect users? Internet access. So what the plan? The new agreement will streamline the current avalanche of DMCA notices Internet providers are already forwarding to their customers. A third-party will monitor file-sharing networks and collect the IP-addresses of suspected infringers. These will then be added to a database and forwarded to the Internet provider who will send a corresponding copyright alert. This alert will inform the Internet subscriber that his or her account was allegedly used to share copyrighted content, and how to prevent this from happening in the future. If the same IP-address is spotted again a similar alert will be sent, and only after 5 ?strikes? will the Internet provider take action. The ISPs have several options on how to deal with repeat infringers. One of the suggestions is to slow down their connection speed, but ISPs may also temporarily redirect the customer to a landing page which offers instructions on how to engage in a friendly and educational chat with the abuse department. Before any of the above sanctions go into effect Internet subscribers have the right to call for an independent review at the cost of a $35 filing fee. But will it be effective? Not really. First of all this agreement only covers a few of the many sources of online piracy. The millions of U.S. Internet users who download via cyberlockers are not affected by this agreement at all, as these downloads are impossible to track by third parties. The same is true for the many online streaming portals which have become very popular recently. The agreement is mainly targeted at BitTorrent users, but these can also bypass the copyright alerts quite easily. Signing up for a VPN or proxy does the trick, and the same is probably true for more obscure private BitTorrent trackers which are less likely to be monitored. A recent survey in France, where Internet users can actually lose their connection, revealed that the new agreement might not be worth the cost. Only 4% of the polled file-sharers said they stopped sourcing music from illegal services out of fear of detection. In the UK, a recent survey by an ISP revealed similar results. Despite the relative ease with which copyright infringers can bypass the warning system and the lack of deterrence, all parties involved are ecstatic about the new agreement. ?This groundbreaking agreement ushers in a new day and a fresh approach to addressing the digital theft of copyrighted works,? RIAA?s Cary Sherman trumpeted in a comment. We have our doubts. From rforno at infowarrior.org Thu Jul 7 20:40:08 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 7 Jul 2011 21:40:08 -0400 Subject: [Infowarrior] - "Digital Pearl Harbor" talk is back in Congress Message-ID: <4961E2CA-C4A4-48E4-A9C9-DA0952F7F808@infowarrior.org> Here we go again. *headdesk* --- rick A gold standard in cyber-defense By Joe Lieberman, Susan Collins and Tom Carper, Thursday, July 7, 8:01 PM http://www.washingtonpost.com/opinions/a-gold-standard-in-cyber-defense/2011/07/01/gIQAjsZk2H_print.html The history of Internet security is both worrisome and instructive. When the first virus ? the ?Morris worm? ? was launched in 1988, the Internet was a closed system of 60,000 computers used almost exclusively by academic, government and military researchers. Morris used known vulnerabilities in communications software to knock offline about 10 percent of the computers tied to the Web. The cry immediately went out for greater security, but complacency soon set back in. Today, the Internet has more than 2 billion users ? one in every three people on the planet. It is a nearly indispensable tool of modern life. But consider just a few high-profile victims of successful computer intrusions in recent months: Sony, Citigroup, the International Monetary Fund, the Gmail accounts of high-ranking U.S. officials and the computer security company RSA ? an intrusion that seems to have played a part in later attacks on Lockheed Martin and perhaps other defense contractors that use RSA products. Also lurking in the digital ether are computer viruses and worms, like Stuxnet, that could commandeer industrial control systems used to operate the valves and switches in nuclear power plants, pipelines, commercial manufacturing facilities and other critical infrastructure, and force them to shut down or perform dangerous operations. Despite this known danger, the security firm McAfee and the Center for Strategic and International Studies found in 2010 that only 35 percent of the owners of critical systems had checked to see if Stuxnet had invaded their networks, even though 40 percent of those that did check found their systems were infected. At his Senate confirmation hearing last month, Defense Secretary Leon Panetta warned that the ?next Pearl Harbor we confront could very well be a cyber-attack that cripples our power systems, our grid, our security systems, our financial systems, our governmental systems.? Legislation we have proposed would help strengthen our digital infrastructure against these kinds of exploits by creating a ?gold standard? in cyber-defenses from the most sensitive networks to personal computers. We would start by giving the Department of Homeland Security (DHS) statutory authority to work with industry to identify and evaluate the risks to the country?s most critical cyber-infrastructure ? those systems that control power plants, electric grids and pipelines, all of which, if hacked, could lead to human and physical destruction and economic havoc. Once those risks have been identified, owners and operators would select security measures to safeguard their systems. These plans would be reviewed by DHS cyber-experts to ensure they improve security. Our legislation would provide liability protection for owners and operators who are in compliance with their approved security plans. This framework would produce cybersecurity ?best practices? that would then be available as a model for the private sector. While such use would be voluntary, the development of better security techniques and the creation of industrywide standards of care would lead commercial networks to install them as a way to keep customers and draw in new ones. Imagine the bank that has to explain to its customers ? or to a court of law ? that customer account information was stolen because it did not implement readily available security measures. Some technology companies ship products with inadequate regard for security, figuring flaws can be plugged later. Our bill would encourage the federal government to do business only with companies that bake in security from the outset and avoid those that try to bolt it on later. The federal government?s purchasing power would help prod the market to produce more secure products, which would also be available to non-government consumers. Our bill would also give DHS the statutory responsibility to ensure that the federal government is sharing threat, vulnerability and mitigation information with the private sector. Many companies want to protect their systems but are hard-pressed to determine just what they are protecting against and do not know who in the government can assist them. DHS should coordinate the information flows within the government as well as between government and the private sector. There is no such thing as 100 percent security, on- or offline, but we must strive to strengthen our defenses against those who are constantly working to do us harm. There are some in Congress who resist taking action on cyber-threats this year, but we must put partisan politics aside, given the danger of this threat. The alternative could be a digital Pearl Harbor ? and another day of infamy. Joe Lieberman is an independent Democrat from Connecticut. Susan Collins is a Republican from Maine. Tom Carper is a Democrat from Delaware. They serve respectively as chairman, ranking member and member of the Senate Homeland Security and Governmental Affairs Committee. ? The Washington Post Company From rforno at infowarrior.org Fri Jul 8 06:32:01 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jul 2011 07:32:01 -0400 Subject: [Infowarrior] - Policy and Internet: Special Issue on Cybercrime Message-ID: <0FA07B52-D527-462D-B310-FCF0200F2B65@infowarrior.org> Policy and Internet: Special Issue on Cybercrime http://www.psocommons.org/policyandinternet/vol3/iss2/ Cybercrime Introduction Cybercrime is a pressing and prevalent problem for the information society. It carries with it a considerable set of associated risks for individuals, business and industry, and public administration and e-government. Multidisciplinary views on the issues raised for public policy by cybercrime are actively being sought by policy-making communities. This special issue on cybercrime brings together a range of articles that exemplify many of the problems that the abuse of networked technologies brings to the Internet society as a whole and which engage with policy responses that impact upon national and supra-national legislation, cooperation in law enforcement, public-private cooperation, and international coordination against transnational crime. Guest Editor: Stefan Fafinski School of Law, University of Leeds, UK Editorial PDF Public Policy Responses to Cybercrime Stefan Fafinski Articles PDF Contemplating Criminal Liability for the Consequences of Unlawful Data Disclosure Emily Finch PDF Teenage Folly or Child Abuse? State Responses to "Sexting" by Minors in the U.S. and Germany Sandra Schmitz and Lawrence Siry PDF Adolescents and Cybercrime: Navigating between Freedom and Control Simone van der Hof and Bert-Jaap Koops PDF Overcoming the Warez Paradox: Online Piracy Groups and Situational Crime Prevention Jonathan Basamanowicz and Martin Bouchard PDF Finding the Key Players in Online Child Exploitation Networks Bryce G. Westlake, Martin Bouchard, and Richard Frank PDF Do Certification Seals Permit a Price Premium for Online Security and Privacy? Michael R. Hammock PDF A Public-Private Partnership Model for National Cybersecurity Malcolm Shore, Yi Du, and Sherali Zeadally From rforno at infowarrior.org Fri Jul 8 06:52:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jul 2011 07:52:35 -0400 Subject: [Infowarrior] - RIAA Starts Going After BitTorrent Sites Message-ID: <14140A78-DEDA-44D4-8B96-FF990A4AEA5D@infowarrior.org> RIAA Starts Going After BitTorrent Sites ? Ernesto ? 8/07/2011 http://torrentfreak.com/riaa-starts-going-after-bittorrent-sites-110708/ For years BitTorrent sites have remained untouched by the RIAA?s legal battles, but recent court filings indicate that this may change. After settling their dispute with LimeWire earlier this year the RIAA is now targeting several BitTorrent indexers. The record industry group has filed a complaint at the U.S. District Court of Columbia and has obtained subpoenas to reveal the identities of individuals behind three large torrent sites. Historically the RIAA?s litigation campaigns have focused mainly on individual file-sharers and P2P-software and services such as LimeWire. Unlike their counterparts at the MPAA, BitTorrent sites have not been prime targets for the recording industry association?s lawyers. However, recent court filings obtained by TorrentFreak show that the RIAA might have just changed course. The U.S. District Court for the District of Columbia has granted a request from the RIAA to subpoena the privacy protection services utilized by three large torrent sites. The site owners use these services to hide their personal details from otherwise publicly available WHOIS domain records, but the RIAA wants to know who they are dealing with. The targeted sites are Monova.org, Bitsnoop.com and Limetorrents.com, which all have hundreds of thousands of daily visitors. According to the RIAA, these sites are infringing on the copyrights of many artists. ?We believe your service is hosting the above-referenced website on its network. This website offers direct links to files containing sound recordings for other users to download by such artists as Lady Gaga, Micheal Jackson, Coldplay, Madonna and Kanye West,? the RIAA writes in a letter to Whoisguard.com. ?As stated in the attached subpoena, you are required to disclose to the RIAA information sufficient to identify the infringer. This would include the individual?s IP-address and e-mail address,? the RIAA adds. One of the torrent site operators targeted by the RIAA told TorrentFreak that the subpoena comes as a surprise. He always responded swiftly to RIAA?s DMCA requests while the court documents suggest that he hasn?t been cooperative at all. ?The RIAA has sent us several DMCA requests in the past and we always honored these,? Bitsnoop?s owner informed us. ?Apparently that wasn?t enough, so now they pull this stunt.? At this point it is unknown what the RIAA is planning to do once they obtain the personal information of the site?s owners. Although it could theoretically be the beginning of a full-fledged litigation campaign against the torrent sites, it seems more likely that the subpoenas will be used to pressure and threaten operators. During the past year several music industry associations in Europe and Asia have sent requests to domain registrars with a similar objective. The ultimate goal is to make it harder for BitTorrent site operators to continue their business by putting pressure on them, and the companies that provide services to these sites. A good example is the following sentence in the letter to Whoisguard.com, which goes far beyond the attached subpoena for information. ?We are asking for your immediate assistance in stopping this [linking to torrent files] unauthorized activity. Specifically, we request that you remove the infringing files from the system, or that you disable access to the infringing files, and that you inform the site operator of the illegality or his or her conduct.? Whatever the true motivation of the RIAA is, with the recent news about domain seizures, extradition requests and these recent subpoenas, operating a BitTorrent site has become a stressful job. Whether this will have the desired outcome for the music industry group in the long run remains to be seen. TorrentFreak asked the RIAA to comment on our finding but we have not received a response. From rforno at infowarrior.org Fri Jul 8 06:55:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jul 2011 07:55:28 -0400 Subject: [Infowarrior] - ISP Copyright Alert System Fact Sheet and FAQ Message-ID: Center for Copyright Information ISP Copyright Alert System Fact Sheet and FAQ July 8, 2011 in Corporate These are the Fact Sheets and FAQs provided by the Center for Copyright Information regarding their ISP Copyright Alert System, under which a number of ISPs, including Verizon Communications Inc, Comcast Corp, Time Warner Cable Inc, Cablevision Systems Corp and AT&T Inc, have agreed to alert customers, up to six times, when it appears their account is used for illegal downloading. Warnings will come as e-mails or pop-up messages and could ultimately result in service degradation or termination if ignored. http://publicintelligence.net/center-for-copyright-information-isp-copyright-alert-system-fact-sheet-and-faq/ This is the Memorandum of Understanding provided by the Center for Copyright Information regarding their ISP Copyright Alert System, under which a number of ISPs, including Verizon Communications Inc, Comcast Corp, Time Warner Cable Inc, Cablevision Systems Corp and AT&T Inc, have agreed to alert customers, up to six times, when it appears their account is used for illegal downloading. Warnings will come as e-mails or pop-up messages and could ultimately result in service degradation or termination if ignored. http://publicintelligence.net/center-for-copyright-information-isp-copyright-alert-system-memorandum-of-understanding/ From rforno at infowarrior.org Fri Jul 8 14:45:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jul 2011 15:45:28 -0400 Subject: [Infowarrior] - CBS fakes July 4 footage Message-ID: I may be wrong, but I think this isn't hte first time they've beeb caught doing this kind of video fakery at public events. -- rick Boston gets a nonreality show CBS broadcasts impossible views of 4th fireworks By James H. Burnett III Globe Staff / July 8, 2011 http://www.boston.com/ae/tv/articles/2011/07/08/cbs_broadcasts_altered_views_of_bostons_fourth_of_july_fireworks/?page=full As viewers began to point out yesterday, it would not have been geographically possible to see the fireworks above and behind the landmarks in question, since the display was launched from a barge in the Charles River and in directions away from those places. ?According to CBS, you can see the fireworks from the right side of Quincy Market, even though Beacon Hill is in the way,?? wrote ?Kaz,?? whose real name is Karl Clodfelter, a commenter on the Boston blog UniversalHub.com. ?Also, they come up behind the State House when you?re standing across the road . . . which means the barge must have been parked on the Zakim this year,?? wrote Clodfelter, a research scientist from Brighton. David Mugar, the Boston-area businessman and philanthropist who has executive produced the show for nine years, confirmed yesterday that the footage was altered. He said this was the first year such alterations were made. Mugar said the added images were above board because the show was entertainment and not news. He said it was no different than TV drama producer David E. Kelley using scenes from his native Boston in his show ?Boston Legal?? but shooting the bulk of each episode on a studio set in Hollywood. ?Absolutely, we?re proud to show scenes from our city,?? Mugar said. ?It?s often only shown in film or in sporting matches. We were able to highlight great places in Boston, historical places with direct ties to the Fourth. So we think it was a good thing.?? A CBS Television spokesman declined comment about whether the network was aware of, or approved of, the fireworks show being digitally altered. The footage of the landmarks was shot several weeks ago. According to Mugar, camera crews from Boston 4 Productions, the production wing of Boston 4 Celebrations Foundation, the fireworks show?s parent, crisscrossed Boston and Suffolk County shooting video of famous landmarks one evening in May. ?I?d say we shot from about 8 p.m. till 4 or 5 the next morning,?? Mugar said. ?Among other places, we got video of the Old North Church, the State House, Quincy Market, the statue of Paul Revere, Fenway Park, with the full cooperation of the Red Sox, who let us in and turned on certain lights for our shoot. And we did it all with the intention of superimposing the fireworks over the images. The technical process is called matting.?? Entertainment or not, some viewers were not amused to learn that the footage was altered. T.J. Jeffers, decked out in a Celtics T-shirt and Red Sox cap, stood outside the JFK/UMass T stop yesterday and, with a toothy grin, declared his love for Boston and the Independence Day celebrations. ?It?s one of the biggest times of year here,?? an animated Jeffers said. ?Man, it?s huge. The fireworks, the crowds. It takes you back to your childhood. . . . But I?m shocked they changed stuff on TV, because they didn?t need to. The fireworks don?t need dressing up. They?re fireworks.?? At a Shaw?s grocery store in Dorchester, Penny Thompson, who described herself as ?a lifer, born and raised in the Boston area,?? expressed disappointment, but not over the quality of the fireworks display. ?I thought it looked fine,?? Thompson said. ?I just don?t like knowing it wasn?t real. I mean I know the fireworks were real, but I?m saying not real like they changed stuff. That?s not cool.?? Eric Deggans, a Florida-based media critic and regular panelist on CNN?s media critique show ?Reliable Sources,?? said the altered video presents a potential credibility problem for CBS. ?It is an ethical issue, and to say it?s not because the show was aired through CBS Entertainment is to imply that the entertainment side of CBS has no ethics,?? Deggans said. ?I think - especially in today?s media environment - the most important commandment for media is to not mislead the viewer. . . . If you?re a viewer who doesn?t know Boston, you?re getting a picture of the layout of the city that doesn?t exist.?? David A. Perry, a Massachusetts native who watches the televised fireworks each year from his home in Delaware, Ohio, and who first alerted the Globe to the altered video, had a similar, if more tempered, reaction. ?I was already just dismayed with the coverage,?? said Perry, a 45-year-old computer programmer who left New England five years ago to relocate to his new wife?s hometown. ?They didn?t pan out enough to show what was probably a crowd of half a million. They made it seem like just 2,000 people were there. But then I started seeing some of the angles. And let me tell you, I?ve been to plenty of Sox games. So I knew the angles and the backgrounds weren?t right. ?The shame is I?ve always thought the fireworks were among the best in the country. So there was no need to add anything. The fireworks by themselves would have been good enough. Why??? Asked about Mugar?s argument that the show was entertainment so the usual rules did not apply, Clodfelter, the commenter from Brighton, said if that?s the case ?why not superimpose Neil Armstrong on the moon??? James Burnett III can be reached at james.burnett at globe.com. ? Copyright 2011 Globe Newspaper Company. From rforno at infowarrior.org Fri Jul 8 22:37:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jul 2011 23:37:17 -0400 Subject: [Infowarrior] - U.S. official says pre-infected computer tech entering country Message-ID: http://technolog.msnbc.msn.com/_new...ntering-country U.S. official says pre-infected computer tech entering country By M. Alex Johnson, msnbc.com reporter Confirming years of warnings from government and private security experts, a top Homeland Security official has acknowledged that computer hardware and software is already being imported to the United States preloaded with spyware and security-sabotaging components. The remarks by Greg Schaffer, the Department of Homeland Security's acting deputy undersecretary for national protection and programs, came Thursday during a tense exchange at a hearing of the House Oversight and Government Reform Committee. The panel is considering an Obama administration proposal to tighten monitoring and controls on computer equipment imported for critical government and communications infrastructure. Schaffer didn't say whether the equipment he was talking about included end-user consumer tech like retail laptops, DVDs and media players. If so, his comments, first reported Friday morning by Fast Company, would be the first time the United States has publicly confirmed that foreign consumer technology is arriving in the country already loaded with nasty bugs like key-logging software, botnet components and even software designed to defeat security programs installed on the same machine. DHS did not respond to requests to clarify Schaffer's remarks. Schaffer made the statement under questioning from Rep. Jason Chaffetz, R-Utah, who noted that "the issue of software infrastructure (and) hardware built overseas with items embedded in them already by the time they get to the United States ... poses, obviously, security and intellectual property risks." "A, is this happening, Mr. Schaffer? And, B, what are we going to do to fight back against this?" he asked. Schaffer began his answer by stating how important the issue is to President Barack Obama. But Chaffetz cut him off and, at Schaffer's request, broadly restated the question to extend it beyond government infrastructure: "Are you aware of any component software (or) hardware coming to the United States of America that already have security risks embedded into those components?" Schaffer paused for about 10 seconds before replying: "I am aware that there have been instances where that has happened." From rforno at infowarrior.org Fri Jul 8 22:44:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jul 2011 23:44:33 -0400 Subject: [Infowarrior] - The six ways you can appeal new copyright "mitigation measures" Message-ID: The six ways you can appeal new copyright "mitigation measures" By Nate Anderson | Published about 5 hours ago http://arstechnica.com/tech-policy/news/2011/07/the-six-ways-you-can-appeal-the-new-copyright-alerts.ars Under the new voluntary antipiracy regime agreed to this week by Internet providers, users who receive a first "alert" regarding copyright infringement on their account won't be able to challenge that alert. Nor can they challenge the second alert, or the third, or the fourth. They can only challenge the alerts when they move from "education" to "mitigation"?after the fifth or sixth alert, depending on the Internet provider. (RIAA head Cary Sherman told me yesterday that this was because the first "educational" alerts are like traffic warnings rather than traffic tickets; there's no penalty, so who would want to challenge them?) At that point, before a user's Internet connection is throttled, curtailed, or otherwise hobbled, the account subscriber can pay $35 and appeal to a new independent body funded by the ISPs and the content owners. But the appeals process won't accept just any defense; indeed, the official memorandum of understanding (MoU) governing this whole process describes the six possible defenses the independent reviewer will even consider (they are incorrectly numbered in the MoU and so run up to "vii," but only six items are listed). Here they are: (i) Misidentification of Account - that the ISP account has been incorrectly identified as one through which acts of alleged copyright infringement have occurred. (ii) Unauthorized Use of Account - that the alleged activity was the result of the unauthorized use of the Subscriber?s account of which the Subscriber was unaware and that the Subscriber could not reasonably have prevented. (iii) Authorization - that the use of the work made by the Subscriber was authorized by its Copyright Owner. (iv) Fair Use - that the Subscriber?s reproducing the copyrighted work(s) and distributing it/them over a P2P network is defensible as a fair use. (vi) Misidentification of File - that the file in question does not consist primarily of the alleged copyrighted work at issue. (vii) Work Published Before 1923 - that the alleged copyrighted work was published prior to 1923. Each defense category is governed by specific rules. For instance, if you claim that neither you nor anyone else using your computers or network had downloaded said file ("misidentification of account"), here's how you can win: A Subscriber shall prevail on this defense if the Participating ISP?s and/or Copyright Owner?s records indicate, upon Independent Review, that a factual error was made in (1) identifying the IP address at which the alleged copyright infringement occurred and/or (2) correlating the identified IP address to the Subscriber?s account. In reviewing the Participating ISP?s or Copyright Owner?s records, automated systems for capturing IP addresses or other information in accordance with Methodologies have a rebuttable presumption that they work in accordance with their specifications, unless the Independent Expert?s review of any such Content Owner Representative Methodology resulted in a Finding of Inadequacy in which event such rebuttable presumption shall not apply to such Content Owner Representative Methodology. What about the "open WiFi defense" ("unauthorized use of account")? You can only use it once. A Subscriber shall prevail on this defense if the Subscriber adequately and credibly demonstrates that the alleged activity was the result of unauthorized use of the Subscriber?s account by someone who is not a member or invitee of the household (e.g., via an unsecured wireless router or a hacked Internet connection) of which the Subscriber was unaware and that the Subscriber could not reasonably have prevented. The foregoing sentence notwithstanding, the Reviewer may in his or her discretion conclude that a Subscriber is entitled to prevail under this defense despite the Subscriber?s failure to secure a wireless router if the Reviewer otherwise concludes that the Subscriber adequately and credibly demonstrates that the alleged activity was the result of unauthorized use of the Subscriber?s account by someone who is not a member or invitee of the household of which the Subscriber was unaware. In determining whether this standard has been satisfied, the Reviewer shall consider the evidence in light of the educational messages previously provided by the Participating ISP. Except as set forth herein, this defense may be asserted by a Subscriber only one (1) time to give the Subscriber the opportunity to take steps to prevent future unauthorized use of the Subscriber?s account. Any subsequent assertion of this defense by a Subscriber shall be denied as barred, unless the Subscriber can show by clear and convincing evidence that the unauthorized use occurred despite reasonable steps to secure the Internet account and that the breach of such security could not reasonably have been avoided. [emphasis added] Should you win one of these challenges, you get your $35 back and the "alert" is taken off your account, though no other alerts are. Your next alert will therefore begin the "mitigation" process once more. These alerts do eventually expire; any subscriber who makes it 12 months without receiving a notice has their slate wiped clean. If you fail here, prepare to be mitigated with extreme prejudice. ISPs can basically pick their preferred punishment, but the MoU offers a few tasty ideas, including: ( a ) temporary reduction in uploading and/or downloading transmission speeds; ( b ) temporary step-down in the Subscriber?s service tier to (1) the lowest tier of Internet access service above dial-up service that the Participating ISP makes widely available to residential customers in the Subscriber?s community, or (2) an alternative bandwidth throughput rate low enough to significantly impact a Subscriber?s broadband Internet access service (e.g., 256 - 640 kbps); ( c ) temporary redirection to a Landing Page until the Subscriber contacts the Participating ISP to discuss with it the Copyright Alerts; ( d ) temporary restriction of the Subscriber?s Internet access for some reasonable period of time as determined in the Participating ISP?s discretion; ( e ) temporary redirection to a Landing Page for completion of a meaningful educational instruction on copyright Our take: After years of complaining that dragging people through federal litigation and securing hundreds of thousands of dollars in damage awards was about the most asinine (and unfair) way possible of dealing with the P2P file-sharing issue, it would be churlish not to admit that this is step up from such a low bottom. The federal court system, where all copyright claims are heard, was never made to handle mass litigation against millions of people, many without the money for lawyers, over petty instances of infringement (even if they may not be so petty in the aggregate). There's just no possible way that six warnings, followed by a speed throttle, could be worse than what happened to people like Jammie Thomas-Rasset and Joel Tenenbaum. And the new mechanism is set up in a fairly careful way, with its emphasis on notification and its creation of a centralized (and allegedly independent) body vetting P2P detection mechanisms and making sure that they are accurate. (Given the numerous false positives we've seen over the years, this is surely a good thing.) It also downplays disconnection as a possibility, and we suspect (and hope) that American ISPs will rarely disconnect users over noncommercial IP issues. But none of that means the new approach is an actively great idea, either; ISPs playing copyright cop, with a presumption that all allegations are legitimate, is a dangerous way to go once we move from education into non-judicial punishment. It sets a bad precedent for network intermediaries that may well come back to haunt them, like Marley's ghost, in the years to come. This is not how we want the Internet of the future to look, policed by intermediaries who assume the validity of incoming complaints and who dole out private justice over a such a crucial communications link. These are the moments at which we need to the protections of due process and judicial review, but making such a system functional would surely require something more streamlined than current federal process. Combining the French system of faster judicial oversight of ultimate punishments and appeals with this much-improved US approach, emphasizing education and user privacy, might have more potential... but it's not the approach we're going to try. By the time we hear the echo of those rattling chains and look back with regret, it may be hard to reverse the ISP deputization process. From rforno at infowarrior.org Fri Jul 8 22:53:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 8 Jul 2011 23:53:28 -0400 Subject: [Infowarrior] - 3, 2, 1, and the Last Shuttle Leaves an Era Behind Message-ID: <390D7AFD-B207-4B52-9437-E90ED785ADC0@infowarrior.org> 3, 2, 1, and the Last Shuttle Leaves an Era Behind By JOHN NOBLE WILFORD https://www.nytimes.com/2011/07/09/science/space/09wilford.html?hp=&pagewanted=print KENNEDY SPACE CENTER, Fla. ? There was a time, some of us remember, when a countdown at Canaveral stopped the world in its tracks. On television or at the launching, every breath was held at liftoff and every eye followed the fiery plume of ascent, up and away. Godspeed, said someone who was everyone. That was a half century ago, when men first squeezed into their machines and, defying gravity, rode into a new dimension of human experience. Unbound to Earth, our species could imagine that an age of spacefaring was truly under way, the Moon and Mars within reach, maybe even an asteroid where the Little Prince awaited our visit. The promised new reality legitimized fantasies. The atmosphere here on Friday at the launching of the space shuttle Atlantis was, in some respects, reminiscent of the old days. The crowd was the largest in years, attracted by the last chance for no telling how long to see astronauts in this country leave for space. Everything was class-reunion festive. The gray-hairs recharged memories from youth. Their grandchildren trooped along to see what had turned people on when there were just a few channels of black-and-white TV and the only telephone in the house was at the end of a cord ? and the only ones twittering were sparrows. As rain clouds hovered ominously and the countdown began to the 135th departure in the 30-year-old shuttle program, the milling crowd grew still and anxious. There was concern for the four lives in the winged space plane, of course, and all eyes searched for the break in the clouds that finally came. But this time, more than ever, spectators and others who care about NASA worried for nothing less than the future of human spaceflight in the United States. ?We?ve come full circle since 1961, back to when we had yet to show we could launch people into space,? said Steven J. Dick, a retired NASA chief historian. ?We will be hitching rides from the Russians to go to the space station that is mainly ours.? The irony of having to send our astronauts up in Russian Soyuz capsules is as plain as cold war history. The Soviet Union?s early dominance of space, manifested by the Sputnik surprise in 1957 and subsequent feats, prompted the United States to match and then surpass the Soviets in a program topped off by the Apollo 11 lunar landing in 1969. Human spaceflight would have come along anyway, but not with quite the urgency of the Soviet-American competition. Foreseeing the end of shuttle flights, the Obama administration and NASA last year proposed new plans, approved by Congress, to develop heavy-lift rockets for sending people deeper into space, to be ready perhaps after 2020. Meanwhile, NASA has begun financing research for intermediate crew-only spacecraft to be produced and launched by commercial companies, probably no sooner than 2016. Such plans, of course, are at the mercy of the budget cutting and government downsizing spreading in Washington. Lori B. Garver, the deputy administrator of NASA, insisted this week that the future was bright for human spaceflight. ?We are tapping into how we developed almost everything great in this country, through commercial enterprise and competition,? Ms. Garver said. Other NASA officials noted that Congressional support for the new programs was bipartisan. But they acknowledged that budget cuts were possible, and would ultimately take a toll on launching capabilities. John M. Logsdon, a space policy expert and the author of ?John F. Kennedy and the Race to the Moon,? said there had been gaps in human flight before, especially after Apollo flights ended in 1975 and the first shuttles flew in 1981. ?We can accept that as long as a replacement is in the pipeline,? Dr. Logsdon said. ?But we are ending programs with no sure follow-ons.? Dr. Dick, the historian, questioned whether the barely started new programs would be ready to boost this country?s astronauts into orbit in this decade. ?We?re stuck in the short term, can?t rouse ourselves to do much that?s inspiring,? he said. Whatever happened to the space age as imagined back in the 1950s and early ?60s, when science fiction writers and rocket scientists spun tales of travel out in the solar system and beyond? Propellants, oxygen and other good stuff never seemed limited, or radiation a risk, or Congressional budgets a curse. This alternate universe appealed to some in a society flush with confidence after winning the Second World War but feeling a bit confined in the postwar gray-flannel conformity. Americans seemed to have lost none of their can-do spirit. No one disputes that the space age is here to stay. Think of how much our day-to-day lives depend on the herds of satellites occupying orbital space, the world community?s commons. They are integral to communications, social media, business transactions, military operations and surveillance, surveys for charting world resources and climate and the G.P.S. devices that help us keep track of ourselves and others. As an inspiring bonus, other robotic instruments have extended human curiosity to the very edge of the solar system and out to the galaxies, close to cosmic beginnings. This does not assuage the lingering disappointment of some of those who grew up with the space age, the countdowns, the Moon walks, the unpiloted encounters with other planetary worlds and the touchdowns on the russet plains of Mars. For various reasons, the spread of no-can-do limits has swept aside the optimism with which Americans met the initial challenges of the space age. The Apollo lunar-landing successes, restoring national pride and asserting pre-eminence in space technology, reduced the immediate geopolitical pressures driving human space efforts. The Nixon administration rejected NASA?s post-Apollo plans for permanent Moon bases, orbiting space stations and flights to Mars. Flying reusable space shuttles was NASA?s consolation prize. Although the vehicles had their triumphs servicing the Hubble Space Telescope and assembling the International Space Station, they never came close to living up to the extravagant promise to make spaceflight more efficient and economical, approaching the reliability of aviation. The Challenger and Columbia disasters set back the program, which never approached an early objective to fly every few weeks at a cost of only $7 million (it was more like $1.5 billion a mission). The shuttles consigned American astronauts to low orbits, going round and round, unable to strike out to distant destinations. Spaceflight dropped off the front pages ? though on Saturday, all will report the successful launching of the Atlantis, at 11:29 a.m. Eastern time Friday, two and a half minutes behind schedule. Studies of the effects of long-duration space travel by Russian and American scientists have introduced cautionary notes tempering the early enthusiasm for astronaut trips to Mars lasting several years. M. G. Lord , the author of a memoir, ?Astro Turf,? on growing up in the aerospace culture in California, suggested that these findings contributed to a growing awareness that our bodies are far more fragile than science fiction writers thought when they concocted wide-ranging colonization scenarios. ?These days my pet fantasy for exploring the universe has to do with downloading human consciousness to machines ? silicon is more resilient than flesh,? Ms. Lord said, her imagination by no means grounded. Fifty-one years after the Wright brothers flew at Kitty Hawk, the Boeing 707 was rolled out as the first commercially successful jet airliner, as Howard E. McCurdy, a historian at American University and author of ?Space and the American Imagination,? pointed out the other day. He was acknowledging that aviation offered no guidance for how space travel was likely to unfold. The optimistic Dr. McCurdy noted that private entrepreneurs continued to invest in space technology and transport systems and that ?other nations clamor to join the spacefaring club.? The persistence of this vision in the face of adversity, he said, suggests that space travel reflects ?an elemental need.? After Atlantis lifted off on Friday, NASA replayed photography of the ignition and ascent over and over, from all angles, as if to hold on a little longer to this last parting of a space vehicle whose time had passed. Other images, of the vapors drifting away and exposing the now-empty Launching Pad 39-A, evoked the sadness and uncertainty of what is left behind at the end of an era. From rforno at infowarrior.org Sat Jul 9 07:50:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Jul 2011 08:50:28 -0400 Subject: [Infowarrior] - OT: Why is Perpetual War Like Simvastatin? Message-ID: <58E9F003-2274-4A98-8567-848835107229@infowarrior.org> Op-ed comments below from a very good friend, retired from a senior and very influential DOD career, now toddling around the Med on a sailboat in his happy retirement. --- rick < - > Null Hypothesis: Perpetual War protects the MICC against the buildup of political plaque threatening to clog its money pipes. Proof: The alternative hypothesis has been rejected by a sample of 336 vs. 87, and with the sample being the total population, the Null Hypothesis is accepted at the 100% confidence level. House boosts military budget in time of austerity http://old.news.yahoo.com/s/ap/20110708/ap_on_go_co/us_defense_spending By DONNA CASSATA, Associated Press Fri Jul 8, 4:47 pm ET WASHINGTON ? Money for the Pentagon and the nation's wars in Iraq and Afghanistan is proving largely immune from the budget-cutting that's slamming other government agencies in the rush to bring down the deficit. On a 336-87 vote Friday, the Republican-controlled House overwhelmingly backed a $649 billion defense spending bill that boosts the Defense Department budget by $17 billion. The strong bipartisan embrace of the measure came as White House and congressional negotiators face an Aug. 2 deadline on agreeing to trillions of dollars in federal spending cuts and raising the borrowing limit so the U.S. does not default on debt payments. While House Republican leaders agreed to slash billions from the proposed budgets for other agencies, hitting food aid for low-income women, health research, energy efficiency and much more, the military budget is the only one that would see a double-digit increase in its account beginning Oct. 1 Concerns about undermining national security, cutting military dollars at a time of war and losing defense jobs back home trumped fiscal discipline in the House. Only 12 Republicans and 75 Democrats opposed the overall bill. "In the midst of a serious discussion about our nation's debt crisis, House Republicans demonstrated responsible leadership that sets priorities and does not jeopardize our national security interests and our nation's ongoing military efforts," Rep. Tom Price, R-Ga., chairman of the House Republican Policy Committee, said in a statement. But Rep. Barney Frank, D-Mass, scoffed at the suggestion that "everything is on the table" in budget negotiations between the Obama administration and congressional leaders. "The military budget is not on the table," he said. "The military is at the table, and it is eating everybody else's lunch." The bill would provide $530 billion to the Pentagon and $119 billion to cover the costs of the wars in Iraq and Afghanistan. It would provide a 1.6 percent increase in pay and buy various warships, aircraft and weapons, including a C-17 cargo plane that the Pentagon did not request but is good news for the Boeing production line in Long Beach, Calif. During three days of debate, the House easily turned back several efforts to cut military spending, including amendments by Frank on the Democratic side and and tea party-backed freshman Rep. Mick Mulvaney, R-S.C. In Congress this year, anti-war lawmakers and budget-conscious tea partyers have banded together to try to rein in military spending with some success. "We are at a time of austerity," Frank said. "We are at a time when the important programs, valid programs, are being cut back." Frank's amendment to cut $8.5 billion failed on a 244-181 vote Thursday. "Many of us have gone around back home and told people how serious we are," Mulvaney said. "But how can we look them in the eye and tell them that we are serious about cutting spending and then come in and plus up the base defense budget?" He added: "We have made hard decisions. We have made hard choices. The Defense Department needs to do exactly the same." His amendment to set the Pentagon budget at current levels failed 290-135. Rep. Jason Chaffetz, R-Utah, said there are "those who want to keep the military as strong as possible, so do I, but that doesn't mean you can't have an exceptionally strong military and cut the budget a little bit." The overall bill is $9 billion less than President Barack Obama sought. The White House has threatened a veto, citing limits in the legislation on the president's authority to transfer detainees from the U.S. prison at Guantanamo Bay, Cuba, and money for defense programs the administration didn't want. The overall bill must be reconciled with a still-to-be-completed Senate version. Yet not every House member thought spending was set high enough. Rep. Randy Forbes, R-Va., opposed the bill for cutting too deeply. "It is dangerous for Congress to begin hollowing out the United States military without fully realizing the national security risks this may entail," Forbes said in a statement. The House also acted to slow the repeal of the policy allowing gays to serve openly in the armed forces. Lawmakers voted to block money to train the Chaplain Corps on the practices it should use once the "don't ask, don't tell" policy ends. Rep. Tim Huelskamp, R-Kan., sponsor of the measure, said its purpose is to prohibit chaplains from performing same-sex marriages on military bases without regard to a state's law. The House approved the measure 236-184. The practical effect of his effort was unclear as Defense Secretary Leon Panetta is expected to certify the end of the 17-year ban this summer, long before Congress completes a final defense spending bill. The House also rejected an amendment by Democratic Rep. Dennis Kucinich of Ohio that would have barred funds for the U.S. operation against Libya. The vote was 251-169. The House has sent mixed signals on Obama's military action against Libya, voting to prohibit weapons and training to rebels looking to oust Moammar Gadhafi but stopping short of trying to cut off money for American participation in the NATO-led mission. The votes mirrored the contradictory actions of the House last month, when lawmakers refused to approve the operation but declined to cut off the money. From rforno at infowarrior.org Sat Jul 9 08:16:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Jul 2011 09:16:36 -0400 Subject: [Infowarrior] - Grad Student Challenges Laptop Seizure at Border Message-ID: Can I say how proud I am of my government for doing their damndest to terrorise us under the guise of "homeland security?" --- rick Student Challenges Laptop Seizure at Border By Tiffany Kary - Jul 9, 2011 12:01 AM ET http://www.bloomberg.com/news/2011-07-08/customs-seizure-of-laptop-at-u-s-border-is-challenged-in-student-lawsuit.html A U.S. judge is weighing whether to halt a lawsuit filed by a graduate student whose laptop was seized by customs agents as he crossed the border from Canada and found to contain pictures of rallies by Hamas and Hezbollah. U.S. District Judge Robert Korman in Brooklyn, New York, yesterday put off ruling on whether to allow the case to go forward. Pascal Abidor, a 27-year-old U.S.