From rforno at infowarrior.org Sun May 1 10:11:09 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 May 2011 11:11:09 -0400 Subject: [Infowarrior] - US offered to draft NZ 3-strikes net censorship law Message-ID: <7AC1A8CE-6138-4D75-8B7E-363BCB36570E@infowarrior.org> Wikileaks on New Zealand Copyright: US Funds IP Enforcement, Offers to Draft Legislation Saturday April 30, 2011 http://www.michaelgeist.ca/content/view/5769/125/ This week I published multiple posts Wikileaks cables revelations on the U.S. lobbying pressure on Canadian copyright including attempts to embarrass Canada, joint efforts with lobby groups such as CRIA, and secret information disclosures from PCO to U.S. embassy personnel (posts here, here, here, here, here, and here). Wikileaks has also just posted hundreds of cables from U.S. personnel in New Zealand that reveal much the same story including regular government lobbying, offers to draft New Zealand three-strikes and you're out legislation, and a recommendation to spend over NZ$500,000 to fund a recording industry-backed IP enforcement initiative. Interestingly, the cables regularly recommend against including New Zealand on the Special 301 list, despite the similarities to Canadian copyright law that always garner vocal criticism. As New Zealand was working through its own round of copyright reform in 2008, the U.S. was actively lobbying several cabinet members. A February 2008 cable notes: Post has presented the list of noted shortfalls in the draft legislation to Minister Tizard (Consumer Affairs), Minister Goff (Trade) and to officials within the Ministry of Economic Development, the agency primarily responsible for drafting legislation and monitoring IP enforcement. Post remains engaged with Bronwyn Turley, Senior MED Policy Advisor for IP issues to maintain a dialogue to address the needed technical corrections. The copyright bill passed in April 2008 and took effect later that year. In a March 2009 cable, the U.S. embassy recommended that New Zealand not be included on the Special 301 list arguing it would be counterproductive. That recommendation is striking when compared to the regular placement of Canada on the list, despite very similar laws. In fact, New Zealand's digital lock rules are described in the cable as follows: The provisions relating to technological protection measures (TPMs) remain largely unchanged in the bill. The Act as implemented reflects New Zealand's concern that TPMs should not be protected to the extent that they restrict acts which are seen as not protected by copyright law. The provisions of the Act have therefore been drafted to ensure that access to a work for non-infringing purposes, including the exercise of a permitted act, is retained. This confirms that New Zealand's copyright law allows for circumvention for non-infringing purposes - much like many groups have called for under Bill C-32 - with no objections from the U.S. under the Special 301 system. An earlier cable similarly recommends not including New Zealand on the Special 301 list despite the fact that NZ had not ratified the WIPO Internet treaties (Canada has been placed on the highest list for the same thing). The cable is notable for the objection to a proposed format shifting provision, similar to that found in Bill C-32 and under U.S. fair use. It argues: these exceptions to copyright protection would send the wrong message to consumers and undermine efforts to curb unauthorized copying of CDs in New Zealand. They would cost the industry in revenue and profits and discourage innovation. In other words, fair use works in the U.S., but not for other countries. The U.S. involvement in New Zealand's ISP liability provisions, which included regulations for terminating subscriber access (three strikes) also comes out in the cables. In an April 2009 cable, the U.S. notes the decision to scrap the approach due to public opposition. The U.S. is anxious to bring the provisions back, proposing regular talks with government officials and offers to help drafting new provisions: Throughout the final stages of the law's (near) implementation, the Embassy continued to met with IPR stakeholders and GNZ officials to ascertain progress and encourage resolution. To determine how a "workable" section 92A provision can be secured, Econoff met with Rory McLeod, Director at Ministry of Economic Development (MED) with responsibility for IPR within GNZ along with Paula Wilson, Deputy Director for Trade Negotiations at MFAT, and was given assurance that the government remains committed to redrafting Section 92A. Embassy will continue to stress with GNZ officials the need for a shorter rather than protracted timeline for the redraft and will ascertain the details of a notice and comment period for public submissions once released by GNZ. During this hiatus we've proposed holding DVC(s) between NZ and U.S. interlocutors to possibly help with drafting and as a public diplomacy tool to dispel public misperceptions about proper role of IPR protection. One month later, another cable notes the U.S. offer to assist with the redraft of three strikes. Finally, an April 2005 cable reveals the U.S. willingness to pay over NZ$500,000 (US$386,000) to fund a recording industry enforcement initiative. The project was backed by the Recording Industry Association of New Zealand (RIANZ) and the Australasian Mechanical Copyright Owners Society (AMCOS). Performance metrics include: The project's performance will be judged by specific milestones, including increases in the number of enforcement operations and seizures, with percentages or numerical targets re-set annually. The unit also will be measured by the number of reports it submits to the International Federation of the Phonographic Industry (IFPI) on its contributions to IP protection and enforcement methodology. The proposed budget included four salaried positions, legal costs for investigation and prosecution, and training programs. The RIANZ still runs an anti-piracy site, but does not include disclosure about the source of funding. It certainly raises the question of whether New Zealand is aware that local enforcement initiatives have been funded by the U.S. government and whether the same thing is occurring in Canada. From rforno at infowarrior.org Sun May 1 21:47:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 May 2011 22:47:41 -0400 Subject: [Infowarrior] - POTUS: Bin Laden Dead Message-ID: <6CE43346-F2E4-4FCA-BD31-61C5CDE9093B@infowarrior.org> POTUS: Bin Laden Dead Confirmed by Reuters, NBC, sources from House Intel Committee, and more. Details forthcoming...... From rforno at infowarrior.org Sun May 1 22:48:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 May 2011 23:48:16 -0400 Subject: [Infowarrior] - How The Osama Announcement Leaked Out Message-ID: <2FC20CA4-0AF9-4912-B1A9-3A4A2B9F0793@infowarrior.org> Key takeaway: "By 11 p.m., he still had not spoken, but the news was spreading without him" -- welcome to the world of the modern news cycle and message management. --- rick May 1, 2011, 11:28 pm How The Osama Announcement Leaked Out By BRIAN STELTER http://mediadecoder.blogs.nytimes.com/2011/05/01/how-the-osama-announcement-leaked-out/?src=twrhp The terse announcement came just after 9:45 p.m. Sunday from Dan Pfeiffer, the White House communications director. ?POTUS to address the nation tonight at 10:30 PM Eastern Time,? he wrote on Twitter, sharing the same message that had just been transmitted to the White House press corps. The nation?s television networks and newspapers did not know, at first, that President Obama would be announcing the death of Osama bin Laden, an extraordinary development in the nearly ten-year-long war against terrorism waged by the United States and its allies. But reporters in Washington suspected almost immediately that the announcement could be about bin Laden. That speculation was not aired out on television immediately, but it did erupt on Twitter and other social networking Web sites. Wishful thinking about bin Laden?s death ricocheted across the Web ? and then, at 10:25 p.m., while Mr. Obama was writing his speech, one particular tweet seemed to confirm it. Keith Urbahn, the chief of staff for the former defense secretary Donald Rumsfeld, wrote at that time, ?So I?m told by a reputable person they have killed Osama Bin Laden. Hot damn.? Mr. Urbahn quickly added, ?Don?t know if it?s true, but let?s pray it is.? He was credited by many on the Web with breaking the news, though he didn?t have first-hand confirmation. Within minutes of that tweet, anonymous sources at the Pentagon and the White House started to tell reporters the same information. ABC, CBS and NBC interrupted programming across the country at almost the same minute, 10:45 p.m., with the news. ?We?re hearing absolute jubilation throughout government,? the ABC News correspondent Martha Raddatz reported. Brian Williams, an NBC News anchor, told viewers, ?This story started to leak out in the public domain largely when some Congressional staffers started to make phone calls.? The sources remained anonymous, as the Associated Press said, ?in order to speak ahead of the president.? Mr. Williams said some journalists received a three-word e-mail that read, ?Get to work.? Mr. Obama?s address, initially planned for 10:30 p.m., was delayed repeatedly. CNN reported that he was writing the address himself. By 11 p.m., he still had not spoken, but the news was spreading without him. Shortly after the top of the hour, there were more than a dozen Facebook posts with the word ?bin Laden? every second on Facebook. The New York Post?s Web site blared, ?We Got Him!? The Huffington Post front page simply read, ?Dead.? And around the country, Americans gathered around televisions to digest the news. ?This ends a chapter in the global war on terrorism which has defined a generation,? the NBC correspondent Richard Engel said. One Twitter user in California said her whole family was watching, including her nine-year-old child. ?We?re explaining who Osama Bin Laden is,? she wrote. Her child was born several months after the Sept. 11, 2001 terrorist attacks. From rforno at infowarrior.org Sun May 1 22:54:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 May 2011 23:54:17 -0400 Subject: [Infowarrior] - BBC Obituary: Osama Bin Laden Message-ID: <02F01619-FBE3-42C0-8A92-ECFF8BA3E2CD@infowarrior.org> 1 May 2011 Last updated at 23:47 ET Obituary: Osama Bin Laden http://www.bbc.co.uk/news/world-middle-east-10741005?print=true Osama Bin Laden came to the world's attention on 11 September 2001, when the attacks on the United States left more than 3,000 people dead and hundreds more injured. In a matter of three years, the Saudi-born dissident had emerged from obscurity to become one of the most hated and feared men in the world. Osama Bin Laden was born in 1957, apparently the 17th of 52 children of Mohamed Bin Laden, a multimillionaire builder responsible for 80% of Saudi Arabia's roads. His father's death in a helicopter crash in 1968 brought the young man a fortune running into many millions of dollars, though considerably less than the widely published estimate of $250m. Mujahideen While studying civil engineering at King Abdul Aziz University in Jeddah, Saudi Arabia, Bin Laden came into contact with teachers and students of the more conservative brand of Islam. Through theological debate and study, he came to embrace fundamentalist Islam as a bulwark against what he saw as the decadence of the West. The Soviet invasion of Afghanistan in December 1979 changed Bin Laden's life forever. He took up the anti-communist cause with a will, moving to Afghanistan where, for a decade, he fought an ultimately victorious campaign with the mujahideen. Intelligence experts believe that the US Central Intelligence Agency played an active role in arming and training the mujahideen, including Bin Laden. The end of the war saw a sea change in his views. Lucrative investments His hatred of Moscow shifted to Washington after 300,000 US troops, women among them, were based in Saudi Arabia, home of two of Islam's holiest places, during the 1991 Gulf War against Iraq. Bin Laden vowed to avenge what he saw as blasphemy. Along with many of his mujahideen comrades, he brought his mix of fighting skills and Islamic zeal to many anti-US factions within the Middle East. American pressure ended brief sojourns in Saudi Arabia - which removed his citizenship in 1994 - and then Sudan, and Bin Laden moved back to Afghanistan in January 1996. The country, in a state of anarchy, was home to a diverse range of Islamic groups, including the fundamentalist Taleban militia, which captured the capital Kabul nine months later. Though geographically limited, Bin Laden's wealth, increasing all the time through lucrative worldwide investments, enabled him to finance and control a continuously shifting series of transnational militant alliances through his al-Qaeda network. Sometimes he worked as a broker, organising logistics and providing financial support. At other times, he would run his own violent campaigns. In February 1998, he issued a fatwa - or religious edict - on behalf of the World Front for Jihad Against Jews and Crusaders, stating that killing Americans and their allies was a Muslim duty. 'Most wanted' Six months later, two bombs rocked the US embassies in Kenya and Tanzania. Some 224 people died and nearly 5,000 were wounded. He was indicted as chief suspect, along with 16 of his colleagues. Almost overnight, Bin Laden became a major thorn in the side of America. A byword for fundamentalist Islamic resistance to Washington, he soon appeared on the FBI's "most wanted" list, with a reward of up to $25m on his head. The US fired 75 sea-launched cruise missiles into six training camps in eastern Afghanistan in a failed attempt to kill him. They missed their target by just one hour. As well as the African bombings, Bin Laden was implicated in the 1993 bombing of the World Trade Center in New York, a 1995 car bomb in the Saudi capital Riyadh and a truck bomb in a Saudi barracks, which killed 19 US soldiers. "I always kill Americans because they kill us," he said. "When we attack Americans, we don't harm other people." In the case of the bombs in Nairobi and Dar es Salaam, his words rang hollow. The vast majority of the dead and injured were African, not American. The arrogance of wealth saw Bin Laden make the government of Kazakhstan a multi-million dollar offer to buy his own tactical nuclear weapon. It comes as no surprise, then, that both the US and Israel are believed to have sent assassination squads after him. Cult status Then came the events of 11 September 2001. Two hijacked aircraft smashed into, and destroyed, the twin towers of the World Trade Center in New York. Another aircraft ploughed into the Pentagon in Washington and a fourth crashed in a field in Pennsylvania. Altogether more than 3,000 people died in the attacks, which led to the US-led operation against the Taleban. Allied forces moved into Afghanistan late in 2001. At the time, it was believed that Bin Laden might have been killed during the battle for the Tora Bora cave complex. In reality, he had slipped across the border into Pakistan, a country in which he achieved the sort of cult status usually reserved for pop stars or film actors. In February 2003, an audio tape, purporting to be of Bin Laden, was delivered to the al-Jazeera television company. Of the impending US-led invasion of Iraq, the voice said: "This crusaders' war concerns, first and foremost, all Muslims, regardless of whether the Iraqi socialist party or Saddam remain in power. "All Muslims, especially those in Iraq, should launch a holy war." The US conceded that the voice was probably Bin Laden's. Careful timing The last known sighting of Bin Laden by anyone other than his very close entourage remains in late 2001 as he prepared to flee from his Tora Bora stronghold. He was widely assumed to have travelled east, across into Pakistan to be given hospitality and shelter by certain local Pashtun tribesmen loyal to the Taleban and opposed to their own government led by President Pervez Musharraf. The hunt for Bin Laden took a dramatic turn with the arrest in Pakistan, in 2003, of Khalid Sheikh Mohammed. The head of al-Qaeda's operations and the suspected mastermind of the Twin Towers attack, it seemed as though the net had begun to close in on Bin Laden himself. A major offensive to capture Bin Laden was launched by the Pakistani army along the Afghan border in May-July 2004. But a year later, Mr Musharraf admitted the trail had gone cold. Though al-Qaeda has been prolific in issuing audio messages, often on the internet and featuring the network's second-in-command, Ayman al-Zawahiri, videos of Bin Laden himself have been rare. His appearances have been carefully timed and aimed, analysts say, at influencing Western public opinion by driving a wedge between citizens and their leaders. One such video was issued in 2004 - the same year as the Madrid bombings - and days before the US election. A second surfaced as the sixth anniversary of the 11 September attacks approached, timed to quell rumours that he had been dead for some time. To his supporters, Bin Laden was a fighter for freedom against the US and Israel, not, as he was to many in the West, a terrorist with the blood of thousands of people on his hands. From rforno at infowarrior.org Mon May 2 12:57:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 May 2011 13:57:28 -0400 Subject: [Infowarrior] - NHL Seems To Think Cheering On Your Favorite Team Is Infringement Message-ID: NHL Seems To Think Cheering On Your Favorite Team Is Infringement from the insanity dept http://www.techdirt.com/articles/20110429/16591714090/nhl-seems-to-think-cheering-your-favorite-team-is-infringement.shtml Of the "major" sports leagues, generally the NHL has been the most reasonable, compared to the MLB, NFL and NBA, on intellectual property issues. However, it apparently still has moments of insanity. The NHL's legal department has apparently threatened a car dealership for having posted decals on its window saying "Go Canucks Go," in cheering on the Canucks in the NHL playoffs. "Consumers are likely to be misled that the Vancouver Canucks have an official relationship with your dealership," NHL legal counsel Kelley Lynch wrote in the letter. Plainly speaking, that's ridiculous. How long until fans will have to pay a team just to cheer them on? The dealership's manager points out the particular irony in this, since the team's slogan is apparently "We're all Canucks." Except when the lawyers get involved. Ah, but that's not all. A radio station in Vancouver has also received a cease and desist letter from the NHL, claiming that a contest it was airing violated the NHL's intellectual property. The problem? The radio station was letting fans of the Canucks take a sledge hammer to a van that was painted with logos of the opposing teams that the Canucks were facing, and of course they're saying that the use of the logos is infringing. That is, once again, ridiculous. No one is going to think that's an "officially sponsored" contest by the NHL. It's just some fans cheering on their team. From rforno at infowarrior.org Tue May 3 07:11:07 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 May 2011 08:11:07 -0400 Subject: [Infowarrior] - Hackers Breach Second Sony Service Message-ID: <43878DD7-8565-41DD-B23D-1834F1657CE6@infowarrior.org> ? TECHNOLOGY ? MAY 2, 2011 Hackers Breach Second Sony Service http://online.wsj.com/article/SB10001424052748704436004576299491191920416.html?mod=WSJ_hp_MIDDLENexttoWhatsNewsThird By IAN SHERR Sony Corp. said computer hackers breached security for a second online service, gaining access to personal information for 24.6 million customer accounts as part of a broader attack on the company that has compromised data for more than 100 million accounts. Sony reports another videogame data breach, this time affecting Sony Online Entertainment after hackers targeted its PlayStation system last month. WSJ's Andrew LaVallee and Jake Lee discuss the implications for the electronics giant. Sony Online Entertainment, a San Diego-based subsidiary that makes multiplayer games for personal computers, said it shut down its services Monday amid concerns a hacker may have accessed names, birth dates and addresses for its users. The company said it doesn't believe credit-card information on those accounts was accessed, but said hackers may have stolen credit-card data for about 12,700 non-U.S. accounts and 10,700 bank-account numbers from an "outdated database from 2007." The company, which has come under fire for its handling of the security breach, said it detected the latest intrusion early May 2, Tokyo time, as part of an ongoing investigation of the attacks. On April 20, the company shut down its PlayStation Network, which lets console owners play against each other online. It later disclosed that a hacker had stolen names, birth dates and possibly credit-card numbers from 77 million accounts on the network. Sony said the shutdown of Sony Online Entertainment, which hosts the popular "EverQuest" role-playing game, followed an intrusion on April 16 and April 17. Reuters Sony Executive Deputy President Kazuo Hirai at a news conference to apologize for a massive security breach of its PlayStation Network in Tokyo on May 1. "We temporarily took down [Sony Online Entertainment's] services as part of our continued investigation into the external intrusion that occurred in April," said Michele Sturdivant, a spokeswoman. "This is not a second attack." The shutdown is the latest black eye for the Japanese electronics giant, whose executives apologized Sunday for the original breach in a hastily called news conference and unveiled measures to bolster security. Sony executives said its online services have been under cyberattack for the past six weeks and they weren't sure what its attackers were seeking. The company is working with the Federal Bureau of Investigation to probe the attacks. The attacks have resulted in the loss of a significant amount of personal information that could be used in identity theft and have prompted inquiries from members of Congress. Sony declined Monday to testify before the congressional committee on energy and commerce, according to Ken Johnson, a spokesman for Rep. Mary Bono Mack (R., Calif.), who sent a letter to Sony last week. However, the company has agreed to provide written answers Tuesday to questions, he said. "While we certainly understand the company's going through a difficult period, millions of American consumers are twisting in the wind and we are determined to get answers for them," Mr. Johnson said. Sony said it is cooperating with the request. The high-profile attacks come as videogames increasingly add online functionality. Tens of millions of gamers now spend hours using the online hubs, representing millions of dollars in potential revenue for an industry still recovering from the recession. Separately, Sony's U.S. unit said Monday reports the hackers had tried to blackmail the company by selling millions of allegedly stolen credit card numbers back were untrue. "To my knowledge there is no truth to this report of a list, or that Sony was offered an opportunity to purchase the list," Sony spokesman Patrick Seybold said in a statement. From rforno at infowarrior.org Tue May 3 07:27:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 May 2011 08:27:33 -0400 Subject: [Infowarrior] - 13 reasons why the Infringing File Sharing Act is bad Message-ID: <3FACA174-313F-410E-8A4F-8D1FA3FE549B@infowarrior.org> 13 reasons why the Infringing File Sharing Act is bad for you by Christopher Wood Many of you have been asking what the big deal is about the new copyright legislation (Copyright (Infringing File Sharing) Amendment Bill 119-2). Isn't it a good measure for stopping illegal downloads? The answer is quite clear: No. First, in case you missed the news: http://www.3news.co.nz/Govts-Skynet-legislation-becomes-law/tabid/412/articleID/206882/Default.aspx There are so many problems with this law. I've listed thirteen here. There are others more fundamental especially relating to what the law should be expected to achieve, the polarised debate over the intention of copyrights and what should be protected under them, which is a natural consequence of the birth of the information society, but that's a big subject with a lot of history (that I hope to write about some other time). Some reasons are legal, some ethical, and some technical but nonetheless crucial: < -- > http://www.geekzone.co.nz/juha/7615 From rforno at infowarrior.org Tue May 3 19:38:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 May 2011 20:38:41 -0400 Subject: [Infowarrior] - IP-Address Is Not a Person, BitTorrent Case Judge Says Message-ID: <21A21AC1-4A86-4EEF-A9B0-117C07BA9304@infowarrior.org> IP-Address Is Not a Person, BitTorrent Case Judge Says ? Ernesto ? 3/05/2011 ? 50 ? john steele ? Print http://torrentfreak.com/ip-address-not-a-person-bittorrent-case-judge-says-110503/ A possible landmark ruling in one of the mass-BitTorrent lawsuits in the U.S. may spell the end of the ?pay-up-or-else-schemes? that have targeted over 100,000 Internet users in the last year. District Court Judge Harold Baker has denied a copyright holder the right to subpoena the ISPs of alleged copyright infringers, because an IP-address does not equal a person. In the last year various copyright holders have sued well over 100,000 alleged file-sharers in the United States alone. The purpose of these lawsuits is to obtain the personal details of the alleged infringers, and use this information to negotiate a settlement offer ranging from a few hundred to a few thousand dollars. Lawyers, the public and consumer advocacy groups have compared these practices to extortion, but nonetheless new cases are still being filed every month. This week, however, an interesting ruling was handed down by District Court Judge Harold Baker that, if adopted by other judges, may become a major roadblock for similar mass-lawsuits. In the case VPR Internationale v. Does 1-1017, the judge denied the Canadian adult film company access to subpoena ISPs for the personal information connected to the IP-addresses of their subscribers. The reason? IP-addresses do not equal persons, and especially in ?adult entertainment? cases this could obstruct a ?fair? legal process. Among other things Judge Baker cited a recent child porn case where the U.S. authorities raided the wrong people, because the real offenders were piggybacking on their Wi-Fi connections. Using this example, the judge claims that several of the defendants in VPR?s case may have nothing to do with the alleged offense either. ?The infringer might be the subscriber, someone in the subscriber?s household, a visitor with her laptop, a neighbor, or someone parked on the street at any given moment,? Judge Baker writes. Although the above logic applies to all BitTorrent lawsuits that are currently ongoing, the matter becomes especially delicate when the alleged offense is sharing rather explicit adult titles. ?Orin Kerr, a professor at George Washington University Law School, noted that whether you?re guilty or not, you look like a suspect. Could expedited discovery be used to wrest quick settlements, even from people who have done nothing wrong?? Judge Baker writes. Judge Baker further notes that ?the embarrassment of public exposure might be too great, the legal system too daunting and expensive, for some to ask whether the plaintiff VPR has competent evidence to prove its case.? Baker concludes by saying that his Court is not supporting a ?fishing expedition? for subscribers? details if there is no evidence that it has jurisdiction over the defendants. Although the ruling is definitely a setback for the copyright holders in mass-BitTorrent lawsuits, it has yet to be seen whether other judges will reach the same conclusion in future cases. If that happens, the end of this type of lawsuit in the U.S. may be near. Texas lawyer Robert Cashman, who represents several defendants in similar lawsuits, agrees that the ruling can be a potential game changer. ?We may have just seen the order that may end all future John Doe lawsuits,? he commented in a response. From rforno at infowarrior.org Wed May 4 08:27:38 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 May 2011 09:27:38 -0400 Subject: [Infowarrior] - Cyber Workforce Ferris Wheel Message-ID: <402941D5-D693-43E6-8852-88D974D149DA@infowarrior.org> Cyber Workforce Ferris Wheel Jason Healey | May 03, 2011 http://www.acus.org/new_atlanticist/cyber-workforce-ferris-wheel There is nothing "new" in recent reports of gaps in the United States government's cyber security workforce as numerous commissions and reports have identified the problem and solutions for over a decade. We remain stuck in a Ferris wheel of our own making and worse, mistaking movement for progress. A recently released report by the Inspector General for the Federal Bureau of Investigation found 35% of their special agents assigned to investigate national security cyber intrusions cases lacked the requisite training, experience, and technical skills. These are the G-men investigating the kinds of foreign espionage intrusions reported so frequently in the press? such as spying into ?nuclear weapons and research labs? (2001), the theft of data on the F-35 fighter program (2009), ?10 to 20 terabytes? stolen from the military (2006), or backdoors found in the electrical grid to abet future crippling military attacks (2009) ? so this workforce shortfall is a serious matter for America?s national security. One reason for this lack of cyber expertise is that the FBI trains agents to be cyber specialists, only to rotate them to non-cyber jobs afterwards. Worse, their replacements often come with little expertise, requiring field offices to start the training process from scratch. This is of course bad for the Bureau and worse for the United States, as these problems are not confined to the FBI. For example, a 2010 study for Strategic Command found that United States military ?commands are forced to do more work with fewer, less-qualified technicians due to high turnover of staff leaving positions and the inexperience of incoming replacement personnel.? Talented junior officers and enlisted have quit the service, frustrated they?d been trained in specific, often highly specialized and classified, skills for the cyber battlefield only to be rotated out to run an IT help desk. All of this leaves the Secretary of Defense feeling ?desperately short of people who have the capabilities (defensive and offensive cybersecurity war skills) in all the Services.? This is one reason why our efforts at cyber workforce resemble a Ferris wheel: people get on and swept up and away, but the ride doesn?t last long and they?re quickly replaced by someone else. The replacement takes the same seat and thrills to the same view, but nothing else changes. We can take some comfort that the FBI and DoD are recognizing this problem and indeed there have been many excellent reports giving both wider and deeper insights. The Center for Strategic and International Studies report on ?A Human Capital Crisis in Cybersecurity? gives a high-level view plus specific recommendations, as does ?Cyber In-Security? from the Partnership for Public Service and Booz-Allen Hamilton while the Federal CIO Council?s report ?NetGeneration? goes into significant depth of the demographics of the Federal cyber and IT workforce. These excellent studies, however, should only bring cold comfort as they are far too similar to many other reports over the years, just as influential in their time, now shelved and forgotten. Using words that seem chillingly familiar to the FBI?s, the GAO in 1996 ?interviewed 24 individuals responsible for managing and securing systems ? Sixteen stated that they did not have enough time, experience, or training to do their jobs properly.? Likewise, a finding from a 1999 DoD working group is just as true today as it was then: the military lacks ?a consistent capability ? to provide initial skill training to all members of the [cybersecurity] workforce, much less continuing training to maintain currency with the rapidly changing technology.? A Defense Science Board report found in 2001 that ?Recruiting is difficult when colleges and universities are only producing enough IT graduates to fill half of the growing annual requirement? and the White House?s 2003 National Strategy to Secure Cyberspace noted ?This trend must be reversed if the United States is to lead the world with its cyber economy.? But ten years on, the Navy still worries about an ?expected 11.2 percent shortfall in industry-wide ? which means there will be almost 98,000 fewer IT graduates than needed.? This is the other reason why our cyber workforce management efforts resemble a Ferris wheel: the wheel turns on and on, with highs and with lows but ultimately covering the same ground again and again. We move, but around and around, never forward. There are many solutions to these problems, which the above reports have discussed in more depth and quality than can be covered in a blog post. What the U.S. needs (along with our private sector and international partners) is an understanding of the pressing need for solutions along with an awareness of the hard work done by those around us now and their predecessors. The authors of ?Cyber In-Security? have a succinct and apt bottom line: ?Our federal government will be unable to combat [online] threats without a more coordinated, sustained effort to increase cybersecurity expertise in the cyber workforce.? The problems have not changed significantly over the years, nor have the needed solutions. Unfortunately for us, one other thing has not changed much either: the lack of ?a coordinated, sustained effort? and the resources to apply long-recommended fixes to solve these problems. Hopefully the current attention of the leadership in the White House, FBI, DoD, private sector, and elsewhere will be able to end the cycle and finally get us off the cyber workforce Ferris wheel. Jason Healey is the Director of the Atlantic Council?s Cyber Statecraft Initiative. You can follow his comments on cyber issues on Twitter, @Jason_Healey. From rforno at infowarrior.org Wed May 4 15:45:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 May 2011 16:45:36 -0400 Subject: [Infowarrior] - =?windows-1252?q?Blackwater=92s_New_Ethics_Chief?= =?windows-1252?q?=3A_John_Ashcroft?= Message-ID: http://www.wired.com/dangerroom/2011/05/blackwaters-new-ethics-chief-john-ashcroft/ Blackwater?s New Ethics Chief: John Ashcroft By Spencer Ackerman May 4, 2011 | 9:18 am | Categories: Mercs The consortium in charge of restructuring the world?s most infamous private security firm just added a new chief in charge of keeping the company on the straight and narrow. Yes, John Ashcroft, the former attorney general, is now an ?independent director? of Xe Services, formerly known as Blackwater. Ashcroft will head Xe?s new ?subcommittee on governance,? its backers announced early Wednesday in a statement, an entity designed to ?maximize governance, compliance and accountability? and ?promote the highest degrees of ethics and professionalism within the private security industry.? In other words, no more shooting civilians in Iraq and Afghanistan; no more signing for weapons its guards aren?t authorized to carry in warzones; no more impersonations of cartoon characters to acquire said weaponry; and no more ?roids and coke on the job. Ashcroft?s arrival at Xe is yet another clear signal it?s not giving up the quest for lucrative government security contracts now that it?s no longer owned by founder Erik Prince, even as it emphasizes the side of its business that trains law enforcement officers. In September, it won part of a $10 billion State Department contract to protect diplomats, starting with the U.S. consulate in Jerusalem. Ashcroft, a U.S. senator before becoming attorney general in the Bush administration, is a very known quantity to the federal officials that Xe will pitch. Even if he?s not lobbying for Blackwater, Ashcroft?s addition on the board is meant to inspire confidence in government officials of its newfound rectitude. To some, Ashcroft will be forever known as the face of Bush-era counterterrorism, the official who vigorously defended the Patriot Act?s sweeping surveillance powers; told civil libertarians that their dissents ?only aid terrorists?; and covered up the Spirit of Justice?s boob. At the same time, when Ashcroft was critically ill in 2005, he resisted a White House entreaty to his hospital bed seeking toreauthorize warrantless surveillance in defiance of the acting attorney general. ?This is a company with a strong history of service to its country, and a reputation of best-in-class offerings to its public and private customers,? Ashcroft said in a statement. ?I look forward to helping USTC enhance its governance and oversight capabilities as the company moves forward,? referring to U.S. Training Center, another of Blackwater?s many names. Like scores of other senior security officials, he?s spent his post-government career running a Washington consulting firm. Xe is still sorting out its permanent leadership and searching for a permanent CEO. For now, the investor team that bought the company in December assembled and empowered a board of directors to run the shop along with the existing management. That board includes former National Security Agency director Bobby Ray Inman. Its chairman is a Clear Channel co-founder, Red McCombs. Ashcroft and his new subcommittee will report to the board. ?With the formation of this subcommittee, and with Ashcroft as its chair,? the firm says in the statement, ?USTC aims to set the bar for industry standards against which all other companies will be measured.? From rforno at infowarrior.org Wed May 4 19:40:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 May 2011 20:40:28 -0400 Subject: [Infowarrior] - CNET sued over LimeWire, blamed for "Internet Piracy Phenomenon" Message-ID: <7812A019-621D-42E8-AEFE-ED9A2934F2A4@infowarrior.org> CNET sued over LimeWire, blamed for "Internet Piracy Phenomenon" By Nate Anderson | Last updated: about 3 hours ago http://arstechnica.com/tech-policy/news/2011/05/cnet-sued-over-limewire-blamed-for-internet-piracy-phenomenon.ars Alki David, the wealthy film producer and entrepreneur behind sites like FilmOn, announced last year in a YouTube video that he intended to sue CNET and its owner, CBS, for providing hundreds of millions of downloads of LimeWire P2P software over the last decade. Today, he made good on his threat, rounding up some rap and R&B musicians to join his case. The plaintiffs argue that CNET had "direct participation in massive copyright infringement on peer-to-peer systems, such as LimeWire, that are used to copy and distribute songs, films and other artistic works," and that CNET's Download.com was the "main distributor" of the software. P2P software isn't illegal, though companies that use it to induce or encourage copyright infringement can be held liable. The principle, most famously articulated by the US Supreme Court in the Grokster shutdown, was extended to LimeWire last year when a federal judge shut down most of the company's activity. "CNET provided the guns" The plaintiffs contend that CNET encouraged people to use LimeWire to violate copyright. One of the plaintiffs, Mike Mozart, has spent the last year collecting alleged examples of this; it's an odd mix of material that spans a decade and multiple sites from ZDNET to CNET. He complains, for instance, that in 2007 CNET editors printed a "spyware horror story" from a woman who had downloaded a cracked copy of Dreamweaver using P2P software. The woman ends her note by explaining that she has now turned to legal software, and the editorial response says, "We're glad you've gone legit, Emily. Many freeware alternatives are available to satisfy the software sweet tooth, and they are almost all a safer bet than poached serial codes and keygens." Other comments, especially those from a decade ago, more clearly imply that the P2P software being recommended is used largely to share copyrighted music. Alki David in a 2010 video rant against CBS and CNET "ANY Criticism of my research by CNET must answer this following question: Did CNET earn ANY income from any of these sales of P2P File Sharing Software Downloads?" asks Mozart, who has an affinity for capital letters and exclamation points that might well need treatment. "My Conclusion? The Internet Piracy Phenomenon was fueled in large part, by the distribution of the P2P software by CNET." He continues: Would gun sellers enjoy "Freedom of Press" protections if they offered catalogs demonstrating the ease of use of the Handguns being Sold for engaging in criminal activities such as robbing stores or banks. Then offering Solutions to specifically cover up your crime. CNET provided the "Guns", the P2P Software, and the encouragement to commit "Robbery", here, the online file sharing of known copyrighted works. As for Alki David, he's just as agitated. Last year, when he announced his CBSYouSuck campaign, he said that the "duplicity of CBS beggars belief." CBS, as a major media company, "finds itself publicly exposed as an irresponsible hypocrite, that has ruined the lives of hundreds of thousands of people in the creative community and created copyright infringement damages into the trillions of dollars." Today, David announced that he would seek more artists for his lawsuit, pledging that "it will become the most significant copyright infringement lawsuit in history." The entire case is bizarre mishmash of conflicting loyalties. David, for instance, is outraged at the rampant copyright infringement over P2P software?even as he started FilmOn, which rebroadcast over-the-air TV signals on the Internet and was shut down by a federal judge's injunction. And CBS, the alleged home of P2P piracy, is one of the world's great media companies, producing TV shows, books, and more. As for LimeWire, a judge ordered its website shut down last year and the company will soon face a trial on damages for copyright infringement. LimeWire is also a defendant in the case along with CBS/CNET. LimeWire is no longer available from Download.com, and an editor's note says, "Using P2P and file-sharing software to distribute copyrighted material without authorization is illegal in the United States and many other countries. CBS Interactive does not encourage or condone the illegal duplication or distribution of copyrighted content." From rforno at infowarrior.org Thu May 5 08:39:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 May 2011 09:39:36 -0400 Subject: [Infowarrior] - Last WWI combat veteran Claude Choules dies aged 110 Message-ID: <0E72B6D8-A54B-4DE6-AAA5-256E40316606@infowarrior.org> 5 May 2011 Last updated at 00:48 ET http://www.bbc.co.uk/news/world-asia-pacific-13289607?print=true Last WWI combat veteran Claude Choules dies aged 110 The world's last known combat veteran of World War I, Claude Choules, has died in Australia aged 110. Known to his comrades as Chuckles, British-born Mr Choules joined the Royal Navy at 15 and went on to serve on HMS Revenge. He moved to Australia in the 1920s and served in the military until 1956. Mr Choules, who had been married to his wife Ethel for 76 years, was reported to have died in his sleep at a nursing home in his adopted city of Perth. He is survived by three children and 11 grandchildren. His wife died three years ago. Mr Choules' 84-year-old daughter, Daphne Edinger, told the Associated Press news agency: "We all loved him. It's going to be sad to think of him not being here any longer, but that's the way things go." Demolition officer Born in Pershore, Worcestershire, in March 1901, Mr Choules tried to enlist in the Army at the outbreak of WWI to join his elder brothers who were fighting, but was told he was too young. He lied about his age to become a Royal Navy rating, joining the battleship HMS Revenge on which he saw action in the North Sea aged 17. He witnessed the surrender of the German fleet in the Firth of Forth in November 1918, then the scuttling of the fleet at Scapa Flow. Mr Choules remembered WWI as a "tough" life, marked by occasional moments of extreme danger. After the war he served as a peacekeeper in the Black Sea and in 1926 was posted as an instructor to Flinders Naval Depot, near Melbourne. It was on the passenger liner to Australia that he met his future wife. He transferred to the Royal Australian Navy and after a brief spell in the reserves rejoined as a Chief Petty Officer in 1932. During World War II he was chief demolition officer for the western half of Australia. It would have been his responsibility to blow up the key strategic harbour of Fremantle, near Perth, if Japan had invaded. Mr Choules joined the Naval Dockyard Police after finishing his service. But despite his military record, Mr Choules became a pacifist. He was known to have disagreed with the celebration of Australia's most important war memorial holiday, Anzac Day, and refused to march in the annual commemoration parades. He took a creative writing course at the age of 80 and recorded his memoirs for his family. They formed the basis of the autobiography, The Last of the Last, which was published in 2009. The last three WWI veterans living in Britain - Bill Stone, Henry Allingham and Harry Patch - all died in 2009. Another Briton, Florence Green - who turned 110 in February and was a waitress in the Women's Royal Air Force - is now thought to be the world's last known surviving service member of WWI. An American veteran, Frank Buckles, died earlier this year. From rforno at infowarrior.org Thu May 5 17:43:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 May 2011 18:43:22 -0400 Subject: [Infowarrior] - Mozilla v. DHS in takedown request Message-ID: Homeland Security Demands Mozilla Remove Firefox Extension That Redirects Seized Domains from the touchy,-huh? dept http://www.techdirt.com/articles/20110505/14444714170/homeland-security-demands-mozilla-remove-firefox-extension-that-redirects-seized-domains.shtml Apparently, the folks at Homeland Security are not at all pleased with the very, very simple Firefox extension, called MAFIAAfire, that negates ICE's domain seizures, by automatically rerouting users to alternate domains. Apparently, DHS demanded that Mozilla take the extension down from its listing of Firefox extensions claiming that the add-on "circumvented" DHS's seizure orders. Thankfully, Mozilla didn't just fold, but instead left it up and sent DHS a list of questions concerning the request. The list of questions is really fantastic, as it goes way beyond the direct request to really get to the heart of the questionable nature of ICE's activity with domain seizures: To help us evaluate the Department of Homeland Security's request to take-down/remove the MAFIAAfire.com add-on from Mozilla's websites, can you please provide the following additional information: 1. Have any courts determined that MAFIAAfire.com is unlawful or illegal in any way? If so, on what basis? (Please provide any relevant rulings) 2. Have any courts determined that the seized domains related to MAFIAAfire.com are unlawful, illegal or liable for infringement in any way? (please provide relevant rulings) 3. Is Mozilla legally obligated to disable the add-on or is this request based on other reasons? If other reasons, can you please specify. 4. Has DHS, or any copyright owners involved in this matter, taken any legal action against MAFIAAfire.com or the seized domains, including DMCA requests? 5. What protections are in place for MAFIAAfire.com or the seized domain owners if eventually a court decides they were not unlawful? 6. Can you please provide copies of any briefs that accompanied the affidavit considered by the court that issued the relevant seizure orders? 7. Can you please provide a copy of the relevant seizure order upon which your request to Mozilla to take down MAFIAAfire.com is based? 8. Please identify exactly what the infringements by the owners of the domains consisted of, with reference to the substantive standards of Section 106 and to any case law establishing that the actions of the seized domain owners constituted civil or criminal copyright infringement. 9. Did any copyright owners furnish affidavits in connection with the domain seizures? Had any copyright owners served DMCA takedown notices on the seized domains or MAFIAAfire.com? (if so please provide us with a copy) 10. Has the Government furnished the domain owners with formal notice of the seizures, triggering the time period for a response by the owners? If so, when, and have there been any responses yet by owners? 11. Has the Government communicated its concerns directly with MAFIAAfire.com? If so, what response, if any, did MAFIAAfire.com make? It's always nice to see some organizations not just roll over when the government comes calling. Kudos to Mozilla for not just refusing to takedown MAFIAAfire, but for also asking serious questions of DHS. Of course, DHS has refused to respond at all... From rforno at infowarrior.org Thu May 5 20:46:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 May 2011 21:46:29 -0400 Subject: [Infowarrior] - Wall Street Journal launches own WikiLeaks Message-ID: Wall Street Journal launches own WikiLeaks http://www.theregister.co.uk/2011/05/06/wsj_launches_safehouse/ By Richard Chirgwin Posted in ID, 6th May 2011 01:00 GMT A new chapter has started in the long and complex story of Julian Assange?s relationship with mainstream media, with the Wall Street Journal launching a competitor whistleblower site. SafeHouse is soliciting whistleblower documents covering ?politics, government, banking, Wall Street, deals and finance, corporations, labor, law, national security and foreign affairs.? It promises a system ?built to be secure? (but demonstrates its first security ?fail? by presenting a certificate error; its a trivial error, but one which could frighten someone with secret documents and not much technical know-how). The WSJ joins Al Jazeera in offering a whistleblower site. According to The Atlantic, WSJ.com managing editor Kevin Delaney said: ?Clearly there is a digital context for reporting and that means we need a modern infrastructure so that sources can send documents to us." Delaney also says he wants to project the same sense of security and anonymity for leakers as WikiLeaks, but warns that such claims can?t be treated as absolute because ?it?s a technical product?. A ?Bradley Manning? would, however, be a disaster for an organization like the Wall Street Journal, since it would probably bring with legal jeopardy and the risk of lawsuit if a whistleblower was unmasked. Delaney also said data uploaded to the site will be discarded as quickly as possible. ? From rforno at infowarrior.org Fri May 6 07:16:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 May 2011 08:16:46 -0400 Subject: [Infowarrior] - =?windows-1252?q?Researchers_Say_WSJ=92s_WikiLeak?= =?windows-1252?q?s_Copycat_Is_Full_Of_Holes?