From rforno at infowarrior.org Tue Nov 1 08:06:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Nov 2011 09:06:58 -0400 Subject: [Infowarrior] - Big Sis To Monitor Twitter For Signs Of Social Unrest Message-ID: Big Sis To Monitor Twitter For Signs Of Social Unrest Federal agency concerned about riots breaking out in United States http://www.infowars.com/big-sis-to-monitor-twitter-for-signs-of-social-unrest/ Paul Joseph Watson Infowars.com Tuesday, November 1, 2011 The wave of civil unrest that has swept the globe over the past year has prompted the Department of Homeland Security to step up its monitoring of Twitter and other social networks in a bid to pre-empt any sign of social dislocation within the United States. ?Department of Homeland Security Undersecretary Caryn Wagner said the use of such technology in uprisings that started in December in Tunisia shocked some officials into attention and prompted questions of whether the U.S. needs to do a better job of monitoring domestic social networking activity,? reports the Associated Press. Wagner announced that the federal agency would implement new guidelines that would focus on ?gleaning information from sites such as Twitter and Facebook for law enforcement purposes.? Under the new framework, when the department receives information about a ?potential threat,? it will then ask its contractors to look for relevant search references using ?open source? information. Although it?s somewhat naive to think that Homeland Security wasn?t already scanning the likes of Facebook and Twitter for social trends and signs of civil unrest, the fact that its now being announced publicly illustrates the increasing concern that riots which have hit the Middle East and Europe over the last 18 months will soon manifest themselves inside the United States. Indeed, US law enforcement bodies are already scanning Twitter and Facebook for signs of unrest. Having launched a specialized unit to focus on gleaning clues from social media websites, the NYPD Disorder Control Unit recently brought together police from all five of the city?s boroughs to rehearse what the response would be ?should out-of-control riots break out here?. Social networking websites like Facebook and Twitter came in for harsh condemnation following the UK riots, with Prime Minister David Cameron advocating authorities have the power to shut down access during times of public disorder, mimicking the Communist Chinese system of Internet censorship, which is used to curtail political protests. Although the Occupy Wall Street movement has been the only real expression of civil unrest in the United States thus far, a worsening economic climate almost guarantees the prospect of an increase in social disorder across the globe. The International Labour Organisation (ILO), a prominent UN agency, warned yesterday that the world faces an imminent ?dramatic downturn? in employment, and a new recession which in turn would lead to greater social unrest, particularly in European countries. In preparation for potential riots inside the United States, the U.S. Army War College?s Strategic Institute issued a report in November 2008 entitled Known Unknowns: Unconventional Strategic Shocks in Defense Strategy Development. The report lays out the strategy for how authorities would respond to ?purposeful domestic resistance,? wherein U.S. troops would be deployed domestically to counter civil unrest. The report was issued weeks after the onset of the 2008 financial crisis, and included a potential ?economic collapse? as one of the scenarios under which troops would be used inside the U.S. to restore order. ********************* Paul Joseph Watson is the editor and writer for Prison Planet.com. He is the author of Order Out Of Chaos. Watson is also a regular fill-in host for The Alex Jones Show. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 1 12:46:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Nov 2011 13:46:20 -0400 Subject: [Infowarrior] - OT: Congressional priorities #fail Message-ID: <32286A44-A1B4-410A-92A3-0E5609B18581@infowarrior.org> We all know that Congress is never in-tune with reality or the real issues of the day. Then again, clearly divisive social 'wedge' issues are the go-to fallback measure when folks don't want to face the real problems facing the country and it's citzenry. Ask some of the "99%" during this time of economic and national crisis of uncertainty, if they're more concerned with Congressional action on employment and health care or ensuring that one religion's "god" is officially the national motto. As i said, #congressfail. Just another thing to distract the masses and pundits from reality, apparently. -- rick Congress voting to affirm ?In God We Trust? as national motto http://www.washingtonpost.com/blogs/2chambers/post/social-issues-return-to-fore-with-in-god-we-trust-resolution/2011/10/31/gIQAXQasZM_blog.html Jobs and the national debt have dominated the action on Capitol Hill for much of the 112th Congress, but the House on Tuesday will make a brief detour from that agenda when it considers a measure ?reaffirming ?In God We Trust? as the official motto of the United States.? The measure, H.Con.Res. 13, was sponsored by Rep. Randy Forbes (R-Va.) and is expected to be one of several bills coming up for a vote Tuesday evening under fast-track rules. < - > The ?In God We Trust? resolution marks the second time this month that the House will have voted on a measure related to social issues. Two weeks ago, the chamber approved the ?Protect Life Act,? a measure that would prohibit federal funds from going toward health care plans that cover abortion services. From rforno at infowarrior.org Tue Nov 1 13:45:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Nov 2011 14:45:32 -0400 Subject: [Infowarrior] - SOPA: Hollywood's latest effort to turn back time Message-ID: SOPA: Hollywood's latest effort to turn back time by Larry Downes November 1, 2011 10:02 AM PDT http://news.cnet.com/8301-13578_3-20128239-38/sopa-hollywoods-latest-effort-to-turn-back-time/ commentary The introduction late last week by members of the House Judiciary Committee of the "Stop Online Piracy Act," or SOPA, may test a long-standing reluctance by technology companies to take up arms in the legislative battleground. The bill, introduced as the House version of the Senate's Protect IP Act, solves few of the glaring problems of the Senate bill and introduces many all its own. While Rep. Zoe Lofgren (D-Calif.) may have given in to hyperbole in calling SOPA "the end of the Internet as we know it," there is certainly a great deal in the bill that should concern even law-abiding consumers and leaders in the tech community. Has Washington finally gone too far? House leaders assured Silicon Valley they would correct serious defects in the Senate bill. Unfortunately, SOPA does just the opposite. It creates vague, sweeping new standards for secondary liability, drafted to ensure maximum litigation. It treats all U.S. consumers as guilty until proven innocent. If passed, the bill would give media companies unprecedented new powers to shape the structure and content of the Internet. Critics of Protect IP pointed out that most of its provisions would only harm innocent foreign Web sites, since truly rogue Web sites could easily engineer around all of its provisions. Rather than give up on the idea of legislating a fast-changing Internet, the House authors have instead built in as many alternative definitions, open-ended requirements, and undefined terms as they could. The result is not a better piece of legislation. It is simply one with no real boundaries. The House version throws legal and technical spaghetti against the wall, hoping some of it will stick. The House bill, for example, dubbed the "E-PARASITE Act," proposes alternative versions of several provisions from Protect IP, including new authority for the attorney general to cut off access and funding for "parasite" foreign Web sites. (SOPA requires the U.S. copyright czar to determine the extent to which these foreign infringers are actually harming U.S. interests, data collection that logically should precede such sweeping new powers.) Once the Justice Department determines a site "or a portion thereof" is "committing or facilitating" certain copyright and trademark violations, it can apply for court orders that would force ISPs and others who maintain DNS lookup tables to block access to the site. Search engines (a term broadly defined that includes any website with a "search" field), along with payment processors and advertising networks, can also be forced to cut ties with the parasites. Operators of innocent sites have limited ability to challenge the Justice Department's decision before or after action is taken. SOPA also includes its own version of another Senate bill, which would make it a felony to stream copyrighted works. The House version allows prosecution of anyone who "willfully" includes protected content without permission, including, for example, YouTube videos where copyrighted music is covered or even played in the background. While supporters deny that such minimal infractions would meet the bill's definition of "willfully," the actual text suggests otherwise. Prosecutors need only demonstrate that the use had a total "retail value" of more than $1,000. To avoid a felony conviction, a defendant would have to prove they reasonably believed their conduct was lawful, as for example someone in a "bona fide commercial dispute" over the scope of a license to use the content. The House bill also makes significant changes to provisions in the Senate bill that afford new enforcement tools to private holders of copyrights and trademarks. This "market-based system," as SOPA calls it, greatly extends existing provisions of the 1998 Digital Millennium Copyright Act, under which copyright holders can easily issue takedown notices for unlicensed use of protected content. SOPA's "market based" provisions are not limited to foreign Web sites. Indeed, they apply to any site or "portion of" a site that is "dedicated to theft of U.S. property," a new category broadly defined by the bill. Under the new law, rightsholders could force payment and advertising networks to cut ties to such sites simply by sending a letter to their authorized agents (who must register with the U.S. copyright office). Site owners can object, in which case the private parties may sue to enforce their claims, similar to the new powers afforded the Department of Justice. Unlike the DMCA, SOPA provides little penalty for wrongly targeting websites turn out not to be "dedicated to theft of U.S. property." Ad networks and payment processors are immune from liability if they fail to respond to a site's counterclaim, and damages to the site operator are only available if a claim "knowingly materially misrepresents" that the site satisfies the new definition. These extensions are both extreme and unnecessary. For U.S.-based sites, the DMCA has proven highly effective, working in many cases automatically based on "reference files" provided by rightsholders. Though obviously not perfect, economists and legal scholars believe the DMCA has proven to be a cost-effective solution that protects content without squelching innovation. SOPA's supporters have apparently concluded otherwise. Speaking on Monday to The Hill, Rep. Bob Goodlatte (R-Va.), one of SOPA's sponsors, said that while Congress is willing to continue tinkering with specific language in the bill, it "is unrealistic to think we're going to continue to rely on the DMCA notice-and-takedown provision." Instead, under SOPA, "Anybody who is involved in providing services on the Internet would be expected to do some things." Technology advocates cry foul; Silicon Valley slumbers on Despite the assurances of its supporters, SOPA may represent the most intrusive and dangerous effort yet to micromanage Internet infrastructure and services. A wide range of technology-oriented advocacy groups were quick to cry foul. The Electronic Frontier Foundation, in its initial review of the bill, determined the legislation would cause irreparable harm. "This bill cannot be fixed," the organization wrote on its Web site; "it must be killed." The Center for Democracy and Technology's David Sohn, similarly, called out the bill's broad and vague new standards for "facilitating" copyright and trademark infringement. He argues that SOPA effectively introduces new monitoring requirements for all websites that allow user content, even comments posted to blogs. Rightsholders, Sohn wrote, need only "a good faith belief that a Web site is 'avoiding confirming' infringement, and they can demand that payment systems and advertising networks cease doing business with the Web site." And Gary Shapiro, president and CEO of the Consumer Electronics Association, pulled no punches in an article Monday calling for rejection of both the House and Senate bills. "The Protect IP Act and SOPA will do plenty of harm," he wrote, "without providing any real assurance that they will stem the flow of digital piracy." The response from leading technology companies and Internet Service Providers, on the other hand, has been muted. This is also not surprising. At best, Silicon Valley historically leaves advocacy groups and trade associations to work with Congress on technology-focused legislation, preferring to avoid direct contact with federal and state regulators. For decades, even the largest technology leaders have dealt with Washington like a baby playing peek-a-boo: by covering their eyes and imagining themselves invisible. If that was ever a sensible strategy, failure by innovators and entrepreneurs to engage the legislative process has become certifiable dangerous. As the information economy increasingly becomes the only economy, regulators around the world are looking for ways to assert their authority. The result, over the last few years, has been a flurry of legislative initiatives both in the U.S. and abroad. Legislation has been introduced that would apply or adapt a vast corpus of industrial-age laws to online behavior, including not only copyright and trademark abuse but also privacy, crime, antitrust, net neutrality, spam, spyware, data retention and data disclosure, geolocation services, pornography, gambling, electronic surveillance, taxation, and patents. Much of it fails to become law, which as a general rule is a good thing. While digital life is hardly without its problems, the likelihood that solutions will come from disconnected legislators is low. Most of the hearings I've attended over the last few years begin with members of Congress confessing their ignorance of the particular technologies under investigation. All they know is that their kids are using them, which seems to suffice for expertise. But the last decade has provided ample evidence to the contrary. Washington is far more likely to produce unintended consequences than effective responses, especially when it focuses on flavor-of-the-month technology crises that change quickly. Hollywood vs. Silicon Valley: Round Infinity Whatever the ultimate fate of SOPA, the bill's introduction may at last awaken Silicon Valley from its regulatory slumbers. That change could not come too soon. The bill's 79 pages of legalese do little to disguise its real agenda--to give Hollywood the kind of control over the Internet it has tried and failed to assert over every new media technology since the invention of the player piano. Let's be clear: SOPA is not the first and will certainly not be the last effort by Hollywood to stage a regulatory coup. At its core, the bill demonstrates once again that content providers have still not come to terms with the reality of the Internet--the latest innovation to upset traditional business models. While Hollywood has taken baby steps to embrace the potential of the digital revolution, very little has changed since 1982, when MPAA President Jack Valenti famously testified that the invention of the VCR was "to the American film producer and the American public as the Boston strangler is to the woman home alone." After all, the studios tried and failed to have VCRs banned. In the end, video became one of many disruptive technologies that ultimately saved the industry. The Internet is likely to do the same. But after failing to stuff the genie back in the bottle early on, content providers still struggle a decade later to find new ways of doing business that take advantage of the technologies and devices consumers are clearly eager to embrace. Washington is far more likely to produce unintended consequences than effective responses, especially when it focuses on flavor-of-the-month technology crises that change quickly. In the absence of legitimate, appropriately-priced alternatives, consumers always create their own channels and invent their own services. Often, it must be said, those alternatives violate copyright and trademark. Along the way, consumers and others who dare to test new services and new devices are punished harshly, only to be replaced by more resilient successors. Napster is gone, but iTunes thrives. But the solution isn't to strengthen the law, choking off innovation. The solution is to give consumers what they want, which Hollywood always, if begrudgingly, figures out how to do. If parasitic foreign Web sites are truly costing the U.S. economy significant losses (a claim made regularly by content industries but without credible data to back it up), then the best use of government resources is not to surgically remove hyperlinks and DNS table entries. Rather, we should step up the pressure on foreign governments to enforce their own laws and international treaties extending U.S. protections abroad. And indeed, one positive development in SOPA is a provision that does just that. It requires both the State and Commerce Departments to make protection of U.S. copyright and trademark a priority in both diplomatic and trade negotiations. To fulfill SOPA's stated goal of reducing foreign infringement of U.S. interests, that section should have been the beginning and the end of the bill. The proposed legislation, unfortunately, goes much farther, losing sight of any actual harms in need of legislative correction, and invoking repeatedly the likely application of the law of unintended consequences. Stripped of their obfuscations, SOPA and Protect IP suggest increasing desperation by media companies. A bill that was to target only the "worst of the worst" foreign Web sites committing blatant and systemic copyright and trademark infringement has morphed inexplicably into an unrestricted hunting license for media companies to harass anyone--foreign or domestic--who questions their timetable for digital transformation. Nothing can change the fact that Hollywood's way of life is transforming once again. The only unknown is time--will a profitable future for digital content arrive in a few years or will it take another decade? SOPA only seeks to delay the inevitable, at the cost of wasteful litigation and overzealous law enforcement. As anyone knows who's ever watched a Hollywood move about time travel, trying to change history always turns out badly, usually with an ironic twist. Technology companies, that's your cue. Whether you like it or not, you've been cast in the role of villain. You can still be the hero. Larry Downes Larry Downes is a consultant and author. His books include "Unleashing the Killer App" and, most recently, "The Laws of Disruption: Harnessing the New Forces that Govern Life and Business in the Digital Age." Larry is a member of the CNET Blog Network and is not an employee of CBS Interactive. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 1 13:48:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Nov 2011 14:48:30 -0400 Subject: [Infowarrior] - US net hypocracy Message-ID: <6981441D-B4AD-4E8C-9CA5-1177EFB5D8F0@infowarrior.org> So on one hand the VP says don't break the Internet, and then in the other hand he's part of an Administration and Congress that wants to to just that in the name of anti-piracy via SOPA and EPARASITE. Guess it's only ok to break the net if you can profit from it. --- rick Biden: The internet ain't broke, let's not fix it US rejects calls for 'national barriers on information' By Brid-Aine Parnell ? Get more from this author Posted in Cloud Business, 1st November 2011 18:29 GMT http://www.theregister.co.uk/2011/11/01/us_reject_china_russia_internet_rules/ LCC US Vice President Joe Biden has made it clear that America is not interested in the sort of global internet rules that China and Russia have been calling for. China, Russia, Uzbekistan and Tajikistan proposed a voluntary "code of conduct" for information security to the UN in September. Countries following the code would ?respect for human rights and fundamental freedoms and respect for the diversity of history, culture and social systems of all countries?, and promise ?not to use information and communications technologies, including networks, to carry out hostile activities or acts of aggression, pose threats to international peace and security or proliferate information weapons or related technologies?. But they would also curb ?the dissemination of information that incites terrorism, secessionism or extremism or that undermines other countries? political, economic and social stability, as well as their spiritual and cultural environment?. The US has shown before that it?s reluctant to sign any sort of restrictive internet treaty and Biden, speaking at the London Conference on Cyberspace (LCC), agreed with remarks by UK Foreign Secretary William Hague and Prime Minister David Cameron that the internet needed to stay free and open and out from under heavy government control. ?There are some who have a different view, as you know. They seek an international legal instrument that would lead to exclusive government control over Internet resources, institutions, and content, and national barriers on the free flow of information online,? Biden said. ?But this, in our view, would lead to a fragmented internet, one that does not connect people but divides them, a stagnant cyberspace, not an innovative one, and ultimately a less secure cyberspace with less trust among nations.? He added that existing international law principles existed in cyberspace as well as the real world, so there was no need for additional regulation, a view he summarized in one of his favourite adages ? if it ain?t broke, don?t fix it. The vice president addressed the conference over a video link from Washington, after a planned visit from US Secretary of State Hillary Clinton was cancelled when her mother fell ill. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 1 13:49:21 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Nov 2011 14:49:21 -0400 Subject: [Infowarrior] - Thousands Petition Obama to Block E-Parasites Act Message-ID: <1C9CE48C-98C5-429C-B072-A16697A04E41@infowarrior.org> Thousands Petition Obama to Block E-Parasites Act ? By David Kravets ? November 1, 2011 | ? 2:21 pm | ? Categories: politics http://www.wired.com/threatlevel/2011/11/petition-obama-e-parasites/ Net users angry at the introduction of the Stop Online Piracy Act, also known as the ?E-Parasites Act,? are attempting to force the White House to oppose the bill, which would boost the government?s authority to disrupt and shutter alleged trademark- and copyright-infringing websites. And by the early results, it looks like they might at least force the administration to respond. The petitioners are taking advantage of the newly created White House petition site, which promises Americans it will respond to grievances if the government gets 25,000 signatures in a month?s time. Though it was created only Monday, the petition has been signed by more than 4,400 citizens as of Tuesday morning Pacific Standard Time. The ?Stop the E-Parasites Act? petition has until Nov. 30. to get the necessary support. The petition says, ?This Bill would allow essentially allow (sic) A great Firewall of America and would be a shameful desecration of free speech and any sort of reasonable copyright law.? The legislation at issue was introduced last week by Rep. Lamar Smith (R-Texas). The measure grants private parties the right to cut off ad dollars to sites they say host pirated or trademarked content. Among other things, it also empowers the government to order search engines and ISPs to make it impossible for users to reach blacklisted sites. But it?s unclear how honestly the administration would respond if the necessary signatures are gathered. The White House has come under attack for issuing bland and canned responses to petitions. There?s even a different petition that expires Nov. 27 asking the administration to ?Actually take these petitions seriously instead of just using them as an excuse to pretend you are listening.? Smith?s bill is slated to be heard in the House Judiciary Committee on Nov. 16. David Kravets is a senior staff writer for Wired.com and founder of the fake news site TheYellowDailyNews.com. He's a dad of two boys and has been a reporter since the manual typewriter days. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 1 16:21:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Nov 2011 17:21:20 -0400 Subject: [Infowarrior] - more on: OT: Congressional priorities #fail Message-ID: <67F26AF7-D01A-40A3-AA60-A8076E850CCA@infowarrior.org> In the interest of being fair and balanced, it was brought to my attention that Patrick Leahy is opening hearings the day after tomorrow on repealing the Defense of Marriage Act in a likely similar election year stunt using a social 'wedge' issue. More @ http://www.mainjustice.com/2011/10/31/leahy-sets-doma-debate/ Bottom line, such idiocy is never limited to just one party.....there's more than enough to go around! Meanwhile, 'Rome continues to burn', and its citizens get more upset with each passing day....... --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 1 17:36:31 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Nov 2011 18:36:31 -0400 Subject: [Infowarrior] - USG Glossed Over Cancer Concerns As It Rolled Out Airport X-Ray Scanners Message-ID: U.S. Government Glossed Over Cancer Concerns As It Rolled Out Airport X-Ray Scanners by Michael Grabell ProPublica, Nov. 1, 2011, 1:06 p.m. http://www.propublica.org/article/u.s.-government-glossed-over-cancer-concerns-as-it-rolled-out-airport-x-ray Update (11/01): This story has been updated with a comment from The Chertoff Group, from which ProPublica had sought comment before publication. Look for a PBS NewsHour story on X-ray body scanners, reported in conjunction with ProPublica, to air later this month. On Sept. 23, 1998, a panel of radiation safety experts gathered at a Hilton hotel in Maryland to evaluate a new device that could detect hidden weapons and contraband. The machine, known as the Secure 1000, beamed X-rays at people to see underneath their clothing. One after another, the experts convened by the Food and Drug Administration raised questions about the machine because it violated a longstanding principle in radiation safety ? that humans shouldn?t be X-rayed unless there is a medical benefit. ?I think this is really a slippery slope,? said Jill Lipoti, who was the director of New Jersey?s radiation protection program. The device was already deployed in prisons; what was next, she and others asked ? courthouses, schools, airports? ?I am concerned ? with expanding this type of product for the traveling public,? said another panelist, Stanley Savic, the vice president for safety at a large electronics company. ?I think that would take this thing to an entirely different level of public health risk.? The machine?s inventor, Steven W. Smith, assured the panelists that it was highly unlikely that the device would see widespread use in the near future. At the time, only 20 machines were in operation in the entire country. ?The places I think you are not going to see these in the next five years is lower-security facilities, particularly power plants, embassies, courthouses, airports and governments,? Smith said. ?I would be extremely surprised in the next five to 10 years if the Secure 1000 is sold to any of these.? Today, the United States has begun marching millions of airline passengers through the X-ray body scanners, parting ways with countries in Europe and elsewhere that have concluded that such widespread use of even low-level radiation poses an unacceptable health risk. The government is rolling out the X-ray scanners despite having a safer alternative that the Transportation Security Administration says is also highly effective. A ProPublica/PBS NewsHour investigation of how this decision was made shows that in post-9/11 America, security issues can trump even long-established medical conventions. The final call to deploy the X-ray machines was made not by the FDA, which regulates drugs and medical devices, but by the TSA, an agency whose primary mission is to prevent terrorist attacks. Research suggests that anywhere from six to 100 U.S. airline passengers each year could get cancer from the machines. Still, the TSA has repeatedly defined the scanners as ?safe,? glossing over the accepted scientific view that even low doses of ionizing radiation ? the kind beamed directly at the body by the X-ray scanners ? increase the risk of cancer. ?Even though it?s a very small risk, when you expose that number of people, there?s a potential for some of them to get cancer,? said Kathleen Kaufman, the former radiation management director in Los Angeles County, who brought the prison X-rays to the FDA panel?s attention. About 250 X-ray scanners are currently in U.S. airports, along with 264 body scanners that use a different technology, a form of low-energy radio waves known as millimeter waves. Robin Kane, the TSA?s assistant administrator for security technology, said that no one would get cancer because the amount of radiation the X-ray scanners emit is minute. Having both technologies is important to create competition, he added. ?It?s a really, really small amount relative to the security benefit you?re going to get,? Kane said. ?Keeping multiple technologies in play is very worthwhile for the U.S. in getting that cost-effective solution ? and being able to increase the capabilities of technology because you keep everyone trying to get the better mousetrap.? Determined to fill a critical hole in its ability to detect explosives, the TSA plans to have one or the other operating at nearly every security lane in America by 2014. The TSA has designated the scanners for ?primary? screening: Officers will direct every passenger, including children, to go through either a metal detector or a body scanner, and the passenger?s only alternative will be to request a physical pat-down. How did the United States swing from considering such X-rays taboo to deeming them safe enough to scan millions of people a year? A new wave of terrorist attacks using explosives concealed on the body, coupled with the scanners? low dose of radiation, certainly convinced many radiation experts that the risk was justified. But other factors helped the machines gain acceptance. Because of a regulatory Catch-22, the airport X-ray scanners have escaped the oversight required for X-ray machines used in doctors? offices and hospitals. The reason is that the scanners do not have a medical purpose, so the FDA cannot subject them to the rigorous evaluation it applies to medical devices. Still, the FDA has limited authority to oversee some non-medical products and can set mandatory safety regulations. But the agency let the scanners fall under voluntary standards set by a nonprofit group heavily influenced by industry. As for the TSA, it skipped a public comment period required before deploying the scanners. Then, in defending them, it relied on a small body of unpublished research to insist the machines were safe, and ignored contrary opinions from U.S. and European authorities that recommended precautions, especially for pregnant women. Finally, the manufacturer, Rapiscan Systems, unleashed an intense and sophisticated lobbying campaign, ultimately winning large contracts. Both the FDA and TSA say due diligence has been done to assure the scanners? safety. Rapiscan says it won the contract because its technology is superior at detecting threats. While the TSA says X-ray and millimeter-wave scanners are both effective, Germany decided earlier this year not to roll out millimeter-wave machines after finding they produced too many false positives. Most of the news coverage on body scanners has focused on privacy, because the machines can produce images showing breasts and buttocks. But the TSA has since installed software to make the images less graphic. While some accounts have raised the specter of radiation, this is the first report to trace the history of the scanners and document the gaps in regulation that allowed them to avoid rigorous safety evaluation. Little research on cancer risk of body scanners Humans are constantly exposed to ionizing radiation, a form of energy that has been shown to strip electrons from atoms, damage DNA and mutate genes, potentially leading to cancer. Most radiation comes from radon, a gas produced from naturally decaying elements in the ground. Another major source is cosmic radiation from outer space. Many common items, such as smoke detectors, contain tiny amounts of radioactive material, as do exit signs in schools and office buildings. As a result, the cancer risk from any one source of radiation is often small. Outside of nuclear accidents, such as that at Japan's Fukushima plant, and medical errors, the health risk comes from cumulative exposure. In Rapiscan?s Secure 1000 scanner, which uses ionizing radiation, a passenger stands between two large blue boxes and is scanned with a pencil X-ray beam that rapidly moves left to right and up and down the body. In the other machine, ProVision, made by defense contractor L-3 Communications, a passenger enters a chamber that looks like a round phone booth and is scanned with millimeter waves, a form of low-energy radio waves, which have not been shown to strip electrons from atoms or cause cancer. Only a decade ago, many states prohibited X-raying a person for anything other than a medical exam. Even after 9/11, such non-medical X-raying remains taboo in most of the industrialized world. In July, the European Parliament passed a resolution that security ?scanners using ionizing radiation should be prohibited? because of health risks. Although the United Kingdom uses the X-ray machine for limited purposes, such as when passengers trigger the metal detector, most developed countries have decided to forgo body scanners altogether or use only the millimeter-wave machines. While the research on medical X-rays could fill many bookcases, the studies that have been done on the airport X-ray scanners, known as backscatters, fill a file no more than a few inches thick. None of the main studies cited by the TSA has been published in a peer-reviewed journal, the gold standard for scientific research. Those tests show that the Secure 1000 delivers an extremely low dose of radiation, less than 10 microrems. The dose is roughly one-thousandth of a chest X-ray and equivalent to the cosmic radiation received in a few minutes of flying at typical cruising altitude. The TSA has used those measurements to say the machines are ?safe.? Most of what researchers know about the long-term health effects of low levels of radiation comes from studies of atomic bomb survivors in Hiroshima and Nagasaki. By charting exposure levels and cancer cases, researchers established a linear link that shows the higher the exposure, the greater risk of cancer. Some scientists argue the danger is exaggerated. They claim low levels stimulate the repair mechanism in cells, meaning that a little radiation might actually be good for the body. But in the authoritative report on low doses of ionizing radiation, published in 2006, the National Academy of Sciences reviewed the research and concluded that the preponderance of research supported the linear link. It found ?no compelling evidence? that there is any level of radiation at which the risk of cancer is zero. Radiation experts say the dose from the backscatter is negligible when compared to naturally occurring background radiation. Speaking to the 1998 FDA panel, Smith, the inventor, compared the increased risk to choosing to visit Denver instead of San Diego or the decision to wear a sweater versus a sport coat. Using the linear model, even such trivial amounts increase the number of cancer cases. Rebecca Smith-Bindman, a radiologist at the University of California, San Francisco, estimated that the backscatters would lead to only six cancers over the course of a lifetime among the approximately 100 million people who fly every year. David Brenner, director of Columbia University?s Center for Radiological Research, reached a higher number ? potentially 100 additional cancers every year. ?Why would we want to put ourselves in this uncertain situation where potentially we?re going to have some cancer cases?? Brenner asked. ?It makes me think, really, why don?t we use millimeter waves when we don?t have so much uncertainty?? But even without the machines, Smith-Bindman said, the same 100 million people would develop 40 million cancers over the course of their lifetimes. In this sea of cancer cases, it would be impossible to identify the patients whose cancer is linked to the backscatter machines. How the scanners avoided strict oversight Although they deliberately expose humans to radiation, the airport X-ray scanners are not medical devices, so they are not subject to the stringent regulations required for diagnostic X-ray machines. If they were, the manufacturer would have to submit clinical data showing safety and effectiveness and be approved through a rigorous process by the FDA. If the machines contained radioactive material, they would have to report to the Nuclear Regulatory Commission. But because it didn?t fit into either category, the Secure 1000 was classified as an electronic product. The FDA does not review or approve the safety of such products. However, manufacturers must provide a brief radiation safety report explaining the dose and notify the agency if any overexposure is discovered. According to the FDA, no such incidents have been reported. Under its limited oversight of electronic products, the FDA could issue mandatory safety regulations. But it didn?t do so, a decision that flows from its history of supervising electronics. Regulation of electronic products in the United States began after a series of scandals. From the 1930s to the 1950s, it was common for a child to go to a shoe store and stand underneath an X-ray machine known as a fluoroscope to check whether a shoe was the right fit. But after cases arose of a shoe model?s leg being amputated and store clerks developing dermatitis from putting their hands in the beam to adjust the shoe, the practice ended. In 1967, General Electric recalled 90,000 color televisions that had been sold without the proper shielding, potentially exposing viewers to dangerous levels of radiation. The scandal prompted the creation of the federal Bureau of Radiological Health. ?That ultimately led to a lot more aggressive program,? said John Villforth, who was the director of the bureau. Over the next decade, the bureau created federal safety standards for televisions, medical X-rays, microwaves, tanning beds, even laser light shows. But in 1982, the FDA merged the radiological health bureau into its medical-device unit. ?I was concerned that if they were to combine the two centers into one, it would probably mean the ending of the radiation program because the demands for medical-device regulation were becoming increasingly great,? said Villforth, who was put in charge of the new Center for Devices and Radiological Health. ?As I sort of guessed, the radiation program took a big hit.? The new unit became stretched for scarce resources as it tried to deal with everything from tongue depressors to industrial lasers. The government used to have 500 people examining the safety of electronic products emitting radiation. It now has about 20 people. In fact, the FDA has not set a mandatory safety standard for an electronic product since 1985. As a result, there is an FDA safety regulation for X-rays scanning baggage ? but none for X-rays scanning people at airports. Meanwhile, scientists began developing backscatter X-rays, in which the waves are reflected off an object to a detector, for the security industry. The Secure 1000 people scanner was invented by Smith in 1991 and later sold to Rapiscan, then a small security firm based in southern California. The first major customer was the California prison system, which began scanning visitors to prevent drugs and weapons from getting in. But the state pulled the devices in 2001 after a group of inmates' wives filed a class-action lawsuit accusing the prisons of violating their civil liberties. The U.S. Customs Service deployed backscatter machines for several years but in limited fashion and with strict supervision. Travelers suspected of carrying contraband had to sign a consent form, and Customs policy prohibited the scanning of pregnant women. The agency abandoned them in 2006, not for safety reasons but because smugglers had learned where the machines were installed and adapted their methods to avoid them, said Rick Whitman, the radiation safety officer for Customs until 2008. Yet, even this limited application of X-ray scanning for security dismayed radiation safety experts. In 1999, the Conference of Radiation Control Program Directors, a nongovernmental organization, passed a resolution recommending that such screening be stopped immediately. The backscatter machines had also caught the attention of the 1998 FDA advisory panel, which recommended that the FDA establish government safety regulations for people scanners. Instead, the FDA decided to go with a voluntary standard set by a trade group largely comprising manufacturers and government agencies that wanted to use the machines. ?Establishing a mandatory standard takes an enormous amount of resources and could take a decade to publish,? said Dan Kassiday, a longtime radiation safety engineer at the FDA. In addition, since the mid-1990s, Congress has directed federal safety agencies to use industry standards wherever possible instead of creating their own. The FDA delegated the task of establishing the voluntary standards to the American National Standards Institute. A private nonprofit that sets standards for many industries, ANSI convened a committee of the Health Physics Society, a trade group of radiation safety specialists. It was made up of 15 people, including six representatives of manufacturers of X-ray body scanners and five from U.S. Customs and the California prison system. There were few government regulators and no independent scientists. In contrast, the FDA advisory panel was also made up of 15 people ? five representatives from government regulatory agencies, four outside medical experts, one labor representative and five experts from the electronic products industry, but none from the scanner manufacturers themselves. ?I am more comfortable with having a regulatory agency ? either federal or the states ? develop the standards and enforce them,? Kaufman said. Such regulators, she added, ?have only one priority, and that?s public health.? A representative of the Health Physics Society committee said that was its main priority as well. Most of the committee?s evaluation was completed before 9/11. The standard was published in 2002 and updated with minor changes in 2009. Ed Bailey, chief of California?s radiological health branch at the time, said he was the lone voice opposing the use of the machines. But after 9/11, his views changed about what was acceptable in pursuit of security. ?The whole climate of their use has changed,? Bailey said. ?The consequence of something being smuggled on an airplane is far more serious than somebody getting drugs into a prison.? Are Inspections Independent? While the TSA doesn?t regulate the machines, it must seek public input before making major changes to security procedures. In July, a federal appeals court ruled that the agency failed to follow rule-making procedures and solicit public comment before installing body scanners at airports across the country. TSA spokesman Michael McCarthy said the agency couldn?t comment on ongoing litigation. The TSA asserts there is no need to take additional precautions for sensitive populations, even pregnant women, following the guidance of the congressionally chartered National Council on Radiation Protection & Measurements. But other authorities have come to the opposite conclusion. A report by France?s radiation safety agency specifically warned against screening pregnant women with the X-ray devices. In addition, the Federal Aviation Administration?s medical institute has advised pregnant pilots and flight attendants that the machine, coupled with their time in the air, could put them over their occupational limit for radiation exposure and that they might want to adjust their work schedules accordingly. No similar warning has been issued for pregnant frequent fliers. Even as people scanners became more widespread, government oversight actually weakened in some cases. Inspections of X-ray equipment in hospitals and industry are the responsibility of state regulators ? and before 9/11, many states also had the authority to randomly inspect machines in airports. But that ended when the TSA took over security checkpoints from the airlines. Instead, annual inspections are done by Rapiscan, the scanners? manufacturer. ?As a regulator, I think there?s a conflict of interest in having the manufacturer and the facility inspect themselves,? Kaufman said. Last year, in reaction to public anger from members of Congress, passengers and advocates, the TSA contracted with the Army Public Health Command to do independent radiation surveys. But email messages obtained in a lawsuit brought by the Electronic Privacy Information Center, a civil liberties group, raise questions about the independence of the Army surveys. One email sent by TSA health and safety director Jill Segraves shows that local TSA officials were given advance notice and allowed to ?pick and choose? which systems the Army could check. That email also suggests that Segraves considered the Army inspectors a valuable public-relations asset: ?They are our radiation myth busters,? she wrote to a local security director. Some TSA screeners are concerned about their own radiation exposure from the backscatters, but the TSA has not allowed them to wear badges that could measure it, said Milly Rodriguez, health and safety specialist for the American Federation of Government Employees, which represents TSA officers. ?We have heard from members that sometimes the technicians tell them that the machines are emitting more radiation than is allowed,? she said. McCarthy, the TSA spokesman, said the machines are physically incapable of producing radiation above the industry standard. In the email, he said, the inspections allow screeners to ask questions about radiation and address concerns about specific machines. The company?s lobbying campaign While the TSA maintains that the body scanners are essential to preventing attacks on airplanes, it only began rolling them out nine years after 9/11. After the attempted shoe-bombing in December 2001, the federal government conducted a trial of a Rapiscan backscatter at the Orlando International Airport. But the revealing images drew protests that the machines amounted to a virtual strip search. The TSA considered the scanners again after two Chechen women blew up Russian airliners in 2004. Facing a continued outcry over privacy, the TSA instead moved forward with a machine known as a ?puffer? because it released several bursts of air on the passengers? clothes and analyzed the dislodged particles for explosives. But after discovering the machines were ineffective in the field and difficult to maintain, the TSA canceled the program in 2006. Around that time, Rapiscan began to beef up its lobbying on Capitol Hill. It opened a Washington, D.C., office and, according to required disclosures, more than tripled its lobbying expenditures in two years, from less than $130,000 in 2006 to nearly $420,000 in 2008. It hired former legislative aides to Rep. David Price, D-N.C., then chairman of the homeland security appropriations subcommittee, and to Sen. Trent Lott, R-Miss. It started a political action committee and began contributing heavily to Price; Rep. Bennie Thompson, D-Miss., then head of the homeland security committee; Rep. Jane Harman, D-Calif., also on that committee; and Sen. Thad Cochran, R-Miss., the top Republican on the Senate appropriations committee. In addition, it opened a new North Carolina plant in Price?s district and expanded its operations in Ocean Springs, Miss., and at its headquarters in Torrance, Calif., in Harman?s district. ?Less than a month after U.S. Senator Trent Lott and other local leaders helped officially open Rapiscan Systems? new Ocean Springs factory,? Lott?s office announced in a news release in late 2006, ?the company has won a $9.1 million Department of Defense contract.? But Rapiscan still hadn?t landed a major contract to roll out its X-ray body scanners in commercial airports. Indeed, in 2007, with new privacy filters in place, the TSA began a trial of millimeter-wave and backscatter machines at several major airports, after which the agency opted to go with the millimeter-wave machines. The agency said health concerns weren?t a factor. But with the 2009 federal stimulus package, which provided $300 million for checkpoint security machines, the TSA began deploying backscatters as well. Rapiscan won a $173 million, multiyear contract for the backscatters, with an initial $25 million order for 150 systems to be made in Mississippi. Three other companies ? American Science & Engineering, Tek84 Engineering Group and Valley Forge Composite Technologies ? make X-ray scanners, but none are used by the TSA.Peter Kant, executive vice president for Rapiscan, said the company expanded its lobbying because its business was increasingly affected by the government. ?There?s a lot of misinformation about the technology; there?s a lot of questions about how various inspection technologies work,? he said. ?And we needed a way to be able to provide that information and explain the technology and how it works, and that?s what lobbying is.? The lawmakers either declined to comment or said the lobbying, campaign contributions and local connections had nothing to do with the TSA?s decision to purchase Rapiscan machines. The TSA said the contract was bid competitively and that the winning machines had to undergo comprehensive research and testing phases before being deployed. While the scanners were appearing in more and more airports, few passengers went through them, because they were used mostly for random screening or to resolve alarms from the metal detector. That changed on Christmas Day 2009, when a Nigerian man flying to Detroit tried to ignite a pouch of explosives hidden in his underwear. Following the foiled ?Great Balls of Fire? suicide bombing, as the New York Postdubbed it, Homeland Security Secretary Janet Napolitano ramped up plans to roll out body scanners nationwide. Members of Congress and aviation security experts also pushed heavily for the TSA to install more machines that could detect explosives on passengers. Harman sent a letter to Napolitano, noting that Rapiscan was in her district. ?I urge you to expedite installation of scanning machines in key airports,? Harman wrote in the letter, which was first reported by the website CounterPunch. ?If you need additional funds, I am ready to help.? Michael Chertoff, who had supported body scanners while secretary of Homeland Security, appeared frequently on TV advocating their use. In one interview, he disclosed that his consulting firm, Chertoff Group, had done work for Rapiscan, sparking accusations that he was trying to profit from his time as a government servant. Despite the criticism, little has been revealed about the relationship. Rapiscan dismissed it, asserting that the consulting work had to do with international cargo and port security issues ? not aviation. ?There was nothing that was not above board,? Kant said. ?His comments about passenger screening and these machines were simply his own and was nothing that we had engaged the Chertoff Group for.? In a statement, the Chertoff Group said it ?played no role in the sale of whole body imaging technology to TSA? and that Chertoff ?was in no way compensated for his public statements.? A public records request by ProPublica turned up empty: The Department of Homeland Security said it could not find any correspondence to or from Chertoff related to body scanners. DHS also said Chertoff did not use email. The TSA plans to deploy 1,275 backscatter and millimeter-wave scanners covering more than half its security lanes by the end of 2012 and 1,800 covering nearly all the lanes by 2014. According to annual reports filed with the Securities and Exchange Commission, OSI Systems, the parent company of Rapiscan, has seen revenue from its security division more than double since 2006 to nearly $300 million in fiscal year 2011. Miles O?Brien and Kate Tobin of PBS NewsHour contributed to this report. Correction (11/1): An earlier version of this story said that an email in which the TSA health and safety director said inspectors were ?radiation myth busters? incorrectly identified them as Rapiscan?s inspectors. The story should have said they were inspectors from the Army Public Health Command. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 1 17:54:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 1 Nov 2011 18:54:16 -0400 Subject: [Infowarrior] - =?windows-1252?q?Paper=3A_China=92s_Cyber_Warfare?= =?windows-1252?q?_Capabilities?= Message-ID: China?s Cyber Warfare Capabilities Desmond Ball China has the most extensive and most practised cyber-warfare capabilities in Asia. This article describes the development of these capabilities since the mid-1990s, the intelligence and military organisations involved, and the particular capabilities that have been demonstrated in defence exercises and in attacks on computer systems and networks in other countries. It notes that it is often very difficult to determine whether these attacks have originated with official agencies or private ?Netizens?. It argues that China?s own computer systems and networks are replete with vulnerabilities, of which Chinese officials are well aware. It concludes that this appreciation of China?s deficiencies and vulnerabilities has led to the adoption of a pre-emptive strategy, as practiced in People?s Liberation Army exercises, in which China?s very destructive but relatively unsophisticated cyber-warfare capabilities are unleashed at the very outset of prospective conflicts. < - > http://www.securitychallenges.org.au/ArticlePDFs/vol7no2Ball.pdf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 2 06:21:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Nov 2011 07:21:04 -0400 Subject: [Infowarrior] - =?windows-1252?q?Cohan=3A_Others_Pay_Price_for_Co?= =?windows-1252?q?rzine=92s_Revenge?= Message-ID: <75B0D6B7-AF3C-4121-AEE8-4BAFBF545A54@infowarrior.org> Cohan: Others Pay Price for Corzine?s Revenge By William D. Cohan - Nov 1, 2011 http://www.bloomberg.com/news/print/2011-11-01/others-pay-price-for-corzine-s-risky-revenge-william-d-cohan.html In the end, Jon Corzine was little more than an unsupervised rogue trader. His disproportionately reckless $6.3 billion bet on the credit quality of a few European nations bankrupted MF Global Holdings Ltd. (MF) over the course of three dramatic days after the short-term credit markets quickly lost confidence in him and his firm. His gamble will cost MF?s shareholders and creditors billions of dollars and, virtually overnight, put the careers of MF?s almost 3,000 employees in jeopardy. MF Global now has the distinction of being one of the largest bankruptcies in American corporate history, with almost $40 billion in liabilities. There is also the matter of the hundreds of millions of dollars of customers? money that regulators have reported to be missing from the firm?s coffers. In any case, it?s incredible how little Corzine and his associates learned from the collapses of Bear Stearns Cos., Merrill Lynch, Lehman Brothers Holdings Inc. and American International Group Inc. three years ago. And it now seems very hard to believe that just a few months ago Corzine was considered the front-runner to be the next U.S. Treasury secretary. It didn?t have to be this way. The tragic element of Corzine?s MF Global is that Monday?s bankruptcy filing could have easily been avoided if Corzine?s ego and ambition had been held in check by someone -- anyone -- willing to stand up to the former New Jersey governor, senator and senior partner at Goldman Sachs Group Inc. (GS) No One Watching Where, for example, was J. Christopher Flowers, the billionaire founder of J.C. Flowers & Co.? According to MF Global?s most recent proxy statement, Flowers?s firm owned 6.8 percent of MF. But then Flowers had reasons to have blind faith in Corzine: It was Flowers who recruited the former governor to MF in 2010, and also made Corzine a partner in his private- equity fund. When the two men were at Goldman Sachs in the 1990s, they had a symbiotic relationship: As Flowers was head of the financial-institutions group, Corzine relied on him to make introductions to other Wall Street bosses so they could ponder strategic deals. Where were MF Global?s other institutional shareholders, such as Fidelity Investments (which held a 14.8 percent stake, according to the proxy), Guardian Life Insurance Co. (7.4 percent), TIAA-CREF Investment Management LLC (6.6 percent) and Piper Jaffray Cos. (PJC) (6.3 percent)? Were they too dazzled by Corzine?s resume to take a serious look at how he intended to transform MF Global from a backwater to a major player on Wall Street? Where was MF Global?s auditor, PriceWaterhouseCoopers LLP, which managed to pocket almost $25 million in fees from the company over the past two years? And where, for heaven?s sake, was MF Global?s eight-member board of directors -- a ragtag collection of mostly unknown Wall Street types who had the fiduciary responsibility on behalf of creditors, shareholders, counterparties and employees to make sure Corzine wasn?t taking irresponsible risks? Is it too much to ask a board of directors to take this responsibility seriously? Apparently it was at MF Global. In granting Corzine a three-year extension of his employment agreement in 2011, the board?s compensation committee noted that his ?performance has been exemplary since joining the firm just over one year ago,? according to the proxy statement. The board also noted that Corzine ?accomplished key near-term building blocks, including significant improvements in the reputation of the firm as demonstrated by its ability to hire quality professionals, the company?s success in securing primary dealer status, its growing client balances and its improved posture with regulators.? One wonders if the board members still hold that opinion. Other People?s Money The collapse of MF Global points once again, in the strongest possible terms, to the importance of having a substantive, teeth-bearing regulatory regime charged with overseeing the kind of asynchronous risk-taking that gives people like Corzine the incentive to gamble with other people?s money in hopes of reaping financial windfalls. And yet, more than three years after the collapse of Lehman Brothers and the onset of the financial crisis, we don?t have in place anything close to necessary regulations to try to prevent companies like MF Global from exploding. There is little question that from the outset of his tenure at MF Global, Corzine was swinging for the fences. He told me at the time that he saw MF Global as sleepy and risk-averse; he was determined to ratchet up exponentially the amount of risk the firm took using its creditors and shareholder money. Corzine himself had only a tiny fraction of his fortune invested in MF Global. His option-oriented compensation package encouraged him to take outsize risks in order to move MF Global?s stock price into ?in-the-money? territory. One also suspects that Corzine was looking for some serious redemption after the January 1999 coup he suffered at the hands of his fellow Goldman Sachs partners. Even though Corzine hadn?t sat on a trading desk in years, MF Global was his return ticket to the land of the Wall Street giants. Corzine has always been a bit precocious and underestimated. In 1980, at the age of 33, he became a Goldman Sachs partner after just 4? years at the firm. In 1986, he turned a wrong-way bet by Goldman Sachs on the direction of interest rates and Treasury securities -- a bet that looked like it was going to cost the firm $150 million -- into a $10 million gain after he personally took charge of the trade and worked it out. Many of his Goldman Sachs partners saw him as a bit of a hero afterwards, and the slope of his career trajectory angled dramatically upward. In 1993, his future leadership of the firm was virtually assured after his trading group racked up impressive gains on the direction of various currencies against the dollar, helping Goldman Sachs to achieve record pretax earnings of $2.7 billion. A Golden Boy Corzine was the firm?s golden boy. But just after those earnings were paid out as partner bonuses, the trading environment in 1994 turned decidedly sour. In that year, the firm started losing almost $150 million every month and Corzine refused to give up on his trades --another wrong-headed bet on interest rates. In the end, the firm barely broke even in 1994, and some 40 partners left the company as they watched their capital accounts dwindle. Somehow, Corzine wasn?t held accountable. In September 1994, despite the huge trading losses for which his fixed-income group was responsible, Corzine?s partners selected him to be the firm?s new senior partner. In 1995, the year after the worst annual performance in Goldman Sachs?s history, he exhorted his partners to try to make $10 billion in pretax income during the next five years. After first snickering at this goal, his partners accomplished it -- and more -- making the firm?s May 1999 initial public offering both inevitable and a huge success. By then, though, Corzine?s unilateral efforts to merge Goldman Sachs with a variety of other Wall Street titans - - from Salomon Brothers to JPMorgan to Mellon Bank -- had so alienated his partners that they colluded to oust him. He said he never saw it coming. While the denouement of MF Global is still being written, one thing is crystalline: Behind Jon Corzine?s bearded, avuncular facade lies the soul of a stubborn, ambitious and aggressive risk-taking trader who in the end drove MF Global into the financial abyss. If only someone had had the guts to stop him. (William D. Cohan, a former investment banker and the author of ?Money and Power: How Goldman Sachs Came to Rule the World,? is a Bloomberg View columnist. The opinions expressed are his own.) To contact the writer of this article: William D. Cohan at wdcohan at yahoo.com To contact the editor responsible for this article: Tobin Harshaw at tharshaw at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 2 06:44:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Nov 2011 07:44:16 -0400 Subject: [Infowarrior] - WH Creating Cyber-War hotline? Message-ID: http://www.whitehouse.gov/the-press-office/2011/11/01/vps-remarks-london-cyberspace-conference THE WHITE HOUSE Office of the Vice President For Immediate Release November 1, 2011 REMARKS BY VICE PRESIDENT BIDEN TO THE LONDON CONFERENCE ON CYBERSPACE Via Video Teleconference 10:42 A.M. EDT THE VICE PRESIDENT: Well, thank you very much, Foreign Secretary Hague, and my best to Prime Minister Cameron. I agree with everything that he said today. But I?m very glad to be able to join you all on behalf of our administration to talk about the issue that will have enormous, enormous consequences for each of our countries and, quite frankly, consequences for the whole world: the future of cyberspace. < -- > For example, the United States is working closely with Russia to reach an agreement that would establish links between our computer emergency response teams and our nuclear risk reduction centers to build cooperation and to set up lines of communication in the event of an alarming incident. < -- > http://www.whitehouse.gov/the-press-office/2011/11/01/vps-remarks-london-cyberspace-conference --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 2 08:14:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Nov 2011 09:14:49 -0400 Subject: [Infowarrior] - DHS recruiting hotel guests w/TV spots Message-ID: <71A150AA-BF9D-4CE6-8C32-9FC20AA16631@infowarrior.org> Hotel guests recruited with Homeland Security TV spots By Barbara De Lollis, USA TODAY http://travel.usatoday.com/hotels/story/2011-11-02/Hotel-guests-recruited-with-Homeland-Security-TV-spots/51032602/1?loc=interstitialskip Starting today, the welcome screens on 1.2 million hotel television sets in Marriott, Hilton, Sheraton, Holiday Inn and other hotels in the USA will show a short public service announcement from DHS. The 15-second spot encourages viewers to be vigilant and call law enforcement if they witness something suspicious during their travels. During the PSA, which starts with a woman exiting a yellow taxi in front of a train station, a narrator says, "Maybe you see something suspicious. Can you be sure? If you see something, say something to authorities." The PSA, which will be interspersed with other messages on the welcome screen, will be the same in all 5,400 hotels that LodgeNet serves. It ends by telling viewers to contact "local authorities." Homeland Security Secretary Janet Napolitano says that reaching the "millions of guests that stay at hotels and motels each year is a significant step in engaging the full range of partners in our Homeland Security efforts." The federal government gained access to hotel TV sets by forming a partnership with the hotel industry's largest association ? the American Hotel & Lodging Association ? which connected DHS with LodgeNet, the industry's largest TV-content provider. By entering hotels at a time when the hospitality industry is on the rebound, the government has the power to tap a growing, captive audience. Recent research from LodgeNet says 98% of hotel guests turn on their hotel TV, and the average guest keeps it on for more than three hours per day. Ann Parker, a LodgeNet spokeswoman, describes the PSAs as "well done and professional" and says the decision to air them was not difficult. "It's about everyone doing their part to help keep each other and the country safe," she says. But critics of the campaign point out potential pitfalls. Josh Meyer of the Washington-based National Security Journalism Initiative predicts it will generate "a huge amount of potentially baseless tips that will inundate local, state and federal law enforcement authorities." DHS spokesman Peter Boogaard, however, cites successful citizen interventions, such as the May 2010 incident in which two street vendors helped thwart a car bombing attempt in New York City's Times Square by noticing a smoking vehicle and reporting it to police. In the last two years, DHS has formed partnerships with a variety of groups including Amtrak, the U.S. Tennis Association, the National Football League and the Mall of America to enlist public support. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 2 11:28:52 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Nov 2011 12:28:52 -0400 Subject: [Infowarrior] - US Marshal Service Told To Go After Righthaven's Assets Message-ID: <90DE6E1A-B3EC-4E04-9E6D-2A25F1765BBE@infowarrior.org> Good riddance to bad rubbish .... and idiotic trolls!! -- rick US Marshal Service Told To Go After Righthaven's Assets from the is-it-over-yet? dept The saga of Righthaven continues... and may finally be nearing a close. With Righthaven failing to get a court to change the requirement to put up a bond for the $34k it owes in legal fees for its bogus lawsuit against Wayne Hoehn, the deadline for Righthaven to pay up (or post such a bond) has passed. As such, it appears that the court has now signed off on a writ of execution for the US Marshal Service to seek to get from Righthaven the money owed, including additional accrued costs to make the total at stake: $63,720.80. In fact, they're "authorized to use reasonable force in the execution of this Judgment/Order." It seems that missing deadlines for filings may be the least of Righthaven's problems at this point. http://www.techdirt.com/articles/20111101/21540516585/us-marshal-service-told-to-go-after-righthavens-assets.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 2 11:30:34 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Nov 2011 12:30:34 -0400 Subject: [Infowarrior] - =?windows-1252?q?Kenyan_Air_Force_Tweets_Somalis?= =?windows-1252?q?=3A_We=92re_About_to_Bomb_You_=23Duck?= Message-ID: <2F704CEB-ED76-4B81-B110-A918AEE71672@infowarrior.org> Kenyan Air Force Tweets Somalis: We?re About to Bomb You #Duck ? By David Axe ? November 2, 2011 | ? 11:21 am | ? Categories: Terrorists, Guerillas, Pirates http://www.wired.com/dangerroom/2011/11/kenya-tweets-air-raids/ Two weeks into Kenya?s risky attack on Somali extremists, the Kenyan military is warning civilians to expect air raids in the vicinity of 10 Somali towns. The heads-up itself is not unusual. What is unusual is the medium: Twitter, the short messaging service. ?BAIDOA, BAADHEERE, BAYDHABO, DINSUR, AFGOOYE, BWALE, BARAWE, JILIB, KISMAYO and AFMADHOW will be under attack continuously,? Maj. Emmanuel Chirchir, a Kenyan military spokesman, Tweeted on Tuesday afternoon. In an interview with the BBC, Chirchir clarified that the attacks are targeting extremist camps near the listed towns. Chirchir seems to recognize that few residents of these impoverished communities possess Twitter accounts or reliable Internet access. ?The Kenya Defense Forces urges anyone with relatives and friends in the 10 towns to advise them accordingly,? he added in a subsequent Tweet. The warning comes two days late for some Somalis. On Sunday Kenyan jets struck a suspected extremist base near Jilib. Five civilians reportedly died in the attack. In yet another Tweet, Chirchir blamed the deaths on extremists indiscriminately firing a ZSU-23 anti-aircraft gun near a refugee camp. Kenya?s air force is notoriously inexperienced and dilapidated, even by the modest standards of East African air arms. The air force possessed roughly 18 U.S.-built F-5 jet fighters dating from the 1970s, two of which have already been destroyed in the Somalia fighting. The F-5s, similar to those pictured above, apparently carry only unguided bombs. A lack of pilot training could compound the bombs? poor accuracy. While the U.S. has been flying Reaper spy drones over Somalia from a newly-disclosed base in Ethiopia, spotting extremist targets, it?s not clear that the drones can interface with the F-5s the way they do with U.S. jet fighters. That means Chirchir isn?t joking when he takes to Twitter to warn civilians in Kenya?s line of fire. With Kenyan jets incoming, you?d best duck and cover. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 2 17:33:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Nov 2011 18:33:51 -0400 Subject: [Infowarrior] - New snow policy for feds: Shelter in place Message-ID: New snow policy for feds: Shelter in place http://www.washingtonpost.com/politics/new-snow-policy-for-feds-shelter-in-place/2011/11/01/gIQAfnvwfM_print.html By Lisa Rein, Wednesday, November 2, 1:11 PM The new marching orders for federal workers during snowstorms this winter: Leave the office by the time we tell you to go home?or stay put until we say the roads are safe. In the first overhaul in 14 years to its bad-weather policy, the government is vowing to avoid the chaos that unfolded on Jan. 26 when thousands of commuters were trapped in their cars in gridlock for up to 12 hours. Most left the office just as a fast-moving snowstorm struck at rush hour. The government took the heat for dismissing people too late and not telling transportation officials. The Office of Personnel Management now says it will make the call much earlier to either close the government or allow unscheduled leave or telework?and play it safe at the risk of overreacting should just a few flakes fall. ?The best way for us to get people out of the city is to not bring them in in the first place,? said Dean Hunter, the personnel agency?s emergency management chief. The government is scheduled to approve the new policy next week. The Post obtained details in advance. If the weather turns bad once they?re at the office, the 300,000 federal employees in the Washington area who don?t leave by a deadline will be told to shelter in place, a policy that?s sure to evoke images of Cold War fallout shelters and biological attacks. ?Our basic point is, it?s a recommendation we strongly suggest,? Hunter said, acknowledging that parents who need to pick up their children would not be penalized. ?You?re not going to have security guards go through the building and tell people, ?You?re going to have to leave now.?? Even workers who commute by Metro would be urged to stay put, Hunter said, to limit the load on the transit system. When the storm subsides, personnel officials will distribute a message ? indicating it?s safe and proper to use these methods of transportation,? he said. The new strategy is a linchpin in an emergency plan just crafted by regional officials who met for seven months to devise a way to avoid traffic paralysis during winter storms. The group has tentatively approved a plan to assign emergency management experts to provide better and faster updates about weather, road and transit conditions? and have governments speed up their communication. The policy is expected to get the go-ahead on Nov. 9. The plan since 1997 has been to dismiss workers two hours early or have them come in two hours late in a weather emergency, with the government?s staggered schedules allowing a gradual flow of commuters. Many companies and nonprofit groups take their cues from the government whether to stay open. In recent years, the growth of telework has allowed modifications: The government stays open but the work gets done from home. But the region?s already bad traffic seems to turn to gridlock in bad weather. Weathering the storm in the office ?and no, working will not be required ? could ease the crunch. ?If you have a massive snowstorm and the roads are not passable, it could make a major difference in the success of keeping people safe,? said Montgomery County Council member Phil Andrews (D-Gathersburg-Rockville), who leads committee. But others say it?s not enforceable. ?Unless you chain someone to their desk, it?s not going to happen,? said Tim Firestine, Montgomery?s chief administrative officer. ?How do you deal with the human nature of it? If I have a four-wheel drive, I?m going to jump in it.? The government doesn?t make weather-related decisions lightly: The federal payroll comes to more than $50 million a day in the Washington area. Personnel officials get second-guessed a lot. When the government permits unscheduled leave, as many as half of the area?s federal workers take a vacation day, which also costs millions of dollars in lost productivity. During one storm in 2000, for example, the call was not made until 7 a.m. and most workers didn?t get the word until a half hour later as they hiked to the Metro through the snow or were stuck in their cars on dangerous roads. OPM now makes its weather calls by 4 a.m., following a 3 a.m. consultations with local governments, to get the word out to early commuters. That time is likely to be pushed up, officials said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 2 19:01:38 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 2 Nov 2011 20:01:38 -0400 Subject: [Infowarrior] - Piracy problems? US copyright industries show terrific health Message-ID: Piracy problems? US copyright industries show terrific health By Nate Anderson | Published about an hour ago Pity the poor people who work in the US "copyright industries." Battered by a decade of digital piracy and facing even more of it thanks to cheap computers, fast Internet, P2P file-sharing, and online file lockers, the US creative industries teeter on the verge of collapse. You can tell because the industry: ? Pays better than most American jobs ? Has outperformed the US economy through a horrific recession ? Sells record-setting amounts of product overseas, earning more foreign revenue than the entire US food sector or US pharmaceutical companies Things are going so "badly" that a major new report commissioned by copyright holders says that these "consistently positive trends solidify the status of the copyright industries as a key engine of growth for the US economy as a whole." Bad never looked so good The International Intellectual Property Alliance unveiled the new report today in association with the Congressional International Anti-Piracy Caucus at an event in Washington, DC. The report doesn't even try to quantify losses to piracy anymore--last year, an official US government report concluded that such estimates were all deeply unreliable. Instead, it simply asserts without evidence that "piracy inhibits? growth in the US and around the world." "Inhibits growth" doesn't quite equal "causes staggering job losses," the traditional anti-piracy rallying cry. Indeed, copyright industries are being "hard hit" by piracy in the way that plenty of other US industries are desperate to get "hit." (In this sense, the report is bit like the MPAA's routine announcements of record-setting box office revenues even as the movie studios conjure visions of apocalypse.) During the recession of the last few years, the report shows that copyright-based businesses have far exceeded the US economy as a whole. < - big snip - > http://arstechnica.com/tech-policy/news/2011/11/piracy-problems-us-copyright-industries-show-terrific-health.ars --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 3 09:17:34 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Nov 2011 10:17:34 -0400 Subject: [Infowarrior] - U.S. cyber espionage report names China and Russia as main culprits Message-ID: U.S. cyber espionage report names China and Russia as main culprits By Ellen Nakashima, Thursday, November 3, 8:48 AM http://www.washingtonpost.com/world/national-security/us-cyber-espionage-report-names-china-and-russia-as-main-culprits/2011/11/02/gIQAF5fRiM_print.html Online industrial spying by China and Russia presents a growing threat to the U.S. economy and its national security, the top counterintelligence agency said Thursday, abandoning the caution American officials typically display when asked to name the countries they believe are most responsible for cyber-economic espionage. Billions of dollars of trade secrets, technology and intellectual property are being siphoned each year from the computer systems of U.S. government agencies, corporations and research institutions to benefit the economies of China and other countries, the Office of the National Counterintelligence Executive said. Its report to Congress was released Thursday morning. The hackers range from foreign intelligence services to corporations to criminals, according to the report, but its title ? Foreign Spies Stealing U.S. Economic Secrets in Cyberspace ? leaves no doubt as to who are the most intent on stealing secrets. ?Chinese actors are the world?s most active and persistent perpetrators of economic espionage,? the report states. In addition, it says, ?Russia?s intelligence services are conducting a range of activities to collect economic information and technology from U.S. targets.? Both countries have routinely denied such charges, and a spokesman for the Chinese Embassy expressed outrage at the report by the counterintelligence office, whose focus is intelligence threats to the United States. ?We are opposed to willfully making unwarranted allegations against China as firmly as our opposition to any forms of unlawful cyberspace activities,? embassy spokesman Wang Baodong said in an e-mail. A senior U.S. intelligence official, who conducted a media briefing about the report Wednesday on the condition of anonymity, said the government?s unusual candor in naming particular countries was prompted by the severity of the threat. ?From a counterintelligence standpoint and the threat to our national economy, I think we have to suggest and say who we consider the foreign intelligence services and the countries that are doing the most harm,? the official said. Though conclusive proof of who is behind a computer heist of data is often difficult to obtain, he said: ?We have information that certainly the Chinese and Russians are interested in our technology. ... It?s part of China and Russia?s national policy to try to identify and take sensitive technology which they need for their development.? With the domestic and world economies lagging, and U.S. unemployment above 9 percent, cutting-edge technology is key to U.S. economic growth. But it is that very technology that is being targeted by countries such as China, as part of a broader strategy to build its own economy and become a global powerhouse. In fact, China has set up Project 863 to acquire U.S. technology and sensitive economic information in clandestine fashion for just that purpose, the report said. Last year, Google announced that proprietary data were stolen by hackers in China, which experts called part of a vast campaign of economic espionage. ?We put billions of dollars into research and development,? the senior official said. ?It puts [the Chinese] on a par with us if they can take that information and use it for their economy.? From their perspective, the official added, ?What?s the downside? What do you lose? There?s no downside to trying to build your economy on somebody else?s information.? The pace of industrial espionage activities is accelerating, the report said. Foreign intelligence agencies, corporations and individual hackers increased their efforts to steal proprietary technology in between 2009 and 2011, the report said. Some of the thieves are allies ? the Israelis and French have targeted U.S. commercial secrets, former officials have noted. But one country stands out, officials say. ?The computer networks of a broad array of U.S. government agencies, private companies, universities and other institutions ? all holding large volumes of sensitive economic information ? were targeted by cyber espionage,? the report said. ?Much of this activity appears to have originated in China.? Indeed, scores of countries target the United States? industrial and technology secrets, said Joel F. Brenner, the former National Counterintelligence Executive, whose new book, ?America the Vulnerable,? discusses the threat. ?The leaders of the pack are Russia, China and Iran,? he said. ?The Russians are very quiet and very good. But for relentlessness and sheer volume, the Chinese are in a class by themselves.? The report by the current counterintelligence executive, Robert ?Bear? Bryant, comes as other U.S. officials have increasingly spoken out about the massive transfer of wealth taking place through computer networks. ?This is definitely the golden age of cyber espionage,? said Steven Chabinsky, deputy assistant director of the FBI?s cyber division. ?Foreign states are stealing data left and right from private-sector companies, nonprofit organizations and government agencies.? Russia is motivated by a dependence on natural resources, a need to diversify its economy and the belief that the global system is tilted toward the West at its expense, the report released Thursday states. The FBI alerted more than 100 U.S. companies in the past year that they had been hacked, officials said. ?It?s happening at a breathtaking pace, and it is very, very concerning,? said Rep. Mike Rogers, (R-Mich.), chairman of the House Intelligence Committee. Rogers recently accused China of ?waging a massive trade war? on the United States and its allies that has reached ?intolerable levels.? He has urged the U.S. to join with allies to apply diplomatic pressure on the Chinese to stop. The head of the military?s U.S. Cyber Command, Gen. Keith Alexander, said that one U.S. company recently lost $1 billion worth of intellectual property over the course of a couple of days ? ?technology that they?d worked on for 20-plus years ? stolen by one of the adversaries.? Establishing total dollar value of the data lost is exceedingly difficult, because companies do not always report thefts and they do not always know how to accurately assess loss. But the senior official noted a few cases in which estimates were given in economic espionage prosecutions over the past six years: $100 million worth of insecticide research from Dow Chemical, $400 million worth of chemical formulas from DuPont, $600 million of proprietary data from Motorola; $20 million worth of paint formulas from Valspar. Some of the corporate pilfering is done by employees on behalf of a foreign company or government. The report gave three recent examples, all involving individuals with a link to China. But rather than walk out of the companies with file folders of paper, the spies used access to computers or removable media such as thumb drives to steal sensitive data. Of seven insider theft cases prosecuted under the Economic Espionage Act in fiscal year 2010, six involved a link to China, the report says. The threat is not just to the economy but also to national security, the report states. The illicit transfer of technology with military applications to a hostile state such as Iran or North Korea could endanger the lives of U.S. and allied military personnel. The theft of confidential U.S. government economic data ? whether by an adversary or an ally ? could undercut U.S. ability to develop policies on issues from climate change to financial market reforms. The senior official said he endorsed Rogers?s call for international pressure to get China to stop its spying. U.S. policy is not to conduct such espionage, he said. ?It takes conversations with foreign countries and making sure our positions are clear,? he said. Such conversations, he added, should be part of a ?suite of solutions.? ?If we don?t do it, I?m afraid it will harm our ability to compete in the world.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 3 19:23:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Nov 2011 20:23:30 -0400 Subject: [Infowarrior] - Judge Tosses Jesse Ventura's Airport Scans Lawsuit Message-ID: <27A38431-62D9-480B-B31C-E89E2F1F6E16@infowarrior.org> (Not sure how the judge can say this is not something in the courts' jurisdiction....sounds like a cop-out to me. But then again IANAL and have not read the decision. -- rick) Judge Tosses Jesse Ventura's Airport Scans Lawsuit ST. PAUL, Minn. November 4, 2011 (AP) http://abcnews.go.com/US/wireStory/judge-tosses-jesse-venturas-airport-scans-lawsuit-14877506#.TrMwIPGU6Q4 A federal judge has dismissed a lawsuit by former Minnesota Gov. Jesse Ventura in which he sought to challenge the use of full-body scans and pat-downs at airport checkpoints. Ventura sued the Department of Homeland Security and the Transportation Security Administration in January alleging that the scans and pat-downs violated his right to be free from unreasonable searches and seizure. U.S. District Judge Susan Richard Nelson ruled Thursday that the court lacked jurisdiction. Ventura claimed that the titanium hip implanted in him in 2008 sets off metal detectors and that agents previously used hand-held wands to scan his body. He says he was subjected to a body pat-down after an airport metal detector went off last November. Ventura's attorney says Ventura will comment Friday outside the St. Paul federal courthouse. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 3 19:38:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 3 Nov 2011 20:38:36 -0400 Subject: [Infowarrior] - more on....Judge Tosses Jesse Ventura's Airport Scans Lawsuit References: Message-ID: <43EAD0DE-851F-450E-AC8F-451673946201@infowarrior.org> Begin forwarded message: > From: "Dissent" > Statute says challenges/complaints can only be heard in Circuit Court > of Appeal for D.C. or the complainant's court of appeals. Ventura > filed in district court, not court of appeals. > > I uploaded the memorandum and order to: > http://www.pogowasright.org/wp-content/uploads/ventura_v_Napolitano.pdf From rforno at infowarrior.org Sat Nov 5 09:44:15 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 5 Nov 2011 10:44:15 -0400 Subject: [Infowarrior] - Andy Rooney dead at 92 Message-ID: <04F23CBB-8159-4E7F-B82E-2172214DB138@infowarrior.org> Andy Rooney dead at 92 http://www.cbsnews.com/2102-18560_162-57319150.html?tag=contentMain;contentBody Andy Rooney, the "60 Minutes" commentator known to generations for his wry, humorous and contentious television essays - a unique genre he is credited with inventing - died Friday night in a hospital in New York City of complications following minor surgery. He was 92, and had homes in New York City, Rensselaerville, N.Y. and Rowayton, Conn. "It's a sad day at '60 Minutes' and for everybody here at CBS News," said Jeff Fager, chairman of CBS News and the executive producer of "60 Minutes." "It's hard to imagine not having Andy around. He loved his life and he lived it on his own terms. We will miss him very much." Rooney had announced on Oct. 2, 2011 in his 1,097th essay for "60 Minutes" that he would no longer appear regularly. Rooney wrote for television since its birth, spending more than 60 years at CBS, 30 of them behind the camera as a writer and producer, first for entertainment and then news programming, before becoming a television personality - a role he said he was never comfortable in. He preferred to be known as a writer and was the author of best-selling books and a national newspaper column, in addition to his "60 Minutes" essays. But it is his television role as the inquisitive and cranky commentator on "60 Minutes" that made him a cultural icon. For over 30 years, Rooney had the last word on the most watched television program in history. Ratings for the broadcast rose steadily over its time period, peaking at a few minutes before the end of the hour, precisely when he delivered his essays - which could generate thousands of response letters. Each Sunday, Rooney delivered one of his "60 Minutes" essays from behind a desk that he, an expert woodworker, hewed himself. The topics ranged from the contents of that desk's drawer to whether God existed. He often weighed in on major news topics. In an early "60 Minutes" essay that won him the third of his four Emmy Awards, his compromise to the grain embargo against the Soviet Union was to sell them cereal. "Are they going to take us seriously as an enemy if they think we eat Cap'n Crunch for breakfast?" deadpanned Rooney. Mainly, his essays struck a chord in viewers by pointing out life's unspoken truths or more often complaining about its subtle lies, earning him the "curmudgeon" status he wore like a uniform. "I obviously have a knack for getting on paper what a lot of people have thought and didn't realize they thought," Rooney told the Associated Press in 1998. In typical themes, Rooney questioned labels on packages, products that didn't seem to work and why people didn't talk in elevators. Rooney asked thousands of questions in his essays over the years, none, however, began with "Did you ever...?" a phrase often associated with him. Comedian Joe Piscopo used it in a 1981 impersonation of him on "Saturday Night Live" and, from then on, it was erroneously linked to Rooney. Rooney was also mistakenly connected to racism when a politically charged essay highly insensitive to minorities was written in his style and passed off as his on the internet in 2003. Over the next few years, it found its way into the e-mail boxes of untold thousands, causing Rooney to refute it in a 2005 "60 Minutes" essay, and again, as it continued to proliferate, in a Associated Press article a year later. Many assumed he wrote the screed because Rooney's longtime habit of writing or speaking plainly on sensitive topics had left him open to attacks in the past by activist groups. The racist essay was one of the many false Rooney quotes and essays bouncing around the Internet. The racism charge angered and hurt Rooney deeply, especially because as a young soldier in the early 1940s, he got himself arrested in Florida for refusing to leave the seat he had chosen among blacks in the back of an Army bus. At the height of the AIDS crisis, Rooney had his biggest run-in with a group and it had dire consequences. In February 1990, the gay magazine The Advocate interviewed him after he associated the human choices of drugs, tobacco and gay sex with death in a CBS News special, "A Year With Andy Rooney: 1989." The magazine printed racist remarks attributed to him from the interview, which he vehemently denied making. A torrent of negative publicity followed, after which then-CBS News President David Burke suspended him for three months. The outcry for his return was deafening. Burke reinstated him after only three weeks, saying Rooney was not a man "who holds prejudice in his heart and mind." The ratings for "60 Minutes," CBS' only top-10 hit that season, dropped while Rooney was off the air. But the negative publicity and suspension exacted a toll. Rooney said publicly he was "chilled" and admitted the new sensitivity led him to spike a later essay regarding the United Negro College Fund. Rooney still spoke his mind, however. Thousands of angry letters arrived when he said Kurt Cobain, the young star of hit rock band "Nirvana," was essentially a waste of humanity for taking his own life. Native Americans demanded apologies when he belittled their efforts to stop sports teams from using names like "Braves" in 1995 and again in 1997 when he suggested Indian casino profits be used to support poor tribes. He reacted to the acquittal of O.J. Simpson in 1995 by offering a $1 million reward for information leading to the real killer - a reward he said he would never have to pay because Simpson committed the murders. His essay in 2004, in which he said God told him that the Rev. Pat Robertson and Mel Gibson were "whackos," resulted in 20,000 complaints - the most response any "60 Minutes" issue ever drew. No group was off-limits for Rooney, especially CBS management and his own colleagues. Rooney poked fun at the "60 Minutes" correspondents on a regular basis in his essays, while he questioned CBS management on issues, such as layoffs and strikes, sometimes in his "60 Minutes" essays, but more often in his syndicated newspaper column for Tribune Media Services or in media interviews. During a Writers Guild of America strike against CBS, Rooney, though not in the union, supported it by not writing any "60 Minutes" pieces until the strike was settled. He publicly blamed CBS's troubles of the early 1990s on Chairman Laurence Tisch's cutbacks, daring Tisch to fire him. Rooney was very popular with the public but drew criticism from the media for his controversial views and for the seemingly effortless style and content of his "60 Minutes" essays. He once took advantage of his popularity to get back at a critic. When Associated Press television critic Frazier Moore wrote that Rooney should quit because his material was getting old, Rooney took Moore to task by broadcasting the newswire's New York phone number, exhorting his "60 Minutes" viewers to tell the writer what they thought of his opinion. The Associated Press logged over 7,000 calls in 48 hours, the vast majority in favor of Rooney. He rarely attacked his critics publicly, in fact, he sometimes embraced them. On many occasions, he read on the air their most cutting letters, sometimes admitting he was wrong and apologizing. The Cobain and the O.J. Simpson incidents were both essays he regretted writing and he said so on air. Andrew Aitken Rooney was born January 14, 1919 in Albany, N.Y. He graduated from Albany Academy High School and attended Colgate University until being drafted into the U.S. Army in 1941, his junior year. After brief service in an artillery unit in England, he became a correspondent for The Stars and Stripes for three years. Rooney was one of six correspondents to fly with the Army's 8th Air Force on the second American bombing raid over Germany - a risky mission the enemy fully expected. He then covered the Allied invasion of Europe and, after the surrender of Germany, filed reports from the Far East. He was awarded the Bronze Star for his reporting under fire at the battle of Saint Lo. Rooney wrote about his war experiences in his first three books, the second of which, The Story of the Stars and Stripes, was bought by Metro-Goldwyn-Mayer for movie rights. Despite going to Hollywood and writing a film script, the film was never made, but the sizable sum he earned enabled him to write as a freelancer for several years after the war. He was hired by CBS in 1949 after a bold encounter in the elevator with Arthur Godfrey. Rooney told the biggest radio star of the day he could use some better writing. His nerve moved Godfrey to hire him for "Arthur Godfrey's Talent Scouts," which moved to television and became a top-10 hit that was number one in 1952. He also wrote for Godfrey's other primetime program, "Arthur Godfrey and His Friends," and the star's daily morning show. He became Godfrey's only writer in 1953, before quitting the lucrative work in 1955 because he felt he could be doing something more important. But after a period of unemployment, with a wife and four children to support, he returned to television writing on CBS' "The Morning News with Will Rogers, Jr." in 1957. The best thing that happened to Rooney on the short-lived program was meeting and befriending CBS News Correspondent Harry Reasoner, with whom he collaborated later to great success. He also wrote for "The Garry Moore Show" (1959-'65), helping it to achieve hit status as a top-20 program. Such regularly featured talents as Victor Borge, Bob and Ray and Perry Como spoke the words written by Rooney during this period. At the same time, he wrote for CBS News public affairs broadcasts, including "The Twentieth Century," "News of America" and "Adventure," and he freelanced articles for the biggest magazines of the day. By the mid-1960s, Rooney's name was a familiar credit at the end of CBS News programs. "The most felicitous nonfiction writer in television" is how Time magazine described Rooney in 1969, a winner of the Writers Guild Award for Best Script of the Year six times. Rooney had convinced CBS News he could write for television on any subject when he wrote his first television essay in 1964, an original genre he is credited with developing. Proving his point, he picked doors as the subject and Reasoner as the voice for "An Essay on Doors." The team - Rooney writing and producing and Reasoner narrating -- went on to create such critically acclaimed specials as "An Essay on Bridges" (1965), "An Essay on Hotels" (1966), "An Essay on Women" (1967), "An Essay on Chairs" (1968) and "The Strange Case of the English Language" (1968). Rooney also wrote and produced many news documentaries, including the most comprehensive television treatment of Frank Sinatra, "Frank Sinatra: Living With the Legend," in 1965. He wrote two CBS News specials for the series "Of Black America" in 1968, one of which, "Black History: Lost, Stolen or Strayed," won him his first Emmy and the Robert F. Kennedy Journalism Awards First Prize for Television. Rooney also produced for Reasoner at "60 Minutes" during the broadcast's first few seasons and made his on-screen "debut." He and the broadcast's senior producer, Palmer Williams, appeared in silhouette as "Ipso and Facto" in a short-lived opinion segment called "Digressions." Then, after Reasoner left for ABC in 1970, Rooney also left the network briefly. Having trouble getting his material on the air, he purchased his "An Essay on War" from CBS and took it to public television to be broadcast on "Great American Dream Machine." The 1971 program was Rooney's first appearance as himself on television and won him his third Writers Guild Award. He wrote and produced more essays for the program, appearing in those as well. He returned to CBS in 1973 after a short stint with Reasoner at ABC News and then wrote, produced and narrated a series of broadcasts for CBS News on various aspects of American life between 1975 and 1989. These included "Mr. Rooney Goes to Washington," for which he won a Peabody Award, "Andy Rooney Takes Off," "Mr. Rooney Goes to Work" and "Mr. Rooney Goes to Dinner." He also appeared several times in 1977 and 1978 on "60 Minutes" doing segments that included "Super Salesman," a look at the relationship between the Colonial Penn Life Insurance Company, the National Retired Teachers Association and the American Association of Retired Persons, in which he suggested the AARP was created as a vehicle to sell insurance to the elderly. Rooney then was given the job as summer replacement for the Shana Alexander and James Kilpatrick "Point/Counterpoint" "60 Minutes" segment on July 2, 1978. In this first essay, "Three Minutes or so with Andy Rooney," he attacked the dark tradition of tallying the highway deaths during the holiday weekend. In the fall, "A Few Minutes With Andy Rooney" became a regular segment, alternating with Alexander and Kilpatrick. The following season (1979-'80), Rooney had the end of the broadcast to himself, holding forth in front of an audience approaching 40 million - the number-one television program in America. The National Society of Newspaper Columnists recognized Rooney's rich body of work with its Ernie Pyle Lifetime Achievement Award in June 2003. Rooney was a friend of Pyle, the famous World War II correspondent felled by a sniper, whom he met while covering the war for The Stars and Stripes. The Overseas Press Club honored Rooney with its President's Award in April 2010 for his war reporting Rooney was a rabid New York Giants football fan whose 50-plus years of season tickets began in a seat behind a pole at the Polo Grounds. Attending such public events was often problematic for the recognizable Rooney, who didn't sign autographs because he thought it a silly endeavor linked to his television fame. Always proud of his writing, he would gladly sign one of his 16 books - provided it was sent to him with a stamped and addressed return envelope. In addition to The Story of the Stars and Stripes, Rooney wrote: Air Gunner; Conquerors' Peace; The Fortunes of War; A Few Minutes with Andy Rooney; And More by Andy Rooney; Pieces of My Mind; Word for Word; Not That You Asked...; Sweet and Sour; My War; Sincerely, Andy Rooney; Common Nonsense; Years of Minutes; Out of My Mind and Andy Rooney: 60 Years of Wisdom and Wit. Rooney resided in Manhattan; he also kept a family vacation home in Rensselaerville, N.Y, and the first home he ever purchased, in Rowayton, Conn. He was pre-deceased by his wife of 62 years, Marguerite, in 2004. He is survived by his four children Ellen, Brian, the former longtime ABC News correspondent, Emily, longtime host of "Greater Boston," a local public affairs television program on PBS, and Martha Fishel; five grandchildren and two great grandchildren. He was also was pre-deceased by his sister, Nancy. ? 