-French dual citizen, represented by the American Civil Liberties Union, seeks to force border guards to show a ?reasonable suspicion? before searching laptop computers and other devices. Abidor brought the case against the U.S. Department of Homeland Security and its secretary, Janet Napolitano, in September, saying such seizures violated the constitutional rights to free speech and to protection against improper searches. ?There are lots of burdens people are subject to in order to protect their own security and the security of others,? Korman said at a hearing yesterday. He said people can choose to travel without sensitive information if they fear it will fall into the wrong hands, just as they did 20 years ago before personal computers became commonplace. ?Not everyone has the choice to leave behind confidential information,? said Catherine Crump, a lawyer for the ACLU, citing attorneys and journalists. More than 6,500 people, around half of them U.S. citizens, had electronic devices searched in a 20-month period starting in October 2008, according to Abidor?s complaint. In an eight-month period, 220 electronic devices were held, lawyers for Abidor said. Broad Policies Broad policies grant border guards access to information even if it enjoys medical, legal or journalistic privilege, and those policies don?t set limits on how long authorities can keep electronic devices, the lawyers said. The U.S. said only one in 90,000 people coming into the country is searched, a necessary practice to detect drugs, child pornography and money laundering. The Supreme Court in 2004 found that the belongings of people entering the U.S. can be searched without ?reasonable suspicion, probable cause or warrant,? lawyers for the U.S. wrote in court filings. Electronics such as laptop computers and mobile phones fall under that rule, the U.S. said. Abidor, an Islamic studies graduate student at McGill University in Montreal, was taken aside by U.S. officials on a train on his way home to Brooklyn in May 2010. Customs agents searching his laptop found images of rallies by Hamas and Hezbollah, both designated as foreign terrorist organizations by the U.S State Department. Doctoral Thesis The pictures were downloaded from the Internet as part of his research into Shiites in Lebanon, the topic of his doctoral thesis, Abidor said he told the agents. He said he was patted down, handcuffed, taken off the train and held in a cell for three hours before being released without charge. Abidor said he didn?t get his laptop, with the sole copy of his graduate work, for 11 days. When he did, there was evidence that his files, including research, personal photos and chats with his girlfriend, had been searched, he said. The lawsuit was also brought on behalf of the National Press Photographers Association, some of whose 7,000 members have been subject to searches and seizures, according to court papers. The case is Abidor v. Napolitano, 10-cv-04059, U.S. District Court, Eastern District of New York (Brooklyn). To contact the reporter on this story: Tiffany Kary in New York at tkary at bloomberg.net. To contact the editor responsible for this story: Michael Hytha at mhytha at bloomberg.net. From rforno at infowarrior.org Sat Jul 9 15:22:18 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Jul 2011 16:22:18 -0400 Subject: [Infowarrior] - The Copyright Lobby Absolutely Loves Child Pornography Message-ID: <70154919-A448-4BAC-BDAB-2AAECC31009C@infowarrior.org> The Copyright Lobby Absolutely Loves Child Pornography ? Rick Falkvinge ? 9/07/2011 http://torrentfreak.com/the-copyright-lobby-absolutely-loves-child-pornography-110709/ ?Child pornography is great,? the man said enthusiastically. ?Politicians do not understand file sharing, but they understand child pornography, and they want to filter that to score points with the public. Once we get them to filter child pornography, we can get them to extend the block to file sharing.? The date was May 27, 2007, and the man was Johan Schl?ter, head of the Danish Anti-Piracy Group (Antipiratgruppen). He was speaking in front of an audience from which the press had been banned; it was assumed to be copyright industry insiders only. It wasn?t. Christian Engstr?m, who?s now a Member of the European Parliament, Oscar Swartz, and I were also there. ?My friends,? Schl?ter said. ?We must filter the Internet to win over online file sharing. But politicians don?t understand that file sharing is bad, and this is a problem for us. Therefore, we must associate file sharing with child pornography. Because that?s something the politicians understand, and something they want to filter off the Internet.? ?We are developing a child pornography filter in cooperation with the IFPI and the MPA so we can show politicians that filtering works,? he said. ?Child pornography is an issue they understand.? Schl?ter grinned broadly. I couldn?t believe my ears as I heard this the first time. But the strategy has been set into motion worldwide. Schl?ter?s plan worked like clockwork. Denmark was the first country to censor AllOfMP3.com, the (fully legal) Russian music store, and is now censoring The Pirate Bay off the internet. The copyright industry is succeeding in creating a fragmented Internet. This is why you see the copyright lobby bring up child pornography again and again and again. They are using it as a battering ram for censoring any culture outside of their own distribution channels. You can Google the term together with any copyright lobby organization and see them continuously coming back to it. In Sweden, the copyright industry lobbyist Per Str?mb?ck has publicly admitted it being one of his best arguments. Try Googling for the Swedish word for child pornography on the lobby site and see if you get any hits in any articles (over 40). The reasoning is simple and straightforward. Once you have established that someone who is in a position to censor other people?s communication has a responsibility to do so, the floodgates open and those middlemen can be politically charged with filtering anything that somebody objects to being distributed. It is not hard to see why the copyright lobby is pursuing this avenue so ferociously. It doesn?t really matter that filters at the DNS level are ridiculously easy to circumvent. The idea is to create a political environment where censorship of undesirable information is seen as something natural and positive. Once that principle has been established, the next step is to force a switch to more efficient censorship filters at the IP or even the content level. News reached us this week that Internet Service Providers in the United States have now entered an agreement with the copyright lobby to police the net. This arrangement, it turns out, also stems from the copyright industry?s love of child pornography. ?We pointed out to [the governor] that there are overlaps between the child porn problem and piracy,? Mr. Sherman [The RIAA president] said, ?because all kinds of files, legal and otherwise, are traded on peer-to-peer networks.? Sound familiar? It should. It?s a page right out of the 2007 scene where the Danish Mr. Schl?ter talked about the copyright lobby?s policymaking strategy of associating non-monopolistic distribution of culture with the rape of small defenseless children. This association strategy has now worked in the United States, too. Just when you think the copyright lobby can?t sink any lower, they surprise you again. And it gets worse. Much worse. In Europe, the copyright lobby is now pushing Commissioner Malmstr?m to create a similar censorship regime, despite clear setbacks from the European Court of Justice defending human rights and freedom to communicate. But taking one step back, would censorship of child pornography be acceptable in the first place? Is the copyright industry perhaps justified in this particular pursuit, beyond their real goal of blocking non-monopolistic distribution? There are two layers of answers to that. The first is the principal one, whether pre-trial censorship is ever correct. History tells us that it plainly isn?t, not under any circumstance. But more emotionally, we turn to a German group named Mogis. It is a support group for adult people who were abused as children, and is the only one of its kind. They are very outspoken and adamant on the issue of censoring child pornography. Censorship hides the problem and causes more children to be abused, they say. Don?t close your eyes, but see reality and act on it. As hard as it is to force oneself to be confronted emotionally with this statement, it is rationally understandable that a problem can?t be addressed by hiding it. One of their slogans is ?Crimes should be punished and not hidden?. This puts the copyright industry?s efforts in perspective. In this context they don?t care in the slightest about children, only about their control over distribution channels. If you ever thought you knew cynical, this takes it to a whole new level. The conclusion is as unpleasant as it is inevitable. The copyright industry lobby is actively trying to hide egregious crimes against children, obviously not because they care about the children, but because the resulting censorship mechanism can be a benefit to their business if they manage to broaden the censorship in the next stage. All this in defense of their lucrative monopoly that starves the public of culture. It?s hard to comprehend that there are people who are so shameless that they would actually do this. But there are. Every time you think the copyright lobby has sunk as morally low as is humanly possible, they prove you wrong. ? ? ? Rick Falkvinge is a regular columnist on TorrentFreak, sharing his thoughts every other week. He is the founder of the Swedish Pirate Party, a whisky aficionado, and a low-altitude motorcycle pilot. His blog at http://falkvinge.net focuses on information policy. Follow Rick Falkvinge on Twitter as @Falkvinge and on Facebook as /rickfalkvinge. From rforno at infowarrior.org Sat Jul 9 21:04:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 9 Jul 2011 22:04:17 -0400 Subject: [Infowarrior] - Julian Assange and the new wave Message-ID: <48FB7DE5-7561-4AE4-AEB2-3AA685A38F27@infowarrior.org> A special report on the news industry: WikiLeaks and other newcomers Julian Assange and the new wave A host of non-profit actors have entered the news business, blurring the line between journalism and activism Jul 7th 2011 | from the print edition http://www.economist.com/node/18904166/print THE BEATEN-UP RED car crunched up the driveway and came to a halt outside an English manor house. A tall, strangely hunched woman emerged into the November night and hurried indoors. In fact it was Julian Assange, the boss of WikiLeaks, who had donned a wig to disguise himself as an old woman as he travelled from London to a safe house in Norfolk. That may have been a tad dramatic, but there can be no doubt about Mr Assange?s prominence among a group of unconventional new actors in the news business that have emerged lately. These are non-profit organisations that are involved in various forms of investigative journalism. As funding for such reporting by traditional media has been cut, they are filling the gap using new methods based on digital technology. Some of them make government information available in order to promote openness, transparency and citizen engagement; some gather and publish information on human-rights abuses; and some specialise in traditional investigative journalism and are funded by philanthropy. And then there is WikiLeaks. Launched in late 2006, it was intended to be ?an uncensorable Wikipedia for untraceable mass document leaking and analysis?, with the aim of ?exposing oppressive regimes in Asia, the former Soviet block, sub-Saharan Africa and the Middle East?. Inspirations included Wikipedia, the web encyclopedia written by volunteers, and the leak of the Pentagon Papers by Daniel Ellsberg to the New York Times during the Vietnam war, which ultimately led to a Supreme Court ruling that ?only a free and unrestrained press can effectively expose deception in government.? WikiLeaks welcomes documents from whistle-blowers and provides anonymous drop boxes. It is funded by donations and staffed by volunteers. In its first three years WikiLeaks published leaked material on a range of subjects, including corruption in Kenya, the church of Scientology, Sarah Palin?s e-mails, the membership of a British nationalist party and a Peruvian oil scandal. But in 2010 it abandoned the wiki-style approach and adopted a new, editorialising tone. In July that year it worked with three mainstream news organisations?the New York Times, DerSpiegel and the Guardian?to publish a cache of 75,000 documents relating to the war in Afghanistan. Speaking to The Economist at the time, Mr Assange explained that such partnerships gave it more impact than if it simply posted leaked material online and expected people to seek it out. ?We see actually that the professional press has a nose for what a story will be?the general public becomes involved once there is a story, and then can come forward and help mine the material.? A further cache of nearly 400,000 documents, relating to the Iraq war, was released in October, and in November five newspapers began to publish highlights from over 250,000 diplomatic cables sent by American embassies around the world. But by this time the relationship between WikiLeaks and its media partners was breaking down, and WikiLeaks itself was in turmoil. Mr Assange was fighting an extradition request in the British courts from Swedish prosecutors who want to question him about two alleged sexual assaults, and his increasingly imperious behaviour prompted the departure of several of his key associates. Ironically, WikiLeaks itself sprang a leak and some of its material was passed to its estranged media partners, which no longer felt they had to co-ordinate publication with Mr Assange. The line between activism and journalism has always been somewhat fuzzy, but has become even fuzzier in the digital age Despite WikiLeaks? difficulties, its approach is being adopted by others. Al Jazeera has set up a ?transparency unit? with a WikiLeaks-style anonymous drop box. The Wall Street Journal launched a drop box of its own in May, but was criticised for not offering enough protection to leakers. ?Everyone?s looking at the idea,? says the Guardian?s Alan Rusbridger, ?but if you?re going to do it you have to make it really secure.? Conspiracy theory What happens next depends in part on the fate of Mr Assange and of Bradley Manning, an American soldier who has been charged with passing confidential information to WikiLeaks. If American prosecutors can show that Mr Assange encouraged Mr Manning to leak the material, they may try to charge WikiLeaks? boss with conspiracy. That would be worrying for news organisations in general, because it would strike at the idea that journalists should be able to develop relationships with confidential sources without fear of prosecution. WikiLeaks seems to be hoping that by calling itself a news organisation it will be protected by the First Amendment. The ?about? page on the WikiLeaks website, which used to describe the organisation as ?an excellent source for journalists?, has been rewritten to describe its activities as journalism, its staff as journalists and Mr Assange as its editor-in-chief. There has been much debate about whether Mr Assange should be regarded as a journalist; Mr Rusbridger calls him ?a new breed of publisher-intermediary?. Jay Rosen of New York University says such arguments show that in the digital age ?the very boundaries around journalism are collapsing.? WikiLeaks is not the only example. The Sunlight Foundation, based in Washington, DC, also campaigns for government openness and transparency, but in a different way from WikiLeaks. Its aim is to make government data more easily accessible, both to journalists and to ordinary citizens. Its Transparency Data website, for example, is a database of federal and state campaign contributions, federal grants and contracts, and lobbying disclosures going back 20 years; Party Time keeps track of the political party circuit; Checking Influence is a database of campaign contributions and lobbying activity by companies. All this provides raw material for journalists, but the compilation and presentation of these data sometimes shades into journalism. Ellen Miller, the organisation?s co-founder, cites the example of Sunlight Live, which combines a live video stream of government proceedings on a web page with information from Sunlight?s databases to provide context. ?As different people speak, we talk about their backgrounds, whether they have campaign contributions, whether they are involved in lobbying,? says Ms Miller. ?That?s clearly journalism.? Sunlight Live won an award for innovation in journalism last year, and its technology will be made available to other organisations. Sunlight also takes pictures of people attending public hearings so that it can identify lobbyists. That is journalism too, says Ms Miller: ?We want to use the tools of journalism to open up government.? The line between activism and journalism has always been somewhat fuzzy, but has become even fuzzier in the digital age. The Sunlight Foundation has been closely involved in the campaign to get the American government to provide more information about its workings, which led to the data.gov site being set up in 2009 (though its funding is now under threat). There have been similar initiatives in Britain, Australia and New Zealand, and several American cities and states have made information available about anything from procurement contracts to traffic accidents. Websites have sprung up that present such data in a user-friendly form, such as mySociety.org?s TheyWorkForYou, which provides information on British politicians and is starting to add brief summaries of their activities. Is that journalism? No, says Myf Nixon, a spokesman for mySociety, because the website merely aggregates facts that are available elsewhere. But the same could be said of the Sunlight Foundation. In the developing world, transparency campaigners are pushing for greater openness about aid flows and the governance of natural resources, and campaign groups are often the most credible sources of information about human-rights abuses. In the past, bringing such information to wider attention meant working with news organisations and getting them to publish the information. Yet thanks to the web, non-governmental organisations (NGOs) can now also publish material independently. ?The same internet that has blown a gaping hole in media budgets is also allowing NGOs to reach their audiences directly,? observed Carroll Bogert of Human Rights Watch (HRW), a global campaigning group, in a report published in January. But that requires NGOs to change the way they operate. This is beginning to happen. HRW now sends photographers and radio producers to work alongside its researchers in the field. Amnesty International is creating a ?news unit? staffed by five journalists, and M?decins Sans Fronti?res produces photographs and video of its work. ?We are beginning to realise that there?s a far wider range of people who are qualified, have the integrity and are competent to be part of the reporting picture?and NGOs are part of that picture,? says Sameer Padania, who advises human-rights groups on the use of technology. But no matter how painstaking the reporting, it has been produced to serve a particular agenda. So being able to verify the accuracy and provenance of material is vital, he says. Dan Gillmor, a veteran journalist who is now a professor at Arizona State University?s Walter Cronkite School of Journalism, observes that some of the best reporting on conditions at Guant?namo Bay was done by the American Civil Liberties Union, and that HRW produced an excellent report on the abuse of domestic workers in Saudi Arabia. But he says reporting by advocacy groups often falls just short of journalism. Such groups may not give sufficient weight to opposing views or fully reflect nuances in the subject. In the end, says Mr Gillmor, what matters is not whether or not particular people qualify as journalists but whether the work they produce is thorough, accurate, fair and transparent enough to qualify as journalism. Making up for a market failure There is also growing interest in investigative news organisations that operate on a non-profit model, particularly in America. The Centre for Investigative Reporting (CIR), based in Berkeley, California, was founded in 1977 and describes itself as ?the nation?s oldest non-profit investigative news organisation?. Since 2008 it has expanded and reinvented itself as a multimedia news producer under the leadership of Robert Rosenthal, a former editor of the Philadelphia Inquirer. The Centre for Public Integrity was founded in 1989. A more recent entrant to the field is ProPublica, launched in 2008 under the leadership of Paul Steiger, a former managing editor of the Wall Street Journal. All three organisations produce stories that are syndicated to newspapers, television and radio stations and websites across America. Non-profit news outfits have been popping up at the state and city levels, too. They are needed because there has been a market failure in the creation of some kinds of content, including investigative reporting, says Dick Tofel, general manager of ProPublica. His organisation?s aim is to help fill that gap. ProPublica has already won two Pulitzer prizes for its work, including investigations into the financial crisis and the provision of health care in the aftermath of Hurricane Katrina (with the New York Times magazine). But although these three organisations are well funded for the next few years, the long-term viability of philanthropic funding is still uncertain. All these organisations work across a range of different media, producing versions of the same story for different outlets, which has led to some innovative work. ProPublica collaborated with journalism students to produce a music video called ?The Fracking Song?, part of an investigation into the impact of shale-gas extraction. The CIR exposed failings in the enforcement of earthquake-safety laws in California?s schools in a project entitled ?On Shaky Ground? which resulted in a series of articles, audio and video, as well as interactive maps and databases?and a colouring book in five languages to help educate children about earthquake safety. ?I ran a newspaper with 630 people and a $75m budget and we never would have dreamt of doing this,? says Mr Rosenthal. The project also shades into activism, providing contact details for local officials. ?You can point people to information, guide people to take action,? Mr Rosenthal adds. ?Getting people to come together around problems is something the media can do more and more.? The discussion about where lines should be drawn between non-profit journalism and journalism by non-profits is still evolving. But it is clear that non-profit groups of various kinds are beginning to fill some of the gap left behind as traditional news outfits shrink. From rforno at infowarrior.org Sun Jul 10 07:48:21 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Jul 2011 08:48:21 -0400 Subject: [Infowarrior] - Short-termism and the risk of another financial crisis Message-ID: <108045BD-4413-49D0-8DB8-0EFB85000D57@infowarrior.org> Short-termism and the risk of another financial crisis By Sheila C. Bair, Published: July 8 http://www.washingtonpost.com/opinions/our-focus-on-the-short-term-is-holding-the-economy-back/2011/07/06/gIQAw3cI4H_story.html The nation is still struggling with the effects of the most serious financial crisis and economic downturn since the Great Depression. But Wall Street seems all too ready to return to the same untenable business practices that brought it to its knees less than three years ago.And some in government who claim to be representing Main Street seem all too ready to help. Already we have heard rationalization of the subprime mortgage debacle and denigration of those of us who have advocated long-term, structural changes in the way we regulate the financial industry. Too many industry leaders, as well as some government officials, compare the crisis to a 100-year flood. ?Who, us?? they say. ?We didn?t do anything wrong. Nobody saw this coming.? The truth is, some of us did see this coming. We tried to stop the excessive risk-taking that was fueling the housing bubble and turning our financial markets into gambling parlors. But we were impeded by the culture of short-termism that dominates our society. Our financial markets remain too focused on quick profits, and our political process is driven by a two-year election cycle and its relentless demands for fundraising. I?ve had a unique vantage point during my five-year term as chairman of the Federal Deposit Insurance Corp., fromthe early failure of IndyMac Bankto the implementation of reforms designed to ensure that no conglomerate ever again is deemed ?too big to fail.? Now that I?m stepping down, I want to sound the alarm again. The common thread running through all the causes of our economic tumult is a pervasive and persistent insistence on favoring the short term over the long term, impulse over patience. We overvalue the quick return on investment and unduly discount the long-term consequences of that decision-making. Our decades-long infatuation with financing our spending through ever-growing debt, in the private and public sector alike, is the ultimate manifestation of short-term thinking. And that thinking, particularly in business and in government, is actually getting worse, not better, as we look for solutions to put our economy on a sounder footing. Today, some want to repeal or water down key financial reforms, fearing that strengthening the rules for firms will curtail our recovery. But the history of crises makes clear that reforms will make our economy stronger in the long run. While short-termism on Wall Street and in Washington was a huge driver of the most recent financial crisis, we all fall prey to this tendency to some extent. Households have failed to save enough money to carry them through hard times or to achieve long-term goals. It became old-fashioned to save up for the down payment on that first home. Taking out a mortgage shifted from the most serious financial decision a family would make to a speculative bet on how far home prices would rise. Homeownership went from being a source of stability in our economy to a source of instability. Business executives squeeze expenses of all types to meet their quarterly earnings targets, even cutting research and development that could create a competitive advantage down the road. This market failure leads to under-investment in projects with long payoff periods. ?Patient capital? has become almost quaint. And policymakers do everything they can to avoid acknowledging a problem or policy mistake, even as it grows more difficult and expensive to fix with each passing day. In our routine decision-making, research shows, we increasingly use the part of our brain attuned to greed, fear and instant gratification. This short-termism is reinforced when economic incentives are taken into account. Performance-based compensation, for example, can have disastrous results when it fails to consider long-term consequences. This is particularly true in financial services, where the downsides of risk-taking may take years to materialize but can lead to failed banks, foreclosed homes, unemployed workers and a credit shortage for small businesses. This past week, the FDIC adopted a rule that allows the agency to claw back two years? worth of compensation from senior executives and managers responsible for the collapse of a systemic, non-bank financial firm. To date, the FDIC has authorized suits against 248 directors and officers of failed banks for shirking their fiduciary duties, seeking at least $6.8 billion in damages. The rationales the executives come up with to try to escape accountability for their actions never cease to amaze me. They blame the failure of their institutions on market forces, on ?dead-beat borrowers,? on regulators, on space aliens. They will reach for any excuse to avoid responsibility. Mortgage brokers and the issuers of mortgage-based securities were typically paid based on volume, and they responded to these incentives by making millions of risky loans, then moving on to new jobs long before defaults and foreclosures reached record levels. Such arrangements gave rise to the acronym IBG-YBG(?I?ll be gone, you?ll be gone?), a watchword for short-termism in the mortgage industry during the boom. When the housing bubble burst, home values started to fall and adjustable-rate loan payments ratcheted upward, and subprime borrowers began to default in record numbers. But the inherent short-termism of bankers and policymakers kept them from moving quickly to limit the damage as the financial crisis escalated in 2007 and 2008. I was among the few at that time advocating for widespread loan modifications as an alternative to foreclosure, which was leading to more displaced families, larger declines in home prices and more devastating losses for investors. But mortgage servicers, also typically paid according to volume, had neither the financial incentive nor the willingness to devote resources to a change in strategy. Their under-investment in servicing has led to a huge inventory of foreclosed properties and mounting litigation that is likely to cost them far more than any savings they achieved by cutting corners. Government efforts to promote modifications, meanwhile, have gradually moved in the right direction but have remained behind the curve. At the height of the crisis in the fall of 2008, when fear over where the bottom was ruled the markets, policymakers were supremely focused on the short-term priority of preventing the failure of the nation?s largest financial companies. Government assistance to financial institutions took a variety of forms, amounting to a total commitment of almost $14 trillion by the spring of 2009. While those actions were necessary to prevent an even bigger economic catastrophe, we still have not addressed the No. 1 cause of both the crisis and the subpar recovery we are in: a stubborn refusal to deal head-on with past-due and underwater mortgages. It?s time for banks and investors to write off uncollectible home equity loans and negotiate new terms with distressed mortgage borrowers that reflect today?s lower property values. It is true that this would force them to recognize billions in mortgage losses ? losses they mostly stand to incur anyway over time. But it will eventually be necessary if we are to clear the backlog and end the cycle of defaults, foreclosures and falling home prices that continues to hold back the economic recovery on Main Street. The media has also played a role in expanding our short-termism. The type of information that dominates cable news and the blogosphere is generally not designed to appeal to our more rational, long-term thought processes. Instead, it excites our emotions, inducing greed and fear, and more often stokes prejudice and cynicism than rationality and fortitude. The 24-hour news cycle bombards us with constant information that compels action, not patience. Sound logic is often trumped by the sound bite. On financial reform, ?bailouts as far as the eye can see? is how some have described our efforts. In fact, the whole point of the new law is to prevent bailouts, which now are expressly prohibited. Responsible policies are promptly vilified if they involve the slightest hint of short-term sacrifice. For instance, common-sense efforts to raise large bank capital requirements and to require issuers of mortgage securitizations to bear some portion of the loss when securitized loans go bad are resisted by the industry, which claims that such measures will raise the cost of credit and could derail the economic expansion. But credible research shows that these requirements will lead to only a modest increase in the cost of credit, accompanied by a large improvement in economic performance over the long run because of a lower frequency and severity of financial crises. There are many other examples of short-termism beyond the financial sector. Too often, the response to subpar economic growth has been another tax credit or a cut in interest rates that feels good for a while but does nothing to enhance the long-term performance of our economy. Far-sighted investments in job training and modernizing our physical infrastructure would surely pay greater dividends over time. And as currently structured, our Social Security and Medicare programs will prove financially unsustainable as the baby boomers retire and both longevity and medical costs continue to rise. The rational thinker in each of us can appreciate the logic that reform is absolutely necessary to keep these essential programs viable.Yet the political debate cannot move beyond whatever combination of short-term sacrifices are being proposed to balance the accounts. The current impasse in addressing the unsustainable growth in the federal debt also goes beyond mere partisanship to a distorted sense of the long-term national interest. One could hardly envision a market development more injurious to our economic security than a technical default on U.S. government obligations, which would lowerour national credit rating from AAA status. At the same time, raising the debt limit without progress toward reducing our structural deficit would be equally irresponsible and unsettling to the markets. Yet those are exactly the scenarios looming in the budget debate. An electorate and a news media properly focused on the long-term implications of our government policies would rightly condemn any political position that even contemplated such outcomes. They would also press for more far-reaching reforms. Our loophole-ridden tax system ? which favors spending over saving, debt financing over equity, and homebuilding over other long-term investments ? is badly in need of an overhaul as well. Closing loopholes would result in a more efficient allocation of capital and would allow us to reduce marginal tax rates while raising more revenue to help pay down our national debt. But most of us would have to give up some of our deductions and tax credits in the short term. There are signs that suggest the public is already moving toward embracing thrift, at least in terms of personal finances. Total household debt is down by as much as 10 percent from pre-crisis levels, while the personal savings rate has risen to its highest level in more than 15 years. It?s true that consumers who save more and borrow less won?t contribute as much to economic growth in the short run. But surely we have learned by now that there are limits to what excessive spending and borrowing can do for long-term economic growth and stability. Our financial system is still fragile and vulnerable to the same type of destructive behavior that led to the Great Recession. Unless all of us ? households, financial leaders and politicians ? are willing to make some short-term sacrifices for longer-term stability, we are at risk of another financial crisis that will be just as bad, if not worse, than the last one. From rforno at infowarrior.org Sun Jul 10 18:14:09 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Jul 2011 19:14:09 -0400 Subject: [Infowarrior] - German Federal Police servers compromised Message-ID: German Federal Police servers compromised http://www.h-online.com/security/news/item/German-Federal-Police-servers-compromised-1276115.html A group calling itself NN-Crew says it has broken into a server used by Germany's Federal Police and stolen a large amount of data used to GPS-track suspects under surveillance. The police apparently used the hacked server as a data pool and server to download GPS tracking software; it also contained instructions for installation and operation of that software. Criminal investigators require authentication for server access. The surveillance data published by NN-Crew included several usernames and passwords along with telephone numbers, license plate numbers, locations, and coordinates. Numerous internal documents used by the authorities were also stored on the server. A spokesperson for the German Federal Police said that an "analysis conducted by our executive committee revealed that no investigation data used by the Federal Police (or by the Federal Criminal Police Office) was published. As far as we can tell at the moment, the data published came from a server used by customs officials, which apparently also contained information from the Federal Police on the use of the PATRAS tracking system for distribution among customs officials." The spokesperson also said that the server of the PATRAS geo-data system has been temporarily switched off for security reasons and that all users have been informed. The spokesperson added that the Federal Police are currently working with customs officials to check whether the data contained any critical information. The National Cyber Defence Centre at Germany's Federal Office for Information Security will also be looking into the matter. The event is especially embarrassing for customs officials, who are probably at fault, because they themselves are (associated) members of the Cyber Defence Centre. Screenshot from the NN Crew web site NN-Crew says it is politically motivated and conducted the attack to protest "constant monitoring" by officials. "This constant monitoring can no longer be tolerated. You have violated numerous privacy rights and data protection laws. Starting now, every vulnerability will be shamelessly exploited, and we will leak everything we get our hands on in order to cause the greatest damage to the image of the enemies of freedom. As long as the government and large corporations steal from, lie to, and spy on citizens and have nothing better to do than think about how they can expand their power and pile up even more money, we will continue to work to protect the rights of citizens in this country," the hackers write on their web site. However, the web site is currently not reachable. From rforno at infowarrior.org Sun Jul 10 21:35:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 10 Jul 2011 22:35:58 -0400 Subject: [Infowarrior] - ISP flip-flops: why do they now support "six strikes" plan? Message-ID: ISP flip-flops: why do they now support "six strikes" plan? By Timothy B. Lee | Published about 3 hours ago http://arstechnica.com/telecom/news/2011/07/why-did-telcos-flip-flop-and-support-six-strikes-plan.ars Why did three of the nation's largest network providers?Comcast, AT&T, and Verizon?sign on to the music and movie industry's "copyright alert" system? When we posed that question to Verizon spokesman Ed McFadden, he insisted that Verizon was just being a good citizen. In fact, he sounded surprised that we were even asking the question. Why wouldn't Verizon want to help fight illegal activity on its network? Well, here's how Verizon's fellow telecom behemoth AT&T put it in a regulatory filing last year: While we at AT&T are willing to, and actively do, forward these notices to our customers today, we nonetheless believe that there are significant legal and policy issues associated with taking the next step of sanctioning our customers based solely on the receipt of multiple third party notices. Private entities are not created or meant to conduct the law enforcement and judicial balancing act that would be required; they are not charged with sitting in judgment of facts; and they are not empowered to punish alleged criminals without a court order or other government sanction. Indeed, the liability implications of ISPs acting as a quasi-law-enforcement/judicial branch could be enormous. The government and the courts, not ISPs, are responsible for intellectual property enforcement, and only they can secure and balance the various property, privacy, and due process rights that are at play and often in conflict in this realm. Verizon executive Tom Tauke expressed similar concerns in 2008 that such a process, once begun, would be a slippery slope. "Once you start going down the path of looking at the information going down the network, there are many that want you to play the role of policeman," he said. "Stop illegal gambling offshore. Stop pornography. Stop a whole array of other kinds of activities that some may think inappropriate." ISPs have been making these principled arguments for over a decade. They used them in 1998 to persuade Congress to add a "safe harbor" to the Digital Millennium Copyright Act. For years, they stubbornly resisted calls for them to become copyright cops. This hasn't just been an American position; ISPs like Australia's iiNet have long resisted the "pseudo 'trial and conviction' process" that results from totally private enforcement. That stance has changed in recent years, at least among the major players?nearly all of whom now operate major content delivery networks of their own, often in the form of pay-TV systems. This week's announcement marks one of the more dramatic moves away from the basic principle that network operators don't play policeman in non-technical areas. In our conversation, Verizon's McFadden defended the decision without reference to these once-heated arguments about ISPs/intermediary enforcement. Instead, the new system is good for Verizon's customers, he said, because it gives them "a number of different options to address this issue if their broadband connection has been used" for illegal file sharing. And he insisted that it's in Verizon's interest not to have illegal activity happening on its network. Well, perhaps. Some users might find the "alerts" helpful, but we doubt many will appreciate the "mitigation measures" that come with them. And federal law is very clear that ISPs are not responsible for illegal activity on their networks so long as they comply with the applicable safe harbor rules. As for ISPs wanting to stop illegal online behavior... content owners have been charging for years that ISPs don't want to act because it means angering paying customers. If Verizon, AT&T, and others have been wanting to play policeman, they have had years of opportunities to do so. So what changed now? McFadden insisted that nothing significant has changed. The new system was, he said, "in line with the approach Verizon has taken in the past." And in some important respects, he's right. One important point of continuity, which he repeatedly emphasized in our conversation, is that Verizon "will not share customer data with third parties" unless the law requires them to do so. The ISPs have also refused to do any monitoring of filtering of traffic. Still, the new "mitigation" measures do represent a shift that could raise all sorts of legal and technical headaches for network operators. Given their existing legal protections, why tread in such shark-infested waters? Bargaining chips White House arm-twisting had something to do with it. As we reported on Thursday, the White House has been credited with "brokering" the deal. It's not clear what that means, but perhaps administration officials hinted that if ISPs didn't agree to a voluntary graduated response system, the administration would throw its weight behind a legislative solution. McFadden wouldn't comment on whether White House inducements were a factor in Verizon's decision. But those meetings at the White House sound a lot like the "multi-stakeholder process" envisioned in an international report signed in Paris last month. That document explicitly contemplates using the threat of intermediary liability as a stick to get ISPs to "voluntarily" sign up for the role of copyright cop. Another possible clue to the mystery comes from this Verizon regulatory filing from 2010. After insisting that its existing notification system (without "mitigation") was working fine (indeed, it was apparently quite effective), Verizon added that the system was "based in commercial agreements, in which Verizon benefits from the lawful distribution of content and hence has made millions of dollars of investment in the notice regime on top of the billions of dollars it has invested in its broadband networks." It's not clear which "commercial agreements" Verizon is referring to, but it sounds like a reference to Verizon's FiOS business, which includes a pay-TV component. Today, unlike in 1998, Verizon depends on copyright holders for access to television content. Perhaps it used participation in that earlier notification program as a bargaining chip to get better terms for the content it wanted?and Thursday's announcement may have been the result of a similar deal. But if so, the companies involved aren't interested in saying much about it. No more presumption of innocence? Ars talked to Wendy Seltzer, a scholar at Princeton's Center for Information Technology Policy and the head of the Chilling Effects clearinghouse, about the significance of the move. She argued that ISP regulation got things right the first time. "I think that it's wrong for ISPs to be getting into this fight at all," she said. "They're breaching the useful separation of layers between carriage and content." That separation is important, she added, because it preserves the presumption of innocence that is the foundation of our legal system. Users shouldn't have to explain to their ISPs what they're doing with their Internet connections, she argued?and they certainly shouldn't have to pay $35 (the appeals fee for those challenging a "mitigation" measure). Indeed, they shouldn't face any "mitigations measures" at all until their use of the network has been ruled unlawful in court, she believes. Indeed, she pointed to higher education as a cautionary example. In an effort to stop campus file sharing, "universities have tightened up their networks in ways that make it harder for their CS and information schools to do research," she said. "Instead of creating the network as something for their students to explore, it becomes something that is to be used only in approved ways. That doesn't fit with the ideal of the Internet as an evolving technology." Photograph by Capture Queen (remixed) From rforno at infowarrior.org Mon Jul 11 05:58:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jul 2011 06:58:44 -0400 Subject: [Infowarrior] - Reports: DHS, IRS Databases At Risk Message-ID: Reports: DHS, IRS Databases At Risk Protected critical infrastructure information at risk in DHS data stores, IG report says Jul 08, 2011 | 04:12 PM | 0 Comments By Ericka Chickowski, Contributing Writer http://www.darkreading.com/database-security/167901020/security/vulnerabilities/231001255/reports-dhs-irs-databases-at-risk.html Some of the federal government's most critical agencies are falling down on database security with misconfigurations, vulnerabilities, and a lack of best practices, putting sensitive citizen and defense information at risk as a result, new government audits show. Just this week, the Office of the Inspector General (IG) found that the Department of Homeland Security (DHS) -- the agency in charge of ensuring Federal Information Security Management Act (FISMA) compliance among all government agencies -- itself has a number of critical shortcomings within its database defenses. The new report (PDF) highlighted database security deficiencies within the protected critical infrastructure information (PCII) system data stores, with weaknesses in both the Automated Critical Asset Management System (ACAMS) and the Linking Encrypted Network System (LENS) that put PCII data at risk. Some of the problems highlighted in the report included a failure to follow the rule of least privilege, a lack of communication among personnel to decide who was in charge of locking down the database, and a number of redacted configuration vulnerabilities. "We all have this sense of concern that develops when the people responsible for keeping us secure are not keeping themselves secure," says John Verry, principal consultant for Pivot Point Security. "I would be hesitant to make an assertion about something I am not directly familiar with -- we haven't done work for DHS, and they may have picked the one database that was wildly insecure. But typically what we find [when] we do enterprisewide database security assessments is that if one database is relatively insecure, most of them will be, and if one database tends to be reasonably secure, most of them will be." The DHS isn't the only agency under fire from auditors. A recent report (PDF) from the Treasury Inspector General for Tax Administration (TIGTA) found that the IRS has some serious problems with the security of nearly all of its 2,200 databases. Even though the agency has spent $1.1 million on database security tools recently, it has not completed the implementation of tools and requisite best practices to make them effective. ?As all government databases are becoming favored targets of hackers, the importance of protecting IRS databases cannot be overstated,? said TIGTA Inspector General J. Russell George, in a statement. ?Any failure to maintain IRS databases with the right amount of security diligence can allow disgruntled insiders or malicious outsiders to exploit security weaknesses to gain unauthorized access to taxpayer data, resulting in identity theft, fraud, or other types of illegal activity.? TIGTA made a number of recommendations to improve IRS database security, but some experts believe it needed to go further than what it laid out. "Periodic scanning of databases for vulnerabilities, unpatched and legacy systems, determining excessive rights, and having a documented plan for ongoing assessment and remediation is a good first step, but the IRS should also be implementing the highest levels of security monitoring around their databases," says Mel Shakir, CTO of NitroSecurity. "TIGTA and the IRS should be thinking of correlating vulnerability scan results with every action/access performed against the taxpayer data and profiling user behavior for outliers and exceptional activity. Application logs, OS logs, SQL activity, and configuration changes -- all play a significant part in securing the database, and should not be monitored in isolation of each other using point security solutions." Both the IRS' and DHS' recent struggles should be a signal to those within government that database security must be a big priority. Unlike enterprise databases, these government data holdings are much more sensitive from a public safety perspective. "We've done work in law enforcement, and the database is housing the information relating to undercover personnel or schedules for particular police personnel or home addresses of those individuals," Verry says. "Sony doesn't want to leak information about someone's email addresses, of course, but we're probably not going to have people dying or other more significant public issues like we would with a government database." Unfortunately, at the moment, the government remains spotty, at best, at protecting its sensitive databases. ?Government database security is a mixed bag. Many organizations have just begun to look at implementing security controls for databases for the first time. Some organizations, including IRS, have purchased technology to address the issue, but then struggled with internal politics and resource constraints that have prevented them from using what they bought," says Josh Shaul, CTO for Application Security. "Other federal organizations are approaching a maturity around their database security programs; unfortunately those organizations are few and far between. The federal government has a long way to go before they can start calling their databases secure.? From rforno at infowarrior.org Mon Jul 11 10:58:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jul 2011 11:58:11 -0400 Subject: [Infowarrior] - =?windows-1252?q?TSA=92s_Forced_Indignities_Don?