= Message-ID: http://blogs.forbes.com/andygreenberg/2011/05/05/researchers-say-wsjs-wikileaks-copycat-is-full-of-holes/ Researchers Say WSJ?s WikiLeaks Copycat Is Full Of Holes May. 5 2011 - 7:20 pm | 3,685 views | 0 recommendations | 1 comment The logo of the Journal's new leak-focused site. The Wall Street Journal wants a WikiLeaks of its own: a conduit for sources to securely submit large caches of data to the site?s reporters. But some security researchers say the Journal has yet to learn a basic rule of digital whistleblowing: leaking sites aren?t meant to leak. SafeHouse, the newspaper?s WikiLeaks-inspired submissions site, launched Thursday with a promise to allow sources to ?securely share information with the Wall Street Journal.? But within hours, the security community was pointing to flaws in the site?s protections for anonymous leakers and the fine print of its policy for source protections that could give away the identities of would-be whistleblowers. ?Pro tip: if you?re going to create a document leaking website ? have a clue!? wrote security research Jacob Appelbaum in his Twitter feed. Appelbaum, a developer for the Tor anonymity network and a past volunteer for WikiLeaks, says that SafeHouse insecurely implements Secure Socket Layer (SSL) encryption, the protection meant to render any data passed between a user and a website unreadable. When a visitor goes to http://wsjsafehouse.com, for instance, that unencrypted site offers a link to the encrypted HTTPS version of the site. But Appelbaum points out that it doesn?t use a mechanism called Strict Transport Security to switch from the insecure to the encrypted connection. So any lurking man-in-the-middle on the user?s network can use a tool like SSL Strip to make it appear that he or she has entered the encrypted version of the site when in fact the traffic is unprotected. Appelbaum says that SafeHouse?s SSL server also allows users to connect with many forms of encryption that lack what cryptographers call ?perfect forward secrecy,? a mechanism based on using temporary keys that can?t decrypt past messages. ?That means anyone who takes their server or breaks into it could decrypt all their previous traffic,? says Appelbaum, who claims to offer his opinion as a Tor developer and not as any sort of WikiLeaks associate. To be fair, not even WikiLeaks itself has always handled security features like SSL perfectly. In June of last year, the group?s submissions site went down temporarily when the group failed to renew its SSL certificate. WikiLeaks hasn?t maintained a submissions site since last fall. But even if SafeHouse?s technology were implemented securely, its Terms of Service still give the site leeway to betray the identity of users who don?t use their own separate anonymity software or go through a formal ?confidentiality request? process. Rebecca Mackinnon, a research fellow at the New American Foundation, pointed out on Twitter that the site?s terms of use allow the Journal to turn over sources? identities to law enforcement in any case where the source hasn?t made that special request for anonymity: ?We reserve the right to disclose any information about you to law enforcement authorities or to a requesting third party, without notice, in order to comply with any applicable laws and/or requests under legal process,? the terms read. Even in cases where the source has been granted anonymity, the Journal?s parent company Dow Jones only promises to safeguard that source?s anonymity ?while remaining in compliance with all applicable laws.? As in any situation where law enforcement subpoenas information from a reporter, the choice will be left to Dow Jones whether to give up its source or violate the subpoena. The Journal had no immediate comment on the technical issues that Appelbaum raised. But Ashley Hutton, a Journal spokesperson, responded to the legal issues in a statement: ?There is nothing more sacred than our sources; we are committed to protecting them to the fullest extent possible under the law. Because there is no way to predict the breadth of information that might be submitted through SafeHouse, the Terms of Use reserve certain rights in order to provide flexibility to react to extraordinary circumstances. But as always, our number one priority is protecting our sources.? Meanwhile, the submission page on SafeHouse simply states that ?You can be anonymous by not providing your name and contact information on this page,? with no mention of the site?s legal or technical vulnerabilities. Appelbaum calls that anonymity claim a ?blatant lie.? WikiLeaks? founder Julian Assange has been supportive of the idea of copycat sites in the past. In a November interview, he said that the creation of more leaking sites would be ?protective? to WikiLeaks. But he?s also warned users against direct-to-newspaper leak sites, and criticized the Guardian?s and New York Times? handling of confidential information. From rforno at infowarrior.org Fri May 6 15:05:50 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 May 2011 16:05:50 -0400 Subject: [Infowarrior] - Court Slams FBI For Saying It's Okay For The Federal Government To Lie To A Court Message-ID: <8663BF0A-BE7E-46BB-A58A-1E9B0B82CEE8@infowarrior.org> Court Slams FBI For Saying It's Okay For The Federal Government To Lie To A Court from the who-watches-the-watchers? dept http://www.techdirt.com/articles/20110506/00174414172/court-slams-fbi-saying-its-okay-federal-government-to-lie-to-court.shtml A few months back, we pointed out how the EFF had discovered that the FBI was extremely arbitrary in how it redacted information on Freedom of Information Act requests. There are specific rules about what should be redacted and what should be allowed. However, the EFF received the same documents from separate requests, and found totally different sections redacted. Not only did this suggest how arbitrary the process was, it also allowed them to see some of what was redacted in the "other" document -- and discover that it never should have been redacted. Now, the EFF is pointing to a recent ruling that shows the FBI apparently feels it's free to go much further than just arbitrary redacting. In a different case, a district court has slammed the FBI for both lying about what records it actually had in response to an FOIA request by pretending certain records did not exist (even though they did) and then redacting portions of the document, claiming that they were outside the scope of the request... when they were not. The court is clearly not pleased. It also did not buy the government's silly claim that revealing that the FBI lied would be a threat to national security or that it's fine for the federal government to simply lie to a court, in the name of "national security." After court ordered the FBI to submit full versions of the records in camera, along with a new declaration about the agency?s search, the FBI revealed for the first time that it had materially and fundamentally mislead the court in its earlier filings. The unaltered versions of the documents showed that the information the agency had withheld as ?outside the scope? was actually well within the scope of the plaintiffs? FOIA request. The government also admitted it had a large number of additional responsive documents that it hadn?t told the plaintiffs or the court about. Id. at 7-8. If these revelations weren?t bad enough, the FBI also argued FOIA allows it to mislead the court where it believes revealing information would ?compromise national security.? Id. at 9. The FBI also argued, that ?its initial representations to the Court were not technically false? because although the information might have been ?factually? responsive to the plaintiffs? FOIA request, it was ?legally nonresponsive.? Id. at 9, n. 4 (emphasis added). The court noted, this ?argument is indefensible,? id. at 9-10, and held, ?the FOIA does not permit the government to withhold responsive information from the court.? It really does seem like our federal government tends to believe that there should be no oversight of it at all. It's almost as if they feel that the basic principles of checks & balances within the government is a nuisance which it can ignore. From rforno at infowarrior.org Sun May 8 21:32:18 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 May 2011 22:32:18 -0400 Subject: [Infowarrior] - Shumer calls for 'do not ride' list for Amtrak Message-ID: Be afraid! Be afraid! --- rick http://online.wsj.com/article/AP2687eb82bbef48cd9dc66b020c69ba33.html Sen. Charles Schumer is calling for better rail security now that the raid on Osama bin Laden's compound has turned up plans to attack trains in the U.S. Schumer said Sunday that he will push for the creation of a "do not ride" list for Amtrak. The list would be similar to the no-fly list that keeps those suspected of terrorism from flying into or out of the United States. Notes and computer materials seized from bin Laden's compound in Pakistan last Sunday showed bin Laden wanted to strike American cities again and discussed ways to attack trains. Schumer is calling for increased funding for rail security in light of the new intelligence. The New York Democrat says the U.S. must remain vigilant in protecting itself from future attacks. From rforno at infowarrior.org Mon May 9 12:09:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 May 2011 13:09:14 -0400 Subject: [Infowarrior] - =?windows-1252?q?The_Pirate_Bay=3A_=93The_Battle_?= =?windows-1252?q?of_Internets_is_About_to_Begin=94?= Message-ID: The Pirate Bay: ?The Battle of Internets is About to Begin? ? Ernesto ? 9/05/2011 http://torrentfreak.com/the-pirate-bay-the-battle-of-internets-is-about-to-begin-110509/ Talks on implementing a Europe-wide firewall to censor and block ?illicit? websites has caused concern among many Internet users in recent weeks, and today one of the targeted sites has joined the discussion. Quoting one of Churchill?s most famous speeches, The Pirate Bay team is rallying the public to defend the free Internet and end the threat posed by the entertainment industries? copyright lobby. In February, a secret meeting of the European Union?s Law Enforcement Work Party (LEWP) resulted in a worrying proposal. To deal with illicit sites on the Internet, the group suggested the adoption of a China-like firewall to block websites deemed ?inappropriate?. The controversial proposal immediately met resistance from various sides, including ISPs who would be tasked with maintaining the blocklist. The copyright lobby on the other hand welcomes the initiative which they?ve been suggesting for years. One of the sites that has a fair share of experience with being blocked is The Pirate Bay. The popular BitTorrent site is currently censored in Ireland, Italy and Denmark, and almost lost its domain name to the U.S. Government last year. Needless to say, they are not happy with the EU?s latest censorship proposal. In fact, today they declare war on the proponents of Internet censorship, most prominently the entertainment industry (MAFIAA) lobbyists. In a slightly edited version of Winston Churchill?s ?this was their finest hour? speech, in which they replace Nazi-Germany with MAFIAA, The Pirate Bay team declares war on Internet censorship advocates. Action has to be taken before it?s too late, is the message they convey. ?I expect that the Battle of Internets is about to begin. Upon this battle depends the survival of an Uncensored civilization! Upon it depends our own free life, and the long continuity of our sites and our trackers. The whole fury and might of the enemy will very soon be turned on us,? The Pirate Bay writes. ?MAFIAA knows that they will have to break us in Brussels or lose the war. If we can stand up to them, all Europe may be free and the life of the world may move forward into broad, sunlit uplands. But if we fail, then the whole world, including all that we have known and cared for, will sink into the abyss of a new Dark Age made more sinister, and perhaps more protracted, by the lights of perverted science.? ?Let us therefore brace ourselves to our duties, and so bear ourselves that if the free Internets and its multitude of sites last for a thousand years, citizens will still say, This was their finest hour,? they add. The speech, signed by ?Winston Bay,? clearly shows The Pirate Bay?s concern with censorship proposals as opted by the European Union recently. The big question remains, is there really something that can be done to stop it, or has that ship sailed already? From rforno at infowarrior.org Mon May 9 16:34:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 May 2011 17:34:22 -0400 Subject: [Infowarrior] - Feds raid home of teen fingered in DDoS on Gene Simmons Message-ID: I never liked Gene Simmons anyway. -- rick Feds raid home of teen fingered in DDoS on Gene Simmons Attack followed tongue-lashing against file-sharers By Dan Goodin in San Francisco ? Get more from this author http://www.theregister.co.uk/2011/05/09/kiss_gene_simmons_ddos_probe/ Posted in Crime, 9th May 2011 19:35 GMT Federal authorities have raided the home of a suburban Washington family after tracing a crippling attack on the website of Kiss frontman and anti-piracy crusader Gene Simmons to an internet connection there. According to an affidavit filed by FBI Special Agent Scott Love, the distributed denial-of-service attacks on www.genesimmons.com, www.simmonsrecords.com and www.kissonline.com commenced on October 14, 10 days after the aging rocker castigated artists and record labels alike for not doing more to pursue people who download music for free on the internet. ?The music industry was asleep at the wheel and didn't have the balls to sue every fresh-faced, freckle-based college kid who downloaded material,? Simmons said during an address at the MIPCOM conference in Cannes, France. ?And so now we're left with hundreds of thousands of people without jobs. There's no industry.? Simmons also encouraged musicians to ?be litigious. Sue everybody. Take their homes, their cars. Don't let anybody cross that line.? People claiming affiliation with the Anonymous hacker and griefer collective quickly denounced the comments and encouraged members to take action. The DDoS attacks that followed took Simmons's websites offline for about 36 hours, according to the FBI's Love. When service was restored, Simmons posted a rant to his site that told the attackers ?we will sue their pants off? and warned ?they might find their little butts in jail, right next to someone who's been there for years and is looking for a new girl friend.? On October 18, Simmons websites came under a new round of attacks that lasted four days, even though they had been moved to a new webhost. The assaults cost Simmons as much as $25,000 in downtime and expenses associated with changing servers and hosts. According to Love, some of the junk traffic that brought down the websites came from the residence of Darrin M. Lantz, of Gig Harbor, Washington. The IP address in the home pinged one of the targeted websites 48,471 times during a 47-minute period. Attempts to contact the Lantzes weren't successful, but according to KOMONews.com, federal agents, with guns drawn, raided the Lantz home recently and seized a computer belonging to a teenager who lived there. ?I had no idea,? Rhoda Lantz was quoted as saying. ?All they said was something about internet crime.? There are no reports of any charges being filed in connection to the raid. The report comes as corporate executives, authorities and journalists sift through often contradictory claims about the involvement of Anonymous in attacks on the Recording Industry Association of America, the Motion Picture Association of America and more recently on sites such as PayPal, Visa, and MasterCard for cutting off services to whistle-blower website WikiLeaks. A Sony executive last week implicated Anonymous in attacks that stole data from more than 100 million users of the PlayStation Network and the company's online PC games website. Since then, dueling posts in blogs and news websites have offered conflicting accounts, with some claiming the loosely organized group had nothing to do with the Sony hacks and other saying that members likely were involved. The affidavit is here. ? From rforno at infowarrior.org Mon May 9 21:05:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 May 2011 22:05:23 -0400 Subject: [Infowarrior] - WSJ: Microsoft Nears $7 Billion-Plus Deal for Skype Message-ID: <94AA1585-6138-4B6A-AA01-D144E3E97D57@infowarrior.org> Microsoft Nears $7 Billion-Plus Deal for Skype By ANUPREETA DAS And NICK WINGFIELD http://online.wsj.com/article/SB10001424052748703730804576313932659388852.html Microsoft Corp. is close to a deal to buy Internet phone company Skype Technologies SA for more than $7 billion, and a deal could be announced as early as Tuesday, people familiar with the matter said. Negotiations were wrapping up Monday evening, and a deal could still fall apart, the people cautioned. Representatives for Microsoft and Skype declined to comment. A deal represents Microsoft's most aggressive move yet to play in the increasingly-converged worlds of communication, information and entertainment. Skype connects more than 663 million users around the world via Internet-based telephony and video, making it a key technology platform for a new generation of Web-savvy consumers. During 2010, those users made 207 billion minutes of voice and voice video calls over Skype. Buying Skype would give Microsoft a recognized brand name on the Internet at a time when it is struggling to get more traction in the consumer market. The company has invested heavily in marketing and improving the technology of its Bing search engine. While it has made some market share gains over the past year, Google Inc. still dominates the search market with more than 65% of U.S. searches going through its site. At a value over $7 billion, the Skype deal would rank at or near the top of the biggest acquisitions in the 36-year history of Microsoft, a company that traditionally has shied away from large deals. In 2007, Microsoft paid approximately $6 billion to acquire online advertising firm aQuantive Inc. Many current and former Microsoft executives believe Microsoft significantly overpaid for that deal. But they are also relieved that Microsoft gave up on an unsolicited $48 billion offer for Yahoo Inc. nearly three years ago. Yahoo is valued at half that sum today. Microsoft Chief Executive Steve Ballmer, though, sees the Internet as an essential battleground for Microsoft, a company that still makes the vast bulk of its profits from Windows and Office software systems. Investors have become increasingly concerned about Microsoft's ability to squeeze continued growth out of those businesses, as rival technologies from Apple, Google and others put more pressure on profits. The Microsoft division behind the company's hugely lucrative Office suite of applications also makes a product, known as Lync, which ties together email, instant messaging and voice communications into a single application. Skype could strengthen that offering. The deal shows how far Skype has come since it was launched in 2003 by Niklas Zennstrom and Janus Friis, two men who had created a file-sharing technology called Kazaa that became widely associated with music piracy. While Skype was initially popular with techies, it increasingly worked its way into the mainstream by offering free or cheap phone calls which were especially appealing to international callers. When EBay purchased the company in 2005 for $2.6 billion in cash and stock, Skype was regarded as something of an experiment, in which EBay's buyers and sellers would use the service to communicate about potential transactions. The experiment faltered, and EBay gave up on Skype in 2007, taking a $1.4 billion charge on the investment. It sold a 70% stake to a group of technology investors including Silver Lake Partners, venture capital firms Index Ventures and Andreessen Horowitz, and the Canada Pension Plan Investment Board, who will make a handomse return on the Microsoft transaction. For all its promise, Skype has had a mixed history as an operating business. It has produced little net profit in the eight years since it was founded. Profits continue to remain elusive as the company expands its business worldwide. Last year the company posted revenue of $860 million and $264 million in operating profits, but still lost $7 million. The company had $686 million in long-term debt as of Dec. 31. Skype uses a technology called voice over Internet protocol, which treats calls as data like email messages and routes them over the Internet, rather than a traditional phone network. Skype's software, which can be downloaded free, allows users to call other Skype users on computers or certain cellphones for free. Skype users can also call land lines for a fee and conduct video calls. Skype could play a role in Microsoft's effort to turnaround its fortunes in the mobile phone market, an area where it has lagged badly behind rivals Apple Inc. and Google. The company last year launched a new operating system for mobile phones known as Windows Phone 7 that has been well reviewed by technology critics but hasn't yet meaningfully improved Microsoft's market share. Microsoft will likely need to tread carefully, though, in integrating Skype into its mobile software because of the potential for pushback from wireless carriers, whose support Microsoft badly needs. Skype could give consumers a way to make cheap phone calls over the Internet from mobile phones, without paying higher rates to the carriers. Last August, Skype filed documents to go public but put its IPO plans on hold after bringing in a new chief executive, Tony Bates. Skype had expected to raise close to $1 billion through its IPO, people familiar with the matter said at the time. At the same time, the Luxembourg-based company entertained conversations in the past with potential buyers and joint-venture partners, including Facebook Inc., Google and Cisco, according to other people familiar with the matter. Skype had sought between $5 billion and $6 billion to sell itself, they added. The blog GigaOm earlier reported news of Microsoft's interest in Skype. ?Spencer E. Ante contributed to this article. From rforno at infowarrior.org Tue May 10 07:42:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 May 2011 08:42:59 -0400 Subject: [Infowarrior] - Let's hold off on that Pulitzer for Twitter Message-ID: Let's hold off on that Pulitzer for Twitter Comments (2) May 9, 2011 | 10:26 am http://latimesblogs.latimes.com/entertainmentnewsbuzz/2011/05/lets-hold-off-on-that-pulitzer-for-twitter-.html Twitter is many things. It is a neighborhood stoop for people to gossip. It is an outlet for movie studios, TV networks, athletes and actors to promote themselves. It is a platform for journalists, including this one, to get their stories out to the masses. What Twitter is not, is a news organization. It does not employ reporters. It does not have news bureaus around the world. Maybe one day it will, but for now it is a global bulletin board. That's why it is so frustrating when people, particularly veteran journalists give Twitter itself credit for breaking big stories. The latest example of this was the news that the United States had killed Osama bin Laden. On May 1, the Obama White House sent word to networks and newspapers that a major story was breaking and that the president would be addressing the nation soon. News organizations scrambled to figure out what was up and it wasn't long before Keith Urbahn, a former Defense Department staffer in the Bush administration, tweeted that he was hearing that Bin Laden had been killed. He also acknowledged it was a rumor. None of this is intended to take issue with Urbahn and his speculative tweet. In a pre-Twitter era, he might have called up a reporter and passed on the information. Twitter cuts out the middle man. There is nothing wrong with that. Now, if Urbahn had been wrong, the world would have shrugged and moved on. However, if CNN, the Los Angeles Times or the New York Times had tweeted a Bin Laden dead rumor that didn't pan out, their credibility would have been shattered and they would have been rightly raked over the coals for sloppy journalism. In another example of overstating Twitter's role in the Bin Laden coverage, much was made after the news of Bin Laden's death broke about tweets from Sohaib Athar, a Pakistani resident who kept posting notes about all the helicopter activity near where he lived. What he was hearing, it turns out, was U.S. forces helicoptering in and out of Abbottabad. He had no idea that was what was going on and said as much in interviews after the raid and the discovery of his tweets. On his Sunday CNN show "Reliable Sources" looking at the media, host Howard Kurtz said of Athar: "I love the fact that this guy scoops the entire world." He did not scoop the entire world. He heard noise and posted something on Twitter about it. He didn't know what the noise was so how did he scoop the world? Even he acknowledged as much in an interview with NBC. If Twitter had been around in November 1963 and a Dallas resident tweeted, "just heard gunshots" would we say that person broke the story of the JFK assassination? This is not meant to dismiss Twitter. It is a powerful site with tremendous potential. I use it both professionally and personally. It is a great tool for reporters, for promoting work and even for sourcing. It is the people filing to Twitter -- for free -- who are providing the value for the site. People use Twitter to spread news, Twitter doesn't break news. On paper it may seem like Twitter makes everyone a reporter, but there has to be a recognition that it is not a level playing field between people who use Twitter and news outlets who have professional reputations at stake every time they tweet. Perhaps Twitter will soon create its own version of a wire service. For now though, it is a corner bar for the world to tell everyone what happened to them that day. Sometimes the drunk sitting next to you at the bar is right on the money, and other times he doesn't know what the heck he's talking about. -- Joe Flint From rforno at infowarrior.org Tue May 10 07:49:45 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 May 2011 08:49:45 -0400 Subject: [Infowarrior] - Social Networks Offer a Way to Narrow the Field of Friends Message-ID: <65A348F9-F258-45BF-A36E-EA3944111922@infowarrior.org> May 9, 2011 Social Networks Offer a Way to Narrow the Field of Friends https://www.nytimes.com/2011/05/10/technology/10social.html?hpw=&pagewanted=print By JENNA WORTHAM and CLAIRE CAIN MILLER There are times when you just have to tell your friends about something ? but not necessarily your Facebook friends. Just ask Becca Akroyd. When Ms. Akroyd, a 29-year-old lawyer in Sacramento, Calif., wanted to share a picture of her new vegetable garden, she didn?t turn to Facebook. Instead she posted it on Path, a service that lets people share pictures, videos and messages with a small group. ?The people I have on my Path are the people who are going to care about the day-to-day random events in my life, or if my dog does something funny,? Ms. Akroyd said. ?On Facebook, I have colleagues or family members who wouldn?t necessarily be interested in those things ? and also that I wouldn?t necessarily want to have view those things.? Path, which limits friend groups to 50, is among a new crop of Web services that allow people to connect with a handful of friends in a private group. Users get the benefits of sharing without the strangeness that can result when social worlds collide on Facebook. Other start-ups in this anti-oversharing crowd include GroupMe, Frenzy, Rally Up, Shizzlr, Huddl and Bubbla. Even Facebook recognizes that people don?t want to share everything with every ?friend.? It has privacy settings that control who can see what, but many people find these challenging to set up. So last fall, Facebook introduced Groups, for sharing with subsets of Facebook friends. And in March, it acquired Beluga, a start-up that allows sharing photos and messages with small groups privately. Last month, Facebook said its users had created 50 million groups with a median of just eight members. It also introduced the Send button, which Web sites can use to let people share things with Facebook groups. ?We realized there wasn?t a way to share with these groups of people that were already established in your real life ? family, book club members, a sports team,? said Peter Deng, director of product for Facebook Groups. ?It?s one of the fastest-growing products within Facebook. Usage has been pretty phenomenal.? Google is also working on tools for sharing with limited groups of people, according to a person briefed on the company?s plans who was not authorized to speak publicly. Slide, a maker of social networking apps that was bought by Google, recently released an iPhone app called Disco, for texting with small groups. Google may discuss its plans in this area at a conference for developers this week. A spokeswoman, Katie Watson, declined to comment. No one expects the start-ups in this field ? most of which are new and have relatively few users ? to replace Facebook or Twitter. Instead, their creators say that they do a better job of mimicking offline social relationships, and that they represent a new wave of social networking that revolves around specific tasks, like sharing photos or coordinating plans for the evening. Shizzlr, for example, was created by two graduate business students at the University of Connecticut after they realized it was impossible to organize plans on Facebook. ?You put out a status about weekend plans and, all of a sudden, you get your uncle commenting that he wants to go hiking with you and your friends,? said Nick Jaensch, who created Shizzlr with Keith Bessette. After users invite a few friends into a group on Shizzlr, the service grabs a list of coming events from Yelp, Google and Facebook and lets members discuss their options. The groups reach capacity at 20 people. In the last three months, about 3,600 people have downloaded the application ? a tiny number compared with Facebook?s 600 million members. But Mr. Jaensch says he is not interested in competing with Facebook. ?The people that you?ve called in the past two to three weeks are the people you actually do stuff with,? he said. Shizzlr is just getting off the ground, but some of the other services in this field have attracted the attention of prominent investors. Path has raised $11 million from venture capitalists, including Kleiner Perkins Caufield & Byers and Index Ventures. GroupMe, which says it is handling 100 million messages a month, raised $10.6 million from Khosla Ventures, General Catalyst and First Sound, and others. AOL acquired Rally Up late last summer. Dave Morin, Path?s founder, was an early Facebook employee, but thought the social network had grown too large and impersonal for sharing certain things. Hundreds of thousands of users have agreed and signed up for Path, sharing more than five million photos and videos so far, Mr. Morin said. Most of their groups include far fewer than the 50 friends they are allowed, he said. ?People pull out their phone and show their photos and start telling a story about their life ? ?Last week I was on vacation,? or ?here?s my cat,? or ?here?s what I ate for dinner last night? ? but when we ask if they put those photos anywhere, people would say, ?Oh, no, no, no, it?s way too personal,? ? Mr. Morin said. Those photos might also be too boring for the full lineup of one?s Facebook friends. And, of course there are other photos that your cubicle neighbors and former flames might find to be ... too interesting. ?The larger social networks have certainly become more loose-tie networks of acquaintances,? said Mo Koyfman, an investor at Spark Capital who follows social media trends. ?But the way we communicate with acquaintances is very different from how we communicate with friends.? Spark recently invested in Kik, a mobile group messaging app. Mr. Koyfman said most of these start-up applications centered on cellphones because they were inherently more personal than Web sites used at a computer. Mr. Deng at Facebook said that his company was working on more tools for small-group sharing. But some Internet users and entrepreneurs maintain that the big social networks will always be too big for people to share comfortably. John Winter, a developer in New Zealand, cobbled together Frenzy, an application that lets friends share links, photos, songs and other items in an invitation-only folder on the Web storage service Dropbox, effectively turning it into a private social feed. ?Twitter is public and Facebook is basically public,? he said. ?What else are you going to use?? From rforno at infowarrior.org Tue May 10 08:07:38 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 May 2011 09:07:38 -0400 Subject: [Infowarrior] - US cell users to receive national alerts Message-ID: <555E75EA-361A-4860-B394-CECE957E057C@infowarrior.org> (Wonder if we will get charged for these messages. Though the "unblockable" alerts from the President I find a bit disturbing. --- rick) National Emergency Alert System Set To Launch In NYC May 10, 2011 8:35 AM http://newyork.cbslocal.com/2011/05/10/national-emergency-alert-system-set-to-launch-in-nyc/ NEW YORK, (CBSNewYork) ? A new national alert system is set to begin in New York City that will alert the public to emergencies via cell phones. Presidential and local emergency messages as well as Amber Alerts would appear on cell phones equipped with special chips and software. The Federal Communications Commission and the Federal Emergency Management Agency said the system would also warn about terrorist attacks and natural disasters. Verizon and AT&T, the nation?s largest cell phone carriers, are already on board. Consumers would be able to opt out of all but those presidential messages. The announcement of the new emergency alert system came Monday in the wake of Osama bin Laden?s death and an uptick in security and safety concerns around New York City. For now, the system is capable on certain high-end cell phones but starting next year, all cell phones will be required to have the chip that receives alerts. By the end of the year, the new system will be in place in New York City and Washington and in cities around the country by the end of 2012. From rforno at infowarrior.org Tue May 10 14:06:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 May 2011 15:06:56 -0400 Subject: [Infowarrior] - DOJ wants wireless providers to store user info Message-ID: http://news.cnet.com/8301-31921_3-20061472-281.html May 10, 2011 9:39 AM PDT DOJ wants wireless providers to store user info by Declan McCullagh The U.S. Department of Justice today called for new laws requiring mobile providers to collect and store information about their customers, a proposal that pits it against privacy advocates and even other federal agencies. Jason Weinstein, the deputy assistant attorney general for the criminal division, picked an odd place to describe the department's proposal: a U.S. Senate hearing that arose out of revelations about iPhones recording information about owners' locations, and, in some cases, transmitting those data to Apple without consent. Nevertheless, Weinstein said, "when this information is not stored, it may be impossible for law enforcement to collect essential evidence." In January, CNET was the first to report that the Justice Department had started a new legislative push for what is generally known as mandatory data retention. "Many wireless providers do not retain records that would enable law enforcement to identify a suspect's smartphone based on the IP addresses collected by Web sites that the suspect visited," he added. In an exchange with Sen. Al Franken, the Minnesota Democrat who chairs the subcommittee that convened today's hearing, Weinstein did not elaborate on the proposal, including whether it would require wireless providers to record location information as well. The Justice Department's suggestion conflicts with what the Federal Trade Commission--which also sent a representative to today's hearing--has recommended. A company should adopt a policy of "not collecting or retaining more data than they need to provide a requested service or transaction," said Jessica Rich, deputy director of the FTC's bureau of consumer protection. Also testifying are Bud Tribble, Apple's vice president for software technology and Google's U.S. director of public policy, Alan Davidson. Microsoft is not making an appearance, even though it collects location information from Windows Mobile 7 devices with a unique ID. "I believe that consumers have a fundamental right to know what data is being collected about them," Franken said. That can be, he said, "really sensitive information that I don't think we're doing enough to protect." While no specific location privacy bill has appeared as a result of last month's privacy flap, there have been calls for a Federal Trade Commission investigation, and unrelated "do not track" legislation was introduced yesterday. And Sen. Ron Wyden, an Oregon Democrat, has drafted legislation that would curb warrantless access to location histories by police (see CNET Q&A with Wyden). Bud Tribble, Apple's vice president for software technology (Credit: U.S. Senate) What began as a hearing devoted to location privacy soon spiraled into entirely unrelated issues about computer security, the recent Sony security breach, mandatory notification for similar breaches, restrictions on mobile applications, and Google Street View. Sen. Chuck Schumer (D-N.Y.) called on Apple and Google to remove applications that alert users to the presence of police and other law enforcement checkpoints that have been set up to combat drunk driving, a controversy that became public in March. The apps are presumptively legal under the First Amendment, but Schumer said they should nevertheless be removed on public safety grounds. "How you can justify (selling) apps that put the public at serious risk?" he asked. "Why hasn't Google removed this type of application?" Davidson replied that while this is an "important issue," Google has "a fairly open policy in what we allow." "In some cases the police department publishes when and where there's going to be a checkpoint," Tribble said, suggesting that if the information is public, an app that reproduces it should not necessarily be a problem. Sen. Richard Blumenthal (D-Conn.) suggested that a January 2010 Google patent indicates that the company was planning to intercept the payloads of Wi-Fi communications as part of its Street View service to track locations--an allegation that, if done intentionally, could be a federal crime. "Are you aware that this process may have been used?" Blumenthal said. It turned out that Blumenthal appeared to have been confused: the patent application dealt with detecting "data rates," not intercepting the contents of Wi-Fi signals. (Ashkan Soltani, a technologist also testifying today, added that intercepting payloads wouldn't even help to identify locations.) Disclosure: McCullagh is married to a Google employee not involved in these topics. From rforno at infowarrior.org Wed May 11 06:36:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 May 2011 07:36:33 -0400 Subject: [Infowarrior] - Cyberwarfare May Be A Bust For Many Defense Contractors Message-ID: <1AC5F8A8-5E93-409F-BB5D-D46A1B3B3BB4@infowarrior.org> Cyberwarfare May Be A Bust For Many Defense Contractors May. 9 2011 - 2:20 pm | 2,411 views Posted by Loren Thompson http://blogs.forbes.com/beltway/2011/05/09/washingtons-cyberwarfare-boom-loses-its-allure/ As federal spending on national security has leveled off in recent years, big defense contractors have worked hard to secure a role in one of the few market segments expected to keep growing: cyberwarfare. It?s a relatively new field where the terminology hasn?t stabilized yet, but for the purposes of this posting, cyberwarfare means three things: attacking enemy networks, exploiting enemy information flows, and defending friendly networks. Most of the money Washington is currently spending on cyberwarfare goes to the latter activity ? securing friendly networks ? but offensive activities seem to be growing faster over time. They?re really just different sides of the same coin, since it?s hard to be good at defending computer networks if you don?t have a thorough understanding of how to attack them. The cyber goldrush was sparked in 2008 when President Bush signed two directives establishing a Comprehensive National Cybersecurity Initiative in response to the growing number of digital assaults on federal networks. The initiative was a signal to industry that a new demand driver had appeared in the marketplace just as everyone was getting ready for a prolonged downturn in military purchases. Seeing few other domestic opportunities on which to place bets with the cash they had accumulated during flush years, military contractors poured into the cyberwarfare field, building operations centers, purchasing niche players, and competing aggressively for contracts. The thinking was that cyber threats would keep proliferating for the foreseeable future, and defense companies were more likely to have the necessary clearances and market knowledge to compete in cyberwarfare than outsiders like Google or Microsoft. No doubt about it, the cyberwarfare market has grown fast, helped along by an Obama Administration commitment to expand and refine the digital security efforts of its predecessors. Within months after taking office, President Obama established an executive-branch cybersecurity coordinator and a new Cyber Command colocated with the super-secret National Security Agency at Fort Meade, MD. NSA does most of the government?s eavesdropping, so putting the command nearby and making its head the same general who runs the spy agency was a no brainer: NSA already had the ability to monitor internet traffic for hackers and other malefactors. Setting up the new command, staffing components from each military service, and implementing more stringent network security procedures at each federal agency will generate about $9 billion in federal outlays this year. Additional billions will be spent on classified programs to probe and monitor foreign networks, such as those in China. But even as the government?s cyberwarfare effort expands, some industry executives are beginning to wonder just how lucrative this new opportunity is likely to be. They already know it can?t fill the revenue hole created by cancellation of dozens of weapons programs in recent years, and now they?re starting to suspect the cyber field is so hyper-competitive and volatile they can?t even count on it for significant earnings anytime soon. Once you get past all the fashionable rhetoric about information-age warfare and anarchy on the web, it?s easy to see why they might be having second thoughts. Let?s consider the many ways in which the cyberwarfare market should raise red flags for investors. The first thing to understand about the cyberwarfare market is that, at least by federal standards, it just isn?t very big. The $9 billion being spent this year on so-called information assurance and security activities is barely one day of federal spending at present rates, and it is fragmented among numerous agencies. It?s true that the lion?s share of funding goes to the Department of Defense, which oversees additional billions spent on network attack and exploitation, but in an organization that annually passes out $400 billion in contracts, it still doesn?t amount to much. Market research firm Input projects federal cybersecurity funding will increase 9% annually through 2015, but the government is entering a period of severe fiscal austerity and there are many other claimants for government dollars. With every major contractor in the business straining to get a piece of this relatively small pie, the prospects for making a killing are not high. A second problem with the cyberwarfare business is that threats are diverse and continuously evolving, which means it is hard for contractors to establish durable franchises. When companies compete to build military hardware, they expect that once a contract is won they will be the sole supplier of a weapon system for a decade or longer. But in cyberwarfare the government?s needs keep changing because new threats emerge on a weekly basis. For instance, the deluge of WikiLeaks that has embarrassed policymakers in recent months has shifted attention from keeping hackers out of networks to keeping information in, which turns out to be a rather different challenge. The dynamism of cyber threats combined with the slow pace of federal acquisition procedures is a prescription for continuous frustration among contractors. A third issue facing companies pursuing cyberwarfare opportunities is the relatively low barriers to entry in the current market. That?s probably less true in the offensive segment of the market, where activities are so secret that companies must have special qualifications to bid, but on the defensive side of the ledger there are dozens of contractors and new niche players are constantly emerging. The cyberwarfare space is still wide open to any company that comes up with a point solution to an urgent problem, which means yesterday?s winners can turn into today?s losers. That?s good for aggressive, agile companies like Raytheon that are willing to take risks and buy up niche players as they prove themselves, but some of the bigger companies in the defense business aren?t accustomed to having so many competitors jostling for attention. A fourth and related problem in the cyberwarfare space is the shortage of available talent, particularly in network attack and exploitation skills. The cyberwarfare market grew so fast that it outstripped available labor pools, so companies now find themselves bidding against each other and the federal customer for scarce skills. It?s not that finding cyber specialists is hard, but securing the necessary clearances (foreigners need not apply) and keeping them trained so they can respond to the latest requirements is a constant challenge. This probably works to the advantage of Lockheed Martin, which is the biggest player in the federal information services market, because it has the mass and resources to keep up with changing needs, but for smaller players it?s a big problem. Lockheed has recently won several major cyberwarfare awards at the expense of competitors, and seems to be a preferred destination for many specialists in the field. A fifth difficulty in the government cyberwarfare market is the variability of management quality from agency to agency on network-related matters. Industry insiders generally agree that the National Security Agency has the greatest depth and breadth of expertise, because it has been working cyber issues far longer than other agencies. Executive expertise at the Department of Defense is more uneven, and at the Department of Homeland Security it is frequently deficient. These problems are most apparent at the program manager level, where middle-level executives may lack the experience to select among competing solutions to a problem. The job classification process and compensation levels prevailing in the federal civil service are not well suited for putting the best people into positions overseeing cyberwarfare work. A final, chronic defect in the cyberwarfare market is the loose coordination of federal efforts to secure networks, not just between agencies but even within them. For example, at the same time that the Navy has stood up a cyber command to protect its warfighting nets, it has begun implementing a new information architecture called the Next Generation Enterprise Network likely to be more vulnerable to hackers and spies. The new network replaces a single system integrator with multiple teams of contractors who must compete annually for work, creating the kinds of seams and discontinuities intruders might seek to exploit. The fact a military service that invented the concept of network-centric warfare could pursue such an architecture at this late date suggests that in some parts of the federal government, nobody is really in charge of cyber policy or has the authority to mandate security standards. So far, these various drawbacks have not discouraged big contractors from continuing to pursue cyberwarfare opportunities. The most aggressive players at present seem to be Raytheon, Science Applications International, General Dynamics and Lockheed Martin, but other players like BAE Systems and Boeing are rapidly bulking up. In other segments of the national-security marketplace, two or three of these companies would eventually emerge as the dominant players, and the rest would move on. But cyberwarfare isn?t like other market segments ? it is still in flux, and may remain that way for a long time to come. That means even if government spending on cyberwarfare keeps growing, some players straining to get into the business are not going to be happy with how this new opportunity works out. From rforno at infowarrior.org Wed May 11 06:38:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 May 2011 07:38:30 -0400 Subject: [Infowarrior] - Congress to DOD: You Must Start Briefing Us on (Some) Cyberwar Now Message-ID: <2E86AB0C-4AE5-4007-A22D-8DA03E4D28A3@infowarrior.org> (c/o JH) Congress to DOD: You Must Start Briefing Us on (Some) Cyberwar Now By: emptywheel Tuesday May 10, 2011 5:21 am http://emptywheel.firedoglake.com/2011/05/10/congress-to-dod-you-must-start-briefing-us-on-cyberwar-now/ Robert Chesney notes that the HASC Mark on the Defense Authorization bill includes a section on cyberwar. Here?s the entire section: This section would affirm that the Secretary of Defense has the authority to conduct military activities in cyberspace. The committee recognizes that because of the evolving nature of cyber warfare, there is a lack of historical precedent for what constitutes traditional military activities in cyberspace. In particular, this section would clarify that the Secretary of Defense has the authority to conduct clandestine cyberspace activities in support of military operations pursuant to the Authorization for the Use of Military Force (Public Law 107-40; 50 U.S.C. 1541 note) outside of the United States or to defend against a cyber attack on an asset of the Department of Defense. The committee notes that al Qaeda, the Taliban, and associated forces are increasingly using the internet to exercise command and control as well as to spread technical information enabling attacks on U.S. and coalition forces in areas of ongoing hostilities. While these terrorist actions often lead to increased danger for U.S. and coalition forces in areas of ongoing hostilities, terrorists often rely on the global reach of the internet to communicate and plan from distributed sanctuaries throughout the world. As a result, military activities may not be confined to a physical battlefield, and the use of military cyber activities has become a critical part of the effort to protect U.S. and coalition forces and combat terrorism globally. In certain instances, the most effective way to neutralize threats and protect U.S. and coalition forces is to undertake military cyber activities in a clandestine manner. While this section is not meant to identify all or in any way limit other possible military activities in cyberspace, the Secretary of Defense?s authority includes the authority to conduct clandestine military activities in cyberspace in support of military operations pursuant to an armed conflict for which Congress has authorized the use of all necessary and appropriate force or to defend against a cyber attack on a Department of Defense asset. Because of the sensitivities associated with such military activities and the need for more rigorous oversight, this section would require quarterly briefings to the congressional defense committees on covered military activities in cyberspace. While Chesney focuses on the use of ?clandestine? in this passage (which I?ll return to), I think one of the key phrases is simply the requirement that DOD brief the Armed Services Committees quarterly on what it?s doing in cyberspace. As the AP reported in January, the SASC complained during the confirmation hearings of Michael Vickers that they weren?t getting briefed on clandestine cyberwar activities. Vickers claimed in response that the law only required that DOD brief Congress on human clandestine activities. The Senate Armed Services Committee voiced concerns that cyber activities were not included in the quarterly report on clandestine activities. But Vickers, in his answer, suggested that such emerging high-tech operations are not specifically listed in the law ? a further indication that cyber oversight is still a murky work in progress for the Obama administration. Vickers told the committee that the requirement specifically calls for clandestine human intelligence activity. But if confirmed, he said, he would review the reporting requirements and support expanding the information included in the report. So this section appears to close Vickers? loophole, now requiring that DOD brief Congress on its activities in its quarterly clandestine activities reports. In addition to legally demanding briefings, the section appears to affirmatively approve?as clandestine activities?cyberattacks against an AUMF-authorized target (so, al Qaeda and people like Anwar al-Awlaki we claim to be included in AUMF), and cyberdefense against an attack on an asset of DOD. By the way, anyone want to speculate whether a Specialist allegedly downloading several databases onto a Lady Gaga CD constitutes a cyberattack on a DOD asset? Because if this permission includes WikiLeaks, then this section might be retroactively authorize attacks?say, DNS attacks on US-based servers?on WikiLeaks (note that DOD can attack outside the US, but such geographical limits are not placed on defensive actions). In any case, as Chesney emphasizes, this section specifically authorizes attacks on AUMF-authorized targets and defense against attacks on DOD targets. Chesney notes that by calling these activities ?clandestine,? it makes them a Traditional Military Activity. That is to say, the language in ? 962 refers to DOD authority to engage in cyber operations which are mean to go undiscovered but not meant to be denied. That alone would presumably keep them from being categorized as a ?covert action? subject to presidential finding and SSCI/HPSCI notification requirements. Yet one can imagine that this does not quite suffice to solve the boundary dispute, insofar as it might not be clear on the front end that one would be willing to acknowledge sponsorship of an operation publicly if it becomes known?and indeed it might well be that the activity is very much meant to be both concealed and denied, making it hard at first blush to show that the activity is not a Title 50 covert action after all. But in at least some instances there is a separate reason it should not be deemed a covert action: i.e., when the action is best understood as a high-tech equivalent to a traditional military activity (the ?TMA? category being an explicit exception to the T50 covert action definition). And that appears to be the case with the two categories explicitly described above, or at least arguably so. The explanatory statement accompanying ? 962 supports this reading. It opens by stating that [t]he committee recognizes that because of the evolving nature of cyber warfare, there is a lack of historical precedent for what constitutes traditional military activities in cyberspace. So, to summarize, this section appears to affirmatively authorize two types of activities, defining them as clandestine operations, and mandating that Congress get quarterly briefings on them. But note this clause: ?this section is not meant to identify all or in any way limit other possible military activities in cyberspace.? So, it appears, there may be these two types of explicitly authorized clandestine operations, and then the stuff John Rizzo warned about. I did want to mention?cause I find this interesting?cyberwarfare, on the issue of cyberwarfare. Again, increasing discussion there clearly is an active arena, will continue to be active. For us lawyers, certainly for the lawyers in the intelligence community, I?ve always found fascinating and personally I think it?s a key to understanding many of the legal and political complexities of so-called cyberlaw and cyberwarfare is the division between Title 10, Title 10 operations and Title 50 operations. Title 10 operations of course being undertaken by the Pentagon pursuant to its war-making authority, Title 50 operations being covert action operations conducted by CIA. Why is that important and fascinating? Because, as many of you know being practitioners, how these cyber-operations are described will dictate how they are reviewed and approved in the executive branch, and how they will be reported to Congress, and how Congress will oversee these activities. When I say, ?these activities,? I?m talking about offensive operations?computer network attacks. This issue, this discussion, has been going on inside the executive branch for many years, actually. I mean I remember serious discussions during the Clinton Administration. So, again, this is not a post-9/11 phenomenon. Now, I?m speaking her from a CIA perspective, but I?ve always been envious of my colleagues at the Department of Defense because under the rubrik of Title 10, this rubrik of ?preparing the battlefield.? They have always been able to operate with a?to my mind [?] a much greater degree of discretion and autonomy than we lawyers at CIA have been, have had to operate under, because of the various restrictions and requirements of Title 50 operations. Covert actions require Presidential Findings, fairly explicit reports to the Intelligence Oversight Committees. We have a very, our Intelligence Committees are ? rigorous, rigorous and thorough in their review. I?ve never gotten the impression that the Pentagon, the military, DOD is subject to the same degree of scrutiny for their information warfare operations as CIA. I?m actually very envious of the flexibility they?ve had, but it?s critical?I mean I guess I could say interesting but critical how?I mean if there were operations that CIA was doing, they would be called covert actions, there?s no getting around that. To the extent I?ve ever understood what DOD does in this arena, they certainly sound like covert actions to me but given that I?ve had more than my hands full over the years trying to keep track of what CIA?s doing at any given time, I?ve never ventured deeply into that area. But I think it?s fascinating. [my emphasis] Now, maybe this section just politely puts the kibosh on all of this Title 50 masquerading as Title 10 stuff, stuff done under the auspices of DOD to avoid the oversight requirements that Title 10 intelligence operations would require. Maybe this section limits DOD?s activities to its two authorized clandestine activities. But I doubt it. With the language about not limiting DOD to these two functions, you can pretty much assume there?s some Special Access Programs (like the kind the Air Force refuses to talk to Congress about) not safe to be mentioned in public documents like laws. Look on the bright side, though: Congress is at least requiring that DOD brief Congress on some of the secret stuff they?re doing in cyberspace. Update: Specialist corrected per Ralph. From rforno at infowarrior.org Wed May 11 06:58:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 May 2011 07:58:29 -0400 Subject: [Infowarrior] - IP Group Wants to Apply New Rights Protections to .Net Message-ID: <20CFE9AC-AB83-4531-8D86-899D12C68BC5@infowarrior.org> http://domainnamewire.com/2011/05/10/urgent-now-intellectual-property-group-wants-to-apply-new-rights-protections-to-net/ Urgent: Now Intellectual Property Group Wants to Apply New Rights Protections to .Net Tuesday, May 10th, 2011 Make your voice heard now. (After reading this article I recommend reading more details about what this means.) Earlier this week I wrote about how a draft version of the business constituency?s comments about VeriSign?s renewal of the .net contract requested that uniform rapid suspension be added to .net. Thankfully the business constituency didn?t include that provision in its final comments. But the Intellectual Property Constituency did: Once the post-launch rights protection mechanisms called for in the new gTLD registry agreements are up and running, .NET should be obligated to participate in them. Notably, .NET should be required to make the uniform rapid suspension (URS) system available as an efficient and expeditious method of dealing with clear-cut cases of abusive registrations in .NET. The renewal agreement should set forth a process for ICANN to specify the date upon which these obligations will become effective for the .NET registry, along with an adequate transition period for the registry operator to put the necessary procedures into place. In other words, the IP group wants to retroactively apply new and untested rights protections to one of the original top level domain names. You still have time to comment on the .net renewal agreement by sending an email to net-agreement-renewal at icann.org. From rforno at infowarrior.org Wed May 11 07:45:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 May 2011 08:45:16 -0400 Subject: [Infowarrior] - U.S. To Introduce Draconian Anti-Piracy Censorship Bill Message-ID: U.S. To Introduce Draconian Anti-Piracy Censorship Bill ? Ernesto ? 