2011 CBS Interactive Inc.. All Rights Reserved. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 5 19:14:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 5 Nov 2011 20:14:14 -0400 Subject: [Infowarrior] - =?windows-1252?q?Ooops=3A_T-Mobile_tested_=91Pres?= =?windows-1252?q?idential_Alert=92_system_early?= Message-ID: T-Mobile surprises subscribers after testing ?Presidential Alert? system early November 5, 2011 By Mike Flacy http://www.digitaltrends.com/mobile/t-mobile-surprises-subscribers-after-testing-presidential-alert-system-early/ With the potential for an attack on the United States or natural disaster hitting a major city always looming over citizens, cellular providers are banding together with the U.S. government to create an alert system. Occurring on early Friday, a handful of T-Mobile customers were treated to a test of the Personal Localized Alert Network (PLAN) that occurred before any scheduled public test. Originally reported by Lance Ulanoff over at Mashable, the test involved a startling noise that played on his HTC Radar 4G that was similar to the alert siren heard when the Emergency Broadcast System is tested on a television, likely taking T-Mobile customers by surprise. Upon checking the screen of the HTC Radar 4G, Ulanoff discovered the words ?Presidential Alert? as well as ?Test? sent in the format of a text message. T-Mobile issued a statement on late Friday that apologized for the mistake and mentioned that the test was supposed to be distributed to a small group of beta testers. PLAN is designed to target specific geographic locations and issue alerts when needed. For instance, police could use the system for issuing Amber Alerts when a child goes missing. State government officials can use the system to alert the public quickly about incoming threats such as a hurricane or massive flooding. In addition, the President of the United States will be able to send out nationwide alerts in case of a threat to national security. In order to make phones with compatible hardware work with PLAN, wireless carriers have to push out software updates that enable the alert noise as well as the messaging. Major carriers like AT&T, Verizon, T-Mobile and Sprint have pledged to make all hardware-enabled phones compatible by April 2012. While all phones aren?t going to work with PLAN due to the lack of the circuitry required to function, the FCC hopes that cell phone manufacturers will use compatibility as a selling feature when debuting new models of phones. The government doesn?t expect the alerts to become frequent, although living in a major city will likely increase the probability of receiving Amber Alert texts from local authorities. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 6 11:31:15 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 6 Nov 2011 12:31:15 -0500 Subject: [Infowarrior] - U.S. Tightens Drone Rules Message-ID: U.S. Tightens Drone Rules By ADAM ENTOUS, SIOBHAN GORMAN and JULIAN E. BARNES http://online.wsj.com/article/SB10001424052970204621904577013982672973836.html The Central Intelligence Agency has made a series of secret concessions in its drone campaign after military and diplomatic officials complained large strikes were damaging the fragile U.S. relationship with Pakistan. The covert drones are credited with killing hundreds of suspected militants, and few U.S. officials have publicly criticized the campaign, or its rapid expansion under President Barack Obama. Behind the scenes, however, many key U.S. military and State Department officials demanded more-selective strikes. That pitted them against CIA brass who want a free hand to pursue suspected militants. Enlarge Image Agence France-Presse/Getty Images Chanting marchers carry a replica of a U.S. drone during a recent protest in Islamabad, Pakistan. The disputes over drones became so protracted that the White House launched a review over the summer, in which Mr. Obama intervened. The review ultimately affirmed support for the underlying CIA program. But a senior official said: "The bar has been raised. Inside CIA, there is a recognition you need to be damn sure it's worth it." Among the changes: The State Department won greater sway in strike decisions; Pakistani leaders got advance notice about more operations; and the CIA agreed to suspend operations when Pakistani officials visit the U.S. The Pakistan drone debate already seems to be influencing thinking about the U.S. use of drones elsewhere in the world. In Yemen, the CIA used the pilotless aircraft in September to kill American-born cleric Anwar al-Awlaki, a suspected terrorist. But the White House has for now barred the CIA from attacking large groups of unidentified lower-level militants there. The CIA concessions were detailed by high-level officials in a series of interviews with The Wall Street Journal. But in a measure of the discord, administration officials have different interpretations about the outcome of the White House review. While some cast the concessions as a "new phase" in which the CIA would weigh diplomacy more heavily in its activities, others said the impact was minimal and that the bar for vetting targets has been consistently high. "Even if there are added considerations, the program?which still has strong support in Washington?remains as aggressive as ever," said a U.S. official. Last year, Mr. Obama expanded the CIA program to 14 drone "orbits." Each orbit usually includes three drones, sufficient to provide constant surveillance over tribal areas of Pakistan. The CIA's fleet of drones includes Predators and larger Reapers. The drones carry Hellfire missiles and sometimes bigger bombs, can soar to an altitude of 50,000 feet and reach cruise speeds of up to 230 miles per hour. The drone program over the past decade has moved from a technological oddity to a key element of U.S. national-security policy. The campaign has killed more than 1,500 suspected militants on Pakistani soil since Mr. Obama took office in 2009, according to government officials. To some degree, the program has become a victim of its own success. Critics question whether aggressive tactics are necessary following the eradication of senior al Qaeda leaders in Pakistan, including Osama bin Laden, killed in a helicopter raid by Navy Seals in May after drone and satellite surveillance of the compound where he was living. Many officials at the Pentagon and State Department privately argued the CIA pays too little attention to the diplomatic costs of air strikes that kill large groups of low-level fighters. Such strikes inflame Pakistani public opinion. Observers point to the rising power in Pakistan of political figures like Imran Khan, who held large rallies to protest the drones and could challenge the current government. All this comes at a time when the State Department is trying to enlist Pakistan's help in advancing peace talks with the Taliban, a key element of a White House drive to end the war in neighboring Afghanistan. Top officials of the CIA, Pentagon, State Department and National Security Council have been pulled into the debate. Among those voicing concerns was Gen. David Petraeus, who commanded the war in Afghanistan before becoming CIA director in September. A senior intelligence official said Gen. Petraeus voiced "caution against strikes on large groups of fighters." Changing the handling of the drone program doesn't mean the CIA is pulling back. The agency in recent weeks has intensified strikes in Pakistan focusing on the militant Haqqani network, a group believed to be behind a series of attacks in Afghanistan. The Pentagon and State Department have backed those strikes as serving U.S. interests. The debate in Washington was fueled by a particularly deadly drone strike on March 17. It came at a low point in U.S.-Pakistani relations, just a day after Pakistan agreed after weeks of U.S. pressure to release a CIA contractor who had killed two Pakistanis. Infuriated Pakistani leaders put the death toll from the drone strike at more than 40, including innocent civilians. American officials say about 20 were killed, all militants. The March 17 attack was a "signature" strike, one of two types used by the CIA, and the most controversial within the administration. Signature strikes target groups of men believed to be militants associated with terrorist groups, but whose identities aren't always known. The bulk of CIA's drone strikes are signature strikes. The second type of drone strike, known as a "personality" strike, targets known terrorist leaders and has faced less internal scrutiny. Signature strikes were first used under former President George W. Bush. His administration began arming unmanned aircraft to hunt al Qaeda leaders in Afghanistan immediately after the Sept. 11 attacks. As al Qaeda militants fled to Pakistan, the CIA began a secret drone program there, with quiet backing from Islamabad. For the first years, U.S. officials used drones only to target known, top terror suspects. The drone strikes quickly became unpopular with the Pakistani public. In 2008, when Pakistani leaders bowed to public pressure and began to block U.S. requests for strikes, President Bush authorized a major expansion, allowing the CIA to conduct strikes, including signature strikes, without Pakistani permission. Initially, the CIA was skeptical of the value of expending resources on lower-level operatives through signature strikes, a former senior intelligence official said. Military officials, however, favored the idea. The debate eventually would lead to the CIA and the military reversing their initial positions. Mr. Obama was an early convert to drones. The CIA has had freedom to decide who to target and when to strike. The White House usually is notified immediately after signature strikes take place, not beforehand, a senior U.S. official said. The program had some early skeptics, but their concerns gained little traction. Dennis Blair, Mr. Obama's first director of national intelligence, recommended that the CIA measure the program's effectiveness beyond numbers of dead militants, U.S. officials said. It didn't happen. The CIA and the State Department had been at odds for months over the use of drones. Tensions flared with the arrival in Islamabad late last year of a new ambassador, Cameron Munter, who advocated more judicious use of signature strikes, senior officials said. On at least two occasions, Leon Panetta, then the CIA director, ignored Mr. Munter's objections to planned strikes, a senior official said. One came just hours after Sen. John Kerry, the Democratic chairman of the Senate Foreign Relations Committee, visited Islamabad. State Department diplomats weren't alone in their concerns. Adm. Mike Mullen, then the chairman of the Joint Chiefs of Staff, and other military leaders, who initially favored more aggressive CIA methods, began to question that approach. The debate erupted after the March 17 strike, when National Security Advisor Tom Donilon and others at the White House, taken aback by the number of casualties and Pakistan's sharp reaction, questioned whether the CIA should for large groups, at times, hold its fire. Officials asked what precautions were being taken to aim at highly valued targets, rather than foot soldiers. "Donilon and others said, 'O.K., I got it; it's war and it's confusing. Are we doing everything we can to make sure we are focused on the target sets we want?'" said a participant in the discussions. "You can kill these foot soldiers all day, every day and you wouldn't change the course of the war." A senior Obama administration official declined to comment on Mr. Donilon's closed-door discussions but said that he wasn't second-guessing the CIA's targeting methodology and pointed to his long-standing support for the program. The official said the White House wanted to use the drone program smartly to pick off al Qaeda leaders and the Haqqanis. "It's about keeping our eyes on the ball," the official said. In the spring, military leaders increasingly found themselves on the phone with Mr. Panetta and his deputy urging restraint in drone attacks, particularly during periods when the U.S. was engaging in high-level diplomatic exchanges with Pakistan. "Whenever they got a shot [for a drone attack], they just took it, regardless of what else was happening in the world," a senior official said. Mr. Panetta made his first concession in an April meeting with his Pakistani counterpart. He told Lt. Gen. Ahmad Shuja Pasha that the U.S. would tell the Pakistanis ahead of time about strikes expected to kill more than 20 militants, officials said. The debate over the future of the drone program intensified after the death of Osama bin Laden the next month. Pakistani leaders were embarrassed that the U.S. carried out the operation in their country, undetected. They demanded an end to the signature drone strikes. Mr. Donilon, the National Security Advisor, launched a broad review of Pakistan policy, including the drone program. Officials said the internal debate that ensued was the most serious since the signature strikes were expanded in 2008. CIA officials defended the signature strikes by saying they frequently netted top terrorists, not just foot soldiers. Twice as many wanted terrorists have been killed in signature strikes than in personality strikes, a U.S. counterterrorism official said. Adm. Mullen argued that the CIA needed to be more selective. Then-Defense Secretary Robert Gates feared that the Pakistanis, if pushed too hard, would block the flow of supplies to troops in Afghanistan, officials said. For Secretary of State Hillary Clinton, who has supported the CIA's strikes in the vast majority of cases, the biggest focus has been to make sure political ramifications are properly assessed to avoid a situation where the political opposition in Pakistan becomes so great that the country's current or future leaders decide to bar the drones outright. Independent information about who the CIA kills in signature strikes in Pakistan is scarce. The agency tells U.S. and Pakistani officials that there have been very few civilian deaths?only 60 over the years. But some senior officials in both governments privately say they are skeptical that civilian deaths have been that low. Some top officials in the White House meetings this summer argued for a broader reassessment. "The question is, 'Is it even worth doing now? We've got the key leadership in al Qaeda, what is it that we're there for now?" one of the officials recalled some advisers asking. The White House review culminated in a Situation Room meeting with Mr. Obama in June in which he reaffirmed support for the program. But changes were made. Mr. Obama instituted an appeals procedure to give the State Department more of a voice in deciding when and if to strike. If the U.S. ambassador to Pakistan objected to a strike, for example, the CIA director or his deputy would first try to talk through their differences with the ambassador. If the conflict was unresolved, the secretary of state would appeal directly to the CIA director. If they couldn't reach agreement, however, the CIA director retained the final say. Since the changes were made, officials say internal tensions over the strikes have eased and agencies were acting more in concert with each other. Though Mr. Petraeus voiced a preference for smaller drone strikes, officials said the agency has the leeway to carry out large-scale strikes and hasn't been formally directed to go after only higher-value targets and avoid foot soldiers. Since Mr. Petraeus's arrival at CIA, some strikes on larger groups have taken place, the senior intelligence official said. To reduce the number of CIA strikes on Pakistani soil, the military moved more of its own drones into position on the Afghan side of the border with Pakistan, according to participants in the discussions. That makes it easier for the CIA to "hand off" suspected militants to the U.S. military once they cross into Afghanistan, rather than strike them on Pakistani soil, U.S. officials said. U.S.-Pakistani relations remain troubled, but Islamabad recently expanded intelligence cooperation and has toned down its opposition to the drone strikes, both in public and private, officials said. Pakistani officials had sought advance notice, and greater say, over CIA strikes so they could try to mitigate the public backlash. "It's not like they took the car keys away from the CIA," a senior official said. "There are just more people in the car." ?Jay Solomon contributed to this article. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 8 08:11:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 8 Nov 2011 09:11:20 -0500 Subject: [Infowarrior] - Apple Exiles A Security Researcher From Its Developer Program For Proof-of-Concept Exploit App Message-ID: <6A59A02B-DACE-441B-8232-F66DAADFE552@infowarrior.org> 11/07/2011 @ 8:15PM |32,304 views Apple Exiles A Security Researcher From Its Developer Program For Proof-of-Concept Exploit App http://www.forbes.com/sites/andygreenberg/2011/11/07/apple-exiles-a-security-researcher-from-its-developer-program-for-proof-of-concept-exploit-app/ Apple just sent a clear message to malicious hackers and security researchers alike: Keep your hands off the App Store. Just hours after security researcher Charlie Miller told me about a new, potentially dangerous bug he?d found in Apple?s iOS operating system that allows unapproved code to be run on iPads and iPhones, he received an email from Apple, nixing his license as an Apple developer. ?This letter serves as notice of termination of the iOS Developer Program License Agreement?between you and Apple,? the email read. ?Effective immediately.? Miller had, admittedly, created a proof-of-concept application to demonstrate his security exploit, and even gotten Apple to approve it for distribution in Apple?s App Store by hiding it inside a fake stock ticker program, a trick that Apple wrote violated the developer agreement that forbid him to ?hide, misrepresent or obscure? any part of his app. But the researcher for the security consultancy Accuvant argues that he was only trying to demonstrate a serious security issue with a harmless demo, and that revoking his developer rights is ?heavy-handed? and counterproductive. ?I?m mad,? he says. ?I report bugs to them all the time. Being part of the developer program helps me do that. They?re hurting themselves, and making my life harder.? Apple didn?t immediately respond to my request for comment. Miller has found and reported dozens of bugs to Apple in the last few years, and had alerted Apple to this latest flaw on October 14th. The move to remove his license goes against Apple?s seeming attempts to match Google and Microsoft cozier relations with the security research community. In February, Apple invited security researchers to become part of its developer program to test its Lion operating system. Miller says he had already paid for his own developer license. ?They went out of their way to let researchers in, and now they?re kicking me out for doing research,? Miller says. ?I didn?t have to report this bug. Some bad guy could have found it instead and developed real malware.? Apple was less harsh towards another recent iPhone hacker: 19-year-old Nicholas Allegra, also known as Comex, was hired by Apple as an intern in August after repeatedly inventing new techniques of breaking the iPhone?s and iPad?s security measures. Miller chalks up the difference to Apple?s new management. ?I miss Steve Jobs,? he says. ?He never kicked me out of anything.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 9 07:00:39 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 9 Nov 2011 08:00:39 -0500 Subject: [Infowarrior] - Don't be afraid at 2PM ET Message-ID: <22611281-8621-4155-9276-77CD201A21A9@infowarrior.org> *cough* Why do I have the urge to go watch 'Seven Days in May' tonight? lol ---- rick Don't panic! FEMA urges Americans not to worry as national alert system is tested Last updated at 11:15 AM on 7th November 2011 The Federal Emergency Management Agency (FEMA) and the Federal Communications Commission (FCC) are spearheading an aggressive public education campaign reminding Americans not to panic when they lose television and radio service for a few minutes on Wednesday during a test of the Emergency Alert System. Although the public alert mechanism is decades old and often tested and used at the local level, it has never before been tested on a nationwide scale. This first-ever test will occur at 2:00pm EST on Wednesday, November 9 and will occur simultaneously across the U.S. and its territories, lasting up to three-and-a-half-minutes. < -- > http://www.dailymail.co.uk/news/article-2058344/Emergency-Alert-System-test-Wednesday-FEMA-FCC-tell-Americans-dont-panic.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 10 13:07:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Nov 2011 14:07:44 -0500 Subject: [Infowarrior] - Senate rejects GOP bid to overturn Internet rules Message-ID: <12EA0EDB-7051-4CF1-B4F8-4D645CFA70F0@infowarrior.org> Senate rejects GOP bid to overturn Internet rules By JIM ABRAMS, Associated Press ? 1 hr 23 mins ago http://old.news.yahoo.com/s/ap/20111110/ap_on_hi_te/internet_rules WASHINGTON ? Senate Democrats on Thursday turned back a Republican attempt to repeal federal rules designed to prevent Internet service providers from discriminating against those who send content and other services over their networks. Republicans argued that "net neutrality" rules announced by the Federal Communications Commission last December were another example of federal regulatory overreach that would stifle Internet investment and innovation. But Democrats, and the White House in a veto threat, said repealing the FCC rules would imperil openness and freedom on the Internet. "It would be ill-advised to threaten the very foundations of innovation in the Internet economy and the democratic spirit that has made the Internet a force for social progress around the world," the White House said. The vote to against taking up the bill, along party lines, was 52-46. The rules, approved 3-2 with the three FCC Democrats in favor and the two Republicans opposed, tried to find a middle ground between phone and cable companies desiring more control over their networks and the content providers wanting unfettered access to the Internet. The rules bar service providers from favoring or discriminating against Internet content and services, including online calling services such as Skype and Web video services such as Netflix, that could compete with their core operations. They require broadband providers to let subscribers access all legal online content and prohibit wireless carriers from blocking access to any websites or competing services. The House, where Republicans command a majority, voted last April to repeal the rules, saying the FCC lacked the authority to set Internet policy and that there was no need for the federal government to intervene in an already open Internet. They said the rules would stifle investment in broadband systems. The rules, said Sen. Kay Bailey Hutchison, R-Texas, are "a stunning reversal from a hands-off approach to the Internet that federal policymakers have taken for more than a decade." She brought up the resolution under the Congressional Review Act, which allows lawmakers to challenge regulations issued by federal agencies. The rules are scheduled to go into effect on Nov. 20. The FCC, said Sen. Roger Wicker, R-Miss., "would rule as a de facto police of the open and free Internet." But Senate Commerce, Science and Transportation Committee Chairman Jay Rockefeller, D-W.Va., said the resolution was misguided. "It will add uncertainty to the economy. It will hinder small businesses dependent on fair broadband access. It will undermine innovation. It will hamper investment in digital commerce." Without a free Internet he said, "there would be nothing to prevent Internet service providers from charging users a premium in order to guarantee operation in the `fast lane.'" The rules give providers flexibility to manage data to deal with network congestion as long as they publicly disclose those practices. They do not specifically ban higher charges for faster transmission of data, but do outlaw "unreasonable network discrimination." Sen. John Kerry, D-Mass., said those trying to overturn the rules say they want to "liberate the Internet when, in fact, what they want to do is imprison the Internet within the hands of the most powerful communications entities today to act as the gatekeepers." Rockefeller and Sen. Al Franken, D-Minn., another backer of the FCC rules, cited a letter to the FCC chairman written before the rules were finalized saying that "a process that results in commonsense baseline rules is critical to ensuring that the Internet remains a key engine of economic growth, innovation and global competitiveness." Among the signees were the CEOs of Google, Inc., Amazon.com, Netflix, Inc., Facebook, YouTube and eBay, Inc. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 10 13:10:06 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Nov 2011 14:10:06 -0500 Subject: [Infowarrior] - Microsoft prepares to kill off Silverlight Message-ID: Microsoft prepares to kill off Silverlight Rumour If it is good enough for Adobe 10 Nov 2011 09:11 | by Nick Farrell in Rome | Filed in Software Microsoft HTML5 http://news.techeye.net/software/microsoft-prepares-to-kill-off-silverlight Now that Adobe has given up on mobile flash and is concentrating on HTML 5, the word on the street is that Microsoft is set to follow suit. Vole is about to start manufacturing Silverlight 5 and indications are that it might be the last major release of Silverlight. ZDNet's deepthroats claim that the last version of Microsoft's cross-platform browser plug-in is poised to be released to manufacturing (RTM) before the end of November. But they have added that Silverlight 5 is the last version that Microsoft will release and it is unsure if there will be any service packs for it. It is uncertain how long Silverlight 5 will be supported either. Microsoft has not helped kill off the rumours. There's no end date yet on Microsoft's lifecycle page for free support for Silverlight for Silverlight 4. Vole has promised that it will give developers and customers a year's heads-up before ending support for any given Silverlight version. Free support for Silverlight 3 ended in April. It is also looking like Vole will not develop Silverlight 5 to work on other browsers. Silverlight 4 supports Windows and Mac OS X and the IE, Chrome and Safari browsers, but word is that Vole will only allow it to run on Internet Exploder. We have been predicting that Vole will pull the plug on Silverlight for ages, particularly after it declared its undying love for HTML 5. Microsoft has been increasingly pushing Silverlight into the smartphone app business, There is nothing official about all this, but it is a case of the rumours making sense. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 10 13:14:37 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Nov 2011 14:14:37 -0500 Subject: [Infowarrior] - Warner Admits It Filed Many False Takedown Notices Message-ID: (c/o JH) A Glimpse Of The Future Under SOPA: Warner Bros. Admits It Filed Many False Takedown Notices from the is-this-what-we-want? dept While entertainment industry execs still continue to pretend that it's obvious when things are infringing, they continually ignore the very real concerns raised by many of us about SOPA/PROTECT IP/ICE seizures. The concern isn't about taking down the infringing content. It's about the overreach of these efforts, and how it can and will be used to take down other, legal content. This is not some hypothetical scenario. We hear about bogus DMCA notices being issued all the time, and now we have a perfect example of what a future under SOPA would be like, as Warner Bros. has admitted in court that it issued a bunch of takedowns for content it had no copyright over -- including over some software that it just didn't like. As you may recall, Warner Bros. was among those who sued the cyberlocker Hotfile for infringement. Hotfile hit back, pointing out that it had worked with Warner Bros., and even created a tool to make it easier to issue takedowns. And Warner Bros.'s response was to takedown tons of content that it had no right to. In responding to these countercharges, Warner Bros. flat out admits that it did exactly that. It says that sometimes it just did basic keyword matching, which caught all sorts of other content it had no right to, admitting that it never checked the actual file to make sure it was infringing. < -- snip worth reading for yukks -- > http://www.techdirt.com/articles/20111110/10135116708/glimpse-future-under-sopa-warner-bros-admits-it-filed-many-false-takedown-notices.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 10 15:29:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 10 Nov 2011 16:29:04 -0500 Subject: [Infowarrior] - =?windows-1252?q?How_Complaints_From_a_Single_Doc?= =?windows-1252?q?tor_Caused_the_Gov=92t_to_Take_Down_a_Public_Database?= Message-ID: <1E3DD8E8-C176-472B-9BA5-DAE752B51EB7@infowarrior.org> How Complaints From a Single Doctor Caused the Gov?t to Take Down a Public Database by Marian Wang ProPublica, Nov. 10, 2011, 12:20 p.m. http://www.propublica.org/article/how-complaints-from-a-doctor-caused-the-govt-to-take-down-a-public-database An agency within the U.S. Department of Health and Human Services that maintains a discipline and medical-malpractice database reopened it for public access yesterday, two months after the agency had first taken the database offline. The National Practitioner Data Bank contains information used by hospitals, insurers, and licensing boards to track doctors' records, check prospective hires, and make other decisions. A publicly available version of the database -- which removed confidential identifiers such as doctors' names and addresses -- had long been used by reporters and others interested in patient safety. In the years it was online, journalists could reference the database and, with additional reporting, could at times identify doctors with uniquely long histories of being sued or disciplined for medical malpractice. Then, two months ago, the government cut off public access -- a decision that was sharply criticized by a number of journalism organizations and consumer groups. What was behind that decision? Apparently, one Kansas doctor with a trail of malpractice suits. A public records request by Sen. Charles Grassley and the New York Times turned up documents about the decision that shows that the agency closed the database days after the doctor, Robert Tenny, complained to the government. Thanks to the database, he told the Health Resources and Services Administration, or HRSA, he was about to get unwanted attention in his local paper. We culled through the documents and pulled out some interesting snippets that give a glimpse into the backstory behind why the public database was temporarily shut down and why -- even now -- the restored database has some new restrictions. A brief timeline: Aug. 16 - A local newspaper reporter requested a comment from a neurosurgeon, Robert Tenny, through Tenny's attorney. The reporter, Alan Bavley of the Kansas City Star, was working on a story about doctors who have went undisciplined despite histories of malpractice allegations. He had used both the public database coupled with publicly available court records to do his reporting. Reporter requests comment for his story from the doctor and his attorney. (p. 6) Aug. 24 - The doctor sent a fax to Cynthia Grubbs at HRSA. Tenny asked for help, alarmed that the reporter had identified him and was poised to report on his malpractice settlements. The fax looked like this: Alarmed doctor asks HRSA to 'PLEASE HELP!' after reporter contacts him. (p. 5) Aug. 26 - The HRSA wrote to the reporter, warning that he could face at least $11,000 in fines for each violation of confidentiality. The doctor was copied on the letter. HRSA warns reporter of penalties associated with disclosure of confidential information. (p. 2) Sept. 1 - The agency cut off public access to the database. Sept. 4 - An article ran on the front page of the Kansas City Star, telling the story of a woman who died in 2007 after undergoing a brain surgery with Dr. Tenny. It noted that Tenny had been sued at least 16 times for medical malpractice but had never been disciplined by the state?s licensing boards. (Update: Worth noting that according to the report, Dr. Tenny settled at least six of the 16 lawsuits; the others were either dismissed or the outcomes either weren't clear. "In at least one case, the verdict was in Tenny's favor," the Star reported.) On the same day, the doctor wrote to HRSA again, this time with a copy of the article, and he expressed a desire that this ?will change the way public data is presented.? The doctor urges HRSA to "change the way the public data is presented." (p. 7) Sept. 5, 7, 11, 14, 15, and 20 - Dr. Tenny wrote five more letters to HRSA, complaining that the newspaper was making ?a concerted effort? to end his career and that the article ?significantly questioned the security of your data.? He also speculated that the reporter had gotten improper access to information from the full data bank either from a local medical center or from a disgruntled former Data Bank employee. Sept. 22 - The Kansas City Star wrote a story about how groups were urging that the database be reopened. Dr. Tenny wrote to HRSA again: ?Stay strong and keep up the good work!? (The American Medical Association, around this time, also wrote a letter supporting the agency's decision to remove the file.) More encouragement from Dr. Tenny. (p. 45) Sept. 26 - HRSA responded to Dr. Tenny's six letters, telling him that the publicly accessible database had been removed, and that the agency had contacted hospitals to remind them of confidentiality requirements and sanctions for breaches of confidentiality. HRSA responds to Dr. Tenny's letters, telling him that it cut off public access to the data. (p. 50) Nov. 9 - HRSA restored public access to the database, but as many reports have noted, it comes with a major caveat. According to the website, users of the new database are no longer allowed to combine information gleaned from the public database with any other publicly available information in a way that would identify doctors. Or in other words, the government is now trying to tell the public -- including the press -- what it?s allowed to do with publicly available information. (The agency told the Kansas City Star that it has a duty "to make certain that information about individual practitioners remains confidential.") Sen. Grassley and others have pledged to keep fighting the agency?s interpretation of the law, questioning whether the database is ultimately meant to protect the public or to protect physicians. ?The interpretation of the law ought to be for public benefit,? Grassley said. ?A single physician complained that a reporter identified him through shoe leather reporting, not the public data file. One complaint shouldn?t dictate public access to federally collected data for 300 million people.? We've called Dr. Tenny's office for comment but have not received a response. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 11 15:31:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 11 Nov 2011 16:31:46 -0500 Subject: [Infowarrior] - IOB Has Members - But We Had to Sue the Government to Find Out Message-ID: The Intelligence Oversight Board Has Members - But We Had to Sue the Government to Find Out https://www.eff.org/deeplinks/2011/11/intelligence-oversight-board-has-members-and-all-we-had-do-was-sue-federal Apparently, David Boren, Chuck Hagel, and Lester Lyles are all currently serving on the Intelligence Oversight Board. Here?s what we had to do to figure that out, and what that means for intelligence oversight and transparency: The Intelligence Oversight Board, or IOB, is a Presidentially appointed, independent, civilian oversight board charged with ensuring that intelligence investigations comply with laws, executive orders, and internal agency procedures. Toward the end of the Bush Administration, the IOB?s oversight responsibilities were largely gutted, shifting primary responsibility to the Director of National Intelligence. However, shortly after taking office, President Obama rolled back those changes, restoring many of the IOB?s important oversight functions. Nearly two years after making those changes, though, President Obama still had not announced any appointments to the IOB, nor made clear that any of the members of the President?s Intelligence Advisory Board ? the larger Presidential intelligence advisory board of which the IOB is a component ? were serving on the IOB. Given the IOB?s renewed importance in the intelligence oversight process, its proper functioning is vital to ensure that intelligence agencies are operating within the bounds of the law. In February 2011, following the White House?s failure to respond to a reporter?s questions concerning the IOB, we submitted a FOIA request to the Director of National Intelligence (DNI) to determine if, in fact, the IOB had members. We didn?t hear anything for 8 months. In September, EFF sued the DNI for failing to respond to the request. A week after we filed suit, DNI produced three documents (pdf) that they claimed satisfied our request. DNI?s production consisted of the bios of three PIAB members ? Chuck Hagel, Lester Lyles, and David Boren ? with the words ?IOB Chair? or ?IOB Member? hand-written on the page. Another consisted of a press release (pdf) announcing appointments to the PIAB, with the words ?IOB Mbrs: Hagel (chair), Boren, and Lyles? written on the press release. The final document was a list of suggested invitees for DNI?s 2010 holiday party. The list is primarily made up of PIAB members, and the fact that Hagel, Boren, and Lyles also serve on the IOB is noted parenthetically. So, according to DNI, the IOB currently has three members. Determining if the IOB even had members was EFF?s primary goal from the outset, and we?re pleased we were at least able to learn that much. But the government?s treatment of our request and the documents it produced may raise more questions than they answer. For example, are those documents really the only responsive records in DNI?s possession? Our FOIA request was fairly broad: we asked for all records ?reflecting [t]he composition [or] membership? of the IOB. In response, DNI produced two documents that don?t even mention the IOB (aside from the hand-written notations) and a list of holiday party invitees. If those are the only records reflecting the composition of the IOB, it certainly does not suggest that the DNI and the IOB are working closely to ensure that a robust intelligence oversight program is in place. On the other hand, if those aren?t the only responsive records, it means DNI isn?t complying with its legal obligations under FOIA. Another question: why the unnecessary secrecy? EFF only filed the request after the White House failed to answer a reporter?s questions about the IOB?s membership. Then, it took DNI eight months and the filing of a lawsuit in federal court to produce 12 pages of entirely uncontroversial material. There simply aren?t legitimate reasons for this type of information stonewalling. Our litigation is still pending, and it?s our hope that some of these questions will be answered by DNI. But, above all else, it?s our hope that the IOB is satisfying its important oversight responsibilities. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 12 22:11:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 12 Nov 2011 23:11:14 -0500 Subject: [Infowarrior] - Five Years Later, Apple Recalls The First Generation iPod Nano Message-ID: Five Years Later, Apple Recalls The First Generation iPod Nano Devin Coldewey http://techcrunch.com/2011/11/12/five-years-later-apple-recalls-the-first-generation-ipod-nano/ In a move that demonstrates an incredible amount of either customer care or procrastination, Apple has issued a recall for the first generation iPod Nano. Not the one you use as a watch, not the fat one, and not the round one. The original (and in my opinion, the best). Turns out it has a rare overheating problem, by which these warnings usually mean explosion problem. Only a single battery supplier has actually been implicated, and the few hot devices were only available between September 2005 and January 2006. So if you gave or received a Nano during the 2005 holiday season, better find it before it burns your house down. Find your serial number using this step by step guide: Put that sequence into Apple?s handy checker here, and if it?s one of the bad batch yet somehow miraculously has not melted in the last five years (the chance of overheating/catastrophic explosion ?increases as the battery ages?), Apple will issue you a replacement. After six weeks. In other news, Apple still has original iPod Nanos to issue as replacements. Very clever ? or have they known about this the whole time? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 13 08:52:22 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Nov 2011 09:52:22 -0500 Subject: [Infowarrior] - Taibbi: How I Stopped Worrying and Learned to Love the OWS Protests Message-ID: <8C761FB8-2F0F-4274-A1D8-252CE945F440@infowarrior.org> How I Stopped Worrying and Learned to Love the OWS Protests Much more than a movement against big banks, they're a rejection of what our society has become. by: Matt Taibbi http://www.rollingstone.com/politics/news/how-i-stopped-worrying-and-learned-to-love-the-ows-protests-20111110 I have a confession to make. At first, I misunderstood Occupy Wall Street. The first few times I went down to Zuccotti Park, I came away with mixed feelings. I loved the energy and was amazed by the obvious organic appeal of the movement, the way it was growing on its own. But my initial impression was that it would not be taken very seriously by the Citibanks and Goldman Sachs of the world. You could put 50,000 angry protesters on Wall Street, 100,000 even, and Lloyd Blankfein is probably not going to break a sweat. He knows he's not going to wake up tomorrow and see Cornel West or Richard Trumka running the Federal Reserve. He knows modern finance is a giant mechanical parasite that only an expert surgeon can remove. Yell and scream all you want, but he and his fellow financial Frankensteins are the only ones who know how to turn the machine off. That's what I was thinking during the first few weeks of the protests. But I'm beginning to see another angle. Occupy Wall Street was always about something much bigger than a movement against big banks and modern finance. It's about providing a forum for people to show how tired they are not just of Wall Street, but everything. This is a visceral, impassioned, deep-seated rejection of the entire direction of our society, a refusal to take even one more step forward into the shallow commercial abyss of phoniness, short-term calculation, withered idealism and intellectual bankruptcy that American mass society has become. If there is such a thing as going on strike from one's own culture, this is it. And by being so broad in scope and so elemental in its motivation, it's flown over the heads of many on both the right and the left. The right-wing media wasted no time in cannon-blasting the movement with its usual idiotic clich?s, casting Occupy Wall Street as a bunch of dirty hippies who should get a job and stop chewing up Mike Bloomberg's police overtime budget with their urban sleepovers. Just like they did a half-century ago, when the debate over the Vietnam War somehow stopped being about why we were brutally murdering millions of innocent Indochinese civilians and instead became a referendum on bralessness and long hair and flower-child rhetoric, the depraved flacks of the right-wing media have breezily blown off a generation of fraud and corruption and market-perverting bailouts, making the whole debate about the protesters themselves ? their hygiene, their "envy" of the rich, their "hypocrisy." The protesters, chirped Supreme Reichskank Ann Coulter, needed three things: "showers, jobs and a point." Her colleague Charles Krauthammer went so far as to label the protesters hypocrites for having iPhones. OWS, he said, is "Starbucks-sipping, Levi's-clad, iPhone-clutching protesters [denouncing] corporate America even as they weep for Steve Jobs, corporate titan, billionaire eight times over." Apparently, because Goldman and Citibank are corporations, no protester can ever consume a corporate product ? not jeans, not cellphones and definitely not coffee ? if he also wants to complain about tax money going to pay off some billionaire banker's bets against his own crappy mortgages. Meanwhile, on the other side of the political spectrum, there were scads of progressive pundits like me who wrung our hands with worry that OWS was playing right into the hands of a--holes like Krauthammer. Don't give them any ammunition! we counseled. Stay on message! Be specific! We were all playing the Rorschach-test game with OWS, trying to squint at it and see what we wanted to see in the movement. Viewed through the prism of our desire to make near-term, within-the-system changes, it was hard to see how skirmishing with cops in New York would help foreclosed-upon middle-class families in Jacksonville and San Diego. What both sides missed is that OWS is tired of all of this. They don't care what we think they're about, or should be about. They just want something different. We're all born wanting the freedom to imagine a better and more beautiful future. But modern America has become a place so drearily confining and predictable that it chokes the life out of that built-in desire. Everything from our pop culture to our economy to our politics feels oppressive and unresponsive. We see 10 million commercials a day, and every day is the same life-killing chase for money, money and more money; the only thing that changes from minute to minute is that every tick of the clock brings with it another space-age vendor dreaming up some new way to try to sell you something or reach into your pocket. The relentless sameness of the two-party political system is beginning to feel like a Jacob's Ladder nightmare with no end; we're entering another turn on the four-year merry-go-round, and the thought of having to try to get excited about yet another minor quadrennial shift in the direction of one or the other pole of alienating corporate full-of-shitness is enough to make anyone want to smash his own hand flat with a hammer. If you think of it this way, Occupy Wall Street takes on another meaning. There's no better symbol of the gloom and psychological repression of modern America than the banking system, a huge heartless machine that attaches itself to you at an early age, and from which there is no escape. You fail to receive a few past-due notices about a $19 payment you missed on that TV you bought at Circuit City, and next thing you know a collector has filed a judgment against you for $3,000 in fees and interest. Or maybe you wake up one morning and your car is gone, legally repossessed by Vulture Inc., the debt-buying firm that bought your loan on the Internet from Chase for two cents on the dollar. This is why people hate Wall Street. They hate it because the banks have made life for ordinary people a vicious tightrope act; you slip anywhere along the way, it's 10,000 feet down into a vat of razor blades that you can never climb out of. That, to me, is what Occupy Wall Street is addressing. People don't know exactly what they want, but as one friend of mine put it, they know one thing: F--K THIS S--T! We want something different: a different life, with different values, or at least a chance at different values. There was a lot of snickering in media circles, even by me, when I heard the protesters talking about how Liberty Square was offering a model for a new society, with free food and health care and so on. Obviously, a bunch of kids taking donations and giving away free food is not a long-term model for a new economic system. But now, I get it. People want to go someplace for at least five minutes where no one is trying to bleed you or sell you something. It may not be a real model for anything, but it's at least a place where people are free to dream of some other way for human beings to get along, beyond auctioned "democracy," tyrannical commerce and the bottom line. We're a nation that was built on a thousand different utopian ideas, from the Shakers to the Mormons to New Harmony, Indiana. It was possible, once, for communities to experiment with everything from free love to an end to private property. But nowadays even the palest federalism is swiftly crushed. If your state tries to place tariffs on companies doing business with some notorious human-rights-violator state ? like Massachusetts did, when it sought to bar state contracts to firms doing business with Myanmar ? the decision will be overturned by some distant global bureaucracy like the WTO. Even if 40 million Californians vote tomorrow to allow themselves to smoke a joint, the federal government will never permit it. And the economy is run almost entirely by an unaccountable oligarchy in Lower Manhattan that absolutely will not sanction any innovations in banking or debt forgiveness or anything else that might lessen its predatory influence. And here's one more thing I was wrong about: I originally was very uncomfortable with the way the protesters were focusing on the NYPD as symbols of the system. After all, I thought, these are just working-class guys from the Bronx and Staten Island who have never seen the inside of a Wall Street investment firm, much less had anything to do with the corruption of our financial system. But I was wrong. The police in their own way are symbols of the problem. All over the country, thousands of armed cops have been deployed to stand around and surveil and even assault the polite crowds of Occupy protesters. This deployment of law-enforcement resources already dwarfs the amount of money and manpower that the government "committed" to fighting crime and corruption during the financial crisis. One OWS protester steps in the wrong place, and she immediately has police roping her off like wayward cattle. But in the skyscrapers above the protests, anything goes. This is a profound statement about who law enforcement works for in this country. What happened on Wall Street over the past decade was an unparalleled crime wave. Yet at most, maybe 1,500 federal agents were policing that beat ? and that little group of financial cops barely made any cases at all. Yet when thousands of ordinary people hit the streets with the express purpose of obeying the law and demonstrating their patriotism through peaceful protest, the police response is immediate and massive. There have already been hundreds of arrests, which is hundreds more than we ever saw during the years when Wall Street bankers were stealing billions of dollars from retirees and mutual-fund holders and carpenters unions through the mass sales of fraudulent mortgage-backed securities. It's not that the cops outside the protests are doing wrong, per se, by patrolling the parks and sidewalks. It's that they should be somewhere else. They should be heading up into those skyscrapers and going through the file cabinets to figure out who stole what, and from whom. They should be helping people get their money back. Instead, they're out on the street, helping the Blankfeins of the world avoid having to answer to the people they ripped off. People want out of this fiendish system, rigged to inexorably circumvent every hope we have for a more balanced world. They want major changes. I think I understand now that this is what the Occupy movement is all about. It's about dropping out, if only for a moment, and trying something new, the same way that the civil rights movement of the 1960s strived to create a "beloved community" free of racial segregation. Eventually the Occupy movement will need to be specific about how it wants to change the world. But for right now, it just needs to grow. And if it wants to sleep on the streets for a while and not structure itself into a traditional campaign of grassroots organizing, it should. It doesn't need to tell the world what it wants. It is succeeding, for now, just by being something different. This story is from the November 24, 2011 issue of Rolling Stone. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 13 11:00:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Nov 2011 12:00:11 -0500 Subject: [Infowarrior] - =?windows-1252?q?Is_the_TSA=92s_10th_birthday_cau?= =?windows-1252?q?se_for_celebration=3F?= Message-ID: The Navigator: Is the TSA?s 10th birthday cause for celebration? By Christopher Elliott, Published: November 9 http://www.washingtonpost.com/lifestyle/travel/the-navigator-is-the-tsas-10th-birthday-cause-for-celebration/2011/11/01/gIQAP7tC6M_print.html Happy birthday, TSA. The federal agency charged with protecting the nation?s transportation systems turns 10 Nov. 19. And although its supporters will probably spend the coming days talking about its apparent successes, including the absence of a 9/11 sequel, the question of whether we?re better off with this fledgling $8 billion-a-year federal agency remains very much unanswered. Maybe it?s a good time to ask it. Not only has the Transportation Security Administration been with us for a decade, but it?s also the one-year anniversary of the unpopular pat-down rule, when officials arbitrarily decided to either send air travelers through the agency?s new body scanners or frisk them. A citizen-initiated petition on the White House Web site encouraging the government to eliminate the agency is gaining momentum, having collected more than 30,000 signatures. So what are the TSA?s major achievements? Greg Soule, an agency spokesman, offers a list that includes the TSA?s quick formation after the Sept. 11, 2001, attacks and the fact that no major terrorist incidents have happened on its watch. ?Through significant improvements to our processes and technologies, as well as the ongoing professionalization of our workforce, transportation systems are safer now than they ever have been,? he says. Several experts who have been supportive of TSA policies in the past agree that the agency has done a respectable job during its first decade. ?The TSA?s greatest accomplishment is treating transportation security like the serious, professional, your-life-depends-on-it law enforcement job that it is,? says Mary Schiavo, a former inspector general with the Transportation Department and now a lawyer in Mount Pleasant, S.C. She says that air travelers have forgotten pre-9/11 airport security, which was run by the airlines and was porous and shoddy. Do we really want to return to that? ?The airlines allowed 9/11 to happen,? Schiavo says. ?They caught [9/11 hijacker] Mohamed Atta at Boston Logan Airport on May 11, 2001, knew he was photographing, filming and watching the security checkpoints at the airport, and they let him go.? Frank Cilluffo, director of the Homeland Security Policy Institute at George Washington University, believes that the TSA deserves recognition for adapting to meet the terrorist threat since its creation in 2001. When it comes to aviation security, he says, there?s no quick and easy fix, and the agency?s approach of building a layered defense and using intelligence underpinned by technology and a well-trained workforce is keeping air travel safe. But other TSA watchers aren?t so quick to label the agency a success. Steve Lord, the director of homeland security and justice issues with the Government Accountability Office, considers the TSA a ?work in progress.? It has made significant improvements in some areas but is ?still trying to meet other key goals, such as meeting the congressional mandate to screen inbound air cargo,? he says. ?Also, they need to adopt more risk-based screening measures to deploy resources more effectively. A one-size-fits-all approach is inefficient and tends to frustrate the traveling public.? Some experts are more critical. Rich Roth, the executive director of CTI Consulting, a Germantown firm that specializes in aviation security, says that the TSA has been ?a miserable failure? at one of its unstated goals from the beginning: making travelers feel that they?re more secure than they were under the private screeners that the agency replaced. Clark Ervin, who was the Department of Homeland Security?s first inspector general and now directs the Aspen Institute Homeland Security Program, considers the TSA?s biggest shortcoming to be its slowness in adopting cutting-edge technology to make air travel safer. ?Generally, such technology is deployed after security threats have materialized and not beforehand,? he says. But when the discussion moves from the theoretical to the practical ? that is, when I talk to air travelers about the TSA and its achievements ? the responses are a little less diplomatic. Although many passengers are grateful to the agency for protecting them and are generally supportive of its efforts, the federal screeners have no shortage of vocal detractors. Sommer Gentry, a math professor from Annapolis and an outspoken agency critic, believes that in the past decade, the TSA has made air travel miserable. She sees the agency?s legacy as one of rude employees, nonsensical rules and violating passengers? privacy. ?Over 10 years, the TSA?s demands have become more and more offensive to a normal person?s sensibilities,? Gentry says. ?After each new outrage, the TSA simply refused to acknowledge legitimate criticism, refused to subject its procedures to any cost-benefit analysis, and somehow travelers seemed to resign themselves to more and more debasement.? Frequent agency critic Bruce Schneier agrees that passengers have simply rolled over. The TSA, he claims, ?has turned airplane passengers into sheep.? And so, as the TSA marks its anniversary with what I?m told will be a brief reflection on its accomplishments, what?s the answer to the question of whether it?s worth keeping? I?m terribly biased. I?ve been covering the agency since the beginning, and we haven?t always gotten along. The agency has on various occasions lied to me, threatened me and even served me with an illegal subpoena in an effort to persuade me to reveal the name of a source. (I declined.) If anyone has a reason for wishing that this agency would go away, it would probably be me. And yet I?m not entirely convinced that eliminating the TSA would be the smartest move. I?m deeply skeptical of the agency?s suggestion that it has somehow prevented another act of terrorism. And although the TSA has never been anything less than professional when I?ve flown, I agree with the detractors who say that it seems to operate above the law and with virtually no accountability to the taxpayers who fund it. All that?s certain is that we haven?t had another 9/11 in the past decade. Would that also have been true without the TSA? Possibly. Perhaps the only thing I can say for sure is this: We should never stop asking ourselves whether we?re better off with the TSA. After all, we?re not all sheep. Elliott is National Geographic Traveler magazine?s reader advocate. E-mail him at chris at elliott.org. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 13 11:08:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Nov 2011 12:08:47 -0500 Subject: [Infowarrior] - The Privatization of Copyright Lawmaking Message-ID: The Privatization of Copyright Lawmaking ? Jason Mazzone ? November 12, 2011 http://torrentfreak.com/the-privatization-of-copyright-lawmaking-111112/ kes a balance between private rights and public interests. Not everyone likes the balance the law sets. Copyright owners complain that it does not adequately protect them from infringement of their works. Critics contend that copyright law tilts too far in favor of the interests of copyright owners and does not safeguard the rights of consumers. Yet because copyright law is public law?enacted by Congress, enforced where appropriate by the President, and interpreted and applied by the courts?there is plenty of opportunity to monitor the effects of the law and to debate the ways in which it should be reformed. Increasingly, however, copyright law is being privatized. Its meaning and application are determined not by governmental actors but by private parties, and in particular by deep-pocketed copyright owners. Increasingly, the balance between private rights and public interests is set by private lawmaking. My new book, Copyfraud and Other Abuses of Intellectual Property Law, shows how copyright owners, unhappy with the scope of protections that Congress has given them, routinely grab more rights than they are entitled to under the law. They do this at the expense of consumers and of the public at large. One example is the widespread use of contractual provisions that enhance the rights of copyright owners. Many works, especially works delivered in digital form, are made available only to people who agree to give to the provider broader rights of ownership than copyright law itself actually confers. For instance, the Copyright Act protects the right of fair use but in contracts accompanying digital works consumers waive the right to make any use of the work without the copyright owner?s permission. Copyright law permits consumers to give, lend, or sell their copy of a work after they are done using it. However, terms of use imposed by the supplier prohibit any transfer at all. While copyright law permits reverse engineering of software to develop interoperable products, contractual terms imposed upon the customer prohibit all reverse engineering. Some contracts even require the customer to agree not to contest the content provider?s claim of copyright ownership, raising the possibility that works that are not even protected by copyright are subject to limitations that mirror those available for works that truly are copyrighted. Beyond altering the content of copyright law, private individuals and entities also play an increasing role in law enforcement. The MPAA supplies investigators to police departments to determine whether DVDs are pirated. Customs agents routinely defer to information supplied by copyright owners in seizing and destroying imported goods. VeriSign, the manager of .com Internet addresses has asked ICANN for permission to shut down domain names when asked to do so by law enforcement without the need for any sort of judicial review. Recently, White House officials, including Copyright Czar Victoria Espinel, were involved in negotiations between the recording and movie industries and ISPs to interrupt Internet access for users suspected of violating copyright law. These negotiations, which take the form of private agreements between content providers and ISPs, have vast implications for consumers. The traditional role of courts in determining whether infringement has occurred and punishment should be imposed is also increasingly privatized. Thousands of people targeted by the RIAA for file sharing have paid out penalties not because a court has found infringement but because it has seemed easier just to settle the dispute over the telephone with a credit card number. When this happens, the strength of the copyright owner?s case is never tested. The Stop Online Piracy Act (SOPA), the companion bill to the Senate?s PROTECT IP Act, would further privatize adjudication and punishment. Title I of that law (dubbed the E-PARASITE Act) creates a ?market-based system to protect U.S. customers and prevent U.S. funding of sites dedicated to theft of U.S. property.? It achieves this by empowering copyright owners who have a ?good faith belief? that they are being ?harmed by the activities? of a website to send a notice to the site?s payment providers (e.g. PayPal) and Internet advertisers to end business with the allegedly offending site. The payment providers and advertisers that receive the notice must stop transactions with the site. No judicial review is required for the notice to be sent and for the payments and advertising curtailed?only the good faith representation of the copyright owner. Damages are also not available to the site owner unless a claimant ?knowingly materially? misrepresented that the law covers the targeted site, a difficult legal test to meet. The owner of the site can issue a counter-notice to restore payment processing and advertising but services need not comply with the counter-notice. There is also a catch: a site owner who issues a counter-notice automatically consents to being sued in U.S. courts (a strong disincentive for sites based abroad). With few checks at all, SOPA gives copyright owners a sharp tool to disrupt and shut down websites. Based on their past conduct, there is no reason to think that copyright owners will use this tool with any measure of restraint. Copyright law that is made by private parties evades constitutional constraints that apply to actions undertaken by the government. For example, the Supreme Court has suggested that protections for fair use of copyrighted works may be constitutionally required; if Congress were to suddenly abolish fair use by statute, the change would be immediately challenged as violating the First Amendment. Fair use extinguished through private contract, however, is not easily subjected to constitutional scrutiny. Likewise, when government agencies conduct investigations, Fourth Amendment limitations on searches and seizures and warrant requirements apply. MPAA?run investigations, by contrast, proceed free from these constitutional restrictions. So, too, before courts may impose fines for infringement or order websites shut down, there must be notice, a hearing, and other procedural requirements that comport with due process. Private adjudication and punishment proceed without any of these protections. The biggest misperception about SOPA is that it is somehow unprecedented or extraordinary. It is not. SOPA represents just the latest example of copyright law defined and controlled not by the government but by private entities. Copyright owners will deploy SOPA in the same way they have behaved in the past: to extend out their rights. They will disrupt sites that do not infringe a copyright, interfere with fair uses of copyrighted works, and take other steps that evade the limits that the Copyright Act sets on a copyright owner?s actual rights. Much of what will happen under SOPA will occur out of the public eye and without the possibility of holding anyone accountable. For when copyright law is made and enforced privately, it is hard for the public to know the shape that the law takes and harder still to complain about its operation. ? Jason Mazzone is a law professor at Brooklyn Law School and the author of the new book, Copyfraud and Other Abuses of Intellectual Property Law (Stanford University Press, 2011). The website for the book is www.copyfraud.com. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 13 14:28:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 13 Nov 2011 15:28:55 -0500 Subject: [Infowarrior] - Hollywood's New War on Software Freedom and Internet Innovation Message-ID: <4C0D9D44-4A1A-4307-A453-D24E52567220@infowarrior.org> November 11, 2011 - 12:19pm | By Corynne McSherry and Peter Eckersley Hollywood's New War on Software Freedom and Internet Innovation https://www.eff.org/deeplinks/2011/11/hollywood-new-war-on-software-freedom-and-internet-innovation This is the third in our series (Part 1, Part 2) breaking down the potential effects of the Stop Online Piracy Act (SOPA), an outrageous and grievously misguided bill now working its way through the House of Representatives. This post discusses dangerous software censorship provisions that are new in this bill, as well as the DNS censorship provisions it inherited from the Senate's COICA and PIPA bills. Please help us fight this misguided legislation by contacting Congress today. In this new bill, Hollywood has expanded its censorship ambitions. No longer content to just blacklist entries in the Domain Name System, this version targets software developers and distributors as well. It allows the Attorney General (doing Hollywood or trademark holders' bidding) to go after more or less anyone who provides or offers a product or service that could be used to get around DNS blacklisting orders. This language is clearly aimed at Mozilla, which took a principled stand in refusing to assist the Department of Homeland Security's efforts to censor the domain name system, but we are also concerned that it could affect the open source community, internet innovation, and software freedom more broadly: ? Do you write or distribute VPN, proxy, privacy or anonymization software? You might have to build in a censorship mechanism ? or find yourself in a legal fight with the United States Attorney General. ? Even some of the most fundamental and widely used Internet security software, such as SSH, includes built-in proxy functionality. This kind of software is installed on hundreds of millions of computers, and is an indispensable tool for systems administration professionals, but it could easily become a target for censorship orders under the new bill. ? Do you work with or distribute zone files for gTLDs? Want to keep them accurate? Too bad ? Hollywood might argue that if you provide a complete (i.e., uncensored) list, you are illegally helping people bypass SOPA orders. ? Want to write a client-side DNSSEC resolver that uses multiple servers until it finds a valid signed entry? Again, you could be in a fight with the U.S. Attorney General. It would be bad enough to have these types of censorship orders targeted at software produced and distributed by a single company. But for the free and open source software community ? which contributes many billions of dollars a year to the American economy ? legal obligations to blacklist domains would be an utter catastrophe. Free and open source projects often operate as decentralized, voluntary, international communities. Even if ordered to by a court, these projects would struggle to find volunteers to act as censors to enforce U.S. law, because volunteers usually only perform tasks that they consider constructive. And in the case of larger projects and repositories like Mozilla, to monitor and enforce such court orders against generic functionality could potentially violate licensing obligations and would likely create acrimony, demoralizing and shrinking the communities of contributors and innovators that those projects depend upon. Essentially any software product or service, such as many encryption programs, that is not responsive to blocking orders could be under threat. And lest you think we exaggerate for effect, recall how some of the provisions of another copyright bill have been used to chill security research. Those are just the new provisions in SOPA. Like its companion Senate bill, PROTECT-IP, the bill also authorizes the United Sates Attorney General to wreak havoc with the Domain Name System by ordering service providers to block U.S. citizens' ability to access domain names, which will inevitable lead to competing Internet naming infrastructures and widespread security risks. As leading Internet engineers explained (commenting on an earlier version of the bill), this approach: [W]ill risk fragmenting the Internet's global domain name system (DNS), create an environment of tremendous fear and uncertainty for technological innovation, and seriously harm the credibility of the United States in its role as a steward of key Internet infrastructure. In exchange for this, the bill will introduce censorship that will simultaneously be circumvented by deliberate infringers while hampering innocent parties' ability to communicate. All censorship schemes impact speech beyond the category they were intended to restrict, but this bill will be particularly egregious in that regard because it causes entire domains to vanish from the Web, not just infringing pages or files. Worse, an incredible range of useful, law-abiding sites can be blacklisted under this bill. These problems will be enough to ensure that alternative name-lookup infrastructures will come into widespread use, outside the control of US service providers but easily used by American citizens. Errors and divergences will appear between these new services and the current global DNS, and contradictory addresses will confuse browsers and frustrate the people using them. These problems will be widespread and will affect sites other than those blacklisted by the American government. By introducing bills like this, Congress is recklessly endangering Internet innovation and security. The free/open source and Internet engineering communities need to fight back. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 14 06:58:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Nov 2011 07:58:47 -0500 Subject: [Infowarrior] - Banks Quietly Ramping Up Costs to Consumers Message-ID: <68B1EF6A-C822-45A7-9096-5C2C10A96C61@infowarrior.org> November 13, 2011 Banks Quietly Ramping Up Costs to Consumers http://www.nytimes.com/2011/11/14/business/banks-quietly-ramp-up-consumer-fees.html?_r=1&hp=&pagewanted=print By ERIC DASH Even as Bank of America and other major lenders back away from charging customers to use their debit cards, many banks have been quietly imposing other new fees. Need to replace a lost debit card? Bank of America now charges $5 ? or $20 for rush delivery. Deposit money with a mobile phone? At U.S. Bancorp, it is now 50 cents a check. Want cash wired to your account? Starting in December, that will cost $15 for each incoming domestic payment at TD Bank. Facing a reaction from an angry public and heightened scrutiny from regulators, banks are turning to all sorts of fees that fly under the radar. Everything, it seems, has a price. ?Banks tried the in-your-face fee with debit cards, and consumers said enough,? said Alex Matjanec, a co-founder of MyBankTracker.com. ?What most people don?t realize is that they have been adding new charges or taking fees that have always existed and increased them, or are making them harder to avoid.? Banks can still earn a profit on most checking accounts. But they are under intense pressure to make up an estimated $12 billion a year of income that vanished with the passage of rules curbing lucrative overdraft charges and lowering debit card swipe fees. In addition, with lending at anemic levels and interest rates close to zero, banks are struggling to find attractive places to lend or invest all the deposits they hold. That poses another $8 billion drag. Put another way, banks would need to recoup, on average, between $15 and $20 a month from each depositor just to earn what they did in the past, according to an analysis of the interest rate and regulatory changes on checking accounts by Oliver Wyman, a financial consulting firm. For consumers, the result is a quiet creep of new charges and higher fees for everything from cash withdrawals at ATMs to wire payments, paper statements and in some cases, even the overdraft charges that lawmakers hoped to ratchet down. What is more, banks are raising minimum account balances and adding other new requirements so that it is harder for customers to qualify for fee waivers. Even the much-maligned debit usage charges have effectively been bundled into higher monthly fees on checking accounts. Bank of America abandoned its $5 a month debit card usage fee in late October amid a firestorm of criticism. Yet, it more quietly raised the cost of its basic MyAccess checking account by more than $3 a month earlier this year. Monthly maintenance fees now run $12 a month, up from $8.95. Chase and Citigroup, which quickly distanced themselves from the debit card usage fee, ratcheted up the price of their entry-level checking products without the public relations nightmare. This month, Citigroup?s basic checking account jumped to $10 a month, up from $8. Chase raised the fee on its standard checking account to $12 a month in February; many of those customers were previously charged nothing at all. Officials at all of those banks are adamant that they have been transparent about the price increases and are providing ample ways for customers to avoid the monthly charges, like maintaining a minimum balance or signing up for direct deposit. Given the uproar, some bankers say the ultimate answer lies in enticing customers to give them more of their business in other services ? not by making up the lost revenue on checking accounts. ?The long-term game is improving customer experience scores, so over time you win more business and make more money,? said Todd Maclin, the head of Chase?s retail and commercial bank. It costs most banks between $200 and $300 a year to maintain a retail checking account, from staffing branches to covering federal deposit insurance premiums. In the past, the fees banks collected from merchants each time customers swiped their debit card or overdrew their account covered much of that expense. Banks offered ?free checking? to the masses as a result. But the economics have drastically changed over the past two years. Income earned on deposits has fallen, while the revenue gained from fees has plunged by as much as half because of the new regulations. Today, according to Oliver Wyman, banks are expected to take in, on average, between $85 and $115 in fees a year per account ? making it especially hard to turn a profit on customers with low balances. ?They have got to make up the income some place,? said Vernon Hill II, the founder of Commerce Bank whose retail-oriented approach transformed it into a large regional player before it was sold to TD Bank. He added: ?I think we will see a lot more fees.? Some policy makers are already fed up. This month, two Democratic senators, Richard J. Durbin of Illinois and Jack Reed of Rhode Island, urged the Consumer Financial Protection Bureau to adopt a more consumer-friendly disclosure form, akin to the nutrition label on food packaging, for all the fees attached to a checking account. ?Simply put, consumers have had enough of banks that try to sneak fees past them that are hidden in fine print or imposed with no notice at all,? they wrote. Last year, a Pew Charitable Trusts study found that bank customers could potentially incur 49 different fees on a typical checking account. New fees, of course, will cover a small part of the gap in profits. Banks are also hoping that new products catch on. Some are steering lower-income customers to prepaid cards, which were not affected by the reduction in debit card swipe fees. TD Bank officials say one of their hottest products is a simple checking account with no minimum balance requirement introduced in March. Even though it comes with a $2.99 monthly fee, almost 300,000 customers have signed up. And nearly every major bank has embarked on a cost-cutting campaign, eliminating branches and staff. After a 15-year expansion, the number of branches has fallen almost 1.4 percent to 98,202 from its peak in 2009, according to SNL Financial. Banks are also lowering the rates they pay savers. The average interest rate for deposits has fallen to 0.74 percent from 0.8 percent during the first six months of this year, according to Market Rates Insight. Most consumers barely notice, but it translates into real money ? about $1.5 billion a month in savings industrywide. Banks may also be betting that consumers will not notice the quiet creep of existing fees. As Richard K. Davis, U.S. Bancorp?s chief executive, told investors on a recent conference call: ?We?ll see if our customers complain and move, or just complain,? he said. Some consumers suspect that banks have deliberately made it difficult to move into a cheaper checking accounts. Ben Ryan, a 33-year-old novelist in Manhattan, said he recently spent 45 minutes on the phone with several Citibank representatives just to switch out of a midtier checking account that would carry a $20-a-month fee and into a more basic one, where he could avoid a charge. Citi officials say they would violate the law if they automatically switched a customer into a different account, and believe requiring a conversation with a representative helps customers better understand their choices. But Mr. Ryan said the experience left him more confused. ?You call, and they don?t know what you are talking about. And then there all these different options,? he said. ?There is no simple way to switch.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 14 06:59:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Nov 2011 07:59:59 -0500 Subject: [Infowarrior] - When Sites Drag the Unwitting Across the Web Message-ID: <3DB0DC72-0C31-4DB6-A9EB-408677FCFFD1@infowarrior.org> November 13, 2011 When Sites Drag the Unwitting Across the Web http://www.nytimes.com/2011/11/14/technology/klouts-automatically-created-profiles-included-minors.html?hpw=&pagewanted=print By SOMINI SENGUPTA SAN FRANCISCO ? Can an online algorithm track down your child? In some cases, yes ? and if you?re a parent, it could alarm you too. Consider the case of Maggie Leifer McGary, mother, blogger and social media fan. Ms. McGary is on virtually every existing social network: Foursquare, LinkedIn, Twitter, Facebook. She is also on Klout, a popular site that assigns you a score based on its analysis of how influential you are on the social Web. In the days just before Halloween, Ms. McGary got the fright of her life when she checked her Klout profile. Hovering above her score were the faces and names of those over whom she had influence, as calculated by Klout. They included her 13-year-old son, Matthew. The boy had never set up a Klout page for himself; he was only her Facebook ?friend,? so she could monitor his interactions there. Klout had automatically created a page for him and assigned him a score. Then Ms. McGary?s 15-year-old daughter Mimi popped up on her Klout page ? this time not with a Klout score of her own, just a nudge to Ms. McGary to invite Mimi to join. ?It freaked me out because these are my kids,? said Ms. McGary, 43, who lives in a suburb of Washington and handles social media for an association of health care professionals. ?It?s wrong. They shouldn?t be marketing to children.? Klout says it does not. And since this brouhaha, Klout no longer creates profiles automatically, of minors or anyone else, and every Klout user can now delete a profile entirely. The Klout kerfuffle is a parable of what can happen when you have an active digital social life. Not only do you leave your own digital footprints everywhere, but you can also drag your online friends with you from site to site, even if they have no interest in going there. Klout culls information about individuals from publicly available sources: posts and followers on Twitter, engagement on Facebook, LinkedIn, Foursquare and so on. It lifts information from 13 separate networks in all, its chief executive, Joe Fernandez, explained, and rates you based on how ?people engage with the content you create.? For a brief period in late October, when Ms. McGary saw Matthew pop up on her Klout page, Klout?s algorithms created scores for the Facebook friends of registered Klout users. ?Let?s say you and I were friends on Facebook, and I had commented on your Facebook wall,? Mr. Fernandez said. ?Klout would see that, and I would get a score from my post on your wall.? Outcry followed. Klout turned off that feature. Mr. Fernandez said his algorithms were not so smart that they could figure out who among your network of friends was a child or an adult. Ms. McGary?s realization was part of a storm that blew through the blogosphere. It started when a few people started to see their Klout scores rise and fall and ? what else? ? began posting on Twitter about it. In Montauk, N.Y., Tonia Ries clicked on her Klout page one morning to check out what the fuss was about. She too noticed her son, Timothy Carson, pop up on her page, with a Klout score assigned to him and a link to his Facebook page. Mr. Carson, 21 and a college student, told his mother that he had not signed up for Klout. ?How did Klout get the information to create a profile on my son???? Ms. Ries wrote that day on her site, The Realtime Report, which, as luck would have it, tracks social media trends. She soon figured it out. Not long before, her son had posted on her Facebook page about taking their family dog to the veterinarian. That post, Ms. Ries realized belatedly, was visible to the general public. And she had linked to her Facebook page on Klout. Ms. Ries told her readers: ?I have unlinked my Facebook account, and I suggest you do the same.? Five days later, Klout announced it would allow users to delete their profiles. And days after that, the company said it would no longer create Klout scores automatically for the Facebook friends of its registered users. Facebook said it was investigating whether Klout had broken its terms of service in harvesting information from its site. Klout says it did not. Much of a Facebook user?s personal information ? name, sex, profile photo ? is public information, and so too are pictures, comments and other posts that are marked as publicly visible, with a stark globe icon. Klout, like a host of other influence yardsticks in the digital marketplace, like PeerIndex and Kred, is used by marketers to reach habitual comment makers who are likely to promote their products on social networks. It can be used by employers, teachers, homecoming queen committees ? anyone ? to gauge someone?s popularity. Ms. Ries?s Klout score went up sharply after she wrote a blog post about her experience and posted a link to it on Twitter. It also prompted her to reflect on the unintended consequences of her very active social network life. ?I engage, I participate publicly. I view anything I post as fair game,? she said the other day on the phone. ?The big lesson I learned, and the new area I started thinking about much more heavily, is that my activity on a social network to a great extent exposes everyone I am connected to.? Her son, she says, is vigilant about tweaking his privacy settings. But there are others in her online circles, she argued, who are less careful, and who may be largely unaware of how they are pulled across the Web from one service to another just because they are connected to her on Facebook. ?People need to be aware ? if you?re active on social networks, you?re bringing your social graph with you, and that includes your friends and family,? she said. Ms. McGary accepts that her children live in an age dominated by social networks. Like many other parents, she helped Matthew, her son, lie about his age to register for a Facebook account before he turned 13. She hectors her children not to divulge personal information like phone numbers online. She keeps tabs on them on Facebook. She takes pains to not reveal information like their school on location services like Foursquare. When she told her son that he had been assigned a Klout score, it prompted an aptly adolescent response. He wanted to know how popular he was, and what freebies he might get. ? ?What?s my score? How many points do I need to get stuff?? ? she said he had asked her. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 14 07:02:57 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Nov 2011 08:02:57 -0500 Subject: [Infowarrior] - Congress: Trading stock on inside information? Message-ID: <20B7D465-052E-4941-921C-DFF8B4CE1A79@infowarrior.org> (not exactly new information but good to see the practice put into the public eye. -- rick) Congress: Trading stock on inside information? November 13, 2011 7:06 PM http://www.cbsnews.com/8301-18560_162-57323527/congress-trading-stock-on-inside-information/ Steve Kroft reports that members of Congress can legally trade stock based on non-public information from Capitol Hill. Washington, D.C. is a town that runs on inside information - but should our elected officials be able to use that information to pad their own pockets? As Steve Kroft reports, members of Congress and their aides have regular access to powerful political intelligence, and many have made well-timed stock market trades in the very industries they regulate. For now, the practice is perfectly legal, but some say it's time for the law to change. The following is a script of "Insiders" which aired on Nov. 13, 2011. Steve Kroft is correspondent, Ira Rosen and Gabrielle Schonder, producers. The next national election is now less than a year away and congressmen and senators are expending much of their time and their energy raising the millions of dollars in campaign funds they'll need just to hold onto a job that pays $174,000 a year. Few of them are doing it for the salary and all of them will say they are doing it to serve the public. But there are other benefits: Power, prestige, and the opportunity to become a Washington insider with access to information and connections that no one else has, in an environment of privilege where rules that govern the rest of the country, don't always apply to them. < -- > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 14 07:11:10 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Nov 2011 08:11:10 -0500 Subject: [Infowarrior] - U.S. Hiring Mercenary Air Force for Iraq Rescues Message-ID: <7840843F-A105-48DC-9D3C-F79EC52E7927@infowarrior.org> U.S. Hiring Mercenary Air Force for Iraq Rescues ? By Spencer Ackerman ? November 14, 2011 | ? 6:30 am | ? Categories: Iraq http://www.wired.com/dangerroom/2011/11/iraq-diplomats-search-rescue/ It?s January 2012. A convoy of SUVs ferrying American diplomats to a meeting with Iraqi politicians runs over a roadside bomb. Several of the passengers inside are seriously injured. They need to be rescued, now. But the U.S. military left Iraq on Dec. 31. Which means the only call for help has to go to a team of mercenaries employed by the U.S. embassy in Baghdad. They?re the only guys left in Iraq who are running medical evacuation operations ? or any other complex air op. The State Department has already requisitioned an army, part of the roughly 5,000 private security contractors State is hiring to protect diplomats stationed in Iraq. Now, State is hiring someone to provide a little help from the air: an ?Aviation Advisor? responsible for ?Search and Rescue (SAR), medical evacuations (ME), transporting Quick Reaction Forces (QRF) to respond to incidents, and provid[ing] air transportation for Chief of Mission personnel.? It?s not a familiar job for the diplomatic corps, which is why State is seeking to bring in someone from the outside. The State Department put out this notice on Nov. 4. That?s 58 days before the withdrawal of U.S. troops. 58 days before State has the skies over Iraq to itself. There are lots of contractors with long experience in search and rescue and other air operations. The secretive Virginia company Blackbird Technologies, staffed with U.S. special operations veterans, won an $11 million contract in 2010 to rescue missing or kidnapped U.S. troops in Iraq, one of the military?s most important missions. State has also contracted out for air support in the recent past. Its former principal security company in Iraq, Blackwater, kept a fleet of Little Bird helicopters at the ready in case diplomats in trouble couldn?t get hold of U.S. troops. In an August 2009 internal email acquired by Danger Room, the State Department?s David Adams explained that Blackwater?s aircraft in Iraq were used for ?quick reaction forces, search and rescue/medical evacuation, reconnaissance and escort, disabled aircraft recovery, VIP missions (Codels [congressional delegations]), contingency operations, and aerial transportation of personnel and cargo.? The video above shows a Blackwater helicopter in 2007 rescuing a Polish diplomat. Managing Blackwater?s small helicopter fleet in Iraq was a warmup. This is the main event: a complex structure of transit, support and even ?Quick Reaction? (that is, combat) ?fixed wing aircraft, light lift helicopters and medium lift helicopters,? on a ?24 hour? basis. The Aviation Advisor will not be able to call upon the U.S. Air Force to bail him or her out of a jam. ?Any operation of any aircraft of any type into the sovereign airspace over Iraq after [Dec. 31] would need to comply with Iraqi laws and policies,? says Capt. Mellisa Milner, the chief spokeswoman for the Air Force in the region. ?We are not aware of any special arrangements or exceptions for any aircraft, and are not aware of any ongoing discussions with MoD [Iraq's Ministry of Defense] on the matter.? Air operations are not as simple has hiring skilled pilots to put well-maintained machines in the skies. The military has long-standing procedures in place for designing and executing aerial missions. An experienced chain of command maintains order, discipline, coordination and success. This is what the military does. It?s not what the State Department does. Only a relatively few officials go into the U.S. diplomatic corps to oversee security operations. And in practice, the department?s Bureau of Diplomatic Security doesn?t run those operations itself, it hires contractors to run them. And it?s the part of the department that appears the least functional, with performance or financial scandals ensnaring its contractors ArmorGroup, DynCorp, and of course Blackwater. Inevitably, things will go wrong in these complex air operations. A functioning chain of command exists to minimize those mistakes and mitigate their impact. The State Department still does not have someone atop that chain, with fewer than 60 days before it finds itself alone in the skies. No wonder the State Department?s own inspector general warned in May that a ?lack of senior level Department participation dedicated to the [Iraq] transition process? contributed to a transition plan where ?several key decisions have not been made, some plans cannot be finalized, and progress is slipping in a number of areas.? (.pdf) Until State can figure out its chain of command for air operations, its employees in Iraq ? some 17,000 of them, according to current plans ? had better hope they don?t need air support. There?s not much time to put one in place. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 14 13:04:42 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Nov 2011 14:04:42 -0500 Subject: [Infowarrior] - Putting the Brakes on Web-Surfing Speeds Message-ID: <20B09A80-C2F6-47F8-8AB0-27A8D75A917A@infowarrior.org> http://www.nytimes.com/2011/11/14/technology/putting-the-brakes-on-web-surfing-speeds.html?_r=4&pagewanted=print November 13, 2011 Putting the Brakes on Web-Surfing Speeds By KEVIN J. O'BRIEN BERLIN ? State-of-the-art Web surfing, for all of its breathtaking speed, can be baffling. A favorite page gets hung up. A data-intensive application, like playing a video or downloading large files, stutters or stops. Is it the telecommunications operator? Is it the Web site? Is it the smartphone or the computer? Or just a sign of Internet thrombosis? Krishna Gummadi, the head of the Networked Systems Research Group at the Max Planck Institute for Software Systems, in Saarbr?cken, Germany, says the blame often lies with the telecom operator, which is selectively slowing broadband speeds to keep traffic flowing on its network, using a sorting technique called throttling. In 2008, Mr. Gummadi and a graduate student, Marcel Dischinger, developed a free software gauge that detected whether broadband service was being throttled by a network operator. The software, called Glasnost after the Russian word for ?openness,? has been downloaded and used by 1.5 million people around the world since then. Glasnost mimics data transfers using the Bit Torrent file-sharing protocol, and then measures whether operators are slowing uploads and downloads. Consumers around the world have used it to test the service of landline broadband operators. Glasnost only works on a few smartphones so far. The latest results, based on 121,247 tests run from January through October, suggest that throttling is being done everywhere in the world. The results for each operator may not be representative, for several reasons. The sample sizes for each operator vary, from 36,000 in the case of NTT Docomo of Japan, to just a hundred for smaller ones. There is also a 4 percent to 5 percent chance of ?false positives? ? indications that throttling is being done when it is not. But that aside, Glasnost cast light on the practice of throttling, which operators are reluctant to discuss in detail beyond confirming, in standard service contracts, that they use it. In the United States, throttling was detected in 23 percent of tests on telecom and cable-television broadband networks, less than the global average of 32 percent. The U.S. operators with higher levels of detected throttling included Insight Communications, a cable-television operator in New York, Kentucky, Indiana and Ohio, where throttling was detected in 38 percent of tests; and Clearwire Communications, where throttling was detected in 35 percent of the tests. Throttling was detected in 18 percent of tests on Verizon?s landline network and in 30 percent of tests run on AT&T WorldNet Services, the company?s consumer broadband network. Throttling on AT&T?s business network, SBIS-AS AT&T Internet Service, was 18 percent. In Europe, throttling appeared to be most common in Britain. Slowing was detected on 74 percent of tests done on BT?s British regional network. Positive tests for throttling also exceeded 50 percent for six other British operators: NTL, Opal Telecom, Telewest Broadband, Carphone Warehouse Broadband Service, Tiscali U.K. and Pipex. In France, throttling appeared to be less common. Positive tests didn?t exceed 21 percent among France T?l?com?s Orange service, Neuf Cegetel, Numericable and Proxad. In Germany, it was even rarer, at levels of less than 16 percent for almost every operator including Deutsche Telekom. (I tested Glasnost on my Deutsche Telekom network in Berlin and it showed no throttling.) The one exception: Kabel Deutschland, the biggest?s domestic cable TV operator, showed throttling detected in 44 percent of 393 tests. In Japan, NTT Docomo employed throttling in 49 percent of 471 tests, according to Glasnost. GigaInfra Broadband and Vectant had positive tests in 30 percent and 38 percent of tests, respectively. In Canada, where the population is much more spread out, and networks must cover vast territory, throttling appeared more common. It was measured in 85 percent of tests on Rogers Communications? network and 64 percent of tests on Bell Canada. In other parts of the world, frequent throttling was detected in smaller operators, which often have less money to build high-capacity networks. Those included: the Dubai-based Emirates Integrated Telecommunications, operator of the Du network, with 90 percent; Toya, a cable operator in Lodz, Poland, with 88 percent; TeleCentro of Argentina, with 87 percent; RLE Elisa in Estonia, with 85 percent; ASN AtHome, a Hong Kong-based cable TV operator, with 83 percent; TM Net of Malaysia, with 78 percent; Magix of Singapore, 63 percent; Cabo TVM of Portugal, 62 percent; and Bezeq of Israel, 59 percent. Former monopolies like Telef?nica of Spain, Telecom Italia, KPN of Netherlands, Telstra of Australia, Telia of Sweden, Belgacom of Belgium and Eircom of Ireland, which all still operate the largest landline networks in their countries, generally used throttling less frequently ? perhaps because they didn?t have to, on their extensive networks. Their rates of detected throttling, respectively, according to Glasnost, were: 19 percent for Telef?nica and Telecom Italia, 18 percent for KPN, 34 percent for Telstra, 14 percent for Telia, 13 percent for Belgacom and 15 percent for Eircom. In general, the Glasnost results suggest that telecom and cable TV operators, when they do use throttling, do so mostly to suppress bandwidth hogs and ensure a reasonable experience for all of their customers. Mr. Dischinger, now a computer engineer in Innsbruck, Austria, said throttling was much more commonly used by operators of mobile phone networks, which have much less capacity than landline grids. But with operators starting to sell superfast landline broadband service for heavy data users, such as Deutsche Telekom?s high-speed fiber-to-the-home service, the competition for bandwidth ? and the need for throttling ? will only increase, Mr. Dischinger said. ?I highly doubt it can go on forever,? Mr. Dischinger said. ?I cannot envision with the current network infrastructure they have that operators can continue to support people in the long term without more investment.