= =?windows-1252?q?=92t_Make_Us_Safer?= Message-ID: <7728DFBA-B7FA-424D-96E3-5DC5B3E80CA1@infowarrior.org> TSA?s Forced Indignities Don?t Make Us Safer: Jeffrey Goldberg By Jeffrey Goldberg Jul 11, 2011 12:01 AM ET Jeffrey Goldberg, a national correspondent for the Atlantic, is the author of "Prisoners: A Story of Friendship and Terror." He was formerly a Washington correspondent and a Middle East correspondent for the New Yorker. http://www.bloomberg.com/news/2011-07-11/tsa-s-forced-indignities-don-t-make-us-safer-jeffrey-goldberg.html And now, two stories about the thrill of American air travel today. The subject of our first story is 24-year-old Olajide Oluwaseun Noibi, a Nigerian- American who was once enrolled as an engineering student at the University of Michigan. The subject of our second story is 95- year-old Lena Reppert, a terminally ill cancer patient. On June 24, Noibi boarded a Los Angeles-bound Virgin America flight at New York?s Kennedy International Airport, FBI officials said, by using someone else?s boarding pass. Days later, he unsuccessfully attempted to board a Delta Air Lines flight from Los Angeles to Atlanta using a boarding pass for a flight that departed the day before, also in someone else?s name. When police searched Noibi?s bag, they discovered 10 other boarding passes, none of which bore his name. Reppert was traveling with an authentic boarding pass, but she almost missed her flight from Florida to Michigan last month because Transportation Security Administration officials decided they couldn?t clear her through security. The reason? A suspicious anomaly in her adult diaper, which was discovered during a pat-down. Reppert, who was traveling home to die in the company of her family, uses a wheelchair and could not pass through either an X-ray machine or the full-body scanner -- one of the very expensive machines now installed in many airports that can peer through your clothing and take pictures of your genitals. Because the TSA could not reassure itself about the nature of the alarming anomaly, Reppert?s daughter wheeled her mother (her dying mother, let me repeat) to a bathroom, where, in the interest of securing the American homeland, she removed the diaper. Reppert was patted down again, and then allowed to pass through security. She flew home without the protection of a diaper, or the benefit of underwear. Behavioral Profiling I?m not one to automatically assume that the diaper and its owner were harmless, simply because they appeared to have been harmless. I once watched an obese nun in a wheelchair board a plane, and I suspected at that moment that she could have been the ne plus ultra of clandestine al-Qaeda operatives. Unlikely, yes, but terrorists can be clever. If Reppert had been profiled -- not racially, but through behavioral observation and a background check -- it wouldn?t have been necessary to order off her diaper. And the U.S. government, if it really applied itself, could probably ascertain whether the owner of a soiled diaper posed a threat without profiling her, and without humiliating her. But since the airport-security system is not interested in people, but in the things they possess, it was necessary to suspect that Reppert was a terrorist until proved otherwise. The Pat-Down I?m writing this column aboard a flight from Detroit to Amsterdam. I first entered the TSA matrix for this trip at Reagan National Airport. As is my practice, I opted out of the body imager and asked for a pat-down. I do this in part because I don?t trust the government?s assurances that the radiation emitted by the machines is harmless. And also because I don?t enjoy raising my hands like a mugging victim inside a radioactive box so a government agent can look at me naked. During this pat-down, the TSA agent, while running his hands carefully up my leg, came across a small bump near my left knee. He asked me to describe the nature of the bump. I told him it was a benign cyst. (I realize I?m oversharing, but there?s a purpose to this story.) The agent called over a supervisor. The supervisor questioned me about the cyst. The supervisor and the agent then discussed the cyst. This has happened to me at two other checkpoints. My dermatologist is much less interested in this cyst than is the Department of Homeland Security. Eventually, the supervisor ruled that the cyst (or, I should say, ?alleged cyst?) was too small to be a threat to a commercial airliner. An Experiment Three years ago, as an experiment, I carried aboard airliners objects such as knives, Hezbollah flags, matches from hotels in Peshawar and Beirut, and box-cutters, in addition to my benign cyst. I was never caught. It?s not hard to sneak banned objects on planes. (You should see the size of my toothpaste -- gargantuan.) As part of this experiment, which I wrote about originally for the Atlantic, I collaborated with security expert Bruce Schneier to see whether we could penetrate TSA checkpoints carrying fake boarding passes. Schneier manufactured these passes on his home computer. We didn?t attempt to board airplanes with these passes, but they did get us through security without delay. Which brings me back to the intrepid Mr. Noibi. At roughly the same time the TSA was humiliating Lena Reppert and her family, the TSA was itself being humiliated by Noibi, who seemed to beat the system because the TSA, almost 10 years after the Sept. 11 attacks, still has no way to ascertain at its checkpoints whether a boarding pass is genuine. A Brighter Idea The TSA?s defenders argue that the agency is more nimble than ever technologically, and they point to the new body- imaging machines as proof that its agents are equipped to discover weapons and explosives hidden under clothing. Except for one thing. The Obama administration announced last week that terrorists may be trying to carry surgically implanted bombs onto commercial flights. The body-imaging machines can?t see beneath the skin. So these machines are now officially irrelevant, thanks to the surgical innovators of al-Qaeda. The TSA is in a losing battle. So here?s a brighter idea: The government could recognize that it?s impossible to screen passengers (and cargo) for every type of banned material. If a terrorist plot has gone undiscovered by the world?s intelligence agencies, by the U.S. military, by the Federal Bureau of Investigation and by local law enforcement, the chance is high that the plotters are also more sophisticated than the TSA. It?s better to accept some level of risk, minimize the TSA?s ever more intrusive disruptions to American life, and redirect some of its enormous budget to agencies that can eliminate terrorist plots before they mature to the point that conspirators are boarding planes. The Noibi case shows that the TSA hasn?t proved it can secure our airports. And the Reppert scandal suggests that we pay, in dignity and privacy, far too high a price for security that is entirely symbolic. (Jeffrey Goldberg, a national correspondent for The Atlantic, is a Bloomberg View columnist. The opinions expressed are his own.) To contact the author of this column: Jeffrey Goldberg at goldberg.atlantic at gmail.com. From rforno at infowarrior.org Mon Jul 11 14:43:38 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jul 2011 15:43:38 -0400 Subject: [Infowarrior] - How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History Message-ID: <169D4480-9627-4D37-8968-729E70E63F86@infowarrior.org> How Digital Detectives Deciphered Stuxnet, the Most Menacing Malware in History ? By Kim Zetter ? July 11, 2011 It was January 2010, and investigators with the International Atomic Energy Agency had just completed an inspection at the uranium enrichment plant outside Natanz in central Iran, when they realized that something was off within the cascade rooms where thousands of centrifuges were enriching uranium. Natanz technicians in white lab coats, gloves and blue booties were scurrying in and out of the ?clean? cascade rooms, hauling out unwieldy centrifuges one by one, each sheathed in shiny silver cylindrical casings. Any time workers at the plant decommissioned damaged or otherwise unusable centrifuges, they were required to line them up for IAEA inspection to verify that no radioactive material was being smuggled out in the devices before they were removed. The technicians had been doing so now for more than a month. ?We were not immune to the fact that there was a bigger geopolitical picture going on. We were definitely thinking ? do I really want my name to be put on this?? ? Eric Chien Normally Iran replaced up to 10 percent of its centrifuges a year, due to material defects and other issues. With about 8,700 centrifuges installed at Natanz at the time, it would have been normal to decommission about 800 over the course of the year. But when the IAEA later reviewed footage from surveillance cameras installed outside the cascade rooms to monitor Iran?s enrichment program, they were stunned as they counted the numbers. The workers had been replacing the units at an incredible rate ? later estimates would indicate between 1,000 and 2,000 centrifuges were swapped out over a few months. The question was, why? Iran wasn?t required to disclose the reason for replacing the centrifuges and, officially, the inspectors had no right to ask. Their mandate was to monitor what happened to nuclear material at the plant, not keep track of equipment failures. But it was clear that something had damaged the centrifuges. What the inspectors didn?t know was that the answer they were seeking was hidden all around them, buried in the disk space and memory of Natanz?s computers. Months earlier, in June 2009, someone had silently unleashed a sophisticated and destructive digital worm that had been slithering its way through computers in Iran with just one aim ? to sabotage the country?s uranium enrichment program and prevent President Mahmoud Ahmadinejad from building a nuclear weapon. But it would be nearly a year before the inspectors would learn of this. The answer would come only after dozens of computer security researchers around the world would spend months deconstructing what would come to be known as the most complex malware ever written ? a piece of software that would ultimately make history as the world?s first real cyberweapon. < - big snip - > http://www.wired.com/threatlevel/2011/07/how-digital-detectives-deciphered-stuxnet/ From rforno at infowarrior.org Mon Jul 11 14:49:12 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jul 2011 15:49:12 -0400 Subject: [Infowarrior] - Booz Allen hacked Message-ID: <76E50C27-A8CA-46B8-92D5-CC7147E5D996@infowarrior.org> July 11, 2011 12:24 PM PDT Hackers claim they exposed Booz Allen Hamilton data by Elinor Mills http://news.cnet.com/8301-27080_3-20078498-245/hackers-claim-they-exposed-booz-allen-hamilton-data/ Hackers flying the AntiSec banner claimed today that they compromised a server at consulting firm Booz Allen Hamilton and have released internal data, including about 90,000 military e-mail addresses. "We infiltrated a server on their network that basically had no security measures in place. We were able to run our own application, which turned out to be a shell and began plundering some booty," the hackers wrote in a message on the Pastebin file storage site. "Most shiny is probably a list of roughly 90,000 military emails and password hashes (md5, non-salted of course!). We also added the complete sqldump, compressed ~50mb, for a good measure." The hackers also claimed to have grabbed source code, but said it was "insignificant" so they wiped it from the Booz Allen Hamilton system, as well as "maps and keys for various other treasure chests buried on the islands of government agencies, federal contractors and shady whitehat companies. This material surely will keep our blackhat friends busy for a while." Booz Allen Hamilton spokespeople did not immediately respond to e-mails and phone messages seeking comment. A representative for the company tweeted this message from the @BoozAllen Twitter account: "As part of @BoozAllen security policy, we generally do not comment on specific threats or actions taken against our system." AntiSec, an offshoot of online activist group Anonymous and hackers known as "LulzSec," had earlier this year hacked into servers owned by information security firm HBGary Federal after the company said it was working with the FBI to unmask the Internet activists. The data revealed from that attack included contact information for HBGary executives, personal and corporate e-mails and log-in credentials for Twitter and other sites. The group also claimed to expose information about undercover operations on behalf of Bank of America to counter WikiLeaks, on behalf of the U.S. Chamber of Commerce to spy on unions, and plans to develop software that would allow for the creation of multiple fake social media profiles to infiltrate discussion groups and manipulate opinion on the sites and discredit people, as well as to match personas online with offline identities. Security firm and government contractor "HBGary Federal was just one of several companies involved in proposing software solutions for this project. Another company involved was Booz Allen Hamilton," the AntiSec statement alleges. "Anonymous has been investigating them for some time, and has uncovered all sorts of other shady practices by the company, including potentially illegal surveillance systems, corruption between company and government officials, warrantless wiretapping, and several other questionable surveillance projects." AntiSec also includes an "invoice for our audit of your security systems," for a total of $310, for four hours of work. From rforno at infowarrior.org Mon Jul 11 14:51:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jul 2011 15:51:51 -0400 Subject: [Infowarrior] - Judge Drops Key Claim In MPAA's Case Agaisnt Hotfile: Cyberlocker Didn't Directly Infringe Message-ID: Judge Drops Key Claim In MPAA's Case Agaisnt Hotfile: Cyberlocker Didn't Directly Infringe from the a-good-start dept http://www.techdirt.com/articles/20110711/10591815046/judge-drops-key-claim-mpaas-case-agaisnt-hotfile-cyberlocker-didnt-directly-infringe.shtml The MPAA has recently decided that "cyberlockers" are enemy number one on its most wanted list, even though they serve perfectly legitimate purposes. As something of a test case, the MPAA sued Hotfile (and its owner, directly) with an astonishingly weak case. After reading it, we were surprised that it didn't include more detail. The case seemed full of conjecture and claims that simply didn't match with reality. While I still think the main show is whether or not Hotfile is guilty of secondary infringement via inducement, the MPAA was certainly betting on a direct infringement claim to be a key part of the argument. Thankfully, the judge wasted little time in dismissing the direct infringement claims. The judge points out, as we did in our initial post on the lawsuit, that the MPAA's weak filing fails to point out any evidence of direct infringement: "Nothing in the complaint alleges that Hotfile or Mr. Titov took direct, volitional steps to violate the plaintiffs' infringement. There are no allegations, say, that Hotfile uploaded copyrighted material. Therefore, under the great weight of authority, the plaintiffs have failed to allege direct copyright infringement." Where this becomes really important is that it means that Hotfile may be protected by the DMCA's safe harbors. Direct infringement isn't covered by the safe harbors. Now, the case will shift (among other things) to see whether or not (like YouTube and Veoh) Hotfile has correctly met the conditions to get safe harbor protection. Of course, it's entirely likely that the MPAA, in its quixotic quest, will appeal this particular part of the ruling, but next time, they should try to provide some actual evidence of direct infringement rather than just insisting that it must be true. From rforno at infowarrior.org Mon Jul 11 14:52:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jul 2011 15:52:35 -0400 Subject: [Infowarrior] - Congress Condemns Belarus For Doing A Bunch Of Things It Wants To Do Message-ID: <7AD304DE-293A-4A36-99B0-5DFD354E8B2F@infowarrior.org> Congress Condemns Belarus For Doing A Bunch Of Things It Wants To Do from the seriously? dept http://www.techdirt.com/articles/20110708/16455715027/congress-condemns-belarus-doing-bunch-things-it-wants-to-do.shtml Recently, the House of Representatives passed a resolution condemning Belarus for various human rights violations. It lists out all the various rights violations, and some of them are certainly pretty bad, and I have no doubt that the government of Belarus is doing some highly questionable things. Yet, there's one section of the resolution that seems especially interesting, given certain actions in Congress lately: The Government of Belarus has restricted freedom of expression on the Internet by requiring Internet Service Providers to maintain data on Internet users and the sites they view and to provide such data to officials upon request, and by creating a government body with the authority to require Internet Service Providers to block Web sites. Fascinating. Because, Congress here in the US is currently debating two bills that seem to do exactly that as well. There's the data retention bill (disguised as an anti-child porn bill) and there's the PROTECT IP Act, which would give the government power to require ISPs to effectively block web sites. It's as if Congress doesn't even realize what it's doing and what it's saying. From rforno at infowarrior.org Mon Jul 11 19:59:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 11 Jul 2011 20:59:56 -0400 Subject: [Infowarrior] - DOJ: We can force you to decrypt that laptop Message-ID: (c/o d) July 11, 2011 12:07 AM PDT DOJ: We can force you to decrypt that laptop by Declan McCullagh http://news.cnet.com/8301-31921_3-20078312-281/doj-we-can-force-you-to-decrypt-that-laptop/ The Colorado prosecution of a woman accused of a mortgage scam will test whether the government can punish you for refusing to disclose your encryption passphrase. The Obama administration has asked a federal judge to order the defendant, Ramona Fricosu, to decrypt an encrypted laptop that police found in her bedroom during a raid of her home. Because Fricosu has opposed the proposal, this could turn into a precedent-setting case. No U.S. appeals court appears to have ruled on whether such an order would be legal or not under the U.S. Constitution's Fifth Amendment, which broadly protects Americans' right to remain silent. In a brief filed last Friday, Fricosu's Colorado Springs-based attorney, Philip Dubois, said defendants can't be constitutionally obligated to help the government interpret their files. "If agents execute a search warrant and find, say, a diary handwritten in code, could the target be compelled to decode, i.e., decrypt, the diary?" < - > http://news.cnet.com/8301-31921_3-20078312-281/doj-we-can-force-you-to-decrypt-that-laptop/ From rforno at infowarrior.org Tue Jul 12 06:03:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jul 2011 07:03:56 -0400 Subject: [Infowarrior] - Germany Probing Disappearance of Spy Agency Blueprint Message-ID: Germany Probing Disappearance of Spy Agency Blueprint By Patrick Donahue - Jul 11, 2011 11:34 AM ET http://www.bloomberg.com/news/2011-07-11/germany-investigating-disappearance-of-spy-agency-headquarters-blueprints.html (Corrects spelling of USB in fifth paragraph.) Germany said it?s investigating the possible disappearance of design plans for the new headquarters of the country?s top spy agency in central Berlin. The classified blueprints for Germany?s Federal Intelligence Service, or BND, were taken from the headquarters? secure construction site in the German capital?s Mitte district, Focus magazine reported on July 10. Officials are under ?great pressure? to find out the extent of any security breach. ?This is a serious situation,? government spokesman Steffen Seibert told reporters today in Berlin. ?The government has keen interest in clarifying this situation quickly.? A disappearance could be a blow for the spy agency, possibly preventing foreign counterparts from sharing intelligence. The designs contain sensitive data on the building?s technology and logistics facilities as well as the position of emergency exits, security and cable layouts, Focus said. The magazine didn?t say how it obtained the information. The data, likely stored in a USB stick, was stolen a year ago, forcing building planners to redesign the interior of the building, ARD television reported today, citing an unnamed government official. The incident will likely add to the cost of 1.3 billion euros ($1.8 billion), the broadcaster said. Thomas Oppermann, a floor leader for the opposition Social Democrats in parliament, called for swift action by the Transport Ministry, which is in charge of construction projects, and criticized Chancellor Angela Merkel for the incident. ?The chancellery has to ask itself why it either knew nothing about this case or why it didn?t inform the Bundestag,? Oppermann said, referring to the lower house of parliament. The government decided in 2003 to move the BND to Berlin from the town of Pullach outside of Munich, where it?s been located since after World War II. The complex, which will employ 4,000 employees, covers 260,000 square meters (2.8 million square feet) and stands on a site once occupied by East Germany?s Stadium of World Youth. The BND was formed in 1956 as the successor to ?Organization Gehlen,? a U.S. Central Intelligence Agency- backed spy network created under Reinhard Gehlen, a former Nazi general. Gehlen?s intelligence activities on Germany?s eastern front during the war were exploited by the American government against the Soviet Union. To contact the reporter on this story: Patrick Donahue in Berlin at at pdonahue1 at bloomberg.net. From rforno at infowarrior.org Tue Jul 12 07:36:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jul 2011 08:36:47 -0400 Subject: [Infowarrior] - Spin This: Cisco To Fire 10,000 Message-ID: (c/o lyger) Spin This: Cisco To Fire 10,000 A year after the outgoing secretary of the treasury top ticked the economy and ushered in QE 2 with his abysmal NYT op-ed "Welcome to the Recovery" it is only appropriate that we get news that Cisco is preparing to fire 10,000, or 14% of its entire workforce, over and above the number of people that the company said was going to be let go in May. "The cuts include as many as 7,000 jobs that would be eliminated by the end of August, said the people, who asked not to be identified because the plans aren?t final. Cisco, based in San Jose, California, is also providing early-retirement packages to about 3,000 workers who took buyouts, the people said. Cisco Chief Executive Officer John Chambers is slashing jobs and exiting less-profitable businesses as competitors such as Juniper Networks Inc. (JNPR) and Hewlett-Packard Co. (HPQ) take market share in Cisco?s main businesses with lower-priced, simpler products. Sales of Cisco?s switches and routers, which made up more than half of revenue last year, will continue to slip, said Brian Marshall, an analyst at Gleacher & Co." All in the name of the bottom line: "Eliminating jobs will help Cisco wring $1 billion in expenses in fiscal 2012, the company said in May. Cisco expects costs of $500 million to $1.1 billion in the fiscal fourth quarter as a result of the voluntary early retirement program, it said in a quarterly filing." < -- > http://www.zerohedge.com/article/spin-cisco-fire-10000 From rforno at infowarrior.org Tue Jul 12 20:36:38 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 12 Jul 2011 21:36:38 -0400 Subject: [Infowarrior] - DOD to Announce First Cyberspace Strategy Message-ID: DOD to Announce First Cyberspace Strategy http://www.defense.gov/advisories/advisory.aspx?advisoryid=3367 Deputy Secretary of Defense William J. Lynn III will announce the Department of Defense Strategy for Operating in Cyberspace (DSOC) on Thursday July 14 at 1 p.m. EDT at the National Defense University, Marshall Hall, (Building 62, Room 155), Fort Lesley J. McNair, Washington, D.C. He will be joined by Gen. James E. Cartwright, vice chairman of the Joint Chiefs of Staff. A media availability will immediately follow the DSOC announcement. Journalists wishing to attend this event should contact Dave Thomas by e-mail at thomasd2 at ndu.edu or 202-685-3140. Media must arrive between 11 a.m. and noon to have sufficient time to set up. Proof of affiliation and drivers license are also required for gate access. Those driving should enter the gate on 2nd Street S.W. to allow time for a vehicle security search. Pedestrians should enter at 4th and P Street S.W. From rforno at infowarrior.org Wed Jul 13 06:12:19 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jul 2011 07:12:19 -0400 Subject: [Infowarrior] - U.S., Russia Forge Cybersecurity Pact Message-ID: <6AD75D85-0F5D-4F6C-B339-751DC7044970@infowarrior.org> http://www.informationweek.com/news/government/security/231001440 U.S., Russia Forge Cybersecurity Pact The two countries plan to regularly share information and improve communication on security, as part of Obama administration plan. By Elizabeth Montalbano InformationWeek July 12, 2011 02:01 PM The United States plans to start regularly sharing cybersecurity information with Russia as part of the Obama administration's efforts to re-establish closer ties to that country and clear up misconceptions surrounding the two nations' cyber policies. Cybersecurity officials from both countries met last month to discuss policy coordination at a Russian delegation in Washington led by Russian National Security Council Deputy Secretary Nikolay Klimashin, according to a White House blog post by U.S. Cybersecurity Coordinator Howard Schmidt. "Both the U.S. and Russia are committed to tackling common cybersecurity threats while at the same time reducing the chances a misunderstood incident could negatively affect our relationship," he said. Misunderstood incidents may include attacks on U.S. government infrastructure and networks by Russian hackers, who have raised their threat profile significantly in the last several years. The recent attacks on networks either owned by or containing information related to the federal government by Anonymous, LulzSec, and AntiSec hactivist groups have shed new light on this risk. At the meeting, officials made a pact for collaboration on cybersecurity, including the exchange of military views on cyberspace operations and a regular information exchange between the Computer Emergency Response/Readiness Teams (CERTs) of both countries, according to a joint statement about the meeting by Schmidt and Klimashin. The two countries also plan to use existing crisis-prevention communications links between the two countries to establish protocols for communicating about cybersecurity, they said. "While deepening mutual understanding on national security issues in cyberspace, these measures will help our two governments better communicate about small- and large-scale threats to our networks, facilitate better collaboration in responding to those threats, and reduce the prospect of escalation in response to crisis incidents," officials said. The two countries agreed to implement the cybersecurity measures by the end of the year, they added. Just as the political relationship historically between the United States and Russia has been strained, so have their ideas about cybersecurity. In 2009 the two countries famously disagreed over the issue, with Russia favoring an international treaty to secure cyberspace against threats and the United States promoting instead more intimate cooperation among international law-enforcement officials. Fostering better collaboration with foreign nations on cyberspace policy is a key aspect of President Obama's International Strategy for Cyberspace Policy, which he released in May. From rforno at infowarrior.org Wed Jul 13 07:30:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jul 2011 08:30:56 -0400 Subject: [Infowarrior] - =?windows-1252?q?Europe_Tries_to_Curb_U=2ES=2E_Ro?= =?windows-1252?q?le_in_Tracking_Terrorists=92_Funds?= Message-ID: Europe Tries to Curb U.S. Role in Tracking Terrorists? Funds By JAMES KANTER Published: July 13, 2011 https://www.nytimes.com/2011/07/14/world/europe/14terror.html?_r=1&hp BRUSSELS ? The European Commission on Wednesday presented proposals for tracking the finances of terrorists in Europe that are aimed at ending the primary role of the United States in those efforts. The European Union needed ?to find a European solution for extracting the requested data on European soil,? said Cecilia Malmstr?m, the E.U. commissioner for home affairs. Many E.U. lawmakers have long objected to an existing program that sends information on financial transactions in bulk to the United States where it is sifted for evidence of terror plots. That program was established by the administration of George W. Bush in the wake of the attacks on the United States on Sept. 11, 2001. The program became a symbol of differences between the United States and the European Union over how to balance personal privacy guarantees with concerns on national and international security. Ms. Malmstr?m?s proposals could help to quell criticisms that financial tracking jeopardizes European standards of privacy by establishing a parallel system that would share tips with the United States and other powers. Any European system ?would need to fully respect fundamental rights, and in particular ensure a high level of data protection,? said Ms. Malmstr?m. A key objective would be ?limiting the amount of personal data transferred to the U.S.,? according to a statement by Ms. Malmstr?m?s department. The commission already has discussed plans to create a so-called European Terrorist Finance Tracking System with the American authorities who have participated in expert meetings on the initiative. But a European system still could cost nearly 50 million euros to implement and about 11 million euros in annual running costs. Depending on how a European system was designed, it also could require unprecedented cooperation among the security services of fractious E.U. member states, raising questions about feasibility. The current program allows American agencies to get access to European banking data held by a cooperative ? the Society for Worldwide Interbank Financial Telecommunication, or Swift ? which is responsible for routing trillions of dollars daily among banks, brokerage houses, stock exchanges and other institutions. But members of the European Parliament and other campaigners have complained for years that the program undermines privacy because it requires large batches of information to be sent to the United States for analysis and storage there. Frustration among members of the Parliament welled up in February 2010, when they vetoed a previous accord and deprived the United States of access to the information. The European Commission, the E.U. executive, then led negotiations with the United States to win assurances that any requests for information would be evaluated by the European police agency, Europol. The European Parliament approved a revised agreement in July 2010. But some lawmakers who approved that agreement have criticized Europol for too readily approving American requests for large amounts of data, and they have suggested they could withdraw their support again in the future. From rforno at infowarrior.org Wed Jul 13 08:22:37 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jul 2011 09:22:37 -0400 Subject: [Infowarrior] - More on....Encryption defense attorney fights DOJ demands (Q&A) References: <535BB549-59DB-460A-808B-CAA28EE47C12@yahoo.com> Message-ID: Via KM. Begin forwarded message: > Ran across this after the article Declan wrote about the story. He has followed up with a Q & A with the lawyer defending the lady in question. > > Encryption defense attorney fights DOJ demands (Q&A) > CNET NEWS | JULY 13, 2011 > http://pulse.me/s/EOQM > > The U.S. Department of Justice is determined to make sure that a case in Colorado will set a legal precedent allowing it to ... Read more -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Wed Jul 13 09:42:12 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jul 2011 10:42:12 -0400 Subject: [Infowarrior] - Bernanke: Fed May Launch New Round of Stimulus Message-ID: <8BA3848F-3F3E-4C4A-8988-C8C29699C57A@infowarrior.org> Bernanke: Fed May Launch New Round of Stimulus ECONOMY, FED, BERNANKE, Posted By: Jeff Cox | CNBC.com Staff Writer CNBC.com | 13 Jul 2011 | 10:40 AM ET http://www.cnbc.com/id/43739458 Federal Reserve Chairman Ben Bernanke told Congress Wednesday that a new stimulus program is in the works that will entail additional asset purchases, the clearest indication yet that the central bank is contemplating another round of monetary easing. Bernanke said in prepared remarks that the economy is growing more slowly than expected, and should that continue the central bank stands at the ready with more accommodative measures. "Once the temporary shocks that have been holding down economic activity pass, we expect to again see the effects of policy accommodation reflected in stronger economic activity and job creation," he said "However, given the range of uncertainties about the strength of the recovery and prospects for inflation over the medium term, the Federal Reserve remains prepared to respond should economic developments indicate that an adjustment in the stance of monetary policy would be appropriate." Markets reacted immediately to the remarks, sending stocks up sharply in a matter of minutes. Gold prices continued to surge past record levels, while Treasury yields moved higher as well. The Fed recently completed the second leg of its quantitative easing program, buying $600 billion worth of Treasurys in an effort to boost liquidity and get investors to purchase riskier assets. While stocks rose about 6 percent through the course of the program, nicknamed QE2, economic progress has remained elusive. U.S. gross domestic product grew just 1.9 percent in the first three months of the year, and the second quarter does not appear to have been much better. For 2011 as a whole, the Fed sees U.S. GDP expanding 2.7 percent to 2.9 percent, down from forecasts in a range of 3.1 percent to 3.3 percent back in April. Unemployment has taken a turn higher as well, with the economy creating just 18,000 jobs in June and the jobless rate edging higher to 9.2 percent. Minutes to the central bank's June meeting on Tuesday suggested that, while some members were pondering the possible need for additional easing amid a weak economy, the Fed is not yet ready to take any further action. But the minutes also reflected divisions within the central bank over further easing, and Bernanke's speech provided a further indicator that a QE3 move is far from off the table. "Even with the federal funds rate close to zero, we have a number of ways in which we could act to ease financial conditions further," Bernanke said. Among the options he outlined: "More explicit guidance" regarding how long rates and the size of the Fed's $2.6 trillion balance sheet will remain at current levels; more securities purchases to increase the average maturity; and cutting the interest paid to banks on reserves at the Fed, a move that would encourage the institutions to put more money to work. "Of course, our experience with these policies remains relatively limited, and employing them would entail potential risks and costs," he said. "However, prudent planning requires that we evaluate the efficacy of these and other potential alternatives for deploying additional stimulus if conditions warrant." ? 2011 CNBC.com URL: http://www.cnbc.com/id/43739458/ From rforno at infowarrior.org Wed Jul 13 09:44:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jul 2011 10:44:55 -0400 Subject: [Infowarrior] - Feds on Domain Seizures: If We Give It Back, They'll Infringe Again Message-ID: (c/o JH) Feds Respond To Rojadirecta's Challenge To Domain Seizures: If We Give It Back, They'll Infringe Again from the do-they-not-understand-the-internet dept Last month, we were the first to report on the fact that the Spanish company Puerto 80 had petitioned the US governmentto have it return its domains, which were seized, under questionable reasoning, by Homeland Security's Immigration & Customs Enforcement (ICE) division. The government, who as detailed in that petition has been trying to avoid any kind of legal fight, first got the court to allow it to delay filing a response. But the time finally ran out, and the Justice Department, led by US Attorneys Preet Bharara and Chris Frey -- who have been the DOJ pointmen on these seizures --have officially responded, claiming that the domains should not be given back or (*gasp*) infringement might occur again! < -- > http://www.techdirt.com/articles/20110713/00485515074/feds-respond-to-rojadirectas-challenge-to-domain-seizures-if-we-give-it-back-theyll-infringe-again.shtml From rforno at infowarrior.org Wed Jul 13 18:02:02 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 13 Jul 2011 19:02:02 -0400 Subject: [Infowarrior] - Matt Blaze: Wiretapping and Cryptography Today Message-ID: Wiretapping and Cryptography Today Report from the sky didn't fall department. http://www.crypto.com/blog/wiretap2010 The 2010 U.S. Wiretap Report was released a couple of weeks ago, the latest in a series of puzzles published annually, on and off, by congressional mandate since the Nixon administration. The report, as its name implies, summarizes legal wiretapping by federal and state law enforcement agencies. The reports are puzzles because they are notoriously incomplete; the data relies on spotty reporting, and information on "national security" (FISA) taps is excluded altogether. Still, it's the most complete public picture of wiretapping as practiced in the US that we have, and as such, is of likely interest to many readers here. We now know that there were at least 3194 criminal wiretaps last year (1207 of these were by federal law enforcement and 1987 were done by state and local agencies). The previous year there were only 2376 reported, but it isn't clear how much of this increase was due to improved data collection in 2010. Again, this is only "Title III" content wiretaps for criminal investigations (mostly drug cases); it doesn't include "pen registers" that record call details without audio or taps for counterintelligence and counterterrorism investigations, which presumably have accounted for an increasing proportion of intercepts since 2001. And there's apparently still a fair bit of underreporting in the statistics. So we don't really know how much wiretapping the government actually does in total or what the trends really look like. There's a lot of noise among the signals here. But for all the noise, one interesting fact stands out rather clearly. Despite dire predictions to the contrary, the open availability of cryptography has done little to hinder law enforcement's ability to conduct investigations. Since 2002, the annual wiretap report has included a curious statistic: the number of times law enforcement encountered encryption on an authorized tap, along with the number of times that this prevented them from getting the evidence they were seeking. Those who followed the politics of wiretapping in the 1990's can be forgiven for assuming that the number of investigations thwarted by criminal cryptography today should be large and growing. We were repeatedly warned throughout that decade, after all, that the unfettered availability of crypto in private hands would sound the deal knell for the government's ability to investigate all manner of serious crime. And for the last ten years of the twentieth century -- the period when much of the architecture of the modern Internet was created -- US policy actively discouraged the incorporation of basic security technology in our computing infrastructure, lest it might help some future criminal conspiracy cover its tracks. It also meant that the computers, phones, and other gadgets used by the rest of us used would have to remain exposed to other criminals -- those who might want to illegally exploit the very same surveillance techniques that the government hoped to preserve for itself. The results for cyber-security, you might recall, weren't very pretty. We effectively gave the bad guys a big head start before we started securing things. But cryptography has recently been catching up. In 2000, government policy finally reversed course, acknowledging that encryption needed to become a critical part of security in modern networks, something that deserved to be encouraged, even if it might occasionally cause some trouble for law enforcement wiretappers. And since that time the transparent use of cryptography by everyday people (and criminals) has, in fact, exploded. Crypto software and algorithms, once categorized for arms control purposes as a "munition" alongside rocket launchers and nuclear triggers, can now be openly discussed, improved and incorporated into products and services without the end user even knowing that it's there. Virtually every cellular telephone call is today encrypted and effectively impervious to unauthorized over-the-air eavesdropping. Web transactions, for everything from commerce to social networking, are now routinely encrypted end-to-end. (A few applications, particularly email and wireline telephony, remain stubbornly unencrypted, but they are increasingly the exception rather than the rule.) So, with this increasing proliferation of eavesdrop-thwarting encryption built in to our infrastructure, we might expect law enforcement wiretap rooms to have become quiet, lonely places. But not so fast: the latest wiretap report identifies a total of just six (out of 3194) cases in which encryption was encountered, and that prevented recovery of evidence a grand total of ... (drumroll) ... zero times. Not once. Previous wiretap reports have indicated similarly minuscule numbers. What's going on here? Shouldn't all this encryption be affecting government eavesdroppers at least a little bit more than the wiretap report suggests? Do the police know something about cryptanalysis that the rest of us don't, enabling them to effortlessly decrypt criminal messages in real time without batting an eye? Is AES (the federally-approved algorithm that won an open international competition for a new standard block cipher in 2001) part of an elaborate conspiracy to lull us into a sense of complacency while enabling the government to secretly spy on us? Perhaps, but the likely truth is far less exciting, and ultimately, probably more comforting. The answer is that faced with encryption, capable investigators in federal and local law enforcement have done what they have always done when new technology comes around: they've adapted their methods in order to get their work done. Widespread encryption, rather than shutting down police wiretaps, has actually pushed them in a more reliable -- and accountable -- direction. This is because while traffic encryption is highly effective at preventing wholesale, un-targeted interception, it does surprisingly little to prevent targeted government eavesdropping in the complex architectures of modern computing and communication technologies. Today's encryption algorithms are believed to be effectively secure in practice, in the sense that they make it infeasible for even an adversary with the resources of a government to obtain cleartext from ciphertext without access to the key. But a government eavesdropper doesn't have to limit itself to that scenario for a wiretap target. They can instead exploit the fact that the cleartext (or the keys to decrypt it) for almost all encrypted traffic today is typically available, somewhere, on