11/05/2011 http://torrentfreak.com/u-s-to-introduce-draconian-anti-piracy-censorship-bill-110511/ The U.S. Government is determined to put an end to online piracy. In an attempt to give copyright holders and the authorities all the tools required to disable access to so-called rogue sites, lawmakers will soon introduce the PROTECT IP Act. Through domain seizures, ISP blockades, search engine censorship, and cutting funding of allegedly copyright infringing websites, the bill takes Internet censorship to the next level. Internet censorship is a hot topic this year. During the past 12 months the U.S. Government seized more than 100 domain names it claimed were promoting copyright infringement. But this was just the beginning. The domain seizures pale in comparison to a bill that?s about to be introduced by U.S. lawmakers. Dubbed the PROTECT IP Act, the bill will introduce a wide-scale of censorship tools authorities and copyright holders can use to quash websites they claim are facilitating copyright infringement. It is basically a revamped and worsened version of the controversial COICA proposal which had to be resubmitted after its enaction failed last year. The summary of the bill begins with a recital of the now-standard industry claims about the financial harm caused by copyright infringement. Claims that interestingly enough were put in doubt by the U.S. Government last year, but are still used to push anti-piracy legislation through globally. ?Copyright infringement and the sale of counterfeit goods are reported to cost American creators and producers billions of dollars and to result in hundreds of thousands in lost jobs annually. This pervasive problem has assumed an especially threatening form on the Internet,? the bill document reads. It is further explained that the PROTECT IP Act is needed as an extension of the already controversial domain seizures. As reported previously, it is now relatively easy for a seized website to continue operating under a new non-US based domain name. With the new bill, however, the authorities and copyright holders have a broader scale of tools they can use. ?The Preventing Real Online Threats to Economic Creativity and Theft of Intellectual Property Act (?PROTECT IP Act?) authorizes the Justice Department to file a civil action against the registrant or owner of a domain name that accesses a foreign Internet site, or the foreign-registered domain name itself, and to seek a preliminary order from the court that the site is dedicated to infringing activities,? the document continues. In case a domain is not registered or controlled by a U.S. company, the authorities can also order search engines to remove the website from its search results, order ISPs to block the website, and order ad-networks and payment processors to stop providing services to the website in question. ?If the court issues an order against the registrant, owner, or domain name, resulting from the DOJ-initiated suit, the Attorney General is authorized to serve that order on specified U.S. based third-parties, including Internet service providers, payment processors, online advertising network providers, and search engines. These third parties would then be required to take appropriate action to either prevent access to the Internet site, or cease doing business with the Internet site.? Although the above is already quite far-reaching, the bill also allows for private copyright holders to use some of the same tools as the Government. Without due process, copyright holders can obtain a court order to prevent payment providers and ad-networks from doing business with sites that allegedly facilitate copyright infringement. Unlike the DOJ, copyright holders can not obtain orders to block sites through ISPs or search engines. The summary of the bill does not go into the constitutional issues that arise with several of the measures. However, it ensures that the legislation is in the best interest of the public by protecting people from any website that ?endangers the public health.? The only protection for accused websites is that they can ?petition the court to suspend or vacate the order,? but lessons from the previous domain seizures show that this process can take up several months. The PROTECT IP Act is expected to be officially introduced in the coming weeks, and more details will be released at the time. Sources close to the U.S Government say the bill has already gathered a lot of support among legislators, which is a worrying message for the relatively free-Internet as its known today. From rforno at infowarrior.org Wed May 11 07:47:38 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 May 2011 08:47:38 -0400 Subject: [Infowarrior] - Resilience of the Internet Interconnection Ecosystem Message-ID: <8C55AF88-EFBD-473A-BED0-C9E3BA9026EB@infowarrior.org> (full report @ http://www.enisa.europa.eu/act/res/other-areas/inter-x/report/interx-report/at_download/fullReport) Resilience of the Internet Interconnection Ecosystem April 12th, 2011 at 08:24 UTC by Richard Clayton http://www.lightbluetouchpaper.org/2011/04/12/resilience-of-the-internet-interconnection-ecosystem/ The Internet is, by very definition, an interconnected network of networks. The resilience of the way in which the interconnection system works is fundamental to the resilience of the Internet. Thus far the Internet has coped well with disasters such as 9/11 and Hurricane Katrina ? which have had very significant local impact, but the global Internet has scarcely been affected. Assorted technical problems in the interconnection system have caused a few hours of disruption but no long term effects. But have we just been lucky ? A major new report, just published by ENISA (the European Network and Information Security Agency) tries to answer this question. The report was written by Chris Hall, with the assistance of Ross Anderson and Richard Clayton at Cambridge and Panagiotis Trimintzios and Evangelos Ouzounis at ENISA. The full report runs to 238 pages, but for the time-challenged there?s a shorter 31 page executive summary and there will be a more ?academic? version of the latter at this year?s Workshop on the Economics of Information Security (WEIS 2011). Internet interconnectivity is a complex ecosystem with many interdependent layers. Its operation is governed by the collective self-interest of the Internet?s networks, but there is no central Network Operation Centre (NOC), staffed with technicians to leap into action when trouble occurs. The open and decentralised organisation that is the very essence of the ecosystem is essential to the success and resilience of the Internet. Yet there are a number of concerns. First, the Internet is vulnerable to various kinds of common mode technical failures where systems are disrupted in many places simultaneously; service could be substantially disrupted by failures of other utilities, particularly the electricity supply; a flu pandemic could cause the people on whose work it depends to stay at home, just as demand for home working by others was peaking; and finally, because of its open nature, the Internet is at risk of intentionally disruptive attacks. Second, there are concerns about sustainability of the current business models. Internet service is cheap, and becoming rapidly cheaper, because the costs of service provision are mostly fixed costs; the marginal costs are low, so competition forces prices ever downwards. Some of the largest operators ? the ?Tier 1? transit providers ? are losing substantial amounts of money, and it is not clear how future capital investment will be financed. There is a risk that consolidation might reduce the current twenty-odd providers to a handful, at which point regulation may be needed to prevent monopoly pricing. Third, dependability and economics interact in potentially pernicious ways. Most of the things that service providers can do to make the Internet more resilient, from having excess capacity to route filtering, benefit other providers much more than the firm that pays for them, leading to a potential ?tragedy of the commons?. Similarly, security mechanisms that would help reduce the likelihood and the impact of malice, error and mischance are not implemented because no-one has found a way to roll them out that gives sufficiently incremental and sufficiently local benefit. Fourth, there is remarkably little reliable information about the size and shape of the Internet infrastructure or its daily operation. This hinders any attempt to assess its resilience in general and the analysis of the true impact of incidents in particular. The opacity also hinders research and development of improved protocols, systems and practices by making it hard to know what the issues really are and harder yet to test proposed solutions. So there may be significant troubles ahead which could present a real threat to economic and social welfare and lead to pressure for regulators to act. Yet despite the origin of the Internet in DARPA-funded research, the more recent history of government interaction with the Internet has been unhappy. Various governments have made ham-fisted attempts to impose censorship or surveillance, while others have defended local telecommunications monopolies or have propped up other industries that were disrupted by the Internet. As a result, Internet Service Providers (ISPs), whose good will is essential for effective regulation, have little confidence in the likely effectiveness of state action, and many would expect it to make things worse. Any policy makers should therefore proceed with caution. At this stage, there are four types of activity that can be useful at the European (and indeed the global) level. The first is to understand failures better, so that all may learn the lessons. This means consistent, thorough, investigation of major outages and the publication of the findings. It also means understanding the nature of success better, by supporting long term measurement of network performance, and by sustaining research in network performance. The second is to fund key research in topics such as inter-domain routing ? with an emphasis not just on the design of security mechanisms, but also on traffic engineering, traffic redirection and prioritisation, especially during a crisis, and developing an understanding of how solutions can be deployed in the real world. The third is to promote good practice. Diverse service provision can be encouraged by explicit terms in public sector contracts, and by auditing practices that draw attention to reliance on systems that lack diversity. The public section might also promote the independent testing of equipment and protocols. The fourth is public engagement. Greater transparency may help Internet users to be more discerning customers, creating incentives for improvement, and the public should be engaged in discussions on potentially controversial issues such as traffic prioritisation in an emergency. And finally, Private Public Partnerships (PPPs) of relevant stakeholders, operators, vendors, public actors etc. are important for self-regulation to be effective. Additionally, should more formal regulation become necessary in the future, more informed policy makers who are already engaged with industry will be able to make better decisions. So if you?ve ever wondered how the Internet is glued together, and how it might come apart ? or if you?re interested in learning about yet another area where computer security and economics interact ? then this report will be fascinating reading. From rforno at infowarrior.org Wed May 11 09:15:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 May 2011 10:15:14 -0400 Subject: [Infowarrior] - First NHL rule for fans: Don't mention the NHL Message-ID: <2EA2C20B-EB68-427A-A61A-F2A8042597CD@infowarrior.org> NHL Says It's Infringing To Use The Keyword NHL In Your App About The NHL from the descriptive-uses-anyone? dept After recently posting about the NHL's over aggressiveness in claiming that a car dealership saying, "Go Canucks Go!" in its window was infringing, we were contacted by Andrea Dulko, who let us know about her experience. She had created an iOS app called Red Light District, which provides news, highlights and analysis concerning NHL hockey. It's basically an aggregator of information about the NHL. However, Apple forwarded her a complaint, saying that by simply using NHL as a keyword, it was infringing on the NHL's trademark. To put it mildly, this is ridiculous. The use was descriptive and accurate, and there's no likelihood of confusion. No proverbial "moron in a hurry" is going to see a simple app with NHL news and assume it must be from the NHL itself. Either way, Dulko decided to pull the keyword, but she also more or less stopped updating the app. Congratulations, NHL, on taking the fun out of fans promoting you. http://www.techdirt.com/articles/20110507/00584314195/nhl-says-its-infringing-to-use-keyword-nhl-your-app-about-nhl.shtml From rforno at infowarrior.org Wed May 11 09:21:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 May 2011 10:21:36 -0400 Subject: [Infowarrior] - Report on Kabul Bank Corruption Is Classified, Taken Offline Message-ID: (of course it's still available if you know where to look. --- rick) Report on Kabul Bank Corruption Is Classified, Taken Offline http://www.fas.org/blog/secrecy/2011/05/kabul_bank.html May 10th, 2011 by Steven Aftergood An eye-opening report on corruption in the Afghan Central Bank that was issued last March by the Inspector General of the U.S. Agency for International Development was recently removed from the USAID web site after the Agency decided to classify some of its published contents. The now-classified IG report focused on the failure to discover a widespread pattern of fraudulent loans at the Kabul Bank which led to the diversion of $850 million, the near collapse in 2009 of the bank, and an ensuing national crisis. Employees of the Deloitte accounting firm, who were serving as advisers to the bank under contract to USAID, could and should have alerted the U.S. government to early signs of fraud, the Inspector General found, but they did not. (Instead, the U.S. government learned of the bank corruption thanks to a February 22, 2010 story in the Washington Post.) But in the past week or so, the March 16, 2011 USAID Inspector General report (pdf) was abruptly withdrawn from the Agency?s website. Why? Because USAID retroactively classified certain information in the report. ?At the time our report was issued, it was written utilizing information from non-classified sources,? said James C. Charlifue, the chief of staff of the USAID Office of Inspector General. ?After our report had been issued, USAID subsequently classified two documents that were cited in our report. This action resulted in the report becoming classified and we removed it from the web site,? he told Secrecy News. Depending on the precise circumstances, the classification of information that has already been officially released into the public domain is either discouraged or prohibited, not to mention futile. According to executive order 13526 (section 1.7c), declassified information that has already been released can only be reclassified with the written approval of the agency head. Unclassified information that has been formally released and is no longer under U.S. government control is supposed to be beyond the reach of the classification system altogether. A spokesman for USAID did not respond to requests for comment on the decision to classify the information. In the present case, the suppressed IG report remains independently available in its original form. A copy was obtained by Secrecy News. See ?Review of USAID/Afghanistan?s Bank Supervision Assistance Activities and the Kabul Bank Crisis,? USAID Office of Inspector General report, March 16, 2011. Much of the substance of the report was previously reported in ?U.S. Advisers Saw Early Signs of Trouble at Afghan Bank? by Ernesto Londono and Rajiv Chandrasekaran, Washington Post, March 15, 2011; and ?U.S. Agency Ends Accounting Firm?s Afghan Contract? by Alissa J. Rubin and James Risen, New York Times, March 17, 2011. Now that the original report has been formally classified and withdrawn, ?We plan on publishing a non-classified version of the report,? said Mr. Charlifue of the USAID Office of Inspector General, ?which we will place on our web site.? From rforno at infowarrior.org Wed May 11 09:28:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 May 2011 10:28:32 -0400 Subject: [Infowarrior] - Cyberwarfare rules included in Defense bill Message-ID: Cyberwarfare rules included in Defense bill May 10, 2011 - 11:26am By Suzanne Kubota Senior Internet Editor Federal News Radio Within the chairman's mark of the 2012 Defense Authorization bill is language that would allow DoD to carry out clandestine operations in cyberspace against targets located outside the United States and to defend against all attacks on DoD assets. Released Monday, chairman of the House Armed Services Committee, Rep. Howard P. "Buck" McKeon, (R-Calif.) helps to define the Rules of Engagement in cyberspace for the Defense Department, noting "because of the evolving nature of cyber warfare, there is a lack of historical precedent for what constitutes traditional military activities in cyberspace." "In particular, this section (962) would clarify that the Secretary of Defense has the authority to conduct clandestine cyberspace activities in support of military operations pursuant to the Authorization for the Use of Military Force....outside of the United States or to defend against a cyber attack on an asset of the Department of Defense." According to the mark up, terrorists "are increasingly using the internet to exercise command and control," and to spread technical information enabling attacks on U.S. and coalition forces, often from the relative safety of "distributed sanctuaries throughout the world. As a result, military activities may not be confined to a physical battlefield, and the use of military cyber activities has become a critical part of the effort to protect U.S. and coalition forces and combat terrorism globally." The section of the bill expressly "includes the authority to conduct clandestine military activities in cyberspace in support of military operations," where Congress has authorized the use of "all necessary and appropriate force" or to defend against a cyber attack on a DoD asset. Within the bill, there are more than a dozen items slated for funding labeled "cyber". The largest amount goes to DISA with $24,085,000 requested and authorized by the House. < -- > http://federalnewsradio.com/?nid=35&sid=2376861 From rforno at infowarrior.org Wed May 11 13:57:27 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 May 2011 14:57:27 -0400 Subject: [Infowarrior] - Leak Site Directory Message-ID: <50D62245-FFD0-4032-A079-EB326CDB90E6@infowarrior.org> (among others.... --- rick) Leak Site Directory http://leakdirectory.org/index.php/Leak_Site_Directory From rforno at infowarrior.org Thu May 12 07:41:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2011 08:41:58 -0400 Subject: [Infowarrior] - F.C.C. Commissioner Leaving to Join Comcast Message-ID: <9DF39F7D-BCE7-4781-B3C7-70CA778E035F@infowarrior.org> F.C.C. Commissioner Leaving to Join Comcast By EDWARD WYATT http://mediadecoder.blogs.nytimes.com/2011/05/11/f-c-c-commissioner-to-join-comcast/ 8:02 p.m. | Updated WASHINGTON ? Four months after the Federal Communications Commission approved a hotly contested merger of Comcast and NBC Universal, one of the commissioners who voted for the deal said on Wednesday that she would soon join Comcast?s Washington lobbying office. Meredith Attwell Baker, a former Commerce Department official who worked on telecommunications issues in George W. Bush?s administration, announced that she would leave the F.C.C. when her term expires at the end of June. At Comcast, she will serve as senior vice president for government affairs for NBC Universal, which Comcast acquired in January. The announcement drew immediate criticism from some groups that had opposed the Comcast-NBC merger. They said the move was indicative of an ethically questionable revolving door between regulatory agencies and the companies they oversee. The revolving door between government and the lobbyists who seek to influence public policy and legislation on behalf of companies or other organizations was a target of reform by President Obama even before he took office. During the 2008 campaign, he vowed to ?close the revolving door? and ?clean up both ends of Pennsylvania Avenue? with ?the most sweeping ethics reform in history.? Though Ms. Baker was appointed to what is considered an independent regulatory agency, she signed the administration?s ethics pledge upon taking office in July 2009. Under the pledge, she will not be allowed to lobby anyone at the F.C.C. for two years after her departure. In addition, Ms. Baker will not be able to lobby other political appointees at the F.C.C., including other commissioners, for the remainder of the Obama administration, including a second term if the president is re-elected. She faces a lifetime ban on lobbying any executive branch agency, including the F.C.C., on the agreement that Comcast made with the commission as a condition of its approval of the merger with NBC Universal. Ms. Baker can lobby members of Congress immediately upon beginning her new job. ?I am privileged to have had the opportunity to serve the country at a time of critical transformation in the telecommunications industry,? Ms. Baker said in a statement. ?The continued deployment of our broadband infrastructures will meaningfully impact the lives of all Americans. I am happy to have played a small part in the success.? Ms. Baker, one of two Republicans on the five-member commission, recently criticized the speed of the commission?s review of the Comcast-NBC merger, which took 355 days. The F.C.C. voted 4-1 in January for approval, subject to several conditions. ?The NBC/Comcast merger took too long, in my view,? Ms. Baker said on March 2 in a speech to a communications industry group. Noting that that time was similar to the length of other major merger reviews at the commission, she asked whether those reviews were preventing companies from trying to grow through acquisition. ?My concern is that you might walk away,? she told the communications executives, ?and how many other consumer-enhancing and job-creating deals are not getting done today.? Her route of departure was harshly criticized by Craig Aaron, the president and chief executive of Free Press, a media interest group that had opposed the Comcast-NBC merger. Mr. Aaron called the move ?just the latest, though perhaps most blatant, example of a so-called public servant cashing in at a company she is supposed to be regulating.? ?No wonder the public is so nauseated by business as usual in Washington, where the complete capture of government by industry barely raises any eyebrows,? Mr. Aaron said. ?The continuously revolving door at the F.C.C. continues to erode any prospects for good public policy.? Ms. Baker issued statements about her departure through both the F.C.C. and Comcast, but she did not address the revolving door issue in those statements. She did not return a phone call to her F.C.C. office seeking comment. Other interest groups were less vehement in their objections, in part because they viewed Ms. Baker as likely to have voted to approve the Comcast-NBC merger regardless of where her next job would be. Most of her colleagues on the commission wished Ms. Baker well in official statements. ?She?s made our decisions smarter and our policies better,? Julius Genachowski, the chairman of the F.C.C., said. ?I wish her well in her new role at NBC Universal.? Only one F.C.C. commissioner, Michael J. Copps, who voted against the Comcast-NBC merger, expressed surprise at her departure. From rforno at infowarrior.org Thu May 12 07:43:40 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2011 08:43:40 -0400 Subject: [Infowarrior] - Twitpic angers users over copyright grab Message-ID: <948A468E-8BD6-4B3A-ABAC-DA1EF55D51DD@infowarrior.org> 12 May 2011 Last updated at 06:08 ET Twitpic angers users over copyright grab http://www.bbc.co.uk/news/technology-13372982 Picture posting service Twitpic has apologised for seeming to claim copyright on every image users upload. A row blew up over photographs on Twitpic following changes made to the service's terms on 10 May. Many users cancelled their Twitpic accounts because the changes implied that the site was claiming the right to sell pictures without permission. Twitpic defended itself and said the new rules were intended to protect users' photos from abuse by the media. Cash call Twitpic founder Noah Everett apologised via the company blog for the "lack of clarity" in the updated Terms and Conditions. Mr Everett stressed that Twitpic account holders own the copyright on the images and said the terms had been changed again to show "that you still own your content". However, by signing up to Twitpic users also agree to let the service distribute their images to the company's partners. This clause was needed, said Mr Everett, because as Twitpic has grown, a lot of the pictures that people post to it have found their way into reports about newsworthy events. One of the most famous images posted on Twitpic came from January 2009 when a US Airways jet crash landed on the Hudson river. "We've seen this content being taken without permission and misused," wrote Mr Everett. By changing the terms, Twitpic hopes to limit this abuse. In this vein it recently signed an exclusive deal with the Wenn news group to syndicate images posted on Twitpic. The apology and re-write of the terms came too late for many who said they had deleted their accounts and removed their photos. Evidence of how strongly people felt about the issue was seen by the hashtags #twitpic and #delete trending in conjunction on the micro-blogging service. Many also felt that the explanation did little to clear up the ambiguity over who would profit from a newsworthy photo. Mr Everett was pressed for a clearer statement via his account on Twitter. So far he has not replied. Twitpic's terms and conditions are similar to those of many other Twitter picture services such as Yfrog, Flickr and Instagram which all give those firms the right to redistribute images. The row prompted MobyPictures to change its terms to include a specific clause which says it will not try to sell users' images. Twitpic is not the first new media company to irritate its users by changing their terms and conditions. Facebook has weathered several controversial changes as has Apple, Flickr and Google. From rforno at infowarrior.org Thu May 12 08:17:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2011 09:17:56 -0400 Subject: [Infowarrior] - Comcast Users Blocked From The Pirate Bay Message-ID: <281EACB9-87F3-4970-9D96-945D7887BA1B@infowarrior.org> (anyone confirm/deny this? i can't reach it from the house.) Comcast Users Blocked From The Pirate Bay ? Ernesto ? 12/05/2011 http://torrentfreak.com/comcast-blocked-the-pirate-bay-110512/ During the last few hours reports have been trickling in from Comcast subscribers who are unable to access The Pirate Bay website. Although there is no sign that Comcast is actively blocking user access to the largest BitTorrent site on the Internet, something is clearly not in order. The Pirate Bay team have confirmed that they are not the ones who are blocking, and they?re investigating the issue. Starting few hours ago, Comcast subscribers began reporting issues with accessing The Pirate Bay. Although downtime is nothing new for users of the popular BitTorrent site, this time around the connectivity issues appear to be affecting only a select group. Several tests and numerous user reports reveal that Comcast subscribers from all across the United States are unable to connect to The Pirate Bay. The traceroute from Comcast connections stops at thepiratebay.piratpartiet.se, as it?s supposed to, but The Pirate Bay website does not appear. Further tests show that the blockade is not DNS related. What is actually causing the issue is uncertain at this point. Although there?s been a lot of talk about censorship lately, it seems doubtful that this is an intentional blockade on Comcast?s part. That said, there is clearly a mismatch between the Comcast network and The Pirate Bay site which leaves access to the rest of the Internet unaffected. TorrentFreak spoke to The Pirate Bay team who confirmed that there?s a significant drop in visitors from the U.S. They are currently investigating the issue to see if there?s anything they can do on their end. When it comes to BitTorrent blocking, Comcast already has quite a reputation. In 2007 TorrentFreak broke the news that Comcast was actively blocking BitTorrent traffic. Comcast initially denied, but later admitted its wrongdoings. Comcast?s BitTorrent blocking fueled the Net Neutrality debates and eventually resulted in an FCC investigation and various lawsuits. A class action lawsuit was settled by the ISP who reserved a $16 million fund for affected subscribers. In the light of all the previous legal issues it therefore seems unlikely that Comcast has ventured out on its own to block The Pirate Bay website. When there?s more information available on the current issues we?ll update this article. In the meantime Comcast users can access the site through Anonymouse and other proxies. Update: It appears that a subset of Rogers users in Canada have problems accessing the site as well, same with some Optus users in Australia. However, this doesn?t appear to be as widespread as with Comcast. From rforno at infowarrior.org Thu May 12 08:25:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2011 09:25:04 -0400 Subject: [Infowarrior] - Facebook admits hiring PR firm to smear Google Message-ID: <1E31CCE2-C3D9-48A1-970C-465A49270099@infowarrior.org> Facebook admits hiring PR firm to smear Google By Amar Toor posted May 12th 2011 7:33AM http://www.engadget.com/2011/05/12/facebook-admits-hiring-pr-firm-to-smear-google/ It seems like the ongoing rivalry between Facebook and Google has taken a turn for the subversive. Last night, a spokesman for the social network confirmed to the Daily Beast that Facebook paid a top PR firm to spread anti-Google stories across the media and to encourage various outlets to examine allegations that the Mountain View company was violating user privacy. The PR firm, Burson-Marsteller, even offered to help blogger Chris Soghoian write a critical op-ed piece about Social Circle -- a service that allows Gmail users to access information on so-called "secondary connections," or friends of their friends. Social Circle, in fact, seems to have been at the epicenter of Facebook's smear campaign. In a pitch to journalists, Burson described the tool in borderline apocalyptic terms: "The American people must be made aware of the now immediate intrusions into their deeply personal lives Google is cataloging and broadcasting every minute of every day-without their permission." Soghoian thought that Burson's representatives were "making a mountain out of a molehill," so he decided to prod them about which company they might be working for. When Burson refused to spill the beans, Soghoian went public and published all of the e-mails sent between him and the firm. USA Today picked up on the story, before concluding that any claims of a smear campaign were unfounded. The Daily Beast's Dan Lyons, however, apparently forced Facebook's hand after confronting the company with "evidence" of its involvement. A Facebook spokesman said the social network hired Burson to do its Nixonian dirty work for two primary reasons: it genuinely believes that Google is violating consumer privacy and it also suspects that its rival "may be improperly using data they have scraped about Facebook users." In other words, their actions were motivated by both "altruistic" and self-serving agendas, though we'd be willing to bet that the latter slightly outweighed the former. Google, meanwhile, has yet to comment on the story, saying that it still needs more time to wrap its head around everything -- which might just be the most appropriate "no comment" we've ever heard. From rforno at infowarrior.org Thu May 12 11:59:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2011 12:59:36 -0400 Subject: [Infowarrior] - Jim Lehrer retiring from Newshour Message-ID: Alas, one of the last great lights in TV news is stepping down from perhaps the "sanest" and most mature evening news program in the country. --- rick http://www.pbs.org/newshour/aboutus/press_releases/2011/jim-announcement.html May 12, 2011 JIM LEHRER STEPPING DOWN FROM REGULAR ANCHOR ROLE ON PBS NEWSHOUR ARLINGTON, VA (May 12, 2011) -- Jim Lehrer said today that he will take another step toward ending his 36 years of anchoring or co-anchoring the daily public television news broadcast known now as the PBS NEWSHOUR. He said, effective June 6, he will no longer be part of the regular daily anchor rotation team, but he will still appear on many Friday evenings to moderate the weekly analysis of Shields and Brooks; syndicated columnist Mark Shields and New York Times columnist David Brooks. Lehrer said he will also remain involved in the editorial direction of the PBS NEWSHOUR and the program's producer, MacNeil/Lehrer Productions. The decision announced today is part of the program's latest evolution, a process that began in December 2009 with the successful transition from "The NewsHour with Jim Lehrer" to the PBS NEWSHOUR. That move created a multi-anchor team that featured Lehrer plus Senior Correspondents Gwen Ifill, Judy Woodruff, Jeffrey Brown, Ray Suarez and Margaret Warner. That team will continue hosting the broadcast on a rotating basis. The broadcast began in 1975 as The Robert MacNeil Report and went through several transitions to its current form. Lehrer said his decision was based on: -- the complete integration of the NEWSHOUR's on-air and online operations, which has been accompanied by measurable growth in the program's broadcast and digital audiences; -- his complete confidence in the current NEWSHOUR team, both on-and-off-camera, to continue producing the nightly program and its companion website as a haven for "MacNeil/Lehrer Journalism": serious, fair-minded daily reporting steeped in the traditions of the broadcast's co-founders. In announcing today's decision, Lehrer said "I have been laboring in the glories of daily journalism for 52 years--36 of them here at the Newshour and its earlier incarnations--and there comes a time to step aside from the daily process, and that time has arrived." MacNeil said of Lehrer's announcement, "It is the most constructive and graceful exit strategy I have ever seen for someone holding a coveted and senior position in today's media. It guarantees a continued place in today's bewildering media spectrum for a program that will stay devoted to serious journalism." He added that Lehrer's decision to remove his name from the program title helped further establish the PBS identity in the public mind, enhancing the brand name, and it also "recognized the unique freedom and support public broadcasting gave us in creating an alternative form of television journalism and building an audience for it." Linda Winslow, Executive Producer of the PBS NEWSHOUR, said, "I don't know another iconic television anchorperson who would be willing to take his name off the program he helped create--while remaining on the air. Jim's point in doing that was, "We're all on the same team." He wanted to create an enterprise that could be the bedrock for public broadcasting's journalistic future--and I think he's done that." Lehrer has had one of the most distinguished and respected careers in all of broadcast journalism. He has moderated 11 presidential debates, interviewed every U.S. President since Gerald Ford, and won many of the most prestigious awards in journalism, most recently the Chairman's Award at the 2010 News and Documentary Emmy Awards and the National Press Club's Fourth Estate Award, to be presented in the fall. "I am grateful to Jim for the extraordinary contributions he's made to public television," said PBS President and CEO Paula Kerger. "Jim has built a talented team and we're very proud to be the home of PBS NEWSHOUR. As Jim begins the next chapter of his career, we are grateful for his ongoing leadership and his continued presence on Friday nights." "Jim Lehrer and I have been devoted friends and public television colleagues for over thirty-five years," noted Sharon Percy Rockefeller, president and chief executive officer of WETA, the flagship public broadcasting station in the nation's capital and the co-producer of the PBS NEWSHOUR. "He and Robin MacNeil conceived and built the highest quality, longest lasting news hour in all of American television. Millions of viewers worldwide appreciate, as I do, Jim's clear integrity and trademark civility demonstrated in every aspect of his life. He has given monumental public service to our nation, defining the highest ideals of intelligent, responsible journalism and establishing a high standard of excellence that serves as a benchmark for the industry. We are also thankful to Jim for bringing together such a talented team to carry on the fine work of the PBS NEWSHOUR, constantly innovating while upholding the exemplary editorial practices for which the program has earned the respect, admiration and trust of the American people." In October 1975, the half-hour "Robert MacNeil Report," with Jim Lehrer as the Washington correspondent, premiered on Thirteen/WNET New York. Over the next seven years, "The MacNeil/Lehrer Report" (as it was renamed in 1976) won more than 30 awards for journalistic excellence. In September 1983, Lehrer and MacNeil launched their most ambitious undertaking, "The MacNeil/Lehrer NewsHour." The 1995-96 season marked the 20th year of their journalistic odyssey, as well as MacNeil's departure and Lehrer's stewardship of the program as "The NewsHour with Jim Lehrer." In May 2009, the program title changed to "PBS NEWSHOUR" to reflect the program's expanded role as the hub of news and public affairs programming on PBS both online and on air. Since the program's rebranding, the PBS NEWSHOUR has enjoyed steady audience growth. In March 2011, viewing figures for the television program were 16% higher than in March 2010, and the program's digital reach has more than tripled. PBS NEWSHOUR is seen five nights a week on more than 315 PBS stations across the country and is also available online, via public radio in select markets and via podcast. The program is produced by MacNeil/Lehrer Productions, in association with WETA Washington, DC, and WNET.org in New York. Major corporate funding for the PBS NEWSHOUR is provided by Chevron, BNSF Railway, Pacific Life and Intel, with additional support from the Corporation for Public Broadcasting and public television viewers. ### Contact: Tom Goodman - tom at goodmanmedia.com - (917) 846-1507 Anne Bell - abell at newshour.org - (703) 998-2175 From rforno at infowarrior.org Thu May 12 12:07:50 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2011 13:07:50 -0400 Subject: [Infowarrior] - Obama asks FBI director to stay on for two more years Message-ID: <06F9893D-15F5-4361-A3AD-2CA455273F28@infowarrior.org> Obama asks FBI director to stay on for two more years By Sam Youngman - 05/12/11 12:28 PM ET http://thehill.com/homenews/campaign/160859-obama-asks-fbi-director-to-stay-on-for-two-more-years President Obama has asked FBI Director Robert Mueller to stay on as head of the nation's largest crime-fighting agency for another two years. While Mueller would have to be confirmed by the Senate, the agency head, tapped by former President George W. Bush to lead the FBI, is "the gold standard" for leading the bureau, Obama said in a statement. "Given the ongoing threats facing the United States, as well as the leadership transitions at other agencies like the Defense Department and Central Intelligence Agency, I believe continuity and stability at the FBI is critical at this time," Obama said. Mueller came to the FBI just days before the terrorist attacks of Sept. 11, 2001. Obama praised the long-time director for transforming the bureau "into a pre-eminent counterterrorism agency." "He has shown extraordinary leadership and effectiveness at protecting our country every day since," Obama said. "He has impeccable law enforcement and national security credentials, a relentless commitment to the rule of law, unquestionable integrity and independence and a steady hand that has guided the Bureau as it confronts our most serious threats," Obama said. The Senate unanimously confirmed Mueller for the position in 2001. Secretary of Defense Robert Gates is retiring and Obama has nominated CIA Director Leon Panetta to succeed him at the Pentagon. Gen. David Petraeus has been nominated to replace Panetta. From rforno at infowarrior.org Thu May 12 15:06:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2011 16:06:55 -0400 Subject: [Infowarrior] - White House Delivers Cybersecurity Plan To Hill Message-ID: <00E11811-3379-4834-9638-043FC52A8C01@infowarrior.org> White House Delivers Cybersecurity Plan To Hill By Jennifer Martinez and Mike Allen Politico May 12, 2011 at 09:20 GMT-4 (EDT) The White House will formally deliver a cybersecurity legislative proposal to Congress on Thursday morning, including recommended updates to current U.S. cybersecurity laws, a senior administration official told POLITICO. "The administration has taken significant steps to better protect America against cyberthreats, but it has become clear that our nation cannot fully defend against these threats unless certain parts of cybersecurity law are updated," the official said. The White House will formally deliver a cybersecurity legislative proposal to Congress on Thursday morning, including recommended updates to current U.S. cybersecurity laws, a senior administration official told POLITICO. "The administration has taken significant steps to better protect America against cyberthreats, but it has become clear that our nation cannot fully defend against these threats unless certain parts of cybersecurity law are updated," the official said. The Obama administration is eager to work with Congress to enact cybersecurity legislation this year. The White House has been working on its plan for more than two years now. The White House's legislative proposal recommends improvements to the country's "critical infrastructure" and the federal government's networks and computers, according to the official. Suggested improvements to cybersecurity law often raise concerns from advocacy groups about civil liberties and privacy. The official said the White House is eager to hold broad discussions with industry, privacy advocates and the wider community. The White House proposal "strikes a critical balance between strengthening security and preserving privacy and civil liberties protections," the official said. The proposal marks the first major cybersecurity proposal from any administration and, the official told POLITICO, ?we are we are demonstrating President Obama's commitment to addressing complex and systemic national vulnerabilities that place the American people and economy at risk.? The Senate hasn't put forward a cybersecurity bill yet, but Commerce and Homeland Security committee aides have spent more than a year working on a compromise between cyber reform bills introduced last session, including those introduced by Commerce Chairman Jay Rockefeller (D-W.Va.) and Homeland Security Chairman Joe Lieberman (I-Conn.). Sen. Susan Collins (R-Maine), a member of the Homeland Security panel, told POLITICO earlier this month that part of "the holdup has been that the administration has yet to present its plan." Cybersecurity has also captured the attention of Congress after hackers recently breached the systems of both Epsilon and Sony, gaining access to consumers' personal information. The House recently held a hearing on the data breaches. Rockefeller sent a letter to the Securities and Exchange Commission on Wednesday asking that it direct companies to report when hackers may have breached their systems or when their networks have undergone an attack, which his office made public Thursday. On Monday afternoon, the White House plans to hold an event where it will release the administration's international cybersecurity strategy, POLITICO has learned. U.S. Attorney General Eric Holder, Secretary of State Hillary Clinton, Secretary of Commerce Gary Locke and Secretary of Homeland Security Janet Napolitano are expected to attend. The event will be hosted by the administration's Cybersecurity Coordinator Howard Schmidt and Deputy National Security Advisor John Brennan. Source: http://www.politico.com/news/stories/0511/54826.html From rforno at infowarrior.org Thu May 12 15:07:42 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2011 16:07:42 -0400 Subject: [Infowarrior] - Schmidt Remarks: WH Cybersecurity Proposal Message-ID: <3D593A3A-54D2-4C3D-A6BE-686EECF6ECAD@infowarrior.org> The Administration Unveils Its Cybersecurity Legislative Proposal By Howard A. Schmidt White House May 12, 2011 at 14:00 GMT-4 (EDT) Today I am happy to announce that the Administration has transmitted a cybersecurity legislative proposal to Capitol Hill in response to Congress? call for assistance on how best to address the cybersecurity needs of our Nation. This is a milestone in our national effort to ensure secure and reliable networks for Americans, businesses, and government; fundamentally, this proposal strikes a critical balance between maintaining the government?s role and providing industry with the capacity to innovatively tackle threats to national cybersecurity. Just as importantly, it does so while providing a robust framework to protect civil liberties and privacy. Today I am happy to announce that the Administration has transmitted a cybersecurity legislative proposal to Capitol Hill in response to Congress? call for assistance on how best to address the cybersecurity needs of our Nation. This is a milestone in our national effort to ensure secure and reliable networks for Americans, businesses, and government; fundamentally, this proposal strikes a critical balance between maintaining the government?s role and providing industry with the capacity to innovatively tackle threats to national cybersecurity. Just as importantly, it does so while providing a robust framework to protect civil liberties and privacy. When the President released his Cyberspace Policy Review (pdf) almost two years ago, he declared cyberspace as a key strategic asset for the United States and its security just as vital. This legislative proposal is the latest achievement in the steady stream of progress we are making in securing cyberspace and completes another near-term action item identified in the CPR. The Administration proposal helps safeguard your personal data and enhances your right to know when it has been compromised. In addition to educating you on how to protect yourself from cyber threats with the Stop. Think. Connect. campaign, we believe organizations should inform you when your sensitive personal information may have been compromised. This notice not only helps you to protect yourself against harms like identity theft, but also incentivizes organizations to have better data security in the first place. Today, our country has a patchwork of 47 state notification laws. Our proposal simplifies and strengthens this reporting requirement and reaches all Americans. It helps protect our national security by addressing threats to our power grids, water systems, and other critical infrastructure. These systems are the backbone of our modern economy; many are privately owned, but all merit our support in protecting them. The Administration proposal advances the security of our increasingly ?wired? critical infrastructure, strengthens the criminal penalties for hacking into the systems that control these vital resources, and clarifies the ability of companies and the government to voluntarily share information about cybersecurity threats and incidents in a privacy-protective manner. This is behavior we want and need to promote. It helps the U.S. government protect our federal networks, while creating stronger privacy and civil liberties protections that keep pace with technology. Since our Federal systems are under constant pressure by hackers, criminals and other threats, the government needs better tools to detect and prevent those threats. Part of cybersecurity is about finding malicious programs, and stopping their spread before they have any impact. This proposal allows the Department of Homeland Security (DHS) to implement intrusion detection and prevention systems that can help speed our response to these incidents. The Administration proposal also designs a framework for protecting privacy and civil liberties that includes new oversight, reporting requirements, and annual certification to ensure that cybersecurity technologies are used for their intended purpose and nothing more. The Administration?s proposal is one of a number of important steps we are taking towards achieving better cybersecurity. We look forward to working with Congress as it moves forward on this issue. Together, with a shared responsibility to enhance online safety and security, we can ensure cyberspace continues to be an area defined by growth and innovation. Source: http://www.whitehouse.gov/blog/2011/05/12/administration-unveils-its-cybersecurity-legislative-proposal From rforno at infowarrior.org Thu May 12 15:08:52 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2011 16:08:52 -0400 Subject: [Infowarrior] - WH Fact Sheet: New Cybersecurity Law Proposals Message-ID: http://www.whitehouse.gov/the-press-office/2011/05/12/fact-sheet-cybersecurity-legislative-proposal The White House Office of the Press Secretary For Immediate Release May 12, 2011 FACT SHEET: Cybersecurity Legislative Proposal We count on computer networks to deliver our oil and gas, our power and our water. We rely on them for public transportation and air traffic control? But just as we failed in the past to invest in our physical infrastructure ? our roads, our bridges and rails ? we've failed to invest in the security of our digital infrastructure? This status quo is no longer acceptable ? not when there's so much at stake. We can and we must do better. ? President Obama, May 29, 2009 Our critical infrastructure ? such as the electricity grid, financial sector, and transportation networks that sustain our way of life ? have suffered repeated cyber intrusions, and cyber crime has increased dramatically over the last decade. The President has thus made cybersecurity an Administration priority. When the President released his Cyberspace Policy Review almost two years ago, he declared that the ?cyber threat is one of the most serious economic and national security challenges we face as a nation.? The Administration has since taken significant steps to better protect America against cyber threats. As part of that work, it has become clear that our Nation cannot fully defend against these threats unless certain parts of cybersecurity law are updated. Members of both parties in Congress have also recognized this need and introduced approximately 50 cyber-related bills in the last session of Congress. Senate Majority Leader Reid and six Senate committee chairs thus wrote to the President and asked for his input on cybersecurity legislation. The Administration welcomed the opportunity to assist these congressional efforts, and we have developed a pragmatic and focused cybersecurity legislative proposal