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 14 14:23:26 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Nov 2011 15:23:26 -0500 Subject: [Infowarrior] - =?windows-1252?q?How_the_BBC=27s_HD_DRM_plot_was_?= =?windows-1252?q?kept_secret_=85_and_why?= Message-ID: <6696D4CA-C43E-4E2C-AB9C-5AF4EE4A6604@infowarrior.org> How the BBC's HD DRM plot was kept secret ? and why Corporation's Ofcom submission reveals it is willing to give privileges to US TV companies they can't get at home < -- > http://www.guardian.co.uk/technology/2011/nov/14/bbc-hd-drm/print --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 14 15:43:18 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Nov 2011 16:43:18 -0500 Subject: [Infowarrior] - Fwd: Another Bogus Cert Found References: <20111114213021.GE10038@reznor.com> Message-ID: <978FCCA5-DF57-4B6F-AB8F-27A394856459@infowarrior.org> Begin forwarded message: > From: ajr > > Not much detail, but the cert appears signed by the gov of Malaysia. > > http://www.f-secure.com/weblog/archives/00002269.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 14 16:22:50 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Nov 2011 17:22:50 -0500 Subject: [Infowarrior] - Cracking Siri Message-ID: <8BD5AAA2-CADB-48D7-828E-DD1FE53D0889@infowarrior.org> Cracking Siri On October 14, 2011, Apple introduced the new iPhone 4S. One of its major new features was Siri, a personal assistant application. Siri uses a natural language processing technology to interact with the user. Interestingly, Apple explained that Siri works by sending data to a remote server (that?s probably why Siri only works over 3G or WiFi). As soon as we could put our hands on the new iPhone 4S, we decided to have a sneak peek at how it really works. Today, we managed to crack open Siri?s protocol. As a result, we are able to use Siri?s recognition engine from any device. Yes, that means anyone could now write an Android app that uses the real Siri! Or use Siri on an iPad! And we?re goign to share this know-how with you. < -- > http://applidium.com/en/news/cracking_siri/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 14 16:23:57 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Nov 2011 17:23:57 -0500 Subject: [Infowarrior] - Cerf: The government is going overboard in Internet copyright control Message-ID: Vint Cerf: The government is going overboard in Internet copyright control November 14, 2011 | Jolie O'Dell http://venturebeat.com/2011/11/14/vint-cerf/ ?When Bob and I started writing the specs for the Internet in 1973?? Only a handful of people can start a sentence anything like that. Today, Vint Cerf, one of the godfathers of the Internet, stood on a stage at the Google campus and addressed attendees of Atmosphere, the company?s cloud computing event. With his snow-white beard and three-piece suit, Cerf looked like something out of a Jules Verne novel, subtly different from the Brooks Brothers army he faced. And he spoke as one who still sees a world of freedom, innovation and possibility in the Internet. Today, Cerf gave the audience strong words on contemporary issues of intellectual property, open-source development and the need for better security ? not on the part of developers or companies, but on the part of normal Internet users. Cerf on patents versus freedom When asked what he would tell the developer of the Next Big Thing, the technology that could replace the Internet, Cerf said, ?Shoot the patent lawyer.? The room, which was full of chief information officers for large, proprietary companies, burst into both laughter and applause. Cerf continued, ?Bob [Kahn] and I knew we could not succeed if we tried to protect the Internet?s design. As it turns out that worked out really well, and I think that?s still pretty good advice.? Cerf also spoke out against the Department of Homeland Security?s recent seizures of websites, such as last year?s seizure of scores of music sites and communities for copyright violations, which he called ?a blunt instrument that can and should be exercised much more carefully. As the one site owner told this correspondent at the time, the sites were being seized ?without any previous complaint or notice from any court? While I was contacting GoDaddy I noticed the DNS had changed. Godaddy had no idea what was going on and until now they do not understand the situation, and they say it was totally from ICANN [via the Department of Homeland Security].? Cerf said this was a step out of line, even in the name of IP protection. ?Even our own government is beginning to go overboard in the protection of copyright? ?The open ability to develop new applications and try them out has been vital to the Internet?s growth and to the space in which we currently operate. It has interesting ways of enhancing both sides of the equation.? He told the audience, ?Remember, governance is a big word that includes human rights, freedom of speech, economic transactions on a worldwide basis ? it touches everything. It?s everywhere, and that?s why Internet governance is topic A in many corners.? Cerf on identity & security Cerf also talked about a topic quite close to Google?s heart: the ability to traverse the Internet anonymously, if one so chooses. Google?s own suite of social tools, Google+, recently came under heavy fire for allowing its users to sign up only with their ?given names,? linking their online activities with their real-world identities. However, this decision has been reversed, due in no small part to the backlash from hackers inside Google?s own campus ? including Cerf. ?We should preserve our ability to be anonymous or pseudonymous,? he said today, ?but we also need strong authentication tools.? While certificates, Cerf said, are ?not working too well,? users still and will always need secure ways to prove who they really are. ?We have serious work to do as a community to implement new technologies and? improve security on the Net.? One of the main points Cerf made about security wasn?t about the need for better programmatic ways of thwarting attacks; rather, he said, consumers themselves need to get smarter about where their information goes when they click and browse around the web. ?I am comfortable that we have some good technologies for basic cryptography,? he said. ?What worries me are all the other avenues that people can get information without having to break code.? He said a recent episode of >spear phishing attacks on Gmail users ?is a case in point? People clicked on those messages because they look credible.? Cerf continued, ?I?m much more worried about these open avenues for attack [including social and email attacks and malware from browsers], the social engineering, the tricking? we?re going to have to teach our children and each other much more about? the risk factors of doing certain things on the Net.? Cerf on mobile ?When we bring technologies into being, we assume that the new technology will wipe out the old one,? said Cerf. He noted this assumption is incorrect; rather than destroying old systems, new technologies often enhance them, he said. For example, Cerf noted, ?The newspaper is in decline. News is not and should not be in decline? This is Darwin?s observation: Adapt or die. We have to figure out how our business models can operate under new conditions.? When it comes to mobile devices and mobile ways of connecting to the Internet, Cerf said, ?The immediacy of the mobile changes it from what we?re accustomed to in the personal computing world to something that?s instantaneous?What?s interesting and powerful about the mobile environment is that it?s connected to services on the Internet. This augments both platforms.? And since mobile is still so new, Cerf said that ecosystem is more ripe for creative hacking than almost any other. ?For systems in which you already have a lot of hardware and software, change is difficult,? he said. ?That?s why apps are so popular.? He continued to say that the infrastructure of mobile devices, operating systems and applications allow for more flexibility and innovation, because there aren?t too many legacy layers underneath. Cerf on the Internet of things Keeping in mind that he spoke at a cloud conference, Cerf said, ?The cloud won?t do you any good unless you can connect to it. The stats have to include the reliability of the network connections that get you to the cloud? We have to keep the infrastructure in mind.? Part of that infrastructure are the devices we use to connect to what we call ?the cloud.? In addition to the evolving world of mobile devices and connectivity, Cerf also talked about other connected devices, a new way of thinking about what the Internet is and how it?s used: The Internet of things. ?I used to tell jokes about Internet-enabled lightbulbs,? he said. ?I can?t tell jokes about it anymore ? there already IS an Internet-connected lightbulb.? But, Cerf said, ?I also have an Internet-connected sensor system in my house.? Cerf?s home automation system controls such factors as light and temperature. While he said it sounds like a deeply nerdy indulgence, he told the Atmosphere audience, ?The reason I?m doing it is very practical. I want to have data on how the heating ventilation and air conditioning system is performing. ?Many of you are CIOs of your businesses: Real data counts, and data drives the business.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 14 20:24:08 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 14 Nov 2011 21:24:08 -0500 Subject: [Infowarrior] - Who Decides Who You Are Online? Message-ID: <39796E80-5BAC-44E5-B87C-79C9B974528E@infowarrior.org> November 14, 2011 Who Decides Who You Are Online? http://www.nytimes.com/2011/11/15/technology/hiding-or-using-your-name-online-and-who-decides.html By SOMINI SENGUPTA SAN FRANCISCO ? The writer Salman Rushdie hit Twitter on Monday morning with a flurry of exasperated posts. Facebook, he wrote, had deactivated his account, demanded proof of identity and then turned him into Ahmed Rushdie, which is how he is identified on his passport. He had never used his first name, Ahmed, he pointed out; the world knows him as Salman. Would Facebook, he scoffed, have turned J. Edgar Hoover into John Hoover? ?Where are you hiding, Mark?? he demanded of Mark Zuckerberg, Facebook?s chief executive, in one post. ?Come out here and give me back my name!? The Twitterverse took up his cause. Within two hours, Mr. Rushdie gleefully declared victory: ?Facebook has buckled! I?m Salman Rushdie again. I feel SO much better. An identity crisis at my age is no fun.? Mr. Rushdie?s predicament points to one of the trickiest notions about life in the digital age: Are you who you say you are online? Whose business is it ? and why? As the Internet becomes the place for all kinds of transactions, from buying shoes to overthrowing despots, an increasingly vital debate is emerging over how people represent and reveal themselves on the Web sites they visit. One side envisions a system in which you use a sort of digital passport, bearing your real name and issued by a company like Facebook, to travel across the Internet. Another side believes in the right to don different hats ? and sometimes masks ? so you can consume and express what you want, without fear of offline repercussions. The argument over pseudonyms ? known online as the ?nym wars? ? goes to the heart of how the Internet might be organized in the future. Major Internet companies like Google, Facebook and Twitter have a valuable stake in this debate ? and, in some cases, vastly different corporate philosophies on the issue that signal their own ambitions. Facebook insists on what it calls authentic identity, or real names. And it is becoming a de facto passport vendor of sorts, allowing its users to sign into seven million other sites and applications with their Facebook user names and passwords. Google?s social network, Google+, which opened up to all comers in September, likewise wants the real names its users are known by offline, and it has frozen the accounts of some perceived offenders. But Google has indicated more recently that it will eventually allow some use of aliases. Vic Gundotra, the Google executive responsible for the social network, said at a conference last month that he wanted to make sure its ?atmosphere? remained comfortable even with people using fake names. ?It?s complicated to get this right,? he said. Twitter, by sharp contrast, follows a laissez-faire approach, allowing the use of pseudonyms by WikiLeaks supporters and a prankster using the name @FakeSarahPalin, among many others. It does consider deceitful impersonation to be grounds for suspension. The debate over identity has material consequences. Data that is tied to real people is valuable for businesses and government authorities alike. Forrester Research recently estimated that companies spent $2 billion a year for personal data, as Internet users leave what the company calls ?an exponentially growing digital footprint.? And then there are the political consequences. Activists across the Arab world and in Britain have learned this year that social media sites can be effective in mobilizing uprisings, but using a real name on those sites can lead authorities right to an activist?s door. ?The real risk to the world is if information technology pivots to a completely authentic identity for everyone,? said Joichi Ito, head of the Media Lab at the Massachusetts Institute of Technology. ?In the U.S., maybe you don?t mind. If every kid in Syria, every time they used the Internet, their identity was visible, they would be dead.? Of course, people have always used pseudonyms. Some, like Mark Twain, are better known by their fake names. Some use online pseudonyms to protect themselves, like victims of abuse. Still others use fake names to harass people. Facebook has consistently argued for real identity on the grounds that it promotes more civil conversations. ?Facebook has always been based on a real-name culture,? said Elliot Schrage, vice president of public policy at Facebook. ?We fundamentally believe this leads to greater accountability and a safer and more trusted environment for people who use the service.? Real identity is also good for Facebook?s business, particularly as it moves into brokering transactions for things like airline tickets on its site. Company executives are aware of the difficulties of policing a site with 800 million active users. Plenty of people get away with using fanciful names. And enforcing the real-name policy can present real-life complications. Wael Ghonim, the celebrated Egyptian blogger, used a fake name to set up a popular anti-Mubarak Facebook page. That led Facebook to briefly shut its Arabic version in the middle of the Tahrir Square demonstrations, until a woman in the United States agreed to take it over. Twitter, on the other hand, has vigorously defended the use of pseudonyms, bucking demands most recently from British government officials who pressed for a real-names policy in the aftermath of the civil unrest across Britain. ?Other services may be declaring you have to use your real name because they think they can monetize that better,? said Twitter?s chief executive, Dick Costolo. ?We are more interested in serving our users first.? At the same time, Twitter is vying with Google and Facebook to be something of a passport authority on the Web. Facebook has the widest reach, offering easy access to sites that deliver things like instant messaging and news. Spotify and MOG, two music sites, require new users to log in with their Facebook identities. This allows those sites to show users what their Facebook friends are listening to. For consumers, this approach can be a mixed blessing. It means not having to keep track of different passwords for different sites. It also means sharing data about what they are doing online with these emerging ?identity intermediaries,? as Chris Hoofnagle, a law professor at the University of California, Berkeley, calls them. ?It?s convenient,? Mr. Hoofnagle said. ?But do you want Facebook and Google to know where you?re going?? As for Facebook?s crackdown on Mr. Rushdie, the company would not explain how it happened but admitted it was a mistake. ?We apologize for the inconvenience this caused him,? Facebook said in a statement. Mr. Rushdie, who once lived incognito because of death threats, has more recently been busy revealing himself on Twitter. He had to fight for his online name there as well. An imposter was using the Twitter handle @SalmanRushdie earlier this year, and Mr. Rushdie had to ask the company for help reclaiming it. Now his page bears Twitter?s blue ?Verified Account? checkmark and quotes Popeye: ?I yam what I yam and that?s all that I yam.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 15 07:18:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Nov 2011 08:18:25 -0500 Subject: [Infowarrior] - DOJ: Lying on Match.com needs to be a crime Message-ID: Okay, perhaps this is a bit of hyperbole but if the language as proposed gets into law, how long before we see such idiotic interpretations being used against Internet users? As such I offer a pre-emptive response to the DOJ/Washington anti-Internet crowd: "just trust us" or "that's not the intention of the law" no longer is a believable response from you. --- rick DOJ: Lying on Match.com needs to be a crime http://news.cnet.com/8301-31921_3-57324779-281/doj-lying-on-match.com-needs-to-be-a-crime/ by Declan McCullagh November 14, 2011 11:58 PM PST The U.S. Department of Justice is defending computer hacking laws that make it a crime to use a fake name on Facebook or lie about your weight in an online dating profile. In a statement obtained by CNET that's scheduled to be delivered tomorrow, the Justice Department argues that it must be able to prosecute violations of Web sites' often-ignored, always-unintelligible "terms of service" policies. The law must allow "prosecutions based upon a violation of terms of service or similar contractual agreement with an employer or provider," Richard Downing, the Justice Department's deputy computer crime chief, will tell the U.S. Congress tomorrow. Scaling back that law "would make it difficult or impossible to deter and address serious insider threats through prosecution," and jeopardize prosecutions involving identity theft, misuse of government databases, and privacy invasions, according to Downing. The law in question, the Computer Fraud and Abuse Act, has been used by the Justice Department to prosecute a woman, Lori Drew, who used a fake MySpace account to verbally attack a 13-year old girl who then committed suicide. Because MySpace's terms of service prohibit impersonation, Drew was convicted of violating the CFAA. Her conviction was later thrown out. What makes this possible is a section of the CFAA that was never intended to be used that way: a general-purpose prohibition on any computer-based act that "exceeds authorized access." To the Justice Department, this means that a Web site's terms of service define what's "authorized" or not, and ignoring them can turn you into a felon. On the other hand, because millions of Americans likely violate terms of service agreements every day, you'd have a lot of company. A letter (PDF) sent to the Senate in August by a left-right coalition including the ACLU, Americans for Tax Reform, the Electronic Frontier Foundation, and FreedomWorks warns of precisely that. "If a person assumes a fictitious identity at a party, there is no federal crime," the letter says. "Yet if they assume that same identity on a social network that prohibits pseudonyms, there may again be a CFAA violation. This is a gross misuse of the law." Orin Kerr, a former Justice Department computer crime prosecutor who's now a professor of law at George Washington University, says the government's arguments are weak. Kerr, who is also testifying tomorrow before a House Judiciary subcommittee, told CNET today that: The Justice Department claims to have an interest in enforcing Terms of Use and computer use policies under the CFAA, but its examples mostly consist of cases in which the conduct described has already been criminalized by statutes other than the CFAA. Further, my proposed statutory fix (see the second proposal in my testimony) would preserve the government's ability to prosecute the remaining cases DOJ mentions while not raising the civil liberties problems of the current statute. Kerr's testimony gives other examples of terms of service violations that would become criminal. Google says you can't use its services if "you are not of legal age to form a binding contract," which implies that millions of teenagers would be unindicted criminals. Match.com says you can't lie about your age, criminalizing the profile of anyone not a model of probity. "I do not see any serious argument why such conduct should be criminal," Kerr says. The Justice Department disagrees. In fact, as part of a broader push to rewrite cybersecurity laws, the White House has proposed (PDF) broadening, not limiting, CFAA's reach. Stewart Baker, an attorney at Steptoe and Johnson who was previously a Homeland Security assistant secretary and general counsel at the National Security Agency, has suggested that the administration's proposals to expand CFAA are Draconian. Uploading copyrighted YouTube videos twice "becomes a pattern of racketeering," with even more severe criminal penalties, "at least if Justice gets its way," Baker wrote. In a kind of pre-emptive attack against Kerr's proposed fixes, the Justice Department's Downing says the CFAA properly criminalizes "improper" online activities. "Businesses should have confidence that they can allow customers to access certain information on the business's servers, such as information about their own orders and customer information, but that customers who intentionally exceed those limitations and obtain access to the business's proprietary information and the information of other customers can be prosecuted," Downing's prepared remarks say. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 15 07:26:37 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Nov 2011 08:26:37 -0500 Subject: [Infowarrior] - DoJ-DHS Law Enforcement Guidelines for First Amendment-Protected Events Message-ID: <133D4184-E85A-4F5F-AFC5-C5F8D59D46AB@infowarrior.org> DoJ-DHS Law Enforcement Guidelines for First Amendment-Protected Events Law Enforcement Guidelines for First Amendment-Protected Events ? 34 pages ? October 2011 ? 4.1 MB http://publicintelligence.net/doj-dhs-law-enforcement-guidelines-for-first-amendment-protected-events/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 15 08:27:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Nov 2011 09:27:03 -0500 Subject: [Infowarrior] - Salman Rushdie wins the right to have a Facebook account Message-ID: Salman Rushdie wins the right to have a Facebook account Whooop-de-do By Dave Neal Tue Nov 15 2011, 12:12 http://www.theinquirer.net/inquirer/news/2125025/salman-rushdie-wins-facebook-account DIVISIVE AUTHOR Salman Rushdie has announced a small victory, the right to have his own Facebook page. The author fell out with the social network over the use of his pen name, which takes his middle name as his first. According to a report at the BBC, Facebook had insisted that he call himself Ahmed Rushdie, but has since relented. "Victory! #Facebook has buckled! I'm Salman Rushdie again. I feel SO much better. An identity crisis at my age is no fun. Thank you Twitter!" "Just received an apology from The #Facebook Team. All is sweetness and light," he added. "Sweetness and light" is just about right. Rushdie had got himself rather worked up about the middle name denial. As well as listing other famous people known for using their middle names, he called out Mark Zuckerberg on Twitter and demanded that he prove himself to be who he claimed to be. Other tweets from the Rushdie Twitter account riff on the same theme. "If F. Scott Fitzgerald was on #Facebook, would they force him to be Francis Fitzgerald? What about F. Murray Abraham?," he asked, and "Dear #Facebook, forcing me to change my FB name from Salman to Ahmed Rushdie is like forcing J. Edgar to become John Hoover." ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 15 11:30:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Nov 2011 12:30:44 -0500 Subject: [Infowarrior] - TRICARE Reports Data Breach Message-ID: <69D5883A-6DD0-4236-8766-394C02AFB1B7@infowarrior.org> TRICARE Reports Data Breach http://www.military.com/veterans-report/tricare-reports-data-breach?ESRC=vr.nl Week of November 14, 2011 A loss of computer tapes by Science Applications International Corporation (SAIC) may have placed TRICARE patient data at risk. Computer tapes containing personally identifiable and protected health information (PII/PHI) of 4.9 million military clinic and hospital patients in Texas were stolen. Individuals may protect their personal information by taking the steps suggested by theFederal Trade Commission. Concerned patients may contact the SAIC Incident Response Call Center, Monday through Friday, 9 a.m. To 6 p.m. Eastern Time, at (855) 366-0140 (toll free) for United States callers and (952) 556-8312 (collect) internationally. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 15 12:55:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Nov 2011 13:55:43 -0500 Subject: [Infowarrior] - 11/16 is American Internet Censorship Day Message-ID: On 11/16, Congress holds hearings on the first American Internet censorship system. This bill can pass. If it does the Internet and free speech will never be the same. Join all of us on the 16th to stop this bill. http://americancensorship.org/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 15 13:42:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Nov 2011 14:42:36 -0500 Subject: [Infowarrior] - Viacom: Pass SOPA Or Spongebob Dies Message-ID: Viacom: Pass SOPA Or Spongebob Dies from the seriously dept http://www.techdirt.com/articles/20111115/01372816773/viacom-pass-sopa-spongebob-dies.shtml It's the most unintentionally hilarious video of the year... Viacom has put out one of the most ridiculous "anti-piracy" propaganda videos yet, complete with debunked stats, ridiculous claims, ominous music... and lots and lots of Viacom employees admitting that they're too clueless to adapt to a changing marketplace, and begging you to give them money so they can keep their jobs. Seriously. As the video goes on, the claims get more and more ridiculous, to the point where someone even threatens that if you don't keep buying Viacom products, Spongebob might no longer exist. And, really, that's the hilarious part. So much of the video is just people begging others to save them. They beg people to give them money. They beg the government to save their jobs. Nowhere, however, do they talk about actually adapting. Nowhere do they talk about making use of what the internet provides to build bigger audiences, to promote better, and to better monetize. Because that's the kind of stuff that Viacom just doesn't do. It just begs others to cover up for its own business failures. Remember, this is the same company where the CEO made $84.5 million last year (a $50 million raise). I'd embed the video here, but remember that Viacom is trying to sue YouTube out of existence, so they didn't put it up on YouTube... in fact, they didn't put it up in a manner that lets you embed it anywhere. So you'll just have to go to Viacom's website and watch the video directly there yourself... costing Viacom's bandwidth. They could have gotten that bandwidth for free if they'd just posted the video to YouTube... but, as we're told in the video, "free" is "stealing." And it destroys jobs. Except for Viacom's CEO. He's doing okay. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 15 13:44:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Nov 2011 14:44:23 -0500 Subject: [Infowarrior] - SSRC: The Copy Culture Survey: Infringement and Enforcement in the US Message-ID: ? The War Between the States (to Subsidize Hollywood), Part 4: Tower Heist Heist The Copy Culture Survey: Infringement and Enforcement in the US Posted on November 15, 2011 by karaganis COPY CULTURE: INFRINGEMENT AND ENFORCEMENT IN THE U.S. (PDF) The U.S. House of Representatives is now debating the Stop Online Piracy Act (SOPA)?the counterpart to the Senate?s PROTECT IP Act. If passed, the bill will expand criminal penalties for copyright infringement and give the government (and private parties) new powers to block access to websites accused of facilitating infringement. The bill is the latest in a series of efforts to strengthen copyright enforcement online. Earlier this year, Internet Service Providers and the film and record industries reached an agreement to expand the private policing of online infringement. Search engines, social networking platforms, cloud storage providers, universities, and other institutions face growing pressure to monitor and filter Internet activity. This research note is an effort to bring American public opinion to bear on this vital conversation. The note excerpts a forthcoming survey-based study called Copy Culture in the U.S. and Germany. Drawing on results from the U.S. portion of the survey, it explores what Americans do with digital media, what they want to do, and how they reconcile their attitudes and values with different policies and proposals to enforce copyright online. The Copy Culture survey was sponsored by The American Assembly, with support from a research award from Google. The content of the survey and its findings are solely the responsibility of the researchers. The U.S. survey was conducted by Princeton Survey Research Associates International. The results are based on interviews on landline and cellular telephones conducted in English with 2,303 adults age 18 or older living in the continental United States from August 1-31, 2011. For results based on the entire sample, the margin of error is plus or minus 2 percentage points. < -- BIG SNIP -- > http://piracy.ssrc.org/the-copy-culture-survey-infringement-and-enforcement-in-the-us/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 15 17:46:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Nov 2011 18:46:20 -0500 Subject: [Infowarrior] - Do Tons Of Sprint And Verizon Phones Contain A Rootkit, Potentially Tracking All Sorts Of Info? Message-ID: <1046A658-24AC-48D7-9896-08791E0A46A9@infowarrior.org> Do Tons Of Sprint And Verizon Phones Contain A Rootkit, Potentially Tracking All Sorts Of Info? http://www.techdirt.com/blog/wireless/articles/20111115/01592616774/do-tons-sprint-verizon-phones-contain-rootkit-potentially-tracking-all-sorts-info.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 15 19:32:19 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Nov 2011 20:32:19 -0500 Subject: [Infowarrior] - As Zuccotti Park is Cleared, Congress Moves to Gut Financial Reform Message-ID: As Zuccotti Park is Cleared, Congress Moves to Gut Financial Reform Submitted by Mary Bottari on November 15, 2011 - 11:09am http://www.prwatch.org/news/2011/11/11130/zuccotti-park-cleared-congress-moves-gut-financial-reform In the dead of night last night, the movement to hold big banks accountable for their crimes took two major hits. Occupy Wall Street activists were swept from Zuccotti Park as radical members of Congress moved to gut funding for the Commodity Futures Trading Commission (CFTC) and advance a series of shocking proposals to roll back financial reform. Mayor Bloomberg decided that a bit of dirt and grime was worth risking a riot. He arrested over 70 in Zuccotti Park, issuing a lengthy and unconvincing statement regarding the dangers of camping. So worried was the NYPD about what might happen they forced down a CBS helicopter filming from above, according to Gawker. On Capitol Hill, a similar rout was taking place in the dead of night. In a fast move that deals a serious blow to a key regulator in charge of Wall Street derivatives trading, Obama?s budget request for CFTC was cut by more than a third by GOP legislators eager to kill any oversight of Wall Street. According to Politico, the administration had sought $308 million for the new fiscal year, but the amount is expected to come in closer to $205 million. Better Markets, a Wall Street watchdog group, explains the problem this way: "The derivatives market is $600 trillion big and much of that market is controlled by just 4 Wall Street megabanks: JP Morgan Chase, Citigroup, Bank of America and Goldman Sachs. Who is the watchdog for those derivatives? The CFTC has responsibility for most of them and it is getting a budget of only $205 million. They will not be able to hire the people or buy the technology that they need to keep up with Wall Street, never mind actually keep watch over them to try to prevent another financial catastrophe." Crippling the CFTC is, of course, part of the GOP plan. As CFTC has moved this year to bring transparency to dark markets and crack down on commodities speculation, the tiny agency has been a lightning rod for right-wingers who opposed the 2010 Dodd-Frank reforms. Five More Pro-Wall Street Measures Up Today Today, the House Financial Services Capital Markets subcommittee will move to advance five more bills which would roll back critical reforms. We Love Bailouts Bill: HR 1838 (Stivers) would repeal a section of the Dodd-Frank Act that prohibits the Federal Government from bailing out big Wall Street derivatives dealers. What are they thinking? With Merrill Lynch right now attempting to transfer a total of $75 trillion in derivatives bets from its investment arm into Bank of America, its FDIC-insured parent company, why is the GOP eager to facilitate the next giant taxpayer bailout? Dark Markets are Good for You Bill: HR 2586 (Garrett) would allow big Wall Street derivatives dealers to continue opaque bilateral trading and allow them to avoid price transparency required by the Dodd-Frank bill. Off-book gambling in the derivatives market was a key cause of the 2008 financial crisis, and Dodd-Frank made huge steps forward, requiring the vast majority of derivatives to be traded in open forums where everyone could see what is going on in this $600 trillion dollar market. Similarly, HR 2779 (Stivers) would exempt all transactions between related affiliates from derivatives regulations, creating less, not more, transparency. Swap Till You Drop Bill for Pension Funds: HR 3045 (Canseco) would permit swaps dealers to get a blanket exemption from any duty to respect the best interests of pension funds when giving any advice on a swaps deal. Just last week, we saw the largest municipal bankruptcy in United States history, in Jefferson County, Alabama, which was caused when JP Morgan Chase bribed local officials into entering a swaps deal to refinance a sewage district. Go Back to Sleep SEC Bill: HR 2308 (Garrett) would create a series of new hurdles for the Securities Exchange Commission (SEC) to jump before the institution can pass a new rule or regulation. SEC is not my favorite regulator and their fines on the big Wall Street banks have not been commensurate with the crimes, but compared to the U.S. Justice Department, SEC regulators have been veritable energizer bunnies, extracting billions in concessions. Suicidal Loyalty to Wall Street Barons The House GOP has such a suicidal loyalty to their friends on Wall Street that they simply refuse to learn any lessons, even from very recent history. As they drink the Kool-Aid, Occupy Wall Street is winning its court fight this morning and regrouping. The Occupy Movement cannot be stopped. The question today is, can Congress? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 15 20:45:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 15 Nov 2011 21:45:14 -0500 Subject: [Infowarrior] - U.S. reserves right to meet cyber attack with force Message-ID: <9985C823-0BF0-4CD1-9540-499AAD66A861@infowarrior.org> U.S. reserves right to meet cyber attack with force 7:47pm EST By David Alexander http://www.reuters.com/article/2011/11/16/us-usa-defense-cybersecurity-idUSTRE7AF02Y20111116 WASHINGTON (Reuters) - The United States reserves the right to retaliate with military force against a cyberattack and is working to sharpen its ability to track down the source of any attack, the Pentagon said in a report made public on Tuesday. The 12-page report to Congress, which was mandated by the 2011 Defense Authorization Act, was one of the clearest statements to date of U.S. cybersecurity policy and the role of the military in the event of an attack on U.S. assets through cyberspace. "When warranted, we will respond to hostile attacks in cyberspace as we would to any other threat to our country," the report said. "We reserve the right to use all necessary means - diplomatic, informational, military and economic - to defend our nation, our allies, our partners and our interests." Cyberspace is a particularly challenging domain for the Pentagon. Defense Department employees operate more than 15,000 computer networks with 7 million computers at hundreds of locations around the world. Their networks are probed millions of times a day and penetrations have caused the loss of thousands of files. The report said the Defense Department was attempting to deter aggression in cyberspace by developing effective defenses that prevent adversaries from achieving their objectives and by finding ways to make attackers pay a price for their actions. "Should the 'deny objectives' element of deterrence not prove adequate," the report said, "DoD (Department of Defense) maintains, and is further developing, the ability to respond militarily in cyberspace and in other domains." FINDING THE ATTACKERS Key to a military response is being able to quickly identify the source of an attack, particularly challenging due to the anonymous nature of the Internet, the report said. In an effort to crack that problem, the Pentagon is supporting research focusing on tracing the physical source of an attack and using behavior-based algorithms to assess the likely identity of an attacker, the report said. U.S. security agencies also are developing a cadre of highly skilled cyber forensics experts and are working with international partners to share information in a timely manner about cyber threats, including malicious code and the people behind it, it said. Attacks on U.S. computer networks have become relentless in recent years and have cost defense industries an estimated $1 trillion in lost intellectual property, competitiveness and damage. One defense company lost some 24,000 files in an intrusion in March. Before moving to offensive action, the United States would exhaust all other options, weigh the risk of action against the cost of inaction and "act in a way that reflects our values and strengthens our legitimacy, seeking broad international support wherever possible," the report said. "If directed by the president, DoD will conduct offensive cyber operations in a manner consistent with the policy principles and legal regimes that the department follows for kinetic capabilities, including the law of armed conflict," the report said. The report followed the release in mid-July of the Pentagon's cybersecurity policy, which designated cyberspace as an "operational domain" like land, sea and air where U.S. forces would be trained to conduct offensive and defensive operations. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 06:44:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 07:44:04 -0500 Subject: [Infowarrior] - Deja Vu: Wall Street keeping Italy Debt Exposure Secret Message-ID: JPMorgan Joins Goldman Keeping Italy Debt Risk in Dark By Christine Harper and Michael J. Moore - Nov 15, 2011 7:01 PM ET http://www.bloomberg.com/news/2011-11-16/jpmorgan-joins-goldman-keeping-investors-in-dark-on-italy-derivatives-risk.html JPMorgan Chase & Co. (JPM) and Goldman Sachs Group Inc. (GS), among the world?s biggest traders of credit derivatives, disclosed to shareholders that they have sold protection on more than $5 trillion of debt globally. Just don?t ask them how much of that was issued by Greece, Italy, Ireland, Portugal and Spain, known as the GIIPS. As concerns mount that those countries may not be creditworthy, investors are being kept in the dark about how much risk U.S. banks face from a default. Firms including Goldman Sachs and JPMorgan don?t provide a full picture of potential losses and gains in such a scenario, giving only net numbers or excluding some derivatives altogether. ?If you don?t have to, generally people don?t see the advantage to doing it,? said Richard Lindsey, a former director of market regulation at the U.S. Securities and Exchange Commission who worked at Bear Stearns Cos. from 1999 through 2006. ?On the other hand, if there were a run on Goldman Sachs tomorrow because the rumor was that they had exposure to Greece, you?d see them produce those numbers.? A case in point: Jefferies Group Inc. (JEF), the New York-based securities firm, disclosed every long and short position it held on European debt earlier this month after its shares plunged more than 20 percent. Jefferies also said it wasn?t relying on credit-default swaps, contracts that promise to pay the buyer if the underlying debt defaults, as a hedge on European holdings. ?Funded? Exposure By contrast, Goldman Sachs discloses only what it calls ?funded? exposure to GIIPS debt -- $4.16 billion before hedges and $2.46 billion after, as of Sept. 30. Those amounts exclude commitments or contingent payments, such as credit-default swaps, said Lucas van Praag, a spokesman for the bank. Goldman Sachs includes CDS in its market-risk calculations, of which value-at-risk is one measure, and it hedges the swaps and holds collateral against the hedges, primarily cash and U.S. Treasuries, van Praag said. The firm doesn?t break out its estimate of the market risk related to the five countries. JPMorgan said in its third-quarter SEC filing that more than 98 percent of the credit-default swaps the New York-based bank has written on GIIPS debt is balanced by CDS contracts purchased on the same bonds. The bank said its net exposure was no more than $1.5 billion, with a portion coming from debt and equity securities. The company didn?t disclose gross numbers or how much of the $1.5 billion came from swaps, leaving investors wondering whether the notional value of CDS sold could be as high as $150 billion or as low as zero. Counterparty Clarity ?Their position is you don?t need to know the risks, which is why they?re giving you net numbers,? said Nomi Prins, a managing director at New York-based Goldman Sachs until she left in 2002 to become a writer. ?Net is only as good as the counterparties on each side of the net -- that?s why it?s misleading in a fluid, dynamic market.? Investors should want to know how much defaulted debt the banks could be forced to repay because of credit derivatives and how much they?d be in line to receive from other counterparties, Prins said. In addition, they should seek to find out who those counterparties are, she said. JPMorgan sought to allay concerns that its counterparties are unreliable by saying in the filing that it buys protection only from firms outside the five countries that are ?either investment-grade or well-supported by collateral arrangements.? The bank doesn?t identify the counterparties. Citigroup, Morgan Stanley Bank of America, Citigroup Inc. (C) and Morgan Stanley also don?t list gross amounts of CDS on GIIPS debt in their filings. All three banks provide figures within their disclosures that they say include a net of their credit-default swaps bought and sold on the five countries. Citigroup?s net funded exposure as of Sept. 30 was $7.2 billion, and its unfunded commitments were $9.2 billion, the New York-based bank said in a filing and a presentation. Bank of America, based in Charlotte, North Carolina, said total net exposure was $14.6 billion for the five countries, while New York-based Morgan Stanley (MS) listed $2.1 billion. Jon Diat, a Citigroup spokesman, declined to comment, as did Bank of America?s Jerry Dubrowski, JPMorgan?s Howard Opinsky and Morgan Stanley?s Mark Lake. Banks exchange collateral, usually cash or liquid securities such as U.S. government debt, with trading partners as the value of their credit-default swaps fluctuates and their perception of one another?s ability to repay changes. Bungee Cords If the value of Italian bonds drops, as it did last week, a U.S. firm that sold a credit-default swap on that debt to a French bank would have to provide more collateral. The same U.S. company might be collecting collateral from a British bank because it bought a swap from that firm. As long as all three banks can make good on their promises, the trade doesn?t have much risk. It could all unravel if the British firm runs into trouble because it?s waiting for a payment from an Italian company that defaults. The collapse of Lehman Brothers Holdings Inc. in 2008 demonstrated some of the ripple effects that one failure can have in the market. ?We learned from Lehman that all of these firms are tied together with bungee cords -- you can?t just lift one out without it affecting everyone else in the group,? said Brad Hintz, an analyst at Sanford C. Bernstein & Co. in New York who previously worked at Lehman Brothers and Morgan Stanley. More disclosure ?may push the stock prices down when it becomes clear how big the bungee cords are. But it certainly would be a welcome addition for an analyst.? FASB Rule The Financial Accounting Standards Board in 2008 started requiring companies to disclose the worldwide gross notional credit protection they?ve written and bought. As of Sept. 30, JPMorgan said it had sold $3.13 trillion of credit-derivative protection and purchased $3.07 trillion, up from $2.75 trillion sold and $2.72 trillion bought at the end of 2010, filings show. Goldman Sachs disclosed it had written $2.07 trillion and bought $2.20 trillion, about the same amount it reported at year-end. At the end of the second quarter, those two firms accounted for 43 percent of the $24 trillion of credit derivatives sold and bought by the 25 largest banks in the U.S., according to the Office of the Comptroller of the Currency. The top five account for 97 percent of the total, the data show. Guarantees provided by U.S. lenders on government, bank and corporate debt in Greece, Italy, Ireland, Portugal and Spain rose by $80.7 billion to $518 billion in the first half of 2011, according to the Bank for International Settlements. ?Ultra-Transparency? Neither FASB nor the SEC requires banks to disclose how many of those derivatives are written by country or region. That?s something Richard Fisher, president of the Federal Reserve Bank of Dallas, would like to see changed. ?We should have ultra-transparency on those institutions,? Fisher said of the biggest financial firms in a Nov. 14 interview at Bloomberg headquarters in New York. ?They should report both their gross and their net CDS exposure, and they should do it country-by-country. After all, they need to inform their shareholders.? Banks are reluctant to provide the figures in part because doing so would reveal too much information about their positions and operations, said Jon Fisher, a portfolio manager at Fifth Third Asset Management in Minneapolis, which manages more than $16 billion. The sheer size of the numbers may also be a deterrent, investors said. ?Biggest Fear? ?I think the biggest fear is the numbers are so large that even though they offset, it would maybe shock people,? said Ralph Cole, a senior vice president in research at Ferguson Wellman Inc. in Portland, Oregon, which manages $2.8 billion including JPMorgan stock. ?Maybe they don?t think that disclosure will be treated fairly or understood well.? Still, ?they need to give us a good reason why we shouldn?t see that,? he said. ?More disclosure is better, and you can see that in their valuations right now.? Bank of America, Citigroup, Goldman Sachs and Morgan Stanley have each fallen more than 40 percent this year, while JPMorgan has dropped 23 percent. Each of the lenders trades at least 24 percent below book value, indicating investors are questioning the assets on the firms? balance sheets. Lloyd C. Blankfein, 57, Goldman Sachs?s chairman and chief executive officer, said in an interview with the Financial Crisis Inquiry Commission staff last year that the amount of the firm?s