a general-purpose computer that is exposed to government access, either explicitly or through surreptitious means. And as systems become more sophisticated and incorporate more features, the exposure of cleartext and keys to third party access tends to increase correspondingly. Take, for example, that most ubiquitous instrument of criminal (and legitimate) communication, the cellular phone. In the 1990's, most cellular calls were transmitted over the air as unencrypted analog signals, easily intercepted, by police and curious neighbor alike, with an inexpensive radio receiver. Today cellular signals are almost always encrypted, making over-the-air interception a losing proposition. But the 2010 wiretap reports tells us that the majority of law enforcement wiretaps were for cellular calls, and that encryption was not a barrier. This is because, by 2010, investigators had moved on from over-the-air interception. They found ways instead to tap cellphones at the endpoint where plaintext is available (in the cellular phone company where the call connects to the wireline network). Did the move to encrypted cellphones cause inconvenience and worry to investigators accustomed to intercepting their targets' calls over the air and without needing help from the phone company? No doubt. But the result is that legal wiretap evidence is now much more reliable (it doesn't depend on the listening post being in range of the target's phone), and, at the same time, illegal cellular intercepts are now much harder to perform or hide (since taps now require help from the phone company). And your nosey neighbor has been cut out of the picture entirely. Targeted tapping remains possible even in systems where the endpoint might not willingly cooperate with an investigation or where encryption is end-to-end (such as with encrypted web traffic). In such systems, the endpoints that hold the cleartext or keys are almost always general purpose computers, with all the complexity that makes them susceptible to other kinds of targeted interception. For better or for worse, the sad state of the security art today is that a sophisticated eavesdropper -- a government spy -- can almost always find and exploit a vulnerability that lets them take control of a modern computing platform (have you updated your anti-virus software lately? It probably doesn't matter). But again, it's hard to do this wholesale against everyone; it requires sustained effort aimed at each particular target. Law enforcement can -- and does -- exploit this in conducting investigations. In a famous example from 2001, suspected mobster Nicodemo Scarfo encrypted his computer files using PGP software. Clever FBI agents quietly -- and successfully -- installed a keystroke monitor that captured his passphrase and allowed them to decrypt his files, evidence obtained. Today, these agents would have even more options available. What does all this mean for today? Periodically, government eavesdroppers in law enforcement and intelligence agencies, worried that their ability to intercept will soon "go dark" because of some technological advance on the horizon, sound the alarm to urge that new technology be designed to accommodate their wiretapping needs. And, to be sure, their concerns are as genuine as the work they do is vital. But as we saw from the 1990's crypto debate, the eavesdroppers proved far more resilient than they themselves predicted. Yet the resulting delay in deploying encryption and related technologies yielded disastrous results for the security of the Internet from which we are only now beginning to recover. We're hearing similar alarms raised today about new communication services, such as VoIP and peer-to-peer networking, that cannot be intercepted with current techniques. To be sure, many of the crimes that will be investigated by intercepting these services will be serious, and the concerns of the agents about their ability to gather evidence genuine and heartfelt. And some of these new systems, today and going forward, will definitely present challenges to wiretappers. But the appropriate, time tested response to predictions that law enforcement will soon "go dark", whether now or in the 1990's, is healthy skepticism. Investigators have shown themselves, again and again, to be remarkably adaptable when faced with new technology. And absent a major (and unforeseen) breakthrough in computer security, technology will remain, for good or evil, increasingly on the side of the eavesdropper. The issues and tradeoffs in modern wiretapping are complex and subtle, and understanding them well requires a breadth and depth of knowledge across technology, law, history, and public policy. I can think of no better place to start (or end up) than Susan Landau's excellent new book Surveillance or Security: The Risks Posed by New Wiretapping Technologies (MIT Press, 2011). From rforno at infowarrior.org Thu Jul 14 06:32:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jul 2011 07:32:55 -0400 Subject: [Infowarrior] - DHS plans to spend $300 million on troubled radiation detectors Message-ID: <131F4530-F9AE-41C5-B7C5-E95DE96364EB@infowarrior.org> DHS plans to spend $300 million on troubled radiation detectors By Robert O?Harrow Jr., Thursday, July 14, 12:04 AM http://www.washingtonpost.com/business/dhs-plans-to-spend-300-million-on-troubled/2011/07/13/gIQA6gmPDI_story.html The Department of Homeland Security plans to spend more than $300 million over the next four years on radiation-detection equipment that has not been fully tested and may not work, according to a budget request and an unreleased report by the Government Accountability Office. The department?s plan is the latest in a series of efforts involving the troubled Advanced Spectroscopic Portal machine, which was touted by the George W. Bush administration as an advanced way to prevent the importation of radioactive materials that could be used in a nuclear or dirty bomb. In January, the National Academy of Sciences released a report that found there was no way to know whether the machines, known as ASPs, worked as promised. An academy panel found that in promoting the machines to Congress, the department?s Domestic Nuclear Detection Office had presented its findings ?in ways that are incorrect and potentially misleading.? That report followed the department?s decision to abandon plans to use ASPs for primary screening at ports and borders because of such questions. Now, the nuclear detection office said it intends to buy up to 400 ASPs by 2016, according the office?s budget request, even though the department has not fulfilled internal requirements to conduct an independent review of the results of ASP testing before buying the equipment, according to the new GAO report. Homeland security officials responsible for testing and evaluation do not plan to conduct such an independent assessment, the GAO found. The department had said such assessments would be mandatory for large technology projects, as part of acquisition reforms adopted in response to chronic problems with the ASP program and other high-cost systems. The GAO said that without such an assessment, the department lacks ?the input it needs to determine whether ASP is ready to progress toward production and deployment. This is especially important, given that program?s troubled history.? Department officials agreed with the GAO on the need for an independent assessment, the report said. But the department told the GAO that it is reviewing the ASP program and that no new tests of the machines have been scheduled, the report said. ?The bottom line is that the ASP program has cost the department five years in the race to strengthen the nation?s domestic defenses against nuclear terrorism,? said Sen. Joseph I. Lieberman (I-Conn.), chairman of the Senate Homeland Security and Governmental Affairs Committee, who has long reviewed the program. ?At this point, it is critical that the department begin working on a plan B for accelerating improvement in the performance of current generation radiation portal monitors.? The ASP program was promoted as one of the Bush administration?s top national security efforts. In 2006, Congress approved $1.2 billion for the machines. But GAO investigators and congressional overseers discovered that the nuclear detection office had underestimated the costs, overstated the benefits and provided misleading information to Congress. Congress required that the homeland security secretary personally certify the effectiveness of the machines before deployment. Preliminary tests of the machines in recent years revealed numerous problems. In February 2010, Obama administration officials told Lieberman that they had decided to sharply scale back the ASP program because of continuing questions about its costs and performance. But in February this year, department officials said in a budget document that they intended to use the machines widely for secondary screening. The department said that ?between 300 and 400 ASP systems are required to complete the currently planned build-out.? From rforno at infowarrior.org Thu Jul 14 06:34:34 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jul 2011 07:34:34 -0400 Subject: [Infowarrior] - Pentagon To Outline Cybersecurity Strategy That Offers More Tools Message-ID: Washington Post July 14, 2011 Pg. 6 http://www.washingtonpost.com/national/national-security/pentagon-to-unveil-cybersecurity-strategy/2011/07/12/gIQADG4ADI_story.html Pentagon To Outline Cybersecurity Strategy That Offers More Tools But officials will stress that thrust of U.S. policy is defensive By Ellen Nakashima The Pentagon is set to unveil Thursday a strategy for protecting its computer systems that goes beyond erecting firewalls and stresses the use of sensors, software and data collected by U.S. intelligence, U.S. officials said. At the same time, officials have labored to make their ?Cyber 3.0? strategy not appear too bellicose in an effort to counter perceptions that the United States is militarizing cyberspace, according to people briefed on the process. Those perceptions have been driven by the creation of U.S. Cyber Command, a military organization that is allied with the government?s largest and most technologically sophisticated spy agency, the National Security Agency. The Pentagon also has declared that cyberspace is a new ?domain? of warfare ? alongside air, land, sea and space. But drafts of a speech introducing the policy, set for delivery Thursday by Deputy Defense Secretary William J. Lynn III, suggest that officials want to tamp down criticism that U.S. cybersecurity policy is more offensive than defensive. ?Far from militarizing cyberspace, our strategy of securing networks to deny the benefit of an attack will help dissuade military actors from using cyberspace for hostile purposes,? reads one section of a draft obtained by the online publication Nextgov. The strategy?s rollout was delayed by more than six months, in part to avoid preempting the White House?s release of a global cybersecurity strategy and in part to work through concerns that the language could fuel perceptions of military dominance, said experts briefed on the strategy who spoke on the condition of anonymity because the briefings were confidential. The State Department and other agencies argued that defining cyberspace as a war-fighting domain would complicate relationships with international partners wary of U.S. military domination of cyber security policy, they said. In the end, according to U.S. officials, the Pentagon agreed to refer to cyberspace as a domain strictly in terms of defending military networks rather than as a full-fledged arena of warfare. The strategy, which has been two years in the making, is expected to emphasize that officials consider a military response to current cyber intrusions unlikely. ?Although it is certainly possible that a destructive or disruptive cyber attack could have an impact analogous to physical hostilities and therefore constitute an act of war, the vast majority of malicious cyber activity today would not cross this threshold, or justify a military response,? says another draft of Lynn?s speech. In fact, the strategy does not specify how the United States might use computers in a direct attack, said several military officials, who said the document missed an opportunity to delineate how and when offensive means should be used. The Pentagon?s strategy builds on the White House?s May release of its global cybersecurity strategy, which declared that the United States would ?oppose those who seek to disrupt networks and systems, dissuading and deterring malicious actors, and reserving the right to defend these vital national assets as necessary and appropriate.? The Pentagon strategy?s five ?pillars? have been outlined in speeches before and include the establishment of ?active defenses? such as sensors and software that can make networks more resilient. Such technologies have prompted debate within the Pentagon over whether they may be used to neutralize potentially malicious code in an adversary?s system ? a course of action that could cross the line into offense. The U.S. military has developed cyber weapons that can be used to deter an adversary from using its computer systems to attack the United States. They include viruses that can sabotage an opponent?s critical networks, similar to the Stuxnet virus, which damaged an Iranian nuclear facility, military officials said. Outside war, such weapons require presidential authority to be used, the officials said. In March, in response to concerns from various departments and agencies, the White House prepared draft guidance that discussed use of the word ?domain? to refer to cyberspace. The unclassified document, which was never formally issued but was obtained by The Washington Post, noted that ?the lack of public understanding about the nature and parameters of U.S. military activity in cyberspace mandates messaging on this issue be precise.? The guidance included the directive that ?Cyberspace .?.?. is not to be characterized as a ?warfighting,? ?military? or ?operational? domain.? The phrase ?cyber domain,? it continued, ?is to be replaced with ?cyberspace? whenever possible.? From rforno at infowarrior.org Thu Jul 14 07:51:08 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jul 2011 08:51:08 -0400 Subject: [Infowarrior] - OT: John Cleese on 2011 Terror Threats Message-ID: <8EF81BAF-345C-48BB-B598-227598929181@infowarrior.org> Dunno how I missed this one when it came out. -- rick ALERTS TO TERROR THREATS IN 2011 EUROPE By John Cleese http://www.eetimes.com/electronics-blogs/other/4217085/England-raises-security-level-from--Miffed--to--Peeved-?cid=NL_MilAero&Ecosystem=military-aerospace-design The English are feeling the pinch in relation to recent terrorist threats and have therefore raised their security level from "Miffed" to "Peeved." Soon, though, security levels may be raised yet again to "Irritated" or even "A Bit Cross." The English have not been "A Bit Cross" since the blitz in 1940 when tea supplies nearly ran out. Terrorists have been re-categorized from "Tiresome" to "A Bloody Nuisance." The last time the British issued a "Bloody Nuisance" warning level was in 1588, when threatened by the Spanish Armada. The Scots have raised their threat level from "Pissed Off" to "Let's Get the Bastards." They don't have any other levels. This is the reason they have been used on the front line of the British army for the last 300 years. The French government announced yesterday that it has raised its terror alert level from "Run" to "Hide." The only two higher levels in France are "Collaborate" and "Surrender." The rise was precipitated by a recent fire that destroyed France's white flag factory, effectively paralyzing the country's military capability. Italy has increased the alert level from "Shout Loudly and Excitedly" to "Elaborate Military Posturing." Two more levels remain: "Ineffective Combat Operations" and "Change Sides." The Germans have increased their alert state from "Disdainful Arrogance" to "Dress in Uniform and Sing Marching Songs." They also have two higher levels: "Invade a Neighbour" and "Lose." Belgians, on the other hand, are all on holiday as usual; the only threat they are worried about is NATO pulling out of Brussels. The Spanish are all excited to see their new submarines ready to deploy. These beautifully designed subs have glass bottoms so the new Spanish navy can get a really good look at the old Spanish navy. Australia, meanwhile, has raised its security level from "No worries" to "She'll be alright, Mate." Two more escalation levels remain: "Crikey! I think we'll need to cancel the barbie this weekend!" and "The barbie is cancelled." So far, no situation has ever warranted use of the final escalation level. John Cleese ? British writer, actor and tall person From rforno at infowarrior.org Thu Jul 14 12:54:15 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jul 2011 13:54:15 -0400 Subject: [Infowarrior] - Link: DoD Strategy for Operating in Cyberspace (DSOC) Message-ID: <98D1DD9A-5D1D-4E4B-B903-43F3D58C463C@infowarrior.org> DoD Strategy for Operating in Cyberspace (DSOC) http://www.defense.gov/news/d20110714cyber.pdf http://www.defense.gov/releases/release.aspx?releaseid=14651 DOD Announces First Strategy for Operating in Cyberspace The Department of Defense released today the DoD Strategy for Operating in Cyberspace (DSOC). It is the first DoD unified strategy for cyberspace and officially encapsulates a new way forward for DoD?s military, intelligence and business operations. ?It is critical to strengthen our cyber capabilities to address the cyber threats we?re facing,? said Secretary of Defense Leon E. Panetta. ?I view this as an area in which we?re going to confront increasing threats in the future and think we have to be better prepared to deal with the growing cyber challenges that will face the nation.? Reliable access to cyberspace is critical to U.S. national security, public safety and economic well-being. Cyber threats continue to grow in scope and severity on a daily basis. More than 60,000 new malicious software programs or variations are identified every day threatening our security, our economy and our citizens. ?The cyber threats we face are urgent, sometimes uncertain and potentially devastating as adversaries constantly search for vulnerabilities,? said Deputy Secretary of Defense William J. Lynn III. ?Our infrastructure, logistics network and business systems are heavily computerized. With 15,000 networks and more than seven million computing devices, DoD continues to be a target in cyberspace for malicious activity.? The DoD and other governmental agencies have taken steps to anticipate, mitigate and deter these threats. Last year, DoD established U.S. Cyber Command to direct the day-to-day activities that operate and defend DoD information networks. DoD also deepened and strengthened coordination with the Department of Homeland Security to secure critical networks as evidenced by the recent DoD-DHS Memorandum of Agreement. ?Strong partnerships with other U.S. government departments and agencies, the private sector and foreign nations are crucial,? said Lynn. ?Our success in cyberspace depends on a robust public/private partnership. The defense of the military will matter little unless our civilian critical infrastructure is also able to withstand attacks.? From rforno at infowarrior.org Thu Jul 14 14:12:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jul 2011 15:12:46 -0400 Subject: [Infowarrior] - Pentagon: 24K files stolen Message-ID: Pentagon: 24K files stolen By: Jennifer Epstein and Jennifer Martinez July 14, 2011 01:40 PM EDT http://dyn.politico.com/printstory.cfm?uuid=27153F00-B8B7-42CA-A543-AE651D81CC21 The Pentagon suffered one of its largest-ever cyber thefts this spring when more than 24,000 files were stolen by a foreign government, officials disclosed on Thursday. William Lynn, the deputy secretary of defense, said at the National Defense University in Washington that the files were stolen from a defense industry computer in a single intrusion in March.. ?It is a significant concern that over the past decade, terabytes of data have been extracted by foreign intruders from corporate networks of defense companies,? he said at the start of an afternoon speech laying out the Defense Department?s first unified strategy for cyber security. ?Indeed, in a single intrusion this March, 24,000 files were taken.? Lynn said the massive attack was not by an individual but by another country. ?It was done, we think, by a foreign intelligence service,? he said, declining to identify the country. Theft ?was data-related,? he said. That cyber break-in and others have galvanized the Pentagon to develop new cybersecurity rules aimed at guarding against attacks coming from within the military and outside it. ?It is critical to strengthen our cyber capabilities to address the cyber threats we?re facing,? Defense Secretary Leon Panetta said in a statement ahead of Lynn?s speech. ?I view this as an area in which we?re going to confront increasing threats in the future and think we have to be better prepared to deal with the growing cyber challenges that will face the nation.? Lynn called some of the data stolen in cyberattacks ?mundane,? but added, ?A great deal of it concerns our most sensitive systems, including aircraft avionics, surveillance technologies, satellite communications systems, and network security protocols.? And websites and computer systems throughout across the defense world have been hit, he warned. ?In fact, our venue here today, the National Defense University, has been struck,? he said. ?The NDU website and its associated server were recently compromised by an intrusion that turned over system control to an unknown server.? The Pentagon is declaring the virtual world to be a new warfare domain like the land, sea and air. The military, the plan says, must continue to operate even if its computer systems are attacked. The plan includes new rules that stress deeper defenses, greater collaboration between the Pentagon and the defense industry, and measures to prevent theft by malicious insiders. ?We?re on the bad side of a convergent threat,? Gen. James Cartwright, vice chairman of the Joint Chiefs of Staff, said earlier Thursday. ?We?ve got to change that around and part of that will be the deterrent construct.? ?Right now we?re on a path that?s predictable, way too predictable,? he said. From rforno at infowarrior.org Thu Jul 14 20:50:05 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jul 2011 21:50:05 -0400 Subject: [Infowarrior] - Classified document about U.S. detention criteria inadvertently given to ACLU Message-ID: <1E41DED8-0379-4EC8-8942-12120EA10406@infowarrior.org> Classified document about U.S. detention criteria inadvertently given to ACLU By Peter Finn and Julie Tate http://www.washingtonpost.com/blogs/checkpoint-washington/post/classified-detention-data-inadvertently-given-to-aclu/2011/07/14/gIQAOpkSEI_blog.html?hpid=z6 The U.S. government said it accidentally turned over a classified document about how it determines who are the most dangerous detainees in Afghanistan to the American Civil Liberties Union, and wants a federal judge to order the group to return it and not release it to the public, according to court papers. The contested document is a form used by the military to record the findings and recommendations of Detainee Review Boards at its detention center near Bagram air base in Afghanistan. The review boards, composed of military officers, determine whether a detainee poses what the Pentagon calls an Enduring Security Threat, or EST, and the document contains the criteria for assessing detainees. A senior Pentagon official, in declaration to the court filed Wednesday in New York, said release of the document ?could have significant deleterious repercussions with respect to our diplomatic relationships with Afghanistan and various other countries.? ?EST criteria and determinations are not currently a topic in our sensitive bilateral discussions with other countries,? said the official, William K. Lietzau, who added that ?revelation of EST criteria would likely complicate those discussions.? He provided no detail but said he could explain why in a private meeting with the judge, if requested. The ACLU argues that the document was improperly classified as secret and the organization should be allowed to post it on its Web site, as it has with thousands of other Defense Department documents it has obtained through the Freedom of Information Act. ?There is nothing in the form that should not be made public,? said Hina Shamsi, director of the ACLU?s National Security Project, in an e-mail to a Justice Department lawyer that was filed with the court. ?We propose that the best way forward is for DOD to move expeditiously to declassify the form.? The ACLU brought the release of the document to the attention of the government on May 25, about two weeks after it got it from the Pentagon, among a trove of other documents handed over in response to a court order. The Justice Department discussed the issue by phone with ACLU lawyers ?but ultimately plaintiffs did not agree to return the document to DOD,? Jean-David Barnea, an assistant U.S. attorney in New York, told the court in a submission. He noted that in previous cases classified documents that were accidentally released were ordered returned to the government. Lietzau, who is deputy assistant secretary of defense for rule of law and detainee policy, said in his declaration that if the EST criteria was revealed it ?would allow detainees to engage in conduct and manipulation specifically intended to undermine this crucial evaluation and determination?an evaluation that pertains not to whether there is a legal basis to detain the individual but rather to the nature and extent of threat the individual poses.? Lietzau said that could lead to the potential mistaken release of ?highly dangerous? detainees, which ?is likely to lead to violent consequences and operate to the detriment of future military operations, operational security and national security.? Shamsi described Lietzau?s arguments as ?scare-mongering.? ?I think it is indefensible that the government seeks suppression of the document on that basis,? she said. ?There is nothing about the information in there that is not otherwise publicly the U.S. position.?.?. . We have concerns about criteria but nothing about the criteria would surprise anyone.? ?The better way to proceed is to litigate and have the court say it is not properly classified,? she said. The ACLU has until July 29 to respond to the government?s filings. From rforno at infowarrior.org Thu Jul 14 20:56:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 14 Jul 2011 21:56:32 -0400 Subject: [Infowarrior] - =?windows-1252?q?EPIC_v=2E_NSA=3A_Agency_Can_=93N?= =?windows-1252?q?either_Confirm_Nor_Deny=94_Google_Ties?= Message-ID: <45899855-AC68-4D15-A488-1962ED4DE6F8@infowarrior.org> EPIC v. NSA: Agency Can ?Neither Confirm Nor Deny? Google Ties (Electronic Information Privacy Center): A federal judge has issued an opinion in EPIC v. NSA, and accepted the NSA?s claim that it can ?neither confirm nor deny? that it had entered into a relationship with Google following the China hacking incident in January 2010. EPIC had sought documents under the FOIA because such an agreement could reveal that the NSA is developing technical standards that would enable greater surveillance of Internet users. The ?Glomar response,? to neither confirm nor deny, is a controversial legal doctrine that allows agencies to conceal the existence of records that might otherwise be subject to public disclosure. EPIC plans to appeal this decision. EPIC is also litigating to obtain the National Security Presidential Directive that sets out the NSA?s cyber security authority. And EPIC is seeking from the NSA information about Internet vulnerability assessments, the Director?s classified views on how the NSA?s practices impact Internet privacy, and the NSA?s ?Perfect Citizen? program. < -- > http://publicintelligence.net/nsa-refuses-to-confirm-or-deny-that-it-has-a-relationship-with-google/ From rforno at infowarrior.org Fri Jul 15 07:37:05 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jul 2011 08:37:05 -0400 Subject: [Infowarrior] - 70 Year-Old Grandma Threatened Over BitTorrent Download Message-ID: Love her quote to the judge; she's right! -- rick 70 Year-Old Grandma Threatened Over BitTorrent Download ? Ernesto ? 15/07/2011 http://torrentfreak.com/70-year-old-grandma-threatened-over-bittorrent-download-110715/ As the mass-BitTorrent lawsuits continue to pile up in U.S. courts, more stories of what appear to be wrongfully accused persons hit mainstream media. A 70 year-old retired widow from San Francisco falls into this category. The grandma was recently ?caught? sharing porn on BitTorrent and was offered a $3,400 settlement, or the option to risk a $150,000 fine in a full court case. Since 2010 tens of thousands of regular people have been sued in the U.S. for sharing films on P2P networks without the consent of copyright holders. Unlike other lawsuits, the aim of the copyright holders is not to take any of the defendants to court, but to get alleged infringers to pay a substantial cash settlement to make legal action go away. As has been reported in the past, many of the people suspected of sharing copyrighted material are wrongfully accused. The problem for them, however, is that fighting the case is more expensive than paying a ~$3000 settlement fee. Justice aside, settling seems to be the best option for many innocents. But not for a 70 year-old grandma from San Francisco. This retired widow has been accused of sharing porn (Amateur Allure: Kim) using BitTorrent, but says she doesn?t even know what BitTorrent is. The Jane Doe in this case is being pursued by lawyer John Steele, whose law firm is currently involved in dozens of file-sharing related lawsuits, ostensibly to protect the rights of adult media companies. It is the same law firm that sued people for downloading mislabeled files. Like many other defendants the 70 year-old doesn?t have the money to defend herself, but unlike others she?s not planning to settle the case either. ?It smacks of extortion,? she told SFGate in a comment, a conclusion that was reached by many others in the past. Determined to put up a fight the grandma said she may have to go to court to defend herself. And she already has a plan of attack. ?I?d say to the judge, ?I have no idea how this happened. If Sony can get hacked, if the Pentagon can get hacked, my goodness, what chance does an individual have?? she said. As we?ve seen in the past, the lawyers don?t see Jane Doe?s age as an excuse, nor do they buy the claim that someone else may have used her unsecured wireless network to download files. Jane Doe has to pay up or convince the court she?s not guilty, they insist. A full trial is also an option, as is usually noted in the settlement letters, but the lawyers are quick to add that it would put Jane Doe at risk of having to cough up $150,000 instead of a few thousand dollar to settle. A settlement is the wise choice according to the law firm. ?We believe that providing you with an opportunity to avoid litigation by working out a settlement with us, versus the costs of attorneys? fees and the uncertainty with jury verdicts, is very reasonable and in good faith,? the settlement letter reads. A tough choice, and that?s the beauty of these pay-up-or-else schemes. News of their potential profitability quickly spread and as a result copyright holders of more obscure and adult content have embraced them. Often described as copyright trolls, these companies can make more money from speculative lawsuits than actually selling the films they produced. From rforno at infowarrior.org Fri Jul 15 08:08:21 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jul 2011 09:08:21 -0400 Subject: [Infowarrior] - Cyber-Fu Panda Message-ID: <318266E7-4496-4030-9250-C89F8B39E73A@infowarrior.org> Cyber-Fu Panda Posted by Bill Sweetman at 7/15/2011 6:52 AM CDT http://www.aviationweek.com/aw/blogs/defense/index.jsp?plckController=Blog&plckScript=blogScript&plckElementId=blogDest&plckBlogPage=BlogViewPost&plckPostId=Blog%3A27ec4a53-dcc8-42d0-bd3a-01329aef79a7Post%3A23107949-f170-4435-a09c-2b919a890b61 Only five or six years (but who's counting) after the Advanced Persistent Threat was first detected, jimmying away at every portal in the US defense and defense-industry database, the Pentagon has a cyber-strategy, unveiled on Thursday. It's focused on defense and is crafted to sound inoffensive - in part to allay fears that the US wants to militarize cyberspace. The strategy's "overriding emphasis is on denying the benefits of an attack", says deputy defense secretary William Lynn, spokesman for the new approach. That's a great idea, in theory. It's rather like using civil defense as a major element of nuclear deterrence. As Lynn and I are both old enough to remember, that was a much ridiculed approach back in the 1980s. And, as of now, it doesn't seem to be working at all. Back in March, Lynn says, a foreign intelligence agency hit a major defense contractor and exfiltrated 24,000 files concerning a developmental system. The Pentagon is still reviewing whether the system (which Lynn did not identify) will need to be redesigned, and to what extent. That can be necessary if the compromised information would not only help the intruder to develop similar systems, but to develop methods of attack and defense against US systems. Classic example: the CIA's infiltration of Russia's Phasotron radar development bureau. After it was discovered (courtesy of the turncoat Edward Howard) the Soviet Union was forced to redesign the radar systems of the MiG-29 and MiG-31 fighters. Big difference: The CIA's agent, Adolf Tolkachev, was arrested and unfortunately expired while assisting the KGB with their enquiries. The US is not even publicly identifying the nation involved in the March exploit (and terabytes of others) but here is a clue: (insert pic of cute panda munching on bamboo shoot --rick) As Lynn says, "we have complex economic and military ties" to many nations. However, it's possible that the policy of refusing to identify "the panda in the living room" could lead to the implementation of blanket security policies designed to protect everything against everybody, where more targeted measures might be more effective. Something of the sort may be under way under the Defense Industrial Base Cyber Pilot program, which was first unveiled in June. Under that program, classified threat intelligence is shared with defense companies and their internet service providers to allow them to strengthen their defenses. But DIB Cyber Pilot is just beginning to address the problem, with fewer than a couple of dozen major contractors involved. Decisions as to whether it could be expanded vertically (into the supply chain) or horizontally (into non-defense infrastructure) remain to be taken. It's also a temporary, 90-day effort, partly because nobody has quite decided who will pay for upgraded security. For 90 days, Lynn says "people are willing to hold their breath and wait to know who pays for it." Two more observations. One is from yesterday's roll-out of the new policy at the National Defense University: How is the Pentagon/DC culture of suits, ties and white-haired Kennedy bouffants, where everyone stands as the bosses enter the room, and 20-year R&D programs are called successful, going to keep pace with hackers, who - according to their attack fingerprints - are often criminals under contract to governments? The other question: Which program was compromised in March? All I can say is that if I was a curious panda, my first targets would not be MRAPs or GCVs - I would be looking at missile defense, or JSF. And which of those just had its Defense Acquisition Board review delayed at the last minute? From rforno at infowarrior.org Fri Jul 15 09:38:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jul 2011 10:38:03 -0400 Subject: [Infowarrior] - FBI, IUP partner to create anti-terror degree program Message-ID: <325B5603-18B7-4CA3-8529-70F3539F5369@infowarrior.org> FBI, IUP partner to create anti-terror degree program By Mike Wereschagin PITTSBURGH TRIBUNE-REVIEW Tuesday, July 12, 2011 http://www.pittsburghlive.com/x/pittsburghtrib/news/s_746308.html# Don't look for the new graduate degree at Indiana University of Pennsylvania in any school catalog. Clearance from the FBI is a prerequisite. With help from government threat analysts and federal law enforcement, IUP criminologist Dennis Giever created the Master of Science in Strategic Studies in Weapons of Mass Destruction. The 30-credit, multi-year course focuses on worst-case scenarios: radiological "dirty" bombs, power grid disruptions, crippling biological attacks on food and water supplies. "It's not going to be open enrollment (or) traditional students," Giever said. "You worry about whether you might be teaching the wrong person this stuff." At first, the FBI will select students from within its ranks, though Giever wants to open it to other law enforcement agencies. Rather than traditional tuition, agencies will contract with the school, paying about $300,000 a year for groups of 15 to 20 full-time students, according to documents submitted to the board of governors of the State System of Higher Education. "The program has been kind of a dream a number of folks at Sandia (National Laboratories) and I have had for a number of years," Giever said. The Sandia labs have conducted national security-related research in the New Mexico desert for 60 years. The FBI's Weapons of Mass Destruction Directorate approached the school about creating a graduate-level program in 2008. "We went to several different universities," but none had a program focusing on protecting national assets from WMD attacks, said Doug Perdue, chief of the FBI's Countermeasures and Preparedness section of the WMD directorate in Washington. With the school, they developed a specialized criminology program from which 34 agents have graduated. That coursework coalesced into a program on June 29, when the State System of Higher Education approved the degree. Terrorism studies programs aren't new, though Giever said none is this comprehensive. Other schools created courses in reaction to 9/11 in much the same way Russian studies programs came into being after the onset of the Cold War, said Randy Law, a history professor at Birmingham-Southern College in Alabama and author of "Terrorism: A History." "It's very wrapped up with the creation of new federal bureaucracies and Congress feeling the need to do something in the wake of 9/11 -- to act quickly, loudly and with a lot of money, even if we don't really know what the problem is," Law said. Other programs, such as the terrorism studies certificate at Monterey Institute of International Studies, have been criticized as wasting time on low-probability events such as WMD attacks. "It seemed ridiculous to some people. But even if the risk is really low, it's still good to have some people looking at it in an academic sense," said Charles Blair, director of the Federation of American Scientists' Terrorism Analysis Project. "I've always been interested in crime prevention. If you're at the point where you're trying to solve (a crime), you've ultimately lost," Giever said. Giever cited building construction. Rather than concentrating only on bomb-proofing a building, architects can build it far enough away from the road that someone can't park a truck full of explosives close enough to do real damage. Such a move deters people from picking the building as a target in the first place. "It's called stand-off distance. Nobody thought about that until some idiot decided to blow up a federal building in Oklahoma," Giever said. The FBI's WMD program began about the same time as the Oklahoma City bombing. It grew after 9/11 and the 2001 anthrax attacks, and became a directorate in 2006. More than 200 agents work in the directorate now, including a detachment from the bureau's intelligence division. "Everything we do is about prevention," Perdue said. The directorate's responsibilities range from easy-to-conduct chemical attacks that might kill a dozen people to low-probability catastrophes such as nuclear attacks, he said. The goal of the degree program, Giever said, is obscurity. The best plan results in nothing happening. "There's no glory in it," Giever said. That means funding can be hard to obtain. "If 9/11 had never happened, there wouldn't be all this money in it, but we'd be a lot richer than we are right now." Mike Wereschagin can be reached at mwereschagin at tribweb.com or 412-320-7900. From rforno at infowarrior.org Fri Jul 15 11:23:07 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jul 2011 12:23:07 -0400 Subject: [Infowarrior] - Body Scanners Improperly Added by TSA: Court Message-ID: <9464A91F-54C2-443A-A035-047000DF8758@infowarrior.org> Body Scanners Improperly Added by TSA: Court By Tom Schoenberg - Jul 15, 2011 10:52 AM ET http://www.bloomberg.com/news/2011-07-15/airport-body-scanners-were-improperly-adopted-by-u-s-appeals-court-rules.html Airport body scanners were improperly adopted by the U.S., a federal appeals court in Washington ruled. Photographer: George Frey/Bloomberg Airport body scanners using advanced imaging technology were improperly adopted by the U.S. as a primary passenger-screening tool, a federal appeals court ruled, while allowing their use to continue. The U.S. Transportation Security Administration should have sought public comment before deciding that the scanners, first deployed in 2007, would be used ?everywhere for primary screening,? the court said today. ?Due to the obvious need for the TSA to continue its airport security operations without interruption, we remand the rule to the TSA but do not vacate it,? the court said in its ruling. By the end of 2010, the TSA was operating 486 scanners in 78 airports with plans to add 500 more scanners by the end of this year, according to the court. Greg Soule, a spokesman for the TSA, didn?t immediately return a phone message seeking comment. The case is Electronic Privacy Information Center v. U.S. Department of Homeland Security, 10-1157, U.S. Court of Appeals for the District of Columbia (Washington). To contact the reporter on this story: Tom Schoenberg in Washington at tschoenberg at bloomberg.net. To contact the editor responsible for this story: Michael Hytha at mhytha at bloomberg.net. From rforno at infowarrior.org Fri Jul 15 13:11:01 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 15 Jul 2011 14:11:01 -0400 Subject: [Infowarrior] - =?windows-1252?q?Rumsfeld=3A_U=2ES=2E_is_=93Incap?= =?windows-1252?q?able_of_Keeping_a_Secret=94?= Message-ID: <1A2DDAFA-2A84-4066-9452-ED7340B1B278@infowarrior.org> I agree with him on this, and for the other comments in this post. -- rick U.S. is ?Incapable of Keeping a Secret,? Rumsfeld Concluded in 2005 http://www.fas.org/blog/secrecy/?p=5385 In one of his trademark ?snowflake? memoranda from 2005 that was made public this week, then-Secretary of Defense Donald Rumsfeld stated flatly that the government secrecy system was a failure. ?The United States Government is incapable of keeping a secret,? he wrote (pdf) on November 2, 2005. ?If one accepts that, and I do, that means that the U.S. Government will have to craft policies that reflect that reality.? Unfortunately, he did not elaborate on this terse statement. The memorandum was not addressed to anyone in particular, and the profound questions it raises were left hanging. There was no known written response to the memo and, needless to say, there is no evidence of any subsequent shift to a post-secrecy orientation in government policy. ?Not to sound too cynical,? said a former official who served in the Bush Administration, ?but I would add to Rumsfeld?s observation that not only is the U.S. incapable of keeping a secret but it is also incapable of fundamentally reforming the way it keeps secrets. I know from a practical point of view, even after that snowflake, I found DoD to be one of the most recalcitrant organizations with which to deal,? he added (on a not-for-attribution basis). But a current official disputed the premise of the Rumsfeld memo. ?We are capable of keeping secrets? the issue is how many and how long,? he said. ?The more we seek to protect and the longer we seek to protect it the less likely we will meet with success. The classification system can?t be effective if we over-burden the system.? This official said that the new Secretary of Defense, Leon Panetta, could still transform the military secrecy system in a meaningful way if he were to treat it as a ?mission critical? instrument to be used sparingly and with precision rather than as an inherited bureaucracy that does not have to meet any performance standards at all. Another current official pondered ?What would change if one presumed that the U.S. government cannot keep a secret? I doubt that many USG officials would say that we should therefore stop trying. The most likely and positive conclusion might be that we should severely limit the number and kinds of secrets we seek to protect.? In fact, that seems to be the conclusion that was reached by Secretary Rumsfeld himself in another startling snowflake (pdf) dated August 9, 2005 and addressed to Under Secretary of Defense for Intelligence (USD(I)), Stephen Cambone: ?What do you think about initiating a program of finding ways to reduce the number of things that are classified, and to speed up the process of declassification??, Secretary Rumsfeld wrote. Again, this memorandum had no known practical consequences. Dr. Cambone did not immediately reply to an email inquiry from Secrecy News concerning his response to the Rumsfeld memo. But it so happens that a focused effort ?to reduce the number of things that are classified? is (or is supposed to be) underway right now throughout the executive branch, in the form of a Fundamental Classification Guidance Review (FCGR) that was required by President Obama?s executive order 13526 (section 1.9), which was issued in December 2009. To date, there is little sign that the Review has made any progress at all in reducing the scope of the national security classification system. But William A. Cira, the acting director of the Information Security Oversight Office, said that Pentagon classification officials were responding constructively to the Review requirement. ?We know they are moving forward on the FCGR process and they have already mapped out a plan for doing so. In the near future we will be discussing the DoD FCGR plan in depth with the staff at USD(I), and it is our understanding that they will have much to tell us,? Mr. Cira said. The FCGR process must be completed by all agencies that classify information no later than June 2012. The two Rumsfeld snowflakes on classification policy were among more than 500 previously undisclosed memos that were posted on Secretary Rumsfeld?s website on July 12. It is not known exactly what might have prompted Rumsfeld to issue these statements. Then as now, leaks were in the air. ?The issue of leaks has been front and center in the news, in case some of you hadn?t noticed,? House Intelligence Committee chairman Pete Hoekstra told the Heritage Foundation on July 25, 2005. Aside from their specific content, the Rumsfeld snowflakes have a couple of other noteworthy features. First, they were marked FOUO, or ?for official use only.? In other words, they were produced for internal consumption, not to inspire a public conversation on secrecy policy. Second, each snowflake is stamped ?certified as unclassified [in accordance with]? the executive order on classification. But there is no requirement in the executive order to ?certify? records as unclassified. Whoever did so was wasting his time, while diverting scarce resources from declassification and other legitimate information security programs. From rforno at infowarrior.org Sat Jul 16 17:45:19 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Jul 2011 18:45:19 -0400 Subject: [Infowarrior] - TSA Threatens Congressman For Disclosing 25, 000 Security Breaches Message-ID: TSA Threatens Congressman For Disclosing 25,000 Security Breaches July 16, 2011 in Featured http://publicintelligence.net/tsa-threatens-congressman-for-disclosing-25000-security-breaches/ A complete video of the July 13, 2011 hearing in which Rep. Chaffetz discussed the 25,000 breaches. Homeland Security to Chaffetz: Stop the leaks of sensitive information (Washington Post): The Department of Homeland Security has complained to Rep. Jason Chaffetz (R-Utah) about what it says was an inappropriate disclosure of sensitive security information to the press by the House transportation panel that he chairs. In a letter dated Wednesday, a clearly miffed Department of Homeland Security Deputy Counsel Joseph B. Maher told Chaffetz that ?sensitive security information? provided to his subcommittee by the Transportation Security Administration was illegally disclosed to the press. ?This document was marked as [Sensitive Security Information],? Maher wrote, ?and provided clear notice that unauthorized disclosures of the document violated federal law.? The letter was obtained by the Washington Post from an administration official. USA Today and other news outlets reported this week that ?newly released? DHS documents revealed 25,000 security breaches at U.S. airports since November 2001. Maher called the information on past security breaches ?a topic of particular interest to our adversaries? and said the law against unauthorized disclosure is designed to protect air travelers. In an angry response directly to DHS Secretary Janet Napolitano late Friday, Rep. Darrell Issa (R-Calif.), head of the House Oversight Committee, called Maher?s assertions ?meritless? retaliation for the committee?s efforts to address ?TSA deficiencies.? Issa called Maher?s letter a ?threat to the entire legislative branch that this administration will seek retribution when non-classified information is shared with the public.? Issa denied that the security breach data was classified information. His staff said lawmakers and open-government groups have long debated whether security classifications are often used to hide embarrassing information. From rforno at infowarrior.org Sat Jul 16 21:13:26 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Jul 2011 22:13:26 -0400 Subject: [Infowarrior] - =?windows-1252?q?Cyberwar=3A_It=92s_Not_Just_Fict?