for Congress to consider. This legislative proposal is the latest achievement in the steady stream of progress we are making in securing cyberspace and completes another near-term action item identified in the Cyberspace Policy Review. The proposed legislation is focused on improving cybersecurity for the American people, our Nation?s critical infrastructure, and the Federal Government?s own networks and computers. Protecting the American People ? National Data Breach Reporting. State laws have helped consumers protect themselves against identity theft while also incentivizing businesses to have better cybersecurity, thus helping to stem the tide of identity theft. These laws require businesses that have suffered an intrusion to notify consumers if the intruder had access to the consumers? personal information. The Administration proposal helps businesses by simplifying and standardizing the existing patchwork of 47 state laws that contain these requirements. ? Penalties for Computer Criminals. The laws regarding penalties for computer crime are not fully synchronized with those for other types of crime. For example, a key tool for fighting organized crime is the Racketeering Influenced and Corrupt Organizations Act (RICO). Yet RICO does not apply to cyber crimes, despite the fact that cyber crime has become a big business for organized crime. The Administration proposal thus clarifies the penalties for computer crimes, synchronizes them with other crimes, and sets mandatory minimums for cyber intrusions into critical infrastructure. Protecting our Nation?s Critical Infrastructure Our safety and way of life depend upon our critical infrastructure as well as the strength of our economy. The Administration is already working to protect critical infrastructure from cyber threats, but we believe that the following legislative changes are necessary to fully protect this infrastructure: ? Voluntary Government Assistance to Industry, States, and Local Government. Organizations that suffer a cyber intrusion often ask the Federal Government for assistance with fixing the damage and for advice on building better defenses. For example, organizations sometimes ask DHS to help review their computer logs to see when a hacker broke in. However the lack of a clear statutory framework describing DHS?s authorities has sometimes slowed the ability of DHS to help the requesting organization. The Administration proposal will enable DHS to quickly help a private-sector company, state, or local government when that organization asks for its help. It also clarifies the type of assistance that DHS can provide to the requesting organization. ? Voluntary Information Sharing with Industry, States, and Local Government. Businesses, states, and local governments sometimes identify new types of computer viruses or other cyber threats or incidents, but they are uncertain about whether they can share this information with the Federal Government. The Administration proposal makes clear that these entities can share information about cyber threats or incidents with DHS. To fully address these entities? concerns, it provides them with immunity when sharing cybersecurity information with DHS. At the same time, the proposal mandates robust privacy oversight to ensure that the voluntarily shared information does not impinge on individual privacy and civil liberties. ? Critical Infrastructure Cybersecurity Plans. The Nation?s critical infrastructure, such as the electricity grid and financial sector, is vital to supporting the basics of life in America. Market forces are pushing infrastructure operators to put their infrastructure online, which enables them to remotely manage the infrastructure and increases their efficiency. However, when our infrastructure is online, it is also vulnerable to cyber attacks that could cripple essential services. Our proposal emphasizes transparency to help market forces ensure that critical-infrastructure operators are accountable for their cybersecurity. The Administration proposal requires DHS to work with industry to identify the core critical-infrastructure operators and to prioritize the most important cyber threats and vulnerabilities for those operators. Critical infrastructure operators would develop their own frameworks for addressing cyber threats. Then, each critical-infrastructure operator would have a third-party, commercial auditor assess its cybersecurity risk mitigation plans. Operators who are already required to report to the Security and Exchange Commission would also have to certify that their plans are sufficient. A summary of the plan would be accessible, in order to facilitate transparency and to ensure that the plan is adequate. In the event that the process fails to produce strong frameworks, DHS, working with the National Institute of Standards and Technology, could modify a framework. DHS can also work with firms to help them shore up plans that are deemed insufficient by commercial auditors. Protecting Federal Government Computers and Networks Over the past five years, the Federal Government has greatly increased the effort and resources we devote to securing our computer systems. While we have made major improvements,[1] updated legislation is necessary to reach the Administration goals for Federal cybersecurity, so the Administration?s legislative proposal includes: ? Management. The Administration proposal would update the Federal Information Security Management Act (FISMA) and formalize DHS? current role in managing cybersecurity for the Federal Government?s civilian computers and networks, in order to provide departments and agencies with a shared source of expertise. ? Personnel. The recruitment and retention of highly-qualified cybersecurity professionals is extremely competitive, so we need to be sure that the government can recruit and retain these talented individuals. Our legislative proposal will give DHS more flexibility in hiring these individuals. It will also permit the government and private industry to temporarily exchange experts, so that both can learn from each others? expertise. ? Intrusion Prevention Systems. Intrusion detection systems are automated sensors that identify cyber intrusions and attacks. Intrusion prevention systems can actually block cyber intrusions and attacks. DHS? Einstein system is one example of an intrusion prevention system, and the proposal makes permanent DHS?s authority to oversee intrusion prevention systems for all Federal Executive Branch civilian computers. Internet Service Providers (ISPs) implement these systems on behalf of DHS, blocking attacks against government computers. The Attorney General currently reviews and provides immunity for those ISPs, as necessary, to provide that service, and the proposal streamlines that process. This only applies to intrusion prevention systems that protect government computers, and the proposal also codifies or adds: strong privacy and civil liberties protections, congressional reporting requirements, and an annual certification process. ? Data Centers. The Federal Government has embraced cloud computing, where computer services and applications are run remotely over the Internet. Cloud computing can reduce costs, increase security, and help the government take advantage of the latest private-sector innovations. This new industry should not be crippled by protectionist measures, so the proposal prevents states from requiring companies to build their data centers in that state, except where expressly authorized by federal law. New Framework to Protect Individuals? Privacy and Civil Liberties The Administration?s proposal ensures the protection of individuals? privacy and civil liberties through a framework designed expressly to address the challenges of cybersecurity. ? It requires DHS to implement its cybersecurity program in accordance with privacy and civil liberties procedures. These must be developed in consultation with privacy and civil liberties experts and approved by the Attorney General. ? All federal agencies who would obtain information under this proposal will follow privacy and civil liberties procedures, again developed in consultation with privacy and civil liberties experts and with the approval of the Attorney General. ? All monitoring, collection, use, retention, and sharing of information are limited to protecting against cybersecurity threats. Information may be used or disclosed for criminal law enforcement, but the Attorney General must first review and approve each such usage. ? When a private-sector business, state, or local government wants to share information with DHS, it must first make reasonable efforts to remove identifying information unrelated to cybersecurity threats. ? The proposal also mandates the development of layered oversight programs and congressional reporting. ? Immunity for the private-sector business, state, or local government is conditioned on its compliance with the requirements of the proposal. Taken together, these requirements create a new framework of privacy and civil liberties protection designed expressly to address the challenges of cybersecurity. Conclusion Our Nation is at risk. The cybersecurity vulnerabilities in our government and critical infrastructure are a risk to national security, public safety, and economic prosperity. The Administration has responded to Congress? call for input on the cybersecurity legislation that our Nation needs, and we look forward to engaging with Congress as they move forward on this issue. From rforno at infowarrior.org Thu May 12 16:13:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2011 17:13:35 -0400 Subject: [Infowarrior] - Pirate Bay reachable again on Comcast Message-ID: <4246668A-95D0-40BD-9BA6-2C0C9781395C@infowarrior.org> Pirate Bay reachable again on Comcast -- rick From rforno at infowarrior.org Thu May 12 16:29:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2011 17:29:49 -0400 Subject: [Infowarrior] - Looking to Speed Security for Frequent Fliers Message-ID: Looking to Speed Security for Frequent Fliers ? By SCOTT MCCARTNEY http://online.wsj.com/article/SB10001424052748703937104576303153769314700.html?mod=WSJ_hps_editorsPicks_3 In what would be a major shift in procedures, the Transportation Security Administration is working on a concept that could let "trusted travelers" keep their shoes on, leave laptops in bags and avoid body scanners altogether?one of the biggest improvements at the airport since 2001. If implemented, the trusted-traveler program would make getting to the gate a little easier. Drawing data from airline frequent-flier programs, the TSA plans to identify trusted travelers and indicate their status with a bar code on their boarding passes, said the agency's administrator, John Pistole. When the boarding pass and valid identification are presented at the security checkpoint, a trusted flier will be directed to the expedited screening line. There would, as with any program, be some exceptions. For example, expedited screening might not be offered to passengers on a flight that has bookings for people on the government's "watch list" of those believed to be associated with terrorism. Also, the program likely will be tailored to specific flights or routes. Expedited screening would be easily available on flights considered low risk, such as regional jet trips to a small city or flights with air marshals on board, Mr. Pistole said. "We still want to keep some randomness and unpredictability in there so terrorists can't game the system,'' Mr. Pistole said. An initial program to give pilots and flight attendants separate screening without body scanners or pat-downs will start this summer. Tests at different airports will follow, TSA said. If the concept moves forward, full implementation of the trusted-traveler program will take much longer, however, officials say. To facilitate the new system, officials say computers and scanners will be rolled out at airport checkpoints later this year to let screeners verify boarding passes, making sure names and flight information are valid. "Let's get away from one size fits all,'' said Mr. Pistole, who took over the TSA last year. "We think we can improve the process and focus more on people we know nothing about.'' Mr. Pistole's predecessors resisted offering lesser screening for frequent fliers for fear of letting terrorists with clean backgrounds board airplanes more easily. But by using airline frequent-flier data, which goes back decades at many airlines, the former FBI deputy director and counterterrorism expert says he believes security can be improved without undue risk. Since the program will be based on travel history, it likely will take time for newly enrolled members in frequent-flier programs to get to "trusted traveler" status. View Full Image That program is welcome news to many travelers who have been clamoring for a trusted-traveler system for years. TSA previously allowed private companies to offer "registered traveler'' programs, such as the Clear program, owned by Verified Identity Pass. But after paying annual fees and submitting personal information to get registered, travelers got minimal benefits?their own line at many airports but the same screening as everyone else. Verified Identity Pass collapsed in bankruptcy in 2009. Such a program would, interestingly, add to the perks of frequent-flier programs. Already, top-level frequent fliers get perks such as upgrades and prime coach seating, earlier boarding, waivers on baggage fees and access to priority lines at security checkpoints. Frequent-fliers would be able to tell airlines that they don't want their information released to the TSA. There have been improvements in another area of security, the no-fly and watch lists of people barred from flying or subjected to secondary screening at checkpoints. Previously, antiterrorism efforts have come under criticism for a lack of coordination among security agencies, especially after a Nigerian man with reported ties to terrorists in Yemen flew on a Detroit-bound plane with a bomb in his pants in 2009. His terrorist connections had been reported to the government but he wasn't added to either the watch list or no-fly list of individuals considered a threat to the aircraft, identified as trained in terrorism or active terrorists. In addition, too many false-positive name matches, including children, U.S. senators and others, provoked outrage among travelers and some in Congress. Since the lists were expanded and agencies began sharing more information after the unsuccessful pants-bombing attempt, the FBI's Terrorism Screening Center, or TSC, said 350 people suspected of ties to terrorists have been denied boarding airline flights. TSA's "Secure Flight" program, which was fully implemented last fall, has really made a difference, officials said. Verifying the full name, birthday and gender information in every airline reservation has reduced the number of people falsely suspected of being among the 12,000 on the no-fly list and the 460,000 people on the "watch list," who likely receive secondary screening. Before, people with the same or similar name to a terrorist or an alias used by a terrorist were regularly snagged for pat-downs and searches. "With name and date of birth, we match 98% of the time," TSC Director Timothy Healy said. View Full Image While better name-matching may have cut down on secondary screenings, full-body scanners have led to a lot more pat-downs and searches at checkpoints, either when travelers refuse the revealing X-ray machines or when they inadvertently set off an alarm. And TSA, which has made the pat-downs far more invasive, said it still conducts secondary screenings randomly or based on other undisclosed criteria. On the whole, TSA said the number of people hit with secondary searches has remained constant at about 3%. Only 450 U.S. citizens are on the no-fly list and 6,000 are on the watch list, Mr. Healy said. Those numbers previously were kept secret, but Mr. Healy said now that the no-fly list and watch list are operating better, he's trying to be more open to dispel myths and build confidence. Mr. Pistole said TSA is also making better use of watch-list information. Each day he gets a report on reservations by people on the watch list traveling the following day, he said. Recently one flight was booked with several passengers on the watch list, and he asked the federal air marshal service to move agents onto the flight. Even the heads of both the TSA and the TSC acknowledge that it is possible to circumvent the no-fly list and watch-list screening process with false identities or other means. Even with the risks, with the new programs, "We do want to do something that acknowledges that virtually everyone who travels is not a terrorist," Mr. Pistole said. Write to Scott McCartney at middleseat at wsj.com From rforno at infowarrior.org Thu May 12 17:36:01 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2011 18:36:01 -0400 Subject: [Infowarrior] - Senate bill amounts to Internet death penalty Message-ID: <90FDEC83-0E5E-4C53-A56B-78E4DDB50719@infowarrior.org> May 12, 2011 3:12 PM PDT Senate bill amounts to Internet death penalty by Declan McCullagh http://news.cnet.com/8301-31921_3-20062398-281.html A new bill backed by movie studios and other large copyright holders takes a novel approach to curbing access to piratical Web sites: an Internet death penalty. That's the best way to describe the approach adopted by the legislation introduced today, which specifies a step-by-step approach to making Web sites suspected of infringing copyrights or trademarks vanish from the Internet. It's called the Protect IP Act. The U.S. Department of Justice would receive the power to seek a court order against an allegedly infringing Web site, and then serve that order on search engines, certain Domain Name System providers, and Internet advertising firms -- which would in turn be required to "expeditiously" make the target Web site invisible. It's not entirely clear how broad the Protect IP Act's authority would be. An earlier draft (PDF) of the legislation would have allowed the Justice Department to order any "interactive computer service" -- a phrase courts have interpreted to mean any Web site -- to block access to the suspected pirate site. But the final version (PDF) refers instead to "information location tool." That's defined as a "directory, index, reference, pointer, or hypertext link," which would certainly sweep in Google, Yahoo, and search engines, and may also cover many other Web sites. This is the main process through which the Internet death penalty is imposed. The Protect IP Act says that an "information location tool shall take technically feasible and reasonable measures, as expeditiously as possible, to remove or disable access to the Internet site associated with the domain name set forth in the order." In addition, it must delete all hyperlinks to the offending "Internet site." In other words, the targeted Web site would start to vanish from the Internet in the United States. Any copyright holder also could file a lawsuit and seek to levy a less dramatic form of Internet punishment, blocking only "financial transactions" and "Internet advertising services" from doing business with the suspected infringer. Sponsors of the Protect IP Act include Judiciary committee chairman Patrick Leahy (D-VT), as well as Orrin Hatch (R-UT), Chuck Grassley (R-IA), Chuck Schumer (D-NY), Dianne Feinstein (D-CA), Sheldon Whitehouse (D-RI), Lindsey Graham (R-SC), Herb Kohl (D-WI), Chris Coons (D-DE), and Richard Blumenthal (D-CT). Leahy said in a statement that his proposal permits law enforcement to "crack down on rogue Web sites dedicated to the sale of infringing or counterfeit goods." The actual bill text, however, doesn't require that the piratical Web site sell anything -- meaning, for example, if Wikileaks were accused of primarily distributing copyrighted internal bank documents, access from the United States could be curbed. The Protect IP Act doesn't appear to require broadband providers (which probably aren't "information location tools") to block the Internet address of the targeted Web site. Which may be why the National Cable and Telecommunications Association applauded the measure in a statement saying its introduction will address "the growing issues of online piracy and illegal content distribution that are hurting America's content industry and consumers." "We want to thank Chairman Leahy, Senator Hatch and the other cosponsors for recognizing the true cost of online content theft and for seeking new tools to effectively enforce U.S. laws on the online marketplace," said Michael O'Leary, executive vice president of the Motion Picture Association of America (PDF). And the U.S. Chamber of Commerce was no less enthusiastic, calling the bill an "enhanced legal tool against 'rogue sites,' which steal American jobs and threaten consumers' health and safety." Sherwin Siy, deputy legal director at Public Knowledge, said: "I can appreciate that the drafters are trying to address some of the overbreadth issues, but I think that the core of the bill remains a problem." And the Computer and Communications Industry Association, which represents some Internet companies, called Protect IP an "Internet censorship bill" under a "new name." The Protect IP Act is a successor to last fall's bill known as COICA, for Combating Online Infringement and Counterfeits Act. That bill used different procedures, but also allowed the government to pull the plug on Web sites accused of aiding piracy. Another bill introduced Thursday would make the illegal streaming of copyrighted works a federal felony, a proposal that follows a White House recommendation in March. From rforno at infowarrior.org Thu May 12 17:37:15 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 May 2011 18:37:15 -0400 Subject: [Infowarrior] - BSA 2010 Piracy Report: Big Numbers, Big Flaws Message-ID: <93E03DBD-CB5F-4AB7-B196-8D2177BE8651@infowarrior.org> BSA 2010 Piracy Report: Big Numbers, Big Flaws Published 11:51, 12 May 11 In the digital world, it seems, there are two certainties: that every year the Business Software Alliance will put out a report that claims huge amounts of software are being ?stolen?; and that the methodology employed by that report is deeply flawed. So, here we go again: < -- > http://blogs.computerworlduk.com/open-enterprise/2011/05/bsa-2010-piracy-report-big-numbers-big-flaws/index.htm From rforno at infowarrior.org Fri May 13 08:20:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 May 2011 09:20:35 -0400 Subject: [Infowarrior] - SAT/PSAT requesting marketing data Message-ID: (the whole article is worth reading -- this is just a snippet about the 'standardized tests' --rick) http://www.bloomberg.com/news/2011-05-13/ivy-league-solicits-students-to-boost-selectivity.html < - > Students who take the PSAT are asked to ?opt-in? to the search service on their exam answer sheets to let schools and scholarship programs provide materials on educational opportunities and financial aid. They are also asked for e-mail addresses, a self-reported grade average, racial or ethnic group, religion and college major. They can also opt out. Parents aren?t required to give consent to answer the questions. SAT test-takers are asked 42 questions including checking off any of 35 sports they have participated or plan to participate in, and desired college size and setting. Colleges don?t have access to questions about parental income, whether the student has a disability and parents? highest level of education. ?What the College Board and ACT have done, under the radar screen of parents and regulators, is turn the teens? educational pursuits into a profit-making opportunity,? said Jeff Chester, executive director of the Center for Digital Democracy, a nonprofit consumer-protection advocacy group in Washington. < - > From rforno at infowarrior.org Fri May 13 08:31:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 May 2011 09:31:36 -0400 Subject: [Infowarrior] - CNBC Special on Cybersrecurity Message-ID: <48874DB3-13B3-4EAC-BD10-B14F18B7C445@infowarrior.org> This should be......interesting. --- rick http://www.cnbc.com/id/42210831 CODE WARS Premieres Thursday, May 26th 9p | 10p | 12a | 1a ET In the United States, we are Internet dependent. Our financial systems, power grids, telecommunications, water supplies, flight controls and military communications are all online ? making them vulnerable to countless attacks by cyber criminals. The goal could be a 10-minute blackout, an attack on our national security, a stock trading glitch or the theft of millions of dollars worth of intellectual property. The FBI has recently made cyber crime a number one priority, one that costs the U.S. an estimated trillion dollars a year. CNBC?s "Code Wars", hosted by Melissa Lee, takes you onto the frontlines of the war on cyber. Cyber attacks are almost impossible to trace, making cyber crime and acts of cyber warfare the ultimate anonymous crime. So how do we protect our systems whose components are largely manufactured abroad? Can our nation's infrastructure be protected from cyber attacks? And how can the U.S. win a war in which conventional rules of combat do not apply? CNBC tackles the tough questions in "Code Wars: America?s Cyber Threat". From rforno at infowarrior.org Fri May 13 08:57:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 May 2011 09:57:17 -0400 Subject: [Infowarrior] - LimeWire Pays RIAA $105 Million, Artists Get Nothing Message-ID: LimeWire Pays RIAA $105 Million, Artists Get Nothing ? Ernesto ? 13/05/2011 http://torrentfreak.com/limewire-pays-riaa-105-million-artists-get-nothing-110513/ In the midst of their jury trial, the company behind the defunct LimeWire client and the RIAA settled their dispute out of court. Limewire will pay $105 million to compensate the major music labels for damages suffered. A moment of justice for the music industry, but not necessarily for the artists. The recouped money is destined for reinvestment in new anti-piracy efforts and will not be used to compensate any artists. According to the injunction that shut down LimeWire last year, the company ?intentionally encouraged infringement,? its software was used ?overwhelmingly for infringement? and the company knew about the ?substantial infringement being committed? by LimeWire users. The evidence further showed that LimeWire marketed its application to Napster users and that its business model depended on mass copyright infringements. Following the injunction LimeWire immediately disabled its file-sharing client, but the trouble for the company was far from over. Record labels and music publishers kept chasing LimeWire demanding compensation for the losses they claim the file-sharing service operator had caused. The labels calculated that the company behind the popular file-sharing client owed them up to a billion dollars, and they filed a claim to collect it. Last week, a New York federal jury trial started, but before this came to an end the two parties agreed to settle the case for $105 million. The RIAA brought in 9,715 tracks as evidence, which means that the amount translates to $10,808 per track instead of the maximum $150,000 the jury could have awarded. The labels are obviously pleased with the outcome of the case. They?ve successfully argued that LimeWire caused both them and their artists significant losses. ?The resolution of this case is another milestone in the continuing evolution of online music to a legitimate marketplace that appropriately rewards creators,? RIAA Chairman Mitch Bainwol said in a comment. Too bad, however, that the RIAA isn?t sharing any of the ?damages? with the artists, to reward them. Despite presenting thousands of artists as victims in the case, none of them are expected to see any of the settlement money in their bank accounts anytime soon. RIAA spokesman Jonathan Lamy previously told TorrentFreak that the ?damages? accrued from piracy-related lawsuits will not go to any of the artists, but towards funding more anti-piracy campaigns. ?Any funds recouped are re-invested into our ongoing education and anti-piracy programs,? he said. Thus far the RIAA has not announced officially how the LimeWire settlement will be spent, but we don?t expect them to steer away from their previous course. This makes today?s decision on compensation a victory for the major labels, but certainly not one for musicians. From rforno at infowarrior.org Fri May 13 18:46:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 May 2011 19:46:54 -0400 Subject: [Infowarrior] - OT: Cloud to the Rescue Message-ID: Well, kinda. :) http://onefte.com/2011/05/14/why-business-loves-the-cloud/ From rforno at infowarrior.org Fri May 13 22:26:26 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 May 2011 23:26:26 -0400 Subject: [Infowarrior] - =?utf-8?q?Disney_Trademarks_=E2=80=9CSeal_Team_6?= =?utf-8?b?4oCz?= Message-ID: Disney Trademarks ?Seal Team 6? By Alex Weprin on May 13, 2011 4:25 PM http://www.mediabistro.com/fishbowlny/disney-trademarks-seal-team-6_b35689 In a perfect example of a big media company looking to capitalize on current events, The Walt Disney Company has trademarked ?Seal Team 6,? which also happens to be the name of the elite special forces team that killed Osama Bin Laden. The trademark applications came on May 3rd, two days after the operation that killed Bin Laden? and two days after ?Seal Team 6? was included in thousands of news articles and TV programs focusing on the operation. Disney?s trademark applications for ?Seal Team 6? cover clothing, footwear, headwear, toys, games and ?entertainment and education services,? among other things. You can read the actual applications here, here and here. Of course, for all we know Disney has been working on an animated feature about a team of anthropomorphic seals in search of adventure, but given the timing of the application that seems? unlikely. From rforno at infowarrior.org Sun May 15 15:44:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 May 2011 16:44:59 -0400 Subject: [Infowarrior] - Donkeys Take Over From DSL as Syria Shuts Down Internet Message-ID: <18C08D3E-C278-4900-9570-6575FE2211F9@infowarrior.org> Donkeys Take Over From DSL as Syria Shuts Down Internet http://www.dbune.com/news/world/6097-donkeys-take-over-from-dsl-as-syria-shuts-down-internet.html Sunday, 15 May 2011 17:10 RAMTHA, Jordan (TML) - The Facebook revolution has retreated from this dusty Jordanian town on the Syrian border. In a bid to quash a rebellion now entering its third month, the Syrian government, perhaps one of the world's most Internet-unfriendly, has shut down pretty much all electronic communications inside the country and to overseas. Cut off from the World Wide Web, protestors, journalists and human rights activists have resorted to communications networks from another era. And for that, Ramtha, a Jordanian town of about 100,000 people 80 kilometers (50 miles) north of the capital of Amman, has become a virtual switchboard for news coming out of Syria, not to mention a swarm of refugees seeking to flee the carnage that has taken some 800 lives across the country, according to a United Nations estimate released last Friday. Facebook and other social media have been widely lauded as the fuse that lit the unrest exploding across the Arab world. But Internet use in Syria has always been severely constrained and the number of people with access to it is very small - about 17% of the country had it in 2010, according to Internet World Stats - even if the government dropped its long-standing ban of Facebook weeks before the unrest broke out. Just across the border from Ramtha, the Syrian town of Dara'a is the birthplace of the Syria rebellion. That began in mid-March when dozens or more youths were detained by security forces for spraying anti-government graffiti. Since then, despite the massive presence of troops and attacks on the city's main mosque, Dara'a remains in turmoil. To get the news outs, activists have been smuggling videos to Jordan through the desert and across a nearly 80-kilometer border Jordan shares with Syria. Some risk approaching the border with Jordanian cellphones to report to the outside world and send clips. It's a dangerous task because the Syrian and Jordanian armies traditionally have the area under heavy surveillance to prevent the smuggling of drugs and weapons into the kingdom or further to the Gulf states. But desperate Syrians have been using a helping hand from smugglers to cross the border, either by walking or on the backs of donkeys, according to residents from Ramtha. Locals have centuries if not millennia of experience eluding officials. "The two cities are connected more than anyone could think. For hundreds of years, the residents of Ramtha and Dara'a have been moving between the two towns easily through the farms and desert area. Now they rediscovered these ancient routes," says Ahmed Kareem, a Jordanian taxi driver from Ramtha. Kareem says several Syrian families escaped the wrath of the military by walking for nearly 24 hours before they were received by residents from Ramtha. The majority are being housed in a public school for the sake of their safety, and away from prying eyes of the media. "We prepared the schools to welcome as many refugees as possible, but the problem is that many want to come but are unable due to the closure," said Kareem. Syria says it has been forced to close the border to prevent foreign elements, who it has blamed for inciting violence, from infiltrating into its territory. Syrian officials indirectly accused Jordan of facilitating entry of foreign elements to stir the public against Bashar al Assad regime. Syria also accused Jordan's Muslim Brotherhood movement of coordinating with its Syria's counterpart to topple the al Assad regime. Those allegations have yet to be proven, but the closure limits the flow of news about what has been taking place in Dara'a, said Abu Abdullah, a Syrian rights activist who spoke to the Media Line by telephone from the city. Syria refuses to allow foreign press into its territories, while those who leave refuse to go on camera for fear of retribution. Last month a Reuters correspondent was arrested after he was found covering the uprising in Dara'a. Dorothy Parvaz, an Al-Jazeera television correspondent, was detained by Syrian authorities and has since reportedly been transferred to Iran. As a result, scores of journalists have flocked to the border point near Ramtha in the hope of catching news on the military operation taking place. But it is not proving to be easy, according to journalist stationed near Jordan's border point. Syrian activists who try to reach the outside world take a serious risk. Abu Abdullah, who asked not to be identified by his real name, uses a Jordanian mobile number to place calls, but to do so he has to get close to the Jordanian border at the risk of getting killed. Among the Jordanian cellular operators, activists say Umnia has the best reception in Dara'a. "As I talk, people are trying to protect me from snipers by holding barrels and other items. This is very dangerous. We are unable to tell the world what is happening," Abdullah said last week as he gave an account of an attack on civilians, including women and children. "As I walked to this spot, I saw three people dead -- a woman, a man and a girl. Nobody was able to save them because of the snipers stationed on rooftops," he said. Activists in Jordan say Syria has arrested a number of Jordanians as they tried to cross into its territories through the regular border crossings. Abdullah Zubi, a Jordanian driver arrested three weeks ago on the border, says Syrian police had one idea about the events. "They asked me to confess that Jordan's intelligence service is behind the attacks. They prepared a confession about role of Jordan's secret service and wanted me to sign it," he told The Media Line a day after he was released on May 11. According to Zubi, Syria has arrested dozens of Jordanians during the past weeks as part of its crackdown on Dara'a. Ramtha residents are concerned that the crisis will have severe economic implications for a city reliant on trade. Ramtha sees dozens of vehicles crossing into Syria or coming into the kingdom laden with goods heading to the kingdom's market or to the oil rich Gulf states. The border crossing has helped thousands of Jordanians make a living. But since Syria sealed the border with Ramtha, the city's streets are void of traffic. It's a double-blow for Ramtha residents, who are also feeling the impact of higher food and energy prices and a slowing Jordanian economy. Many residents say they will have to look some where else to earn a living. For a start, this week, the government has now allowed taxi drivers from Ramtha to operate in other routes in light of continued closure of the borders. Article ? AHN - All Rights Reserved From rforno at infowarrior.org Mon May 16 12:57:18 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 May 2011 13:57:18 -0400 Subject: [Infowarrior] - 2:45PM today - US International Strategy for Cybersecurity Message-ID: (c/o jh) US International strategy for Cybersecurity' today at 2:45 pm EDT Live Stream: http://bit.ly/jsPx5I 2:45 p.m. Secretary Clinton delivers keynote remarks at the release of the Obama administration?s International Strategy for Cyberspace hosted by John Brennan, Assistant to the President for Homeland Security and Counterterrorism, at the White House. (MEDIA DETERMINED BY WHITE HOUSE) White House to unveil cybersecurity strategy May 14, 2011 http://www.physorg.com/news/2011-05-white-house-unveil-cybersecurity-strategy.html The National Cybersecurity & Communications Integration Center (NCCIC) work at their headquarters in Arlington, Virginia, in September 2010. The White House plans to unveil its policy proposals next week for international cooperation in cyberspace. The White House plans to unveil its policy proposals next week for international cooperation in cyberspace. The White House said Friday that it plans to release a policy document -- "US International Strategy for Cyberspace" -- at an event on Monday. "This first-of-its-kind policy document offers our comprehensive vision for the future of international cooperation in cyberspace," the White House said in a statement. It said the document outlines the US agenda "for partnering with other nations and peoples to ensure the prosperity, security, and openness that we seek in our increasingly networked world." The State Department said Secretary of State Hillary Clinton, who has made Internet freedom one of her priorities, will deliver keynote remarks at the event. "The strategy lays out a comprehensive, principled vision for the future of cyberspace," the State Department said. It said Clinton's remarks "will address the role of cyberspace in advancing the full range of US interests and the importance of international cooperation in advancing cyberspace as a foreign policy priority." The White House said other top officials attending the event will include John Brennan, President Barack Obama's counter-terror chief, Attorney General Eric Holder, Commerce Secretary Gary Locke and Homeland Security Secretary Janet Napolitano. The announcement came a day after the White House proposed draft legislation aimed at toughening the defenses of government and private industry against the growing danger from cyberattack. Obama has identified cybersecurity as a top priority of his administration and the White House legislation joins some 50 cyber-related bills introduced during the last session of Congress. The White House bill would require critical infrastructure such as the power, financial and transportation sectors to come up with plans to better protect their increasingly Internet-connected computer networks. The White House is hoping for action by Congress on the bill this year. From rforno at infowarrior.org Mon May 16 14:56:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 May 2011 15:56:22 -0400 Subject: [Infowarrior] - Navy calling on gamers to help with security Message-ID: <9663C218-55E3-4C65-9403-381DC6A45042@infowarrior.org> Navy calling on gamers to help with security By David Nakamura, Published: May 15 http://www.washingtonpost.com/local/navy-calling-on-gamers-to-help-with-security/2011/05/13/AFRYiP4G_print.html To combat Somali pirates, the U.S. Navy has relied on warships, snipers and SEAL teams. Now, it is turning to the heavy artillery: Internet gamers. This month, the Office of Naval Research will roll out the military?s first-ever online war game open to the public, crowd-sourcing the challenges of maritime security to thousands of ?players? sitting in front of their computers. The project ? named MMOWGLI (the acronym for Massively Multiplayer Online Wargame Leveraging the Internet) ? is a video game for policy wonks. It aims to replicate a traditional military strategy session on an exponentially larger scale, bringing together a diverse mix of government and outside experts that would be impossible even in the largest Pentagon conference room. Through virtual simulation and social media tools made popular on Twitter and Facebook, players will work together to respond to a series of make- believe geopolitical scenarios set off when private ships are hijacked off Somalia?s coast. ?We live in an echo chamber,? Lawrence Schuette, the naval research office?s innovation chief, said of the military. ?The challenge is you always want to have an audience that?s diverse in background, diverse in thinking. It?s those intersections where you see creativity occurring. The advantage of online crowd-sourcing is obvious: You have many more intersections and many more diverse backgrounds.? Thanks in part to pre-launch publicity, more than 7,000 people have signed up for MMOWGLI, far beyond the 1,000 that developers had anticipated for the $450,000 pilot project. Programmers from the Institute for the Future, a nonprofit based in Palo Alto, Calif., that is making the software, have postponed the launch date to be sure the game has enough capacity. Schuette stressed that his office is more interested in building technology that can be used for research across military platforms than it is in generating groundbreaking anti-piracy policy. But piracy experts welcomed the exercise as a much-needed thought experiment. ?It is such a complex issue that has to do with local dynamics on the ground, governance, financial flows,? said Jennifer Cooke, director of the Africa Program at the Center for Strategic and International Studies. ?There is no single way to approach piracy in that area. ?Naval experts do not know the tools that Treasury can bring to bear,?? she said. ?Likewise, a Somali expert might not have knowledge of what possible mari time strategies commercial shippers are able to employ.? Innovate and Defend MMOWGLI lacks the high-tech, shoot ?em up graphics of commercial video games. Video clips and storyboards will prompt players to envision scenarios. For example: ?Three pirate ships are holding the world hostage. Chinese-U.S. relations are strained to the limit and both countries have naval ships in the area. Humanitarian aid for rig workers is blocked. The world is blaming the U.S. for plundering African resources.? Players are then confronted with two boxes ? Innovate and Defend ? asking what new resources could ?turn the tide? and what risks might result. In the first round, players are limited to proposing Twitter-length, 140-character solutions, and the crowd votes on their favorite ideas, similar to ?liking? something on Facebook, said Jason Tester, a game designer from the Institute for the Future. In ensuing rounds of the three-week game, teams will form around the most popular ideas and develop in-depth action plans. It is all part of the Navy?s attempt to exploit the benefits of online ?gamification,? the increasingly popular strategy of employing game-play mechanics in non-game situations to influence behaviors and direct people to a desired outcome. Last year, the World Bank hosted a virtual game called EVOKE, centered around an online graphic novel whose characters prompted gamers to respond to imagined worldwide catastrophes, such as famine in Japan. Aimed initially at college students in South Africa, the game went viral: 19,324 people from more than 150 countries registered to play, submitting 23,500 blog entries, 4,700 photos and 1,500 videos, said Robert Hawkins, a senior education specialist at the World Bank who helped develop the game. ?If you look at user-generated innovation, it?s already happening in the private sector,? Hawkins said. The theory is that ?those closest to the ground and action have the best ideas as to what will work best.? Practical vs. trendy But as anyone who has spent time in an online chat room knows, moderating the debate against online bullies and sifting through thousands of comments to find quality ideas can be nearly impossible. During the EVOKE project, players coalesced around proposals that were unsustainable, such as floating greenhouses that would produce food 25 times too expensive to afford, said Rex Brynen, a professor of political science at McGill University in Montreal who blogs on strategic gaming. ?There was not enough quality control,? Brynen said of EVOKE. ?Trendy development ideas that appeal to the 15- to 30-year-old age demographic catch on because they?re trendy, not because there is proof they would work.? Hawkins dismissed the criticism, noting that the World Bank was using ?nascent technology? to envision the world 10 years in the future. ?By no means were we proposing that the solutions outlined in a fictional story in 2020 are things the World Bank advocates,? he said. ?What we wanted to do was inspire people and get them thinking about the possible.? Schuette, of the naval research office, said his team is aware of the potential pitfalls of throwing out policy development to a nameless, faceless crowd. A dozen members of the Naval Postgraduate School, which is hosting the MMOWGLI Web site, will monitor the game around the clock, Schuette said. Developers hope that MMOWGLI can help break down rigid military hierarchies by allowing players to remain anonymous. ?That?s old hat online, but it?s radically new to the military,? Tester said. ?Everyone is looking forward to seeing if the winning team could be a four-star admiral, a Naval Academy cadet and someone from a nonprofit collaborating with each other.? ? The Washington Post Company From rforno at infowarrior.org Mon May 16 15:02:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 May 2011 16:02:23 -0400 Subject: [Infowarrior] - PDF of WH International Strategy for Cybersecurity Message-ID: <355748D6-5423-413B-B6AA-F667E25B23A0@infowarrior.org> PDF of the strategy document http://www.whitehouse.gov/sites/default/files/rss_viewer/international_strategy_for_cyberspace.pdf) WH Blog Entry by Howard Schmidt http://www.whitehouse.gov/blog/2011/05/16/launching-us-international-strategy-cyberspace From rforno at infowarrior.org Mon May 16 17:59:07 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 May 2011 18:59:07 -0400 Subject: [Infowarrior] - =?windows-1252?q?Leahy=92s_Protect_IP_Act=3A_Why_?= =?windows-1252?q?Internet_content_wars_will_never_end?= Message-ID: <56D036D0-EAA9-438F-BDC8-F0F56B530A03@infowarrior.org> Larry Downes Leahy?s Protect IP Act: Why Internet content wars will never end May. 16 2011 - 2:29 am | 781 views | 0 recommendations | 0 comments http://blogs.forbes.com/larrydownes/2011/05/16/leahys-protect-ip-act-why-internet-content-wars-will-never-end/ The media industries, everyone agrees, are in the fight of their lives. These businesses rely for profitability on the controlled distribution of information goods whose individual copies have a marginal cost that keeps getting closer to zero. But new media killer apps keep coming, and each of them challenges anew the ability of rights holders to maintain control. So far, Bit Torrent, cloud computing, YouTube, Limewire, Napster, and Google Books have each been vilified as the ultimate enemy?until the next one came along. It is now clear that the true enemy of traditional media, still unbloodied, is the Internet itself. The remarkable ability of digital technology to reduce the transaction costs of information exchanges of all kinds has destroyed the business models, if not the businesses, on which content providers have operated successfully since at least the 18th century. That?s when the first copyright law was passed in England. The focus on ?media? in the very name of the industry belies its reliance on the limited life of physical copies as the key control mechanism. But as physical copies are replaced by faster, better, and cheaper digital alternatives, control becomes more illusory. The entrenched providers are growing desperate. A full-scale war between content distributors and everyone else has been raging in earnest for over a decade. Both sides have seen theirs share of victories, defeats, and casualties?some in the market, others in the courts. Like many messy conflicts, it has dragged in many once-neutral parties, including device manufacturers, network operators, and consumers. Today it is a battle fought on many fronts. There?s litigation and there?s legislation, as well as both private and public enforcement of copyright, trademark, patents and licensing. There are threats, which are often followed by pleas. Trade associations, including the RIAA and MPAA, as well as book, magazine and newspaper publishers, alternate between hubris and pathos. Both sides are in a technological arms race. The content industries, for example, have invented cryptographic and other digital rights management systems. The Internet, at the same time, offers users increasingly advanced peer-to-peer file sharing networks, open, robust media file standards and jailbreaking technologies that undo the most sophisticated technical controls on purchased or leased digital ?copies.? < -- > From rforno at infowarrior.org Mon May 16 18:01:37 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 May 2011 19:01:37 -0400 Subject: [Infowarrior] - 5 Questions with Eli Pariser, Author of 'The Filter Bubble' Message-ID: <589A7931-DF37-40A1-BF38-DAEEF19DB8AE@infowarrior.org> 5 Questions with Eli Pariser, Author of 'The Filter Bubble' By Bryan Walsh on May 16, 2011 http://techland.time.com/2011/05/16/5-questions-with-eli-pariser-author-of-the-filter-bubble/ Eli Pariser is no enemy of the Internet. The 30-year-old online organizer is the former executive director and now board president of the online liberal political group MoveOn.org. But while Pariser understands the influence of the Internet, he also knows the power of online search engines and social networks to control exactly how we get information?for good and for ill. In his new book The Filter Bubble, Pariser explores the ways that personalization?the growing practice of Facebook and Google to craft our online experiences according to our supposed interests?can cloud our ability to see the world clearly. Pariser spoke with TIME's Bryan Walsh about the book, the politics of personalization and how to ensure that you don't end up in a search engine ghetto. TIME: What started you on the journey to writing The Filter Bubble? Pariser: I was taking a couple of days to get my head around how the way that information online was changing and I came across that post from Google about personalized search at the end of 2009. Immediately I went to Google and started tinkering around, seeing how different the search results were. I was really shocked by the degree of difference. This was like a completely different world from one person to another. That got me interested. At first I just wrote down some notes, but it just kept gnawing at me that this was kind of a big deal, and then I started to notice that Facebook was doing. The New York Times was investing on this News.me site that would do it for news. I realized that all of the profit incentive point in the direction of doing this as much as possible. There's no reason to expect we wouldn't keep seeing more and more of this. And it got me worried. TIME: What's the downside to personalization? After all, the search engines and social networks are doing it because they say it will deliver a more useful Internet experience, one that helps automatically cut through all the data out there. Pariser: For one thing it's invisible. People have always sought our news that fits their own views. But when you turn on MSNBC or Fox News you know something is being left out. And the problem with the way that this is all happening is that most people don't even know this kind of filtering is happening at all. The idea that these companies are deciding and editing out some results isn't obvious, and so you don't know what's being left out, and you don't have a good picture of the world. The second problem is that what I call "autopropaganda." You are basically indoctrinating yourself with your own views and you don't even know it. You don't know what you see is the part of the picture that reflects what you want to see, not the whole picture. And there are consequences for democracy. To be a good citizen, it's important to be able to pout yourself in other people's shoes and see the big picture. If everything you see is rooted in your own identity that becomes difficult or impossible. TIME: What about the privacy ramifications here? If they're going to personalize your search, they need to have personal data in the first place. Are these companies trustworthy? Pariser: I would say no. They haven't really grappled with the real responsibilities they have to the people that depend on them to provide these services. For example, given that all of these services rely on the data that a customer reveals to these companies, it is only reasonable to allow customer to see what data they give and have some control over it. Whether it's Facebook or Google or the other companies, that basic principle that users should be able to see and control information about them that they themselves have revealed to the companies is not baked into how the companies work. But it's bigger than privacy. Privacy is about what you're willing to reveal about yourself. But here the question is, what is revealed to you about the world, based on who you are. It's even more pernicious in a way. You are seeing essentially an edited worldview based on this personal information that you have no control over. TIME: I'm often struck by the way techies talk almost in the passive tense about these advances. Marissa Mayer says, ?Search will be personalized,? as if no one's really doing this, as if it's just happening on its own. There's a sense of well, things go up and then they fall down?as opposed to the idea this is a human-designed system that could presumably be changed. Pariser: That always frustrates me because there is a strong strand that technology is going in this direction and we are just helping it along its way. And I think that kind of argument is really dangerous because it absolves people of the responsibility of thinking about the consequences of what they're doing. Morally we know that's a problematic place to be. We need these folks to recognize that there are big forks in the road here and very different ways this can all play out. What they do in the next few years could make a huge difference. TIME: So what can you do to escape your own filter bubble? Pariser: I think the first part is to understand and to notice when this is happening and where it's happening. One of the sort of scariest things about the filter bubble is the unknown unknown, the fact that because you don't know on what basis you're seeing stuff, you don't know what you're missing. As you become conscious about that, you can keep an eye out for the things you're missing. The second thing is that, certainly, there is some individual responsibility here to really seek out new sources and people who aren't like you. The more you do that, the more you evade these filters. If you're on Google News and you click on MSNBC and Fox you get a better picture. But in the end a lot of this does come down to these companies kind of accepting responsibility for the editing that they are doing and doing it in a better way. Letting Google and Facebook know that you want them to do that, I think that is the pressure that in the end will make them decide to take this seriously. From rforno at infowarrior.org Tue May 17 07:30:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 May 2011 08:30:25 -0400 Subject: [Infowarrior] - more on ... 5 Questions with Eli Pariser, Author of 'The Filter Bubble' References: <20110516232002.62E7433D08@absinthe.tinho.net> Message-ID: <9E0FB7A3-5978-47BE-A534-9331A14CAAC1@infowarrior.org> Begin forwarded message: > From: dan > > This is, in a core way, exactly the point. I don't care about > the bias of a writer for this or that newspaper -- the bias > that matters, the bias that changes everything, is that the > richness of available content has overwhelmed our ability to > see it all or for a content provider to lay out the true reach > of his wares in his stall at the bazaar. As such, the content > provider can have nothing on his table that isn't completely > true and still be overwhelmingly biased because the bias is > embedded in the selection of what stories to run, not in how > to write the stories. This is why I loathe NPR and why I find > the existence of Fox necessary if often unseemly -- story selection. > > Q: What is the single most persuasive example of this in the > print media? > A: Which letters-to-the-editor get printed. > > > I could go on and on this but it is now impossible to avoid the > need for selection and impossible, in that flood of content, to > even assess the selection bias that must be present. The null > hypothesis is now that bias exists, not that it doesn't. That > is a fundamental inflection point. > > There is so much to say here... From rforno at infowarrior.org Tue May 17 07:46:12 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 May 2011 08:46:12 -0400 Subject: [Infowarrior] - OpEd: A Conflict Without End Message-ID: A Conflict Without End Published: May 16, 2011 http://www.nytimes.com/2011/05/17/opinion/17tue1.html Osama bin Laden had been dead only a few days when House Republicans began their efforts to expand, rather than contract, the war on terror. Not content with the president?s wide-ranging powers to pursue the archcriminals of Sept. 11, 2001, Republicans want to authorize the military to pursue virtually anyone suspected of terrorism, anywhere on earth, from now to the end of time. This wildly expansive authorization would, in essence, make the war on terror a permanent and limitless aspect of life on earth, along with its huge potential for abuse. The Authorization for Use of Military Force, approved by Congress a week after Sept. 11, 2001, gives the president the power to go after anyone who committed or aided in the 9/11 attacks, or who harbored such people, to prevent acts of terrorism. It was this document that authorized the war in Afghanistan and the raid on Bin Laden?s compound. A new bill, approved last week by the House Armed Services Committee and heading for the floor this month, would go much further. It would allow military attacks against not just Al Qaeda and the Taliban but also any ?associated forces that are engaged in hostilities against the United States.? That deliberately vague phrase could include anyone who doesn?t like America, even if they are not connected in any way with the 2001 attacks. It could even apply to domestic threats. It allows the president to detain ?belligerents? until the ?termination of hostilities,? presumably at a camp like the one in Guant?namo Bay, Cuba. Since it does not give a plausible scenario of how those hostilities could be considered over, it raises the possibility of endless detention for anyone who gets on the wrong side of a future administration. The bill, part of the National Defense Authorization Act, was introduced by the committee chairman, Howard McKeon of California, who said it simply aligns old legal authorities with current threats. We?ve heard that before, about wiretapping and torture, and it was always untrue. These powers are not needed, for current threats, or any other threat. President Obama has not asked for them (though, unfortunately, the administration has used a similar definition of the enemy in legal papers). Under the existing powers, or perhaps ignoring them, President George W. Bush abused his authority for many years with excessive detentions and illegal wiretapping. Those kinds of abuses could range even more widely with this open-ended authorization. As more than 30 House Democrats protested to Mr. McKeon, a declaration of ?global war against nameless individuals, organizations, and nations? could ?grant the president near unfettered authority to initiate military action around the world without further Congressional approval.? If a future administration wanted to attack Iran unilaterally, it could do so without having to consult with Congress. This measure is unnecessary. The Bush administration demonstrated how dangerous it could be. The Democrats were right to demand the House conduct hearings on the measure, which was approved with little scrutiny. If it passes, the Senate should amend it out of existence, and President Obama should make clear he will veto it. From rforno at infowarrior.org Wed May 18 20:21:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 May 2011 21:21:46 -0400 Subject: [Infowarrior] - SCADA hack talk canceled after U.S., Siemens request Message-ID: <7B09F3BD-D8FA-446A-BAB2-2E2145EE82A4@infowarrior.org> May 18, 2011 4:10 PM PDT SCADA hack talk canceled after U.S., Siemens request by Elinor Mills http://news.cnet.com/8301-27080_3-20064112-245.html The researchers were scheduled to give their talk at the TakeDown Conference in Dallas today. Two researchers say they canceled a talk at a security conference today on how to attack critical infrastructure systems, after U.S. cybersecurity and Siemens representatives asked them not to discuss their work publicly. "We were asked very nicely if we could refrain from providing that information at this time," Dillon Beresford, an independent security researcher and a security analyst at NSS Labs, told CNET today. "I decided on my own that it would be in the best interest of security...to not release the information." Beresford said he and independent researcher Brian Meixell planned on doing a physical demonstration at the TakeDown Conference and shared their slides and other information on vulnerabilities and exploits with Siemens, ICS-CERT (Industrial Control Systems Cyber Emergency Response Team), and the Idaho National Lab on Monday. ICS-CERT could not be reached for comment late today, and a U.S.-based representative for Siemens, a German company, did not respond to a call or e-mail. Siemens was expected to make a statement on Thursday, according to Beresford. Earlier in the day, an organizer of the conference said that it was Siemens and the Department of Homeland Security that had requested that the researchers hold off on their talk. The presentation was entitled "Chain Reactions--Hacking SCADA" (supervisory control and data acquisition), which is technology used in manufacturing and critical-infrastructure systems. About 300 people were registered to attend the TakeDown Conference, which is happening today and tomorrow in Dallas. "Combining traditional exploits with industrial control systems allows attackers to weaponize malicious code, as demonstrated with Stuxnet. The attacks against Iran's nuclear facilities were started by a sequence of events that delayed the proliferation of nuclear weapons," a summary of the talk says. "We will demonstrate how motivated attackers could penetrate even the most heavily fortified facilities in the world, without the backing of a nation state. We will also present how to write industrial grade malware without having direct access to the target hardware. After all, if physical access was required, what would be the point of hacking into an industrial control system?" Last year's Stuxnet was believed to be the first malware designed specifically to target industrial control systems. Experts say it was written to seek out particular Siemens software and was likely aimed at sabotaging Iran's nuclear program. News of the cancellation first spread on Twitter, when another presenter at the conference, Jayson Street, tweeted: "Since DHS just banned next speaker from giving his talk [on SCADA] I'm up next!" However, Beresford said they were merely asked to not give the talk. "Dillon was not threatened or prevented from speaking. Rather, he made the decision based on the potential negative impact to human life and the fact that the vendor's proposed mitigation had failed," NSS Labs Chief Executive Rick Moy said in an e-mail. "ICS-CERT has done a great job of assisting us with this process, and we look forward to Siemens being able to address the issue for their customers." Updated 5:53 p.m. PT with clarification that it was ICS-CERT that was involved; adds more details and comment from researcher. From rforno at infowarrior.org Thu May 19 07:32:06 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 May 2011 08:32:06 -0400 Subject: [Infowarrior] - Top US Cybersecurity Official Resigns Message-ID: <2CD1544F-9D15-4CE5-8742-4BF69B6167BB@infowarrior.org> Top Cybersecurity Official Resigns Phil Reitinger, the point man on cybercrime at Homeland Security, decides it's time to move on. By Marc Ambinder Updated: May 18, 2011 | 4:32 p.m. May 18, 2011 | 2:23 p.m. http://www.nationaljournal.com/whitehouse/top-cybersecurity-official-resigns-20110518 The National Cybersecurity Communications Integration Center (NCCIC). Phil Reitinger's departure as top cybersecurity official at the Department of Homeland Security comes at a time when the administration has offered guidance to Congress on a cybersecurity bill. Phil Reitinger, the Department of Homeland Security?s top cyber and computer crimes official, is resigning just days after the administration launched its most ambitious cybersecurity initiative. ?I have decided that the time has come for me to move on from the Department,? Reitinger wrote in an e-mail to DHS employees this afternoon. Reitinger, who, as deputy undersecretary in DHS?s National Protection and Programs Directorate, was the department?s senior interagency policymaker, said in an interview with National Journal that the timing of his announcement was not meant to signal any disapproval with the White House. ?I am fully supportive of the direction the administration is going. Because there has been a recent spate of announcements, because I think we?ve made a lot of progress, because I think we?ve built a good team, now is the time for me to leave some of the execution and further development to the team,? he said. Reitinger said he wants to spend the summer with his family ? he has young children and he?s been working in cyber security ?since they were born.? He will step down on June 3. On Monday, four Cabinet secretaries unveiled a joint strategy for international cybersecurity coordination, and last week, the administration sent detailed legislative guidance to Congress on a number of critical issues. Reitinger told National Journal he is most proud of the team he put together. His biggest concern upon departure, he said, is the ?challenge? of ?keeping cyber on the front burner.? ?It?s easy to say, 'well, we?ve made progress, let?s go do something else.' We cannot do that. We have to stay focused like a laser beam,? Reitinger said. The DHS cyber team has monitored a surge of major cyber attacks in the private sector, with crises like the penetration of Google by Chinese hackers, aggressive attempts to break into NASDAQ?s computers, and most recently, an audacious but simple infiltration of RSA, a top cybersecurity company perhaps best known for its SecurID computer security product. ?Phishing? ? in which hackers use spam to lure their targets into opening up hidden malware on their work computers, giving up access to larger networks, remains the favorite tool of cyber-criminals. Some in Congress want to elevate the position Reitinger held to a Senate-confirmable deputy with broader powers, and to give DHS?s cybersecurity programs their own directorate. Since DHS was given the responsibility to protect the homeland from cyber threats, as well as direct authority to protect dot.gov domains from intrusions, it has competed for resources and attention with the Department of Defense, which stood up an entire cyber command and has the mighty computers of the National Security Agency at its fingertips. In October, DHS signed a groundbreaking memorandum of agreement with the Department of Defense, a statement of principles acknowledging that while the different departments had different legal duties, ?we want to be able to work together as one team.? In practice, that means that DHS and DOD cyber scientists and engineers work at each other?s facilities. Reitinger participates in a weekly secure video teleconference with officials from the Pentagon and other agencies. The domestic-focused orientation of senior DHS cyber managers conflicts with the military bearing of DoD cyber warriors, and concerns about data storage, privacy, and threats that cross domains continue to vex policymakers. Also, DHS wants to hire the best cybersecurity engineers and scientists, and has boosted pay in order to make the jobs more attractive than those in the private sector, which anticipates billions of dollars worth of growth in the cyber-protection realm. DHS?s National Cyber Security Division provides warning and advice to the government and private sector about potential threats through its National Cybersecurity and Communications Integration Center, runs exercises to test the government?s response to major intrusions, and has completed guidelines for the feds to follow in the event of a cyber-emergency. Reported friction between DHS and other government agencies has diminished under the watch of White House senior director for cyber policy Howard Schmidt, who was charged by President Obama with de-conflicting and streamlining cyber response and policy priorities associated with it. Last week, Schmidt sent to Congress detailed guidance from the White House about legislation to establish a formal way to protect and certify the nation?s critical private infrastructure, as well as formally give DHS authority over the dot.gov domain. Rand Beers, Reitinger?s direct superior at DHS, wrote in an e-mail to employees that Reitinger?s ?leadership, intellectual rigor, enthusiasm, and commitment to the mission and the people of NPPD have been a central feature in making our organization better. I, in particular, will miss him as a true partner in our work here. But we all move on eventually and organizations have to adapt.? Correction: an early version of this article misstated the number of children Reitinger has and the number of participants on a weekly video conference call. From rforno at infowarrior.org Thu May 19 07:40:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 May 2011 08:40:59 -0400 Subject: [Infowarrior] - Secret Service Official Posts "Tweet" Taking Aim At Fox News Message-ID: <8151FC67-B394-40D0-BBF6-D006681757EE@infowarrior.org> (The USSS is a smart group of people, imho. --- rick) No Secrets On Twitter: Secret Service Official Posts "Tweet" Taking Aim At Fox News by Mike Levine | May 18, 2011 http://politics.blogs.foxnews.com/2011/05/18/no-secrets-twitter-secret-service-official-posts-tweet-taking-aim-fox-news#ixzz1MjyuaDYQ Control. Alt. Delete! Little more than a week after the U.S. Secret Service launched its official Twitter account, the federal law enforcement agency has had a major system failure. Shortly after 3 p.m. Wednesday, the Secret Service's account declared on the social media site: "Had to monitor Fox for a story. Can't. Deal. With. The. Blathering." The posting was quickly removed, but within a half-hour dozens of other Twitter users had already begun re-posting -- or "re-Tweeting" -- the message. "Love the Secret Service tweets!" one Twitter user said. Earlier in the day, Fox News had been covering the story of Vito LaPinta, the 13-year-old from Tacoma, Wash., who was recently visited by a Secret Service agent for posting a message on Facebook suggesting President Obama should watch out for terrorist attacks in the wake of Usama bin Laden's killing. LaPinta's mother was not present when the Secret Service interviewed her son, a move she decried as inappropriate. On the Twitter post, a spokesman for the Secret Service explained that "an employee with access to the Secret Service's Twitter account ... mistakenly believed they were on their personal account" and posted "an unapproved and inappropriate tweet." "The tweet did not reflect the views of the U.S. Secret Service and it was immediately removed. We apologize for this mistake, and the user no longer has access to our official account," spokesman Ed Donovan said in a statement to Fox News. "Policies and practices which would have prevented this were not followed and will be reinforced for all account users. We will ensure existing policies are strictly adhered to in order to prevent this mistake from being repeated, and we are conducting appropriate internal follow-up." The Secret Service launched its Twitter account May 9. "By using social media sites, we hope to supplement our recruitment efforts, while providing an informative, helpful tool to businesses and individuals who are interested in information from our agency," Secret Service Assistant Director Mickey Nelson said in a statement at the time. He called the internet "a valuable resource for people all over the world." From rforno at infowarrior.org Thu May 19 07:58:37 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 May 2011 08:58:37 -0400 Subject: [Infowarrior] - Is Thomas Drake an enemy of the state? Message-ID: <3B9DB054-A151-4D73-88D3-C3C50021181C@infowarrior.org> Well worth reading the whole thing. ---- rick A Reporter at Large The Secret Sharer Is Thomas Drake an enemy of the state? by Jane Mayer May 23, 2011 Drake, a former senior executive at the National Security Agency, faces some of the gravest charges that can be brought against an American citizen. Photograph by Martin Schoeller. On June 13th, a fifty-four-year-old former government employee named Thomas Drake is scheduled to appear in a courtroom in Baltimore, where he will face some of the gravest charges that can be brought against an American citizen. A former senior executive at the National Security Agency, the government?s electronic-espionage service, he is accused, in essence, of being an enemy of the state. According to a ten-count indictment delivered against him in April, 2010, Drake violated the Espionage Act?the 1917 statute that was used to convict Aldrich Ames, the C.I.A. officer who, in the eighties and nineties, sold U.S. intelligence to the K.G.B., enabling the Kremlin to assassinate informants. In 2007, the indictment says, Drake willfully retained top-secret defense documents that he had sworn an oath to protect, sneaking them out of the intelligence agency?s headquarters, at Fort Meade, Maryland, and taking them home, for the purpose of ?unauthorized disclosure.? The aim of this scheme, the indictment says, was to leak government secrets to an unnamed newspaper reporter, who is identifiable as Siobhan Gorman, of the Baltimore Sun. Gorman wrote a prize-winning series of articles for the Sun about financial waste, bureaucratic dysfunction, and dubious legal practices in N.S.A. counterterrorism programs. Drake is also charged with obstructing justice and lying to federal law-enforcement agents. If he is convicted on all counts, he could receive a prison term of thirty-five years. The government argues that Drake recklessly endangered the lives of American servicemen. ?This is not an issue of benign documents,? William M. Welch II, the senior litigation counsel who is prosecuting the case, argued at a hearing in March, 2010. The N.S.A., he went on, collects ?intelligence for the soldier in the field. So when individuals go out and they harm that ability, our intelligence goes dark and our soldier in the field gets harmed.? Top officials at the Justice Department describe such leak prosecutions as almost obligatory. Lanny Breuer, the Assistant Attorney General who supervises the department?s criminal division, told me, ?You don?t get to break the law and disclose classified information just because you want to.? He added, ?Politics should play no role in it whatsoever.? When President Barack Obama took office, in 2009, he championed the cause of government transparency, and spoke admiringly of whistle-blowers, whom he described as ?often the best source of information about waste, fraud, and abuse in government.? But the Obama Administration has pursued leak prosecutions with a surprising relentlessness. Including the Drake case, it has been using the Espionage Act to press criminal charges in five alleged instances of national-security leaks?more such prosecutions than have occurred in all previous Administrations combined. The Drake case is one of two that Obama?s Justice Department has carried over from the Bush years. Gabriel Schoenfeld, a conservative political scientist at the Hudson Institute, who, in his book ?Necessary Secrets? (2010), argues for more stringent protection of classified information, says, ?Ironically, Obama has presided over the most draconian crackdown on leaks in our history?even more so than Nixon.? < - big cut - > http://www.newyorker.com/reporting/2011/05/23/110523fa_fact_mayer?printable=true¤tPage=all From rforno at infowarrior.org Thu May 19 08:12:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 May 2011 09:12:28 -0400 Subject: [Infowarrior] - =?windows-1252?q?RIAA_Bill_=91Nullifies=92_U=2ES?= =?windows-1252?q?=2E_Constitution?= Message-ID: RIAA Bill ?Nullifies? U.S. Constitution ? Ernesto ? 19/05/2011 http://torrentfreak.com/riaa-bill-nullifies-u-s-constitution-110519/ The RIAA and MPAA lobby scored another success at the expense of the public. With Senator Alex Padilla?s Bill 550 Californian law enforcement would no longer require a warrant to raid places where they suspect pirated disks may be located. The Bill goes directly against the U.S. constitution, but according to the Senator that?s not a problem if the revenues of the entertainment industries are at stake. ?The crime of illegal mass reproduction of music and movies is a serious problem. Last year alone, more than 820,000 illegal discs were seized by law enforcement authorities in California,? said Senator Padilla. ?Fraudulent CDs and DVDs undermine our economy and California?s role as a global leader in music and film. They steal revenue from artists, retailers, and our entertainment sector,? he added. The Bill already got the thumbs up from two state Senate committees and may become law soon. From rforno at infowarrior.org Thu May 19 08:39:42 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 May 2011 09:39:42 -0400 Subject: [Infowarrior] - Academic Publishers Ask The Impossible In GSU Copyright Suit Message-ID: <0BA886B2-877A-4225-8F39-96F59898D7E2@infowarrior.org> Academic Publishers Ask The Impossible In GSU Copyright Suit http://news.slashdot.org/story/11/05/19/0248238/Academic-Publishers-Ask-The-Impossible-In-GSU-Copyright-Suit A Duke University blog covers the possible ramifications of a motion in the copyright case against Georgia State University. Cambrigde, Oxford, and Sage have proposed an injunction that would first enjoin GSU to include all faculty, employees, students. All copying would have to be monitored and limited to 10% of a work or 1000 words, whichever is less. No two classes would be allowed to use the same copied work unless they paid for it, essentially taking fair use out of the classroom. Along with this, courses would be allowed to be made up of only 10% copied material, the other 90% must be either purchased works or copies that have been paid for by permission fees. And, if this isn't enough, the publishers also want access to all computer systems on the campus network, to monitor compliance and copying. 'This proposed order, in short, represents a nightmare, a true dystopia, for higher education....Yet you can be sure that if [these] things happen, all of our campuses would be pressured to adopt the "Georgia State model" in order to avoid litigation.' Disclosure: I am currently a graduate student at Georgia State University." More@ http://blogs.library.duke.edu/scholcomm/2011/05/13/a-nightmare-scenario-for-higher-education/ From rforno at infowarrior.org Thu May 19 12:03:06 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 May 2011 13:03:06 -0400 Subject: [Infowarrior] - =?windows-1252?q?Facebook=92s_New_Way_to_Combat_C?= =?windows-1252?q?hild_Pornography?= Message-ID: (c/o dg) May 19, 2011, 6:00 am Facebook?s New Way to Combat Child Pornography By RIVA RICHMOND http://gadgetwise.blogs.nytimes.com/2011/05/19/facebook-to-combat-child-porn-using-microsofts-technology/ PhotoDNA works by carving an image into blocks and subjecting it to an array of measurements, allowing it to identify offending images even if they have been cropped. As online photo sharing has exploded so has, tragically, the distribution of child pornography. But while the rise of the Internet and digital cameras have revived a scourge that had nearly been eliminated in the late 1980s, new technology may also help to beat it back again. Microsoft says it has refined a technology it created called PhotoDNA to identify the worst of these disturbing images ? even if they are cropped or otherwise altered ? and cull through large amounts of data quickly and accurately enough to police the world?s largest online services. And on Thursday, it will announce that Facebook will be the first service to join it in using the free technology, which Microsoft donated to the National Center for Missing & Exploited Children in December 2009. Facebook, the largest photo-sharing site on the Internet, said it has begun to use PhotoDNA to hunt for several thousand registered illegal images among the 200 million images uploaded by its users each day. Facebook will host an online event at 3:00 p.m. (Eastern time) on Friday to explain the initiative, which follows its January move to join the center?s Amber Alert network. ?Our hope and belief is that Facebook will be just the first of many? companies to use what has proven to be highly effective technology, said Ernie Allen, chief executive of the National Center for Missing & Exploited Children. ? Online services are going to become a hostile place for child pornographers and pedophiles.? PhotoDNA is being used to find and remove only known images of sexual exploitation of pre-pubescent children to avoid trampling on the privacy and free-speech rights of consumers of adult pornography, he said. The courts have ruled that pornographic pictures of children are child abuse, not legally protected free speech. By focusing on images of children under 12, the initiative is battling ? the worst of the worst? images, which are often shared over and over again, he said. Child pornography is growing increasingly violent and depicting increasingly young children, including infants and toddlers. ?These are crime scene photos,? not porn, Mr. Allen said. ?This tool is essential to protect these victims and to prevent, to the greatest degree possible, the redistribution of their sexual abuse.? PhotoDNA can currently search for about 10,000 images collected by the National Center for Missing & Exploited Children, which has amassed 48 million images and videos depicting child exploitation since 2002, including 13 million in 2010 alone. The center has a Congressional mandate to act as a clearinghouse for this material, to help identify and aid victims and to assist law enforcement in investigations of perpetrators. Tests conducted on Microsoft?s SkyDrive, Windows Live and Bing services during the last year indicate a chillingly large trade in these images. A network that compares 10 million images to the center?s inventory of 10,000 illegal photos can expect to have about 125 hits a day, according to Hany Farid, a Dartmouth computer science professor and expert in digital imagery who worked with Microsoft to hone the technology. At least 50,000 child pornography images are being transmitted online every day, he estimated. ?This is not a tiny dark little world,? he said. ?The problem is phenomenal.? PhotoDNA works by creating a ?hash,? or digital code, to represent a given image and find instances of it within large data sets, much as antivirus software does for malicious programs. However, PhotoDNA? s ?robust hashes? are able to find images even if they have been altered significantly. Tests on Microsoft properties showed it accurately identifies images 99.7 percent of the time and sets off a false alarm only once in every 2 billion images, and most of them point to nearly identical images, Dr. Farid said. To create a hash, the software puts the image in black and white and into a standard size. Then it carves the image into blocks and subjects it to an array of measurements. The resulting ?signatures? can be provided to online service providers, who can then use them to find these specific illegal images on their systems without possessing them or looking at customers? private content. ?We?re very passionate about PhotoDNA because we?ve seen it work,? said Brad Smith, Microsoft? s general counsel. ?We invented it through Microsoft research, and we are trying to give it away free, including to our competitors.? He encouraged consumers to pressure online services to adopt it. A video from Microsoft explaining how PhotoDNA works Until now, Facebook has relied primarily on abuse reports from its users, reviewed by trained employees, to find and eliminate offensive images. But with PhotoDNA, it can keep child pornography from making it onto its site in the first place. ?We?ve found it to be a very powerful tool in identifying these images,? Chris Sonderby, Facebook?s assistant general counsel said. PhotoDNA has potential future applications in areas like protecting intellectual property and could aid law enforcement. Rob McKenna, the state attorney general in Washington, said his office is interested in its potential to bolster cases against pedophiles who have molested multiple children by identifying photographs of multiple crimes that occurred in the same physical setting. Mr. Allen said he hopes that all major Internet services will eventually adopt PhotoDNA, including the 90 technology companies with whom it already works to block and take down Web sites known to trade in child pornography. The results of the yearlong pilot at Microsoft, he said, should provide ?enormous reassurance to companies that this works, that this is something they should do, that it?s the responsible thing to do and that they can use it without fear of violating anybody?s rights.? From rforno at infowarrior.org Thu May 19 14:55:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 May 2011 15:55:49 -0400 Subject: [Infowarrior] - Stopping IEDs: DHS Tools and Resources for Law Enforcement Message-ID: <9A9A2F68-47F5-44A8-9344-C2EC18E99A47@infowarrior.org> (c/o DS) Stopping IEDs: DHS Tools and Resources for Law Enforcement //By William Flynn, Acting Deputy Assistant Secretary for Infrastructure Protection, U.S. Department of Homeland Security, Washington, D.C./ /Editor?s Note: William Flynn became Deputy Assistant Secretary for Infrastructure Protection on November 1, 2010./ / Improvised explosive devices (IEDs) continue to be the weapon of choice for terrorists seeking to inflict casualties and damage. The National Counterterrorism Center identified more than 4,000 terrorist bombings worldwide in 2009.^1 <#1> Closer to home, the failed attempts by Faisal Shahzad in New York City?s Times Square and Umar Farouk Abdulmutallab aboard Northwest Airlines Flight 253 show that the United States? adversaries have the tools and the intent to launch attacks within the United States. The Department of Homeland Security (DHS) recognizes the enormous challenge that preventing, protecting from, and responding to terrorist IED threats and incidents presents, and the DHS Office of Infrastructure Protection?s Office for Bombing Prevention (OBP) has developed programs to assist state and local partners at no cost to the receiving agency. *The IED Threat* Most well-known incidents of international terrorism have featured IEDs, such as the 1983 U.S. Embassy Bombing in Beirut, Lebanon; the 1988 Pan Am 103 bombing over Lockerbie, Scotland; the 1993 World Trade Center Bombing in New York City; the 1995 Oklahoma City Bombing; and the 1998 U.S. Embassy Bombings in Kenya and Tanzania. IEDs are relatively simple and inexpensive to construct and can be concealed and deployed in a variety of ways. Their design is limited only by the imagination of the bomb maker. Large vehicle-borne IEDs can damage or destroy large buildings, while suicide or person-borne IEDs can penetrate checkpoints or target public areas. IEDs can be delivered over the water, as in the attack on the USS Cole on October 12, 2000, or placed on or under the road, as in Iraq and Afghanistan. They can be detonated by timer, by switch, or remotely. IED construction and deployment tactics change quickly to adapt to countermeasures and make use of available resources. For example, when commercial or military explosives became more difficult or costly to obtain, bomb makers relied more heavily on homemade explosives, such as those used by ?the shoe bomber? Richard Reid in 2001 and in the trans-Atlantic aircraft plot in 2006. The constantly evolving terrorist tactics, techniques, and procedures associated with IEDs present unique challenges to law enforcement. The OBP programs take on this challenge. *The Office for Bombing Prevention* The OBP was created in 2003 to coordinate DHS activities and policy related to IED threats. It also serves as an advocate and resource for law enforcement specialists with an IED-related mission, such as public safety bomb squads, public safety dive teams, explosives detection canine teams, and special weapons and tactics (SWAT) teams. The OBP also works to improve knowledge and awareness of IEDs among general law enforcement, first responders, critical infrastructure owners and operators, and private sector security professionals. By better understanding terrorist tactics, first responders and private sector partners can improve their ability to stop terrorist attacks in the planning phase, thereby reducing the risk of successful IED attacks. < -- > http://www.policechiefmagazine.org/magazine/index.cfm?fuseaction=print_display&article_id=2385&issue_id=52011 From rforno at infowarrior.org Thu May 19 21:20:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 May 2011 22:20:25 -0400 Subject: [Infowarrior] - Patriot Act set for a 4-year renewal Message-ID: <2A6795AA-C9F9-4BB4-857B-96B1D3A7C09F@infowarrior.org> Yup...once you get power, you really don't want to give it up...... --- rick AP sources: Hill leaders agree on Patriot Act (AP) ? 7 hours ago http://www.google.com/hostednews/ap/article/ALeqM5jL1YcdW2mETm9K8j8FeSTn5_-alg?docId=aa7673bd9e5e4ed98dbe5f4a7ba340c5 WASHINGTON (AP) ? Top congressional leaders agreed Thursday to a four-year extension of the anti-terrorist Patriot Act, the controversial law passed after the Sept. 11 attacks that governs the search for terrorists on American soil. The deal between Senate Majority Leader Harry Reid and House Speaker John Boehner calls for a vote before May 27, when parts of the current act expire. The idea is to pass the extension with as little debate as possible to avoid a protracted and familiar argument over the expanded power the law gives to the government. Support for the extension was unclear. Senate Judiciary Committee Chairman Patrick Leahy, D-Vt., wanted tighter restrictions on the government's power and may seek to amend it. In the House, members of the freshman class elected on promises of making government smaller were skeptical. "I still have some concerns, and at this point I'm leaning against (voting for) it," said one, Rep. Andy Harris, R-Md. The legislation would extend three expiring provisions until June 1, 2015, officials said. The provisions at issue allow the government to use roving wiretaps on multiple electronic devices and across multiple carriers and get court-approved access to business records relevant to terrorist investigations. The third, a "lone wolf" provision that was part of a 2004 law, permits secret intelligence surveillance of non-U.S. individuals without having to show a connection between the target and a specific terrorist group. From its inception, the law's increased surveillance powers have been criticized by liberals and conservatives alike as infringements on free speech rights and protections against unwarranted searches and seizures. Some Patriot Act opponents suggest that Osama bin Laden's demise earlier this month should prompt Congress to reconsider the law, written when the terrorist leader was at the peak of his power. But the act's supporters warn that al-Qaida splinter groups, scattered from Pakistan to the United States and beyond, may try to retaliate. "Now more than ever, we need access to the crucial authorities in the Patriot Act," Attorney General Eric Holder told the Senate Judiciary Committee. AP Special Correspondent David Espo contributed to this report. Copyright ? 2011 The Associated Press. All rights reserved. From rforno at infowarrior.org Fri May 20 07:43:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 May 2011 08:43:51 -0400 Subject: [Infowarrior] - CDC offers Zombie Apocalypse Guidance Message-ID: <803A3D12-461B-4875-99F3-E31E370A9A62@infowarrior.org> A fun example that's sure to become an Internet meme, but good advice for general preparedness. Braaaaaaains!! --- rick Social Media: Preparedness 101: Zombie Apocalypse The following was originally posted on CDC Public Health Matters Blog on May 16th, 2011 by Ali S. Khan. http://emergency.cdc.gov/socialmedia/zombies_blog.asp From rforno at infowarrior.org Fri May 20 09:43:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 May 2011 10:43:48 -0400 Subject: [Infowarrior] - Critics demand halt to "fishing expedition" laptop searches Message-ID: <8FF2FED3-4789-4457-A29B-56B6ED404987@infowarrior.org> Critics demand halt to "fishing expedition" laptop searches By Matthew Lasar | Published 29 minutes ago http://arstechnica.com/tech-policy/news/2011/05/critics-demand-halt-to-fishing-expedition-laptop-searches.ars A group of ex-miltiary personnel, academics, and politicians have asked the Department of Homeland Security to put the kibosh on "suspicionless" or "fishing expedition" searches of laptops and other devices at the nation's borders. This isn't just about a security guard powering up a Netbook to make sure it's not a bomb. The concern is over impromptu police inspections of computer content. "Individuals who travel internationally, by virtue of legitimately choosing to carry electronic devices, are unknowingly subjecting volumes of personal information to involuntary and suspicionless search and review by federal law enforcement authorities," the Constitution Project group warns. Full-on seizures The advocacy group cites figures indicating that from October 1, 2008 through June 2, 2010, more than 6,500 people had their electronic devices searched when crossing the international border. Nearly half were US citizens. And in 2009, Customs and Border Protection ran 2,204 searches of digital media, including laptops. 105 individuals were detained without authorities citing any grounds for reasonable suspicion. 115 devices were seized. The plea comes as Bradley Manning defense activist David House is explaining why he is suing the Federal government with the assistance of the ACLU, describing incidents like a "full-on computer seizure at the Chicago O'Hare airport." "In this situation, the DHS waited until I had cleared customs to approach me and seize my electronics," House says. "The DHS's questions primarily revolved around my political beliefs, my work in Manning Support Network, and my impressions of WikiLeaks." The Project said that searches "are far more intrusive than the important practice of requiring travelers to open and turn on electronic devices to demonstrate that the devices themselves are not actually bombs or other weapons." Searches could suppress free speech and encourage more racial and religious profiling, the group maintains. "The continual evolution in how people use electronic devices in their everyday lives creates growing tension between the Fourth Amendment guarantees and what historically has been viewed as a narrow exception to the requirements for probable cause and a warrant." Individualized suspicion This plea comes from an interesting mix of civil liberties folk, ex-military people, conservatives, and libertarians. The coalition includes former Congressman and Libertarian presidential candidate Bob Barr, professor and advocate for Muslim women Azizah Y. al-Hibri, and retired Army intelligence officer Stephen E. Abraham. The request observes that in 2009 Customs and Border Protection (CBP) and Immigration and Customs Enforcement (ICE) issued directives allowing for searches "absent individualized suspicion." If ICE agents confiscate a digital device, they can keep it for 30 days without any supervisory approval. CBP guidelines require approval after five days. The Project's protest cites Freedom of Information Act filings illustrating the consequences of this policy shift: In one instance, a traveler had a laptop computer and flash drive confiscated by CBP, and over six months later, he was still trying?with the help of his congressman?to secure the return of his possessions. Another traveler reported the search of a laptop despite putting CBP on notice that the computer contained confidential business information. On another occasion, a traveler had his laptop detained for more than a month, requiring him to buy a replacement for his job. And yet another traveler agreed to a search of several devices in an effort to avoid further delays. Similarly circumscribed Bottom line: these petitioners want Customs and Border Protection and Immigration and Customs Enforcement people to behave themselves at border points. That means adding language to their directives requiring agents to demonstrate "reasonable suspicion" before they inspect the content on a laptop or similar device. "The Fourth Amendment requires that even for search warrants predicated on a showing of probable cause, the warrant must 'particularly' describe the place to be searched and the items to be seized," they write. "Searches of digital devices must similarly be circumscribed and tied to the predicate justifying the search." In addition, the Project wants a ban on religious and racial profiling added to the directive language: "Race, ethnicity, and religious affiliation should not be considered as factors that create suspicion unless these factors are used as part of a specific suspect description." The Constitution Project also wants strict limits on how long CBP and ICE can keep a device. In the case of US citizens, agents should be required to ask for a probable cause warrant "beyond a time period needed for a reasonable examination of the data, which is presumptively up to 24 hours, but should be based on what is actually reasonable under the circumstances." The same requirement should apply to any attempt to keep copies of the data for more than 24 hours. If border agents intend to request a FISA search warrant to keep the files, they should be allowed to hold onto the device for seven days "if such additional time is needed to complete the process." From rforno at infowarrior.org Fri May 20 12:52:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 May 2011 13:52:48 -0400 Subject: [Infowarrior] - Eric Schmidt: Anti-piracy Laws Disastrous for Free Speech Message-ID: Eric Schmidt: Anti-piracy Laws Disastrous for Free Speech posted by Thom Holwerda on Thu 19th May 2011 22:03 UTC http://www.osnews.com/story/24764/Eric_Schmidt_Anti-piracy_Laws_Disastrous_for_Free_Speech Wait - is this for real? A large American company openly defying the anti-freedom and totalitarian content industry? In comments in the UK media, Google chairman Eric Schmidt took aim at the big content-sponsored PROTECT IP act. The PROTECT IP act is the US internet censorship (the China kind) law, which more or less takes aim directly against Google. In his criticism, Schmidt went far - very far. The content industry obviously isn't pleased. We haven't really discussed the PROTECT IP act yet, so, well, let's do that. As Ars details, the law is very encompassing, as it would force search engines, internet providers, credit card companies, and ad networks to block access to 'rogue sites' - you know, stuff like The Pirate Bay, or anything else the content industry and/or the US government deems 'rogue'. You know, like WikiLeaks. Or sites publishing WikiLeaks documents. Google's Eric Schmidt is not happy with this law, and he took aim at it in the UK media. And with 'took aim at it', I mean he basically took an RPG and obliterated it, stating it set a "disastrous precedent" for freedom of speech. He then kicked it up a notch. "If there is a law that requires DNSs to do X and it's passed by both houses of congress and signed by the president of the United States and we disagree with it then we would still fight it," Schmidt stated, "If it's a request the answer is we wouldn't do it, if it's a discussion we wouldn't do it." "I would be very, very careful if I were a government about arbitrarily [implementing] simple solutions to complex problems," he continued, "So, 'let's whack off the DNS'. Okay, that seems like an appealing solution but it sets a very bad precedent because now another country will say 'I don't like free speech so I'll whack off all those DNSs' - that country would be China. It doesn't seem right. I would be very, very careful about that stuff." This is quite harsh, but in my book, very, very deserved and incredibly encouraging. Schmidt is a bit of a loose cannon at times, and he's said some creepy stuff over the years, but I couldn't agree with him more here. Any form of government censorship is bad, even if it passed through the 'democratic' system. As a people, you have the right to disregard obviously bad laws - and I'd say we can all agree that censorship laws are bad. The content industry, obviously, isn't pleased with Schmidt's words. "Is Eric Schmidt really suggesting that if Congress passes a law and president Obama signs it, Google wouldn't follow it? As an American company respected around the world, it's unfortunate that, at least according to its executive chairman's comments, Google seems to think it's above America's laws," writes the MPAA's Michael O'Leary [links to the MPAA website], "We've heard this 'but the law doesn't apply to me' argument before - but usually, it comes from content thieves, not a Fortune 500 company. Google should know better. And the notion that China would use a bi-partisan, narrowly tailored bill as a pretext for censorship is laughable, as Google knows, China does what China does." I would indeed suggest that if the laws passed by a government no longer seem to be in line with the will of the people, then yes, the people have the right to disregard these laws. The people have made it very clear that current copyright laws no longer fit the will of the people (by clearly disregarding them), and that giving up freedom of speech and enacting censorship is a price they're not willing to pay. Laws only exist because we collectively decide to follow them - not because a dying industry has enough money to buy them. The RIAA stepped in as well [links to the RIAA website]. "This is baffling," the RIAA said, "As a legitimate company, Google has a responsibility to not benefit from criminal activity. In substance and spirit, this contradicts the recent testimony of Google's General Counsel that the company takes copyright theft seriously and was willing to step up to the plate in a cooperative and serious way." Of course, the same applies here: it's only criminal because the content industry has the money to make it so. Here in The Netherlands we are allowed to download whatever we want, and the content industry hasn't been collapsing any faster here than it has in the US. Of course, Schmidt didn't say they would disregard the law - he merely said they would fight it. All sorts of companies and interest groups fight laws all the time, and Google is no different. However, the usual knee-jerk response from the content industry is to dramatise everything. Or, as a Google spokesperson told Ars Technica, "Of course we abide by the law in every country we do business. We respect what the PROTECT IP Act is trying to accomplish and we're working closely with Congress to make sure the bill targets sites dedicated to piracy while protecting free expression and legitimate sites." The PROTECT IP act is a censorship law, and whether censorship laws are enacted in China or the US, they are always wrong, and we should fight them at every turn. I'm happy Schmidt seems to think so too, because no matter the creepy potential Google has, at least they're on our side on this one. I don't think Apple or Microsoft will stand up for free speech like this. From rforno at infowarrior.org Sat May 21 10:04:01 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 May 2011 11:04:01 -0400 Subject: [Infowarrior] - OT: Saturday update Message-ID: It's 1100 ET on Saturday and no sign of the rapture. Oh, well - it's not the end of the world or anything. So enjoy the day. :) -- rick From rforno at infowarrior.org Sat May 21 10:20:10 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 May 2011 11:20:10 -0400 Subject: [Infowarrior] - **AA Cartels already spinning Schmidt's comments Message-ID: <64C8EC69-D4B0-42FD-9A4F-3EDB83C6D0FC@infowarrior.org> Being Concerned With Free Speech Implications Of PROTECT IP Does Not Mean You Think You're Above The Law Techdirt5/20/11 18:01 PM Mike Masnick http://www.techdirt.com/articles/20110520/13252214358/being-concerned-with-free-speech-implications-protect-ip-does-not-mean-you-think-youre-above-law.shtml Wow. In the legacy entertainment industry's latest "you're either with us or against us" mentality, it appears that expressing concern about the free speech implications of bills like PROTECT IP means you're a horrible, horrible person. Both the MPAA and RIAA are quite upset about Eric Schmidt coming out against PROTECT IP and saying that the impact on free speech would be disastrous. Both responses are so sickeningly disingenuous, it really makes you wonder how out of touch they are. Let's start with the RIAA's statement: "This is baffling. As a legitimate company, Google has a responsibility to not benefit from criminal activity. In substance and spirit, this contradicts the recent testimony of Google's General Counsel that the company takes copyright theft seriously and was willing to step up to the plate in a cooperative and serious way." Um. Except that nothing in what Schmidt said actually contradicted Kent Walkers speech, nor did he say they don't take copyright infringement (not theft guys) seriously. He was expressing very legitimate concerns about the free speech implications. On to the MPAA's statement, which echoes the RIAAs, but is a little more fleshed out: In April, Google senior vice president and general counsel Kent Walker testified before Congress that 'Google supports developing effective policy and technology tools to combat large-scale commercial infringement.' That?s exactly what the PROTECT IP Act is designed to do -- it creates a narrowly-drawn, carefully constructed solution to the threat to American jobs and America's economy, a solution that protects and strengthens our right to free speech. As constitutional law expert Floyd Abrams wrote, '[c]opyright violations are not protected by the First Amendment.' This is really shameful how the MPAA twists the debate. First of all, the PROTECT IP does not effectively combat large-scale commercial infringement at all. That's just wishful thinking. The actual infringement will continue. Second, there is no evidence that it will support American jobs or the economy. In fact, the reverse is almost certainly true, as these kinds of laws will harm large parts of the internet that enable new jobs. But the really sickening part is the Floyd Abrams quote. While it is entirely true that copyright violation is not protected by the First Amendment that's not what Schmidt or anyone else raising these issues are concerned about. No one -- not Schmidt, not us -- is arguing that copyright infringement is protected by the First Amendment. We're saying that this tool will be used against non-infringing and perfectly legal speech. And that's not a theoretical concern. We've already seen it happen multiple times with the existing ICE domain seizures, in which blogs and sites that were not violating the law were seized. That's the concern. Furthermore, as Schmidt made clear in his statement, he was also noting that once you justify the censorship of some speech just because you're trying to stop infringement, you open the door to much more censorship of speech. Traditionally, the First Amendment caselaw has been clear: if you're going to strike against illegal speech, you have to very narrowly focus on just that speech. PROTECT IP does not do that. It casts a wide net. But, once you have that door