= =?windows-1252?q?ion_Anymore?= Message-ID: <648B54C4-1503-4496-90C2-BC59695E08E3@infowarrior.org> Arik Hesseldahl Cyberwar: It?s Not Just Fiction Anymore July 16, 2011 at 3:22 pm PT http://allthingsd.com/20110716/cyberwar-its-not-fiction-anymore/ After surviving numerous devastating wars throughout history, humanity is well acquainted with war in the physical realm. But we?re still unfamiliar with the concept of cyberwar. In 1998, John Arquilla, professor at the Naval Postgraduate School, tried to envision it in a piece for Wired Magazine, The Great Cyberwar of 2002, in which a loose coalition of rogue states, terrorist groups and drug cartels team up to prod the United States into a war with China and Russia by knocking out power grids, blowing up chemical plants and causing airliners to collide in mid-air. It was fiction, but the scariest fiction is always based in part on plausible fact. So, what exactly would cyberwar look like in the real world? It?s an important question to answer now, after the U.S. Department of Defense announced last week that it now considers ?cyberspace? ? an obviously dated word referring to the Internet and networking computer environments, but which has recently regained currency in government circles ? a theater of warfare similar to land, sea, air and space. In a speech this week at the National Defense University in Norfolk, Va., Deputy Secretary of Defense William Lynn announced that the United States now considers attacks on certain computer networks and systems by foreign powers and terrorists as the equivalent of a traditional attack with guns and bombs. It thus reserves the right to retaliate, both in the cyber-realm or with traditional force. (You can see Lynn?s speech, which runs about 45 minutes, in the video below, courtesy The Pentagon Channel. And, below that, I?ve also embedded the 19-page policy document.) The striking declaration raises some fundamental questions about warfare, including: What would war in cyberspace look like? How would it be fought? Would those not directly involved in the fighting even know it?s going on or which side is winning? Would we even know who the enemy is? We have some hints. At its basest level, we know that unknown parties are probing U.S. government and private networks, stealing what they can and leaving the doors unlocked for future visits. U.S. officials have complained both in private and in public about alleged attacks against government networks and those belonging to defense contractors. Privately and in diplomatic cables, they most frequently blame China, which has always denied any involvement. An April 21 Reuters story citing U.S. State Department diplomatic cables obtained by Wikileaks showed officials estimating that hackers working for China?s People?s Liberation Army had stolen terabytes worth of information, and that efforts to put down the attacks, dubbed ?Operation Byzantine Hades,? were ongoing. Overall, the Government Accountability Office says that intrusions on government computer networks have climbed from 5,503 incidents in 2006 to 41,776 in 2010. The examples are numerous. In March, the SecurID system made by RSA, a unit of storage giant EMC, came under attack. A subsequent attack was launched against defense contractor Lockheed Martin. The same RSA tokens are widely used at government agencies and at innumerable corporations. In June, Google disclosed that its Gmail email service had come under attack from someone in China, a claim which that country?s government denied. And, just this month, several U.S. Department of Energy facilities ? including the Pacific Northwest National Laboratory in Richland, Wash. ? severed their connections to the Internet following a series of attacks using ?Zero Day? vulnerabilities, which exploit previously unknown weaknesses. All of these incidents seem to scream out the need for a more active defense, which the new policy is intended to create. To date there?s never been a penalty for attacking U.S. government and private networks, in part because it?s hard to hit back when you don?t know precisely who?s hitting you in the first place. This is known as the attribution problem. If you?re able to solve that issue, there are some hints about what a retaliation might look like. Consider Stuxnet: A powerful piece of carefully-targeted malware, supposedly designed by Israel, it burrowed deep via Microsoft Windows into the industrial control computers running Iran?s nuclear centrifuges. With its target located ? it was designed to seek out a specific installation ? Stuxnet made those centrifuges, which are used to enrich uranium, spin faster than they were supposed to. The resulting damage set the Iranian nuclear program back by two years or more. That?s not a bad outcome, perhaps, but Stuxnet opened a Pandora?s Box. And, while experts who have analyzed it closely have said it would have taken a team of highly skilled programmers several million dollars and several months to design it, you can bet that cyber warriors in every nation on Earth are combing through the Stuxnet code hoping to build their own version of it. All these could conceivably be used against our own power grids and factories and more. And, in an odd way, that?s an encouraging thought. Where we might end up is with the digital equivalent of mutual assured destruction. If we reach a point where we can destroy and disrupt the networks and infrastructure upon which our potential enemies rely and they can do the same thing to us with relative parity, the fear of a devastating reprisal becomes a deterrent to the temptation to launch an attack. Similar assumptions about nuclear war prevented the Cold War between the U.S. and the Soviet Union from turning hot and made nuclear war ultimately unthinkable for both sides. Without power, the ability to communicate or conduct commerce, any society breaks down quickly. Consider the thought of six weeks without a working cellphone network, without the ability to access funds in your bank account or without power. If that scares you ? and it should ? it should scare our potential enemies just as much, and thus give them pause. That?s the hope, anyway. From rforno at infowarrior.org Sat Jul 16 21:23:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 16 Jul 2011 22:23:32 -0400 Subject: [Infowarrior] - Pentagon Wants a Social Media Propaganda Machine Message-ID: <01003ED5-85E4-471A-88F8-B46D565053D7@infowarrior.org> Pentagon Wants a Social Media Propaganda Machine ? By Adam Rawnsley ? July 15, 2011 | ? 2:40 pm | ? Categories: DarpaWatch http://www.wired.com/dangerroom/2011/07/darpa-wants-social-media-sensor-for-propaganda-ops/ You don?t need to have 5,000 friends of Facebook to know that social media can have a notorious mix of rumor, gossip and just plain disinformation. The Pentagon is looking to build a tool to sniff out social media propaganda campaigns and spit some counter-spin right back at it. On Thursday, Defense Department extreme technology arm Darpa unveiled its Social Media in Strategic Communication (SMISC) program. It?s an attempt to get better at both detecting and conducting propaganda campaigns on social media. SMISC has two goals. First, the program needs to help the military better understand what?s going on in social media in real time ? particularly in areas where troops are deployed. Second, Darpa wants SMISC to help the military play the social media propaganda game itself. This is more than just checking the trending topics on Twitter. The Defense Department wants to deeply grok social media dynamics. So SMISC algorithms will be aimed at discovering and tracking the ?formation, development and spread of ideas and concepts (memes)? on social media, according to Darpa?s announcement. Not all memes, of course. Darpa?s not looking to track the latest twists on foul bachelor frog or see if the Taliban is making propaganda versions of courage wolf. Instead, it wants to see what ideas are bubbling up in among social media users in a particular area ? say, where American troops are deployed. More specifically, SMISC needs to be able to seek out ?persuasion campaign structures and influence operations? developing across the social sphere. SMISC is supposed to quickly flag rumors and emerging themes on social media, figure out who?s behind it and what. Moreover, Darpa wants SMISC to be able to actually figure out whether this is a random product of the hivemind or a propaganda operation by an adversary nation or group. Of course, SMISC won?t be content to just to hang back and monitor social media trends in strategic locations. It?s about building a better spin machine for Uncle Sam, too. Once SMISC?s latches on to an influence operation being launched, it?s supposed to help out in ?countermessaging.? Darpa?s announcement talks about using SMISC ?the environment in which [the military] operates? and where it ?conducts operations.? That strongly implies it?s intended for use in sensing and messaging to foreign social media. It better, lest it run afoul of the law. The Smith-Mundt Act makes pointing propaganda campaigns at domestic audiences illegal. What exactly SMISC will look like it its final form is hard to say. At the moment, Darpa is only in the very beginning stages of researching its social media tool. They?re focused on researching the brains of the program ? the algorithms and software that?ll identify, locate and make sense of social media trends. For that, they need some social media data to play around with and test on. Darpa wants bidders to create it in one of two ways. Bidders can round up a few thousand test subjects willing to let their social media data be a guinea pig for SMISC?s software. Alternatively, they can rope in some consenting test subjects for a massively multiplayer role playing game in which generating social media data is a key part of gameplay. SMISC is yet another example of how the military is becoming very interested in what?s going on in the social media sphere. Darpa has plans to integrate social media data into its manhunt master controller, Insight. NATO has already been paying keen attention to Twitter, using data from the micro-blogging service as an intel source to aid in bomb targeting decisions. Darpa?s presolicitation offers a very vaguely-sourced anecdote spelling out how SMISC could be used. It details how a social media rumor about the location of a particularly reviled individual ? identity and location undisclosed ? almost led a lynch mob to storm a house in search of him. Authorities who happened to be paying attention to the Internet rumor were fortunate enough to spot it in time to intervene. In this telling of SMISC?s potential applications, the software could be used to as a tripwire to stop potentially dangerous social media campaigns in their tracks. But we?re sure you ? and the Pentagon ? can think of a lot less anodyne uses for Darpa?s social media propaganda tool. From rforno at infowarrior.org Sat Jul 16 23:10:57 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 17 Jul 2011 00:10:57 -0400 Subject: [Infowarrior] - Little-known firms tracking data used in credit scores Message-ID: <32E0C0E9-3021-4D92-B4D8-021903D3FF00@infowarrior.org> Little-known firms tracking data used in credit scores By Ylan Q. Mui, Published: July 16 Atlanta entrepreneur Mike Mondelli has access to more than a billion records detailing consumers? personal finances ? and there is little they can do about it. The information collected by his company, L2C, comes from thousands of everyday transactions that many people do not realize are being tracked: auto warranties, cellphone bills and magazine subscriptions. It includes purchases of prepaid cards and visits to payday lenders and rent-to-own furniture stores. It knows whether your checks have cleared and scours public records for mentions of your name. Pulled together, the data follow the life of your wallet far beyond what exists in the country?s three main credit bureaus. Mondelli sells that information for a profit to lenders, landlords and even health-care providers trying to solve one of the most fundamental questions of personal finance: Who is worthy of credit? The answer increasingly lies in the ?fourth bureau? ? companies such as L2C that deal in personal data once deemed unreliable. Although these dossiers cover consumers in all walks of life, they carry particular weight for the estimated 30 million people who live on the margins of the banking system. Yet almost no one realizes these files exist until something goes wrong. Federal regulations do not always require companies to disclose when they share your financial history or with whom, and there is no way to opt out when they do. No standard exists for what types of data should be included in the fourth bureau or how it should be used. No one is even tracking the accuracy of these reports. That has created a virtually impenetrable system in which consumers, particularly the most vulnerable, have little insight into the forces shaping their financial futures < - > http://www.washingtonpost.com/business/economy/little-known-firms-tracking-data-used-in-credit-scores/2011/05/24/gIQAXHcWII_print.html From rforno at infowarrior.org Mon Jul 18 06:55:00 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jul 2011 07:55:00 -0400 Subject: [Infowarrior] - Rep. Peter King eyes protecting terror tipsters from lawsuits Message-ID: <40F9DB06-51FF-4D92-B06F-53D12432DC10@infowarrior.org> (Spy-on-your-neighbors, anyone? How very East German. -- rick) Rep. Peter King eyes protecting terror tipsters from lawsuits BY Joseph Straw DAILY NEWS WASHINGTON BUREAU Sunday, July 17th 2011, 4:00 AM http://www.nydailynews.com/news/politics/2011/07/17/2011-07-17_king_eyes_protecting_terror_tipsters_from_lawsuits.html WASHINGTON - If you see something, say something - and don't worry about getting sued. That's the push Rep. Pete King is making in Congress, hoping to expand liability protection for people who report something fishy that could indicate a terror plot. "Good citizens who report suspicious activity should not have to worry about being sued," said King, chairman of the House Homeland Security Committee. A 2007 law only covers tips made on passenger transportation - but not by the man on the street, like hero Times Square vendors Lance Orton and Duane Jackson. The transit reform stemmed from a case in which six Muslim clerics were thrown off a flight due to passengers' concerns. The imams sued the passengers, crew members and the airline. They eventually dropped the passengers from the suit and reached an out-of-court settlement with the others. King's bill and two similar proposals were spurred by the federal Nationwide Suspicious Activity Reporting Initiative. The Department of Homeland Security has borrowed the Metropolitan Transportation Authority's "See Something, Say Something" slogan. Bill proponents include major law enforcement groups. They point to actions like those of T-shirt vendor Orton and handbag salesman Jackson, who alerted cops to Faisal Shahzad's SUV parked in a bus lane in Times Square last May. The truck was packed with explosives that ignited - but did not explode. Skeptics include Rep. Jerrold Nadler (D-Manhattan). At a recent hearing he voiced doubt that liability protection is even necessary and questioned some supporters' motives. "The rhetoric can be prettied up ... but the message is the same: that law enforcement and the public need to target Muslims in order to keep us safe," Nadler said. The bill limits protections to truthful reports filed "in good faith and based on objectively reasonable suspicion." It also entitles legitimate tipsters to recover legal fees if sued. Alejandro Beutel of the Muslim Public Affairs Council, which worked with Los Angeles police on a suspicious activity reporting program, said the bill needs more explicit language to prevent abuse. DHS's national program features such safeguards. Federal agencies cull race and religion data from reports, and protected free speech is off-limits. A DHS spokesman declined to comment on the bills.jstraw at nydailynews.com From rforno at infowarrior.org Mon Jul 18 07:29:05 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jul 2011 08:29:05 -0400 Subject: [Infowarrior] - Security Consultants Warn About PROTECT-IP Act Message-ID: http://politics.slashdot.org/story/11/07/18/0153204/Security-Consultants-Warn-About-PROTECT-IP-Act "Several security professionals released a paper raising objections to the DNS filtering(PDF) mandated by the proposed PROTECT-IP Act. The measure allows courts to require Internet service providers to redirect or block queries for a domain deemed to be infringing on IP laws. ISPs will not be able to improve DNS security using DNSSEC, a system for cryptographically signing DNS records to ensure their authenticity, as the sort of manipulation mandated by PROTECT-IP is the type of interference DNSSEC is meant to prevent. The paper notes that a DNS server which has been compromised by a cracker would be indistinguishable from one operating under a court order to alter its DNS responses. The measure also points to a possible fragmenting of the DNS system, effectively making domain names non-universal, and the DNS manipulation may lead to collateral damage (i.e. filtering an infringing domain may block access to non-infringing content). It is also pointed out that DNS filtering does not actually keep determined users from accessing content, as they can still access non-filtered DNS servers or directly enter the blocked site's IP address if it is known. A statement by the MPAA disputes these claims, arguing that typical users lack the expertise to select a different DNS server and that the Internet must not be allowed to 'decay into a lawless Wild West.' Paul Vixie, a coauthor of the paper, elaborates in his blog." Paper @ http://www.shinkuro.com/PROTECT%20IP%20Technical%20Whitepaper%20Final.pdf From rforno at infowarrior.org Mon Jul 18 12:13:26 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jul 2011 13:13:26 -0400 Subject: [Infowarrior] - News of the World phone hacking whistleblower found dead Message-ID: News of the World phone hacking whistleblower found dead Death of Sean Hoare ? who was first named journalist to allege Andy Coulson knew of hacking ? not being treated as suspicious ? Amelia Hill, James Robinson, Caroline Davies ? guardian.co.uk, Monday 18 July 2011 18.04 BST http://www.guardian.co.uk/media/2011/jul/18/news-of-the-world-sean-hoare Sean Hoare, the former News of the World showbiz reporter who was the first named journalist to allege Andy Coulson was aware of phone hacking by his staff, has been found dead, the Guardian has learned. Hoare, who worked on the Sun and the News of the World with Coulson before being dismissed for drink and drugs problems, is said to have been found dead at his Watford home. Hertfordshire police would not confirm his identity, but the force said in a statement: "At 10.40am today [Monday 18 July] police were called to Langley Road, Watford, following the concerns for welfare of a man who lives at an address on the street. Upon police and ambulance arrival at a property, the body of a man was found. The man was pronounced dead at the scene shortly after. "The death is currently being treated as unexplained, but not thought to be suspicious. Police investigations into this incident are ongoing." Hoare first made his claims in a New York Times investigation into the phone-hacking allegations at the News of the World. He told that newspaper that not only did Coulson know of the phone-hacking, but that he actively encouraged his staff to intercept the phone calls of celebrities in the pursuit of exclusives. In a subsequent interview with the BBC he alleged that he was personally asked by his then-editor, Coulson, to tap into phones. In an interview with the PM programme he said Coulson's insistence that he didn't know about the practice was "a lie, it is simply a lie". At the time a Downing Street spokeswoman said Coulson totally and utterly denied the allegations and said he had "never condoned the use of phone-hacking and nor do I have any recollection of incidences where phone-hacking took place". Sean Hoare, a one-time close friend of Coulson's, told the New York Times the two men first worked together at the Sun, where, Hoare said, he played tape recordings of hacked messages for Coulson. At the News of the World, Hoare said he continued to inform Coulson of his activities. Coulson "actively encouraged me to do it," Hoare said. In September last year he was interviewed under caution by police over his claims that the former Tory communications chief asked him to hack into phones when he was editor of the paper, but declined to make any comment. Hoare emerged back into the spotlight last week, after he told the New York Times that reporters at the News of the World were able to use police technology to locate people using their mobile phone signals in exchange for payments to police officers. He said journalists were able to use a technique called 'pinging' which measured the distance between mobile handsets and a number of phone masts to pinpoint its location. Hoare gave further details about the use of 'pinging' to the Guardian last week. He described how reporters would ask a news desk executive to obtain the location of a target: "Within 15 to 30 minutes someone on the news desk would come back and say 'right that's where they are.'" He said: "You'd just go to the news desk and they'd just come back to you. You don't ask any questions. You'd consider it a job done. The chain of command is one of absolute discipline and what's why I never bought into, like with Andy saying he wasn't aware of it and all that. That's bollocks." He said he would stand by everything he had told the New York Times about 'pinging'. "I don't know how often it happened. That would be wrong of me. But if I had access as a humble reporter ? ." He admitted he had had problems with drink and drugs and had been in rehab. "But that's irrelevant," he said. "There's more to come. This is not going to go away." Hoare named a private investigator who he said had links with the News of the World, adding: "He may want to talk now because I think what you'll find now is a lot of people are going to want to cover their arse." Speaking to another Guardian journalist st last week, Hoare repeatedly expressed the hope that the hacking scandal would lead to journalism in general being cleaned up and said he had decided to blow the whistle on the activities of some of his former News of the World colleagues with that aim in mind. He also said he has been injured at a party the previous weekend while taking down a marquee erected for a children's party. He said he had broken his nose and badly injured his foot when a relative accidentally struck him with a heavy pole from the marquee. Hoare also emphasised that he was not making any money from telling his story. Hoare, who has been treated for drug and alcohol problems, reminisced about partying with former pop stars and said he missed the days when he was able to go out on the town. From rforno at infowarrior.org Mon Jul 18 14:18:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jul 2011 15:18:28 -0400 Subject: [Infowarrior] - From Technologist to Philosopher Message-ID: <51FA1217-D6AB-4F09-8055-826DF9613F78@infowarrior.org> July 17, 2011 From Technologist to Philosopher Why you should quit your technology job and get a Ph.D. in the humanities By Damon Horowitz http://chronicle.com/article/From-Technologist-to/128231/ How does someone become a technologist? In my case, it happened in college. I was an undergraduate at Columbia University, reading and discussing what were once unrepentantly called "the classics." I really wanted to understand what the great thinkers thought about the great questions of life, the human condition, the whole metaphysical stew. And the problem was: We didn't seem to be making much progress. The great questions of philosophy have a way of defying easy resolution. Confronting them, we all seemed like such feeble thinkers?students and teachers and dead white males alike. We make mistakes, we are prone to inconsistencies, we equivocate. This was very frustrating to an impatient undergraduate. Happily, in my case, fate intervened?in the form of my mother telling me, in no uncertain terms, that I should take a computer-science class, because if all else failed, then I could get a job at the phone company. So in my sophomore year I learned to program a computer. And that was an intoxicating experience. When you learn to program a computer, you acquire a superpower: the ability to make an inanimate object follow your command. If you have a vision, and you can articulate it in code, you can make it real, summon it forth on your machine. And once you've built a few small systems that do clever tasks?like recognizing handwriting, or summarizing a news article?then you think perhaps you could build a system that could do any task. That is, of course, the holy grail of artificial intelligence, "AI." To a young undergraduate, frustrated with the lack of rapid progress on tough philosophical questions, AI seemed like the great hope, the panacea?the escape from the frustrations of thinking. If we human beings are such feeble thinkers, perhaps philosophy is best not left to human beings. We could instead just build better thinkers?artificially intelligent machines?and they could answer our questions for us. Thus I became a technologist. I earned my first graduate degree at the Massachusetts Institute of Technology, then went on to build several start-up companies around my specialization, a branch of AI called "natural language processing," or, more simply, "getting computers to understand what we are talking about." It's fun being a technologist. In our Internet-enabled era, it is easy for technologists to parlay creative power into societal power: We build systems that ease the transactions of everyday life, and earn social validation that we are "making the world a better place." Within a few years I had achieved more worldly success than previous generations could have imagined. I had a high-paying technology job, I was doing cutting-edge AI work, and I was living the technotopian good life. But there was a problem. Over time, it became increasingly hard to ignore the fact that the artificial intelligence systems I was building were not actually that intelligent. They could perform well on specific tasks; but they were unable to function when anything changed in their environment. I realized that, while I had set out in AI to build a better thinker, all I had really done was to create a bunch of clever toys?toys that were certainly not up to the task of being our intellectual surrogates. And it became clear that the limitations of our AI systems would not be eliminated through incremental improvements. We were not, and are not, on the brink of a breakthrough that could produce systems approaching the level of human intelligence. I wanted to better understand what it was about how we were defining intelligence that was leading us astray: What were we failing to understand about the nature of thought in our attempts to build thinking machines? And, slowly, I realized that the questions I was asking were philosophical questions?about the nature of thought, the structure of language, the grounds of meaning. So if I really hoped to make major progress in AI, the best place to do this wouldn't be another AI lab. If I really wanted to build a better thinker, I should go study philosophy. Thus, about a decade ago, I quit my technology job to get a Ph.D. in philosophy. And that was one of the best decisions I ever made. When I started graduate school, I didn't have a clue exactly how the humanities investigated the subjects I was interested in. I was not aware that there existed distinct branches of analytic and continental philosophy, which took radically different approaches to exploring thought and language; or that there was a discipline of rhetoric, or hermeneutics, or literary theory, where thinkers explore different aspects of how we create meaning and make sense of our world. As I learned about those things, I realized just how limited my technologist view of thought and language was. I learned how the quantifiable, individualistic, ahistorical?that is, computational?view I had of cognition failed to account for whole expanses of cognitive experience (including, say, most of Shakespeare). I learned how pragmatist and contextualist perspectives better reflect the diversity and flexibility of our linguistic practices than do formal language models. I learned how to recognize social influences on inquiry itself?to see the inherited methodologies of science, the implicit power relations expressed in writing?and how those shape our knowledge. Most striking, I learned that there were historical precedents for exactly the sort of logical oversimplifications that characterized my AI work. Indeed, there were even precedents for my motivation in embarking on such work in the first place. I found those precedents in episodes ranging from ancient times?Plato's fascination with math-like forms as a source of timeless truth?to the 20th century?the Logical Positivists and their quest to create unambiguous language to express sure foundations for all knowledge. They, too, had an uncritical notion of progress; and they, too, struggled in their attempts to formally quantify human concepts that I now see as inextricably bound up with human concerns and practices. In learning the limits of my technologist worldview, I didn't just get a few handy ideas about how to build better AI systems. My studies opened up a new outlook on the world. I would unapologetically characterize it as a personal intellectual transformation: a renewed appreciation for the elements of life that are not scientifically understood or technologically engineered. In other words: I became a humanist. And having a more humanistic sensibility has made me a much better technologist than I was before. I no longer see the world through the eyes of a machine?through the filter of what we are capable of reducing to its logical foundations. I am more aware of how the products we build shape the culture we are in. I am more attuned to the ethical implications of our decisions. And I no longer assume that machines can solve all of our problems for us. The task of thinking is still ours. For example, at my most recent technology start-up company (called Aardvark), we took a totally new approach to the problem of search. We created what we called a social search engine. When you have a question, we connect you to another person who can give you a live answer. That arose from thinking about the human needs that people have when asking questions. Instead of defining a query as an information-retrieval problem, and returning a list of Web pages, we treat it as an invitation to a human engagement. That humanist approach is largely responsible for Aardvark's success with users?and for Google's decision to acquire the company last year, to explore how this perspective might inform other traditional business problems. So why should you leave your technology job and get a humanities Ph.D.? Maybe you, too, are disposed toward critical thinking. Maybe, despite the comfort and security that your job offers, you, too, have noticed cracks in the technotopian bubble. Maybe you are worn out by endless marketing platitudes about the endless benefits of your products; and you're not entirely at ease with your contribution to the broader culture industry. Maybe you are unsatisfied by oversimplifications in the product itself. What exactly is the relationship created by "friending" someone online? How can your online profile capture the full glory of your performance of self? Maybe you are cautious about the impact of technology. You are startled that our social-entertainment Web sites are playing crucial roles in global revolutions. You wonder whether those new tools, like any weapons, can be used for evil as well as good, and you are reluctant to engage in the cultural imperialism that distribution of a technology arguably entails. If you have ever wondered about any of those topics, and sensed that there was more to the story, you are on to something. Any of the topics could be the subject of a humanities dissertation?your humanities dissertation. The technology issues facing us today?issues of identity, communication, privacy, regulation?require a humanistic perspective if we are to deal with them adequately. If you actually care about one of those topics?if you want to do something more serious about it than swap idle opinions over dinner?you can. And, I would venture, you must. Who else is going to take responsibility for getting it right? I see a humanities degree as nothing less than a rite of passage to intellectual adulthood. A way of evolving from a sophomoric wonderer and critic into a rounded, open, and engaged intellectual citizen. When you are no longer engaged only in optimizing your products?and you let go of the technotopian view?your world becomes larger, richer, more mysterious, more inviting. More human. Even if you are moved by my unguarded rhapsodizing here, no doubt you are also thinking, "How am I going to pay for this?!" You imagine, for a moment, the prospect of spending half a decade in the library, and you can't help but calculate the cost (and "opportunity cost") of this adventure. But do you really value your mortgage more than the life of the mind? What is the point of a comfortable living if you don't know what the humanities have taught us about living well? If you already have a job in the technology industry, you are already significantly more wealthy than the vast majority of our planet's population. You already have enough. If you are worried about your career, I must tell you that getting a humanities Ph.D. is not only not a danger to your employability, it is quite the opposite. I believe there no surer path to leaping dramatically forward in your career than to earn a Ph.D. in the humanities. Because the thought leaders in our industry are not the ones who plodded dully, step by step, up the career ladder. The leaders are the ones who took chances and developed unique perspectives. Getting a humanities Ph.D. is the most deterministic path you can find to becoming exceptional in the industry. It is no longer just engineers who dominate our technology leadership, because it is no longer the case that computers are so mysterious that only engineers can understand what they are capable of. There is an industrywide shift toward more "product thinking" in leadership?leaders who understand the social and cultural contexts in which our technologies are deployed. Products must appeal to human beings, and a rigorously cultivated humanistic sensibility is a valued asset for this challenge. That is perhaps why a technology leader of the highest status?Steve Jobs?recently credited an appreciation for the liberal arts as key to his company's tremendous success with their various i-gadgets. It is a convenient truth: You go into the humanities to pursue your intellectual passion; and it just so happens, as a by-product, that you emerge as a desired commodity for industry. Such is the halo of human flourishing. Damon Horowitz is currently in-house philosopher at Google. This essay is an excerpt of a keynote address he gave in the spring at the BiblioTech conference at Stanford University. From rforno at infowarrior.org Mon Jul 18 15:05:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 18 Jul 2011 16:05:41 -0400 Subject: [Infowarrior] - Falls, eye tests may hint at early Alzheimer's Message-ID: Falls, eye tests may hint at early Alzheimer's by HealthNews, Last updated July 18, 2011 http://www.healthnews.com/en/articles/1WeMXmYrfBlhxJ4qST70xb/Falls-eye-tests-may-hint-at-early-Alzheimers/ PARIS (Reuters) - People at risk for Alzheimer's are twice as likely to fall as healthy people, and the disease might also be visible in scans of the eye, researchers said on Sunday. The preliminary results, presented at the Alzheimer's Association International Conference in Paris, are part of a widespread search for ways to detect Alzheimer's before memory problems begin, when drugs and treatments might have a better chance of making a difference. "I don't think we can wait until people develop Alzheimer's disease or mild Alzheimer's. I think we need to act before that," Dr. William Klunk of the Alzheimer Disease Research Center at the University of Pittsburgh Medical Center said at the conference. Brain scans and spinal fluid tests are used by researchers to detect Alzheimer's-related changes, but they are expensive and impractical for widespread screening, and none of them have been approved for routine use. So teams are looking for other early changes that offer evidence the disease is developing before symptoms occur. Susan Stark of Washington University in St. Louis looked to see whether frequent falls may be an early warning sign of Alzheimer's disease. Her team studied 125 people who had brain scans and contributed samples of their spinal fluid. Each study participant kept a journal of how many times they fell over an eight-month period. The researchers found that people whose brain scans detected pre-symptomatic Alzheimer's disease were twice as likely to fall as those who had normal scans. "This is really the first study that tests for falls in the preclinical phases of Alzheimer's disease," Stark said. "It suggests that higher rates of falls can occur very early in the disease process." EYE TEST FOR ALZHEIMER'S In a separate study, Shaun Frost, a researcher from the Commonwealth Scientific and Industrial Research Organization, Australia's national science agency, looked to see whether changes in the retina at the back of the eye -- which is closely related to the brain -- could be used to detect early Alzheimer's disease. "It is much easier for us to image the retina than it is for us to do a brain scan," Frost told the meeting. Frost's team found the width of certain blood vessels were significantly different in people with early signs of Alzheimer's disease compared with healthy people. People in the small study who had abnormal blood vessels in their eye also had plaque deposits of an Alzheimer's-related protein known as beta amyloid on positron emission tomography, or PET brain scans. "These findings are indicating a relationship between changes in the retina and the plaque burden in the brain," Frost said. He said the study suggested it might be possible to use retina tests along with other biomarker tests to detect Alzheimer's early. The study needs to be confirmed by larger studies, but it shows one of the ways in which researchers are trying to find ways of diagnosing Alzheimer's early. Even though there are no treatments that can halt or delay the disease, scientists say knowing how to diagnose Alzheimer's before symptoms occur will be important when new drugs become available. From rforno at infowarrior.org Tue Jul 19 06:45:09 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Jul 2011 07:45:09 -0400 Subject: [Infowarrior] - Teller explains some of the psychology behind illusions Message-ID: Good commentary on "forcing intentions" in the eyes of the beholder. IE, perception is reality, right? :) -- rick "Without the assistance of Penn Jillette, Teller explains some of the psychology behind illusions." http://www.boingboing.net/2011/07/18/teller-explains-the.html From rforno at infowarrior.org Tue Jul 19 10:31:21 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Jul 2011 11:31:21 -0400 Subject: [Infowarrior] - LulzSec say they'll release big Murdoch email archive Message-ID: LulzSec say they'll release big Murdoch email archive Rebekah Brooks apparently not a password genius By John Leyden ? Get more from this author Posted in Enterprise Security, 19th July 2011 13:30 GMT http://www.theregister.co.uk/2011/07/19/sun_hack_more_lulz/ The hacktivists behind a hack on The Sun's website claim to have extracted an email archive which they plan to release later on Tuesday. News International's systems were hacked on Monday night. As a result, visitors to The Sun's website were redirected towards a fake story on the supposed death of Rupert Murdoch by infamous hacktivist collective LulzSec. The group also redirected visitors to the main News International website to the LulzSec Twitter feed. In addition, the hack may have allowed LulzSec to gain access to News International's email database. Sabu, a prominent member of LulzSec, said via Twitter that the group was sitting on emails of News International staffers that it planned to release on Tuesday. In the meantime, Sabu released email login details for former News International chief exec Rebekah Brooks, a central figure in the News of the World voicemail-hacking scandal. Brooks (then called Wade), edited The Sun between 2003 and 2009, and ? at least according to LulzSec ? had been using the password 63000 to access her email account at the paper. As IT blogger John Graham-Cumming points out, 63000 is the same number as the text tip-off line used by the Sun. LulzSec also posted the supposed password hash ? but not the password ? of Bill Akass, former managing editor of the News of the World. The hackers also posted the mobile phone numbers of three News International execs. This information seems to have come from, at best, an old database. The Telegraph reports that one of the phone numbers belongs to Pete Picton, a former online editor with The Sun who left to work on News Corp's iPad-only publication, The Daily, last year. Another phone number belongs to Chris Hampartsoumian, an IT worker. Hampartsoumian recently announced, via Twitter, that he does not work for any News Corp firm. LulzSec certainly obtained deep enough access to News International systems during the Monday break-in to pull off a redirection hack on The Sun, but whether it obtained the depth of access it claims to have done remains unclear. A News International spokeswoman declined to comment when we asked if the organisation was taking the email hack claims seriously or whether it was taking any remedial action. She said the firm was "aware" of the website redirection hack on The Sun, adding that all News International websites were now up and running as normal. However The Guardian reports that News International took its webmail systems and remote access systems offline as a precaution following The Sun website redirection hack. Passwords were reset before remote access and other systems were restored on Tuesday morning, the paper adds. ? From rforno at infowarrior.org Tue Jul 19 10:36:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Jul 2011 11:36:04 -0400 Subject: [Infowarrior] - SUNYSuffolk and Lulzsec... Message-ID: <97AD0A37-627C-4476-9D7C-941D66763D80@infowarrior.org> Just got this bounce message back. Interesting how it's characterised as "possible password stealing" for some reason or other based on content -- yet there's nothing there but plain text article. Someone's got an overly paranoid IT department. --- rick From: Content Analysis Date: July 19, 2011 11:31:47 AM EDT To: infowarrior-bounces at attrition.org Subject: Possible Password Stealing Detected This email was blocked due to content violation. The following recipients did not get this email:XXXXXXj at sunysuffolk.edu - [Infowarrior] - LulzSec say they'll release big Murdoch email archive Rule: ('Abuse Phishing', 49L) From: Richard Forno Date: July 19, 2011 11:31:21 AM EDT To: Undisclosed-recipients: <>; Subject: [Infowarrior] - LulzSec say they'll release big Murdoch email archive From rforno at infowarrior.org Tue Jul 19 15:34:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Jul 2011 16:34:16 -0400 Subject: [Infowarrior] - Feds Charge Activist As Hacker For Downloading Millions of Academic Artic Message-ID: Feds Charge Activist As Hacker For Downloading Millions of Academic Articles ? By Ryan Singel ? July 19, 2011 | ? 2:55 pm | ? Categories: Sunshine and Secrecy, The Courts http://www.wired.com/threatlevel/2011/07/swartz-arrest/ Well-known coder and activist Aaron Swartz was arrested Tuesday, charged with violating federal hacking laws for downloading millions of academic articles from a subscription database service that MIT had given him access to. If convicted, Swartz faces up to 35 years in prison and a $1 million fine. Swartz, the 24-year-old executive director of Demand Progress, has a history of downloading massive data sets, both to use in research and to release public domain documents from behind paywalls. Swartz, who was aware of the investigation, turned himself in Tuesday. Disclosure: Swartz is a co-founder of Reddit, which like Wired.com is owned by Cond? Nast. He is also a general friend of Wired.com, and has done coding work for Wired. The grand jury indictment accuses Swartz of evading MIT?s attempts to kick his laptop off the network while downloading more than four million documents from JSTOR, a non-for-profit company that provides searchable, digitized copies of academic journals. The scraping, which took place from September 2010 to January 2011 via MIT?s network, was invasive enough to bring down JSTOR?s servers on several occasions. The indictment alleges that Swartz, at the time a fellow at Harvard University, intended to distribute the documents on peer-to-peer networks. That did not happen, however, and all the documents have been returned to JSTOR. JSTOR, the alleged victim in the case, did not refer the case to the feds, according to Heidi McGregor, the company?s vice president of Marketing & Communications, who said the company got the documents, a mixture of both copyrighted and public domain works, back from Swartz and was content with that. As for whether JSTOR supports the prosecution, McGregor simply said that the company was not commenting on the matter. She noted, however, that JSTOR has a program for academics who want to do big research on the corpus, but usually faculty members ask permission or contact the company after being booted off the network for too much downloading. ?This makes no sense,? said Demand Progress Executive Director David Segalin a statement provided by Swartz to Wired.com before the arrest. ?It?s like trying to put someone in jail for allegedly checking too many books out of the library.? ?It?s even more strange because the alleged victim has settled any claims against Aaron, explained they?ve suffered no loss or damage, and asked the government not to prosecute,? Segal said. JSTOR doesn?t go quite as far in its statement on the prosecution ? though there are clear hints that they were not the ones who wanted a prosecution, and that they were subpoenaed to testify at the grand jury hearing by the federal government. We stopped this downloading activity, and the individual responsible, Mr. Swartz, was identified. We secured from Mr. Swartz the content that was taken, and received confirmation that the content was not and would not be used, copied, transferred, or distributed. The criminal investigation and today?s indictment of Mr. Swartz has been directed by the United States Attorney?s Office. But the feds clearly think they have a substantial hacking case on their hands, even though Swartz used guest accounts to access the network and is not accused of finding a security hole to slip through or using stolen credentials, as hacking is typically defined. In essence, Swartz is accused of felony hacking for violating MIT and JSTOR?s terms of service. That legal theory has had mixed success ? a federal court judge dismissed that argument in the Lori Drew cyber-bullying case, but it was later re-used with more success in a case brought against ticket scalpers who used automated means to buy tickets faster from Ticketmaster?s computer system. ?Stealing is stealing whether you use a computer command or a crowbar, and whether you take documents, data or dollars. It is equally harmful to the victim whether you sell what you have stolen or give it away,? said United States Attorney Carmen M. Ortiz in a press release. The indictment (.pdf) accuses Swartz of repeatedly spoofing the MAC address ? an identifier that is usually static ? of his computer after MIT blocked his computer based on that number. Swartz also allegedly snuck an Acer laptop bought just for the downloading into a closet at MIT in order to get a persistent connection to the network. Swartz allegedly hid his face from surveillance cameras by holding his bike helmet up to his face and looking through the ventilation holes when going in to swap out an external drive used to store the documents. Swartz also allegedly named his guest account ?Gary Host,? with the nickname ?Ghost.? Why would Swartz want to download what is likely gigabytes of information? His history includes a study co-authored with Shireen Barday, which looked through thousands of law review articles looking for law professors who had been paid by industry patrons to write papers. That study was published in 2008 in the Stanford Law Review. Swartz is no stranger to the feds being interested in his skills at prodigious downloads. In 2008, the federal court system decided to try out allowing free public access to its court record search system PACER at 17 libraries across the country. Swartz went to the 7th U.S. Circuit Court of Appeals library in Chicago and installed a small PERL script he had written. The code cycled sequentially through case numbers, requesting a new document from PACER every three seconds. In this manner, Swartz got nearly 20 million pages of court documents, which his script uploaded to Amazon?s EC2 cloud computing service. While the documents are in the public record and free to share, PACER normally charges eight cents a page. The courts reported him to the FBI, which investigated whether the public records were ?exfiltrated.? After in-depth background searches, a luckless stakeout and futile attempts to get Swartz to talk, the FBI dropped the case. The same anti-hacking statute was used to prosecute Lori Drew, who was charged criminally for participating in a MySpace cyberbullying scheme against a 13-year-old Missouri girl who later committed suicide. The case against Drew hinged on the government?s novel argument that violating MySpace?s terms of service was the legal equivalent of computer hacking and a violation of the Computer Fraud and Abuse Act. A federal judge who presided over the prosecution tossed the guilty verdicts in July 2009, and the government declined to appeal. (This piece was edited by Wired.com Epicenter editor John Abell.) From rforno at infowarrior.org Tue Jul 19 22:24:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 19 Jul 2011 23:24:33 -0400 Subject: [Infowarrior] - Anonymous busts: Are authorities misleading us or are they actually this stupid? Message-ID: <7B53090F-F7A3-4517-8C24-B80FB6F61947@infowarrior.org> (I think Pat nails this dead-on. -- rick) Anonymous shut down! Ringleaders brought to justice! Are authorities misleading us or are they actually this stupid? By Patrick Gray http://risky.biz/anonymous From rforno at infowarrior.org Wed Jul 20 07:33:34 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Jul 2011 08:33:34 -0400 Subject: [Infowarrior] - Obama's newest cybersecurity hire is diploma faker Message-ID: <25AAC3BF-AF0A-48E4-B903-C3027E25BB4F@infowarrior.org> (c/o JH. I would add why do we even bother doing cyber stuff on behalf of the country if this is the kind of 'senior' person they're hiring? And no, I don't follow the fringe WND regulary. -- rick) Look who Obama's hired for cybersecurity team Ex-Clinton staffer 'lost' thousands of White House e-mails, booted by DHS for faking credentials Posted: July 18, 2011 8:13 pm Eastern ? 2011 WND http://www.wnd.com/?pageId=323373 An elite team of computer technicians assembled by the Obama administration to protect Pentagon networks from cyberattack shockingly includes a former Clinton official who "lost" thousands of archived emails under subpoena and who more recently left the Department of Homeland Security under an ethical cloud related to her qualifications, WND has learned. The administration in May quietly hired Laura Callahan for a sensitive post at the U.S. Cyber Command, a newly created agency set up to harden military networks as part of an effort to prevent a "cyberspace version of Pearl Harbor." The move raises doubts about the administration's vetting process for sensitive security positions. In 2004, Callahan was forced to resign from Homeland Security after a congressional investigation revealed she committed r?sum? fraud and lied about her computer credentials. Investigators found that Callahan paid a diploma mill thousands of dollars for her bachelors, masters and doctorate degrees in computer science. She back-dated the degrees, all obtained between 2000 and 2001, to appear as if she earned them in 1993, 1995 and 2000, respectively. She landed the job of deputy DHS chief information officer in 2003. Previously, as a White House computer supervisor, Callahan threatened computer workers to keep quiet about an embarrassing server glitch that led to the loss of thousands of archived emails covered by federal subpoenas pertaining to multiple Clinton scandals. Former co-workers say they're shocked that Callahan passed a security background check and landed another sensitive post inside the federal government. "She's a security risk," said a government computer specialist. "I don't know how she got clearance." "We're fuming about it," said another federal employee. "Knowing her, I don't see how she could ever be 100-percent honest." A CyberCom spokesman said Callahan could not be interviewed and did not want her "name in public." Asked for Callahan's title, he claimed such information was "personal." CyberCom, which began operations last year, is part of the U.S. Strategic Command located in Fort Meade, Md. The Defense Department last week revealed it recently suffered a massive cyberattack, even as it announced a new strategy to actively combat online threats to national security. In March, hackers working for a foreign government broke into a Pentagon contractor's computer system and stole 24,000 files. Previous cyberattacks have been blamed on China or Russia. A new Pentagon study stresses the need to fortify network firewalls against enemy hackers. Callahan will be part of that effort at CyberCom, which will lead day-to-day defense and protection of all Defense Department networks. "She's a dubious hire, to put it charitably," said Tom Fitton, president of Judicial Watch, a government watchdog in Washington that sued the Clinton White House to retrieve missing emails. As WND first reported, several Northrop Grumman contractors working on the White House computer system testified in early 2000 that Callahan (n?e Laura Crabtree) threatened to jail them if they talked about the "Project X" email scandal even to their spouses. One technician, Robert Haas, said she warned him "there will be a jail cell with your name on it" if he breathed a word about the glitch to anybody outside their office. Chip Sparks, a White House programmer, recounted a run-in he had with Callahan in 1997. After questioning a technical decision she made, he said she wrote him a threatening note. "Please be advised I will not tolerate any further derogatory comments from you about my knowledge, qualifications and/or professional competence," Callahan blasted Sparks in a March 3, 1997, e-mail, a copy of which was obtained by WND. Callahan had to do some quick backpedaling after her House testimony. The day after she testified, she sent an affidavit to the House Government Reform Committee, stating: "I wish to clarify that I did discuss e-mail issues with the Department of Justice attorneys in connection with currently pending civil litigation," referring to a lawsuit brought by Judicial Watch. She had denied such contacts at the hearing. Callahan left the White House under an ethical cloud, only to land a top position elsewhere in the Clinton administration. Labor Secretary Alexis Herman made her deputy chief information officer at her agency, and director of its information technology center. While there, she oversaw the development of the Privacy Assessment Model, which agencies were to use to better protect sensitive personal data managed by the government. "It's hard for me, having worked with this individual, to believe that she was able to come in there, do what she did, leave the things in the condition that she left them in and then fly right into an SES (senior executive service) position at the Labor Department," Sparks said. "I mean, there's political favors there," he added. "It's writ large." House Government Reform Committee investigators at the time said Labor knew Callahan got her degree from a diploma mill, yet still employed her. They found that the U.S. Office of Personnel Management tipped Labor off to her questionable credentials. "We have requested the Homeland Security IG to look at why flags that had been raised about her educational qualifications in her personnel file at the Labor Department were not taken further," said House Government Reform Committee spokesman Dave Marin at the time. He told WND that the government certainly cannot risk hiring someone with "fraudulent credentials" to head a senior position in an area as "sensitive as homeland security" computer operations and communications. Calls to the U.S. Office of Personnel Management seeking comment about Callahan's latest hiring were not returned. From rforno at infowarrior.org Wed Jul 20 08:03:09 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Jul 2011 09:03:09 -0400 Subject: [Infowarrior] - The Defense Death Spiral Message-ID: (Disclosure: Chuck is a good friend, retired senior DOD analyst, wise beyond his years, and someone whose career took great pleasure at speaking truth to power inside the halls of the Pentagon and Congress. --- rick) July 19, 2011 The Defense Death Spiral By Chuck Spinney http://battleland.blogs.time.com/2011/07/19/the-defense-death-spiral/ Why is the Pentagon Underfunded? The courtiers in the Hall of Mirrors that is Versailles on the Potomac are lining up to give Leon Panetta advice on how to manage the Pentagon in the coming era of budget ?constraints.? Most of this wisdom takes the form of platitudes of how important it is to have a strategy and to make the hard choices needed to budget for that strategy. Duh! My current favorite is Dr. Daniel Goure's recent blog on the web page of the Lexington Institute, a pro-defense ?think tank.? Goure starts his advisory by saying: Let's be honest. The current U.S. defense program is underfunded, even at over $500 billion a year in the base budget and another $100 billion plus in contingency expenses. Goure then goes on to discuss the need for vision, particularly concerning controlling personnel and health costs and avoiding duplication by transferring work done in government facilities, and by the military, to contractors. In other words, when times are tough, return to the old game of protecting industry at the expense of the soldier and the taxpayer. Thanks for your honesty, Daniel, but more of the same won't cut it this time. Goure is correct about one thing, however. The defense program is underfunded. But before dispensing advice on how to shovel money to his friends in industry, Goure ought to explain how and why the highest budget since the end of World War II could possibly end up underfunding the current program. After all, the United States is engaged in a tough but relatively small war on terror, with far smaller forces and minuscule operational tempos compared to those deployed to either Korea and Vietnam. Moreover, the United States no longer needs to spend a large part of the defense budget to maintain a large forward deployed conventional and nuclear forces to counter the threat posed by the Soviet Union. With a few minor exceptions, the United States is also fielding the smallest combat-coded force structures since 1950. Nevertheless, despite a defense budget that has almost doubled in inflation adjusted dollars since 1998, Mr. Panetta is inheriting a defense program approaching the programmatic equivalent of a meltdown. Why? If Mr. Panetta wants to nurse the Pentagon into to health he must come to grips with the real causes of the Defense Death Spiral ? a problem I have been studying and writing about since the late 1970s. The central management problem plaguing the Department of Defense -- i.e., the meltdown of the entire defense program -- can be characterized in a general sense as being produced by the mutually reinforcing effects of 1. A modernization program that cannot buy enough new weapons to modernize the force structures of the Army, Navy/MC, and Air Force, because the unit costs of new weapons always grow faster than budgets, even when budgets increase sharply, as they did in the 1980s and after 1998; 2. Continual budgetary pressure to reduce readiness and shrink force size to contain the growth of operating costs (from operating aging, more complex hardware, but also from the growing personnel costs of the all volunteer force) to free up funds to finance the bankrupt modernization program; and 3. Corrupt and unauditable accounting, financial management, and program planning systems that lubricate the degenerative process by making impossible to assemble the information needed to sort out and correct the first two problems. As long as these three relations remain in place, the defense budget will always be underfunded. In fact, as I explained to Senator John Tower during testimony to Congress in 1983, "spending more money the same way actually makes matters worse." A near doubling of the defense budget since 1998 has shown again that statement to be correct. This is the fundamental management dilemma facing Mr. Panetta. Resolving it won't be easy, because this trifecta of structural problems is only the outward manifestation of a bureaucratic engine powered by deeper behavioral pathologies that insensibly built up over during the 40 years of Cold War and are now seamlessly embedded in the culture of the Pentagon, the defense industry, and their wholly owned subsidiaries in Congress -- these habitual modes of conduct are known as the defense power games (front loading and political engineering). The defense power games, together with their trifecta of external manifestations, effectively turn the decision making process and program planning processes inward and disconnect the entire decision/policy making effort from external reality, including the threats it purports to cope with, the strategy alleged to meet those threats, and the shaping of force structures needed to execute the strategies. The resulting self-referential decision making engine ? referred to by some wags in the Pentagon as a self-licking ice cream cone ? creates the inwardly-focused death spiral portrayed by the following figure. Simply repeating the same old empty platitudes about having a strategy and fitting forces and budgets to that strategy leads nowhere, because the Pentagon decision process that consumes millions of man hours each year to create this mess year after year ? the Planning, Programming, and Budgeting System ? already is designed precisely to link threats to strategy to programs and then to budgets! The real problem is why it fails to do so year after year ? which brings us back to a diagnosis of the pathologies. The repetitive pattern of these pathologies and their effects have been well understood and have been well documented since the early 1980s. Moreover, the programmatic meltdown the Defense Department is experiencing today was foreseen by the late 1980s and early 1990s. Nevertheless, with a few lonely exceptions, notably Senator Charles Grassley (R-Iowa), no one in leadership positions in the Pentagon, Congress, or the White House has taken any interest in correcting the Pentagon's self destructive patterns of behavior. For this reason, at the end of the 1980s, I decided the only thing I could do was to begin documenting these problems for posterity. My intent was to provide a track record showing how these problems were indeed foreseeable and how they could have been avoided, if the leaders in the Pentagon chose to make that effort. They did not -- and today, the American public is reaping the Pentagon's bitter harvest of shame -- an underfunded defense program in chaos even though is being funded by largest budgets since the end of World War II (after removing the effects of inflation). Those who blame this mess on the war on terror and out of control personnel and medical costs are selling snake oil to grease a continuation of this destructive pattern of business as usual. This link, for example, will take you some of my more important unclassified reports and papers describing these problems: They explain why and how the Defense program has been in a continuous state of unraveling. They predicted what would happen if these behavioral pathologies were left on unaddressed. My June 2002 statement to Congress outlined a comprehensive plan for fixing these general decision-making problems. I don't know if that plan will work, but at least it was designed to address the real causes of the underfunding problem. TACAIR Case Study No mission area reveals the Pentagon's behavioral pathologies more clearly than tactical fighter aviation or TACAIR. As the Cold War was ending in the early 1990s, the Air Force, Navy, and Marine Corps wanted to embark on a new generation of high-cost, high-complexity fighter/attack aircraft (these became the F-22, F/A-18E/F, and the F-35 Joint Strike Fighter). To summarize a somewhat complex story: In 1991, just as the Cold War was ending, the AF front loaded the F-22 by pushing it prematurely though decision-making milestone II into concurrent engineering and manufacturing development (EMD, aka Milestone II). This decision allowed the contractor (Lockheed Martin) to begin the construction of a social safety net by spreading dollars, jobs, and profits to many congressional districts, a power game known as political engineering. Front loading and political engineering are explained in Defense Power Games. Less than a year later, the Navy pulled off the same stunt by prematurely rushing the F-18E/F into EMD for the same reason. Both airplanes were high cost legacies of Cold War thinking. The objective of the decision making game in each case was to turn on the money spigot and lock it open; in effect, the goal was to let the Cold-War cows out the Cold-War barn before its door closed. It is important understand that the senior military and civilian decision makers in the Pentagon responsible for rushing these two decisions knowingly created a long term force structure crisis. They knew beforehand that the Pentagon's contractors could not possibly produce enough new F-22s and F-18E/Fs quickly enough (even in the unlikely event where there were no delays due to cost overruns and technical problems) to replace the 3,000-plus fighter/attack aircraft in the inventories on a timely basis. Consequently, decision makers knew before the fact that the average age of the older airplanes remaining in that inventory would rapidly grow to unprecedented levels and that the increased aging would lead to unpredictable increases in future operating budgets. They also knew before the fact that only way to slow down the increased rate of aging would be to approve a drastic reduction in the size of those inventories by retiring the oldest airplanes without replacement. The senior decision makers responsible for these decisions also knew beforehand that the force-structure crisis created by the F-22/F-18E/F decisions would became the source of enormous extortionary pressure to approve the development two years later of yet a third high cost fighter/attack program -- what was to become the problem-plagued F-35 Joint Strike Fighter -- yet another Cold-War-inspired concoction of highly complex and costly technologies that is now the most expensive single weapons program in history. Put bluntly, the disastrous ramifications of these reckless decisions were known before they were approved. If you don't believe me, you can download and read my reports. They describe how this was being done while it was being done ? they can be found here in the subsection entitled ?Specific Reports on Tactical Fighters.? Together, with my March 1996 essay, Defense Budget Time Bomb, the case of tactical aviation provides the clearest evidence of how the Pentagon bureaucracy, with malice of forethought, deliberately created the modernization crisis that metastasized after 2000 and is now staring Mr. Panetta in face. But if you think I am cherry picking my data by focusing on TACAIR, a more general, albeit more complex picture of the same general pattern of decision making can be found in my unclassified 1998 briefing, Defense Death Spiral. That, in a nutshell, is the dirty story of why the defense budget is underfunded, but you won't hear this story from courtiers trying to ingratiate themselves with the new Secretary of Defense. Given that political pressure is mounting to cut back non-defense programs including Social Security, Medicare, education, infrastructure, etc., to reduce deficit, I submit the time has come to rein in the Pentagon's out of control budget, to discipline its reckless behavior, and to force it to clean up its act. Job 1 is to provide more reliable programmatic information to the Secretary of Defense, so he and his staff can figure out how to pull the Pentagon out of its death spiral. The only incentive to force this is to put the entire core budget at "risk," say by placing the core (non-war related) budget on a downward sloping glide path of 2 to 4% per year (in current as opposed to inflation-adjusted dollars) until the Pentagon can produce auditable books. That would simply bring it into compliance with Chief Financial Officers Act of 1990 and the Accountability and Appropriations Clauses of the Constitution. Given that every member of the Defense Department has taken a sacred oath to protect the Constitution, making the Pentagon conform to the requirements of the Constitution is hardly an onerous requirement. Only with cleaner books can serious policy-making and strategic planning begin. Readers interested in a short primer written by defense insiders, with over 400 years of collective experience, on how to think about defense and what kinds of changes can and should be made once we have reliable information are referred to the The Pentagon Labyrinth: 10 Short Essays to Help You Through It. Who knows, if we can force the Pentagon to think before it spends, the United States might be able to field a military that meets the threats it faces at a cost the nation can afford. From rforno at infowarrior.org Wed Jul 20 09:52:52 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Jul 2011 10:52:52 -0400 Subject: [Infowarrior] - NSA Called The 'Enron' Of Intelligence Message-ID: Washington Times July 20, 2011 http://www.washingtontimes.com/news/2011/jul/19/former-nsa-official-says-mismanagement-continues-a/print/ NSA Called The 'Enron' Of Intelligence Accused leaker sees no change in fraud and mismanagement By Shaun Waterman, The Washington Times Former National Security Agency whistleblower Thomas A. Drake says continuing mismanagement and malfeasance have turned the nation's premier electronic spy agency into ?the Enron of the U.S. intelligence community.? Mr. Drake, whose federal criminal case concluded last week, said in an interview with The Washington Times that he thinks management failures at NSA related to electronic surveillance and other issues that he protested ? first through internal channels and then by sharing unclassified data with a Baltimore Sun reporter ? are continuing. ?The agency never even accepted the basis for the [Pentagon inspector general?s] investigation in the first place,? he said, referring to the internal audit launched after he and others at NSA?s Fort Meade headquarters in Maryland complained about contract fraud and mismanagement. He compared the agency to the Texas-based energy trading giant Enron Corp., which went bankrupt in 2001 and became a symbol of corporate fraud and corruption. Mr. Drake was sentenced to one year?s probation and community service last week after the government?s 10 felony counts against him were withdrawn. He instead pleaded guilty to a misdemeanor offense of exceeding authorized access to a government computer. The judge called the prosecutors? handling of the case ?unconscionable? because it took 21?2 years to charge Mr. Drake and another 14 months to bring him to trial before all the major charges were dropped at the last minute. The Justice Department said this week that it will continue pursuing other cases against intelligence officials accused of leaking classified information. ?The guilty plea of the Drake case has no affect on other pending matters,? Justice spokeswoman Laura Sweeney told The Times. ?Each case is unique, based on its fact and circumstances, and the department is proceeding in the pending cases.? They include the prosecutions of former CIA officer Jeffrey Sterling and State Department contractor Stephen Jin-Woo Kim, both involving accusations of leaks to reporters. Another major case is that of Army Pvt. Bradley Manning, who is facing military charges related to hundreds of thousands of classified documents obtained in Iraq and passed to the anti-secrecy site WikiLeaks. Mr. Drake?s whistleblowing is related to NSA?s multibillion-dollar plan to develop a digital eavesdropping and data storage system called Trailblazer, which would index and analyze large amounts of electronic data that the agency gathers from monitoring computers and telephones around the world. Even though the public version of the inspector general?s report is heavily censored, Mr. Drake said: ?It is clear that NSA disputes the findings. ? They have never accepted they did anything wrong.? ?There was a cover-up,? Mr. Drake said. ?The truth is Trailblazer was an even more abysmal failure than they let on in public.? In 2005, NSA Director Michael Hayden told Congress that Trailblazer was ?a couple to several hundred million? dollars over budget and months behind schedule. The program was abandoned in 2006. ?In the end, they delivered nothing,? Mr. Drake said of contractor SAIC, which was paid $280 million for the demonstration phase of the program. Mr. Drake said executives at NSA, including the deputy director at the time, William B. Black, were former SAIC employees and the contract was ?hard-wired for SAIC.? Mr. Black returned to work at SAIC after his retirement from the NSA in 2006. Through a spokesman, SAIC said the company and its executives declined to comment. Mr. Drake, who held a senior position at NSA from 2001 until 2008, said the agency had planned to spend more than $4 billion on the program with SAIC and dozens of other contractors, and that fraud and abuse were widespread in Trailblazer and related programs. ?It really became a feeding frenzy as contractor after contractor bellied up to the Trailblazer bar,? he said. Mr. Drake said NSA?s accounts ? like most other Defense Department bookkeeping systems ? were ?unauditable.? The agency?s budget is classified, but even for those inside the agency, ?It was very difficult to determine where most of the money was going except at a very general level,? he said. The government ?fought very hard? to keep any reference to the inspector general?s report, or his other whistleblowing activities, for instance to Congress, out of the court case. ?Why were they so afraid of that getting into court?? he asked. ?It?s the continuing cover-up.? The NSA press office referred a request for comment to the Justice Department. Ms. Sweeney, the Justice spokeswoman, said: ?The department has long valued the legitimate exposure of waste, fraud and abuse if it occurs while at the same time protecting the rule of law. ?There are laws prohibiting government employees who are entrusted with the nation?s most sensitive information from disclosing classified information to anyone not authorized to receive it.? Despite the administration?s pursuit of leaks, some observers say, such cases often are difficult to prosecute without exposing secrets that the government wants to protect. A former U.S. official familiar with the Drake case called leak cases challenging. ?You have to make absolutely sure that the victim agency understands very clearly who will be called as a witness and what they might be asked about,? the former official said. ?They have to be OK with that. ? If that is not adequately or sufficiently discussed, problems can come up.? From rforno at infowarrior.org Wed Jul 20 10:56:37 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Jul 2011 11:56:37 -0400 Subject: [Infowarrior] - No Felony Charges For Woman In TSA Groping Case Message-ID: No Felony Charges For Longmont Woman In TSA Groping Case July 19, 2011 8:38 PM http://denver.cbslocal.com/2011/07/19/no-felony-charges-for-longmont-woman-in-tsa-groping-case/ LONGMONT, Colo. (CBS4) ? No felony charges will be filed against the Colorado woman who allegedly sexually assaulted a Transportation Security Administration agent in Phoenix. On Tuesday the Maricopa County district attorney decided to turn the case of Yukari Miyamae, 61, of Longmont over to city prosecutors. She could still be charged with a misdemeanor. Police say Miyamae grabbed the female agent?s left breast, squeezed and twisted it with both hands on July 14 at Phoenix Sky Harbor International Airport. Miyamae was getting ready to board a flight from Phoenix to Denver. Miyamae?s attorney Judd Golden says his client was violated, endangered and threatened by the actions of TSA agents. She denies doing anything wrong. Golden released a statement Tuesday, saying Miyamae is a self-employed translator, author and radio producer. He used the following words to describe how the situation unfolded: Ms. Miyamae says she told TSA agents she wanted to be screened by the metal detector gate. She did so out of concern for excessive radiation exposure from the full-body scanners, as she is a frequent business traveler. Her request was denied. She was soon surrounded by TSA agents. One TSA agent, a tall woman, approached Ms. Miyamae, who is only five feet tall. Ms. Miyamae felt panicked and experienced a volatile aversion to the TSA personnel violating her personal physical space. She felt endangered and threatened based upon prior traumatizing security pat-downs, repugnance at the prospect of being touched again in such a violent and undignified manner, and instinctively pushed the female TSA agent away. Golden says Miyamae is considering offers to do interviews but so far hasn?t committed to doing one. Some Facebook users who are obviously frustrated with the strict procedures of the Transportation Safety Administration set up a Facebook page over the weekend called ?Acquit Yukari Mihamae? expressing their support for Mihamae. A different Facebook page was set up by friends called the Yukari Miyamae Legal Defense Fund. From rforno at infowarrior.org Wed Jul 20 10:58:06 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Jul 2011 11:58:06 -0400 Subject: [Infowarrior] - LEOs to begin iPhone iris scans amid privacy concerns Message-ID: (Yeah, this will never be abused will it? --- rick) Law enforcement to begin iPhone iris scans amid privacy concerns By Zach Howard CONWAY, Mass | Wed Jul 20, 2011 11:02am EDT http://www.reuters.com/article/2011/07/20/us-crime-identification-iris-idUSTRE76J4A120110720 (Reuters) - Dozens of police departments nationwide are gearing up to use a tech company's already controversial iris- and facial-scanning device that slides over an iPhone and helps identify a person or track criminal suspects. The so-called "biometric" technology, which seems to take a page from TV shows like "MI-5" or "CSI," could improve speed and accuracy in some routine police work in the field. However, its use has set off alarms with some who are concerned about possible civil liberties and privacy issues. The smartphone-based scanner, named Mobile Offender Recognition and Information System, or MORIS, is made by BI2 Technologies in Plymouth, Massachusetts, and can be deployed by officers out on the beat or back at the station. An iris scan, which detects unique patterns in a person's eyes, can reduce to seconds the time it takes to identify a suspect in custody. This technique also is significantly more accurate than results from other fingerprinting technology long in use by police, BI2 says. When attached to an iPhone, MORIS can photograph a person's face and run the image through software that hunts for a match in a BI2-managed database of U.S. criminal records. Each unit costs about $3,000. Some experts fret police may be randomly scanning the population, using potentially intrusive techniques to search for criminals, sex offenders, and illegal aliens, but the manufacturer says that would be a difficult task for officers to carry out. Sean Mullin, BI2's CEO, says it is difficult, if not impossible, to covertly photograph someone and obtain a clear, usable image without that person knowing about it, because the MORIS should be used close up. "It requires a level of cooperation that makes it very overt -- a person knows that you're taking a picture for this purpose," Mullin said. CONCERNS But constitutional rights advocates are concerned, in part because the device can accurately scan an individual's face from up to four feet away, potentially without a person's being aware of it. Experts also say that before police administer an iris scan, they should have probable cause a crime has been committed. "What we don't want is for them to become a general surveillance tool, where the police start using them routinely on the general public, collecting biometric information on innocent people," said Jay Stanley, senior policy analyst with the national ACLU in Washington, D.C. Meanwhile, advocates see the MORIS as a way to make tools already in use on police cruiser terminals more mobile for cops on the job. "This is (the technology) stepping out of the cruiser and riding on the officer's belt, along with his flashlight, his handcuffs, his sidearm or the other myriad tools," said John Birtwell, spokesman for the Plymouth County Sheriff's Department in southeastern Massachusetts, one of the first departments to use the devices. The technology is also employed to maintain security at Plymouth's 1,650 inmate jail, where it is used to prevent the wrong prisoner from being released. "There, we have everybody in orange jumpsuits, so everyone looks the same. So, quite literally, the last thing we do before you leave our facility is we compare your iris to our database," said Birtwell. One of the technology's earliest uses at BI2, starting in 2005, was to help various agencies identify missing children or at-risk adults, like Alzheimer's patients. Since then, it has been used to combat identity fraud, and could potentially be used in traffic stops when a driver is without a license, or when people are stopped for questioning at U.S. borders. Facial recognition technology is not without its problems, however. For example, some U.S. individuals mistakenly have had their driver's license revoked as a potential fraud. The problem, it turns out, is that they look like another driver and so the technology mistakenly flags them as having fake identification. Roughly 40 law enforcement units nationwide will soon be using the MORIS, including Arizona's Pinal County Sheriff's Office, as well as officers in Hampton City in Virginia and Calhoun County in Alabama. (Editing by Barbara Goldberg and Jerry Norton) From rforno at infowarrior.org Wed Jul 20 17:15:40 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Jul 2011 18:15:40 -0400 Subject: [Infowarrior] - TSA introduces software that uses less-revealing body scanner images Message-ID: TSA introduces software that uses less-revealing body scanner images By Ashley Halsey III, Wednesday, July 20, 2:16 PM http://www.washingtonpost.com/local/tsa-introduces-software-that-uses-less-revealing-body-scanner-images/2011/07/20/gIQAcZc7PI_print.html Those blurry but revealing airport body scanner images that caused a public uproar last year are being replaced by a gray, cookie-cutter image of the human form. After six months of testing at three airports, including Reagan National, the Transportation Security Administration said Wednesday that the new software would be installed on 241 units at 41 airports that use millimeter wave technology . Software for an equal number of units that use backscatter technology is still being developed, the TSA said. Both work by bouncing X-rays or radio waves off skin or concealed objects. Instead of the original full-body images, the new software being installed on millimeter wave machines shows a silhouette of the person being scanned on a screen about the size of a laptop computer that is attached to the scanning booth. If a passenger is cleared by the scan, the screen flashes green with an ?OK.? If suspicious items are detected, they appear as little boxes outlined in red, showing their location on generic front and back silhouettes on the screen. Passengers who trigger an alert, and anyone who refuses to go through the scanners, will receive the rigorous frisking that has drawn sharp objections. ?This software upgrade enables us to continue providing a high level of security through advanced imaging technology screening, while improving the passenger experience at checkpoints,? said TSA Administrator John S. Pistole. Use of the scanners last year infuriated a vocal minority of Americans who pressured the Obama administration and Congress to find a less-intrusive method for trying to ensure air safety. Pistole was quizzed on Capitol Hill but remained stalwart, insisting that the scanners are necessary in the defense against inventive terrorists obsessed with attacking aviation. Another furor arose over the rigorous pat-downs performed on those who refused to go through the scanners or who appeared to be carrying contraband. A California man became the face of the opposition after he threatened to have a San Diego TSA agent arrested if ?you touch my junk? during a pat-down. ? The Washington Post Company From rforno at infowarrior.org Wed Jul 20 17:19:00 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 20 Jul 2011 18:19:00 -0400 Subject: [Infowarrior] - more on: TSA's new screening software Message-ID: There's a photo of what both TSA *and* passengers will see when they go thru the TSA Microwave now: < -- > http://www.latimes.com/travel/deals/la-tsa-scanning-upgrade-20110720,0,3217057.story < -- > Here's how the new body scan works: -- Anyone who passes through a full-body scanner will see the same body outline that TSA workers see. -- If no explosives, weapons or suspicious items are detected, the machine flashes "OK" and the passenger is cleared. -- If something suspicious shows up, more screening would be done. The TSA says the software upgrade might speed up security lines too. Currently a TSA officer views body scans in a room separate from the screening area to protect the privacy of passengers. The TSA says the new software eliminates the need for off-site viewing, which means passengers can be processed more quickly. < -- > http://www.latimes.com/travel/deals/la-tsa-scanning-upgrade-20110720,0,3217057.story From rforno at infowarrior.org Thu Jul 21 07:21:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jul 2011 08:21:59 -0400 Subject: [Infowarrior] - DHS says al-Q targetting utilities Message-ID: <1B173C81-DD8A-45B2-8D8F-3914FA375B2E@infowarrior.org> Homeland Security warns about potential threats against utilities http://www.cnn.com/2011/US/07/21/terror.warning.utilities/ (CNN) -- The Department of Homeland Security released more details this week about a new intelligence bulletin that warned of possible threats to private utility facilities in the United States. The bulletin, released Tuesday, warned that disgruntled current and former employees have in the recent past been able to use their insider knowledge to disrupt operations at water, gas and waste facilities. "When violent extremists are able to gain access to an insider or acquire an insider position, this increases the likelihood of success and impact of an attack," the bulletin warns. The bulletin did not talk about a current threat to these sensitive facilities. But the document did detail a case in 2010 when a U.S. citizen was arrested in Yemen during a round up of suspected al Qaeda members. The person had worked "for several contractors performing non-sensitive maintenance at five different U.S. nuclear power plants from 2002 to 2008," the bulletin said. "While DHS has no specific, credible intelligence of an imminent threat posed to the private-sector utilities, several recent incidents highlight the ongoing threat to infrastructure in the utility sectors from insiders and outsiders seeking facility-specific information that might be exploited in an attack," DHS spokesman Matthew Chandler said. The department will work closely with state and local officials including utility companies "to take steps to best protect from potential threats, including protecting our nation's infrastructure," he said. CNN's Jim Barnett and Carol Cratty contributed to this report Find this article at: http://www.cnn.com/2011/US/07/21/terror.warning.utilities From rforno at infowarrior.org Thu Jul 21 07:26:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 21 Jul 2011 08:26:03 -0400 Subject: [Infowarrior] - Florida Makes $63M Selling Drivers' Info Message-ID: Florida Makes $63M Selling Drivers' Info Judge Says Info Selling Legal by Jeff Weinsier POSTED: Tuesday, July 19, 2011 UPDATED: 12:41 am EDT July 20, 2011 http://www.local10.com/news/28600374/detail.html MIAMI -- The state of Florida made $63 million last year selling what many think is personal information. Local 10 has learned the Department of Highway Safety and Motor Vehicles is selling people's names, addresses, dates of birth, a list of the vehicles they drive, and it's legal. "Per federal mandate, there are companies that are entitled to this information. Insurance companies, for example, are entitled to this information. Employers are entitled to this information," said Ann Howard of the Florida Department of Highway Safety and Motor Vehicles. The state is currently selling this information to companies including Lexus Nexus and Shadow Soft. Those companies gather data on people and then sell that data. The companies must sign contracts with state claiming they won't harass people. "This information cannot be sold to a company that plans to solicit business, such as companies that want you to come to their ice cream store or companies that want you to buy their vehicles," Howard said. The state does not sell Social Security numbers or driver's license numbers, and a Florida judge said what the state is doing is legal. No one outside the driver's license office in Lauderhill believed it. "This is my own personal information, and I don't think it should be out there," said John Platt. "You're kidding me," said Bebe Neice "That's crazy. I didn't have a clue about it," said Mischka Peralto. The state said selling the information is also a matter of public safety. There are 15.5 million registered drivers in Florida, and the state charges companies 1 cent per electronic file. If a vehicle is recalled, the state of Florida has the latest and most current information on who owns that vehicle, so the manufacturer can notify the owners of the recall. Only judges and law enforcement officers can request their personal information not be sold. "If a company violates the Federal Driver Privacy Protection Act, they do face federal charges and federal fines," Howard said. Copyright 2011 by Post-Newsweek Stations. All rights reserved. This material may not be published, broadcast, rewritten or redistributed From rforno at infowarrior.org Fri Jul 22 07:27:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jul 2011 08:27:58 -0400 Subject: [Infowarrior] - U.S. Blocks Oversight of Its Mercenary Army in Iraq Message-ID: Exclusive: U.S. Blocks Oversight of Its Mercenary Army in Iraq ? By Spencer Ackerman ? July 22, 2011 | ? 