open, saying that it's okay to shut down some legitimate speech in an effort to stop some others, that will only expand. Is Eric Schmidt really suggesting that if Congress passes a law and President Obama signs it, Google wouldn?t follow it? As an American company respected around the world, it?s unfortunate that, at least according to its executive chairman?s comments, Google seems to think it?s above America?s laws. Oh, come on! Of course that's not what Schmidt is saying and the MPAA is being obnoxiously disingenuous in suggesting otherwise. He's not saying they're "above America's laws." He says that the RIAA/MPAA-written laws should not be above the Constitution. That is, these laws should not violate the First (or in other cases the Fourth) Amendment. By saying that Google would fight, he doesn't mean ignore, he means challenging the Constitutionality of these laws in court. Sad that the MPAA has so little actual substance behind its arguments that it's forced to blatantly mislead like that. Typical, but sad. From rforno at infowarrior.org Sat May 21 11:01:37 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 May 2011 12:01:37 -0400 Subject: [Infowarrior] - TIA 2.0 being proposed? Message-ID: <0D5E3CCF-1921-4B13-B7F0-2DEEF0AED455@infowarrior.org> http://www.tradeaidmonitor.com/2011/05/next-phase-of-advanced-global-data-mining-intelligence-system-unfolds.html 05/20/2011 Next Phase of Advanced Global Data-Mining & Intelligence System Unfolds Details of an emerging data-mining and intelligence-analysis program reminiscent of the Pentagon?s controversial Total Information Awareness (TIA) project emerged yesterday, U.S. Trade & Aid Monitor has discovered. Similar to TIA, which Congress in 2003 de-funded insofar as domestic applications, the Insight Focused Incubator initiative seeks to create a multimedia system that obtains, synthesizes, and analyzes mass volumes of data via the development of an advanced ??plug and play? modular architecture? of intelligence, surveillance, and reconnaissance (ISR) technologies. According to a Special Notice that the Monitor obtained via routine database research, the Defense Advanced Research Projects Agency (DARPA) issued a call to industry for innovative ideas leading to the creation of such a system. The Insight program at DARPA?s Information Innovation Office (I2O) became known to the public last September, when it initially met with industry representatives to discuss its vision for the program (solicitation # DARPA-SN-10-70). However, yesterday?s reference to the Insight Focused Incubator moniker appears to take the program to the next level of execution. ?As part of the Insight platform, the Insight program is developing a virtual environment (VE) capability to enable system evaluation using simulated sensor data, augmented with real-world collected data, within a simulated world of various threats, terrains, and terrain features,? the special notice/request for information says. The key to Insight?s development extends beyond the mere collection of data and the development of virtual threat scenarios; rather, DARPA is looking for innovative ideas for an evolutionary, interoperable system of various ISR components. From a technical standpoint, the new system that DARPA envisions would possess the ability ?to easily add, remove, substitute, and modify software and hardware components? as they become available to the government. From an operational perspective, the Insight Focused Incubator would lead to the design of a system that integrates, correlates, fuses, and exploits ?multi-intelligence data.? This would include, for example, a combination of worldwide sensors and platforms that combine the use of signals intelligence, video and ground moving target indicators (VMTI and GMTI) and even ?Behavioral (pattern-of-life) modeling including cultural, social, and insurgency dynamics.? Other objectives for the system include ?data mining across all sources, both real-time and forensic? as well as the creation of ?an active sensing process with multiple functions occurring simultaneously.? DARPA anticipates launching a three-phase structure for Insight Focused Incubator, during which time it would award contracts ranging from $400,000-$800,000 per phase for each contractor selected for the project. The agency did not disclose the total potential funding for the program. Proposals are due June 30. From rforno at infowarrior.org Mon May 23 07:50:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 May 2011 08:50:16 -0400 Subject: [Infowarrior] - Why Privacy Matters Even if You Have 'Nothing to Hide' Message-ID: May 15, 2011 Why Privacy Matters Even if You Have 'Nothing to Hide' By Daniel J. Solove http://chronicle.com/article/Why-Privacy-Matters-Even-if/127461/ When the government gathers or analyzes personal information, many people say they're not worried. "I've got nothing to hide," they declare. "Only if you're doing something wrong should you worry, and then you don't deserve to keep it private." The nothing-to-hide argument pervades discussions about privacy. The data-security expert Bruce Schneier calls it the "most common retort against privacy advocates." The legal scholar Geoffrey Stone refers to it as an "all-too-common refrain." In its most compelling form, it is an argument that the privacy interest is generally minimal, thus making the contest with security concerns a foreordained victory for security. The nothing-to-hide argument is everywhere. In Britain, for example, the government has installed millions of public-surveillance cameras in cities and towns, which are watched by officials via closed-circuit television. In a campaign slogan for the program, the government declares: "If you've got nothing to hide, you've got nothing to fear." Variations of nothing-to-hide arguments frequently appear in blogs, letters to the editor, television news interviews, and other forums. One blogger in the United States, in reference to profiling people for national-security purposes, declares: "I don't mind people wanting to find out things about me, I've got nothing to hide! Which is why I support [the government's] efforts to find terrorists by monitoring our phone calls!" The argument is not of recent vintage. One of the characters in Henry James's 1888 novel, The Reverberator, muses: "If these people had done bad things they ought to be ashamed of themselves and he couldn't pity them, and if they hadn't done them there was no need of making such a rumpus about other people knowing." I encountered the nothing-to-hide argument so frequently in news interviews, discussions, and the like that I decided to probe the issue. I asked the readers of my blog, Concurring Opinions, whether there are good responses to the nothing-to-hide argument. I received a torrent of comments: ? My response is "So do you have curtains?" or "Can I see your credit-card bills for the last year?" ? So my response to the "If you have nothing to hide ... " argument is simply, "I don't need to justify my position. You need to justify yours. Come back with a warrant." ? I don't have anything to hide. But I don't have anything I feel like showing you, either. ? If you have nothing to hide, then you don't have a life. ? Show me yours and I'll show you mine. ? It's not about having anything to hide, it's about things not being anyone else's business. ? Bottom line, Joe Stalin would [have] loved it. Why should anyone have to say more? On the surface, it seems easy to dismiss the nothing-to-hide argument. Everybody probably has something to hide from somebody. As Aleksandr Solzhenitsyn declared, "Everyone is guilty of something or has something to conceal. All one has to do is look hard enough to find what it is." Likewise, in Friedrich D?rrenmatt's novella "Traps," which involves a seemingly innocent man put on trial by a group of retired lawyers in a mock-trial game, the man inquires what his crime shall be. "An altogether minor matter," replies the prosecutor. "A crime can always be found." One can usually think of something that even the most open person would want to hide. As a commenter to my blog post noted, "If you have nothing to hide, then that quite literally means you are willing to let me photograph you naked? And I get full rights to that photograph?so I can show it to your neighbors?" The Canadian privacy expert David Flaherty expresses a similar idea when he argues: "There is no sentient human being in the Western world who has little or no regard for his or her personal privacy; those who would attempt such claims cannot withstand even a few minutes' questioning about intimate aspects of their lives without capitulating to the intrusiveness of certain subject matters." But such responses attack the nothing-to-hide argument only in its most extreme form, which isn't particularly strong. In a less extreme form, the nothing-to-hide argument refers not to all personal information but only to the type of data the government is likely to collect. Retorts to the nothing-to-hide argument about exposing people's naked bodies or their deepest secrets are relevant only if the government is likely to gather this kind of information. In many instances, hardly anyone will see the information, and it won't be disclosed to the public. Thus, some might argue, the privacy interest is minimal, and the security interest in preventing terrorism is much more important. In this less extreme form, the nothing-to-hide argument is a formidable one. However, it stems from certain faulty assumptions about privacy and its value. To evaluate the nothing-to-hide argument, we should begin by looking at how its adherents understand privacy. Nearly every law or policy involving privacy depends upon a particular understanding of what privacy is. The way problems are conceived has a tremendous impact on the legal and policy solutions used to solve them. As the philosopher John Dewey observed, "A problem well put is half-solved." Most attempts to understand privacy do so by attempting to locate its essence?its core characteristics or the common denominator that links together the various things we classify under the rubric of "privacy." Privacy, however, is too complex a concept to be reduced to a singular essence. It is a plurality of different things that do not share any one element but nevertheless bear a resemblance to one another. For example, privacy can be invaded by the disclosure of your deepest secrets. It might also be invaded if you're watched by a peeping Tom, even if no secrets are ever revealed. With the disclosure of secrets, the harm is that your concealed information is spread to others. With the peeping Tom, the harm is that you're being watched. You'd probably find that creepy regardless of whether the peeper finds out anything sensitive or discloses any information to others. There are many other forms of invasion of privacy, such as blackmail and the improper use of your personal data. Your privacy can also be invaded if the government compiles an extensive dossier about you. Privacy, in other words, involves so many things that it is impossible to reduce them all to one simple idea. And we need not do so. In many cases, privacy issues never get balanced against conflicting interests, because courts, legislators, and others fail to recognize that privacy is implicated. People don't acknowledge certain problems, because those problems don't fit into a particular one-size-fits-all conception of privacy. Regardless of whether we call something a "privacy" problem, it still remains a problem, and problems shouldn't be ignored. We should pay attention to all of the different problems that spark our desire to protect privacy. To describe the problems created by the collection and use of personal data, many commentators use a metaphor based on George Orwell's Nineteen Eighty-Four. Orwell depicted a harrowing totalitarian society ruled by a government called Big Brother that watches its citizens obsessively and demands strict discipline. The Orwell metaphor, which focuses on the harms of surveillance (such as inhibition and social control), might be apt to describe government monitoring of citizens. But much of the data gathered in computer databases, such as one's race, birth date, gender, address, or marital status, isn't particularly sensitive. Many people don't care about concealing the hotels they stay at, the cars they own, or the kind of beverages they drink. Frequently, though not always, people wouldn't be inhibited or embarrassed if others knew this information. Another metaphor better captures the problems: Franz Kafka's The Trial. Kafka's novel centers around a man who is arrested but not informed why. He desperately tries to find out what triggered his arrest and what's in store for him. He finds out that a mysterious court system has a dossier on him and is investigating him, but he's unable to learn much more. The Trial depicts a bureaucracy with inscrutable purposes that uses people's information to make important decisions about them, yet denies the people the ability to participate in how their information is used. The problems portrayed by the Kafkaesque metaphor are of a different sort than the problems caused by surveillance. They often do not result in inhibition. Instead they are problems of information processing?the storage, use, or analysis of data?rather than of information collection. They affect the power relationships between people and the institutions of the modern state. They not only frustrate the individual by creating a sense of helplessness and powerlessness, but also affect social structure by altering the kind of relationships people have with the institutions that make important decisions about their lives. Legal and policy solutions focus too much on the problems under the Orwellian metaphor?those of surveillance?and aren't adequately addressing the Kafkaesque problems?those of information processing. The difficulty is that commentators are trying to conceive of the problems caused by databases in terms of surveillance when, in fact, those problems are different. Commentators often attempt to refute the nothing-to-hide argument by pointing to things people want to hide. But the problem with the nothing-to-hide argument is the underlying assumption that privacy is about hiding bad things. By accepting this assumption, we concede far too much ground and invite an unproductive discussion about information that people would very likely want to hide. As the computer-security specialist Schneier aptly notes, the nothing-to-hide argument stems from a faulty "premise that privacy is about hiding a wrong." Surveillance, for example, can inhibit such lawful activities as free speech, free association, and other First Amendment rights essential for democracy. The deeper problem with the nothing-to-hide argument is that it myopically views privacy as a form of secrecy. In contrast, understanding privacy as a plurality of related issues demonstrates that the disclosure of bad things is just one among many difficulties caused by government security measures. To return to my discussion of literary metaphors, the problems are not just Orwellian but Kafkaesque. Government information-gathering programs are problematic even if no information that people want to hide is uncovered. In The Trial, the problem is not inhibited behavior but rather a suffocating powerlessness and vulnerability created by the court system's use of personal data and its denial to the protagonist of any knowledge of or participation in the process. The harms are bureaucratic ones?indifference, error, abuse, frustration, and lack of transparency and accountability. One such harm, for example, which I call aggregation, emerges from the fusion of small bits of seemingly innocuous data. When combined, the information becomes much more telling. By joining pieces of information we might not take pains to guard, the government can glean information about us that we might indeed wish to conceal. For example, suppose you bought a book about cancer. This purchase isn't very revealing on its own, for it indicates just an interest in the disease. Suppose you bought a wig. The purchase of a wig, by itself, could be for a number of reasons. But combine those two pieces of information, and now the inference can be made that you have cancer and are undergoing chemotherapy. That might be a fact you wouldn't mind sharing, but you'd certainly want to have the choice. Another potential problem with the government's harvest of personal data is one I call exclusion. Exclusion occurs when people are prevented from having knowledge about how information about them is being used, and when they are barred from accessing and correcting errors in that data. Many government national-security measures involve maintaining a huge database of information that individuals cannot access. Indeed, because they involve national security, the very existence of these programs is often kept secret. This kind of information processing, which blocks subjects' knowledge and involvement, is a kind of due-process problem. It is a structural problem, involving the way people are treated by government institutions and creating a power imbalance between people and the government. To what extent should government officials have such a significant power over citizens? This issue isn't about what information people want to hide but about the power and the structure of government. A related problem involves secondary use. Secondary use is the exploitation of data obtained for one purpose for an unrelated purpose without the subject's consent. How long will personal data be stored? How will the information be used? What could it be used for in the future? The potential uses of any piece of personal information are vast. Without limits on or accountability for how that information is used, it is hard for people to assess the dangers of the data's being in the government's control. Yet another problem with government gathering and use of personal data is distortion. Although personal information can reveal quite a lot about people's personalities and activities, it often fails to reflect the whole person. It can paint a distorted picture, especially since records are reductive?they often capture information in a standardized format with many details omitted. For example, suppose government officials learn that a person has bought a number of books on how to manufacture methamphetamine. That information makes them suspect that he's building a meth lab. What is missing from the records is the full story: The person is writing a novel about a character who makes meth. When he bought the books, he didn't consider how suspicious the purchase might appear to government officials, and his records didn't reveal the reason for the purchases. Should he have to worry about government scrutiny of all his purchases and actions? Should he have to be concerned that he'll wind up on a suspicious-persons list? Even if he isn't doing anything wrong, he may want to keep his records away from government officials who might make faulty inferences from them. He might not want to have to worry about how everything he does will be perceived by officials nervously monitoring for criminal activity. He might not want to have a computer flag him as suspicious because he has an unusual pattern of behavior. The nothing-to-hide argument focuses on just one or two particular kinds of privacy problems?the disclosure of personal information or surveillance?while ignoring the others. It assumes a particular view about what privacy entails, to the exclusion of other perspectives. It is important to distinguish here between two ways of justifying a national-security program that demands access to personal information. The first way is not to recognize a problem. This is how the nothing-to-hide argument works?it denies even the existence of a problem. The second is to acknowledge the problems but contend that the benefits of the program outweigh the privacy sacrifice. The first justification influences the second, because the low value given to privacy is based upon a narrow view of the problem. And the key misunderstanding is that the nothing-to-hide argument views privacy in this troublingly particular, partial way. Investigating the nothing-to-hide argument a little more deeply, we find that it looks for a singular and visceral kind of injury. Ironically, this underlying conception of injury is sometimes shared by those advocating for greater privacy protections. For example, the University of South Carolina law professor Ann Bartow argues that in order to have a real resonance, privacy problems must "negatively impact the lives of living, breathing human beings beyond simply provoking feelings of unease." She says that privacy needs more "dead bodies," and that privacy's "lack of blood and death, or at least of broken bones and buckets of money, distances privacy harms from other [types of harm]." Bartow's objection is actually consistent with the nothing-to-hide argument. Those advancing the nothing-to-hide argument have in mind a particular kind of appalling privacy harm, one in which privacy is violated only when something deeply embarrassing or discrediting is revealed. Like Bartow, proponents of the nothing-to-hide argument demand a dead-bodies type of harm. Bartow is certainly right that people respond much more strongly to blood and death than to more-abstract concerns. But if this is the standard to recognize a problem, then few privacy problems will be recognized. Privacy is not a horror movie, most privacy problems don't result in dead bodies, and demanding evidence of palpable harms will be difficult in many cases. Privacy is often threatened not by a single egregious act but by the slow accretion of a series of relatively minor acts. In this respect, privacy problems resemble certain environmental harms, which occur over time through a series of small acts by different actors. Although society is more likely to respond to a major oil spill, gradual pollution by a multitude of actors often creates worse problems. Privacy is rarely lost in one fell swoop. It is usually eroded over time, little bits dissolving almost imperceptibly until we finally begin to notice how much is gone. When the government starts monitoring the phone numbers people call, many may shrug their shoulders and say, "Ah, it's just numbers, that's all." Then the government might start monitoring some phone calls. "It's just a few phone calls, nothing more." The government might install more video cameras in public places. "So what? Some more cameras watching in a few more places. No big deal." The increase in cameras might lead to a more elaborate network of video surveillance. Satellite surveillance might be added to help track people's movements. The government might start analyzing people's bank rec ords. "It's just my deposits and some of the bills I pay?no problem." The government may then start combing through credit-card records, then expand to Internet-service providers' records, health records, employment records, and more. Each step may seem incremental, but after a while, the government will be watching and knowing everything about us. "My life's an open book," people might say. "I've got nothing to hide." But now the government has large dossiers of everyone's activities, interests, reading habits, finances, and health. What if the government leaks the information to the public? What if the government mistakenly determines that based on your pattern of activities, you're likely to engage in a criminal act? What if it denies you the right to fly? What if the government thinks your financial transactions look odd?even if you've done nothing wrong?and freezes your accounts? What if the government doesn't protect your information with adequate security, and an identity thief obtains it and uses it to defraud you? Even if you have nothing to hide, the government can cause you a lot of harm. "But the government doesn't want to hurt me," some might argue. In many cases, that's true, but the government can also harm people inadvertently, due to errors or carelessness. When the nothing-to-hide argument is unpacked, and its underlying assumptions examined and challenged, we can see how it shifts the debate to its terms, then draws power from its unfair advantage. The nothing-to-hide argument speaks to some problems but not to others. It represents a singular and narrow way of conceiving of privacy, and it wins by excluding consideration of the other problems often raised with government security measures. When engaged directly, the nothing-to-hide argument can ensnare, for it forces the debate to focus on its narrow understanding of privacy. But when confronted with the plurality of privacy problems implicated by government data collection and use beyond surveillance and disclosure, the nothing-to-hide argument, in the end, has nothing to say. Daniel J. Solove is a professor of law at George Washington University. This essay is an excerpt from his new book, Nothing to Hide: The False Tradeoff Between Privacy and Security, published this month by Yale University Press. From rforno at infowarrior.org Mon May 23 09:24:27 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 May 2011 10:24:27 -0400 Subject: [Infowarrior] - Keys to the cloud castle Message-ID: <9C755B7B-2459-410C-9BCE-337C1C520EB6@infowarrior.org> Science and technology http://www.economist.com/blogs/babbage/2011/05/internet_security Internet security Keys to the cloud castle May 18th 2011, 17:31 by G.F. | SEATTLE CONSIDER the purchase of a home in two adjacent gated communities. Both have houses with truly impregnable locks. In one community, whenever you need to enter your house, you visit the management office and show your driving licence. A guard walks you to your home, and lets you in using the master key that opens every door lock in the community. You can stay inside indefinitely. If an employee misuses the key to wander into homes or, heaven forfend, a thief gets his hands on it, all bets are off?the households' sanctity has been compromised. In another community, the management requires that you privately choose your own lock and corresponding key, which you hang on to and use to enter your abode at will. But if you lose the key, or any copies you have made, you can never re-enter. It will remain a sealed edifice until the universe's heat death. Which would you choose? The latter offers extreme privacy but with an unthinkable penalty for carelessness. The former is convenient but there is the risk of the key falling into the wrong hands. Users of cloud-based internet storage and synchronization providers, such as Dropbox, SugarSync, SpiderOak, Box.net, and many others, face a similar dilemma. It lies at the root of concerns raised by some security researchers and privacy advocates about Dropbox, the market leader with a reported 25m customers. This Babbage kvelled about Dropbox last August, explaining how simple it was to keep files up to date on all one's computers, and sharing and syncing files with collaborators in group folders. The complaints cover marketing, where overly broad statements about security have been contested; the ability for any user to determine if a given file is stored by any Dropbox user; and a design choice that would allow a malicious party to copy a single configuration file to sync a user's full Dropbox folder with another computer. Dropbox's mobile apps also encrypt only data in transit, not metadata like file names, despite Dropbox's explicit statement that all mobile data is scrambled. Taken together, and coupled with vitriol that has been hurled at the company, it would seem that Dropbox has a lot to answer for. When unpacked, however, this Babbage finds much?not all?relates to the kind of gated community Dropbox opted to build. One may move into a Dropbox neighbourhood, or opt for the alternative. The marketing issues are clear. Dropbox oversimplified a few points related to security, favouring a brief explanation that was not entirely accurate. The most egregious of these statements claimed employees had no access to user data, only metadata. Its detractors say plainly that it lied, although this is hard to prove. Ever since the company was set up in 2007 Dropbox founders and employees told anyone who asked that it could, in fact, decrypt anything it liked. Dropbox possesses the encryption key to every user's cloud locker, as in the first sort of gated community. This is necessary, in its view, to provide simple web-based access to files and give multiple users shared access to the same directories. The company revised its website to reflect reality, and apologised, but it faces a complaint filed with the Federal Trade Commission (FTC) by researcher Chris Soghoian over this (and certain technical matters). Mr Soghoian believes Dropbox obtained an unfair market advantage through deceptive business practices, and requests further clarification, improved behaviour in future, notification of all users about the change in Dropbox's security explanation, and the option for refunds to paid users. (Mr Soghoian is known for his amusing and disruptive disclosure of Facebook's sock-puppet attempt to manipulate opinion about Google's privacy efforts in social networking.) The technical issues are another matter. While valid, most relate to storing files in any cloud, not just Dropbox. If you leave the key to your house with anybody other than kith or kin, you probably won't leave jewellery and cash lying about, but nor would you bother to remove less valuable trinkets which, after all, need to be stored somewhere. Dropbox has massively expanded casual access to cloud storage, but a large part of its users probably lack the sophistication to differentiate between what may be safely stored there or in any similar service. With the right knowledge, customers could determine whether or not they care if any files are disclosed. When information is not encrypted on the computer before being sent to a storage service, there is always the risk of a leak, either deliberate or resulting from a software glitch. SpiderOak, by contrast, cannot disclose its customers' files, even if it wanted to. That is because it lacks tools to tap any of the data it stores on behalf of users. However, this "zero knowledge" means that if a user loses his key, he can never again access those data. Internet backup service CrashPlan strikes an interesting balance between the two approaches. Reverting to the same home metaphor, CrashPlan lets users create their own lock and house key?its software generates this encryption data on a user's computer. They can then ask CrashPlan to store it in escrow on their behalf?either with a password CrashPlan can reset or with an unrecoverable private password?or choose to keep it to themselves, explains Matthew Dornquast, the company's boss. In the case of a resettable password and key escrow, the user is not responsible for preserving the long and complicated encryption key, merely a simpler password that unlocks the door; and forgetting that password does not foreclose access to the data. In the other escrow offer, or where the user decides to keep the key himself, the burden of looking after access details falls on him. In all cases, the data are encrypted locally on a computer before being transmitted to CrashPlan. Dropbox security can be enhanced quite easily, too, by the use of third-party encryption software that manually or automatically manages encryption for files in the cloud-synced folder as well as elsewhere on a computer. This layer acts as a securely locked room within a house in a Dropbox-like neighbourhood. Dropbox might be required to provide access to the house or made to do so, but the valuables could be safely locked away within an unpickable safe. What the revelations, complaints, accusations and responses have demonstrated is the need for better education about which set of encryption and security choices are most appropriate for what sort of data. The average user simply does not know what he is letting himself in for, or how to gauge the risks involved. As noted computer scientist Nathaniel Borenstein quipped in the comments to a blog post by Mr Soghoian: What Dropbox provides is more than adequate for most users. Those with a more stringent need for privacy?most often because they are breaking either a just or unjust law?need to take responsibility for their own privacy, not count on a remote, third party service to provide it. From rforno at infowarrior.org Mon May 23 09:38:50 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 May 2011 10:38:50 -0400 Subject: [Infowarrior] - No forking, says DoD open source report Message-ID: No forking, says DoD open source report May 22, 2011 ? 11:55pm ET | By David Perera http://www.fiercegovernmentit.com/story/no-forking-says-dod-open-source-report/2011-05-22 A new Defense Department-sponsored document urges the department to adopt more open source technology development. The May 16 report, sponsored by officials from the assistant secretary of defense (networks & information integration) and the under secretary of defense for acquisition, technology and logistics, touts open source development as a way to increase innovation, agility and application security even in an environment of constrained resources. Open source technology development "squeezes financial waste out of the equation by reducing lock-in and increasing competition," the report says, whose principal author is John Scott, a contractor who leads the DoD's open technology development initiative. "Imagine if only the manufacturer of a rifle were allowed to clean, fix, modify or upgrade that rifle. The military often finds itself in this position with taxpayer funded, contractor developed software: One contractor with a monopoly on the knowledge of a military software system and control of the software source code," the report states. Even when Defense officials or contractors do decide to adopt open technology development, they often separate the project from the wider open source community by forking their project, the report says. Forking in open source occurs when a group of developers take existing open source code and continue to develop it independently. A fork is tantamount to "a call for a 'vote of no confidence' in a parliament," the report says. While it's important to have the capacity to fork, automatically forking simply because a project is for defense use is a mistake, the report adds. The best chance for a military program to become, and stay, open is when the Defense Department makes it intentions known early, the report says. It should among other things, include a statement of objectives that includes open technology development in requests for proposals, it adds. Open source technology is not incompatible with the official preference for commercial item technology, it notes, since nearly all open source software meets the definition of both "commercial item" as well as "commercial-off-the-shelf." For more: - download the report, "Open Technology Development (OTD): Lessons Learned And Best Practices for Military Software" from the OSS Institute (.pdf) From rforno at infowarrior.org Tue May 24 07:29:38 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 May 2011 08:29:38 -0400 Subject: [Infowarrior] - =?windows-1252?q?Senate_debates_president=92s_pow?= =?windows-1252?q?er_during_cyber-attack?= Message-ID: Senate debates president?s power during cyber-attack By Shaun Waterman The Washington Times 8:17 p.m., Monday, May 23, 2011 http://www.washingtontimes.com/news/2011/may/23/senate-debates-presidents-power-during-cyber-attac/ Senators squared off with Obama administration officials Monday about plans to give the president emergency powers to protect vital U.S. electronic networks from attacks by hackers, cyberterrorists and foreign governments. The Senate Homeland Security and Governmental Affairs Committee held a hearing on the administration?s legislative proposal, announced two weeks ago, that would rely on a pre-World War II radio emergency law to provide the president with authority to protect key computer and communication networks ? like those mainly in private hands that run power grids, phone systems and banking services ? from a cyber-attack. ?I must say this baffles me,? said Sen. Susan Collins, Maine Republican, of the administration?s plan to rely on the 1934 statute. Ms. Collins accused administration officials of relying on ?outmoded yet potentially sweeping authorities granted in the Communications Act of 1934? that gave the president the power to take over radio stations in a time of national emergency. At issue is one of the more controversial elements of any new cybersecurity law ? what powers the president should have over the Internet in the event of a catastrophic attack on vital U.S. assets. ?The country would be better off if we did create some new law regarding the authority of the president to act in these emergencies,? said Sen. Joe Lieberman, Connecticut independent and the committee chairman. ?Clearly, if something significant were to happen, the American people would expect us to be able to respond and respond appropriately,? said Phillip Reitinger, Homeland Security undersecretary for infrastructure protection, during the hearing. Experts say that in the event of a major cyber-attack, authorities might have only a short time to respond and might need to temporarily divert some Internet traffic or take it off-line. Mr. Reitinger agreed with Ms. Collins that the powers in the 1934 law ?were not designed with the current environment that we have in mind.? Nonetheless, he insisted, ?There are authorities there.? The emergency powers question is one in a series of issues, along with the complicated jigsaw of agency authorities and congressional oversight responsibilities, that have for more than two years frustrated congressional efforts to pass a new comprehensive cybersecurity law. The White House on May 12 proposed legislation in an effort to break the logjam of more than 50 draft laws circulating on Capitol Hill. One of those proposals became notorious ? unfairly, its authors insist ? for supposedly creating a ?kill switch? that the president could use in an emergency to shut down the Internet to protect vital networks from attack. In fact, Ms. Collins told the hearing, the committee?s draft law ?carefully constrain* and define* exactly what authority the president would have.? By contrast, she said, the legal basis the administration claimed for the president?s power was ?far broader.? ?Different people have different views about how the government ought to be empowered and what the constraints on the government exercise of authorities ought to be,? responded Mr. Reitinger, adding he hoped ?there would be further discussions? with Congress ?to figure out the right set of mechanisms, if any, that were necessary to move forward.? Ms. Collins also criticized administration plans to make security assessments of the nation?s most vital computer networks public, an effort at shaming the private sector companies that own them into providing better defense against attacks. ?I?m really surprised that you want that to be public,? she said. ? Copyright 2011 The Washington Times, LLC. Click here for reprint permission. From rforno at infowarrior.org Tue May 24 08:24:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 May 2011 09:24:46 -0400 Subject: [Infowarrior] - How Area 51 Hid Secret Craft Message-ID: <59B08716-E963-46FC-AFC6-F45014449067@infowarrior.org> Revealed: How Area 51 Hid Secret Craft "Hoot and scoot" sheds and cardboard decoys hid high-tech prototypes. http://news.nationalgeographic.com/news/2011/05/110520-area-51-secret-hid-craft-base-declassified-a-12-plane/ Brian Handwerk for National Geographic News Published May 20, 2011 ON TV: Area 51 Declassified premieres on the National Geographic Channel on Sunday at 10:00 p.m. ET/PT. No word yet on alien starships, but now that many Cold War-era Area 51 documents have been declassified, veterans of the secret U.S. base are revealing some of the clever?and surprisingly low-tech?ways they hid futuristic prototypes from prying eyes. The CIA created Area 51 in 1955 to test and develop top secret U.S. military projects in the remote Nevada desert. More than 50 years later, the base still doesn't officially exist and appears on no public U.S. government maps. In the 1950s and '60s, Area 51 was the epicenter of the OXCART project, intended to create the successor for the U-2 spy plane. The OXCART plane was expected to be undetectable in the air as it flew surveillance and information-gathering missions over the Soviet Union. But Area 51 personnel soon found it necessary to conceal the craft from the Soviets eyes even when it was still being tested on the ground. Cat and Mouse at Area 51 It was discovered that Soviet spy satellites, dubbed ash cans by Area 51 staff, were making regular rounds over Nevada. U.S. intelligence agencies, though, provided Area 51 workers with a decisive advantage in this international "game of cat and mouse," according to T.D. Barnes, a former hypersonic flight specialist at Area 51 whose expertise was in electronic counter measures. No longer sworn to secrecy by the CIA, Barnes said, "In our morning security meetings, they'd give us a roster of the satellites that the Soviets had in the air, and we'd know the exact schedule of when they were coming over. "It was like a bus schedule, and it even told us whether it was an infrared satellite or what type it was," Barnes told National Geographic news. The Area 51 Hoot and Scoot Often hoisted atop tall poles for radar tests of the planes' stealthiness, OXCART prototypes were tested outside?making the Soviet spy satellites especially aggravating. "We had hoot-and-scoot sheds, we called them," Barnes says in the new National Geographic Channel documentary Area 51 Declassified. (The Channel is part-owned by the National Geographic Society, which owns National Geographic News.) "If a plane happened to be out in the open while a satellite was coming over the horizon, they would scoot it into that building." Former Area 51 procurement manager Jim Freedman adds, "That made the job very difficult, very difficult. "To start working on the aircraft and then have to run it back into the hangar and then pull it out and then put it in and then pull it out?it gets to be quite a hassle," Freedman says in the film. (Also see "Cold War Spy Plane Found in Baltic Sea.") Shadows of Area 51 It turned out that even laborious hooting and scooting weren't enough. Spies had learned that the Soviets had a drawing of an OXCART plane?obtained, it was assumed, via an infrared satellite. As a plane sat in the hot desert, its shadow would create a relatively cool silhouette, visible in infrared even after the plane had been moved inside. "It's like a parking lot," Barnes told National Geographic News. "After all the cars have left you can still see how many were parked there [in infrared] because of the difference in ground temperatures." To thwart the infrared satellites, Area 51 crews began constructing fanciful fake planes out of cardboard and other mundane materials, to cast misleading shadows for the Soviets to ponder. (Not intended to be seen, the decoys themselves were scooted out of sight before satellite flyovers.) Sometimes staff even fired up heaters near imaginary engine locations to make it look as if planes had just landed. "We really played with the infrared satellites," Barnes recalled. Ahead of Its Time?And Gone Before Its Time? As for the real U-2 successor, the Soviets never solved the secrets of OXCART before the program was made public in the mid-1960s. But during the course of some 2,850 top-secret test flights numerous people did see an oddly shaped (for the time), Mach-3 aircraft. Unidentifiable even to air controllers or commercial pilots, the gleaming titanium craft no doubt helped fuel the persistent rumors connecting UFOs with Area 51. In the end, the result of all the subterfuge was the Archangel-12, or A-12, considered by some to be the first true stealth plane. (Related: "'Hitler's Stealth Fighter' Re-created.") The A-12 could travel over 2,000 miles an hour (3,220 kilometers an hour) and cross the continental U.S. in 70 minutes?all while taking pictures that could resolve foot-long objects on the ground from an altitude of 90,000 feet (27,430 meters). But despite being "the most advanced aircraft ever built," as CIA historian David Robarge writes, the A-12 never saw spy service over the Soviet Union. And just as the Archangel was to be deemed ready for operation, its successor, the U.S. Air Force's famed SR-71 Blackbird, was already in the works. Due to fiscal pressures and Air Force/CIA competition, Robarge writes, the A-12, one of Area 51's greatest creations?at least that we know about?was decommissioned in 1968 after only a year in active service. From rforno at infowarrior.org Tue May 24 11:46:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 May 2011 12:46:29 -0400 Subject: [Infowarrior] - US fancies a huge metaphor repository Message-ID: Apple of my eye? US fancies a huge metaphor repository By Layer 8 on Mon, 05/23/11 - 12:27pm. http://www.networkworld.com/community/blog/apple-my-eye-us-fancies-huge-metaphor-reposit Researchers with the US Intelligence Advanced Research Projects Activity want to build a repository of metaphors. You read that right. Not just American/English metaphors mind you but those of Iranian Farsi, Mexican Spanish and Russian speakers. Why metaphors? "Metaphors have been known since Aristotle as poetic or rhetorical devices that are unique, creative instances of language artistry (for example: The world is a stage; Time is money). Over the last 30 years, metaphors have been shown to be pervasive in everyday language and to reveal how people in a culture define and understand the world around them," IARPA says. More interesting news: The weirdest, wackiest and stupidest sci/tech stories of 2010 The group, which develops high-risk, reward research projects for the government says Metaphor Program: ? Shape how people think about complex topics and can influence beliefs; ? Reduce the complexity of meaning associated with a topic by capturing or expressing patterns; ? Show uncovered inferred meanings and worldviews of particular groups or individuals: Characterization of disparities in social issues and contrasting political goals; exposure of inclusion and exclusion of social and political groups and understanding of psychological problems and conflicts. In the end the program should produce a methodology, tools and techniques together with a prototype system that will identify metaphors that provide insight into cultural beliefs. It should also help build structured framework that organizes the metaphors associated with the various dimensions of an analytic problem and build a metaphor repository where all metaphors and related information are captured for future reference and access, IARPA stated. "For decision makers to be effective in a world of mass communication and global interaction, they must understand the shared concepts and worldviews of members of other cultures of interest. Recognizing cultural norms is a significant challenge, however, because they tend to be hidden. We tend to notice them only when they are in conflict with the norms of other cultures. Such differences may cause discomfort or frustration and may lead to flawed interpretations about the intent or motivation of others. The Metaphor Program will exploit the use of metaphors by different cultures to gain insight into their cultural norms," IARPA says. The Metaphor Program is divided into two phases, totaling 60 months, and is intended to begin in November 2011. Understanding language is a hot topic amongst the government research folks. Last year you may recall, the military's research folks at the Defense Advanced Research Projects Agency said they wanted to know about how stories or narratives influence human behavior. To this end, DARPA hosted a workshop called "Stories, Neuroscience and Experimental Technologies (STORyNET): Analysis and Decomposition of Narratives in Security Contexts." "Stories exert a powerful influence on human thoughts and behavior. They consolidate memory, shape emotions, cue heuristics and biases in judgment, influence in-group/out-group distinctions, and may affect the fundamental contents of personal identity. It comes as no surprise that these influences make stories highly relevant to vexing security challenges such as radicalization, violent social mobilization, insurgency and terrorism, and conflict prevention and resolution. Therefore, understanding the role stories play in a security context is a matter of great import and some urgency," DARPA stated. From rforno at infowarrior.org Tue May 24 14:30:06 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 May 2011 15:30:06 -0400 Subject: [Infowarrior] - DOD Employees Told to Report Suspicious Activities Message-ID: <6D070305-B119-4053-8247-DA702C18E666@infowarrior.org> Defense Employees Told to Report Suspicious Activities May 24th, 2011 by Steven Aftergood http://www.fas.org/blog/secrecy/2011/05/report_fie.html A new counterintelligence directive (pdf) requires all Department of Defense personnel to report a wide range of suspicious activities and behavior to counterintelligence officials. The directive effectively deputizes millions of military and civilian employees of the Department as counterintelligence agents or informants. If they do not report any of the specified activities, they themselves could be subject to punitive action. ?Potential FIE [Foreign Intelligence Entity] threats to the DoD, its personnel, information, materiel, facilities, and activities, or to U.S. national security shall be reported by DoD personnel,? the new directive states. ?DoD personnel who fail to report information as required? may be subject to judicial or administrative action, or both, pursuant to applicable law and regulation,? it says. See DoD Directive 5240.06, ?Counterintelligence Awareness and Reporting,? May 17, 2011. The directive lists numerous actions that are subject to mandatory reporting including ?attempts to obtain classified or sensitive information by an individual not authorized to receive such information? and ?requests for DoD information that make an individual suspicious, to include suspicious or questionable requests over the internet or SNS [social networking services].? The directive employs the relatively new term ?Foreign Intelligence Entity,? which includes non-governmental organizations based abroad that use intelligence techniques to gather US government information or to influence US policy. The new phrase did not appear in the official Department of Defense Dictionary of Military and Associated Terms as recently as a year ago (pdf), though it is included in the latest edition of the Dictionary (pdf). A Foreign Intelligence Entity is defined in the directive as ?any known or suspected foreign organization, person, or group (public, private, or governmental) that conducts intelligence activities to acquire U.S. information, block or impair U.S. intelligence collection, influence U.S. policy, or disrupt U.S. systems and programs. The term includes foreign intelligence and security services and international terrorists.? From rforno at infowarrior.org Tue May 24 22:02:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 May 2011 23:02:28 -0400 Subject: [Infowarrior] - ElcomSoft releases iOS decryption toolset Message-ID: <1AA68BA4-6D30-47FF-B441-9BC0A4CC16C0@infowarrior.org> Russian company releases commercial iOS decryption toolset By Casey Johnston | Published about an hour ago http://arstechnica.com/apple/news/2011/05/russian-company-releases-commercial-ios-decryption-toolset.ars The first commercially available set of tools for cracking the encryption and passwords on iOS devices has been made available by Russian security company ElcomSoft. One part of their software is a password breaker, while another part, available only to law enforcement and forensic agencies, is able to extract numbers used to create the encryption keys for iOS data to render decrypted images of the device. The decryption tool requires access to the device in question, but once it's in hand, a few different kinds of keys need can be scraped from it, including the unique device key (UID) and escrow keys calculated using the UID and escrow pairing records. If the device is only protected by a 4-digit passcode, the program then only needs to brute-force its way through that to get access to all of the decryptable information. iOS was never much of a security fortress (as we've noted numerous times) and even this new tool uses a variation of a previously discovered method. Charlie Miller, of Pwn2Own fame and a principal research consultant with Accuvant, even pointed out to Ars that the Fraunhofer Institute for Secure Information Technology detailed a very similar method in a research paper they put out in February. However, their tools are not for sale. If your phone or tablet regularly comes under scrutiny of the law, Miller adds that this commercially available toolset is fairly simple to route by using a long, complex password rather than a 4-digit code to protect your data. The ElcomSoft method comes with a password breaker, but much of its efficiency is derived from defining limits on the possible guesses, such as variations on a certain word. While "beating it out of you" will remain the superior method of password obtainment for the average law enforcer, the password breaker could still come in handy for when you can't remember which characters in your leetspeak password were numbers, and which were letters. From rforno at infowarrior.org Wed May 25 08:17:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 May 2011 09:17:56 -0400 Subject: [Infowarrior] - Major Vulnerability Found in Leaked Anti-Piracy Software Message-ID: <7B63A910-0124-4675-A9B8-AFA89D1864DA@infowarrior.org> Major Vulnerability Found in Leaked Anti-Piracy Software ? enigmax ? 