7:00 am | ? Categories: Iraq http://www.wired.com/dangerroom/2011/07/iraq-merc-army/ By January 2012, the State Department will do something it?s never done before: command a mercenary army the size of a heavy combat brigade. That?s the plan to provide security for its diplomats in Iraq once the U.S. military withdraws. And no one outside State knows anything more, as the department has gone to war with its independent government watchdog to keep its plan a secret. Stuart Bowen, the Special Inspector General for Iraq Reconstruction (SIGIR), is essentially in the dark about one of the most complex and dangerous endeavors the State Department has ever undertaken, one with huge implications for the future of the United States in Iraq. ?Our audit of the program is making no progress,? Bowen tells Danger Room. For months, Bowen?s team has tried to get basic information out of the State Department about how it will command its assembled army of about 5,500 private security contractors. How many State contracting officials will oversee how many hired guns? What are the rules of engagement for the guards? What?s the system for reporting a security danger, and for directing the guards? response? And for months, the State Department?s management chief, former Ambassador Patrick Kennedy, has given Bowen a clear response: That?s not your jurisdiction. You just deal with reconstruction, not security. Never mind that Bowen has audited over $1.2 billion worth of security contracts over seven years. ?Apparently, Ambassador Kennedy doesn?t want us doing the oversight that we believe is necessary and properly within our jurisdiction,? Bowen says. ?That hard truth is holding up work on important programs and contracts at a critical moment in the Iraq transition.? This isn?t an idle concern or a typical bureaucratic tussle. The State Department has hired private security for its diplomats in war zones for the better part of a decade. Poor control of them caused one of the biggest debacles of the Iraq war: the September 2007 shooting incident in Nisour Square, where Blackwater guards killed 17 Iraqi civilians. Now roughly double those guards from the forces on duty now, and you?ll understand the scope of what State is planning once the U.S. military withdraws from Iraq at the end of this year. ?They have no experience running a private army,? says Ramzy Mardini, an analyst at the Institute for the Study of War who just returned from a weeks-long trip to Iraq. ?I don?t think the State Department even has a good sense of what it?s taking on. The U.S. military is concerned about it as well.? So far, the Department has awarded three security contracts for Iraq worth nearly $2.9 billion over five years. Bowen can?t even say for sure how much the department actually intends to spend on mercs in total. State won?t let it see those totals. About as much information as the department has disclosed about its incipient private army comes from a little-noticed Senate hearing in February. There, the top U.S. military and civilian officials in Iraq said that they?d station the hired guard force at Basra, Irbil, Mosul and Kirkuk, with the majority ? over 3,000 ? protecting the mega-embassy in Baghdad. They?ll ferry diplomats around in armored convoys and a State-run helicopter fleet, the first in the department?s history. But there are signs of even deeper confusion as State prepares to take the lead in Iraq. An internal State Department audit from June faulted top officials for ?a lack of senior level participation? (.pdf) in an ?unprecedented? transition to civilian control. The result is that ?several key decisions remain unresolved, some plans cannot be finalized, and progress in a number of areas is slipping,? the audit concluded. It raises the prospect that the U.S. military will leave Iraq the same way it entered it ? without any planning worthy of the name. Bowen has minimal visibility into State?s planning process. His teams of auditors are in Iraq, reviewing reconstruction contracts for waste, fraud and abuse, as they have since the early days of the war. They just can?t see anything about the guard force. As far as Bowen is concerned, even though there?s been a nearly 90 percent drop in violence since the surge, State?s hired army still acts like Iraq is a killing field, with death squads and insurgents around every corner. ?Have the standards for convoy travel changed at all from the worst moments of Iraq civil war? The answer?s no,? Bowen says. Diplomats are allowed an hour for meetings outside secured U.S. fortresses. Then it?s time to hit the road, in armored cars full of men armed to the teeth and wearing black sunglasses. The State Department says it?s learned its lessons from Nisour Square and now places stricter rules on contractors, like putting cameras in contractor vehicles and revising ?mission firearms policies,? as Kennedy told a congressional panel last month. (.pdf) It?s an issue Kennedy?s well-versed in handling: He ran the department?s internal investigation into Nisour Square in 2007. Now, according to Bowen, he?s shielding State?s plans from scrutiny. State wouldn?t comment for this story, saying it would be ?inappropriate? to discuss an internal matter concerning Bowen. A department official who wouldn?t speak on the record merely said that it provides him with ?extensive materials in response to their audit requests for documents and information falling within its statutory responsibilities.? But Congress is showing signs of restiveness over State?s stonewalling. A bill that the House Foreign Affairs Committee crafted this week includes a provision specifically instructing State to let Bowen?s office to do its job: ?SIGIR should audit military, security, and economic assistance to Iraq during the term of SIGIR?s existence,? the language reads, inserted at the behest of the panel?s chairwoman, Rep. Ileana Ros-Lehtinen. But it?ll take months for that bill to pass. Until then, Bowen is shut out of State?s ad hoc foray into generalship. ?From my conversations with State Department people,? Mardini says, ?they really don?t have a sense of how difficult this is going to be.? And it doesn?t look like they want to know. From rforno at infowarrior.org Fri Jul 22 07:31:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jul 2011 08:31:35 -0400 Subject: [Infowarrior] - FAA regulations lunacy .... you can't make this up Message-ID: FAA requires solo owner of helicopter service to prepare for & then conduct random drug tests on himself http://blogs.law.harvard.edu/philg/2011/06/16/revitalizing-the-u-s-economy-through-government-spending/ Seriously. You can't make this stuff up! From rforno at infowarrior.org Fri Jul 22 07:48:07 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jul 2011 08:48:07 -0400 Subject: [Infowarrior] - Report: Facebook Is Most Hated Social Media Company Message-ID: Report: Facebook Is Most Hated Social Media Company The company is so ubiquitous it has no incentive to "delight" users. Wikipedia topped the social media sites for customer satisfaction. By Courtney Rubin | Jul 20, 2011 http://www.inc.com/news/articles/201107/facebook-scores-poorly-on-customer-satisfaction_Printer_Friendly.html Facebook, the most visited site on the Internet, is also among the most hated, says a new research. The report by the American Customer Satisfaction Index and customer experience analytics firm ForeSee Results measures customer satisfaction with social media, Internet search, and news companies. The report comes as Mark Zuckerberg hits television today to defend Facebook, and was conducted before the widespread introduction of Google+. "Facebook is becoming the only game in town so there is no incentive to 'delight' the user," said ACSI managing director David Van Amburg. From the report: "Customers have shown that, so far, they have been willing to suffer through a poor user experience in order to enjoy the benefits Facebook provides." Facebook scored 64 on a 100-point scale, which puts the company in the bottom five percent of private sector companies and in the same range as airlines and cable companies, "two perennially low-scoring industries with terrible customer satisfaction," according to the results. Other social media sites fared relatively well. Wikipedia topped the list with a score of 77. "Wikipedia is more satisfying than most of the ACSI-measured news and information websites," wrote Claes Fornell, ACSI founder and a University of Michigan business professor. "Like Google, Wikipedia?s user interface has remained very consistent over the years, and its nonprofit standing means that it has not been impacted by commercialization and marketing unlike many other social media sites." YouTube had a score of 73. MySpace had a score of 63?one point below Facebook. Facebook "was the upstart to MySpace?s market leader just five years ago, but these roles now have been reversed," Fornell wrote. "Still, controversies over privacy issues, frequent changes to user interfaces, and increasing commercialization have positioned the big social networking sites at satisfaction levels well below other websites and similar to poor-performing industries like airlines and subscription TV service (both 66)." Google was at the top of the search portals and the search engines industry with a score of 80 out of 100, although that is down from 86 last year. Microsoft?s Bing search engine "makes a strong first showing with a score of 77," according to the report. It was followed by Yahoo (76), AOL (74), and Ask.com (73). Copyright ? 2011 Mansueto Ventures LLC. All rights reserved. Inc.com, 7 World Trade Center, New York, NY 10007-2195. From rforno at infowarrior.org Fri Jul 22 11:54:09 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jul 2011 12:54:09 -0400 Subject: [Infowarrior] - Big Content's latest antipiracy weapon: extradition Message-ID: <9D500DEA-CFB7-49D9-922C-AB0045159579@infowarrior.org> Big Content's latest antipiracy weapon: extradition http://arstechnica.com/tech-policy/news/2011/07/big-content-unveils-latest-antipiracy-weapon-extradition.ars From rforno at infowarrior.org Fri Jul 22 12:49:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jul 2011 13:49:56 -0400 Subject: [Infowarrior] - Judge reduces Jammie Thomas penalty to $54,000 Message-ID: <1EDA4E25-E59E-4108-9EBF-1CDFDDABB626@infowarrior.org> Judge reduces Jammie Thomas penalty to $54,000 http://old.news.yahoo.com/s/digitaltrends/20110722/tc_digitaltrends/judgereducesjammiethomaspenaltyto54000 A federal court has reduced the damages award against the Jammie Thomas-Rasset from $62,500 for each song she?s accused of sharing over peer-to-peer networks to $2,250 per song, bringing the total penalties against Thomas Rasset from $1.5 million to $54,000. Judge Michael Davis?who has presided over many incarnations of the case, wrote in his decision: ?The Court concludes that an award of $1.5 million for stealing and distributing 24 songs for personal use is appalling. Such an award is so severe and oppressive as to be wholly disproportioned to the offense and obviously unreasonable. ? The decision was noted by lawyer Benn Sheffner, who posted a copy of the order to Scribd. Thomas-Rasset?s case got started in 2006 when the Recording Industry Association of America (RIAA) began suing individuals it believes were sharing music files over peer-to-peer file sharing networks like Limewire and Gnutella?in Thomas-Rassett?s case, it was the P2P service Kazaa. Thomas-Rasset refused to settle with the RIAA; ultimately, she was found guilty of copyright infringement and a jury awarded $1.5 million in damages. Judge Davis?s order is the second time he has lowered damage awards in the case: Davis similarly reduced a $2 million judgement to $54,000 back in 2010. He arrived at that figure by taking the minimum $750 penalty for infringement and tripling it, due to juries finding Thomas-Rasset?s infringement ?willful.? Over the years, the RIAA filed more than 30,000 lawsuits against alleged file-sharers in an effort to combat music piracy. The majority of people accused of file-sharing reached a settlement with the RIAA, with an average payment of about $3,500. From rforno at infowarrior.org Fri Jul 22 14:26:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jul 2011 15:26:03 -0400 Subject: [Infowarrior] - Apple Laptops Vulnerable To Hack That Kills Or Corrupts Batteries Message-ID: Andy Greenberg Apple Laptops Vulnerable To Hack That Kills Or Corrupts Batteries Jul. 22 2011 - 12:56 pm | 2,711 views | 0 recommendations | 1 comment http://blogs.forbes.com/andygreenberg/2011/07/22/apple-laptops-vulnerable-to-hack-that-kills-or-corrupts-batteries/ A pile of dead Apple laptop batteries, victims of Charlie Miller's research. Your laptop?s battery is smarter than it looks. And if a hacker like security researcher Charlie Miller gets his digital hands on it, it could become more evil than it appears, too. At the Black Hat security conference in August, Miller plans to expose and provide a fix for a new breed of attack on Apple laptops that takes advantage of a little-studied weak point in their security: the chips that control their batteries. Modern laptop batteries contain a microcontroller that monitors the power level of the unit, allowing the operating system and the charger to check on the battery?s charge and respond accordingly. That embedded chip means the lithium ion batteries can know when to stop charging even when the computer is powered off, and can regulate their own heat for safety purposes. When Miller examined those batteries in several Macbooks, Macbook Pros and Macbook Airs, however, he found a disturbing vulnerability. The batteries? chips are shipped with default passwords, such that anyone who discovers that password and learns to control the chips? firmware can potentially hijack them to do anything the hacker wants. That includes permanently ruining batteries at will, and may enable nastier tricks like implanting them with hidden malware that infects the computer no matter how many times software is reinstalled or even potentially causing the batteries to heat up, catch fire or explode. ?These batteries just aren?t designed with the idea that people will mess with them,? Miller says. ?What I?m showing is that it?s possible to use them to do something really bad.? Miller discovered the two passwords used to access and alter Apple batteries by pulling apart and analyzing a 2009 software update that Apple instituted to fix a problem with Macbook batteries. Using those keys, he was soon able to reverse engineer the chip?s firmware and cause it to give whatever readings he wanted to the operating system and charger, or even rewrite the firmware completely to do his bidding. From there, zapping the battery such that it?s no longer recognized by the computer becomes trivial: In fact, Miller permanently ?bricked? seven batteries just in the course of his tinkering. (They cost about $130 to replace.) More interesting from a criminal perspective, he suggests, might be installing persistent malware on the chip that infects the rest of the computer to steal data, control its functions, or cause it to crash. Few IT administrators would think to check a battery?s firmware for the source of that infection, and if undiscovered the chip could re-infect the computer again and again. ?You could put a whole hard drive in, reinstall the software, flash the BIOS, and every time it would reattack and screw you over. There would be no way to eradicate or detect it other than removing the battery.? says Miller. That attack would require finding another vulnerability in the interface between the chip and the operating system. But Miller says that?s not much of a barrier. ?Presumably Apple has never considered that as an attack vector, so it?s very possible it?s vulnerable.? And the truly disturbing prospect of a hacker remotely blowing up a battery on command? Miller didn?t attempt that violent trick, but believes it might be possible. ?I work out of my home, so I wasn?t super inclined to cause an explosion there,? he says. In fact, the batteries he examined have other safeguards against explosions: fuses that contain an alloy that melts at high temperatures to break the circuit and prevent further charging. But Miller, who has worked for the National Security Agency and subsequently hacked everything from the iPhone to virtual worlds, believes it might still be possible. ?You read stories about batteries in electronic devices that blow up without any interference,? he says. ?If you have all this control, you can probably do it.? Miller, currently a researcher with the consultancy Accuvant, isn?t the first to explore the danger of explosive batteries triggered by hackers. Barnaby Jack, a researcher for with antivirus giant McAfee, says he worked on the problem in 2009, but he says he ?benched the research when I didn?t succeed in causing any lithium ion fires. Charlie has taken it a lot further and surpassed where I was at the time.? Miller says he?s received messages from several other researchers asking him not proceed with the battery work because it could be too dangerous. But Miller has worked to fix the problems he?s exposing. At Black Hat he plans to release a tool for Apple users called ?Caulkgun? that changes their battery firmware?s passwords to a random string, preventing the default password attack he used. Miller also sent Apple and Texas Instruments his research to make them aware of the vulnerability. I contacted Apple for comment but haven?t yet heard back from the company. Implementing Miller?s ?Caulkgun? prevents any other hacker from using the vulnerabilities he?s found. But it would also prevent Apple from using the battery?s default passwords to implement their own upgrades and fixes. Those who fear the possibilities of a hijacked chunk of charged chemicals in their laps might want to consider the tradeoff. ?No one has ever thought of this as a security boundary,? says Miller. ?It?s hard to know for sure everything someone could do with this.? From rforno at infowarrior.org Fri Jul 22 14:32:45 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jul 2011 15:32:45 -0400 Subject: [Infowarrior] - How 38 Monks Took on the Funeral Cartel and Won Message-ID: <77778DF5-91DB-4569-8CBC-364FD89FF2AF@infowarrior.org> How 38 Monks Took on the Funeral Cartel and Won By Conor Friedersdorf Jul 22 2011, 8:30 AM ET 5 Their victory in federal court means they can sell caskets without a license -- and has implications for entrepreneurs all over the United States After Hurricane Katrina, the 38 monks at Saint Joseph Abbey in Covington, Louisiana had a problem: they'd long supported themselves by harvesting trees on their woodland property, but damage done by the storm made continuing to do so impossible. If the community was going to survive as a place of communal prayer, education, and simple labor, it needed to find an acceptable new source of steady income. But what would it be? Abbot Justin Brown thought selling caskets might be the answer. For generations, the monks had buried their dead in simple wooden boxes that they made on site. During the 1990s, two Louisiana bishops had been buried in caskets from the abbey, generating a bit of publicity, and even years later, the monks got occasional inquiries from folks who sought something similarly austere for a funeral. Surveying the market, the monks knew that they could produce and sell caskets much cheaper than local funeral parlors, where grieving consumers paid a substantial markup, or were forced into package deals that obscured the actual price of the casket. Thus a small business was born: the monks invested $200,000, converted an old cafeteria building into a professional woodshop, and opened St. Joseph's Woodworks in 2007 on All Saints Day. Little did they know that they were about to be threatened with fines, or even jail time, unless they abandoned their plans. Or that they'd have to fight in federal court for the right to sell their simple caskets (a wooden box, a lid, and two metal handles), a case that they won Thursday when the U.S. District Court in Eastern Louisiana ruled that their constitutional rights had been violated. If the case is appealed and reaches the Supreme Court, a real possibility according to the Institute for Justice, the public interest law firm representing the monks, a suit waged on behalf of folks who hold all their possessions in common may rank among the most consequential economic freedom cases in a generation, and determine how far states and localities can go to regulate entrepreneurs in their jurisdictions. < - big snip - > http://www.theatlantic.com/national/archive/2011/07/how-38-monks-took-on-the-funeral-cartel-and-won/242336/ From rforno at infowarrior.org Fri Jul 22 18:21:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 22 Jul 2011 19:21:32 -0400 Subject: [Infowarrior] - GAO Audit Reveals Fed Played Fast and Loose With Loan Rules Message-ID: GAO Audit Reveals Fed Played Fast and Loose With Loan Rules Posted By: John Carney | Senior Editor, CNBC.com CNBC.com | 22 Jul 2011 | 12:08 PM ET http://www.cnbc.com/id/43855944 At the height of the financial crisis, the Federal Reserve evoked emergency powers to make loans to Wall Street firms without bothering to adequately explain the legal grounds for those loans. And nearly three years after the loans were made, the Fed still hasn?t provided a satisfying answer for why it made loans to the London-based broker-dealer subsidiaries of Merrill Lynch, Goldman Sachs , Morgan Stanley , and Citigroup , as well as the U.S. broker-dealer subsidiaries of Merrill Lynch, Goldman Sachs, and Morgan Stanley, according to the Government Accounting Office?s newly released audit of the Federal Reserve?s financial crisis activities. In September and November of 2008, the Federal Reserve extended credit to the affiliates of these Wall Street firms under terms very similar to those it was making under the Primary Dealer Credit Facility. But because these affiliates were not actually primary dealers, loans under that facility were not officially available. But the Fed made the loans anyway, citing its powers under Section 13(3) of the Federal Reserve Act to extend loans in ?exigent circumstances.? But it never explained exactly why it decided these loans qualified under this provision. Prior to 2008, the Federal Reserve had rarely invoked Section 13(3). But beginning with the rescue of Bear Stearns, it began to use this provison more frequently. The provision allows the Federal Reserve to lend to ?any individual, partnership or corporation? in ?unusual and exigent circumstances? when the borrower ?is unable to secure adequate credit accommodations from other banking institutions.? (You can read a history of 13(3) put together by the Minneapolis Fed here.) ?In explaining the basis for these exceptional credit extensions, Federal Reserve Board officials cited the continuing strains in financial markets and concerns about the possible failures of these dealers at the time. However, the Federal Reserve Board could not provide documentation explaining why these extensions were provided specifically to affiliates of these four primary dealers,? the GAO writes. The GAO goes on the explain that when it asked for documentation about the finding of exigent circumstances, it was told that the Fed had never documented its views. Fed officials responded to auditors' requests by just reiterating the blanket claim that ?unusual and exigent circumstances? existed. The GAO is not satisfied with this. In its view, the law doesn?t just give the Fed complete discretion to declare exigent circumstances and transfer funds. The Fed should have to explain and document its findings. ?However, without more complete documentation, how assistance to these broker-dealer subsidiaries satisfied the statutory requirements for using this authority remains unclear. Moreover, without more complete public disclosure of the basis for these actions, these decisions may not be subject to an appropriate level of transparency and accountability,? the GAO reports. In other words, this is more than just a case of a bureaucracy forgetting to cross its Ts or dot its Is. It goes to the basic question of whether the Fed?s powers under the law have any real limitations. If just declaring ?exigent circumstances? exist is enough, then there are no real limits. If the declaration must be backed up in a way that can be publicly examined and debated, then the prospect of having to articulate a public justification at least creates a potential limit. The Fed?s position is apparently that its powers are not limited and do not require the articulation of a public justification. Even the Supreme Court explains its rulings, so this is quite a claim by the Fed. Fortunately, it won?t be one the Fed can make going forward. The Dodd-Frank Act includes new requirements for the Fed to report to Congress on any loan authorized under Section 13(3). Those reports must include not just the amounts, terms and borrowers but the justification for the assistance. Next time just declaring ?exigent circumstances? won?t be good enough. ? 2011 CNBC.com URL: http://www.cnbc.com/id/43855944/ From rforno at infowarrior.org Sat Jul 23 14:19:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Jul 2011 15:19:54 -0400 Subject: [Infowarrior] - Here, There Be Dragons Message-ID: Here, There Be Dragons The cyberwar threat is being hyped because of a fear of unknown dangers. The biggest threat of all may come from our own overreaction. By Michael Hirsh Updated: July 23, 2011 | 9:18 a.m. July 21, 2011 | 5:09 p.m. < BIG SNIP > http://www.nationaljournal.com/magazine/fear-of-cyberwar-attack-may-be-biggest-threat-20110721 From rforno at infowarrior.org Sat Jul 23 14:21:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Jul 2011 15:21:32 -0400 Subject: [Infowarrior] - All Aboard The Cyberwar Express Message-ID: <60012E13-ABCC-480B-997F-E73AFA4AE8F4@infowarrior.org> National Journal July 23, 2011 All Aboard The Cyberwar Express With cuts looming in traditional military spending, cybersecurity has become the Next Big Thing for defense contractors. Less clear is what the public is getting. By Chris Strohm If you pay them, they will come. When Deputy Defense Secretary William Lynn spoke at a conference of top cybersecurity experts in February, he delivered just the message that defense contractors wanted to hear. ?It is going to take a public-private partnership to secure our networks,? Lynn declared, assuring his audience that the Pentagon would be spending billions of dollars a year on cybersecurity and needed their help. ?Throughout American history, at moments of great challenge and crisis, industry and the private sector have stood up, partnered with government, and developed the capabilities to keep our country safe.? The Pentagon?s fiscal 2012 budget request includes $2.3 billion to safeguard its networks from cyberattacks, but that?s only one piece of the action. The White House Office of Management and Budget estimates that total spending on information security this year will be about $12 billion, with two-thirds of that at the Defense Department. The cyber-industrial complex already employs the equivalent of 79,000 full-time workers, almost half of whom work for private contractors. The money flood has spawned a raft of new specialty firms and prompted traditional defense contractors to go on a buying binge. Big players such as Boeing and Raytheon are paying steep prices to acquire little-known specialty companies, including some that are only a few years old. It?s the price of admission. The results are apparent in the landscape around Fort Meade, Md., home to the U.S. Cyber Command as well as the National Security Agency and the Defense Information Systems Agency. Dozens of firms, some new and some old, have set up shop nearby. Science Applications International launched a Cyber Innovation Center in Columbia, Md., last September. Northrop Grumman opened its 6,300-square-foot Cyber Security Operations Center in suburban Maryland in 2009. Not to be outdone, Lockheed Martin has built a 25,000-square-foot NexGen Cyber Innovation and Technology Center in nearby Gaithersburg. Cybersecurity and intelligence were the hottest sector for mergers and acquisitions in 2010, according to an analysis by Aronson Capital Partners, a middle-market investment bank. Boeing paid $775 million last year for Argon ST, a six-year-old firm that had become a hot niche player in electronic warfare. Argon makes systems for ships, submarines, and aerial drones that scoop up and analyze all kinds of communication signals. Boeing?s offer of $34.50 per share last June represented a 41 percent premium over Argon?s market value. In another large deal, Raytheon paid $490 million in December to buy Applied Signal Technology. ?This sector remains ripe for consolidation as larger contractors align their capabilities with federal spending priorities,? Aronson Capital Partners wrote in a summary of 2010 activity. Translation: The big boys know this is more than a fad, and they will buy their way in. State governments and academic institutions are chasing the money, too. Gov. Martin O?Malley has declared that Maryland will be ?the epicenter of cybersecurity,? and has even created a branding concept: ?CyberMaryland.? More substantively, the University of Maryland has set up a ?Cyber Incubator? at a research park tied to its Baltimore campus. The 110,000-square-foot building houses 16 companies, including one called Cyber Map, which has created an online map of all things cyber in Maryland. The money isn?t just around Fort Meade. NSA is building a $1.5 billion data center in Utah to help protect federal computer systems, including those at civilian agencies. The Defense Advanced Research Projects Agency is seeding projects across the country, including a $24 million ?Cyber Genome? project to map the ?DNA? of malicious code and a $16 million project to camouflage virtual networks. Amid the frothy exuberance, many analysts worry about wasteful spending. Analysts and government watchdogs warn that the government hasn?t clearly defined its needs, making it hard to know which problems are real and which are just excuses to spend money. They also fret about a lack of coordination among the scores of agencies, saying that it sets the stage for duplication. ?There?s a huge opportunity for everyone to run to these agencies and to sell,? says Mieke Eoyang, director of the national-security program at Third Way, a centrist Democratic think tank, and a former staff member on both the House Intelligence and House Armed Services committees. ?But without some overall guidance that?s coordinated about what level of security [is needed], we?re not fixing the problem.? That is probably an understatement. In fact, no one really knows exactly how much money is being spent. The White House Office of Management and Budget estimates that the total is $12 billion this year. But Deltek, an industry consulting firm in Herndon, Va., puts the figure at about $9.5 billion and says it?s climbing fast. Secrecy threatens to make the uncertainty even worse. Each federal agency has to have its own cyberstrategy, yet OMB won?t publicly disclose what each one is spending?or on what. Can anyone say waste, fraud, and abuse? From rforno at infowarrior.org Sat Jul 23 14:23:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 23 Jul 2011 15:23:35 -0400 Subject: [Infowarrior] - OT: 'MurdochAlert' plugin for Firefox Message-ID: <2984836C-EB4E-4C73-BFE9-AE7774DA927A@infowarrior.org> (c/o CC) MurdochAlert warns you whenever you visit one of the 100+ Murdoch Family-controlled websites. If you're not ready to block them all, MurdochAlert can warn you instead. Also it's handy for identifying news sources controlled by the Murdoch Family. https://addons.mozilla.org/en-US/firefox/addon/MurdochAlert-details/ From rforno at infowarrior.org Mon Jul 25 06:49:21 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jul 2011 07:49:21 -0400 Subject: [Infowarrior] - Cyberwar Hysteria Aids Advisers, Hurts U.S Message-ID: <5B61C36A-957E-4D3D-BE29-C9D4A1E8077C@infowarrior.org> (Agree 100% -- rick) Cyberwar Hysteria Aids Advisers, Hurts U.S.: Susan Crawford By Susan Crawford - Jul 24, 2011 http://www.bloomberg.com/news/print/2011-07-25/cyberwar-hysteria-aids-consultants-hurts-u-s-susan-crawford.html On Feb. 3, President Barack Obama and the entire West Wing lost access to e-mail for more than seven hours. A tree-trimmer had accidentally cut the lines running out of the White House data center. White House Communications Director Dan Pfeiffer sent a bulletin via Twitter -- the only way he could get the news out, he said -- letting the world know that ?Verizon is working to solve the problem.? A single, careless scissor snip had compromised the center of the most powerful government in the world. Staffers accustomed to constant, twitchy BlackBerry attachment were stopped in their tracks. ?It felt like a snow day,? one adviser told the Washington Post. The federal government clearly has some housecleaning to do when it comes to running its own networks. Relying on a single data connection to ensure that the leader of the free world can communicate seems shortsighted. Redundant, competing backup systems would be better. Rather than focus on the shortcomings in its own electronic operations, though, the Obama administration -- spurred by vendors such as Booz Allen Hamilton -- is opening the door to centralized monitoring of any private communications in the name of increased security. Familiar Bush administration politics of fear, as well as vendors? desires, are animating the current policy push. You can hear the drumbeat in communications from the defense and national security elements of the administration: William Lynn, deputy defense secretary, told the National Defense University earlier this month, ?In the 21st century, bits and bytes can be as threatening as bullets and bombs.? Just a few months ago, Lynn proposed extending ?the high level of protection afforded by active defenses? to private networks that operate infrastructure critical to the military or the U.S. economy. Declan McCullagh, writing for CNET, interpreted ?active defenses? as code for National Security Agency efforts that, as Lynn wrote in Foreign Affairs last fall, ?are a cross between a ?sentry? and a ?sharpshooter? that can also ?hunt within? a network for malicious code or an intruder who managed to penetrate the network?s perimeter.? Government Control The drumbeat in support of government monitoring and control over private networks becomes deafening when the drummer is Bush-era cybersecurity chief (and now executive vice president of Booz Allen) Michael McConnell. He voices concern that the U.S. ?is fighting a cyber-war today, and we are losing.? Even ordinarily reasonable Senator Susan Collins uses this kind of language, warning of a ?digital Pearl Harbor? in a recent Washington Post op-ed written with Senator Joseph Lieberman. Howard Schmidt, the White House cybersecurity coordinator, doesn?t buy the hype. ?My father was in a war, my son has been in a war, I?ve been in a war, and this is not what we?re going through right now,? Schmidt said in an interview with National Public Radio. ?To label every cyberintrusion, every theft of intellectual property, as cyberwar is just a total mischaracterization of what?s going on in the world today,? Schmidt has said. Security Breaches We?re hearing more about chinks in private computer networks these days because 46 states have laws requiring notification of security breaches involving personal information -- and not necessarily because there are more breaches. It?s not clear these breaches are having much effect on our economy. Cisco Systems Inc., the networking- equipment maker, suggests that mass online bank fraud and spam are both down, but that personalized fraud may be increasing. At any rate, criminals accessing electronic information without authorization are being arrested and current laws appear to be adequate to reach them. The drumbeat of fear continues anyway. The administration?s draft cybersecurity bill released in May would result in regulation of private Internet access providers by the Department of Homeland Security. The DHS approach maps to the framework under which chemical plants handling hazardous substances are regulated, signaling that some sector of the administration views the Internet as akin to an informational toxic-waste dump. Unrestrained Sharing Most importantly, the bill would allow unrestrained ?voluntary? sharing of any information by private operators with DHS, no matter how it was acquired and no matter how existing law would otherwise restrict disclosure of the information. Such sharing would be justified for cybersecurity purposes, if the operator made efforts to remove irrelevant identifying information and complied with not-yet-written privacy protections. This government- centered structure bypasses the Fourth Amendment?s right to privacy. The stated limitations are no real limitation at all. The White House proposal would also broaden the scope of the Computer Fraud and Abuse Act, make the CFAA part of a racketeering prosecution (triggering harsh penalties), and generally enhance the sentences available under that statute. The CFAA already is interpreted breathtakingly broadly. All computers connected to the Internet are protected by the CFAA against undefined ?unauthorized access,? which has made it possible for disgruntled employers to go after employees who use any information for purposes the employer doesn?t like. Expanding an already unconstrained scheme is the D.C. equivalent of jumping the shark; it calls the entire cyberwar enterprise into question. Busy Contractors The bill would certainly create work. Cybercontractors would stay busy carrying out the audits, evaluating the providers? plans, and suggesting draft rules. We have to hope that Booz Allen and kindred firms would be up to the job. The astounding asymmetry of information in this area makes Americans susceptible to cyberpanics. The day after a tree-trimmer?s lapse paralyzed the White House, a website called KnowledgeEmpire asserted darkly that the outage had been caused by a ?malware cyber-attack? supposedly aimed at British diplomats. It may be in consultants? interest to create an atmosphere of fear when it comes to the Internet. But mindless saber-rattling is hardly in America?s interest. Some basic work is needed to improve security of the government?s own networks. Beyond that, if we want to make private networks more secure, the answer involves calmer approaches: investing in research and development, spurring the creation of safer software and educating our citizens and companies about computer security. (Susan Crawford, a professor of law at Cardozo School of Law, specializing in Internet policy and communications law, is a Bloomberg View columnist. The opinions expressed are her own.) Read more Bloomberg View columns. To contact the writer on this column: Susan Crawford in New York at scrawford at scrawford.net. To contact the editor responsible for this column: George Anders at ganders1 at bloomberg.net. From rforno at infowarrior.org Mon Jul 25 15:58:57 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jul 2011 16:58:57 -0400 Subject: [Infowarrior] - US-CERT Director Leaves Abruptly Message-ID: US-CERT Director Leaves Abruptly Randy Vickers, head of the organization responsible for protecting the U.S. against cyber attacks, has resigned effective immediately. By Elizabeth Montalbano, InformationWeek July 25, 2011 URL: http://www.informationweek.com/news/government/leadership/231002548 The director of the agency that protects the federal government from cyber attacks has resigned abruptly in the wake of a spate of hacks against government networks. U.S. Computer Emergency Readiness Team (US-CERT) director Randy Vickers resigned his position Friday, effective immediately, according to an e-mail to US-CERT staff sent by Bobbie Stempfley, acting assistant secretary for cybersecurity and communications, and obtained by InformationWeek. A Department of Homeland Security (DHS) spokesperson confirmed the email was authentic. The DHS has not provided a reason for Vickers' sudden departure and the spokesperson, who asked to remain anonymous, declined to discuss the matter further. Vickers served as director of US-CERT since April 2009; previously, he was deputy director. Current US-CERT deputy director Lee Rock will serve as interim director until the DHS names a successor for Vickers, according to the email. "We are confident that our organization will continue its strong performance under his leadership," Stempfley wrote, adding that the agency wishes Vickers success in future endeavors. Vickers' departure comes at a critical time for the organization, as federal networks have come under a barrage of attacks lately by a series of hacker groups--including Anonymous, LulzSec and AntiSec--that specifically are targeting government networks. In the last month and a half, federal organizations that have experienced attacks include the Navy, the FBI, and the CIA. Federal contractors that handle sensitive and confidential government information also have been the targets of hackers, including Booz Allen Hamilton and IRC Federal. In response to those attacks last week, US-CERT issued a comprehensive new set of security recommendations for federal agencies and organizations to follow in the hope of preventing future intrusions. US-CERT is a division of the DHS responsible for responding to and defending against cyber attacks for the federal government's IT infrastructure. It also is in charge of sharing information and collaborating with state and local governments, as well as the private sector, to protect critical infrastructure in the United States. One of the organization's jobs is to keep track of attacks on federal networks and compile a list of them by type and number for a yearly report released by the Office of Management and Budget. The report helps the feds better understand where vulnerabilities lie as part of an overall cybersecurity strategy that has become increasingly important in the last several years. From rforno at infowarrior.org Mon Jul 25 20:20:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 25 Jul 2011 21:20:46 -0400 Subject: [Infowarrior] - Google Street View grabbed locations of phones, PCs Message-ID: <59BC9F70-1D6F-44F1-A0D0-D1CC33514C55@infowarrior.org> July 25, 2011 12:14 AM PDT Street View cars grabbed locations of phones, PCs by Declan McCullagh Some locations that Google associated with Wi-Fi devices spotted in a San Francisco coffee shop. scoop Google's Street View cars collected the locations of millions of laptops, cell phones, and other Wi-Fi devices around the world, a practice that raises novel privacy concerns, CNET has confirmed. The cars were supposed to collect the locations of Wi-Fi access points. But Google also recorded the street addresses and unique identifiers of computers and other devices using those wireless networks and then made the data publicly available through Google.com until a few weeks ago. The French data protection authority, known as the Commission Nationale de l'Informatique et des Libert?s (CNIL) recently contacted CNET and said its investigation confirmed that Street View cars collected these unique hardware IDs. In March, CNIL's probe resulted in a fine of 100,000 euros, about $143,000. The confirmation comes as concerns about location privacy appear to be growing. Apple came under fire in April for recording logs of approximate location data on iPhones, and eventually released a fix. That controversy sparked a series of disclosures about other companies' location privacy practices, questions and complaints from congressmen, a pair of U.S. Senate hearings, and the now-inevitable lawsuits seeking class action status. < - > Read more: http://news.cnet.com/8301-31921_3-20082777-281/street-view-cars-grabbed-locations-of-phones-pcs/#ixzz1TAbVE6u7 From rforno at infowarrior.org Tue Jul 26 06:39:02 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jul 2011 07:39:02 -0400 Subject: [Infowarrior] - Soros hedge fund closing Message-ID: <0AE4F356-8E13-4DE8-B284-5EE893F3FF7C@infowarrior.org> Soros to End Four-Decade Hedge-Fund Career By Katherine Burton - Jul 26, 2011 7:08 AM ET George Soros, the billionaire best known for breaking the Bank of England, is returning money to outside investors in his $25.5 billion firm, ending a career as hedge-fund manager that spanned more than four decades. Soros, who turns 81 next month, will hand back the money, less than $1 billion, by the end of the year, according to two people briefed on the matter. His firm will focus on managing assets solely for Soros and his family, according to a letter to investors. Keith Anderson, 51, chief investment officer since February 2008, is leaving, said the letter, signed by Soros?s sons Jonathan and Robert, who are co-deputy chairmen. ?We wish to express our gratitude to those who chose to invest their capital with Soros Fund Management LLC over the last nearly 40 years,? they said in the letter. ?We trust that you have felt well rewarded for your decision over time.? The move completes Soros?s transformation from a speculator, who in 1992 made $1 billion betting that the Bank of England would be forced to devalue the pound, to philanthropist statesman, a role he first imagined for himself as a Hungarian ?migr? studying at the London School of Economics after World War II, according to Soros?s writings. In the last 30 years, he?s given away more than $8 billion to promote democracy, foster free speech, improve education and fight poverty around the world, he said in a recent essay. Family Assets Soros?s sons said they took the decision because new financial regulations would have made it necessary for the firm to register with the Securities and Exchange Commission by March 2012 if it continued to manage money for outsiders. Because the firm has overseen mostly family assets since 2000, when outside money accounted for about $4 billion, they decided it made more sense to run it as a family office, according to the letter. The rule calls for hedge funds with more than $150 million in assets to report information about their investors and employees, the assets they manage, potential conflicts of interest and their activities outside of fund advising. Registered funds will also be subject to periodic inspections by the SEC. ?We have relied until now on other exemptions from registration which allowed outside shareholders whose interests aligned with those of the family investors to remain invested in Quantum,? the executives said in the letter, referring to its flagship Quantum Endowment Fund. ?As those other exemptions are no longer available under the new regulations, Soros Fund Management will now complete the transition to a family office that it began eleven years ago.? < -- > http://www.bloomberg.com/news/2011-07-26/soros-to-end-four-decades-as-hedge-fund-leader-by-returning-investor-cash.html From rforno at infowarrior.org Tue Jul 26 06:49:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 26 Jul 2011 07:49:54 -0400 Subject: [Infowarrior] - Scathing commentary on ISC2 certification Message-ID: <6940CB25-40DB-4D91-BE71-160E10ED2335@infowarrior.org> (Well done, Jericho! -- rick) https://infosecisland.com/blogview/15450-My-Canons-on-ISC-Ethics-Such-as-They-Are.html My Canons on (ISC)? Ethics - Such as They Are Tuesday, July 26, 2011 The International Information Systems Security Certification Consortium, Inc., (ISC)?, bills themselves as "the global, not-for-profit leader in educating and certifying information security professionals throughout their careers." They are probably most well-known for their CISSP? - Certified Information Systems Security Professional. With 5 years of experience, practice in two of the ten domains they list and passing a 250 question multiple choice test, you can earn this certification. The (ISC)? Code of Ethics is founded on four canons to guide CISSP certification holders. I offer my own canons on the (ISC)? Code of Ethics. These should be used to guide you in maintaining a better perspective on the absurdity that is (ISC)?. [..] https://infosecisland.com/blogview/15450-My-Canons-on-ISC-Ethics-Such-as-They-Are.html From rforno at infowarrior.org Wed Jul 27 08:16:05 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jul 2011 09:16:05 -0400 Subject: [Infowarrior] - Congress to take on 'ratings' agencies Message-ID: Just remember: Ratings agencies largely responsible for the subprime crisis. Congress largely responsible for historic out of control deficit spending. ... yeah, this is going to be a political sideshow today. -- rick July 26, 2011 House Panel Plans to Question Rating Agencies Over Downgrade Threat to U.S. By ERIC DASH http://www.nytimes.com/2011/07/27/business/economy/credit-rating-agencies-to-testify-before-congress.html Credit rating agencies have been questioning Congress about its credibility. Now, Congress gets to turn the tables. A House Financial Services oversight panel on Wednesday will give lawmakers their first chance to ask senior executives at Standard & Poor?s and Moody?s about their judgments in putting the government on notice that its top-flight credit rating is at risk. The hearing had been called to discuss the impact of new financial regulations on the major rating agencies. But as the possibility of a credit downgrade becomes increasingly likely, representatives from both political parties are expected to take a closer look at the record of those issuing the reviews of United States government debt. Representative Randy Neugebauer, a Texas Republican who leads the Financial Services Oversight Subcommittee, said he believed the agencies were acting properly to raise questions about the nation?s debt problem. Still, he added, the financial crisis showed that the rating agencies did not always get it right. ?A lot of folks feel the agencies failed,? he said. ?Their credibility is somewhat in question.? Representative Barney Frank, the ranking member of the House Financial Services Committee, who is a Massachusetts Democrat, said he believed the rating agencies had made flawed assessments on ratings of state and municipal debt over the years. Now, he said, he thinks they may be misjudging Congress?s political will to rein in the deficit. ?I don?t think that in judging how the political system is going to respond, going forward, that they have any credibility,? he said. ?They are terrible at that.? Wednesday?s hearing will be the latest act in a week of political drama over an agreement to raise the debt ceiling and lower the federal deficit. Even as Democrat and Republicans work on competing plans to get the nation?s financial house in order, the judgments of the major credit rating agencies hang over any deal. Moody?s, Standard & Poor?s and Fitch Ratings have all warned that they might lower the American credit rating. S.& P. has gone a step further, suggesting that the uncertain political climate could lead it to take action by mid-October even with an agreement to cut the deficit. S.& P. has indicated that the Obama administration and the Congress will need a ?credible plan? to cut the deficit by $4 trillion to keep its top rating. Few believe that such a plan is now possible. Critics of the rating agencies charge that they are inserting themselves in a highly charged political debate. ?For them to weigh in with such specificity of what needs to happen seems to be outside their mission and charter,? said Joshua Rosner, a managing director at Graham Fisher & Company, a research firm. ?It feels much more like a rating agency consulting business than a ratings business.? Ratings can be useful in helping investors evaluate the performance of complex and lightly traded securities. But, ever since the financial crisis, the ratings agencies? own track record has come under attack. After the mortgage collapse, critics charged that the agencies gave sterling ratings to complex securities based on absurdly optimistic models, only to later watch them falter. They also pointed to the agencies? unusual compensation structure, in which issuers pay for the ratings of corporate bonds. Critics likened that arrangement to a food critic who is paid by the restaurants he reviews. A Congressional panel examining the causes of the crisis called the ratings agencies ?essential cogs in the wheel of financial destruction.? The agencies? record on sovereign ratings has been better, but European politicians found them to be useful whipping boys. Now, Washington is registering its complaints. Within the Obama administration, officials are frustrated with what they see as the rating agencies ? especially S.& P. ? moving the financial goalposts. Last October, an S.& P. commentary suggested that the American government would have three to five years to get its fiscal house in order. By April, when the ratings agency changed its credit outlook on the United States to negative, it suggested that the government needed a plan in place by 2013. Then, on July 14, S.& P. warned that if the government did not agree to a deficit reduction package of about $4 trillion, it could be downgraded in the next 90 days. The agency said on Tuesday that the changing timetables reflected the belief that if lawmakers in Washington could not reach a deal now, they were unlikely to do so in the future. ?What?s changed is the political gridlock,? said David Beers, its global head of sovereign ratings, in an e-mail. ?Even now, it?s an open question as to whether or when Congress and the administration can agree on fiscal measures that will stabilize the upward trajectory of the U.S. government debt burden." A spokesman for the rating agency added that it would refrain from commenting on the ?many varying proposals? that had arisen in the current debate. Meanwhile, there is the topic that the hearing was originally called to address. As part of the Dodd-Frank Act, lawmakers pushed for new rules that stopped requiring the use of ratings, forcing investors to do their own analysis instead. But banks and their regulators have fiercely resisted the rules, saying that putting that rule into effect is difficult. On Monday, for example, the Federal Reserve identified 46 instances in its bank regulation that required investors to rely on credit ratings, but it did not map out how it would adapt those rules so that ratings were no longer necessary. The Securities and Exchange Commission also proposed Tuesday that mortgage bond and other issuers make certain certifications in an effort to reduce investors? reliance on ratings. Lawmakers said they planned to question ratings agency officials, financial regulators and other experts on efforts to de-emphasize the importance of credit ratings in the year since the Dodd-Frank rules were passed. From rforno at infowarrior.org Wed Jul 27 18:47:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jul 2011 19:47:56 -0400 Subject: [Infowarrior] - Blue Cross/Shield doesn't get trademark law Message-ID: Blue Cross / Blue Shield Says Study Pointing Out Failures Of Its Doctors... Violates Its Trademark from the that's-not-how-tardemark-works dept http://www.techdirt.com/articles/20110726/10532815260/blue-cross-blue-shield-says-study-pointing-out-failures-its-doctors-violates-its-trademark.shtml Don't mean to sound like a broken record, but the purpose of trademark is consumer protection from confusion. The idea is that someone shouldn't be able to sell you "Bob's Cola," while labeling it "Coca Cola," because that's a form of fraud on consumers. Tragically, over the last few decades, lawyers have been able to reposition trademark law not as a "consumer protection" law, but as "intellectual property." This leads trademark holders to increasingly pretend that trademark law grants them additional rights and abilities and to use trademark law in ways that simply are not granted under the law. For example, the Massachusetts Blue Cross/Blue Shield apparently thinks that you can't publish a study criticizing its doctors without permission thanks to trademark law. The company's VP of Communications contacted the authors of the study (which pointed out that BCBS doctors didn't always respond well to patients needing psychiatric care), telling them: ?We are VERY concerned about the use of BCBSMA?s name and brand in a published study without BCBSMA authorization. We?d like to talk with you about that.? .... You may be concerned, but shouldn't you be a bit more concerned about the results of the study that call into question the practices of your doctors? Because the use of the name is perfectly legal and in no way touches on trademark law. No moron in a hurry is going to have a "likelihood of confusion" here, thinking that this study was somehow a product of BCBSMA. And, of course, in trying to intimidate the study's authors, all BCBSMA has done is... draw a lot more attention to the study and the reported failings of the organization. From rforno at infowarrior.org Wed Jul 27 18:52:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 27 Jul 2011 19:52:16 -0400 Subject: [Infowarrior] - TV Networks Grow Tired of Pretty Face, Decide to Cut off Nose Message-ID: <33646AD0-1B49-4C04-8CEB-B6E40F855618@infowarrior.org> TV Networks Grow Tired of Pretty Face, Decide to Cut off Nose By Michael Weinberg on July 27, 2011 - 12:44pm http://www.publicknowledge.org/blog/tv-networks-grow-tired-pretty-face-decide-cut It is being widely reported today that Fox is removing next-day content from Hulu for everyone but selected ?verified? cable and satellite subscribers, and that other networks are considering following suit. Under the new plan, the only people who could watch content in the week following the original airdate are people who already subscribe to some subset of approved cable and satellite services. This makes sense everywhere but in reality. When it was first announced, one of the most amazing things about Hulu was that it suggested that the TV industry had actually learned some lessons from the music industry. Enforcement alone was not going to eliminate piracy. However, if you give the public an easy, reliable, legal way to access content they will flock to it. The TV studios appeared to be recognizing that, while people prefer illegally downloading shows to nothing, they prefer an easy-to-use, legal service to illegal downloads. Hulu promised next day viewing of shows in exchange for watching a few ads. People loved that deal. In 36 months, Hulu went from two content partners and a dozen advertisers to 627 advertisers and 250 content partners. Strangely, this success caused the studios to forget what drove them to create Hulu in the first place. For the past two years, content owners have forced Hulu to take steps that make it a less attractive alternative to piracy. They limited the browsers that viewers could use. They imposed irregular rules on when and for how long episodes and seasons of shows were available, undermining the public?s confidence that Hulu would have what they were looking for. They pulled some of the content behind a Hulu Plus paywall, although to their credit anyone was eligible to join Hulu Plus, not just existing cable and satellite subscribers. Now, content owners are closing the door on new programming for anyone who is not a cable or satellite subscriber. In the short term, this helps the networks protect the value of their contracts with those cable and satellite providers. In the long term, as the Wall Street Journal noted, it ?kicks off the great web video piracy boom of 2011.? Making Hulu harder to use will push people back towards illegal options. That movement will continue as long as, in the words of Slate?s Bill Wyman ?the easiest and most convenient way to see the movies or TV shows you want is to get them illegally.? Hulu originally undermined the truth of that statement. Now Fox and any networks that follow are doing their best to keep it true. This also harms consumers (and networks) in another way. It takes limitations built into the existing cable and satellite TV infrastructure and unnecessarily duplicates them online. Currently, consumers have a very limited set of choices when it comes to subscription video. If they are lucky, they can choose between a pair of satellite services and maybe two more cable services. For many, those options are much smaller. This limitation is a byproduct of physical reality. Satellite TV requires the ability to mount a dish with clear line of sight to the southern sky. Cable requires physically hauling a cable all the way to your house. Internet video does not suffer from these limitations. Once you have a broadband connection, you can access any internet delivered video service. Those services do not require a satellite dish mounted with a clear line of sight to the south, or dragging a new wire to every consumer?s home. Freed from these limitations, internet delivered video promises a new chapter in video competition. This competition benefits consumers, but it also benefits networks. Instead of being beholden to one cable company to reach viewers (as Fox and Cablevision illustrated in New York City last fall) there would be multiple paths to reach the public and multiple partners to negotiate with. But none of this seems to matter for networks. They have relied on a business model in the past, and they will cling to it in the future. Instead of nurturing services that consumers want, networks appear to prefer to spend their energy finding new ways to step up enforcement (and pushing for laws that will break the internet without actually reducing illegal activity). It would seem that the brief period of actually trying to meet consumers? needs is nearing an end. From rforno at infowarrior.org Thu Jul 28 07:17:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jul 2011 08:17:33 -0400 Subject: [Infowarrior] - Why does Google+ insist on having your real name? Message-ID: <7041321B-5808-46FC-A677-BB214C06A924@infowarrior.org> 28 July 2011 Last updated at 03:26 ET Why does Google+ insist on having your real name? http://www.bbc.co.uk/news/magazine-14312047 By Alex Hudson BBC News Google+ took only 24 days to reach 20 million users but their decision to delete accounts without real names attached has caused anger. So why do social networks insist on your real name? Many people choose to conceal or alter their identity online. Visit many forums and you'll see the likes of "Jboy72" and "NYgirl" outnumbering those giving their real names. But it's something social networks really don't like. Over the past few days, Google has enforced its policy for requiring a real name on its new social network Google+ by suspending accounts. The affected users were not happy at all. Blogger GrrlScientist, who prefers her real-life identity to remain private, thinks the decision to delete her account was "gormless". "I've established an identity and a personality and an online and off-line world using this name," she says. "I look at it as the best part of myself so I'm not going to give it up now." So why do the social networks want your real identity? Google says it is addressing those with genuine complaints, but it maintains that to use the network effectively, users should be able to search for a friend or a family member as quickly and as easily as possible. And that, they say, means demanding real names. Indeed, the guidelines are very similar to other social networks like Facebook and LinkedIn. "By providing your common name, you will be assisting all people you know in finding and creating a connection with the right person online," a Google spokesman says. Insisting on real names is supposed to combat spam. MySpace struggled with it in the past and Twitter "spambots" crop up from time to time. And some see being made to use your real name as the antidote to the unpleasantness that happens on forums. The theory goes that when people are using their real names online, they are more likely to act responsibly and engage honestly with the community. "There is an issue of trolls," says Benjamin Cohen, Channel 4 News' technology correspondent. What the social networks say... ? Facebook users must agree to provide their real names and giving any false personal information allows Facebook to stop providing all or part of the site ? Google says: "To help fight spam and prevent fake profiles, use the name your friends, family or co-workers usually call you. For example, if your full legal name is Charles Jones Jr but you normally use Chuck Jones or Junior Jones, either of those would be acceptable." "The authentication is important - it's a big problem on the internet and social networks make it more unlikely for someone to be pretending to be someone else." And certainly things can get heated when the mask of anonymity is granted to users. Messageboard community 4Chan has received significant attention for its posts, often featuring adult content, which offer absolute anonymity, though founder Chris Poole still believes that this is vital to allow honest opinions and is responsible for much of the popularity of the site. But choosing to use a pseudonym is not just about examples like GrrlScientist. Some users choose to hide their identity to avoid being found by people they would not like to be contacted by. Others live in countries where identification could have serious implications for those who have expressed political views or associated themselves with others who have. Many users in China, where access to Google+ itself is difficult because of restrictions by Chinese authorities on some websites, have called on Google to change its mind. Twitter user Newsinchina - known by the English name Richard Zhang - wrote in Chinese on Google+ before his profile was removed: "Please Google+, when you are deciding regulations, you must consider Chinese usage, especially from users in mainland China. "Be sure to consider the user's actual situation. Please do not force them to use a real-name system. Otherwise, I think that Google will be violating its principle of 'don't be evil'." Indeed, Google's motto of "Don't be evil" has featured in a number of posts, but some analysts think Google+ suspending accounts is more an oversight than anything else. "They're still in Beta [test] mode and perhaps been too strict in enforcing the rules," says Robin Grant, managing director of social media agency We Are Social. "They are most probably going to change it to allow human rights activists, for example, to hide their identity. They're not going to leave themselves open to that sort of criticism. "It's not a fully fleshed out product and they made a mistake but I don't think it's sinister." But there has been a muttering in the blogosphere that the real reason the social networks want real names is that it makes them more money. A real name is more lucrative for advertisers. "The more Google knows about its audience, the better it can target adverts of interest and therefore make more money," says Nate Elliott, vice-president principal analyst at technology company Forrester Research. "That said, it's very unlikely that people would focus on the first name or last name fields to target people." "Of all the ways Google has to connect your profile with your other behaviour on Google, that's by far the least exact." Others agree that it is not the name that is vital, but demographics and interests information that holds the real key to revenue. "It's not really about being to sell someone's name but their intent - people's search and social behaviour," says Grant. "It doesn't matter if you know their name or not, it matters that there's a link between what they say they do and what they actually do." But whatever the reasons, there will be many who still press for the right to use a pseudonym. From rforno at infowarrior.org Thu Jul 28 18:16:19 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jul 2011 19:16:19 -0400 Subject: [Infowarrior] - =?windows-1252?q?The_=93Graduated_Response=94_Dea?= =?windows-1252?q?l=3A_What_if_Users_Had_Been_At_the_Table=3F?= Message-ID: July 18th, 2011 The ?Graduated Response? Deal: What if Users Had Been At the Table? Deeplink by Corynne McSherry Co-authored by Eric Goldman As was widely reported last week, several major internet access providers (including, very likely, yours) struck a deal last week with big content providers to help them police online infringement, educate allegedly infringing subscribers and, if subscribers resist such education, take various steps including restricting their internet access. We?ve now had a chance to peruse the lengthy ?Memorandum of Understanding" (MOU) behind this deal. Turns out, as is often observed, the devil is in the details ? and they are devilish indeed. Let?s start with the people taking credit: major content owners, service providers, and some government officials, principally New York Attorney General Andrew Cuomo. But guess who wasn?t invited to the party? The millions of subscribers who will be governed by the deal?the same subscribers who elect the politicians, buy the content owners? goods and pay subscription fees to the internet access providers (which are likely to go up as administration costs are passed on ? the UK?s graduated response system was estimated to cost about $40 per subscriber). Given that subscribers weren?t consulted, it?s probably not surprising that this deal is not in their interests. Here?s some of the biggest problems with what resulted--and some ideas on what subscribers should demand of the system they?ll be paying for: < -- > https://www.eff.org/deeplinks/2011/07/graduated-response-deal-what-if-users-had-been From rforno at infowarrior.org Thu Jul 28 20:16:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 28 Jul 2011 21:16:25 -0400 Subject: [Infowarrior] - TSA readying new behavior detection plan for airport checkpoints Message-ID: TSA readying new behavior detection plan for airport checkpoints http://www.politico.com/blogs/joshgerstein/0711/TSA_readying_new_behavior_detection_plan_for_airport_checkpoints.html The federal government is planning to introduce new behavior detection techniques at airport checkpoints as soon as next month, Transportation Security Administration chief John Pistole said Thursday. TSA already has "behavior detection officers" at 161 airports nationwide looking for travelers exhibiting physiological or psychological signs that a traveler might be a terrorist. However, Pistole said TSA is preparing to move to an approach that employs more conversation with travelers?a method that has been employed with great success in Israel. "I'm very much interested in expanding the behavior detection program, upgrading it if you will, in a way that allows us to?.have more interaction with a passsenger just from a discussion which may be able to expedite the physical screening aspects," Pistole said during an appearance at the Aspen Security Forum in Colorado. "So, we?ve looked at what works around the world, some outstanding examples and we are planning to do some new things in the near future here." Pistole declined to elaborate on the enhanced behavior detection program but said it would "probably" be announced in August. During an on-stage interview with CNN's Jeanne Meserve, Pistole acknowledged that the Israeli techniques have been carefully examined. "There's a lot?under that Israeli model?a lot that is done that is obviously very effective," he said. However, critics have said the Israeli program is too time consuming to use consistently at U.S. airports and may involve a degree of religious and racial profiling that would draw controversy in the U.S. Pistole also said TSA is planning to test out some new methods for screening children in the wake of highly-publicized videos of children screaming as they were patted down at airport checkpoints. The TSA chief said adults have used children as suicide bombers before in other contexts and could do so through an airport, but there may still be better ways to screen kids. "I think we can do a different way of screening children that recognizes that the very high likelihood they do not have a bomb on them," Pistole said. "I think under our new protocols we would see very few patdowns of children." Instead, parents would be more involved in the process of helping TSA personnel figure out why a child is setting off alarms. Pistole said adjusting screening for the elderly is more complicated because a large number of people on terrorist watch and enhanced screening lists are older. However, another pilot program is underway underway to identify people who have traveled very frequently for years and who could get an expedited screening. From rforno at infowarrior.org Fri Jul 29 08:40:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jul 2011 09:40:54 -0400 Subject: [Infowarrior] - AAPL has more cash on-hand than Uncle Sam Message-ID: <861FBD1E-83BB-4747-A3E5-B50F45875F42@infowarrior.org> (...though Apple doesn't have a printing press, obviously. -- rick) Apple Now Has More Cash Than The U.S. Government Matt Rosoff | Jul. 28, 2011, 8:14 PM | 78,902 | 98 Here's something to keep in mind as you follow this evening's congressional debate over the debt ceiling. According to the latest daily statement from the U.S. Treasury, the government had an operating cash balance of $73.8 billion at the end of the day yesterday. Apple's last earnings report (PDF here) showed that the company had $76.2 billion in cash and marketable securities at the end of June. In other words, the world's largest tech company has more cash than the world's largest sovereign government. That's because Apple collects more money than it spends, while the U.S. government does not. (The Atlantic and CNBC both pointed this out earlier.) http://www.businessinsider.com/apple-has-more-cash-on-hand-than-the-us-government-2011-7 From rforno at infowarrior.org Fri Jul 29 09:01:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jul 2011 10:01:58 -0400 Subject: [Infowarrior] - MS coins "open surface" term Message-ID: <106217F7-AB9C-495B-B93D-210F9D9FBD99@infowarrior.org> Another MS "standard" term? "Open Surface" versus the (evil) "Open Source" ??? Microsoft: Cloud need only be open surface, not open source http://www.zdnet.com/blog/open-source/microsoft-cloud-need-only-be-open-surface-not-open-source/9308 From rforno at infowarrior.org Fri Jul 29 09:28:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jul 2011 10:28:03 -0400 Subject: [Infowarrior] - Drug Could Let The Hereditary Blind See Message-ID: <042C6A54-1D73-45E8-9436-9F7758F22A46@infowarrior.org> Drug Could Let The Hereditary Blind See There's a terrible hereditary eye disease called Leber's hereditary optic neuropathy that affects men in their twenties. It's a mitochondrial disease inherited from your mother that leads to total blindness within six months of onset. A recent breakthrough from a team of researchers at Newcastle University suggests this disease may be reversible in its early stages. The researchers gave 55 test subjects the drug idebenone for six months and 20 reported an improvement in their vision at the end of the study. It didn't work for everyone and it's not a cure, but as team leader Patrick Chinnery points out the results show the drug had "a significant effect." Best of all, idebenone has limited side effects and could be used prophylactically to prevent the onset of the disease. The same treatment could also be used to treat other mitochondrial diseases as well. http://gizmodo.com/5825850/drug-could-let-the-hereditary-blind-see From rforno at infowarrior.org Fri Jul 29 12:25:09 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jul 2011 13:25:09 -0400 Subject: [Infowarrior] - Apple Laptop Batteries Can Be Bricked, Firmware Hacked Message-ID: <70FAD0B5-CFE7-4D82-B813-09DB351FF792@infowarrior.org> Apple Laptop Batteries Can Be Bricked, Firmware Hacked https://threatpost.com/en_us/blogs/apple-laptop-batteries-can-be-bricked-firmware-hacked-072211 Security researcher Charlie Miller, widely known for his work on Mac OS X and Apple's iOS, has discovered an interesting method that enables him to completely disable the batteries on Apple laptops, making them permanently unusable, and perform a number of other unintended actions. The method, which involves accessing and sending instructions to the chip housed on smart batteries could also be used for more malicious purposes down the road. The basis of Miller's research, which he plans to present at the Black Hat conference in Las Vegas next month, is the battery that's used in most Apple laptops. The battery, like many others in modern laptops, has a chip on it that contains instructions for how the battery is meant to behave and interact with the operating system and other components. Inspired by Barnaby Jack's ATM hacking talk at last year's conference, Miller was interested in seeing what would happen if he could get access to the chip and start messing with the instruction set and firmware. A lot, as it turns out. "The battery has its own processor and firmware and I wanted to get into the chip and change things and see what problems would arise," said Miller, a principal research consultant at Accuvant. What he found is that the batteries are shipped from the factory in a state called "sealed mode" and that there's a four-byte password that's required to change that. By analyzing a couple of updates that Apple had sent to fix problems in the batteries in the past, Miller found that password and was able to put the battery into "unsealed mode." From there, he could make a few small changes to the firmware, but not what he really wanted. So he poked around a bit more and found that a second password was required to move the battery into full access mode, which gave him the ability to make any changes he wished. That password is a default set at the factory and it's not changed on laptops before they're shipped. Once he had that, Miller found he could do a lot of interesting things with the battery. "That lets you access it at the same level as the factory can," he said. "You can read all the firmware, make changes to the code, do whatever you want. And those code changes will survive a reinstall of the OS, so you could imagine writing malware that could hide on the chip on the battery. You'd need a vulnerability in the OS or something that the battery could then attack, though." In his lab, Miller was able to brick the battery so that it wouldn't take a charge or discharge any power, and he said it's also possible to send faulty instructions to the OS, giving it bad information about the level of power left in the battery. He wasn't able to accomplish his main goal, however. "I started out thinking I wanted to see if a bad guy could make your laptop blow up. But that didn't happen," he said. "There are all kinds of things engineers build into these batteries to make them safe, and this is just one of them. I don't know if you could really melt the thing down." Miller plans to release a tool at Black Hat that will go in and change the defualt passwords on the battery's processor so that the hacks he developed won't work. It will lock the battery in sealed mode permanently. From rforno at infowarrior.org Fri Jul 29 19:25:40 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jul 2011 20:25:40 -0400 Subject: [Infowarrior] - House panel approves broadened ISP snooping bill Message-ID: <3FD471BC-06E6-47B0-ADB1-2B6283355D28@infowarrior.org> July 28, 2011 1:41 PM PDT House panel approves broadened ISP snooping bill by Declan McCullagh http://news.cnet.com/8301-31921_3-20084939-281/house-panel-approves-broadened-isp-snooping-bill/ Internet providers would be forced to keep logs of their customers' activities for one year--in case police want to review them in the future--under legislation that a U.S. House of Representatives committee approved today. The 19 to 10 vote represents a victory for conservative Republicans, who made data retention their first major technology initiative after last fall's elections, and the Justice Department officials who have quietly lobbied for the sweeping new requirements, a development first reported by CNET. A last-minute rewrite of the bill expands the information that commercial Internet providers are required to store to include customers' names, addresses, phone numbers, credit card numbers, bank account numbers, and temporarily-assigned IP addresses, some committee members suggested. By a 7-16 vote, the panel rejected an amendment that would have clarified that only IP addresses must be stored. It represents "a data bank of every digital act by every American" that would "let us find out where every single American visited Web sites," said Rep. Zoe Lofgren of California, who led Democratic opposition to the bill. Lofgren said the data retention requirements are easily avoided because they only apply to "commercial" providers. Criminals would simply go to libraries or Starbucks coffeehouses and use the Web anonymously, she said, while law-abiding Americans would have their activities recorded. To make it politically difficult to oppose, proponents of the data retention requirements dubbed the bill the Protecting Children From Internet Pornographers Act of 2011, even though the mandatory logs would be accessible to police investigating any crime and perhaps attorneys litigating civil disputes in divorce, insurance fraud, and other cases as well. "The bill is mislabeled," said Rep. John Conyers of Michigan, the senior Democrat on the panel. "This is not protecting children from Internet pornography. It's creating a database for everybody in this country for a lot of other purposes." ISP snooping time line In events that were first reported by CNET, Justice Department officials have been lobbying to require Internet providers to track of what Americans are doing online. Here's the time line: June 2005: Justice Department officials quietly propose data retention rules. December 2005: European Parliament votes for data retention of up to two years. April 2006: Data retention proposals surface in Colorado and the U.S. Congress. April 2006: Attorney General Gonzales says data retention "must be addressed." April 2006: Rep. DeGette proposes data retention amendment. May 2006: Rep. Sensenbrenner drafts data retention legislation--but backs away from it two days later. May 2006: Gonzales and FBI Director Mueller meet with Internet and telecommunications companies. February 2009: Two data retention bills target ISPs, hotels, coffee shops February 2009: Copyright holders would benefit from data retention January 2011: Justice Department calls for mandatory data retention February 2011: White House undecided on data retention May 2011: Wireless providers exempted from Rep. Smith's bill July 2011: National Sheriffs' Association endorses data retention Supporters of the measure characterized it as something that would aid law enforcement in investigating Internet crimes. Not enacting it "would keep our law enforcement officials in the dark ages," said its primary sponsor, House Judiciary chairman Lamar Smith (R-Texas). "Both Democratic and Republican administrations have called for data retention for over a decade," said Smith, who noted that groups including the National Sheriffs' Association, the Major County Sheriffs' Association, and the Fraternal Order of Police have endorsed the concept. For a while, it seemed like opposition from a handful of conservative members of Congress, coupled with Democrats concerned about civil liberties, would derail the bill. Rep. F. James Sensenbrenner, a Wisconsin Republican and previous chairman of the House Judiciary committee, had criticized it at a hearing earlier this month, and again in the voting session that began yesterday and continued through this morning. "I oppose this bill," said Sensenbrenner. "It can be amended, but I don't think it can be fixed... It poses numerous risks that well outweigh any benefits, and I'm not convinced it will contribute in a significant way to protecting children." So did Rep. Jason Chaffetz (R-Utah), who has made privacy a signature issue and introduced a geolocation bill last month after trying to curb the use of airport body-scanners two years ago. The original version of the bill, introduced in May, required Internet providers to "retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account, unless that address is transmitted by radio communication." The wireless exemption appeared to be the result of lobbying from major carriers, but drew the ire of the Justice Department, which says it didn't go far enough, and was removed in a revised draft. The mobile exemption represents a new twist in the debate over data retention requirements, which has been simmering since the Justice Department pushed the topic in 2005, a development that was first reported by CNET. Proposals publicly surfaced in the U.S. Congress the following year, and President Bush's attorney general, Alberto Gonzales said it's an issue that "must be addressed." So, eventually, did FBI director Robert Mueller. In January 2011, CNET was the first to report that the Obama Justice Department was following suit. Jason Weinstein, the deputy assistant attorney general for the criminal division, warned that wireless providers must be included because "when this information is not stored, it may be impossible for law enforcement to collect essential evidence." Smith introduced a broadly similar bill in 2007, without the wireless exemption, calling it a necessary anti-cybercrime measure. "The legislation introduced today will give law enforcement the tools it needs to find and prosecute criminals," he said in a statement at the time. "Retention" vs. "preservation" At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention, or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation. A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity." Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.) In addition, an existing law called the Protect Our Children Act of 2008 requires any Internet provider who "obtains actual knowledge" of possible child pornography transmissions to "make a report of such facts or circumstances." Companies that knowingly fail to comply can be fined up to $150,000 for the first offense and up to $300,000 for each subsequent offense. From rforno at infowarrior.org Fri Jul 29 21:39:40 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 29 Jul 2011 22:39:40 -0400 Subject: [Infowarrior] - Report: Pakistan Is Trying To Ban Encryption Under Telco Law Message-ID: Reports Claim That Pakistan Is Trying To Ban Encryption Under Telco Law from the yvxr-gung-jvyy-jbex dept http://www.techdirt.com/articles/20110729/03142715310/reports-claim-that-pakistan-is-trying-to-ban-encryption-under-telco-law.shtml As various governments have tried to clamp down, censor and/or filter the internet, all it's really done is increase interest and usage of encryption tools such as VPNs. Every so often we have commenters who insist that outlawing encryption is the obvious next step for governments, though that suggests an ignorance of the practical impossibility of truly banning encryption -- which, after all, is really just a form of speech. The US, of course, famously toyed with trying to block the export of PGP in the 90s, but finally realized that it would likely lose big time in a court battle. While I could certainly see some politicians here trying to ban certain forms of encryption, I couldn't see any such effort being successful long term. In other countries, however, they seem ready to make a go of it. Privacy International is reporting that Pakistan is trying to ban the use of encryption, including for VPNs, as part of the implementation of a new telco law (pdf) which requires telcos to spy on their customers. Obviously, encryption makes that tougher, so the response is just to ban it entirely. But here's the big question: can any such ban really be effective? I mean, if you and I agree on using a simple cipher between us, that's "encryption," but is indistinguishable from "speech" in most contexts. That means any such ban on encryption is effectively and practically useless the moment it goes into effect. There will always be incredibly simple ways around it. Trying to ban encryption is like trying to ban language. You can't reasonably do it. From rforno at infowarrior.org Sat Jul 30 16:17:12 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Jul 2011 17:17:12 -0400 Subject: [Infowarrior] - Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning Message-ID: <4EE31140-10E4-47E9-A62C-2451FB80D26F@infowarrior.org> Flash Cookies and Privacy II: Now with HTML5 and ETag Respawning http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1898390 Mika Ayenson Worcester Polytechnic Institute (WPI) Dietrich James Wambach University of Wyoming Ashkan Soltani University of California, Berkeley - School of Information Nathan Good Good Research Chris Jay Hoofnagle University of California, Berkeley - School of Law, Berkeley Center for Law & Technology July 29, 2011 Abstract: In August 2009, we demonstrated that popular websites were using ?Flash cookies? to track users. Some advertisers had adopted this technology because it allowed persistent tracking even where users had taken steps to avoid web profiling. We also demonstrated ?respawning? on top sites with Flash technology. This allowed sites to reinstantiate HTTP cookies deleted by a user, making tracking more resistant to users? privacy-seeking behaviors. In this followup study, we reassess the Flash cookies landscape and examine a new tracking vector, HTML5 local storage and Cache-Cookies via ETags. We found over 5,600 standard HTTP cookies on popular sites, over 4,900 were from third parties. Google-controlled cookies were present on 97 of the top 100 sites, including popular government websites. Seventeen sites were using HTML5, and seven of those sites had HTML5 local storage and HTTP cookies with matching values. Flash cookies were present on 37 of the top 100 sites. We found two sites that were respawning cookies, including one site?hulu.com?where both Flash and cache cookies were employed to make identifiers more persistent. The cache cookie method used ETags, and is capable of unique tracking even where all cookies are blocked by the user and ?Private Browsing Mode? is enabled. Our 2009 study is also available at SSRN: http://ssrn.com/abstract=1446862 Number of Pages in PDF File: 21 Keywords: Privacy, tracking, flash, cookies, local shared object, local stored object, online advertising, behavioral targeting, self-help, persistent identification element http://papers.ssrn.com/sol3/papers.cfm?abstract_id=1898390 From rforno at infowarrior.org Sat Jul 30 20:54:01 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 30 Jul 2011 21:54:01 -0400 Subject: [Infowarrior] - Off-duty TSA agent accused of harassing slow driver in Conn. by honking horn, flashing badge Message-ID: <883A1574-F2B6-4BE4-8C62-4268FABF2702@infowarrior.org> Off-duty TSA agent accused of harassing slow driver in Conn. by honking horn, flashing badge By Associated Press, Published: July 27 http://www.washingtonpost.com/national/off-duty-tsa-agent-accused-of-harassing-slow-driver-in-conn-by-honking-horn-flashing-badge/2011/07/27/gIQAI634cI_print.html SOUTH WINDSOR, Conn. ? A U.S. Transportation Security Administration screener has been cited for allegedly harassing a slow driver in Connecticut. Police say 63-year-old Donald Eichler flashed a TSA badge and honked his horn in an effort to speed up the other driver. The woman called 911 and said she was frightened by his actions. The man said Wednesday that the woman overreacted. He says she was driving 30 mph in a 40 mph zone in South Windsor, where he lives. He says he tapped the horn a few times and flashed a work identity card as other cars lined up behind him. Eichler was pulled over Tuesday morning and issued a misdemeanor summons of vehicle driven to harass or intimidate. He is due to appear in Manchester Superior Court on Aug. 8. Copyright 2011 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. ? The Washington Post Company From rforno at infowarrior.org Sun Jul 31 07:53:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Jul 2011 08:53:28 -0400 Subject: [Infowarrior] - OT: You can't make this stuff up Message-ID: <902A0A7C-B398-43F1-B94E-3A34CAA2ABC5@infowarrior.org> (Another sordid tale from the most economically borked country in Europe right now. -- rick) Striking Greek Taxis Demand Government Pay for Illegal Licenses July 28, 2011, 7:37 PM EDT By Natalie Weeks July 29 (Bloomberg) -- When Giorgos became a taxi driver in Athens two years ago, he did it the only way he could: by breaking the law. Unable to inherit a family business, he borrowed from the bank and paid 100,000 euros ($143,010) for a license on the black market. Now he says he may fail to meet his loan obligations as the Greek government deregulates the taxi industry and opens the door to new cars taking fares as part of its commitment to a free market. Thousands of drivers like 31-year-old Giorgos blocked approaches to airports and disrupted ferry services in recent strikes while demanding to be reimbursed for their illegal licenses. < - > http://www.businessweek.com/news/2011-07-28/striking-greek-taxis-demand-government-pay-for-illegal-licenses.html From rforno at infowarrior.org Sun Jul 31 16:01:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 31 Jul 2011 17:01:35 -0400 Subject: [Infowarrior] - Clarke: The coming cyber wars Message-ID: <026B788C-81CF-448B-9A3C-8E527D6D011D@infowarrior.org> The coming cyber wars Obama?s cyber strategy is missing the strategy By Richard Clarke July 31, 2011 http://www.boston.com/news/politics/articles/2011/07/31/the_coming_cyber_wars/ IMAGINE IF President Kennedy issued a nuclear war strategy in the 1960s that omitted the fact that we had nuclear weapons, B-52 bombers, and long-range missiles. What if his public strategy had just talked about fallout shelters and protecting the government? As absurd as that would have been, that is similar to what the Obama administration just did with regard to the nation?s cyber war strategy. The strategy doesn?t even admit that we have cyber weapons. Under pressure from Congress and commentators to provide a strategy for how the new US Cyber Command will use its ?cyber war fighters,?? the administration recently issued a strategy that was met with barely stifled yawns from cyber experts and military strategists. Apparently, that was the intent. The State Department wanted to avoid charges that the United States was ?militarizing?? cyberspace, or that we were the first to conduct cyber war (the attack on the Iranian nuclear facility at Natanz). And the White House wanted to avoid any public discussion of cyber war or our strategy to fight one. What got issued were five ?strategic initiatives.?? First, the United States will ?treat cyberspace as a domain,?? but only for the purposes of organizing, training, and equipping. There is nothing in the initiative about treating it as a domain for war fighting. Second, the Pentagon will employ new defense concepts ?to protect?? the Department of Defense. Apparently, those new concepts won?t protect the rest of us. Third, Defense will partner with other departments and the private sector ?to enable a whole of government cyber security strategy.?? It?s not a ?whole country?? strategy, just government. Fourth, the Pentagon will build ?robust relations?? with other countries. Finally, Defense will ?leverage ingenuity?? to create an exceptional workforce and make rapid technology advances. While it may be difficult to object to those platitudes, it is also hard to call them a strategy. For one thing, they don?t even mention that the United States has an offensive cyber war capability. Somehow that was omitted from the 13-page unclassified document dribbled out by the Pentagon. Retiring General James E. Cartwright, the vice chairman of the joint staff, worked on the strategy and has since said that current approach of just trying to plug the holes in our networks does not punish attackers for their rampant cyber espionage against us. As head of US Cyber Command, General Keith B. Alexander has talked about a strategy of ?active defense?? that suggests that the United States engage in preemptive cyber attacks. Both generals have bemoaned the inability of the civilian departments and the private sector to defend critical US networks (like banking, electricity, and transportation) and have suggested the military may have to defend those networks. Congress should demand answers to questions like: What is the role of cyber war in US military strategy? Is it acceptable to do ?preparation of the battlefield?? by lacing other countries? networks with ?Trojan horses?? or ?back doors?? in peacetime? Would the United States consider a preemptive cyber attack on another nation? If so, under what circumstances? Does US Cyber Command have a plan to seize control and defend private sector networks in a crisis? Do the rules of engagement for cyber war allow for military commanders to engage in ?active defense?? under some circumstances? Are there types of targets we will not attack, such as banks or hospitals? If so, how can we assure that they are not the victims of collateral damage from US cyber attacks? That last question, about collateral damage, is no longer theoretical. The so-called Stuxnet cyber weapon, which attacked and destroyed nuclear centrifuges in Iran, escaped into cyberspace. This sophisticated cyber weapon was then captured by many computer experts around the world and is now freely available for anyone to download. It raises the specter of whether non-state actors will soon be able to engage in cyber war. During his confirmation hearings, Secretary of Defense Leon Panetta voiced concern about the possibility of a ?digital Pearl Harbor?? that would cripple our electric power grid, banks, and transportation networks. Now that he is in the Pentagon, he might want to suggest to the State Department and the White House that it is time to treat the American people like adults and have a real public discussion of our cyber war strategy. Richard Clarke, an adjunct faculty member at Harvard?s Kennedy School, is author of ?Cyber War.?? He was special adviser on cyber security to President George W. Bush. ? Copyright 2011 Globe Newspaper Company.