25/05/2011 http://torrentfreak.com/major-vulnerability-found-in-leaked-anti-piracy-software-110525/ Trident Media Guard, the company entrusted by the French government to monitor file-sharing networks for copyright infringement, recently had some of their tools leaked onto the Internet following a security breach. Now researchers have published an analysis, with claims that an auto-update feature makes TMG?s servers vulnerable to remote code injection and execution. As detailed in our earlier reports, anti-piracy company Trident Media Guard (TMG) recently failed to secure some of their systems. Blogger and security researcher Olivier Laurelli, aka Bluetouff, originally reported the breach which included a wide open virtual ?test? machine containing various tools. These, of course, spilled into the wild. From the various files made available, some were easily viewable with a standard text editor, others ? such as an executable called server_interface.exe ? were more tricky. Thanks to a admittedly fairly hostile Full Disclosure security report we now have a clearer idea of what the package is capable of. Penned by ?CULT OF THE DEAD HADOPI?, the report refers to TMG as ?Too Many Gremlins? along with reports not to expose them to bright lights. In it the server_interface.exe code is described as a Delphi service to which anyone can connect and start sending commands, no authentication (username/password) required. Perhaps even more worrying is a script which accepts auto-updates. ?An attacker can use the ?Auto Update? feature (\x82) to force the server to download updates from an evil FTP server he controls. Of course, a downloaded file is executed just after the download,? write the researchers. ?Hence, anyone who wants to raise an army against Too Many Gremlins, look for an open port on TCP 8500,? they add. The implication here is that if this software was present on all TMG servers, in addition to being able to turn them on and off at will a hacker could take them over with custom code of his own choosing, potentially creating ?an army? which could be used to attack TMG or indeed, anyone else. Commenting on the research, Bluetouff told TorrentFreak that the discovery of the vulnerabilities mean that the French 3 strikes program might already have been compromised. ?If TMG is vulnerable to injectioning on the system used to provide IP addresses to the HADOPI, the whole process is fu**** up,? he explained. ?Someone could for example inject the Culture Ministry?s IP range, or worse, gain access between TMG and HADOPI?s VPN by stealing certificates? then gain access to a huge amount of personal data,? he added. ?For instance we don?t know if this new ?test server? leak can compromise the LAN(S) of TMG with this exploit. Opacity is even for HADOPI. That?s why they went to audit TMG?s infrastructure with the CNIL [French Data Protection Office].? ?Anyway, this new episode shows that HADOPI was right to close their access,? he concludes. That closure of access is a reference to Hadopi severing their Internet links to TMG once they found out about the leak and resorting to shifting IP addresses around by DVD and the postal system instead. That is hardly efficient and undoubtedly TMG will be working hard to get back into the 21st century. From rforno at infowarrior.org Wed May 25 08:28:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 May 2011 09:28:47 -0400 Subject: [Infowarrior] - Anonymous issues a warning over the US Protect IP Act Message-ID: <4A13DD10-C8CD-46F9-A9D5-C52BAC6F3001@infowarrior.org> Anonymous issues a warning over the US Protect IP Act Calls on people to defend internet freedom By Dean Wilson Wed May 25 2011, 11:59 http://www.theinquirer.net/inquirer/news/2073723/anonymous-issues-warning-protect-ip-act HACKTIVIST GROUP Anonymous has issued a warning to US lawmakers and media content rights holders over the introduction of the Protect IP Act. The group, which is widely believed to have been responsible for the initial round of attacks on Sony's networks, issued a press release condeming the Protect IP Act and calling on internet users to fight for their online freedom. The Protect IP Act gives US authorities a number of new powers, such as the legal rights to seize domain names, block web sites at the ISP level, censor search engines and freeze assets. A number of web site domains have already been seized over charges of copyright infringement as part of the "Operation In Our Sites", but this is likely to increase now that the Protect IP Act has been passed. If a web site cannot be taken offline, as many are hosted outside the US, then the new powers allow US authorities to force ISPs to block access to the web sites in question, an approach that has been called "draconian" by supporters of free speech. Anonymous said that people must protect the freedom of the internet, highlighting the recent events in Egypt, Tunisia and Iran as examples of how the internet can serve as a powerful force against oppression. Some of those regimes attempted to censor the internet to curb dissent, only to be ultimately toppled. The last thing US authorities should want is to be compared with them. The group said that the US government is using copyright protection as a disguise for censorship of web sites it does not like, and that instead of reducing so-called 'piracy' it will endanger the free flow of information. Anonymous then directed its attention to the lawmakers and the RIAA and MPAA, saying that these agencies have declared war on the internet, ignoring the First, Fourth and Fifth Amendments to the US Constitution. It said it is a war that they cannot win and called for these organisation to cease their attempts at censorship, or else "face the wrath of the Hivemind". If Anonymous was responsible for Sony's recent troubles, then perhaps lawmakers and the media copyright cartels should not take this threat too lightly. ? From rforno at infowarrior.org Wed May 25 08:57:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 May 2011 09:57:35 -0400 Subject: [Infowarrior] - Key Internet summit to discuss online rules Message-ID: <2AA459D9-587E-494C-B6B6-46BEC4C1D942@infowarrior.org> Key Internet summit to discuss online rules May 24 07:33 AM US/Eastern http://news.yahoo.com/s/afp/20110524/bs_afp/franceg8internetmediaindustry_20110524113317 The world's most powerful Internet and media barons gathered in Paris on Tuesday in a show of strength to leaders at the G8 summit, amid rows over online copyright, regulation and human rights. French President Nicolas Sarkozy kicked off the gathering in Paris, hailing the assembled players as the leaders of the "Internet revolution", but warning that with their power comes great responsibility. He hailed the role of the Internet in helping protestors organise recent Arab uprisings such as the revolutions in Tunisia and Egypt, but insisted it must be underpinned by "values" and "rules." "The people of the Arab countries have shown the world that the Internet does not belong to states," Sarkozy said. "The Internet has become the measure of credibility of democracies and the measure of shame of dictatorships." Top executives from online giants including Google, Facebook and Microsoft attended the gathering to tout the economic potential of the Internet, which Sarkozy has put on the agenda of the G8 summit he is hosting two days later. With blogs and Tweets oiling the wheels of revolutions in some countries and scans and downloads sparking trade disputes in others, the stakes are high for leaders seeking to promote and profit from the web but also to regulate it. Authorities in several countries have clashed with Google, the world's biggest Internet search engine, notably in China, where the company accused the government of hacking dissidents' email accounts. And, while acknowledging the net's power as a force for freedom elsewhere, western countries differ on how to harness or curb it on their own doorsteps. Media freedom campaigners such as Reporters Without Borders have criticised moves by some European countries, such as a recent French law making web users liable to prosecution if they illegally download films and music. German and Italian regulators have placed restrictions on Google's Street View, over privacy concerns for people photographed in its online street maps. In France, several publishers accuse Google of scanning their copyrighted books for its online library. Sarkozy touted the meetings of the e-G8 and the G8 as an unprecedented meeting of the online and political worlds. He convened the e-G8 to draw up a declaration aimed at Group of Eight leaders who will meet at their annual summit on Thursday and Friday in the northern French resort of Deauville. The e-G8 guests include the executive chairman of Google, Eric Schmidt; the founder of social site Facebook, Mark Zuckerberg; and Jeff Bezos, founder of online retail giant Amazon. Also attending is Rupert Murdoch, the billionaire head of the global media empire News Corporation, which includes Fox News and the Wall Street Journal, and dubbed by Forbes magazine "the man who owns the news." Sarkozy was to host 22 of the biggest players for lunch at the Elysee Palace and Murdoch was due to address the gathering later on Tuesday. Representatives from consultancy McKinsey told the gathering the Internet sector accounted for 3.4 percent of output and 10 percent of growth in the past five years in 13 key economies including the G8 and China. "Your work can be considered historic and impacts civilisation," Sarkozy told delegates. "With this in mind, your level of responsibility is undoubtedly the highest ever given to individuals who do not work in the public sector or as state representatives." Copyright AFP 2008, AFP stories and photos shall not be published, broadcast, rewritten for broadcast or publication or redistributed directly or indirectly in any medium From rforno at infowarrior.org Wed May 25 14:25:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 May 2011 15:25:49 -0400 Subject: [Infowarrior] - TSA Holds Texas Flights Hostage Message-ID: <631B79E8-06DC-4288-9D6B-7260123632AD@infowarrior.org> Financial Terrorism: TSA Holds Texas Flights Hostage Paul Joseph Watson Infowars.com May 25, 2011 http://www.infowars.com/financial-terrorism-tsa-holds-texas-flights-hostage/ DOJ resorts to economic terrorism, lawmaker compares fight to revolutionary war against Mexico An astounding Department of Justice threat to cancel airline flights to and from Texas, in addition to underhanded lobbying by TSA representatives, has killed efforts in the state to pass HB 1937, a bill that would have made invasive pat downs by TSA agents a felony. HB 1937, a bill that would have made it ?A criminal act for security personnel to touch a person?s private areas without probable cause as a condition of travel or as a condition of entry into a public place,? was headed for an imminent Senate vote in Texas having already passed the House unanimously 138-0, before the federal government stepped in to nix the legislation. In a letter sent to Texas lawmakers, including to Lt. Gov. David Dewhurst, Speaker Joe Straus, the House Clerk, and the Senate Secretary, U.S. Attorney John E. Murphy threatened to cripple the airline industry in the state if legislators did not back down. ?If HR [sic] 1937 were enacted, the federal government would likely seek an emergency stay of the statute,? Murphy wrote. ?Unless or until such a stay were granted, TSA would likely be required to cancel any flight or series of flights for which it could not ensure the safety of passengers and crew.? ?We urge that you consider the ramifications of this bill before casting your vote,? Murphy added. The fact that Murphy can?t even get the name of the bill correct is almost as disconcerting as the rampant mafia-like attitude of the DOJ in using de facto economic terrorism to shoot down the legislation. Following a fiery debate in the Texas House last night, Senate sponsor Dan Patrick (R-Houston) pulled the bill, remarking that TSA representatives had been ?lobbying? the Texas Senate in an effort to mothball the legislation. ?I will pull HB 1937 down, but I will stand for Liberty in the state of Texas,? Patrick said. Patrick added that TSA officials had warned him passing the bill ?could close down all the airports in Texas,? which he regarded as a ?heavy handed threat? by the federal government. The staff of Rep. David Simpson said the DOJ had ?thrown down the gauntlet? in using such stark language to oppose the bill. ?Either Texas backs off and continues to let government employees fondle innocent women, children and men as a condition of travel,? the staff wrote, ?or the TSA [Transportation Safety Administration] has the authority to cancel flights or series of flights.? ?? 97 percent of people who go though the nation?s airports do not go through these offensive searches. And yet, a United States Attorney warns that flights to Texas could be shut down because TSA would not be able to ensure the safety of passengers and crew if agents could not touch genitals. Someone must make a stand against the atrocities of our government agents ?? In a point by point refutation of the DOJ letter, Simpson compared the battle against the TSA to the Texas revolutionary war against Mexico, writing, ?Gentlemen, we find ourselves at such a watershed moment today. The federal government is attempting to deprive the citizens of Texas of their constitutional rights under the Fourth Amendment of the United States Constitution and Article 1, Section 9, of the Texas Constitution. If we do not stand up for our citizens in the face of this depravation of their personal rights and dignity, who will?? The fact that the Department of Justice and the TSA have resorted to threats of economic terrorism in addition to underhanded lobbying techniques again illustrates the fact that the federal government is increasingly behaving like a criminal enterprise with total disregard for the Constitution. The TSA?s initial response to HB 1937 was to claim that it could not become law because it violated Supremacy Clause of the U.S. Constitution (Article. VI. Clause 2), a law that the TSA claimed ?prevents states from regulating the federal government.? In reality, this was a complete fabrication. ?The statement is false. Ignorance from the TSA is unlikely, so I?ll call a spade a spade. They?re lying. The supremacy clause says nothing of the sort,? reported Michael Boldin of the Tenth Amendment Center. Here?s the full text: This Constitution, and the Laws of the United States which shall be made in pursuance thereof; and all treaties made, or which shall be made, under the authority of the United States, shall be the supreme law of the land; and the judges in every state shall be bound thereby, anything in the constitution or laws of any state to the contrary notwithstanding. ?So, in simple terms, what does the supremacy clause mean? Just what it says. The constitution is supreme. And any federal laws made in line with the constitution is supreme. Nothing more, nothing less,? writes Boldin. As we have documented, TSA grope downs and body scans are now being rolled out on highways, street corners, public buildings, at sports events, and even at local prom nights. Despite the fact that the federal government has resorted to thuggish intimidation tactics to kill the anti-grope down bill in Texas, this only marks the latest chapter in an epic states? rights battle that has centered on the agenda of the TSA to become a literal occupying force in America, manning internal checkpoints that will litter the entire country. ? Paul Joseph Watson is the editor and writer for Prison Planet.com. He is the author of Order Out Of Chaos. Watson is also a regular fill-in host for The Alex Jones Show. From rforno at infowarrior.org Wed May 25 19:27:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 May 2011 20:27:30 -0400 Subject: [Infowarrior] - Wireless providers exempted from data-logging plan Message-ID: <804BBF1B-389C-4F96-A795-94B3160A19F8@infowarrior.org> May 25, 2011 12:53 PM PDT Wireless providers exempted from data-logging plan by Declan McCullagh http://news.cnet.com/8301-31921_3-20066196-281.html Wireless providers won't have to comply with extensive requirements in a new bill that would force Internet companies to log data about their customers. CNET was the first to report this exemption for wireless carriers in an article a few weeks ago. That legislation was publicly announced today by U.S. Reps. Lamar Smith (R-Texas), the head of the House Judiciary Committee, and Debbie Wasserman Schultz (D-Fla.). That appears to be the result of lobbying from wireless providers, which don't want to have to comply with any new governmental mandates. But the exemption has already drawn the ire of the U.S. Justice Department, and is likely to attract strong opposition from cable and DSL providers who would be the ones singled out for regulation. CTIA, the wireless trade association, did not respond to a request for comment today. Previously it said through a spokesman only that "we are committed to working with the committee on the legislation." "Investigators need the assistance of Internet Service Providers to identify users and distributors of online child pornography," Smith said in a statement today. "This bill requires ISPs to retain subscriber records, similar to records retained by telephone companies, to aid law enforcement officials in their fight against child sexual exploitation." The logged data, however, could be used to investigate any type of crime. A Republican aide to the House Judiciary committee, who did not want to be identified, said the bill exempts wireless providers because their networks are designed in such a way that IP addresses are assigned to multiple users or accounts and they are "not technologically capable of retaining the type of data that law enforcement needs because that's not how their system works." Smith's bill, called the Protecting Children From Internet Pornographers Act of 2011 (PDF), requires Internet providers to "retain for a period of at least 18 months the temporarily assigned network addresses the service assigns to each account, unless that address is transmitted by radio communication." It also enhances penalties for possession of child pornography, which is defined in federal law as the "lascivious" exhibition of the genitals. The mobile exemption represents a new twist in the debate over data retention requirements, which has been simmering since the Justice Department pushed the topic in 2005, a development that was first reported by CNET. Proposals publicly surfaced in the U.S. Congress the following year, and Bush administration Attorney General Alberto Gonzales said it was an issue that "must be addressed." So, eventually, did FBI director Robert Mueller. In January, CNET reported that the Obama Justice Department was following suit. Earlier this month, Jason Weinstein, the deputy assistant attorney general for the criminal division, warned that wireless providers must be included because "when this information is not stored, it may be impossible for law enforcement to collect essential evidence." The definitions in Smith's bill could sweep in coffee shops that offer wired connections to their customers, as well as hotels, universities, schools, and businesses that offer wired network connections, plus traditional broadband providers. Smith introduced a broadly similar bill in 2007, without the wireless exemption, calling it a necessary anti-cybercrime measure. "The legislation introduced today will give law enforcement the tools it needs to find and prosecute criminals," he said in a statement at the time. "Retention" vs. "preservation" At the moment, Internet service providers typically discard any log file that's no longer required for business reasons such as network monitoring, fraud prevention, or billing disputes. Companies do, however, alter that general rule when contacted by police performing an investigation--a practice called data preservation. A 1996 federal law called the Electronic Communication Transactional Records Act regulates data preservation. It requires Internet providers to retain any "record" in their possession for 90 days "upon the request of a governmental entity." Because Internet addresses remain a relatively scarce commodity, ISPs tend to allocate them to customers from a pool based on whether a computer is in use at the time. (Two standard techniques used are the Dynamic Host Configuration Protocol and Point-to-Point Protocol over Ethernet.) In addition, an existing law called the Protect Our Children Act of 2008 requires any Internet provider who "obtains actual knowledge" of possible child pornography transmissions to "make a report of such facts or circumstances." Companies that knowingly fail to comply can be fined up to $150,000 for the first offense and up to $300,000 for each subsequent offense. From rforno at infowarrior.org Wed May 25 19:28:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 May 2011 20:28:03 -0400 Subject: [Infowarrior] - Fwd: WTF? BofA Breach: 'A Big, Scary Story' References: Message-ID: Begin forwarded message: > From: Paul Ferguson > > This part if the most disturbing: > > "BofA says it detected the fraud a year ago, but only recently began > notifying affected customers of the breach." > > http://www.bankinfosecurity.com/articles.php?art_id=3673 From rforno at infowarrior.org Wed May 25 19:29:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 May 2011 20:29:22 -0400 Subject: [Infowarrior] - US to store passenger data for 15 years Message-ID: <25A2BAE2-2C8B-4EC0-8399-A9AB3EED40FD@infowarrior.org> US to store passenger data for 15 years Draft of Washington-EU deal leaked to the Guardian shows agreement 'violates basic European principles' ? Alan Travis, Home affairs editor ? guardian.co.uk, Wednesday 25 May 2011 21.30 BST http://www.guardian.co.uk/world/2011/may/25/us-to-store-passenger-data The department of homeland security will store details of passengers to and from the US three times longer than allowed in Europe. The personal data of millions of passengers who fly between the US and Europe, including credit card details, phone numbers and home addresses, may be stored by the US department of homeland security for 15 years, according to a draft agreement between Washington and Brussels leaked to the Guardian. The "restricted" draft, which emerged from negotiations between the US and EU, opens the way for passenger data provided to airlines on check-in to be analysed by US automated data-mining and profiling programmes in the name of fighting terrorism, crime and illegal migration. The Americans want to require airlines to supply passenger lists as near complete as possible 96 hours before takeoff, so names can be checked against terrorist and immigration watchlists. The agreement acknowledges that there will be occasions when people are delayed or prevented from flying because they are wrongly identified as a threat, and gives them the right to petition for judicial review in the US federal court. It also outlines procedures in the event of anticipated data losses or other unauthorised disclosure. The text includes provisions under which "sensitive personal data" ? such as ethnic origin, political opinions, and details of health or sex life ? can be used in exceptional circumstances where an individual's life could be imperilled. The 15-year retention period is likely to prove highly controversial as it is three times the five years allowed for in the EU's PNR (passenger name record) regime to cover flights into, out of and within Europe. A period of five and a half years has just been negotiated in a similar agreement with Australia. Germany and France raised concerns this week about the agreement and the unproven necessity for the measure. Britain has already announced its intention to opt in to the European PNR plan, in which the home secretary, Theresa May, played a key role, and is expected to join the US agreement this summer. The Home Office minister Damian Green has said: "The power of PNR lies in the fact that by using an automated system and interrogating it intelligently, we are able to sift data quickly and in such a way that it reveals patterns and makes links that would otherwise not be readily apparent." The text of the draft agreement does not explicitly mention profiling but instead talks of "processing and analysing PNR data". The US Senate passed a resolution last week saying it "simply could not accept" any watering down by European ministers of data-sharing, describing it as "an important part of our layered defences against terrorism". Senators said it was an important tool in the security agencies' "identifying possible threats before they arrive in our country". But the European parliament, which would have to approve it, has demanded proof that such a PNR agreement is necessary, and said it should in no circumstances be used for data-mining or profiling. A provisional agreement on sharing airline passenger data between the EU and the US has been in force since 2007, but has been the subject of an intense civil liberties debate across Europe. This draft agreement appears to give the Americans all they have asked for. A leaked opinion from the EU council of ministers' legal advisers also warns that the EU's PNR scheme is disproportionate and not in line with privacy requirements under human rights law. The German constitutional court ruled last years that six months was the maximum appropriate period for retaining personal telecommunications data. The EU-US agreement tries to allay some of these privacy concerns by proposing to "mask" or "depersonalise" the identity of individuals after six months on the homeland security department's active database. The data will be transferred to a dormant database after five years, to be held for a further 10 years. But the agreement allows for the identity of individuals to be restored at any stage by authorised officials in connection with a particular law enforcement operation. The agreement will not only cover transatlantic flights, but appears to raise the prospect that airlines will have to provide PNR details to Washington for other international flights. It also allows passenger data to be passed to agencies in countries outside the US and Europe. Jan Philip Albrecht, a German green party member of the European parliament's civil liberties committee, said the agreement in its current form should be rejected. "The planned PNR agreement with the US violates fundamental constitutional principles of European states. Europeans should have the right to protection of their fundamental rights when cooperating with other countries like the US and Australia." "A blanket retention of personal data for five or even more years is a huge infringement of data protection principles. The mass collection and analysis of PNR data as planned in the new agreements cannot be justified in the view of recent court judgements. "Especially the untransparent profiling practices in the US are in clear contradiction to the European parliament's demands. In this form, the parliament has to vote the proposals down." The data to be collected includes 19 separate items relating to each airline passenger, including their billing details, contact numbers, the names of those they are travelling with and how much baggage they have, as well their itinerary. Airlines are to be required to provide the details up to 96 hours in advance, compared with 72 hours now under the provisional arrangement. From rforno at infowarrior.org Wed May 25 23:04:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 May 2011 00:04:11 -0400 Subject: [Infowarrior] - =?windows-1252?q?There=92s_a_Secret_Patriot_Act?= =?windows-1252?q?=2C_Senator_Says?= Message-ID: <8DFF1E2D-46E4-41C9-BF31-852BFDBAC511@infowarrior.org> There?s a Secret Patriot Act, Senator Says ? By Spencer Ackerman ? May 25, 2011 | ? 4:56 pm | ? Categories: Crime and Homeland Security http://www.wired.com/dangerroom/2011/05/secret-patriot-act/ You may think you understand how the Patriot Act allows the government to spy on its citizens. Sen. Ron Wyden (D-Oregon) says it?s worse than you?ve heard. Congress is set to reauthorize three controversial provisions of the surveillance law as early as Thursday. But Wyden says that what Congress will renew is a mere fig leaf for a far broader legal interpretation of the Patriot Act that the government keeps to itself ? entirely in secret. Worse, there are hints that the government uses this secret interpretation to gather what one Patriot-watcher calls a ?dragnet? for massive amounts of information on private citizens; the government portrays its data-collection efforts much differently. ?We?re getting to a gap between what the public thinks the law says and what the American government secretly thinks the law says,? Wyden tells Danger Room in an interview in his Senate office. ?When you?ve got that kind of a gap, you?re going to have a problem on your hands.? What exactly does Wyden mean by that? As a member of the intelligence committee, he laments that he can?t precisely explain without disclosing classified information. But one component of the Patriot Act in particular gives him immense pause: the so-called ?business-records provision,? which empowers the FBI to get businesses, medical offices, banks and other organizations to turn over any ?tangible things? it deems relevant to a security investigation. ?It is fair to say that the business-records provision is a part of the Patriot Act that I am extremely interested in reforming,? Wyden says. ?I know a fair amount about how it?s interpreted, and I am going to keep pushing, as I have, to get more information about how the Patriot Act is being interpreted declassified. I think the public has a right to public debate about it.? That?s why Wyden and his colleague Sen. Mark Udall offered an amendment on Tuesday to the Patriot Act reauthorization. The amendment, first reported by Marcy Wheeler, blasts the administration for ?secretly reinterpret[ing] public laws and statutes.? It would compel the Attorney General to ?publicly disclose the United States Government?s official interpretation of the USA Patriot Act.? And, intriguingly, it refers to ?intelligence-collection authorities? embedded in the Patriot Act that the administration briefed the Senate about in February. Wyden says he ?can?t answer? any specific questions about how the government thinks it can use the Patriot Act. That would risk revealing classified information ? something Wyden considers an abuse of government secrecy. He believes the techniques themselves should stay secret, but the rationale for using their legal use under Patriot ought to be disclosed. ?I draw a sharp line between the secret interpretation of the law, which I believe is a growing problem, and protecting operations and methods in the intelligence area, which have to be protected,? he says. Surveillance under the business-records provisions has recently spiked. The Justice Department?s official disclosure on its use of the Patriot Act, delivered to Congress in April, reported that the government asked the Foreign Intelligence Surveillance Court for approval to collect business records 96 times in 2010 ? up from just 21 requests the year before. The court didn?t reject a single request. But it ?modified? those requests 43 times, indicating to some Patriot-watchers that a broadening of the provision is underway. ?The FISA Court is a pretty permissive body, so that suggests something novel or particularly aggressive, not just in volume, but in the nature of the request,? says Michelle Richardson, the ACLU?s resident Patriot Act lobbyist. ?No one has tipped their hand on this in the slightest. But we?ve come to the conclusion that this is some kind of bulk collection. It wouldn?t be surprising to me if it?s some kind of internet or communication-records dragnet.? (Full disclosure: My fianc?e works for the ACLU.) The FBI deferred comment on any secret interpretation of the Patriot Act to the Justice Department. The Justice Department said it wouldn?t have any comment beyond a bit of March congressional testimony from its top national security official, Todd Hinnen, who presented the type of material collected as far more individualized and specific: ?driver?s license records, hotel records, car-rental records, apartment-leasing records, credit card records, and the like.? But that?s not what Udall sees. He warned in a Tuesday statement about the government?s ?unfettered? access to bulk citizen data, like ?a cellphone company?s phone records.? In a Senate floor speech on Tuesday, Udall urged Congress to restrict the Patriot Act?s business-records seizures to ?terrorism investigations? ? something the ostensible counterterrorism measure has never required in its nearly 10-year existence. Indeed, Hinnen allowed himself an out in his March testimony, saying that the business-record provision ?also? enabled ?important and highly sensitive intelligence-collection operations? to take place. Wheeler speculates those operations include ?using geolocation data from cellphones to collect information on the whereabouts of Americans? ? something our sister blog Threat Level has reported on extensively. It?s worth noting that Wyden is pushing a bill providing greater privacy protections for geolocation info. For now, Wyden?s considering his options ahead of the Patriot Act vote on Thursday. He wants to compel as much disclosure as he can on the secret interpretation, arguing that a shadow broadening of the Patriot Act sets a dangerous precedent. ?I?m talking about instances where the government is relying on secret interpretations of what the law says without telling the public what those interpretations are,? Wyden says, ?and the reliance on secret interpretations of the law is growing.? From rforno at infowarrior.org Wed May 25 23:06:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 May 2011 00:06:35 -0400 Subject: [Infowarrior] - Navy Fights Mickey Mouse for SEALs Trademark Message-ID: <27AE150B-44C6-4CA5-8351-84C79998C806@infowarrior.org> Navy Fights Mickey Mouse for SEALs Trademark By Jana Winter Published May 25, 2011 http://www.foxnews.com/politics/2011/05/25/navy-seals-fights-mickey-mouse-trademark/ SEAL Team 6 isn?t going down without a fight. The Navy is challenging Disney?s attempt to trademark the name of the elite squad responsible for taking out the world?s most wanted terrorist. On May 3, just two days after Usama bin Laden was killed in a raid on the Al Qaeda leader?s Pakistan compound, Disney filed trademark applications to use the name "SEAL Team 6" on everything from entertainment, toys, video games, clothing, footwear -- even Christmas ornaments and snow globes. Disney's applications with the U.S. Patent and Trademark Office filed cover three separate categories of goods and services -- meaning, they don't yet have consumer products but intend to in the future. But 10 days later, on May 13, the U.S. Navy hit back, filing two applications of its own. The Navy's competing applications sought trademark status for "SEAL Team" posters and clothing, as well as ?Navy SEAL? goods and services, identifying the Navy squad as an organization that ?develops and executes military missions involving special operations strategy, doctrine and tactics." Related Video What is SEAL Team 6? The founder of 'Team 6' weighs in Disney has not responded to FoxNews.com's repeated requests for comment. The U.S. Navy did not respond to repeated emails and phone calls Monday and Tuesday seeking comment on the Navy's trademark application. But earlier, when FoxNews.com contacted the U.S. Navy on May 13 seeking comment on Disney?s trademark applications, a spokesman said he was unaware of the attempt to swipe the name ?SEAL Team 6? and said he would be forwarding the information along to Navy lawyers. Who will take home the victory in the fight between the U.S. military and Mickey Mouse? "Disney would have priority, as far as the filing date goes with trademark office," New York trademark attorney Thomas Wilentz said. It all comes down to whether the patent office feels that granting trademarks to both U.S. Navy and Disney would cause consumer confusion, Wilentz said, in which case the patent office would give priority to the entity that filed its application first -- Disney. "But the U.S. Navy may have the argument that they are, you know, actually the SEALs, that they were using it first to identify themselves and any use by Disney would create consumer confusion about sponsorship," he said. "And if they actually took Disney to court they could win." Robin Bren, a Virginia-based trademark attorney with the law firm Oblon Spivak McClelland Maier & Neustadt, thinks the Patent and Trademark Office would turn down Disney?s trademark attempts. ?In order to overcome the probable refusal, Disney will have to argue that potential customers will not assume a connection with the Navy,? she said, adding that would be difficult in light of the elite squad?s recently acquired celebrity-like status. Because Disney was a step ahead of the Navy in filling, before the Navy?s applications can proceed, Disney?s must be abandoned. But Bren said Disney and the Navy also could enter into an agreement consenting to each other?s use and registration of ?SEAL Team 6? for their respective goods and services. ?Given the status/stature of Disney, this may be an attractive approach for the department of the Navy,? Bren said. Perhaps man and mouse can coexists, at least on some of the trademark issues, said Mark Warzecha, trademark attorney with Zies Widerman & Malek, a Florida law firm. ?Disney filed in the category of entertainment. Maybe they want to come out with an amusement park ride and the Navy?s not in that business, so there really isn?t a conflict there,? he said. ?If Disney decides they?re going to invade countries, then there might be an issue.? Still, Warzecha said, he?d side with the Navy if it ever went up against Disney in court. ?Trademark law is based on priority of use. If you use it first in commerce, you win,? he said. ?I?m pretty sure the U.S. Navy has been using 'SEAL Team 6' long before the mouse got involved.? Still, the process moves slowly, even for SEALs. It could take up to three years -- the deadline on the type of intent-to-use application filed by Disney -- to settle this. Paul Fucito, U.S. Patent and Trademark Office spokesman, told FoxNews.com none of these applications had yet been reviewed, and new applications usually take about three months to be reviewed. Don't blame Mickey Mouse for trying, Warzecha said. ?It?s not disingenuous on Disney?s part. They probably thought, oh man, that?s the hottest name in town?let?s put our mouse ears on and figure out some way to use this,? he said. From rforno at infowarrior.org Thu May 26 06:31:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 May 2011 07:31:28 -0400 Subject: [Infowarrior] - Military set to lead on US domestic cyber-security Message-ID: Military set to lead on US domestic cyber-security NSA, Cyber Command have 'unparalleled expertise' By Lewis Page ? Get more from this author Posted in Enterprise Security, 25th May 2011 09:30 GMT http://www.theregister.co.uk/2011/05/25/pentagon_lead_us_cyber_security/ The US military will play a leading role in defending homeland America from cyber attacks, and this will include providing cybersecurity to key infrastructure on US soil. Robert J Butler, deputy assistant secretary of defense for cyber policy, briefed senators in Washington on the plans yesterday. Butler stated that the Defense department would of course safeguard its own .mil domain, but would also closely collaborate with the Departments of Homeland Security and Justice to guard and patrol the rest of America's cyber territory. Philip Reitinger, DHS bigwig, seemed to imply that the military would lead on cybersecurity even in the domestic sphere. "We each bring unique things to the table," he said. "DOD [the Defense Department] has unparalleled technical expertise and cyber expertise." Giving a hint as to just which bits of America the military would be keenest to secure, Butler stated that the US armed forces are "critically dependent" on the civilian power network, telecoms, transport and many other sectors run using computer networks. "Just as our reliance on critical infrastructure has grown, so have the threats," Butler told the Senate homeland-security committee. His remarks were reported by the US forces press service. Evidently it is the US military's job to protect the United States from threats both foreign and domestic, but nonetheless there will be those worried by the prospect of military intelligence and security agencies getting involved in utility companies' networks and databases. To some degree this is already happening. News emerged last year that the National Security Agency (NSA) - which not everyone remembers is a combat support agency of the Defense department ? had set up a "black" (secret) programme called "Perfect Citizen", intended to set up monitoring equipment on networks deemed to be of national-security importance, perhaps including those of utility companies. This would allow the NSA to know when attacks were happening, rather than relying on companies to realise this and then report it. However the prospect also existed that such kit could allow for pervasive monitoring of such things as whether a given property was occupied, perhaps where a given car or rail passenger had been etc etc. One insider was quoted as saying that "Perfect Citizen is Big Brother". At the time the NSA insisted to the Reg that Perfect Citizen is "a research and engineering effort. There is no monitoring involved ... it does not involve the monitoring of communications or the placement of sensors on utility company systems ... Any suggestions that there are illegal or invasive domestic activities associated with this contracted effort are simply not true." Nonetheless the news that the NSA ? whose chief is also in command of the uniformed Cyber Command and subsidiary single-service cyberwar units such as the 24th Air Force, 10th Fleet etc ? is apparently to advise and guide ? if not lead outright ? US domestic cyber security efforts may give rise to a little disquiet as well as reassurance. ? From rforno at infowarrior.org Thu May 26 07:31:40 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 May 2011 08:31:40 -0400 Subject: [Infowarrior] - Fed Gave Banks Crisis Gains on $80 Billion Secretive Loans as Low as 0.01% Message-ID: <365BE7B3-5033-4AA9-B942-807BD500CD60@infowarrior.org> Fed Gave Banks Crisis Gains on $80 Billion Secretive Loans as Low as 0.01% By Bob Ivry - May 26, 2011 12:01 AM ET Credit Suisse Group AG (CS), Goldman Sachs Group Inc. (GS) and Royal Bank of Scotland Group Plc (RBS) each borrowed at least $30 billion in 2008 from a Federal Reserve emergency lending program whose details weren?t revealed to shareholders, members of Congress or the public. The $80 billion initiative, called single-tranche open- market operations, or ST OMO, made 28-day loans from March through December 2008, a period in which confidence in global credit markets collapsed after the Sept. 15 bankruptcy of Lehman Brothers Holdings Inc. Units of 20 banks were required to bid at auctions for the cash. They paid interest rates as low as 0.01 percent that December, when the Fed?s main lending facility charged 0.5 percent. ?This was a pure subsidy,? said Robert A. Eisenbeis, former head of research at the Federal Reserve Bank of Atlanta and now chief monetary economist at Sarasota, Florida-based Cumberland Advisors Inc. ?The Fed hasn?t been forthcoming with disclosures overall. Why should this be any different?? < -- > http://www.bloomberg.com/news/2011-05-26/fed-gave-banks-crisis-gains-on-secretive-loans-as-low-as-0-01-.html From rforno at infowarrior.org Thu May 26 10:43:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 May 2011 11:43:25 -0400 Subject: [Infowarrior] - Cringley: InsecureID: No more secrets? Message-ID: (c/o D) InsecureID: No more secrets? Back in March I heard from an old friend whose job it is to protect his company?s network from attack. ?Any word on just what was compromised at RSA?? he asked, referring to how the RSA Data Security division of EMC had been hacked. ?I suspect it was no more than a serial number, a seed, and possibly the key generation time. The algorithm has been known for years but unless they can match a seed to an account it is like having a key without knowing what lock it fits. That might simplify a brute force attack but first the attacker would need something to brute force?? Well it didn?t take long for whoever cracked RSA to find a lock to fit that key. Last weekend was bad for a very large U. S. defense contractor that uses SecureID tokens from RSA to provide two-factor authentication for remote VPN access to their corporate networks. Late on Sunday all remote access to the internal corporate network was disabled. All workers were told was that it would be down for at least a week. Folks who regularly telecommute were asked to come into nearby offices to work. Then earlier today (Wednesday) came word that everybody with RSA SecureID tokens would be getting new tokens over the next several weeks. Also, everybody on the network (over 100,000 people) would be asked to reset their passwords, which means admin files have probably been compromised. It seems likely that whoever hacked the RSA network got the algorithm for the current tokens and then managed to get a key-logger installed on one or more computers used to access the intranet at this company. With those two pieces of information they were then able to get access to the internal network. The contractor?s data security folks saw this coming, though not well enough to stop it. Shortly after the RSA breach they began requiring a second password for remote logins. But that wouldn?t help against a key-logger attack. The good news here is that the contractor was able to detect an intrusion then did the right things to deal with it. A breach like this is very subtle and not easy to spot. There will be many aftershocks in the IT world from this incident. But is this the only such instance of a major corporate network break-in? The very fact that we haven?t heard anything about this (I hadn?t, had you?) makes me think this probably ISN?T the first such network penetration from the recent RSA hack? or the last. What if every RSA token has been compromised, everywhere? ?I have not seen anyone abandoning their investment yet,? said my friend back in March. ?Most networks exchange token values over an encrypted channel anyway so the facade of security is still there. Until an attack succeeds (and how would you know?) the lemmings are complacent.? Well an attack has succeeded, laying open who knows what national secrets? The lemmings are now upset, or would be if they knew what you know now. I guess now they do. From rforno at infowarrior.org Thu May 26 11:22:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 May 2011 12:22:44 -0400 Subject: [Infowarrior] - Senate clears way to extend Patriot Act Message-ID: <081D6E0D-E91E-437D-8342-CBFC75EA35DA@infowarrior.org> http://www.cbsnews.com/stories/2011/05/26/politics/main20066476.shtml May 26, 2011 Senate clears way to extend Patriot Act Passage expected Thursday on extension to legislation that allows roving wiretaps, surveillance of foreign "lone wolf" suspects Washington - Senators showed overwhelming support Thursday to extend three terrorism-fighting tools for law enforcement beyond their midnight expiration. Senators voted 79-18 to move toward a final vote on the legislation, with passage expected later Thursday. The measure also needs House approval before it can go to the White House. The Senate's top Republican, Mitch McConnell of Kentucky, said he was certain that Congress would not let the tools, which include two from the 2001 USA Patriot Act, lapse. "I have no doubt that the four-year Patriot Act extension that members of both parties will agree to today will safeguard us from future attacks," he said. President Barack Obama is in Europe until Saturday evening, so Congress may have to agree on a short-term extension until he returns and can sign the bill. One of the tools lets law enforcement officials set roving wiretaps to monitor multiple communications devices. A second tool allows officials to get court-approved access to business records and other documents, including library check-outs, that might be relevant to a terrorist threat. The third one permits surveillance of non-American "lone wolf" suspects not specifically tied to terrorist groups. The Senate vote to move ahead followed several days of resistance from a GOP freshman, Sen. Rand Paul of Kentucky. The progress came after several days of impasse and resulted in part from prodding by intelligence officials who warned of the consequences of disrupting surveillance operations. "Should the authority to use these critical tools expire, our nation's intelligence and law enforcement professionals will have less capability than they have today to detect terrorist plots," James Clapper, the director of national intelligence, wrote congressional leaders. The Patriot Act was passed soon after the attacks of Sept. 11, 2001, and almost all of it is permanent law. But the provisions on roving wiretaps and access to business documents had expiration dates because of concerns they overstepped boundaries on civil liberties. Those two and the "lone wolf" measure, which was part of a 2004 intelligence law, have needed numerous temporary extensions as lawmakers argued over how best to ensure that they were not abusing individual rights. The extension debate this time led to a showdown between the Senate's most powerful member, Majority Leader Harry Reid, and a first-term lawmaker. Paul, a libertarian and tea party favorite, opposes the Patriot Act and objects to renewal of the expiring provisions on the grounds that they violate constitutional rights to privacy. Negotiations with Reid failed to meet Paul's demands that he be able to offer amendments to the legislation, including one amendment that would have excluded some gun records from Patriot Act investigations. An exasperated Reid used procedural maneuvers to cut off debate. Paul refused to allow the time for a final vote to be moved up. In the end, Reid agreed to give Paul votes on two amendments in exchange for letting the bill move forward. Paul had support from several Democrats who want to see more congressional oversight of how the Patriot Act operations are carried out. A proposed amendment that the chairman of the Senate Judiciary Committee, Sen. Patrick Leahy, D-Vt., sponsored with Paul would have required audits on the use of surveillance authorities and required the government to provide more proof of a link to a foreign group or power to obtain sensitive library circulation records and bookseller records. But with the expiration date approaching and little likelihood of a compromise with the House, the Democrats acceded to letting the bill move forward. Sen. Dick Durbin of Illinois, the second-ranking Democrat in the Senate, said he was not happy they weren't able to deal with the bill differently, but allowing the provisions to lapse was "unacceptable." Damage from a short-term lapse would probably be minimal. The government would be unable to get court warrants for new investigations but could still get court authority in the case of foreign intelligence investigations that were already under way before the provisions expired. Todd Hinnen, acting assistant attorney general for the Justice Department's national security division, said at a congressional hearing in March that the government seeks warrants for business records fewer than 40 times a year and that between 2001 and 2010, it sought roving wiretap authority in about 20 cases a year. He said the government has yet to use its lone wolf authority. ? 2011 The Associated Press. All Rights Reserved. This material may not be published, broadcast, rewritten, or re From rforno at infowarrior.org Thu May 26 11:57:53 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 May 2011 12:57:53 -0400 Subject: [Infowarrior] - =?windows-1252?q?Brain_Barrier_Breached_in_Roche_?= =?windows-1252?q?Push_to_Deliver_Potential_Alzheimer=92s_Drug?= Message-ID: <6BB8CCA0-700D-46FE-A6BD-F84B20F70DD3@infowarrior.org> Brain Barrier Breached in Roche Push to Deliver Potential Alzheimer?s Drug By Rob Waters - May 25, 2011 2:00 PM ET http://www.bloomberg.com/news/2011-05-25/brain-barrier-breached-in-roche-push-to-deliver-potential-alzheimer-s-drug.html Roche Holding AG (ROG) scientists may have found a way to overcome a blood barrier that keeps drugs from directly entering the brain, potentially opening new pathways to attack Alzheimer?s disease. The technique, tested in animals, makes use of a receptor that carries iron molecules across the barrier of blood, fluid and membranes that keeps bacteria and other substances, such as medicines, out of the brain, said Ryan Watts, a researcher at Roche?s Genentech unit in South San Francisco, California. The scientists configured a protein called an antibody to hitch a ride on the receptor, he said. Alzheimer?s impairs mental function in 18 million people globally, the World Health Organization says. Namenda, from New York-based Forest Laboratories Inc., and Aricept, made by Pfizer Inc. (PFE), of New York, and Tokyo-based Eisai Co., address symptoms without slowing or curing the disease. Efforts to alter its course with drugs have failed partly because of the barrier. ?It?s brilliant,? Robert Vassar, a professor of cell and molecular biology at Northwestern University Medical School in Chicago, said in a telephone interview. ?They hijacked a mechanism that is a normal part of the blood-brain barrier.? Roche, based in Basel, Switzerland, is Europe?s largest drugmaker by sales. The approach described today in the journal Science Translational Medicine may also work for Huntington?s and Parkinson?s, the researchers said. ?Elegant Strategy? It is ?an elegant strategy? that provides ?proof of principle? that this obstacle can be overcome, Steven Paul, a researcher at Weill Cornell Medical College in New York, said in a commentary published alongside the research. The hallmark of Alzheimer?s is the formation of clumps of a protein called beta amyloid and tangles of another called tau. Scientists don?t know why they accumulate or become twisted, and there is debate as to whether they cause the illness or are an end-product of some different process. Watts, the study leader, is developing a drug that blocks the action of an enzyme called BACE1 that?s involved in amyloid production. When his team tried to get their anti-BACE1 into the brains of mice and monkeys, they found that only a tiny fraction made it there. ?To do what we wanted to do in the brain, we had to dose like crazy, frequently and at high levels,? Watts said in an interview at Genentech?s campus. Such high dosages would be expensive and infeasible, Paul said. ?We needed a solution,? Watts said. Cells Need Iron Watts turned to Mark Dennis, from Genentech?s department of antibody engineering, who took advantage of the fact that all cells, including brain cells, need iron. He engineered an antibody with two arms. One arm was the anti-BACE1 drug; the other docked with a receptor called transferrin that carries iron to brain cells, providing a ferry across the barrier. The system allowed the researchers to deliver anti-BACE1 to the brains of mice, blunting the impact of the BACE1 enzyme and cutting in half the amount of amyloid in the brains of mice 48 hours after injection, according to the journal report. More work is needed before the two-armed antibody can be tested in people, Watts said. A human version of the transferrin receptor antibody needs to be created and more safety testing must be done on large animals, he said. ?I think the prospects are quite strong? that the research could lead to a human therapy, said Vassar, who first identified and cloned the BACE1 enzyme in 1999. Last August, Indianapolis-based Eli Lilly & Co. (LLY) released data showing that semagacestat, a drug directed against an enzyme involved in the production of amyloid, harmed patients instead of helping them. While that failure dampened enthusiasm for medicines that target amyloid, many researchers still see the plaques as being involved in development of the disease. Pfizer, the world?s largest drugmaker, and Johnson & Johnson (JNJ), of New Brunswick, New Jersey, for instance, are testing a drug aimed at amyloid called bapineuzumab and Lilly is testing another, called solanezumab. Both are in late-stage trials that should be completed within two years, Weill Cornell?s Paul said in his commentary. To contact the reporter on this story: Rob Waters in San Francisco at rwaters5 at bloomberg.net. From rforno at infowarrior.org Thu May 26 16:47:24 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 May 2011 17:47:24 -0400 Subject: [Infowarrior] - The 18 Senators Who Approve Breaking The Internet To Protect Hollywood Message-ID: <5534E03C-E07F-47F6-8C04-0B8A81B326E6@infowarrior.org> The 18 Senators Who Approve Breaking The Internet To Protect Hollywood from the not-cool dept http://www.techdirt.com/articles/20110526/08131414441/18-senators-who-approve-breaking-internet-to-protect-hollywood.shtml Last fall, we noted that the Senate Judiciary Committee had unanimously voted to approve COICA, a bill for censoring the internet as a favor to the entertainment industry. Thankfully, Senator Ron Wyden stepped up and blocked COICA from progressing. This year, COICA has been replaced by the PROTECT IP Act, which fixes some of the problems of COICA, but introduces significant other problems as well. A wide cross section of people who actually understand technology and innovation have come out against PROTECT IP as written -- including librarians, human rights groups, public interest groups (pdf) and various technology groups (pdf), including CEA, CCIA and NetCoalition. Most significantly, a group of internet/DNS specialists have made a strong case that this would break the internet in significant ways: ? The U.S. Government and private industry have identified Internet security and stability as a key part of a wider cyber security strategy, and if implemented, the DNS related provisions of PROTECT IP would weaken this important commitment. DNS filters would be evaded easily, and would likely prove ineffective at reducing online infringement. Further, widespread circumvention would threaten the security and stability of the global DNS. ? The DNS provisions would undermine the universality of domain names, which has been one of the key enablers of the innovation, economic growth, and improvements in communications and information access unleashed by the global Internet. ? Migration away from ISP-provided DNS servers would harm efforts that rely on DNS data to detect and mitigate security threats and improve network performance. ? Dependencies within the DNS would pose significant risk of collateral damage, with filtering of one domain potentially affecting users' ability to reach non-infringing Internet content. ? The site redirection envisioned in Section 3(d)(II)(A)(ii) is inconsistent with security extensions to the DNS that are known as DNSSEC. ? The U.S. Government and private industry have identified DNSSEC as a key part of a wider cyber security strategy, and many private, military, and governmental networks have invested in DNSSEC technologies. ? If implemented, this section of the PROTECT IP Act would weaken this important effort to improve Internet security. It would enshrine and institutionalize the very network manipulation that DNSSEC must fight in order to prevent cyberattacks and other malevolent behavior on the global Internet, thereby exposing networks and users to increased security and privacy risks. So, with the people who actually understand this stuff pointing out that PROTECT IP would break the internet and go against various stated important priorities for the internet, you would think that the Senate Judiciary Committee might hold off before moving forward with such a poorly thought out bill. But, you know, the Hollywood lobbyists want it. So, let's just ignore the people who actually understand this stuff and give Hollywood what they want. This morning the Senate Judiciary Committee unanimously voted to move forward with PROTECT IP as is. It seems only fair to once again name the Senators who just voted (with a voice vote) to break the internet. Here's your list of technologically ignorant lawmakers of the day: ? Patrick J. Leahy -- Vermont ? Herb Kohl -- Wisconsin ? Jeff Sessions -- Alabama ? Dianne Feinstein -- California ? Orrin G. Hatch -- Utah ? Richard Blumenthal -- Connecticut ? Chuck Grassley -- Iowa ? Michael Lee -- Utah ? Jon Kyl -- Arizona ? Chuck Schumer -- New York ? Lindsey Graham -- South Carolina ? Dick Durbin -- Illinois ? John Cornyn -- Texas ? Tom Coburn -- Oklahoma ? Sheldon Whitehouse -- Rhode Island ? Amy Klobuchar -- Minnesota ? Al Franken -- Minnesota ? Chris Coons -- Delaware From rforno at infowarrior.org Thu May 26 16:48:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 May 2011 17:48:48 -0400 Subject: [Infowarrior] - Disney Surrenders to Navy's SEAL Team 6 Message-ID: (c/o KR) "Walt Disney Surrenders to Navy's SEAL Team 6" Walt Disney Co. said Wednesday that it would pull an application with the U.S. Patent and Trademark Office in which the entertainment giant sought the exclusive right to use the term "SEAL Team 6" on items ranging from toys and games to snow globes and Christmas stockings. Disney withdrew the application "out of deference to the Navy," a spokesman said. http://online.wsj.com/article/SB10001424052702304066504576345752703592770.html From rforno at infowarrior.org Thu May 26 20:57:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 May 2011 21:57:17 -0400 Subject: [Infowarrior] - Obama Won't Personally Sign Patriot Act Extension Message-ID: <270E52AB-B846-43B3-BBA3-512DE3D0ECFC@infowarrior.org> (I see this as perfect irony for this particular piece of legislation. After all, nobody read the original legislation before voting on it. --- rick) Obama Won't Personally Sign Patriot Act Extension May 26, 2011 7:23 PM http://blogs.abcnews.com/thenote/2011/05/obama-wont-personally-sign-patriot-act-extension.html ABC News? Matthew Jaffe (@jaffematt) and Devin Dwyer (@devindwyer) report: Congress officially passed an extension of the Patriot Act tonight, just hours before key provisions of the national security law were due to lapse at midnight. President Obama, currently on an overseas trip, is not at the White House to sign the bill, a requirement for the measure to become law. So the White House will use an autopen ?- a machine that replicates Obama?s signature -? to sign the extension, according to White House spokesman Nick Shapiro. "Failure to sign this legislation poses a significant risk to U.S. national security. As long as Congress approves the extension, the President will direct the use of the autopen to sign it," Shapiro said in a statement. Jay Wexler, a Boston University law professor and author of ?The Odd Clauses: Understanding the Constitution Through Ten of Its Most Curious Provisions,? says the constitutionality of using an autopen was confirmed in a thorough 2005 Office of Legal Counsel opinion. Here's the relevant passage written by then-Deputy Attorney General Howard C. Nielson: ?We examine the legal understanding of the word 'sign' at the time the Constitution was drafted and ratified and during the early years of the Republic. We find that, pursuant to this understanding, a person may sign a document by directing that his signature be affixed to it by another. ? Reading the constitutional text in light of this established legal understanding, we conclude that the President need not personally perform the physical act of affixing his signature to a bill to sign it within the meaning of Article I, Section 7 [of the Constitution.]" This story was updated from a previous version to reflect passage of the extension by the House and Senate. From rforno at infowarrior.org Thu May 26 22:04:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 May 2011 23:04:14 -0400 Subject: [Infowarrior] - =?windows-1252?q?The_Pics_the_NYSE_Doesn=92t_Want?= =?windows-1252?q?_You_to_See?= Message-ID: The Pics the NYSE Doesn?t Want You to See ? By Ryan Singel ? May 26, 2011 | ? 5:28 pm | ? Categories: Commentary http://www.wired.com/epicenter/2011/05/nyse-trademark-silliness/?pid=369 The New York Stock Exchange wants its trading floor to be the place where slices of the nation?s biggest public companies are bought and sold, but the syndicate isn?t too keen on the idea of public. Commentary The NYSE sent a legal nastygram Thursday to the news site Talking Points Memo, demanding that it take down a picture of the trading floor the site used in a news article, claiming that the exchange has trademarked the floor. ?NYSE owns Federal Trademark rights in one depiction of the Trading Floor and common law rights in the Trading Floor viewed from virtually any angle,? the letter from the NYSE?s general counsel Kendra P. Goldenberg claims. ?Accordingly, NYSE has the right to prohibit unauthorized use of its Trademarks and reference to the NYSE by others?. Your unauthorized use of the images of the Trading Floor tarnishes NYSE?s Trademarks.? < - > And if the NYSE wants to do something to prevent ?tarnishing? of its image, it can start by explaining why there has been not a single prosecution of anyone involved in the machinations which brought on the Great Recession of 2008, or why after receiving bailouts and other government protections, bonuses are back at pre-meltdown levels, or why hedge fund managers are still taxed at a lower rate than the minimum-wage delivery people who bring them their croissants. Because you?re unlikely to see that, enjoy the gallery of pictures of the NYSE?s trading floor, which we bring to you here without any permission from the NYSE ? because neither Wired.com nor TPM (nor any other news site) needs it. From rforno at infowarrior.org Fri May 27 08:25:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 May 2011 09:25:59 -0400 Subject: [Infowarrior] - WH rejects terrorism-related cyberwar provisions in House bill Message-ID: White House rejects terrorism-related cyberwar provisions in House bill NextGov, 25 May 2011 Aliya Sternstein http://www.nextgov.com/nextgov/ng_20110525_6455.php?oref=topstory The Obama administration objects to a House proposal that specifies the term cyberwar includes clandestine actions against terrorists online. The language, which House members folded into the 2012 Defense Department authorization bill, asserts that the Pentagon has the power to conduct military activities in cyberspace, including covert operations to support conflicts covered by a post-Sept. 11 authorization to use "all necessary and appropriate force" against foreign-based terrorists. Defense also would be allowed to employ cyber tactics to deflect cyberattacks on its assets. White House officials agree that certain military operations in cyberspace are vital to national security, according to a position statement the Obama administration released Tuesday afternoon. But officials want to resolve certain concerns with Congress so that any law "adds clarity and value to our efforts in cyberspace." The full House began considering the bill, H.R. 1540, Tuesday night and is scheduled to continue debate on Wednesday. White House spokesman Nick Shapiro said the administration welcomes congressional ideas for strengthening cybersecurity but wants clarification from lawmakers on the intent of the wording. "We plan to review the language and further discuss it with Congress to ensure we have a thorough understanding of the legal and policy implications of the provision," he said on Wednesday. "We'll continue to take a careful and deliberate approach to ensure any legislative changes improve security." An accompanying report by the House Armed Services Committee noted that al Qaeda and the Taliban increasingly are relying on the Internet for command and control, as well as for disseminating technical information to aid attacks on U.S. and coalition forces. Terrorists use the Web, lawmakers stated, because their affiliates are scattered across the world. But U.S. troops have no legal guidance on how to deal with online threats. "The committee recognizes that because of the evolving nature of cyberwarfare, there is a lack of historical precedent for what constitutes traditional military activities in cyberspace," the report stated. Some House Democrats, including Rep. James R. Langevin, D-R.I., a committee member who chairs the Congressional Cybersecurity Caucus, support the measure. A Langevin staffer said the lawmaker hopes to work with the administration and come to an agreement on all cyber issues. The committee report added that the section is not meant to spell out all possible military activities in cyberspace or limit the definition of cyberwar. "Military activities may not be confined to a physical battlefield," the lawmakers wrote. "In certain instances, the most effective way to neutralize threats and protect U.S. and coalition forces is to undertake military cyber activities in a clandestine manner." The legislation is intended to clarify that the Defense secretary's authority includes conducting "clandestine military activities in cyberspace in support of military operations pursuant to an armed conflict for which Congress has authorized the use of all necessary and appropriate force," the report stated. The Pentagon would have to brief Congress quarterly on all cyber operations covered under the provision. From rforno at infowarrior.org Fri May 27 08:44:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 May 2011 09:44:14 -0400 Subject: [Infowarrior] - Senior Defense official hedges on US involvement in Stuxnet Message-ID: <0BDF508A-F438-432C-B19C-76DCCEC55172@infowarrior.org> (I must say for a MSM production on something cyber, it was not sensational or overly fear-mongery, or even quoted the usual suspects....I was really fearing the worst last night. But all in all, it was a fairly decent production IMHO ... though I agree with many of Zetter's comments below as well. --- rick) Senior Defense official hedges on US involvement in Stuxnet By Kim Zetter, wired.com | Published about 2 hours ago http://arstechnica.com/tech-policy/news/2011/05/senior-defense-official-hedges-on-us-involvement-in-stuxnet.ars If you want to see a top Pentagon official squirm, tune into CNBC?s cyberwar documentary Thursday night, and watch Deputy Defense Secretary William Lynn face an uncomfortably direct question about the Stuxnet worm. In CodeWars: America?s Cyber Threat, correspondent Melissa Lee asks Lynn outright: ?Was the US involved in any way in the development of Stuxnet?? Lynn?s response is long enough that an inattentive viewer might not notice that it doesn?t answer the question. ?The challenges of Stuxnet, as I said, what it shows you is the difficulty of any, any attribution and it?s something that we?re still looking at, it?s hard to get into any kind of comment on that until we?ve finished our examination,? Lynn replies. ?But sir, I?m not asking you if you think another country was involved,? Lee presses. ?I?m asking you if the US was involved. If the Department of Defense was involved.? ?And this is not something that we?re going to be able to answer at this point,? Lynn finally says. The sophisticated Stuxnet worm was released on systems in Iran in June 2009 and again in March and April 2010, and was designed to specifically target programmable logic controllers used in industrial control systems made by Siemens. The worm was programmed to launch its attack only on Siemens systems that had a specific configuration?a configuration believed to exist at Iran?s Natanz plant, where weapons-grade uranium is being enriched. The New York Times reported earlier this year that the United States and Israel had worked in conjunction to create Stuxnet. When Gary Samore, President Obama?s chief strategist for combating weapons of mass destruction was asked previously about Stuxnet at a conference, he avoided the question and remarked with a smile: ?I?m glad to hear they are having troubles with their centrifuge machines, and the US and its allies are doing everything we can to make it more complicated.? According to the Times, in January 2009, former President George Bush authorized a covert program to undermine the electrical and computer systems around Natanz. President Obama was then briefed on the program before he took office and wanted to speed up the plan. Stuxnet is believed to have been part of that plan. Unfortunately, CNBC doesn?t dig any further into questions about the United States? role in Stuxnet. Nor does it explore the implications of what it would mean if the United States was indeed involved in creating and unleashing a powerful piece of malware that could be tweaked and used to attack critical infrastructure systems in the United States and allied countries. The documentary, which Threat Level viewed prior to broadcast, also makes a number of unsubstantiated claims: that the configuration Stuxnet sought, for example, existed only at Natanz, and that Stuxnet succeeded in significantly sabotaging Natanz?s centrifuges. Though centrifuges at Natanz experienced problems, the circumstantial evidence pointing to Stuxnet as the cause is currently incomplete and contradictory. Nonetheless, the piece does a good job of pulling a lot of information together to give an overview of Stuxnet. The program is not just about Stuxnet, however. It also looks at cybercrime, vulnerabilities in critical infrastructure systems, the broader issue of cyberwarfare, and the wide use in the United States of computer parts made in China that may contain built-in spyware. The documentary covers all these issues well, but makes the oft-repeated mistake of focusing too much attention on the headline-making, low-tech denial-of-service attacks against Estonian websites in 2007, calling them an example of ?enemy fire.? Next to Stuxnet, and the United States? possible involvement in it, the Estonian attacks?part of a dispute over the placement of a statue?were child?s play. From rforno at infowarrior.org Fri May 27 09:42:07 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 May 2011 10:42:07 -0400 Subject: [Infowarrior] - U.S. Chamber Rejects White House Cyber Plan Message-ID: <1A531D0B-A2BB-4856-B6ED-029C94349B24@infowarrior.org> U.S. Chamber Rejects White House Cyber Plan 5/27/2011 10:09:07 AM The U.S. Chamber of Commerce calls the White House's plan to protect America's computer systems from cyberattacks "regulatory overreach." WSJ intelligence reporter Siobhan Gorman reports from Washington. http://online.wsj.com/video/us-chamber-rejects-white-house-cyber-plan/51563F86-169E-4E79-8C7F-600E00D60B98.html From rforno at infowarrior.org Fri May 27 13:00:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 May 2011 14:00:48 -0400 Subject: [Infowarrior] - Utah lawmaker revives TSA pat-down ban Message-ID: Utah lawmaker revives TSA pat-down ban By Keith Laing - 05/27/11 11:55 AM ET http://thehill.com/blogs/transportation-report/tsa/163693-utah-lawmaker-revives-tsa-pat-down-ban A Utah lawmaker has filed a bill to ban controversial airport pat-downs that had been considered by Texas before lawmakers there relented. The Texas House of Representatives had passed a bill that would have made it illegal for Transportation Security Administration agents to perform hand searches at airport security checkpoints unless there was probable cause. But Texas senators got cold feet after the U.S. Attorney General's office threatened to cancel flights to the state if the bill passed. Prior to that, Utah state Rep. Carl Wimmer (R) said he filed a similar measure for next year in his state. "Opened a bill file today which will prohibit TSA pat downs in Utah without reasonable suspicion," Wimmer wrote on his Facebook page this week. "Texas needs us to stand with them." Under the legislation Texas backed away from, TSA agents would have been charged with a misdemeanor crime for patting passengers down. The penalty would have been a $4,000 fine and one year in jail. TSA argued the proposed legislation was unconstitutional because it would violate the Supremacy Clause of the U.S. Constitution. In a letter to Texas senators, U.S. District Attorney for Western Texas John Murphy said "TSA would likely be required to cancel any flight or a series of flights for which it could not ensure the safety of the passengers and crew." Wimmer told a Utah newspaper that the threat constituted "absolute overbearing audacity" that "should really offend any red-blooded American." "It does not feel like America when you are going through a TSA checkpoint at the airport," Wimmer said in an interview with the Utah County Daily Herald. Wimmer's legislation cannot be approved until the next Utah legislative session begins in 2012, but if it passes, it would be the first state law restricting TSA's security techniques. From rforno at infowarrior.org Fri May 27 21:51:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 May 2011 22:51:32 -0400 Subject: [Infowarrior] - DoD Paper Proposes National Security Through a Culture of Restraint (and Stigma) Message-ID: <8EAB1993-91C0-45F1-9992-AB51D44811E5@infowarrior.org> If this summary is any indication of the content, the author of this paper likely has no idea about how information and knowledge is developed in modern society. Will read over the weekend. -- rick http://yro.slashdot.org/story/11/05/27/2324227/DoD-Paper-Proposes-National-Security-Through-a-Culture-of-Restraint-and-Stigma "An SAIC analyst has written a paper [PDF] calling for the 'stigmatization' of the 'unattractive' types who tend to discuss government secrets in public. The plan, described in the Naval Postgraduate School Homeland Security Affairs journal, is to promote self-censorship as a 'civic duty'. Who needs to censor themselves? Amateur enthusiasts who describe satellite orbits, scientists who describe threats to the food supply, graduate students mapping the internet, the Government Accountability Office, which publishes failure reports on the TSA, the US Geologic Survey, which publishes surface water information, newspapers (the New York Times), TV shows, journalism websites, anti-secrecy websites, and even security author Bruce Schneier, to name a few." From rforno at infowarrior.org Sat May 28 08:15:24 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 May 2011 09:15:24 -0400 Subject: [Infowarrior] - =?windows-1252?q?We=92ve_Gone_from_a_Nation_of_La?= =?windows-1252?q?ws_to_a_Nation_of_Powerful_Men_Making_Laws_in_Secret?= Message-ID: <6762CB1B-67F6-4672-A448-E73ECAEBEDA9@infowarrior.org> Same stuff, different administration. --- rick We?ve Gone from a Nation of Laws to a Nation of Powerful Men Making Laws in Secret http://www.ritholtz.com/blog/2011/05/weve-gone-from-a-nation-of-laws-to-a-nation-of-powerful-men-making-laws-in-secret/ From rforno at infowarrior.org Sat May 28 21:26:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 May 2011 22:26:48 -0400 Subject: [Infowarrior] - Hackers hit Lockheed Martin networks Message-ID: <89E7AF3E-65FB-451F-AF09-70E9C76A6052@infowarrior.org> Hackers hit Lockheed Martin networks Pentagon, Homeland Security offer aid to major weapons maker http://www.msnbc.msn.com/id/43199200/ns/technology_and_science-security/ BOSTON/WASHINGTON ? Lockheed Martin Corp, the world's biggest aerospace company and the Pentagon's No. 1 supplier by sales, has been hit by an unspecified cyber incident, the government said on Saturday. The Department of Homeland Security said it and the Defense Department had offered to help determine the scope of a "cyber incident impacting LMCO," as the maker of fighter jets, ships and other major weapons systems is known. The U.S. government also has offered to help analyze "available data in order to provide recommendations to mitigate further risk," Chris Ortman, a Homeland Security official, said in an e-mailed reply to a query from Reuters. The confirmation followed a Friday report by a source with direct knowledge of the attacks who told Reuters the unknown hackers broke into the security networks of Lockheed Martin and several other U.S. military contractors. They breached security systems designed to keep out intruders by creating duplicates to "SecurID" electronic keys from EMC Corp's RSA security division, said the person who was not authorized to publicly discuss the matter. It was not immediately clear what kind of data, if any, was stolen by the hackers. But the networks of Lockheed and other military contractors contain sensitive data on future weapons systems as well as military technology currently used in battles in Iraq and Afghanistan. Weapons makers are the latest companies to be breached through sophisticated attacks that have pierced the defenses of huge corporations including Sony, Google Inc and EMC Corp. Security experts say that it is virtually impossible for any company or government agency to build a security network that hackers will be unable to penetrate. The Pentagon, which has about 85,000 military personnel and civilians working on cybersecurity issues worldwide, said it also uses a limited number of the RSA electronic security keys, but declined to say how many for security reasons. The hackers learned how to copy the security keys with data stolen from RSA during a sophisticated attack that EMC disclosed in March, according to the source. EMC declined to comment on the matter, as did executives at major defense contractors. Rick Moy, president of NSS Labs, an information security company, said the original attack on RSA was likely targeted at its customers, including military, financial, governmental and other organizations with critical intellectual property. He said the initial RSA attack was followed by malware and phishing campaigns seeking specific data that would link tokens to end-users, which meant the current attacks may have been carried out by the same hackers. "Given the military targets, and that millions of compromised keys are in circulation, this is not over," he said. Lockheed, which employs 126,000 people worldwide and had $45.8 billion in revenue last year, said it does not discuss specific threats or responses as a matter of principle, but regularly took actions to counter threats and ensure security. "We have policies and procedures in place to mitigate the cyber threats to our business, and we remain confident in the integrity of our robust, multi-layered information systems security," said Lockheed spokesman Jeffery Adams. Executives at General Dynamics Corp ,, Boeing Co , Northrop Grumman Corp, Raytheon Co and other defense companies declined to comment on any security breaches linked to the RSA products. "We do not comment on whether or not Northrop Grumman is or has been a target for cyber intrusions," said Northrop spokesman Randy Belote. Actions prevented widespread disruption Raytheon spokesman Jonathan Kasle said his company took immediate companywide actions in March when incident information was initially provided to RSA customers. "As a result of these actions, we prevented a widespread disruption of our network," he said. Boeing spokesman Todd Kelley said his company had a "wide range" of systems in place to detect and prevent intrusions of its networks. "We have a robust computing security team that constantly monitors our network," he said. Defense contractors' networks contain sensitive data on sophisticated weapons systems, but all classified information is kept on separate, closed networks managed by the U.S. government, said a former senior defense official, who was not authorized to speak on the record. SecurIDs are widely used electronic keys to computer systems that work using a two-pronged approach to confirming the identity of the person trying to access a computer system. They are designed to thwart hackers who might use key-logging viruses to capture passwords by constantly generating new passwords to enter the system. The SecurID generates new strings of digits on a minute-by-minute basis that the user must enter along with a secret PIN (personal identification number) before they can access the network. If the user fails to enter the string before it expires, then access is denied. RSA and other companies have produced a total of about 250 million security tokens, although it is not clear how many are in use worldwide at present, said the former defense official. The devices provided additional security at a lower cost than biometrics such as fingerprint readers or iris scanning machines, said the official, noting that the RSA incident could increase demand for greater use of biometric devices. The RSA breach did raise concerns about any security tokens that had been compromised, and EMC now faced tough questions about whether "they can repair that product line or whether they need to ditch it and start over again," he said. EMC disclosed in March that hackers had broken into its network and stolen some information related to its SecurIDs. It said the information could potentially be used to reduce the effectiveness of those devices in securing customer networks. EMC said it worked with the Department of Homeland Security to publish a note on the March attack, providing Web addresses to help firms identify where the attack might have come from. It briefed individual customers on how to secure their systems. In a bid to ensure secrecy, the company required them to sign nondisclosure agreements promising not to discuss the advice that it provided in those sessions, according to two people familiar with the briefings. From rforno at infowarrior.org Sun May 29 22:13:31 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 May 2011 23:13:31 -0400 Subject: [Infowarrior] - China's Blue Army of 30 computer experts could deploy cyber warfare on foreign powe Message-ID: <50BEFAA6-9CA8-4132-B1F7-A997BF166D8B@infowarrior.org> (just 30???? --rick) China's Blue Army of 30 computer experts could deploy cyber warfare on foreign powers ? Leo Lewis ? From: The Times ? May 27, 2011 1:39PM http://www.theaustralian.com.au/australian-it/chinas-blue-army-could-conduct-cyber-warfare-on-foreign-powers/story-e6frgakx-1226064132826 China's People's Liberation Army honour guards physically defend the nation, while the Blue Army division is protecting the systems from cyberattack. Source: AFP CHINA has admitted for the first time that it had poured massive investment into the formation of a 30-strong commando unit of cyberwarriors - a team supposedly trained to protect the People's Liberation Army from outside assault on its networks. While the unit, known as the "Blue Army", is nominally defensive, the revelation is likely to confirm the worst fears of governments across the globe who already suspect that their systems and secrets may come under regular and co-ordinated Chinese cyberattack. In a chilling reminder of China's potential cyberwarfare capabilities, a former PLA general told The Times that the unit had been drawn from an exceptionally deep talent pool. "It is just like ping-pong. We have more people playing it, so we are very good at it," he said. The Blue Army, which comprises a few dozen of the best talents China has to offer, are understood to have been drawn from various channels, including existing PLA soldiers, officers, college students and assorted "members of society". Confirmation of the existence of the Blue Army came during a rare briefing by the Chinese Defence Ministry whose spokesman, Geng Yansheng, said that the unit's purpose was to improve the security of the country's military forces. Organised under the Guangdong Military Command, the Blue Army is understood to have existed formally for about two years, but had been discussed within the PLA for more than a decade. A report in the official PLA newspaper said that "tens of millions" had been spent on the country's first senior-level military training network. Xu Guangyu, a senior researcher of the government-backed China Arms Control and Disarmament Association, described the existence of the Blue Army as a great step forward for the PLA and said that China could not afford to allow "blank spaces" to open up in state and military security. "The internet has no boundaries, so we can't say which country or organisation will be our enemy and who will attack us. The Blue Army's main target is self-defence. We won't initiate an attack on anyone," he said. In a comment that many foreign governments will argue dramatically understates the true balance of cyberwar capabilities, Mr Xu added: "I don't think our Blue Army's skills are too backward compared to those of other countries." In a recent test of its powers, reported the PLA Daily, the Blue Army was thrust into a simulated cyberbattle against an attacking force four times its size and left to defend China's military networks against a bombardment of virus attacks, massive barrages of junk mail and stealth missions into the inner sanctums of military planning to steal secret information on troop deployment. The Blue Army, predictably, triumphed. Asked whether the unit had been set up specifically to mount cyberattacks on foreign countries, Mr Geng said that internet security had become an international issue with an impact on the military field of battle. China, he added, was also a victim and its abilities to protect itself from cyberattack were very weak. Even without the PLA's acknowledgement of the existence of the Blue Army, sources throughout the internet security industry have long believed that Chinese-based hackers are the single largest source of worldwide cyberattacks. A report on cyberespionage last year by the US anti-virus software maker Symantec found that more than a quarter of all attempts to steal sensitive corporate data originated in China and that the eastern city of Shaoxing was the single largest generator of attacks. Western intelligence sources believe that many Chinese-originated attacks are carried out by hackers with links to the PLA or the Chinese Government. From rforno at infowarrior.org Tue May 31 06:43:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 May 2011 07:43:56 -0400 Subject: [Infowarrior] - Interesting NSA PR video Message-ID: <6A64C26A-B766-4FF2-9418-CBD61F7849CF@infowarrior.org> Gen. Keith Alexander Commander USCYBERCOM Presents The NSA 2011 http://www.youtube.com/watch?v=pVm1BP--4ig From rforno at infowarrior.org Tue May 31 07:14:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 May 2011 08:14:17 -0400 Subject: [Infowarrior] - Cyber Combat: Act of War Message-ID: <2D845F40-6C9B-482E-84E6-66C60895BCD5@infowarrior.org> ? TECHNOLOGY ? MAY 31 2011http://online.wsj.com/article/SB10001424052702304563104576355623135782718.html#printMode Cyber Combat: Act of War Pentagon Sets Stage for U.S. to Respond to Computer Sabotage With Military Force By SIOBHAN GORMAN And JULIAN E. BARNES WASHINGTON?The Pentagon has concluded that computer sabotage coming from another country can constitute an act of war, a finding that for the first time opens the door for the U.S. to respond using traditional military force. The Pentagon's first formal cyber strategy, unclassified portions of which are expected to become public next month, represents an early attempt to grapple with a changing world in which a hacker could pose as significant a threat to U.S. nuclear reactors, subways or pipelines as a hostile country's military. In part, the Pentagon intends its plan as a warning to potential adversaries of the consequences of attacking the U.S. in this way. "If you shut down our power grid, maybe we will put a missile down one of your smokestacks," said a military official. Recent attacks on the Pentagon's own systems?as well as the sabotaging of Iran's nuclear program via the Stuxnet computer worm?have given new urgency to U.S. efforts to develop a more formalized approach to cyber attacks. A key moment occurred in 2008, when at least one U.S. military computer system was penetrated. This weekend Lockheed Martin, a major military contractor, acknowledged that it had been the victim of an infiltration, while playing down its impact. The report will also spark a debate over a range of sensitive issues the Pentagon left unaddressed, including whether the U.S. can ever be certain about an attack's origin, and how to define when computer sabotage is serious enough to constitute an act of war. These questions have already been a topic of dispute within the military. One idea gaining momentum at the Pentagon is the notion of "equivalence." If a cyber attack produces the death, damage, destruction or high-level disruption that a traditional military attack would cause, then it would be a candidate for a "use of force" consideration, which could merit retaliation. The War on Cyber Attacks Attacks of varying severity have rattled nations in recent years. June 2009: First version of Stuxnet virus starts spreading, eventually sabotaging Iran's nuclear program. Some experts suspect it was an Israeli attempt, possibly with American help. November 2008: A computer virus believed to have originated in Russia succeeds in penetrating at least one classified U.S. military computer network. August 2008: Online attack on websites of Georgian government agencies and financial institutions at start of brief war between Russia and Georgia. May 2007: Attack on Estonian banking and government websites occurs that is similar to the later one in Georgia but has greater impact because Estonia is more dependent on online banking. The Pentagon's document runs about 30 pages in its classified version and 12 pages in the unclassified one. It concludes that the Laws of Armed Conflict?derived from various treaties and customs that, over the years, have come to guide the conduct of war and proportionality of response?apply in cyberspace as in traditional warfare, according to three defense officials who have read the document. The document goes on to describe the Defense Department's dependence on information technology and why it must forge partnerships with other nations and private industry to protect infrastructure. The strategy will also state the importance of synchronizing U.S. cyber-war doctrine with that of its allies, and will set out principles for new security policies. The North Atlantic Treaty Organization took an initial step last year when it decided that, in the event of a cyber attack on an ally, it would convene a group to "consult together" on the attacks, but they wouldn't be required to help each other respond. The group hasn't yet met to confer on a cyber incident. Pentagon officials believe the most-sophisticated computer attacks require the resources of a government. For instance, the weapons used in a major technological assault, such as taking down a power grid, would likely have been developed with state support, Pentagon officials say. The move to formalize the Pentagon's thinking was borne of the military's realization the U.S. has been slow to build up defenses against these kinds of attacks, even as civilian and military infrastructure has grown more dependent on the Internet. The military established a new command last year, headed by the director of the National Security Agency, to consolidate military network security and attack efforts. The Pentagon itself was rattled by the 2008 attack, a breach significant enough that the Chairman of the Joint Chiefs briefed then-President George W. Bush. At the time, Pentagon officials said they believed the attack originated in Russia, although didn't say whether they believed the attacks were connected to the government. Russia has denied involvement. The Rules of Armed Conflict that guide traditional wars are derived from a series of international treaties, such as the Geneva Conventions, as well as practices that the U.S. and other nations consider customary international law. But cyber warfare isn't covered by existing treaties. So military officials say they want to seek a consensus among allies about how to proceed. "Act of war" is a political phrase, not a legal term, said Charles Dunlap, a retired Air Force Major General and professor at Duke University law school. Gen. Dunlap argues cyber attacks that have a violent effect are the legal equivalent of armed attacks, or what the military calls a "use of force." "A cyber attack is governed by basically the same rules as any other kind of attack if the effects of it are essentially the same," Gen. Dunlap said Monday. The U.S. would need to show that the cyber weapon used had an effect that was the equivalent of a conventional attack. James Lewis, a computer-security specialist at the Center for Strategic and International Studies who has advised the Obama administration, said Pentagon officials are currently figuring out what kind of cyber attack would constitute a use of force. Many military planners believe the trigger for retaliation should be the amount of damage?actual or attempted?caused by the attack. For instance, if computer sabotage shut down as much commerce as would a naval blockade, it could be considered an act of war that justifies retaliation, Mr. Lewis said. Gauges would include "death, damage, destruction or a high level of disruption" he said. Culpability, military planners argue in internal Pentagon debates, depends on the degree to which the attack, or the weapons themselves, can be linked to a foreign government. That's a tricky prospect at the best of times. The brief 2008 war between Russia and Georgia included a cyber attack that disrupted the websites of Georgian government agencies and financial institutions. The damage wasn't permanent but did disrupt communication early in the war. A subsequent NATO study said it was too hard to apply the laws of armed conflict to that cyber attack because both the perpetrator and impact were unclear. At the time, Georgia blamed its neighbor, Russia, which denied any involvement. Much also remains unknown about one of the best-known cyber weapons, the Stuxnet computer virus that sabotaged some of Iran's nuclear centrifuges. While some experts suspect it was an Israeli attack, because of coding characteristics, possibly with American assistance, that hasn't been proven. Iran was the location of only 60% of the infections, according to a study by the computer security firm Symantec. Other locations included Indonesia, India, Pakistan and the U.S. Officials from Israel and the U.S. have declined to comment on the allegations. Defense officials refuse to discuss potential cyber adversaries, although military and intelligence officials say they have identified previous attacks originating in Russia and China. A 2009 government-sponsored report from the U.S.-China Economic and Security Review Commission said that China's People's Liberation Army has its own computer warriors, the equivalent of the American National Security Agency. That's why military planners believe the best way to deter major attacks is to hold countries that build cyber weapons responsible for their use. A parallel, outside experts say, is the George W. Bush administration's policy of holding foreign governments accountable for harboring terrorist organizations, a policy that led to the U.S. military campaign to oust the Taliban from power in Afghanistan. Write to Siobhan Gorman at siobhan.gorman at wsj.com From rforno at infowarrior.org Tue May 31 14:26:53 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 May 2011 15:26:53 -0400 Subject: [Infowarrior] - CNAS Report on US Cybersecurity Strategy Message-ID: <6899D0E7-426F-405D-B88C-0365C9D623C5@infowarrior.org> http://www.cnas.org/node/6405 America?s Cyber Future: Security and Prosperity in the Information Age VOLUMES I and II Authors: Robert E. Kahn, Mike McConnell, Dr. Joseph S. Nye, Peter Schwartz , Nova J. Daly, Nathaniel C. Fick, Martha Finnemore, Richard Fontaine, Daniel E. Geer Jr., David A. Gross, Jason Healey, James A. Lewis, Kristin M. Lord, M. Ethan Lucarelli, Thomas G. Mahnken, Gary McGraw, Roger H. Miksad, Dr. Greg Rattray, Will Rogers, Christopher M. Schroeder, Travis Sharp Type of Publication: Report Date: 05/31/2011 Download Volume I (PDF) Download Volume II (PDF) This study was co-chaired by Robert E. Kahn, Mike McConnell, Joseph S. Nye, Jr. and Peter Schwartz, and edited by Kristin M. Lord and Travis Sharp. America?s growing dependence on cyberspace has created new vulnerabilities that are being exploited as fast as or faster than the nation can respond. Cyber attacks can cause economic damage, physical destruction, and even the loss of human life. They constitute a serious challenge to U.S. national security and demand greater attention from American leaders. Despite productive efforts by the U.S. government and the private sector to strengthen cyber security, the increasing sophistication of cyber threats continues to outpace progress. To help U.S. policymakers address the growing danger of cyber insecurity, this two-volume report features accessible and insightful chapters on cyber security strategy, policy, and technology by some of the world?s leading experts on international relations, national security, and information technology. Volume I America?s Cyber Future: Security and Prosperity in the Information Age By Kristin Lord and Travis Sharp Volume II Note: Chapters are bookmarked within the Table of Contents. ? Chapter I: Power and National Security in Cyberspace By Joseph S. Nye, Jr. ? Chapter II: Cyber Insecurities: The 21st Century Threatscape By Mike McConnell ? Chapter III: Separating Threat from the Hype: What Washington Needs to Know about Cyber Security By Gary McGraw and Nathaniel Fick ? Chapter IV: Cyberwar and Cyber Warfare By Thomas G. Mahnken ? Chapter V: Non-State Actors and Cyber Conflict By Gregory J. Rattray and Jason Healey ? Chapter VI: Cultivating International Cyber Norms By Martha Finnemore ? Chapter VII: Cyber Security Governance: Existing Structures, International Approaches and the Private Sector By David A. Gross, Nova J. Daly, M. Ethan Lucarelli and Roger H. Miksad ? Chapter VIII: Why Privacy and Cyber Security Clash By James A. Lewis ? Chapter IX: Internet Freedom and Its Discontents: Navigating the Tensions with Cyber Security By Richard Fontaine and Will Rogers ? Chapter X: The Unprecedented Economic Risks of Network Insecurity By Christopher M. Schroeder ? Chapter XI: How Government Can Access Innovative Technology By Daniel E. Geer, Jr. ? Chapter XII: The Role of Architecture in Internet Defense By Robert E. Kahn ? Chapter XIII: Scenarios for the Future of Cyber Security By Peter Schwartz From rforno at infowarrior.org Tue May 31 19:54:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 31 May 2011 20:54:44 -0400 Subject: [Infowarrior] - List of cyber-weapons developed by Pentagon to streamline computer warfare Message-ID: <7768C787-1D95-4534-A189-E47D5458DA59@infowarrior.org> (c/o jh) List of cyber-weapons developed by Pentagon to streamline computer warfare By Ellen Nakashima, Tuesday, May 31, 8:31 PM http://www.washingtonpost.com/national/list-of-cyber-weapons-developed-by-pentagon-to-streamline-computer-warfare/2011/05/31/AGSublFH_story.html The Pentagon has developed a list of cyber-weapons and -tools, including viruses that can sabotage an adversary?s critical networks, to streamline how the United States engages in computer warfare. The classified list of capabilities has been in use for several months and has been approved by other agencies, including the CIA, said military officials who spoke on the condition of anonymity to describe a sensitive program. The list forms part of the Pentagon?s set of approved weapons or ?fires? that can be employed against an enemy. ?So whether it?s a tank, an M-16 or a computer virus, it?s going to follow the same rules so that we can understand how to employ it, when you can use it, when you can?t, what you can and can?t use,? a senior military official said. The integration of cyber-technologies into a formal structure of approved capabilities is perhaps the most significant operational development in military cyber-doctrine in years, the senior military official said. The framework clarifies, for instance, that the military needs presidential authorization to penetrate a foreign computer network and leave a cyber-virus that can be activated later. The military does not need such approval, however, to penetrate foreign networks for a variety of other activities. These include studying the cyber-capabilities of adversaries or examining how power plants or other networks operate. Military cyber-warriors can also, without presidential authorization, leave beacons to mark spots for later targeting by viruses, the official said. One example of a cyber-weapon is the Stuxnet worm that disrupted operations at an Iranian nuclear facility last year. U.S. officials have not acknowledged creating the computer worm, but many experts say they believe they had a role. Under the new framework, the use of a weapon such as Stuxnet could occur only if the president granted approval, even if it were used during a state of hostilities, military officials said. The use of any cyber-weapon would have to be proportional to the threat, not inflict undue collateral damage and avoid civilian casualties. The new framework comes as the Pentagon prepares to release a cyber-strategy that focuses largely on defense, the official said. It does not make a declaratory statement about what constitutes an act of war or use of force in cyberspace. Instead, it seeks to clarify, among other things, that the United States need not respond to a cyber-attack in kind but may use traditional force instead as long as it is proportional. Nonetheless, another U.S. official acknowledged that ?the United States is actively developing and implementing? cyber-capabilities ?to deter or deny a potential adversary the ability to use its computer systems? to attack the United States. In general, under the framework, the use of any cyber-weapon outside an area of hostility or when the United States is not at war is called ?direct action? and requires presidential approval, the senior military official said. But in a war zone, where quick capabilities are needed, sometimes presidential approval can be granted in advance so that the commander has permission to select from a set of tools on demand, the officials said. The framework breaks use of weapons into three tiers: global, regional and area of hostility. The threshold for action is highest in the global arena, where the collateral effects are the least predictable. It was drafted in part out of concerns that deciding when to fire in cyberspace can be more complicated than it is on traditional battlefields. Conditions constantly shift in cyberspace, and the targets can include computer servers in different countries, including friendly ones. Last year, for instance, U.S. intelligence officials learned of plans by an al-Qaeda affiliate to publish an online jihadist magazine in English called Inspire, according to numerous current and senior U.S. officials. And to some of those skilled in the emerging new world of cyber-warfare, Inspire seemed a natural target. The head of the newly formed U.S. Cyber Command, Gen. Keith Alexander, argued that blocking the magazine was a legitimate counterterrorism target and would help protect U.S. troops overseas. But the CIA pushed back, arguing that it would expose sources and methods and disrupt an important source of intelligence. The proposal also rekindled a long-standing interagency struggle over whether disrupting a terrorist Web site overseas was a traditional military activity or a covert activity ? and hence the prerogative of the CIA. The CIA won out, and the proposal was rejected. But as the debate was underway within the U.S. government, British government cyber-warriors were moving forward with a plan. When Inspire launched on June 30, the magazine?s cover may have promised an ?exclusive interview? with Sheik Abu Basir al-Wahishi, a former aide to Osama bin Laden, and instructions on how to ?Make a Bomb in the Kitchen of Your Mom.? But pages 4 through 67 of the otherwise slick magazine, including the bomb-making instructions, were garbled as a result of the British cyber-attack. It took almost two weeks for al-Qaeda in the Arabian Peninsula to post a corrected version, said Evan Kohlmann, senior partner at Flashpoint Global Partners, which tracks jihadi Web sites. The episode reflected how offensive cyber-operations are marked by persistent disagreement over who should take action and under what conditions. The new list of approved cyber-weapons will not settle those disputes but should make the debate easier to conduct, the senior military official said. Some lawmakers also are proposing statutory language that would affirm that the defense secretary has the authority ?to carry out a clandestine operation in cyberspace? under certain conditions. The operation must be in support of a military operation pursuant to Congress?s 2001 authorization to the president to use all necessary and appropriate force against those who committed the Sept. 11, 2001, terrorist attacks. House Armed Services Committee Vice Chairman Mac Thornberry (R-Tex.), who drafted the language as part of the House-adopted 2012 defense authorization bill, said he was motivated by hearing from commanders in Iraq and Afghanistan frustrated by an inability to protect their forces against attacks they thought were enabled by adversaries spreading information online. ?I have had colonels come back to me and talk about how they thought they could do a better job of protecting their troops if they could deal with a particular Web site,? he said. ?Yet because it was cyber, it was all new unexplored territory that got into lots of lawyers from lots of agencies being involved.? Thornberry?s provision would establish that computer attacks to deny terrorists the use of the Internet to communicate and plan attacks from throughout the world are a ?clandestine? and ?traditional military? activity, according to text accompanying the proposed statute. But the White House issued a policy statement last week that it had concerns with the cyber-provision. It declined to elaborate. Thornberry said some Pentagon lawyers thought the proposed statutory language could go further. ?But my view on cyber is we need to take it a step at a time,? he said.