derivatives trades shouldn?t be a cause for alarm. ?Longs and Shorts? ?We either have netting agreements, or they foot, or they cancel each other out, or they?re longs and shorts on the same instrument,? he said, answering a question about how the firm manages so many contracts in a crisis. ?The only way you can run a business like that is to have these systems work so they can aggregate stuff, so you can run the business on a macro basis, and also so you can get the details quickly if you need them. And that?s all systems and technology.? Lindsey, the former SEC official who?s now president of New York-based Callcott Group LLC, which consults on markets and market operations, said few firms have systems that can portray their real-time exposure to trading partners. ?That?s very difficult for any firm to have a good handle on all of that -- you know large positions and you know what certain positions are, but to be able to say I?ve adequately aggregated all of my long exposure and all of my short exposure to a specific counterparty may be very difficult,? Lindsey said. ?I don?t know of a firm where it?s not pulled together by a phone call, where somebody says, ?OK, we need to know our exposure to X,? and a lot of people stop their day jobs and try to find an answer.? ?Needlessly Cause Reaction? Lindsey said banks may be wary of disclosures that could confuse investors. Figures such as gross notional exposure -- the total amount of debt insured by credit derivatives -- give investors an exaggerated sense of the risk and could ?needlessly cause reaction,? he said. Other methods, such as stress-testing, scenario analysis or so-called value-at-risk estimates, rely on models that may underestimate risk because historical data on sovereign defaults show them to be unlikely. ?If you?re looking at your exposure to a defaulting sovereign, there?s a relatively low frequency rate,? Lindsey said. ?So it really depends on what they?ve done internally to back up their ideas of what their assessment of the probability of default is.? To contact the reporters on this story: Christine Harper in New York at charper at bloomberg.net; Michael J. Moore in New York at mmoore55 at bloomberg.net To contact the editor responsible for this story: Rick Green at rgreen18 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 07:43:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 08:43:11 -0500 Subject: [Infowarrior] - Who's Missing From Today's SOPA Hearing? A Short List Message-ID: https://www.eff.org/deeplinks/2011/11/whos-missing-todays-sopa-hearing-short-list November 16, 2011 - 1:01am | By Eva Galperin Who's Missing From Today's SOPA Hearing? A Short List The House Judiciary Committee will meet today for a hearing on the controversial Stop Online Privacy Act (SOPA). What could have been an opportunity for the committee to hear from a variety of stakeholders has devolved into parade of pro-SOPA partisans. Scheduled to testify are representatives from the Register of Copyrights, Pfizer Global Security, the Motion Picture Association of America, the AFL-CIO, and Mastercard Worldwide?many of which helped to draft this legislation in the first place, and didn?t let anyone else into the room. The only scheduled witness in opposition to the bill is Katherine Oyama, policy counsel on copyright and trademark law for Google. Whether you support or oppose the bill, there?s no question that it will affect a broad range of activities, which is one reason we?ve seen an extraordinary outcry of opposition since the bill was introduced. In case you are wondering who the Committee should be hearing from today, here is a small sampling of the stakeholders that deserve a seat at the negotiating table: Public interest organizations EFF, Public Knowledge, and the Center for Democracy and Technology have all raised strong objections to SOPA, including concerns that the language in the bill is so broad that it could be used to shut down access to almost any website. Consumer organizations Consumer groups have also raised concerns that SOPA could be used to close off online exchanges that provide lower prices for consumers and allow for anti-consumer practices by online service providers. And that?s only the beginning ? if made law, this bill would give overreaching rightholders any easy way to threaten innovation, including social media and cloud computing, that consumers count on. Independent filmmakers and musicians Independent artists are often innovators, trying out new technologies and business models in order to distribute and profit from their work. Independent producers of content have expressed concern that SOPA will shut down the innovative technologies they rely on, or prevent them from being built in the first place. Internet Engineers The engineers who helped to build the Internet have warned that SOPA will break the Internet by meddling with the Domain Name System, which links IP addresses to domain names. Technology Companies Aside from Google, no technology company has a seat at the table. Google has joined a coalition of companies, including Facebook, eBay and Zynga, in opposing SOPA on the grounds that it will stifle innovation and cost the US tech-sector jobs. But surely the Committee needs to hear from some of the numerous job-creating companies in the tech sector ? as well as the innovators of tomorrow ? who might be affected by this bill? This legislation is full of holes ? and it appears its sponsors don?t want them exposed. Tell Congress to stop this bill now! --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 07:43:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 08:43:20 -0500 Subject: [Infowarrior] - SOPA Will Have Grave Effects On The Health Of Hundreds Of Thousands Of Americans Message-ID: <505124E9-0CD0-4656-9326-1B0FD4CC11A4@infowarrior.org> SOPA Will Have Grave Effects On The Health Of Hundreds Of Thousands Of Americans http://www.techdirt.com/articles/20111115/15345616781/sopa-will-have-grave-effects-health-hundreds-thousands-americans.shtml from the conflating-legal-and-rogue-foreign-pharamacies dept This is a guest post from Lee Graczyk, lead organizer of RxRights, a national coalition of individuals and organizations concerned about the high cost of U.S. pharmaceuticals. The House Judiciary Committee today is holding a hearing to examine the Stop Online Piracy Act (SOPA), a bill that proposes to address online copyright and trademark infringement by denying services to registrants, owners or operators of Internet sites. There has been much discussion on the technological implications of this bill, but Congress and the media have overlooked SOPA's major health implications--it would take away Americans' access to safe, affordable prescription medications from licensed, legitimate Canadian and other international pharmacies. No one would disagree that websites illegally distributing "knock-off" goods, which include rogue online pharmacies, are a public menace. However, SOPA's definition of an Internet site that endangers public health (even worse than in its Senate counterpart, the PROTECT IP Act) is so vague and broad that safe, legitimate Canadian and other international pharmacies could be shut-down "in the dark of night." This is because SOPA inappropriately groups together real pharmacies--licensed, legitimate pharmacies that require a doctor's prescription and sell brand-name medications--and the rogues, who sell everything from diluted or counterfeit medicine to narcotics without a prescription. This oversight is extremely dangerous for Americans (I am one of them) who rely on legitimate Canadian and other international pharmacies to import safe, affordable prescription medications they need to survive. For example, 90,000 people in Florida alone would lose access to safe, affordable prescription medications because of SOPA. Each year, hundreds of thousands of Americans import safe, affordable prescription drugs because they cannot afford the same brand-name medications that are sold in the U.S., which cost at least twice as much. Others refuse to pay the exorbitant costs of prescription medications when there is a more economical way that is just as safe. The bottom line is that pharmacies accredited through organizations such as the Canadian International Pharmacy Association, Pharmacy Accreditation Services and Pharmacy Checker are the "real deal." They sell brand-name prescription medications made by top manufacturers. A recent study by the Commonwealth Fund highlights the need for drug importation. According to the survey on health insurance coverage, a staggering 48 million Americans ages 19-64 did not fill a prescription due to cost in 2010, which represents a 66 percent increase since 2001. Americans, especially those without insurance and seniors living on fixed incomes, should not have to make choices like whether to fill their prescriptions or buy groceries for the week. Everyone, including those in the tech community with whom we agree on the overall negative impact of SOPA, should bear in mind the severe health implications of this bill, which would affect the well-being of patients across the U.S. If Americans don't take action to protect their right to safe and affordable medications, they could lose their access to safe, legitimate pharmacies and, therefore, vital medications they need to stay alive. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 07:43:27 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 08:43:27 -0500 Subject: [Infowarrior] - Over 100 Lawyers, Law Professors & Practitioners Come Out Against SOPA Message-ID: Over 100 Lawyers, Law Professors & Practitioners Come Out Against SOPA http://www.scribd.com/doc/72807693/Law-Profs-Letter-Against-SOPA-PROTECT-IP --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 07:43:34 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 08:43:34 -0500 Subject: [Infowarrior] - SOPA/PROTECT IP Would Be Hideously Bad For Video Gamers Message-ID: SOPA/PROTECT IP Would Be Hideously Bad For Video Gamers from the our-rights-are-not-a-game dept http://www.techdirt.com/articles/20111115/15040016780/sopaprotect-ip-would-be-hideously-bad-video-gamers.shtml Jennifer Mercurio is the Vice President and General Counsel of the Entertainment Consumers Association (ECA), the nonprofit membership organization which represents gamers in the U.S. and Canada. If a pair of bills on Capitol Hill, called the Stop Online Piracy Act (SOPA) and PROTECT IP, pass, you could be fined and thrown in jail for streaming (i.e., "performing") your video game speed runs or game play. Just as people post cute pictures and videos of themselves, their pets and their kids singing and dancing to copyrighted works, gamers of all ages routinely post pics and stream video of themselves during game play. All of these things have, for the most part, been considered "fair use" under the law. Tens of thousands of videos currently available online featuring game play from popular games like Call of Duty, Halo, Starcraft and others could be made illegal under these laws. Since games also rely on the unique and fresh content that gamers create structurally and within game play, SOPA/PROTECT IP would freeze such innovation. Creative new works developed out of the technology of video games could be stifled by these new laws. Machinima, or videos created using in-game tools such as in Red vs. Blue, may never have come about if SOPA/PROTECT IP were in place. There are also serious "due process" issues with SOPA/PROTECT IP. Under constitutional due process, if the government prosecutes you, you must have the ability to defend yourself before being penalized; and the prosecution and governing board must be a government body, not a private company such as YouTube, or a ratings entity like the Entertainment Software Rating Board (ESRB). The Digital Millennium Copyright Act (DMCA) presently mandates that a take-down notice regarding potential infringement must first be sent to the Internet service provider or host, which then must comply, if it wants to retain its so-called "safe harbor" protection. However, the alleged infringer can then send a counter-notice stating basically, "no we're not infringing, here is why." Under the current safe harbor provisions, the service provider is then required to put the material in question back up in 10 days if there is no further action taken on the part of the content owner. Here, SOPA/PROTECT IP forgo even this slight due process. These bills lack the provisions requiring the providers to put the material back up following a counter notice. Instead, the incentives are for service providers to keep the content down. Furthermore, a court order via a judge could require payment processors and ad networks to cut off service, before sites are convicted of any wrong-doing. The accused would then need to defend themselves. In other words, the impact of the bill is that they are found guilty before their day in court. The legislation would also allow Internet companies hosting the content to arbitrarily set standards regarding various classes of works and amateur performers and demand removal of content or petition the government to outright block access to websites, creating an Internet government-sanctioned blacklist. Internet service providers (ISPs) that are part of a corporation which creates content, such as Comcast, could also then use these laws for anti-competitive practices, arbitrarily enforcing/not enforcing potential infringements of their content or their competitors. Where NBC and G4 could be weaponized and empowered... the potential for abuse is staggering. SOPA/PROTECT IP would also strip the limited defense websites enjoyed under DMCA, and sites could be considered liable for the worst of the worst user, which means that they'd need to penalize all users to protect themselves. Since the bills allow actions against suspected sites, as opposed to just convicted sites, all Internet sites would need to chill the speech placed on them in order to avoid potentially crippling legal responses. Thus companies and sites like Justin.tv, Twitch.tv, Ustream.tv, Tumblr.com, Facebook, YouTube, Google+, Blogger and Wordpress, which used to be immune from prosecution for the content posted on them, would now need to monitor every communication, if they wanted to avoid liability. This will result in a chilling effect across the web. Further, several experts have warned that the domain name system (DNS) filtering requirements of PROTECT IP would weaken Internet security and stability. The filtering provisions would not serve their goal of lowering piracy, but threaten the security and stability of the global DNS. Further, they would undermine the universality of domain names, which has been a backbone of how the Internet is navigated. The experts warn that many of the tools and stated goals of both the government and business related to prevention of cyber attacks and Internet security would be undermined by these bills. SOPA/PROTECT IP also relies on copyright holders setting arbitrary standards regarding economic impact and prosecution for various classes of works and amateur performers. Since items posted to the Internet can be accessed immediately and universally, copyright holders could claim every post would be extremely costly. These bills could impede or block constitutionally protected speech. This point is especially troublesome in the shadow of the great video games speech victory earlier this year, Brown v EMA, where the Supreme Court finally held video games to be such protected speech in their own right. Since we already have laws covering this area on the books, it defies logic to further burden American consumers in these arbitrary and capricious ways. The ECA stands in opposition to these bills. To lend your voice, check out our free online tools, read more about the subjects or help us fight for our rights, visit: http://theeca.com/video_gamers_rights --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 07:48:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 08:48:33 -0500 Subject: [Infowarrior] - SOPA sponsors deride criticisms as "myths" Message-ID: <249A6EE8-B9D4-4443-B3B6-8D536177714C@infowarrior.org> SOPA sponsors deride criticisms as "myths" House Committee hearing on SOPA a one-sided affair By Brian Proffitt 1 comment http://www.itworld.com/security/224681/sopa-sponsors-deride-criticisms-myths November 16, 2011, 7:42 AM ? As the U.S. House Judiciary Committee prepares for its hearing the morning on the Stop Online Piracy Act (SOPA), hundreds of web sites and activists are trying to bring attention to the bill with American Censorship Day. Protestors of SOPA have a long uphill battle, if the testimony in today's committee meeting is any indication. The witness list for the hearing on SOPA, scheduled for this morning at 10 a.m. EST, seems decidedly comprised of witnesses in favor of the new bill. Of the witnesses, only Katherine Oyama, Policy Counsel from Google seems likely to testify against the bill. SOPA (HR. 3261), along with its counterpart bill in the Senate, PROTECT IP (S. 968), are two pieces of legislation with essentially the same theme: give private copyright holders more tools to pull down pirated copy from the Internet. That sounds good on paper, but delving down into the details of each bill reveals some potentially serious problems for free and open source software (FLOSS) developers. The SOPA bill, which is more stringent of the two bills being fast-tracked through Congress, would enable the US Attorney General to send court orders to DNS server operators ordering that DNS servers stop resolving the domain names of infringing sites to their matching IPs. Search engines would also be required to remove or block links to these sites. Each bill also enables private corporations to cut off infringing websites at the financial knees: if a copyright holder finds content on a website that they believe infringes on their copyright, then they can go to any vendor who helps provide revenue to that site and request that the vendor cease working with the site. For instance, the request could go to any ad providers for the allegedly infringing site, and under the new law the ad provider would have five days to cut their ads from the site. Or, if the site uses credit cards or an online payment system like PayPal, the copyright holder can also get those organizations to stop supporting the website. The problem protestors have with both of these bills are that all of these wheels will be set in motion by private corporations--movie studios and recording companies being at the top of that list--and there would be no requirement for proving anything in a court of law before the site is taken down. A copyright holder need only accuse a website of infringement, and the search engine, advertisement, and payment system would be cut off in five days. The DNS filtering would still need the involvement of the Department of Justice to get a court order, but again, there would be no need to prove anything to obtain such an order from a judge. Infringing sites do have those same five days to file a counter-request--presumably to have time to remove the offending material from their site or protest the presence such offending material even being on their site. As I pointed out Monday, additional provisions within SOPA would give the law the power to slap all of these punishments on software developers and distributors, too. This would be a serious concern to the free and open source software community, which typically doesn't have the wherewithal to get into a legal fight with movie studios and industry organizations. Various examples of software that could be affected by a SOPA-based law: VPN, proxy, privacy, or anonymization software--including SSH; software that works with zone files for generic top-level domains; or client-side DNSSEC resolvers. Basically, any software that a private copyright holder might suspect be used for the stealing or hosting of copyrighted material. And again, no legal proof required to take down a site first. Supporters of the new law, and there are many, are very quick to dispel any notion that SOPA--or the Senate version of this bill--will be abused in this manner. Today's hearing is stacked with witnesses that will push the notion that all of these measures are intended to be used against foreign "rogue websites" that currently fall outside of the U.S.'s jurisdiction. If you want an idea of just how one-sided the debate will be today, have a look at the Fact Sheet provided on the House of Representative's web page on SOPA (a page with the filename "issues_RogueWebsites.html"). The Fact Sheet has a less-biased title and filename, but the contents read like something created by the Motion Picture Association of America (MPAA) or the Recording Industry Association of America (RIAA) with the sole intent of allaying any and every fear raised about SOPA. Instead of a balanced approach to addressing the pros and cons of the bill, the Fact Sheet derides each and every legitimate concern about the bill as a "myth." Reading these myth-busting responses, it's almost possible to let yourself get soothed by the themes presented. It's only foreign websites conducting criminal activity that are being targeted, and infringing websites will have full and ample opportunity to fight false claims. But the Fact Sheet neatly avoids mentioning that such battles will have to take place after the website is taken down, and that by filing a protest, any foreign website owner would have to agree to be within the jurisdiction of the U.S. civil courts, should the infringed copyright owner wish to sue them for additional violations later. For domestic sites, fighting a legal battle like this would take time and money that many site owners might not have. The part of the Fact Sheet that will have high interest to FLOSS developers is a passage that addresses the "myth" that the bill will create conflicts between DNS servers. "The bill also prohibits anti-circumvention technologies to protect consumers from unknowingly using foreign servers that could compromise their personal and financial information. Those who may choose to use such technologies to access servers in Russia or China do so knowing that their personal information may be compromised." "Anti-circumvention technologies" will likely refer to those software applications listed above. The black humor around this bill is that as a deterrent against actual criminal websites that host pirated material, it's useless. Yes, Pirate Bay (my bet for one of the first websites targeted as a "rogue" website) won't be reached by typing "http://piratebay.org" in the URL field of a browser, any more. But if people really want to download the latest episode of their favorite movie, how hard is will it be to type "http://194.71.107.15" instead? Lawmakers seem intent on passing this bill, trusting that copyright holders will exercise restraint when enforcing their complaints on infringing material. Yet given the amount of lobbying used to get these bills fast-tracked through Congress--particularly a Congress unwilling to enact broader legislation to combat the nation's serious economic problems--"restraint" seems an odd term to apply. Not to mention the major studio's past history of chasing down copyright infringers: a history where restraint has rarely applied. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 07:50:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 08:50:25 -0500 Subject: [Infowarrior] - OpEd: Stop the Great Firewall of America Message-ID: <2FFB8FD6-7B41-4008-9EC2-C81D51198B76@infowarrior.org> Stop the Great Firewall of America By REBECCA MacKINNON Published: November 15, 2011 http://www.nytimes.com/2011/11/16/opinion/firewall-law-could-infringe-on-free-speech.html China operates the world?s most elaborate and opaque system of Internet censorship. But Congress, under pressure to take action against the theft of intellectual property, is considering misguided legislation that would strengthen China?s Great Firewall and even bring major features of it to America. The legislation ? the Protect IP Act, which has been introduced in the Senate, and a House version known as the Stop Online Piracy Act ? have an impressive array of well-financed backers, including the United States Chamber of Commerce, the Motion Picture Association of America, the American Federation of Musicians, the Directors Guild of America, the International Brotherhood of Teamsters and the Screen Actors Guild. The bills aim not to censor political or religious speech as China does, but to protect American intellectual property. Alarm at the infringement of creative works through the Internet is justifiable. The solutions offered by the legislation, however, threaten to inflict collateral damage on democratic discourse and dissent both at home and around the world. The bills would empower the attorney general to create a blacklist of sites to be blocked by Internet service providers, search engines, payment providers and advertising networks, all without a court hearing or a trial. The House version goes further, allowing private companies to sue service providers for even briefly and unknowingly hosting content that infringes on copyright ? a sharp change from current law, which protects the service providers from civil liability if they remove the problematic content immediately upon notification. The intention is not the same as China?s Great Firewall, a nationwide system of Web censorship, but the practical effect could be similar. Abuses under existing American law serve as troubling predictors for the kinds of abuse by private actors that the House bill would make possible. Take, for example, the cease-and-desist letters that Diebold, a maker of voting machines, sent in 2003, demanding that Internet service providers shut down Web sites that had published internal company e-mails about problems with the company?s voting machines. The letter cited copyright violations, and most of the service providers took down the content without question, despite the strong case to be made that the material was speech protected under the First Amendment. The House bill would also emulate China?s system of corporate ?self-discipline,? making companies liable for users? actions. The burden would be on the Web site operator to prove that the site was not being used for copyright infringement. The effect on user-generated sites like YouTube would be chilling. YouTube, Twitter and Facebook have played an important role in political movements from Tahrir Square to Zuccotti Park. At present, social networking services are protected by a ?safe harbor? provision of the Digital Millennium Copyright Act, which grants Web sites immunity from prosecution as long as they act in good faith to take down infringing content as soon as rights-holders point it out to them. The House bill would destroy that immunity, putting the onus on YouTube to vet videos in advance or risk legal action. It would put Twitter in a similar position to that of its Chinese cousin, Weibo, which reportedly employs around 1,000 people to monitor and censor user content and keep the company in good standing with authorities. Compliance with the Stop Online Piracy Act would require huge overhead spending by Internet companies for staff and technologies dedicated to monitoring users and censoring any infringing material from being posted or transmitted. This in turn would create daunting financial burdens and legal risks for start-up companies, making it much harder for brilliant young entrepreneurs with limited resources to create small and innovative Internet companies that empower citizens and change the world. Adding to the threat to free speech, recent academic research on global Internet censorship has found that in countries where heavy legal liability is imposed on companies, employees tasked with day-to-day censorship jobs have a strong incentive to play it safe and over-censor ? even in the case of content whose legality might stand a good chance of holding up in a court of law. Why invite legal hassle when you can just hit ?delete?? The potential for abuse of power through digital networks ? upon which we as citizens now depend for nearly everything, including our politics ? is one of the most insidious threats to democracy in the Internet age. We live in a time of tremendous political polarization. Public trust in both government and corporations is low, and deservedly so. This is no time for politicians and industry lobbyists in Washington to be devising new Internet censorship mechanisms, adding new opportunities for abuse of corporate and government power over online speech. While American intellectual property deserves protection, that protection must be won and defended in a manner that does not stifle innovation, erode due process under the law, and weaken the protection of political and civil rights on the Internet. Rebecca MacKinnon, a senior fellow at the New America Foundation and a founder of Global Voices Online, is the author of the forthcoming ?Consent of the Networked: The Worldwide Struggle for Internet Freedom.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 08:12:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 09:12:47 -0500 Subject: [Infowarrior] - Non-users of Facebook tracked by social network Message-ID: Not a new story per se, since cookies can be used in many creative ways -- but still worth passing along. -- rick Non-users of Facebook tracked by social network Wednesday - 11/16/2011, 7:45am ET http://www.wtop.com/?nid=41&sid=2635253 Evan Haning, wtop.com UNDATED - As Facebook has grown, so has the amount of personal data it collects, including information about people who have not chosen to join the social network. For the first time, Facebook explained how it tracks both users and non-users in a series of phone and email exchanges with USA TODAY. When a Facebook user visits a Facebook.com page, two different kinds of tracking cookies are placed in the user's browser -- a "session cookie" and a "browser cookie." Non-Facebook members and Facebook users who are logged off receive the browser cookie. When Facebook users are logged on, the session cookie records the websites they visit, along with their names, email addresses, list of friends and preferences as indicated by the "like" buttons they have clicked in the past. The online habits of those who did not join Facebook - as well as Facebook users not signed into their accounts - are tracked by the browser cookie, but they are identified by number, not by name. Both cookies log IP addresses, screen resolutions, operating systems and record which browser (Mozilla-Firefox, Internet Explorer, Google, etc.) a person is using. That information is kept for 90 days. Facebook says it uses tracking data from these cookies to enhance both security and its users' experiences, but does not yet use tracking data to target ads to specific people. Privacy advocates say that when used creatively such data collection can be dangerous. In Los Angeles, ABC-TV consumer reporter Ric Romero found that a man's insurance benefits were canceled after an investigator saw a picture of him sitting on a beach, drinking a beer. The picture was on Facebook. Insurance investigators told Romero that honest people have nothing to fear. But the man whose benefits were denied had to hire an attorney and take his case to a labor board in order to prove his injury was not fraudulent. Facebook is getting pressure from government agencies here and abroad. Facebook has been haggling with the Federal Trade Commission over privacy, and The Wall Street Journal reports the social network is nearing a settlement with federal regulators that would require it to get the approval of a user before making changes that expose his profile and activities to a wider audience. The settlement also would require Facebook to undergo independent privacy audits for the next 20 years. Follow Evanand WTOP on Twitter. (Copyright 2011 by WTOP. All Rights Reserved.) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 09:54:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 10:54:41 -0500 Subject: [Infowarrior] - SOPA hearing witness list Message-ID: (EFF is live-tweeting, too -- rick) http://judiciary.house.gov/hearings/hear_11162011.html Witness List Maria Pallante Register of Copyrights U.S. Library of Congress John Clark Chief Security Officer and VP of Global Security Pfizer Michael O'Leary Senior Executive Vice President Global Policy and External Affairs MPAA Linda Kirkpatrick Group Head Customer Performance Integrity MasterCard Katherine Oyama Policy Counsel Google Paul Almeida President Dept. of Professional Employees AFL-CIO --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 10:00:44 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 11:00:44 -0500 Subject: [Infowarrior] - EFF live-tweeting SOPA.... Message-ID: For those interested in monitoring the pathetic idiocy being proposed in Washington for no reason other than to prop up failing business models of Industrial Age industry cartels -- https://twitter.com/#!/EFFLive --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 12:26:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 13:26:55 -0500 Subject: [Infowarrior] - Cyber Warfare Decomposition... Fail Message-ID: (c/o DN) Cyber Warfare Decomposition... Fail https://infosecisland.com/blogview/12639-Cyber-Warfare-Decomposition-Fail.html Thursday, March 24, 2011 Contributed By: J. Oquendo Hopefully you would have read the introduction into the ?Art of Cyberwarfare? series to understand where this is coming from and where it is headed. With that out of the way, let me dive into ?Cyberwarfare Decomposition ... Fail.? From the Intelligence Analysis book: Decomposition: Breaking a thought or activity into basic elements to discern meaning or facilitate a more complete understanding. Decomposition of a cyberattack is a bloated, misunderstood and fantasy filled science usually with one outcome, wasted resources. In order to understand where I am coming from, I will write this rambling from a hacker's perspective. From an attacker's point of view, I can be whomever I choose to be, whenever I choose to attack you. Unlike conventional wars, an opponent is usually going to be visible at some point in time. Visible to the extent that intelligence analysts will know whom he or she is. The analyst will know an attacker's weaponry, locations, capabilities and so on. Someone would have placed a lot of resources in digging up the information. Whether via HUMINT, SIGINT, COMINT, IMINT, ELINT, MASINT, ACINT or whatever other INT I missed, there is some form of tangible/visible data on an opponent. In the realm of the Internet (cyber realm), you will fail miserably if you think that you can pinpoint an opponent via an IP address or even collection of addresses, a signature, a comment in an application and so forth. To prove point one of that comment, I recall a discussion years ago on the North American Network Operators Group (NANOG). The thread discussed how the European Union "made IP personal." As reported in the news: ?IP addresses, a string of numbers that identifies a computer, should generally be regarded as personal information, the head of the European Union's group of data privacy regulators said Monday.? [2] This started a long discussion about how absurd of a statement, theory, thought, notion, etc., the European Union just blurted. From the NANOG thread: ?Well, let me ask you you think 171.70.120.60 is. I'll give you a hint; at this instant, there are 72 of us. Here's another question. Whom would you suspect 171.71.241.89 is? At this point in time, I am in Barcelona; if I were home, that would be my address as you would see it, but my address as I would see it would be in 10.32.244.216/29. There might be several hundred people you would see using 171.71.241.89;? [3] Imagine for a moment that I compromised a machine on the subnet mentioned in that thread, who would you (after being attacked from that address) investigate or retaliate against if you were in a cyberwar where you had to launch an offensive? This lack of pinpointing an attacker is, and will continue to be, the problem: attribution. Who do you place the blame on. Furthermore, from the deception level, it makes all the more sense for me as an attacker to utilize the core functions of the Internet (IP) as a means of hiding. ?Catch me if you can.? With millions of vulnerable machines worldwide, an attacker can launch an attack from anywhere with almost no attribution. This makes any analysis pretty much useless for the most part, wasted resources. When security professionals disclose information about "command and control" botnets, they almost always have the information regarding a) what the botnet does b) what it is targeting c) how it is affecting an infrastructure d) where data goes to and where does it comes from. Sometimes an analyst or team of analysts will get a through d or just enough to help them understand what the SOFTWARE was created to do not what the intentions of the author was. Perhaps the analyst had discovered a rogue program in the wild and the bits of software were reverse engineered to figure out what was being done, maybe someone stumbled upon the software. Fact is that at the end of the day, what have they found as an analyst? An analyst needs to remember that proper programming of malicious code could leave an analysts with one of two results: false flags or nothing at all. Remember, I wrote ?proper programming? meaning that I properly took the time to make myself invisible. I took the time to zero out any identifiable information. Or, perhaps I picked an ally of yours and inserted false flags that point directly to your ally. What then? When you think about the reality of cyber analysis and the issues surrounding the data in that analysis, even from the reverse engineering perspective, any answers speak for itself: wasted resources. Think about this for a moment: ?so many analysts working on reversing this botnet? it would have one believe that at some point in time, at least ?one? developer of a command and control, would be perp walked by now, their identity disclosed, game over. Have you ever wonder why this is not the case? If you have, then you answered it in similar fashion to mine from my previous article: Cyberwarfare Analysis - You're Doing It Wrong. The attackers are anonymous: fail - you're doing it wrong. NOTE: When I use the term anonymous in my writings, I am not talking about the ?hacktivist? group. From the attacker's perspective I say to the analyst and I repeat: ?Catch me if you can.? The likelihood of an analyst coming close to identifying me is the same likelihood that I will win the lottery in multiple states simultaneously. This is of course based on me having a direct plan of attack and exit plan. Yet to be quite honest, an exit plan is not even necessary thanks to millions around the world, who in their rush to remain online 24/7, make finding a random connection for me to abuse, child's play. Connectivity (hackers definition): an abundant resource especially in cities which one can fire off anonymous attacks against any target of choice without worry or repercussion. Businesses and individuals are quick to throw up all forms of wireless connections, Internet cafes are abundant and people are outright mindless when it comes to connectivity. You can't fix stupidity which will always be yet another anonymous enemy attacking you. Fact is, stupidity might be your second biggest enemy. As an attacker, I could say head to Bryant Park in NYC, change my MAC address [4] and begin karmetasploiting [5] anyone in the vicinity. I could steal credentials from someone near me and begin hopping in and out of other networks launching attacks with the credentials I stole. Perhaps log directly into the computer of the victim whose credentials I stole and launch the attacks from there. When all is said and done and my attack is over, simply shut down my laptop, plop out the copy of Backtrack [6] from my DVD drive and split it into pieces dumping it piecemeal across the city. So much for evidence. The fix for these types of problems (rampant and redundant connectivity) is not an easy one in fact, there likely is no fix for the foreseeable future. Besides, you can never fix a social problem with technology. ?How do you fix stupid?? Most wireless networking equipment can be configured with stronger encryption and authentication mechanisms (TKIP, WPA2, etc.) however the likelihood of getting someone to fix their network is low. One can state: ?We can pass laws to force them to fix this? but how would you enforce them? Perhaps create the Department of Open Wireless Network Enforcement? ?DOWNE? is actually a cool looking acronym, but I do not want my tax dollars spent funding it. I go back and state: ?You can't fix stupid.? From the analytical perspective now, what information have I gathered from an attack? I see an IP, I see an attack. I have nothing more than that. I may infer some form of motive behind the attack, for example: as an engineer analyzing network traffic in a financial institution, I see an IP address performing Cross Site Scripting attack queries on the institution's servers. T here is a high likelihood that that the attacker is after something specific with the underlying goal usually leading to money. Any percent attributed to this statement would be outright false. It would not merit any objective number from any scientific study: ?the percent of attackers...? Fail. It would be a waste of time. How realistic would a ?percent? statement be at the end of the day. What concrete evidence do you have? Let us have an alternative point of view now, from the systems slash network administration and engineering perspective. How many of you reading this have ever fat fingered an address? If you haven't, then it is likely true that you have not been an engineer or an admin very long. Imagine that as an engineer you have to diagnose an address of 10.10.10.5 on your network. You quickly type the address into a command line utility as this is an e-commerce server that needed to be online yesterday: -bash2-2.05b$ ping 10.10.1.5 PING 10.10.1.5 (10.10.1.5): 56 data bytes ^C --- 10.10.1.5 ping statistics --- 5 packets transmitted, 0 packets received, 100% packet loss That is definitely not a typo from the writing perspective but it is a typo from the engineering perspective. At no point in time did I mean to type 10.10.1.5 however, I did type just that. Was I attacking this machine? Absolutely not. Now imagine if I had tried to ssh into this machine: # ssh 10.10.1.5 The authenticity of host '10.10.1.5 (10.10.1.5)' can't be established. RSA key fingerprint is 14:be:bc:ca:ed:1b:64:3d:86:ba:4e:61:44:cd:d2:0a. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added '10.10.1.5' (RSA) to the list of known hosts. innocentmistake at 10.10.1.5's password: Permission denied, please try again. innocentmistake at 10.10.1.5's password: Permission denied, please try again. innocentmistake at 10.10.1.5's password: Permission denied (publickey,gssapi-with-mic,password). After the denials, I realize the mistake and correct it. From the endpoint perspective (the admins at the address of the typo I made), they have no inkling that what had occurred was human error and not an attack against their systems. Those admins if on a Linux machine will see: -bash-3.00# tail -n 4 /var/log/secure Mar 10 09:15:32 bankingmachine sshd[23089]: Failed password for innocentmistake from ::ffff:10.10.10.13 port 58374 ssh2 Mar 10 09:15:35 bankingmachine sshd[23097]: Failed password for innocentmistake from ::ffff:10.10.10.13 port 58559 ssh2 Mar 10 09:15:38 bankingmachine sshd[23105]: Failed password for innocentmistake from ::ffff:10.10.10.13 port 58740 ssh2 Mar 10 09:15:41 bankingmachine sshd[23110]: Failed password for innocentmistake from ::ffff:10.10.10.13 port 58919 ssh2 Quite easy for alarms to ring wouldn't you think. However, any investigation into this occurrence would be a waste of time, the solution would be for the bank to block this everything else from reaching SSH and solely allow what needs to be allowed in. The kicker to this bit of common sense is that many networks keep doing it wrong. With so much documentation on sites like NIST, NSA, SANS and countless other security websites, it is amazing to see how organizations keep failing. Administrators and engineers can and should take an altogether different approach to security. We as engineers and administrators may never be able to stop random attackers from knocking on our door, we can however stop answering the door. This is another failure from the security management level right on down to the engineering level. Imagine the following topology: Company A Network 10.20.30.0/24 E-Commerce Server 10.20.30.5 E-mail Server 10.20.30.6 A simple and small network with one E-Commerce Server and an E-Mail server. What is the purpose of the E-Commerce server? To perhaps serve traffic to anyone looking at the webserver. Maybe it is someone who wants to check their account or sign up for a new account. This is all the machine was configured to do. Should someone from the outside world be connecting to say SSH? No. Can we stop them from connecting to ssh? No. Stop for a moment and think about that statement. Sure you can create a rule to drop or reject them but at no point in time will the connections stop coming in. Don't fool yourself. Can we block them with a myriad of firewall rules? Sure but that would be impractical. How do we defend this machine you ask? How about you stop worrying about who the attacker is, what it is they are doing and worry about your server doing what it was deployed to do. We know that no one should be connecting via services we are not offering (services meaning applications) yet it would be impractical to create hundreds of thousands of rules. Simplicity is the answer here. Block your own server from ever connecting ?to? anyone else on services you are not offering. For example on a Linux box, I could create one all inclusive block to my server from connecting to anyone else via SSH. iptables -A OUTPUT -s 10.20.30.5 -p tcp --dport 1:1024 -j DROP Simple. ?Hey firewall, my address is 10.20.30.5 and any time I try to send something out of some important port, you need to drop it. Don't allow it to happen.? Imagine that. One rule versus thousands. This rule alongside the block in rule. The approach is altogether different here. Many on the enterprise scale would cry foul and someone can come back and argue about tunneling through HTTP however, when configured properly, nothing is stopping me as an engineer and or security professional, from taking a look at what MY MACHINES are doing. My goal is to block my machine from initiating connections outbound on what I have labeled as ?important services.? This portion is always under my control, not the connections of others trying to come in the door, they will always keep trying. In ending this little rambling Richard Bejtlich has written an excellent book on the entire subject: ?Extrusion Detection.? [7] So go back and ask yourself: ?why are you worried about who is knocking on your door if you cannot see them,? the whole scenario is out of your control. Furthermore, why even waste your resources in answering that door if by now you know there is no one there? Besides, even if you did see something, the reality is you will never know who they are anyway. The effort and resources are better spent investigating WHY your machine is initiating connections to the island of Footopia at 3AM. Don't worry too much about what is coming to your door, worry more about what is exiting your house. This is not to say don't ever wonder who is knocking on your door, it is merely to say: ?don't stress it that much" you have more important things to worry about. [1] http://www.amazon.com/Intelligence-Analysis-Environments-Security-International/dp/0313382654 [2] http://www.msnbc.msn.com/id/22770682/ns/technology_and_science-security/ [3] http://www.merit.edu/mail.archives/nanog/2008-01/msg00728.html [4] http://www.alobbs.com/macchanger/ [5] http://karmetasploit.com/ [6] http://www.backtrack-linux.org/ [7] http://www.amazon.com/Extrusion-Detection-Security-Monitoring-Intrusions/dp/0321349962 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 12:36:34 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 13:36:34 -0500 Subject: [Infowarrior] - Pre-Publication Review as a Secrecy Battleground Message-ID: Pre-Publication Review as a Secrecy Battleground http://www.fas.org/blog/secrecy/2011/11/prepub_review.html The Obama Administration?s uncompromising approach to punishing ?leaks? of classified information has been widely noted. But its handling of pre-publication review disputes with former intelligence agency employees who seek to publish their work has been no less combative. Government prosecutors are preparing to confiscate proceeds from the unauthorized publication of ?The Human Factor: Inside the CIA?s Dysfunctional Intelligence Culture? by the pseudonymous Ishmael Jones, a former CIA officer. After Jones published the book without the permission of CIA reviewers, the government said that he was in violation of the secrecy agreement he had signed. Jones argued that he had not published any classified information and that CIA had breached the agreement first by failing to review his manuscript in good faith. But his efforts were unavailing, and a court concurred with the CIA. ?All discovery demands heretofore served by defendant [Jones] are quashed, and defendant is prohibited from serving other discovery demands,? ruled Magistrate Judge Thomas Rawls Jones, Jr. in favor of the CIA on November 4. If Jones believed that CIA was wrongly obstructing publication of his work, prosecutors said, what he should have done ?was to file suit in U.S. District Court challenging the Agency?s decision, in order to obtain permission to publish the book.? That sounds reasonable enough. But in another case where an author did exactly that, government attorneys are making it all but impossible for the author to present his argument to a judge. Anthony Shaffer, author of the Afghanistan war memoir ?Operation Dark Heart,? said that intelligence agencies had unlawfully violated his First Amendment rights by censoring his manuscript. But the government wants to limit his ability to present his challenge. For one thing, Shaffer has been denied access to the original text of his own book. The text contains classified information, the government says, and he no longer holds a security clearance. So he is out of luck. Nor has the government allowed him use of a secure computer so that he could cite contested portions of the text and dispute their classification in pleadings submitted to the court. Instead, the government argues that the Court should resolve the disagreement based on the materials provided by the government, along with any unclassified materials that may be submitted by the plaintiff [Mr. Shaffer]. Shaffer does not need his manuscript or a secure computer, since ?it is improper and unnecessary for Plaintiff to submit classified information to the Court at this time.? (Joint Status Report, July 22, 2011). Even unclassified materials that Mr. Shaffer may wish to submit in a declaration to the court ? in order to demonstrate that the supposedly classified information in his original text is already public ? may need to be sealed from public disclosure, the government said on October 28. That is because ?the association of that open source information with the book?s redactions may make the [author's] declaration classified.? All of this is quite absurd, said Mark S. Zaid, Mr. Shaffer?s attorney, in a reply filed last week. ?There is no other way for Shaffer to identify and challenge any of the specific text purported to be classified, much less present an argument to the Court, if he does not have access to the original copy of his book,? Mr. Zaid wrote. The upshot is that under current policy neither Mr. Jones, who defied the rules, nor Mr. Shaffer, who has attempted to follow them, is permitted to gain a meaningful independent review of government restrictions on the information he sought to publish. There is an additional layer of absurdity in Mr. Shaffer?s case, since the unredacted text of his book has been publicly released in limited numbers, and portions of it are even available online. (?Behind the Censorship of Operation Dark Heart,? Secrecy News, September 29, 2010). --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 15:49:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 16:49:11 -0500 Subject: [Infowarrior] - TSA Puts Off Safety Study of X-ray Body Scanners Message-ID: <28CC72CA-83A7-4720-8F3F-592149708D78@infowarrior.org> TSA Puts Off Safety Study of X-ray Body Scanners by Michael Grabell ProPublica, Nov. 16, 2011, 12:37 p.m. http://www.propublica.org/article/tsa-puts-off-safety-study-of-x-ray-body-scanners The head of the Transportation Security Administration has backed off a public commitment to conduct a new independent study of X-ray body scanners used at airport security lanes around the country. Earlier this month, a ProPublica/PBS NewsHour investigation found that the TSA had glossed over research that the X-ray scanners could lead to a small number of cancer cases. The scanners emit low levels of ionizing radiation, which has been shown to damage DNA. In addition, several safety reviewers who initially advised the government on the scanners said they had concerns about the machines being used, as they are today, on millions of airline passengers. At a Senate hearing after the story ran, TSA Administrator John Pistole agreed to a request by Sen. Susan Collins, R-Maine, to conduct a new independent study of the health effects of the X-ray scanners, also known as backscatters. But at a Senate hearing of a different committee last week, Pistole said he had since received a draft report on the machines by the Department of Homeland Security?s inspector general, or IG, that might render the independent study unnecessary. ?My strong belief is those types of machines are still completely safe,? Pistole said. ?If the determination is that this IG study is not sufficient, then I will look at still yet another additional study.? According to a summary obtained by ProPublica, the inspector general concluded the machines are within industry standards for radiation exposure limits. But the summary also suggests the report focuses mostly on how the TSA monitors and maintains the machines. The full report won?t be released for several weeks. ?I hope the Obama administration is not backing away from an independent study of the health effects of these radiation-emitting machines,? Collins said in a statement to ProPublica. ?What I asked for ? and what the administrator committed to ? was an independent study on the health effects of [the] machines, not just a study on whether TSA is doing an adequate job of inspecting, maintaining and operating? them. The inspector general?s report calls on the TSA to ensure that radiation surveys are conducted for unintended emissions, that calibrations are consistently documented and that airport screeners complete annual radiation safety training. The inspector general also advised the agency to determine how much on-the-job training is needed for screeners who operate the backscatters and to ensure that accidental radiation overdoses are properly reported. It?s unclear whether the recommendations resulted from any problems found during the investigation, or are general reminders about best practices. It?s also unclear whether investigators measured the radiation doses from the machines themselves or relied on inspections conducted by the manufacturer. The TSA uses two types of body scanners. With the backscatter machines that have been the focus of health concerns, a passenger stands between two large blue boxes and is scanned with a pencil X-ray beam that moves rapidly left to right and up and down the body. With the other kind of scanner, called a millimeter-wave machine, a passenger enters a chamber that looks like a round phone booth and is scanned with a form of low-energy radio waves, which do not strip electrons from atoms and have not been shown to cause cancer. In recent years, the TSA has commissioned tests of the X-ray scanners by the Food and Drug Administration and the Johns Hopkins University Applied Physics Laboratory. In addition, survey teams from the Army Public Health Command visit airports to check the machines. Those tests have all shown that the X-ray scanners emit extremely low levels of radiation, equivalent to the radiation received in a few minutes of flying. But the tests haven?t doused questions from some outside radiation experts about why the TSA doesn?t use only the millimeter-wave machines, which the agency also deems highly effective. The European Union on Monday prohibited the use of X-ray body scanners in European airports ?in order not to risk jeopardizing citizens? health and safety.? But others have pointed to problems with millimeter-wave machines. Germany announced earlier this year that it would forgo the machines after concluding that they produced too many false positives. There are currently 500 body scanners, split about evenly between the two technologies, deployed in airports. The TSA plans to deploy 1,275 backscatter and millimeter-wave scanners covering more than half its security lanes by the end of 2012 and 1,800 covering nearly all lanes by 2014. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 15:50:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 16:50:55 -0500 Subject: [Infowarrior] - Airline checked bag fees raise security concern Message-ID: <2FC142EE-74BC-4A51-82B4-8D7BA6C6F2AC@infowarrior.org> November 15, 2011 7:15 PM Airline checked bag fees raise security concern Mark Strassmann http://www.cbsnews.com/8301-18563_162-57325498/airline-checked-bag-fees-raise-security-concern/ In a survey due out Wednesday, the U.S. Travel Association asked airline passengers what bugs them most about flying; Seven out of 10 said it was people who bring too many carry-on bags through security. It's a headache for passengers and a big concern for airport officials. CBS News correspondent Mark Strassmann reports that the usual $25 fee to check a bag not only adds to the cost of your flight, it also raises a security concern at airport checkpoints. The fee has led to a surge in carry-on bags from passengers trying to avoid that fee. The Transportation Security Administration says passengers carried on 59 million more bags last year than the year before. This year, the number of carry-ons will jump another 28 million. More carry-on bags "obviously take more time in two areas," said John Pistole, head of the TSA. "One is the sheer volume of the bags, the carry-on bags. But then two, most are fairly densely packed because people are trying to get everything in." The increase in carry-ons also lends to a greater possibility that a security screener will miss something, but the airline industry's bottom line increasingly depends on these carry-on fees. Without the $3.4 billion generated by checked bag fees, the airlines would be in the red. Jean Medina, vice-president with the Air Transport Association, the airlines trade group, said: "Fees that come in from services that are offered to customers is actually relatively small but necessary to maintain any level of profitability at all." That profitability comes at a cost to the TSA. The agency estimates screening all the additional carry-ons costs $260 million per year. Geoff Freeman, vice-president of the U.S. Travel Association, said airlines should be required to let passengers check one bag for free. "We have to look at this TSA checkpoint. We have to take some of the pressure off that checkpoint to improve both security and the facilitation of travelers," Freeman said. That is not likely any time soon. Baggage fees are also exempt from federal taxes, the 7.5-percent rate the airlines pay on the cost of the ticket itself. That would have cost the airlines $255 million last year. ? 2011 CBS Interactive Inc.. All Rights Reserved. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 15:58:05 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 16:58:05 -0500 Subject: [Infowarrior] - OT: Congress to rule pizza sauce is a vegetable Message-ID: <224C7AE3-0463-4D66-B16D-4FC05BA7644E@infowarrior.org> Congress to rule pizza sauce is a vegetable Updated November 17, 2011 08:50:55 http://www.abc.net.au/news/2011-11-17/us-rules-pizza-sauce-is-a-vegetable/3676284 US lawmakers prodded by the frozen food industry have moved to protect schools' ability to count pizza sauce as a vegetable in lunches for students. In an annual spending bill covering the US Department of Agriculture, which has oversight over subsidised school meals, a joint House-Senate panel voted to prevent the agency from restricting pizza, hot chips, and starchy vegetables. A Republican summary of the legislation was unveiled on Monday and may be approved this week. The report cheered the defeat of "overly burdensome and costly regulations" and hailed "greater flexibility for local school districts." The American Frozen Food Institute industry lobby group hailed the measure, which it said "recognises the significant amounts of potassium, fibre and vitamins A and C provided by tomato paste and ensures that students may continue to enjoy healthy meals such as pizza and pasta." Bit Margo Wootan, director of nutrition policy at the Centre for Science in the Public Interest, said the legislation was about protecting pizza makers, not nutrition. "Pepperoni pizza is not a vegetable," Ms Wootan said. Ms Wootan said existing rules defined a full serving of vegetables as eight tablespoons, except for a "loophole" that set the amount of tomato paste required at two tablespoons, roughly what goes on a slice. The USDA had proposed early this year to require eight tablespoons of tomato paste in one vegetable serving and limit school lunches to two servings per week of french fries or other starchy vegetables. "The Congress basically stepped in to protect industry's ability to continue to sell two of the most unhealthy foods in the school lunch program: pizza and french fries," Ms Wootan said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 16:15:13 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 17:15:13 -0500 Subject: [Infowarrior] - SOPA Opposition Bombards Congress Message-ID: <1DBC755E-F19F-40AC-8A54-38565FA5F50E@infowarrior.org> Stop Online Piracy Act Opposition Bombards Congress ? Ernesto ? November 16, 2011 For those who?ve missed it, the Internet stood up against the Stop Online Piracy Act (SOPA) today. Just a few random facts. Every hour more than 23,000 emails are sent to Congress via the American Censorship campaign. Tumblr users are sending 3.6 calls per second. ?Stop Online Piracy Act? is trending on Twitter. Mozilla links to the anti-SOPA campaign from the default Home page of Firefox. This post is from the News Bits section of TorrentFreak where we present stories from around the web in a concise summary format. Full TorrentFreak articles can be found here. If you have a tip please let us know. News Bits have their very own RSS feed http://torrentfreak.com/stop-online-piracy-act-opposition-bombard-congress-111116/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 16:23:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 17:23:35 -0500 Subject: [Infowarrior] - SOPA: Issa says it likely would fail House vote & extreme Message-ID: <3907E30C-E0FA-40DF-B1F3-253F1EC88BBC@infowarrior.org> Huuuuh??? This is an interesting statement coming so quickly after today's much-protested hearing. -- rick Issa: Congress using Google as ?pi?ata? By Gautham Nagesh - 11/16/11 04:56 PM ET http://thehill.com/blogs/hillicon-valley/technology/194091-issa-google-used-as-pinata-by-congress Google is being used as a ?pi?ata? by lawmakers looking to blame the search giant for online piracy, powerful Rep. Darrell Issa (R-Calif.) said Wednesday in exclusive comments to The Hill. Issa said lawmakers are beginning to realize they can?t just blame Google for the problem of online piracy, and predicted legislation opposed by Silicon Valley giants including Google, Facebook and eBay is doomed because Republican leaders will realize the damage it would do to the knowledge-based economy. ?What they?re realizing is there are so many unintended consequences that they can?t just use Google as a pi?ata and bash on it here,? Issa told The Hill during a break in Wednesday?s House Judiciary Committee hearing on the Stop Online Piracy Act, which is opposed by much of Silicon Valley. ?I don?t believe this bill has any chance on the House floor,? Issa said. ?I think it?s way too extreme, it infringes on too many areas that our leadership will know is simply too dangerous to do in its current form.? Google came under fire during the hearing from lawmakers in both parties who put the onus on it to stop rogue websites from stealing intellectual property from movie studios, the recording industry and retail companies. The online piracy bill would force search engines, online ad networks and other Web firms to delete links to foreign sites deemed rogue or dedicated to online copyright infringement. But Issa, the chairman of the House Oversight and Government Reform Committee, said growing opposition would compel House leaders to abandon the bill despite bipartisan support in both chambers. Colleagues like House Cybersecurity panel Chairman Dan Lungren (R-Calif.) would come around to his point of view as the bill?s unintended consequences become clear, Issa predicted. ?This is a very broad coalition from far left to far right who realize this will hurt innovation, something we can?t afford to do. And there are other ways to accomplish what they say is their goal,? Issa said. Google policy counsel Katherine Oyama was the only witness Wednesday who voiced opposition to the bill. The other five witnesses commented favorably on the legislation, prompting Issa and other opponents to decry the hearing as one-sided. Issa said the rush to hold the hearing was based on the flawed assumption the bipartisan bill would quickly become law. He said the bill?s sponsors didn?t want to hear from opponents, but argued those lawmakers must now accept that there is real opposition to their bill. Google was the target of some harsh criticism during the hearing, with several lawmakers suggesting the firm doesn?t do enough to remove pirated content from its search results. Ranking member John Conyers Jr. (D-Mich.) used his opening statement to cite an entertainment industry study that found up to a quarter of all Internet traffic stems from copyright infringement, echoing a common refrain at the hearing that the status quo is unacceptable. ?To those that say that a bill to stop online theft will break the Internet, I would like to point out that if one-quarter of Internet traffic is dedicated to crime, the Internet already seems rather defunct,? Conyers said. ?Laws govern the brick-and-mortar world, and the Internet can be no different.? Oyama emphasized that Google already removes links to infringing sites under the Digital Millennium Copyright Act (DMCA). Oyama referred to the definition of rogue sites and other terms in the bill as vague and overly broad, and argued the bill as written includes ?harsh and arbitrary sanctions without due process.? She exhorted the committee to focus its enforcement efforts on cutting off sources of revenue to infringing sites, saying Google has worked with the committee over the last six months to create an effective solution for doing so. Oyama?s assurances did not appease Chairman Lamar Smith (R-Texas), the main sponsor of the Online Piracy Act, who voiced skepticism that Google would live up to its pledge. ?You?ve spoken a lot of the right words today; I only hope your company and others will practice what you preach,? Smith said, adding that many stakeholders view the current enforcement regime against piracy as insufficient. Issa said he believes the bill can?t be fixed, and argued it doesn?t use the best tools for settling disputes regarding foreign sites. He said such cases would be best addressed by the U.S. International Trade Commission and plans to offer bipartisan legislation that creates a court of continued jurisdiction to handle such copyright claims after the Thanksgiving break. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 16:25:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 17:25:14 -0500 Subject: [Infowarrior] - RIAA Wants To Shutter Torrent Sites, And More Message-ID: <729304A1-3AAE-46E7-8167-709A4A498739@infowarrior.org> RIAA Wants To Shutter Torrent Sites, And More ? Ernesto ? November 16, 2011 http://torrentfreak.com/riaa-wants-to-shutter-torrent-sites-and-more-111116/ The RIAA has informed the U.S. government about the piracy-promoting websites it would like to be dealt with in the near future. The list includes all major torrent sites, but also Russia?s Facebook and Classmates equivalent. The submission is particularly sensitive because the House Judiciary Committee today discussed the pending Stop Online Piracy Act, which would grant copyright holders the power to put these sites out of business. Leading up to today?s hearing in Washington, there has been a lot of talk about the Stop Online Piracy Act (SOPA). Aside from making streaming of copyrighted content a felony, the pending bill aims to make it easier to put sites that facilitate copyright infringement out of business. Should SOPA become law authorities and copyright holders will have a broad range of tools to censor sites they deem to be facilitating copyright infringement. Aside from domain seizures, they can demand that search engines remove ?rogue sites? from their results, order ISPs to block these domains, and cut off their payments providers. One of the problems with the legislation is that the definition of such infringing sites is open to interpretation. Today we can reveal which sites are on the hit list of the RIAA, and it comes as no surprise that all the major BitTorrent sites are prominently featured. The RIAA was kind enough to send TorrentFreak a copy of their latest overview of ?notorious? websites that was sent to the Office of the US Trade Representative (the MPAA submitted theirs earlier). We were asked not to share the letter in full, but below is a rundown of some of the most prominent sites that are mentioned. ?RIAA members are excited about the potential of the internet and other communication technologies to provide an efficient means of distribution to music lovers globally. Regrettably, this potential remains largely unrealized?mired in a morass of piracy,? the letter addressed to the USTR reads. The RIAA hopes that their list of sites will help the government to focus their anti-piracy efforts, and in a way it can be viewed as a priority ?hit list? should SOPA become law. If it was up to the music group, this list would include all prominent BitTorrent sites. ?P2P file-sharing remains a huge problem for the record industry. BitTorrent, a P2P filesharing protocol, is responsible for approximately 50% of the industry?s global P2P piracy problem and in some international markets the figure is as high as 90%. BitTorrent sites and services, across the board, are high priority pirate markets,? the RIAA writes. Based on visitor count, the number of pirated music files that are linked, and the sites? failure to take steps to address the massive piracy problem, they arrive at the following list: ? ThePirateBay.org ? isoHunt.com ? Torrentz.eu ? BTjunkie.org ? Kat.ph ? Demonoid.me ? Bitsnoop.com ? TorrentReactor.net ? TorrentHound.com ? Monova.org ? BTmon.com ? Fenopy.eu ? H33T.com ? SUMOTorrent.com ? LimeTorrents.com Under SOPA, all the above domains could be put out of business without due process, the only requirement is that the Attorney General has to sign off on it. Aside from BitTorrent sites the RIAA also wants cyberlockers such as Megaupload, Filesonic and 4shared to be dealt with, as well as the search engine FilesTube, and the forum Warez-BB.org. And there is more. The RIAA points out that there are also several foreign sites that have copyright infringing ?features? such as Russia?s main social networking site VKontakte and the Chinese search engine Sougou. ?In some sense, services such as Russia?s VKontakte and Odnoklassniki, and China?s Sougou and Xunlei are the most reprehensible of actors given that they want to appear as legitimate actors, and have functions unrelated to piracy, yet operate network services that include features that intentionally and effectively induce infringement,? the RIAA explains. This last example shows that the definition of infringing sites can become very subjective down the line. It only requires a little creative writing to make half of the websites on the Internet appear as a rogue site, and thus eligible to be shut down. Aside from the copyright issues, there is a broader international censorship issue at stake here. SOPA would grant U.S. authorities to seize the .com domains of Russia and China?s top tech companies with a strike of the pen. We doubt that these countries will be very pleased with that ? just imagine how the U.S. would react if the opposite was true? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 17:32:52 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 18:32:52 -0500 Subject: [Infowarrior] - Amazon Releases Kindle Fire Source Code Message-ID: Amazon Releases Kindle Fire Source Code November 15th, 2011 - 9:11 pm | No Comments Amazon Kindle Fire Source Code Developers looking to ?hack it up? with Amazon?s latest, greatest, and only Android-powered tablet can now download the source code behind the Kindle Fire. In order to comply with Android licensing agreements, Amazon?s required to release this code for external developers. Folks familiar with Android know that a source code release means the possibility of custom-built kernels, overclocked CPU?s, and general optimization from community developers. Interested in diving into that massive code dump yourself? You can download all 809 MB of it here. http://briefmobile.com/amazon-releases-kindle-fire-source-code --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 18:38:40 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 19:38:40 -0500 Subject: [Infowarrior] - =?windows-1252?q?GOP_report=3A_TSA_hasn=92t_impro?= =?windows-1252?q?ved_aviation_security?= Message-ID: http://www.washingtonpost.com/local/commuting/gop-report-tsa-hasnt-improved-aviation-security/2011/11/16/gIQAvqRQSN_print.html GOP report: TSA hasn?t improved aviation security By Ashley Halsey III, Wednesday, November 16, 6:56 PM After a $56 billion federal investment in airline security, flying is no safer than it was before the Sept. 11 attacks and the bare hands of passengers may be the best defense once a terrorist gets on board, two members of Congress said Wednesday. Deriding the Transportation Security Administration as a bloated bureaucracy that recruits security personnel with ads on gas pumps and pizza boxes, the two House Republicans said it needed to undergo almost a dozen reforms. ?Americans have spent nearly $60 billion, and they are no safer today than they were before 9/11,? said Rep. Paul C. Broun (R-Ga.). ?We need to make travel safe in America, and right now it?s not.? Broun joined House Transportation Committee Chairman John L. Mica (R-Fla.) at Reagan National Airport on Wednesday morning to present a harshly critical report on the TSA?s performance. Broun said a terrorist bomb could be place aboard an airliner ?very easily? at his home airport in Atlanta. ?TSA has not prevented any attacks,? Broun said. ?It?s just been very fortunate that we?ve had no attacks.? TSA spokesman Greg Soule denounced the report. ?At a time when our country?s aviation system is safer, stronger and more secure than it was 10 years ago, this report is an unfortunate disservice to the dedicated men and women of TSA who are on the front lines every day protecting the traveling public,? Soule said. ?TSA has developed a highly trained federal workforce that has safely screened over 5 billion passengers and established a multilayered security system reaching from curb to cockpit. ? Mica and Broun, both longtime critics of the agency, challenged the need for 3,986 employees at its Washington headquarters, saying they earned an average of $103,852 a year. ?We never intended to have TSA grow into this massive bureaucracy,? Mica said. Instead, the report said, the TSA should set standards for airport and airline security and be open to use of private contractors to carry them out. The TSA also should station more personnel abroad to intercept terrorists and to ensure that passenger screening and baggage inspections in foreign airports are up to U.S. standards. The report cited data released this year showing that there had been 25,000 airport security breaches in the past decade. Given the leaky security network, it said, ?passengers and crew offer our first and most effective line of defense.? The report said that the TSA has wasted money on ineffective equipment and programs, has been slow to install explosive-detection devices at the nation?s largest airports and has deployed new high-tech body scanners in ?a haphazard and easily thwarted manner.? ?Our concern is that explosives continue to be the focus of terrorists,? Mica said. He said he was ?not impressed? by the TSA?s planned evolution to a more risk-based approach. The agency has been criticized for applying the same security standards to all passengers, including children and the elderly. Soule responded that the risk-based approach was ?designed to maintain a high level of security, while improving the overall travel experience, whenever possible.? ?Each of these initiatives moves us away from a one-size-fits-all approach and enhances our ability to provide the most effective security, focusing on those who present the highest risk, in the most efficient way possible,? Soule said. The TSA faced a public outcry last year after it introduced the new scanners, which critics thought were overly revealing, and procedures for vigorous pat-downs of those who refused to use the scanners. They are no longer the most significant issue for regular travelers, according to the U.S. Travel Association. A survey released Wednesday by the travel industry group said the biggest objection voiced by frequent flyers was that other passengers delay security lines with too much carry-on baggage. They said passengers also dislike requirements that they remove their shoes, belts and jackets. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 16 19:28:19 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 16 Nov 2011 20:28:19 -0500 Subject: [Infowarrior] - Too much social media networking: Paranoia of Big Brother surveillance may destroy ya Message-ID: <90D9974A-5461-410D-8E51-07BA007DB1BE@infowarrior.org> Too much social media networking: Paranoia of Big Brother surveillance may destroy ya The biggest cybersecurity agency in Europe peeked at the future, 2014, to predict the effects of online social media connectivity 24/7 and concluded that too much social networking could make you paranoid and feel like you are constantly under surveillance by Big Brother. http://www.networkworld.com/community/blog/too-much-social-media-networking-paranoia-big By Ms. Smith on Wed, 11/16/11 - 12:34pm. If you think 24/7 connectivity is nothing new for you, and you constantly check in on Foursquare, use location-aware apps, update Facebook or other social media statuses with your geo-tagged photos, then you probably have no location-awareness sharing issues and are not overly concerned if you lose locational privacy. In the year 2014, your futuristic automated smart home can update statuses for you; even more personal data will be logged coming from emerging technology; interaction with the power grid, smart meters, IP TVs, smart appliances, movie theaters harvesting emotions, robots, GPS in cars and smartphones, and products that stalk you will create a life-log. By 2014 there will be a plethora of programs, mobile apps and devices to track you that will create and store records of your movements, activities and behaviors; this is the scene that Europe's biggest cybersecurity agency studied "to predict positive and negative effects of online 'life-logging' on citizens and society." In the European Network and Information Security Agency (ENISA) report, "To log or not to log? Risks and benefits of emerging life-logging technologies, the agency used a 2014 fictional family's day-to-day lives and examined the "impact for their privacy and psychology as they put ever more personal information online." While you might not call it life-logging, it's not too farfetched as many people track personal data generated by their own behavioral activities. In one ENISA scenario, a person would have rather walked out of the house naked than without her phone to update online statuses. In another, the bathroom mirror scrolls with your daily calendar, the weather, keeping track of and posting statuses when you awaken, your mood and your personal hygiene. Exercise equipment and your kitchen appliances also track and automatically post social media statuses. According to ENISA analysis, "Information security related risks may have serious connotations on privacy, economy and society, or even on people's psychology" and shows how those (privacy, social, legal, economic, etc) "aspects are highly interrelated, and should be examined together." The benefits of "life-logging can bring families and friends closer and for a longer period of time." It reduces "individuals' sense of isolation" and enhances communication and "the building of social bonds among people." But advertisers will happily gobble up all that personal data generated and will push a "higher degree of context- awareness and personalization of services, which in its turn, would mean competitive advantage for those who have control over this data." The down sides of social networking gone wild with a flood of personal behavioral activity data? Loss of privacy and control over data, financial fraud and "mobile devices, sensors or services become more attractive targets for attackers. In future Internet scenarios there is a related loss of autonomy risk," ENISA reported. For government and industry groups there is an increased risk for "corporate espionage and corporate disruption. An evil-doer, a hacker or an attacker attempts to glean personal information which individuals put 'out there' and to use such information as a way to hack into or attack a company or government department or a network. On the other hand, companies may use such tools to monitor the activities of their employees." The deluge of data from logging your life has other dangerous risks "such as psychological damage, related to discrimination, exclusion, harassing, cyberstalking, child grooming, feeling of being continuously under surveillance (paranoid behavior), pressures related to work performance, peering into other peoples life etc." In other words, too much social media networking and you might think Big Brother is constantly watching you; paranoia will destroy ya. But social networking surveillance is not farfetched as the government increasingly uses social media to gauge public opinion and citizens' input to political issues and other policies. For years there has been a tainting of public opinion with "weaponized information" into social media conversations and search results. The EFF warned that Big Bro wants to be your buddy on social networking sites, especially if you might be what Ntrepid called a "true influencer" in the presentation, Anatomy of a Social Network: Finding Hidden Connections and True Influencers in Target Data. That ISS World Americas teaching track was meant for "intelligence analysts and law enforcement agents who have to 'connect the dots' between people, places and other entities by searching through various data sources from data text to information on behavior patterns." This is all in order to "perform appropriate analysis to determine relationships, hierarchy, and organizational structure of co-conspirators and identify individual involvement in criminal and/or terrorist activities." 'Ninja librarians' aka CIA analysts mine and track "the mass of information people publish about themselves," including 5 million daily tweets and Facebook. Open source intelligence, OSINT, is the name of the game for criminal investigators and intelligence analysts "now that the Internet is dominated by Online Social Media." So what's paranoid to you? Tenable Network Security's Marcus Ranum said, "One person's 'paranoia' is another person's 'engineering redundancy'." ENISA believes "that an informed user is the first step: the right to be forgotten, right to be let alone etc, are probably best enforced if the user is in control over his/her personal data." The flipside is spamming government agencies with too much information like the "FBI, here I am" approach where Hasan Elahi's constantly updates the FBI of his movements. Graffiti artist Banksy said, "You're mind is working at its best when you're being paranoid. You explore every avenue and possibility of your situation at high speed with total clarity." But one of my favs was said by the EFF's John Perry Barlow, "Relying on the government to protect your privacy is like asking a Peeping Tom to install your window blinds." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 17 06:45:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Nov 2011 07:45:30 -0500 Subject: [Infowarrior] - AP/Reuters don't understand Twitter Message-ID: I guess AP & Reuters forget that Twitter *is* a newswire of sorts. I'm surprised they aren't going to sue Twitter for violating their ability to break news quickly. First RIAA and MPAA, now the old wire services having trouble adjusting to the Internet Age? -- rick Associated Press Staff Scolded for Tweeting Too Quickly About OWS Arrests ? By Joe Coscarelli http://nymag.com/daily/intel/2011/11/ap-staff-scolded-for-tweeting-about-ows-arrests.html A high importance e-mail went out to Associated Press employees early Wednesday morning to remind them of Twitter rules in the wake of staff arrests at yesterday's local protests. "In relation to AP staff being taken into custody at the Occupy Wall Street story, we?ve had a breakdown in staff sticking to policies around social media and everyone needs to get with their folks now to tell them to knock it off," went one version of the e-mail sent from on high, as obtained by Daily Intel. "We have had staff tweet ? BEFORE THE MATERIAL WAS ON THE WIRE ? that staff were arrested." The official rules note, "Don?t break news that we haven?t published, no matter the format." (Reuters spells out the same idea plainly in their handbook: "Don't scoop the wire.") Instead of getting "caught in the moment," the AP's freewheeling tweeters are urged in the e-mail to run "sensitive official AP business" through editors and corporate communications. The AP's social media guidelines were recently updated to insist, "Retweets, like tweets, should not be written in a way that looks like you?re expressing a personal opinion on the issues of the day." As the wire reported ? eventually ? an AP reporter and a photographer were among at least six journalists arrested at Zuccotti Park yesterday. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 17 14:41:18 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Nov 2011 15:41:18 -0500 Subject: [Infowarrior] - EU Warns USA about SOPA Message-ID: <6BF8886B-6F5A-4BDB-8F17-2DED488EA9A7@infowarrior.org> European Parliament warns of global dangers of US domain revocation proposals Time: 17 Nov 2011 - 14 http://www.edri.org/EU_parliament_SOPA Responding to an intervention by EDRi (video, speech (PDF) at a hearing recently on attacks against computer systems, the European Parliament today adopted, by a large majority, a resolution on the upcoming EU/US summit stressing ?the need to protect the integrity of the global internet and freedom of communication by refraining from unilateral measures to revoke IP addresses or domain names.? In recent years, the United States has been increasingly using the fact that much of the Internet's infrastructure and key businesses are under US jurisdiction in order to impose sanctions on companies and individuals outside its jurisdiction. This started two years ago when the domain names of a Spanish company owned by a British businessman were removed by a US-based registrar. The company was never accused of breaking Spanish law. More recently, the .org domain name of the Spanish website RojaDirecta was revoked by the US Immigration and Customs Enforcement , having previously been found innocent of copyright infringement by Spanish courts. This situation is now turning critical, with legislative proposals such as the Stop Online Piracy Act (SOPA) and the PROTECT IP Act claiming worldwide jurisdiction for domain names and IP addresses. The definitions in SOPA are so broad that, ultimately, it could be interpreted in a way that would mean that no online resource in the global Internet would be outside US jurisdiction. The resolution will now be forwarded by the President of the Parliament to the to the European Council, the European Commission, the governments and parliaments of the Member States, the US Congress, the co-chairs of the Transatlantic Legislators' Dialogue and the co-chairs and secretariat of the Transatlantic Economic Council. On 15 November, over 60 civil and human rights organizations wrote a letter to Congress (co-signed by EDRi, Access, the Association for Progressive Communications, Reporters Without Borders, Center for Technology and Society at FGV in Brazi and many more) urging the rejection of SOPA. The letter argues that the Act "is as unacceptable to the international community as it would be if a foreign country were to impose similar measures on the United States." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Nov 17 15:02:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 17 Nov 2011 16:02:51 -0500 Subject: [Infowarrior] - Europe Bans X-Ray Body Scanners Used at U.S. Airports Message-ID: (c/o AJR) Permanent Address: http://www.scientificamerican.com/article.cfm?id=europe-bans-x-ray-body-scanners Europe Bans X-Ray Body Scanners Used at U.S. Airports A small number of cancer cases would result from scanning hundreds of millions of passengers a year. For some, that's a health issue By Michael Grabell and ProPublica | Tuesday, November 15, 2011 | 12 The European Union on Monday prohibited the use of X-ray body scanners in European airports, parting ways with the U.S. Transportation Security Administration, which has deployed hundreds of the scanners as a way to screen millions of airline passengers for explosives hidden under clothing. The European Commission, which enforces common policies of the EU's 27 member countries, adopted the rule ?in order not to risk jeopardizing citizens? health and safety.? As a ProPublica/PBS NewsHour investigation detailed earlier this month, X-ray body scanners use ionizing radiation, a form of energy that has been shown to damage DNA and cause cancer. Although the amount of radiation is extremely low, equivalent to the radiation a person would receive in a few minutes of flying, several research studies have concluded that a small number of cancer cases would result from scanning hundreds of millions of passengers a year. European countries will be allowed to use an alternative body scanner, on that relies on radio frequency waves, which have not been linked to cancer. The TSA has also deployed hundreds of those machines ? known as millimeter-wave scanners ? in U.S. airports. But unlike Europe, it has decided to deploy both types of scanners. The TSA would not comment specifically on the EU?s decision. But in a statement, TSA spokesman Mike McCarthy said, ?As one of our many layers of security, TSA deploys the most advanced technology available to provide the best opportunity to detect dangerous items, such as explosives. ?We rigorously test our technology to ensure it meets our high detection and safety standards before it is placed in airports,? he continued. ?Since January 2010, advanced imaging technology has detected more than 300 dangerous or illegal items on passengers in U.S. airports nationwide.? Body scanners have been controversial in the United States since they were first deployed in prisons in the late 1990s and then in airports for tests after 9/11. Most of the controversy has focused on privacy because the machines can produce graphic images. But the manufacturers have since installed privacy filters. As the TSA began deploying hundreds of body scanners after the failed underwear bombing on Christmas Day 2009, several scientists began to raise concerns about the health risks of the X-ray scanner, noting that even low levels of radiation would increase the risk of cancer. As part of our investigation, ProPublica surveyed foreign countries? security policies and found that only a few nations used the X-ray scanner. The United Kingdom uses them but only for secondary screening, such as when a passenger triggers the metal detector or raises suspicion. Under the new European Commission policy [4] , the U.K. will be allowed to complete a trial of the X-ray scanners but not to deploy them on a permanent basis when the trial ends, said Helen Kearns, spokeswoman for the European transport commissioner, Siim Kallas. ?These new rules ensure that where this technology is used it will be covered by EU-wide standards on detection capability as well as strict safeguards to protect health and fundamental rights,? Kallas said. Five-hundred body scanners, split about evenly between the two technologies, are deployed in U.S. airports. The X-ray scanner, or backscatter, which looks like two large blue boxes, is used at major airports, including Los Angeles International Airport, John F. Kennedy in New York and Chicago's O?Hare. The millimeter-wave scanner, which looks like a round glass booth, is used in San Francisco, Atlanta and Dallas. Within three years, the TSA plans to deploy 1,800 backscatter and millimeter-wave scanners, covering nearly every domestic airport security lane. The TSA has not yet released details on the exact breakdown. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 18 08:05:12 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Nov 2011 09:05:12 -0500 Subject: [Infowarrior] - DOJ Response to ToS Violations under CFAA: "Just Trust Us" Message-ID: <4BF5FE25-86A3-41A1-A8EB-A1A9ABD6034A@infowarrior.org> DOJ pretty much saying "just trust us" in response to this question about violating ToS on websites. Yeah, okay. Suuuuure we believe you. DOJ Two Step: It Should Be A Criminal Offense To Lie About Your Age On Facebook... But We Probably Won't Go After You For It from the well,-that's-comforting dept http://www.techdirt.com/articles/20111117/02375716801/doj-two-step-it-should-be-criminal-offense-to-lie-about-your-age-facebook-we-probably-wont-go-after-you-it.shtml While we obviously spent a lot of time on the SOPA hearings this week, there was another Judiciary Committee meeting of interest this week concerning cybersecurity. Part of the discussion focused on the Computer Fraud and Abuse Act (CFAA), which is being regularly abused by law enforcement to bring all sorts of questionable charges against people. This, by the way, is one of the reasons why we fear the felony provisions in SOPA, because we know how the DOJ abuses similar laws. In this case, one of the key issues is that law enforcement has used the law in the past to say that any violation of a terms of service agreement -- such as lying about your age when signing up for a dating site -- could be a criminal offense under the CFAA. That, of course, is insane. Even more ridiculous, however, is that the DOJ's official testimony at the hearing was about how important it was to keep this part of the law in place, allowing it to add questionable charges. < - > The law must allow "prosecutions based upon a violation of terms of service or similar contractual agreement with an employer or provider," -- Richard Downing, Justice Department's deputy computer crime chief < - > But then, Downing also seems to be saying the exact opposite: < - > ?The DoJ is in no way interested in bringing cases against people who lie about their age on dating sites, or anything of the sort. We don?t have the time or resources to do that,? < - > So.... the law must allow such prosecutions, but it has no interest in bringing such prosecutions. That makes perfect sense. If you're a DOJ official, I guess. For the rest of us... huh? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 18 08:09:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Nov 2011 09:09:41 -0500 Subject: [Infowarrior] - SOPA Sponsors: It protects the troops Message-ID: <5F0DD680-48F4-4177-9698-CECDFA41A3BC@infowarrior.org> Here's an old political trick that essentially comes down to "if you vote against SOPA you are voting against our troops and putting them in harms way despite the bill having absolutely nothing to do with the military." Shameful political ploy. -- rick http://www5/17200316783/sopa-sponsors-pass-sopa-to-protect-troops-everyone-else-wtf.shtml SOPA Sponsors: Pass SOPA To Protect The Troops; Everyone Else: WTF? < - > So what does SOPA have to do with the troops? Well, they try to stretch the bill by noting the following: Trafficking in counterfeit military goods -- H.R. 3261 creates a strong deterrent to those who knowingly risk the lives of members of our armed forces and law enforcement by significantly increasing criminal penalties on those who knowingly traffic in counterfeit military goods or goods sold to law enforcement. ......Um. Sorry, but it's already very much against the law to sell counterfeit military goods. SOPA changes nothing there, and certainly won't deter anyone. This is just the ultimate cynical ploy by some Congressional Representatives who appear to have no shame at all, trampling on the good name of our military to pass a bailout bill for Hollywood. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 18 08:15:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Nov 2011 09:15:56 -0500 Subject: [Infowarrior] - France needs to upgrade all nuclear reactors Message-ID: <7A93401A-52E6-461D-AE69-4F194819D786@infowarrior.org> France needs to upgrade all nuclear reactors http://www.reuters.com/article/2011/11/17/us-france-nuclear-tests-idUSTRE7AG0HQ20111117 Thu, Nov 17 2011 By Muriel Boselli PARIS (Reuters) - France needs to upgrade the protection of vital functions in all its nuclear reactors to avoid a disaster in the event of a natural calamity, the head of its nuclear safety agency said, adding there was no need to close any plants. After Japan's Fukushima disaster in March, France, along with other European countries, decided to carry out safety tests on 58 reactors and its next-generation reactor under construction in northwestern France. The aim was to test their capacity to resist flooding, earthquakes, power outages, failure of the cooling systems and operational management of accidents. IRSN, experts on radiation protection and nuclear safety, delivered a 500-page report to nuclear watchdog ASN on Thursday, which will in turn hand over its conclusions, based on the report, to the government at the start of 2012. Peer reviewers from other European countries will then study the findings until the end of June. "There is a need to add a layer to protect safety mechanisms in reactors that are vital for the protection of the reactor such as cooling functions and electric powering," Jacques Repussard, head of the IRSN, told Reuters in an interview. "For example, it is necessary that each reactor has at least one protected independent diesel generator positioned out of the way which does not fail even in case of an extremely violent earthquake," he said. "All reactors have to survive much more violent events than what they were built to resist," he added, citing as possible examples an earthquake that destroys the southern city of Nice or the collapse of all dams at once, triggering massive floods. France is in the midst of a heated debate over nuclear energy ahead of the 2012 presidential elections. The ruling UMP party is in favor of maintaining nuclear and the opposition Socialist party is in favor of closing the oldest 24 reactors by 2025. Budget Minister Valerie Pecresse said this week the closure of 24 reactors would increase consumers' electricity bills by more than 50 percent, as well as costing jobs in an industry she said employs 400,000 people in France. NO NEED TO SHUT ANY REACTOR France's oldest reactors were built in sets of two so that in case of a problem with one, the resources of the second, such as personnel and equipment, could be used. "It was never envisaged that there could be a simultaneous problem in two reactors," Repussard said. He said he could not tell how much the upgrades would cost EDF, which operates all of France's reactors, and how long they would take. "We would like to see a work schedule that stretches no longer than a few years, but it will be necessary to carry out the works very quickly on the EPR (reactor) under construction. It's a large-scale industrial plan, which will have to take into account EDF's maintenance planning," he added Asked whether some reactors would not be strong enough to withstand powerful natural events he said: "All the sites can be protected, so it will be about the economics behind the upgrades." Repussard also said during a news briefing presenting the report that improvements could be made to better protect some reactors from earthquakes at Bugey (southeast), Fessenheim (east) and Civaux (southwest). Improvements were also necessary to better protect some reactors against flooding at Fessenheim, Chinon (west), Cruas (southeast), Saint-Laurent (central) and Tricastin (southeast). (Additional reporting by Benjamin Mallet; Editing by William Hardy) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 18 14:16:06 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 18 Nov 2011 15:16:06 -0500 Subject: [Infowarrior] - Special Ops Wants Commandos to Have Invisible Faces Message-ID: http://www.wired.com/dangerroom/2011/11/invisible-soldiers/?utm_source=co2hog Special Ops Wants Commandos to Have Invisible Faces By Katie Drummond November 18, 2011 Special ops commandos are already the savviest, most covert of all soldiers: They fly in stealth helicopters, wear high-tech camo suits and use nothing but the best face paint Pentagon cash can buy. But they?ve still got weak points. Most importantly, their own body heat and even the swiftest of movements can give them away. That?ll change if U.S. Special Operations Command (SOCOM) gets its way. The agency in April announced that ?invisibility? equipment for commandos was one of their top priorities. Already, commandos have uniforms that can block most of the heat they emit. But as SOCOM notes in their latest round of small-business solicitations, they?ve gotta be able to ?breathe, see and hear,? making it tough to keep their faces concealed from sensors. Now, SOCOM is asking for proposals that?d ?reduce the warfighter?s facial signature? in marine environments, to minimize their risk of heat-based detection by infrared sensors or motion-based spotting via electro-optical surveillance. Sounds crazy, but they just might have a shot. In 2008, the Army Military Research Office boasted that they were a mere two or three years away from developing metamaterials that could deflect light to conceal a given object. Since then, experts at various institutions have made impressive progress. Researchers from the University of Texas at Dallas have shown off an invisibility cloak that harnesses the ?mirage effect,? defense company BAE Systems has developed a system that renders vehicles invisible to the entire infrared spectrum and physicists from St. Andrews University broke new ground with a meta-material that comes even closer to all-out undetectability. SOCOM wants prototypes to zero in on what scientists already know about creating undetectability: The University of Texas? device works best in water, for example, while metamaterials are optimal at night. So SOCOM?s after just those attributes: Something that works in aquatic scenarios, including open ocean, surf or on the beach, and is effective in various nighttime lighting conditions. The prototype should also work year-round, in freezing or scorching temps. And if commandos are gonna make it ashore, a successful prototype will need to be nearly as discreet as they are. The solicitation notes that ?an operator?s ability to swim? is a top consideration in the finished product?s design. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 19 17:42:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Nov 2011 18:42:16 -0500 Subject: [Infowarrior] - RIAA Thinking Of Backing Righthaven Message-ID: <596F9757-AD44-4C23-B6E5-F0716E40223D@infowarrior.org> RIAA Thinking Of Backing Righthaven from the can-they-get-any-more-out-of-touch dept http://www.techdirt.com/articles/20111118/11374416816/riaa-thinking-backing-righthaven.shtml Every time you think the RIAA can't make things even worse for itself... it does. The latest is that it's apparently considering helping Righthaven out. Righthaven! The company that has become the total laughingstock of the copyright world, that is on the losing end of a bunch of cases and is desperately trying to get out of paying all the attorneys' fees awards that are being given to the companies, individuals and sites it has sued. Of course, as some have noted, the good thing about Righthaven is that it has tee'd up a bunch of rulings that will be useful precedents in other copyright cases. And that's what has the RIAA scared. In particular, the RIAA is freaked out about a couple of rulings saying that even reposting full articles can be fair use. That has the RIAA shaking, because the big labels hate the concept of fair use. The major labels are still upset at the idea that the Campbell vs. Acuff-Rose ruling means that commercial use can still be fair use. And they love the the Bridgeport Music ruling that wasn't about fair use, per se, but did take away de minimis use, saying "Get a license or do not sample." So, now the RIAA is realizing that Righthaven -- and in particular the Hoehn ruling, which lays out in great detail why the full use of a copyrighted offering can still be fair use -- is suddenly an important battlefront in its war on fair use. Just having the line from the case "wholesale copying does not preclude a finding of fair use" freaks the RIAA out. So we've now seen that RIAA's chief apologist litigator is suggesting that perhaps the RIAA is going to get involved in the fight (from an interview behind a paywall, so we'll just quote her words) concerning the fair use finding in Hoehn: "From our perspective, that just can't stand." That certainly suggests that the RIAA is thinking of inserting itself into the appeals process here. Probably with an amicus brief, but it makes you wonder if they won't also consider figuring out ways to fund Righthaven to keep it afloat. There are already quite reasonable concerns that the company is effectively insolvent due to all the legal fees it owes to those it has sued. Either way, when you're at the level where you're joining forces with Righthaven, you've really hit the bottom of the barrel. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 19 17:44:02 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Nov 2011 18:44:02 -0500 Subject: [Infowarrior] - More on .... Congress: Trading stock on inside information? References: <201111191110.pAJBAHia026630@synergy.ecn.purdue.edu> Message-ID: <7AC1F3A1-EB39-4543-A92C-F797E79966F8@infowarrior.org> Begin forwarded message: > From: Joe C > Date: November 19, 2011 6:10:17 AM EST > Subject: Re: [Infowarrior] - Congress: Trading stock on inside information? > > Hi Richard, > > The Atlantic Monthly had a good article on this with more mixed conclusions > on this issue. Clearly there's a need for more transparency on this > issue. The CBSnews article seems to be a transcript of the 60 minutes > piece on this. > > Capitol Gains > Are members of Congress guilty of insider trading?and does it matter? > By Megan McArdle > http://www.theatlantic.com/magazine/archive/2011/11/capitol-gains/8692/ From rforno at infowarrior.org Sat Nov 19 19:17:40 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Nov 2011 20:17:40 -0500 Subject: [Infowarrior] - UCD to investigate police use of pepper spray Message-ID: California university to investigate police use of pepper spray - CNN.com By the CNN Wire Staff 2011-11-19T23:55:11Z CNN.com http://www.cnn.com/2011/11/19/us/california-pepper-spray/index.html?hpt=hp_t1 (CNN) -- University of California Davis' chancellor Saturday called police use of pepper spray on Occupy protesters "chilling" and established a task force to look into the incident. The startling video broadcast by CNN Sacramento affiliate KOVR showed an officer, in a sweeping motion, spraying seated protesters point blank Friday before other officers moved in. Eleven people were treated on site for effects of the spray. Two of them were sent to the hospital, university officials said. "Yesterday was not a day that would make anyone on our campus proud; indeed the events of the day need to guide us forward as we try to make our campus a better place of inquiry, debate, and even dissent," Chancellor Linda P.B. Katehi said in a statement. UC Davis spokeswoman Claudia Morain told CNN that 25 tents were in place Friday afternoon -- despite fliers explaining the campus prohibits overnight camping. After written and verbal warnings, officers reminded the protesters they would be subject to arrest if they did not move their tents, Morain said. A group of protesters sat on a path with their arms interlocked as police moved in to remove the tents. At one point, protesters encircled the officers and blocked them from leaving, the spokeswoman said. Cut off from backup, the officers determined the situation was not safe and asked people several times to make room, Morain said. One officer used pepper spray when a couple of protesters and some of the 200 bystanders moved in, she added. Ten people were arrested during the faceoff, she said late Friday. Tentative charges were failure to disperse and lodging without permission. Morain said the pepper spray was used in lieu of batons. "Obviously they use this only as a last resort," she said of the officers. Katehi said the incident followed week-long peaceful demonstrations about the campus, the cost of higher education and other issues. "During the early afternoon hours and because of the request to take down the tents, many students decided to dismantle their tents, a decision for which we are very thankful," she wrote. "However, a group of students and non-campus affiliates decided to stay. The university police then came to dismantle the encampment. ... As indicated in various videos, the police used pepper spray against the students who were blocking the way. The use of pepper spray as shown on the video is chilling to us all and raises many questions about how best to handle situations like this." Katehi said a task force made of faculty, students and staff will review the events and provide a report within 90 days. "This report will help inform our policies and processes within the university administration and the Police Department to help us avoid similar outcomes in the future," she said. Officials also will review policies on how students express their opinions. UC Davis police were scheduled to comment Saturday evening. CNN's Marlena Baldacci contributed to this report. ? 2011 Cable News Network. Turner Broadcasting System, Inc. All Rights Reserved. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 19 19:31:08 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Nov 2011 20:31:08 -0500 Subject: [Infowarrior] - Militarization of Campus Police Message-ID: Militarization of Campus Police Bob Ostertag Professor of Technocultural Studies and Music at UC Davis Posted: 11/19/11 07:00 PM ET http://www.huffingtonpost.com/bob-ostertag/uc-davis-protest_b_1103039.html Yesterday, police at UC Davis attacked seated students with a chemical gas. I teach at UC Davis and I personally know many of the students who were the victims of this brutal and unprovoked assault. They are top students. In fact, I can report that among the students I know, the higher a student's grade point average, the more likely it is that they are centrally involved in the protests. This is not surprising, since what is at issue is the dismantling of public education in California. Just six years ago, tuition at the University of California was $5357. Tuition is currently $12,192. According to current proposals, it will be $22,068 by 2015-2016. We have discussed this in my classes, and about one third of my students report that their families would likely have to pull them out of school at the new tuition. It is not a happy moment when the students look around the room and see who it is that will disappear from campus. These are young people who, like college students everywhere and at all times, form some of the deepest friendships they will have in their lives. This is what motivates students who have never taken part in any sort of social protest to "occupy" the campus quad. And indeed, there were students who were attacked with chemical agents by robocops who were engaging in their first civic protest. Since the video of the assault has gone viral, I will assume that most of you have seen the shocking footage. Let's take a look at the equally outrageous explanations and justifications that have come from UC Davis authorities. UC Davis Chancellor Linda P.B. Katehi sent a letter to the university last night. Chancellor Katehi tells us that: The group was informed in writing... that if they did not dismantle the encampment, it would have to be removed... However a number of protestors refused our warning, offering us no option but to ask the police to assist in their removal. No other options? The list of options is endless. To begin with, the chancellor could have thanked them for their sense of civic duty. The occupation could have been turned into a teach-in on the role of public education in this country. There could have been a call for professors to hold classes on the quad. The list of "other options" is endless. Chancellor Katehi asserts that "the encampment raised serious health and safety concerns." Really? Twenty tents on the quad "raised serious health and safety concerns?" Has the chancellor been to a frat party lately? Or a football game? Talk about "serious health and safety concerns." How about this for another option: three years ago there was a very similar occupation of the quad at Columbia University in New York City by students protesting the way the expansion of the university was displacing residents in the neighborhood. There was a core group of twenty or thirty students there around the clock. At the high points there were 200-300. The administration met with the students and held serious discussions about their concerns. And after a couple of weeks the protest had run its course and the students took the tents down. The most severe action that was even contemplated on the part of the university was to expel students who were hunger striking, under a rule that allows the school to expel students who are considered a threat to themselves. But no one was actually expelled. Remember when universities used to expel students instead of spray them with chemical agents? We should also note that at Columbia, a private university, the campus police carry no arms and no pepper spray. This is what Columbia University police look like when arresting students: This is what the police at Davis, a public university, looked like yesterday: It is worth noting that in the Columbia photo, the one without helmets, guns, or chemical assault weapons, the student is being arrested for selling cocaine. In the Davis photo the students were defending public education. Could Chancellor Katehi please explain what "serious health and safety concerns" were posed at Davis that were absent at Columbia? The only thing that involved a "serious health and safety concern" at Davis yesterday was the pepper spray. I just spoke with a doctor who works for the California Department of Corrections, who participated in a recent review of the medical literature on pepper spray for the CDC. They concluded that the medical consequences of pepper spray are poorly understood but involve serious health risk. As with chili peppers, some people tolerate pepper spray well, while others have extreme reactions. It is not known why this is the case. As a result, if a doctor sees pepper spray used in a prison, he or she is required to file a written report. And regulations prohibit the use of pepper spray on inmates in all circumstances other than the immediate threat of violence. If a prisoner is seated, by definition the use of pepper spray is prohibited. Any prison guard who used pepper spray on a seated prisoner would face immediate disciplinary review for the use of excessive force. Even in the case of a prison riot in which inmates use extreme violence, once a prisoner sits down he or she is not considered to be an imminent threat. And if prison guards go into a situation where the use of pepper spray is considered likely, they are required to have medical personnel nearby to treat the victims of the chemical agent. Apparently, in the state of California felons incarcerated for violent crimes have rights that students at public universities do not. Amazingly, UC Davis Police Chief Annette Spicuzza attempted to justify this crime. If you look at the video you are going to see that there were 200 people in that quad. Hindsight is 20-20 and based on the situation we were sitting in, ultimately that was the decision that was made. Yes, there were about 200 people in the quad. It is a piece of grass that was placed by the designers of the campus to be an open, central meeting place for the university community. But somehow, 200 students in the quad has become a problem. A huge problem. A problem so big that, well, yeah it was too bad those kids got pepper sprayed, but hey, there were 200 people in the quad. Like the chancellor, Chief Spicuzza justified the assault by saying that the protest was "not safe for multiple reasons," none of which she specified. How is it that non-violent student protest has suddenly become "unsafe" in the United States? Just to jolt us back to reality for a moment, remember Amy Carter, daughter of former President Jimmy Carter. In 1985 she was arrested in an anti-apartheid demonstration at the South African Embassy in Washington. Like the Davis students, she was arrested when she refused an order to disperse. But she wasn't sprayed with a chemical weapon, or bodyslammed to the ground. She was handcuffed and led to a police car, telling reporters, ''I'm proud to be my father's daughter.'' The following year she was arrested again, this time at the University of Massachusetts protesting CIA recruitment there. In short, Amy was just the sort of student that the administration of the UC is panicked about. She moved from place to place. She was arrested multiple times. She was not a student at UM at the time of her arrest there. She was a sophomore at Brown. This is the big fear the UC leadership keeps raising about today's campus protests: the protests can't be allowed because they might involve "outside agitators" who are not students. Well, the former president's daughter was just such an outside agitator. She even brought Abbie Hoffman to get arrested with her at a university where she was not a student! The sky didn't fall. No one was injured. No weapons were used. And Amy was acquitted of all charges, successfully arguing in court that CIA involvement in Central America and elsewhere was equivalent to trespassing in a burning building. Now fast forward to today. Last week, UC Berkeley Chancellor Robert Birgeneau issued a statement justifying the brutal use of police batons on student protesters like this: It is unfortunate that some protesters chose to obstruct the police by linking arms and forming a human chain to prevent the police from gaining access to the tents. This is not non-violent civil disobedience... the police were forced to use their batons. Perhaps the Chancellors of Davis and Berkeley have never seen this photo of people with linked arms. It is an iconic image of non-violent civil disobedience in this country. Chancellor Robert Birgeneau thus joins the likes of Bull Connor, the notorious segregationist and architect of the violent repression of the civil rights movement in Birmingham, Alabama, as some of the very few people who view the non-violent tactics of Martin Luther King as violent. Most people disagree, which is why King was given the Nobel Peace Prize. Throughout my life I have seen, and sometimes participated in, peaceful civil disobedience in which sitting and linking arms was understood by citizens as a posture that indicates, in the clearest possible way available, protestors' intent to be non-violent. If example, if you look through training materials from groups like the Quakers, the various pacifist organization and centers, and Christian organizations, it is universally taught that sitting and linking arms is the best way to de-escalate any confrontation between police and people exercising their first amendment right to public speech. Likewise, for over 30 years I have seen police universally understand this gesture. Many many times I have seen police treat protestors who sat and linked arms when told they must disperse or face arrest as a very routine matter: the police then approach the protestors individually and ask them if, upon arrest, they are going to walk of their own accord or not the police will have to carry them. In fact, this has become so routine that I have often wondered if this form of protest had become so scripted as to have lost most of its meaning. No more. What we have seen in the last two weeks around the country, and now at Davis, is a radical departure from the way police have handled protest in this country for half a century. Two days ago an 84 year old woman was sprayed with a chemical assault agent in Portland in the same manner our students at Davis were maced. A Hispanic New York City Councilman was brutally thrown to the ground, arrested, and held cuffed in a police van for two hours for no reason at all, and was never even told why he was arrested. And I am sure you all know about former Marine Lance Cpl. Scott Olsen, who suffered a fractured skull after police hit him with a tear gas canister, then rolled a flash bomb into the group of citizens trying to give him emergency medical care. Last week, former Seattle Police Chief Norm Stamper published an essay arguing that the current epidemic of police brutality is a reflection of the militarization (his word, not mine) of our urban police forces, the result of years of the "war on drugs" and the "war on terror. Stamper was chief of police during the World Trade Organization protests in Seattle in 1999, and is not a voice that can be easily dismissed. Yesterday, the militarization of policing in the U.S. arrived on my own campus. These issues go to the core of what democracy means. We have a major economic crisis in this country that was brought on by the greedy and irresponsible behavior of big banks. No banker has been arrested, and certainly none have been pepper sprayed. Arrests and chemical assault is for those trying to defend their homes, their jobs, and their schools. These are not trivial matters. This is a moment to stand up and be counted. I am proud to teach at a university where students have done so. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 19 20:47:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 19 Nov 2011 21:47:17 -0500 Subject: [Infowarrior] - Document Trove Exposes Surveillance Methods Message-ID: <369ACBA7-D262-428F-87DB-A518249A208D@infowarrior.org> http://online.wsj.com/article/SB10001424052970203611404577044192607407780.html?mod=googlenews_wsj Censorship Inc. Document Trove Exposes Surveillance Methods By JENNIFER VALENTINO-DEVRIES, JULIA ANGWIN and STEVE STECKLOW Documents obtained by The Wall Street Journal open a rare window into a new global market for the off-the-shelf surveillance technology that has arisen in the decade since the terrorist attacks of Sept. 11, 2001. The techniques described in the trove of 200-plus marketing documents, spanning 36 companies, include hacking tools that enable governments to break into people's computers and cellphones, and "massive intercept" gear that can gather all Internet communications in a country. The papers were obtained from attendees of a secretive surveillance conference held near Washington, D.C., last month. Intelligence agencies in the U.S. and abroad have long conducted their own surveillance. But in recent years, a retail market for surveillance tools has sprung up from "nearly zero" in 2001 to about $5 billion a year, said Jerry Lucas, president of TeleStrategies Inc., the show's operator. Critics say the market represents a new sort of arms trade supplying Western governments and repressive nations alike. "The Arab Spring countries all had more sophisticated surveillance capabilities than I would have guessed," said Andrew McLaughlin, who recently left his post as deputy chief technology officer in the White House, referring to the Middle Eastern and African nations racked by violent crackdowns on dissent. How the 'Off the Shelf' Surveillance Industry Has Grown The Journal this year uncovered an Internet surveillance center installed by a French firm in Libya and reported that software made by Britain's Gamma International UK Ltd., had been used in Egypt to intercept dissidents' Skype conversations. In October, a U.S. company that makes Internet-filtering gear acknowledged to the Journal that its devices were being used in Syria. Companies making and selling this gear say it is intended to catch criminals and is available only to governments and law enforcement. They say they obey export laws and aren't responsible for how the tools are used. Trade-show organizer Mr. Lucas added that his event isn't political. "We don't really get into asking, 'Is this in the public interest?'" he said. TeleStrategies holds ISS World conferences world-wide. The one near Washington, D.C., caters mainly to U.S., Canadian, Caribbean and Latin American authorities. The annual conference in Dubai has long served as a chance for Middle Eastern nations to meet companies hawking surveillance gear. The global market for off-the-shelf surveillance technology has taken off in the decade since 9/11. WSJ's Jennifer Valentino-DeVries explains some of the new methods governments and law enforcement are using to monitor people. Many technologies at the Washington-area show related to "massive intercept" monitoring, which can capture vast amounts of data. Telesoft Technologies Ltd. of the U.K. touted its device in its documents as offering "targeted or mass capture of 10s of thousands of simultaneous conversations from fixed or cellular networks." Telesoft declined to comment. California-based Net Optics Inc., whose tools make monitoring gear more efficient, presented at the show and offers a case study on its website that describes helping a "major mobile operator in China" conduct "real-time monitoring" of cellphone Internet content. The goal was to help "analyze criminal activity" as well as "detect and filter undesirable content," the case study says. Net Optics' CEO, Bob Shaw, said his company follows "to the letter of the law" U.S. export regulations. "We make sure we're not shipping to any countries that are forbidden or on the embargo list," he said in an interview. Among the most controversial technologies on display at the conference were essentially computer-hacking tools to enable government agents to break into people's computers and cellphones, log their keystrokes and access their data. Although hacking techniques are generally illegal in the U.S., law enforcement can use them with an appropriate warrant, said Orin Kerr, a professor at George Washington University Law School and former computer-crime attorney at the Justice Department. The documents show that at least three companies?Vupen Security SA of France, HackingTeam SRL of Italy and Gamma's FinFisher?marketed their skill at the kinds of techniques often used in "malware," the software used by criminals trying to steal people's financial or personal details. The goal is to overcome the fact that most surveillance techniques are "useless against encryption and can't reach information that never leaves the device," Marco Valleri, offensive-security manager at HackingTeam, said in an interview. "We can defeat that." Representatives of HackingTeam said they tailor their products to the laws of the country where they are being sold. The firm's products include an auditing system that aims to prevent misuse by officials. "An officer cannot use our product to spy on his wife, for example," Mr. Valleri said. Mr. Valleri said HackingTeam asks government customers to sign a license in which they agree not to provide the technology to unauthorized countries. Vupen, which gave a presentation at the conference on "exploiting computer and mobile vulnerabilities for electronic surveillance," said its tools take advantage of security holes in computers or cellphones that manufacturers aren't yet aware of. Vupen's marketing documents describe its researchers as "dedicated" to finding "unpatched vulnerabilities" in software created by Microsoft Corp., Apple Inc. and others. On its website, the company offered attendees a "free Vupen exploit sample" that relied on an already-patched security hole. Vupen says it restricts its sales to Australia, New Zealand, members and partners of the North Atlantic Treaty Organization and the Association of Southeast Asian Nations. The company says it won't sell to countries subject to international embargoes, and that its research must be used for national-security purposes only and in accordance with ethical practices and applicable laws. The documents for FinFisher, a Gamma product, say it works by "sending fake software updates for popular software." In one example, FinFisher says intelligence agents deployed its products "within the main Internet service provider of their country" and infected people's computers by "covertly injecting" FinFisher code on websites that people then visited. The company also claims to have allowed an intelligence agency to trick users into downloading its software onto BlackBerry mobile phones "to monitor all communications, including [texts], email and BlackBerry Messenger." Its marketing documents say its programs enable spying using devices and software from Apple, Microsoft, and Google Inc., among others. FinFisher documents at the conference were offered in English, Arabic and other languages. A Google spokesman declined to comment on FinFisher specifically, adding that Google doesn't "tolerate abuse of our services." An Apple spokeswoman said the company works "to find and fix any issues that could compromise [users'] systems." Apple on Monday introduced a security update to iTunes that could stop an attack similar to the type FinFisher claims to use, namely offering bogus software updates that install spyware. Microsoft and Research In Motion Ltd., which makes BlackBerry devices, declined to comment. The documents discovered in Egypt earlier this year indicated that Gamma's Egyptian reseller was offering FinFisher systems there for about $560,000. Gamma's lawyer told the Journal in April that it never sold the products to Egypt's government. Gamma didn't respond to requests for comment for this article. Like most companies interviewed, Gamma declined to disclose its buyers, citing confidentiality agreements. Privacy advocates say manufacturers should be more transparent about their activities. Eric King of the U.K. nonprofit Privacy International said "the complex network of supply chains and subsidiaries involved in this trade allows one after the other to continually pass the buck and abdicate responsibility." Mr. King routinely attends surveillance-industry events to gather information on the trade. At the Washington and Dubai trade conferences this year, which are generally closed to the public, Journal reporters were prevented by organizers from attending sessions or entering the exhibition halls. February's Dubai conference took place at a time of widespread unrest elsewhere in the region. Nearly 900 people showed up, down slightly because of the regional turmoil, according to an organizer. Presentations in Dubai included how to intercept wireless Internet traffic, monitor social networks and track cellphone users. "All of the companies involved in lawful intercept are trying to sell to the Middle East," said Simone Benvenuti, of RCS SpA, an Italian company that sells monitoring centers and other "interception solutions," mostly to governments. He declined to identify any clients in the region. In interviews in Dubai, executives at several companies said they were aware their products could be abused by authoritarian regimes but they can't control their use after a sale. "This is the dilemma," said Klaus Mochalski, co-founder of ipoque, a German company specializing in deep-packet inspection, a powerful technology that analyzes Internet traffic. "It's like a knife. You can always cut vegetables but you can also kill your neighbor." He referred to it as "a constant moral, ethical dilemma we have." ?Paul Sonne contributed to this article. Write to Jennifer Valentino DeVries at jennifer.valentino-devries at wsj.com, Julia Angwin at julia.angwin at wsj.com and Steve Stecklow at steve.stecklow at wsj.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 20 09:23:06 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Nov 2011 10:23:06 -0500 Subject: [Infowarrior] - Viacom's New SOPA/PIPA Internet Censorship Pitch - Truth Annotated Edition! Message-ID: <0CA2E951-D820-448D-9656-402BB16A14EB@infowarrior.org> How true.... Viacom has just released a video calling for support of global Internet censorship via SOPA (Stop Online Piracy Act) and PIPA (Protect IP Act). A truth annotated version of this approximately seven minute video is now available. Viacom's New SOPA/PIPA Internet Censorship Pitch - Truth Annotated Edition! http://www.youtube.com/watch?v=5ElE2yXjO9M --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 20 10:41:37 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Nov 2011 11:41:37 -0500 Subject: [Infowarrior] - License plate readers: A useful tool for police comes with privacy concerns Message-ID: <446444F9-8F2F-409A-9AE5-2E90AABF4EEC@infowarrior.org> Definitely something that needs calm & objective public scrutiny and debate .... but it's pathetic that some LEOs still cling to the oft-cited fallback defence shown in the final paragraph. -- rick License plate readers: A useful tool for police comes with privacy concerns By Allison Klein and Josh White, Published: November 19 http://www.washingtonpost.com/local/license-plate-readers-a-useful-tool-for-police-comes-with-privacy-concerns/2011/11/18/gIQAuEApcN_print.html An armed robber burst into a Northeast Washington market, scuffled with the cashier, and then shot him and the clerk?s father, who also owned the store. The killer sped off in a silver Pontiac, but a witness was able to write down the license plate number. Police figured out the name of the suspect very quickly. But locating and arresting him took a little-known investigative tool: a vast system that tracks the comings and goings of anyone driving around the District. Scores of cameras across the city capture 1,800 images a minute and download the information into a rapidly expanding archive that can pinpoint people?s movements all over town. Police entered the suspect?s license plate number into that database and learned that the Pontiac was on a street in Southeast. Police soon arrested Christian Taylor, who had been staying at a friend?s home, and charged him with two counts of first-degree murder. His trial is set for January. More than 250 cameras in the District and its suburbs scan license plates in real time, helping police pinpoint stolen cars and fleeing killers. But the program quietly has expanded beyond what anyone had imagined even a few years ago. With virtually no public debate, police agencies have begun storing the information from the cameras, building databases that document the travels of millions of vehicles. Nowhere is that more prevalent than in the District, which has more than one plate-reader per square mile, the highest concentration in the nation. Police in the Washington suburbs have dozens of them as well, and local agencies plan to add many more in coming months, creating a comprehensive dragnet that will include all the approaches into the District. ?It never stops,? said Capt. Kevin Reardon, who runs Arlington County?s plate reader program. ?It just gobbles up tag information. One of the big questions is, what do we do with the information?? Police departments are grappling with how long to store the information and how to balance privacy concerns against the value the data provide to investigators. The data are kept for three years in the District, two years in Alexandria, a year in Prince George?s County and a Maryland state database, and about a month in many other suburban areas. ?That?s quite a large database of innocent people?s comings and goings,? said Jay Stanley, senior policy analyst for the American Civil Liberties Union?s technology and liberty program. ?The government has no business collecting that kind of information on people without a warrant.? But police say the tag readers can give them a critical jump on a child abductor, information about when a vehicle left ? or entered ? a crime scene, and the ability to quickly identify a suspected terrorist?s vehicle as it speeds down the highway, perhaps to an intended target. Having the technology during the Washington area sniper shootings in 2002 might have stopped the attacks sooner, detectives said, because police could have checked whether any particular car was showing up at each of the shooting sites. ?It?s a perfect example of how they?d be useful,? said Lt. T.J. Rogers, who is responsible for the 26 tag readers maintained by the Fairfax County police. ?We see a lot of potential in it.? The plate readers are different from red-light or speed cameras, which issue traffic tickets and are tools for deterrence and enforcement. The readers are an investigative tool, capturing a picture of every license plate that passes by and instantly analyzing them against a database filled with cars wanted by police. Police can also plug any license plate number into the database and, as long as it passed a camera, determine where that vehicle has been and when. Detectives also can enter a be-on-the-lookout into the database, and the moment that license plate passes a detector, they get an alert. It?s that precision and the growing ubiquity of the technology that has libertarians worried. In Northern Virginia recently, a man reported his wife missing, prompting police to enter her plate number into the system. They got a hit at an apartment complex, and when they got there, officers spotted her car and a note on her windshield that said, in essence, ?Don?t tow, I?m visiting apartment 3C.? Officers knocked on the door of that apartment, and she came out of the bedroom. They advised her to call her husband. A new tool in the arsenal Even though they are relatively new, the tag readers, which cost about $20,000 each, are now as widely used as other high-tech tools police employ to prevent and solve crimes, including surveillance cameras, gunshot recognition sensors and mobile finger?print scanners. License plate readers can capture numbers across four lanes of traffic on cars zooming up to 150 mph. ?The new technology makes our job a lot easier and the bad guys? job a lot harder,? said D.C. Police Chief Cathy Lanier. The technology first was used by the postal service to sort letters. Units consist of two cameras ? one that snaps digital photographs and another that uses an optical infrared sensor to decipher the numbers and letters. The camera captures a color image of the vehicle while the sensor ?reads? the license plate and transfers the data to a computer. When stored over time, the collected data can be used instantaneously or can help with complex analysis, such as whether a car appears to have been followed by another car or if cars are traveling in a convoy. Police also have begun using them as a tool to prevent crime. By positioning them in nightclub parking lots, for example, police can collect information about who is there. If members of rival gangs appear at a club, police can send patrol cars there to squelch any flare-ups before they turn violent. After a crime, police can gather a list of potential witnesses in seconds. ?It?s such a valuable tool, it?s hard not to jump on it and explore all the things it can do for law enforcement,? said Kevin Davis, assistant chief of police in Prince George?s County. The readers have been used across the country for several years, but the program is far more sophisticated in the Washington region. The District has 73 readers; 38 of them sit stationary and the rest are attached to police cars. D.C. officials say every police car will have one some day. The District?s license plate cameras gather more than a million data points a month, and officers make an average of an arrest a day directly from the plate readers, said Tom Wilkins, executive director of the D.C. police department?s intelligence fusion division, which oversees the plate reader program. Between June and September, police found 51 stolen cars using the technology. Police do not publicly disclose the locations of the readers. And while D.C. law requires that the footage on crime surveillance cameras be deleted after 10 days unless there?s an investigative reason to keep it, there are no laws governing how or when Washington area police can use the tag reader technology. The only rule is that it be used for law enforcement purposes. ?That?s typical with any emerging technology,? Wilkins said. ?Even though it?s a tool we?ve had for five years, as it becomes more apparent and widely used and more relied upon, people will begin to scrutinize it.? Legal concerns Such scrutiny is happening now at the U.S. Supreme Court with a related technology: GPS surveillance. At issue is whether police can track an individual vehicle with an attached GPS device. Orin Kerr, a law professor at George Washington University who has been closely watching the Supreme Court case, said the license plate technology probably would pass constitutional muster because there is no reasonable expectation of privacy on public streets. But, Kerr said, the technology?s silent expansion has allowed the government to know things it couldn?t possibly know before and that the use of such massive amounts of data needs safeguards. ?It?s big brother, and the question is, is it big brother we want, or big brother that we don?t want?? Kerr said. ?This technology could be used for good and it could be used for bad. I think we need a conversation about whether and how this technology is used. Who gets the information and when? How long before the information is deleted? All those questions need scrutiny.? Should someone access the database for something other than a criminal investigation, they could track people doing legal but private things. Having a comprehensive database could mean government access to information about who attended a political event, visited a medical clinic, or went to Alcoholics Anonymous or Planned Parenthood. Maryland and Virginia police departments are expanding their tag reader programs and by the end of the year expect to have every major entry and exit point to the District covered. ?We?re putting fixed sites up in the capital area,? said Sgt. Julio Valcarcel, who runs the Maryland State Police?s program, which now has 19 mobile units and one fixed unit along a major highway, capturing roughly 27 million reads per year. ?Several sites are going online over the winter.? Some jurisdictions store the information in a large networked database; others retain it only in the memory of each individual reader?s computer, then delete it after several weeks as new data overwrite it. A George Mason University study last year found that 37 percent of large police agencies in the United States now use license plate reader technology and that a significant number of other agencies planned to have it by the end of 2011. But the survey found that fewer than 30 percent of the agencies using the tool had researched any legal implications. There also has been scant legal precedent. In Takoma Park, police have two tag readers that they have been using for two years. Police Chief Ronald A. Ricucci said he was amazed at how quickly the units could find stolen cars. When his department first got them, he looked around at other departments to see what kind of rules and regulations they had. ?There wasn?t much,? Ricucci said. ?A lot of people were using them and didn?t have policies on them yet.? Finding stolen cars faster The technology first came to the Washington region in 2004 as a pilot program. During an early test, members of the Washington Area Vehicle Enforcement Unit recovered eight cars, found 12 stolen license plates and made three arrests in a single shift. Prince George?s police bought several units to help combat the county?s crippling car theft and carjacking problem. It worked. ?We recover cars very quickly now. In previous times that was not the case,? said Prince George?s Capt. Edward Davey, who is in charge of the county?s program. ?Before, they?d be dumped on the side of the road somewhere for a while.? Now Prince George?s has 45 units and is likely to get more soon. ?The more we use them, the more we realize there?s a whole lot more on the investigative end of them,? Davey said. ?We are starting to evolve. Investigators are starting to realize how to use them.? Arlington police cars equipped with the readers regularly drive through the parking garage at the Pentagon City mall looking for stolen cars, checking hundreds of them in a matter of minutes as they cruise up and down the aisles. In Prince William County, where there are 12 mobile readers, the units have been used to locate missing people and recover stolen cars. Unlike in the District, in most suburban jurisdictions, the units are only attached to police cars on patrol, and there aren?t enough of them to create a comprehensive net. Virginia State Police have 42 units for the entire state, most of them focused on Northern Virginia, Richmond and the Tidewater area, and as of now have no fixed locations. There is also no central database, so each unit collects information on its own and compares it against a daily download of wanted vehicles from the FBI and the state. But the state police are looking into fixed locations that could capture as many as 100 times more vehicles, 24 hours a day, with the potential to blanket the interstates. ?Now, we?re not getting everything ? we?re fishing,? said Sgt. Robert Alessi, a 23-year veteran who runs the state police?s program. ?Fixed cameras will help us use a net instead of one fishing pole with one line in the water waiting to get a nibble.? Beyond the technology?s ability to track suspects and non-criminals alike, it has expanded beyond police work. Tax collectors in Arlington bought their own units and use the readers to help collect money owed to the county. Chesterfield County, in Virginia, uses a reader it purchased to collect millions of dollars in delinquent car taxes each year, comparing the cars on the road against the tax rolls. Police across the region say that they are careful with the information and that they are entrusted with many pieces of sensitive information about citizens, including arrest records and Social Security numbers. ?If you?re not doing anything wrong, you?re not driving a stolen car, you?re not committing a crime,? Alessi said, ?then you don?t have anything to worry about.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 20 20:05:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Nov 2011 21:05:30 -0500 Subject: [Infowarrior] - Bird flu science too scary to publish, some say Message-ID: Bird flu science too scary to publish, some say CBC News Posted: Nov 19, 2011 11:04 PM ET http://www.cbc.ca/news/technology/story/2011/11/19/flu-research-concerns.html?cmp=rss New bird flu research that shows that the dangerous virus can mutate to become easily transmissible among ferrets ? and perhaps humans ? has embroiled the scientific community in a difficult debate. Some biosecurity experts are concerned the research could be used as a blueprint by nefarious forces and are arguing against publication of the work. But others, especially influenza scientists, are countering that the flu world needs to know the possible paths the H5N1 virus could take to become one that can spread easily among people so laboratories can be on the lookout for those changes in nature. "There's been a general interest in understanding what the potential for human transmissibility is from H5N1 and from other influenza viruses. There certainly is an abiding interest in that question ? a policy interest, a public interest," said Thomas Inglesby, director of the Center for Biosecurity of the University of Pittsburgh Medical Center in Baltimore, Md. "But I think that has to be measured against the downside of actually demonstrating the transmissibility in ferrets as a surrogate for people, at one level. And then beyond that an even higher downside of describing in detail the methods by which this experiment could be done again." A panel of experts that advises the U.S. government on issues where science and terrorism have the potential to intersect is studying the research. The National Security Advisory Board on Biosecurity deals with issues of so-called dual use ? science that is done for valid reasons, but which would be used for evil ends. The National Security Advisory Board on Biosecurity will not comment on the issue. 2 papers already published The body does not have the power to bar publication, but it is unclear whether a scientific journal would feel comfortable publishing an article if the group says it should not be placed in the public domain. It's also not clear whether the funders of the research ? in this case, the U.S. National Institutes of Health ? would permit publication if the government's biosecurity advisers objected to publication of an article. The controversy relates to several papers, two of which have recently been published and another which is in the publication pipeline. That latter paper is the one garnering the most concern. The senior author, virologist Ron Fouchier of Erasmus Medical Centre in Rotterdam, the Netherlands, won't talk about the work other than to confirm it is under review by the National Security Advisory Board on Biosecurity. But Fouchier electrified the flu world in September when he gave an outline of the work at a major influenza conference in Malta. He told the gathering that in trying to find out whether H5N1 could acquire the ability to spread easily among people, he came up with a virus that spread among ferrets as easily as seasonal flu viruses, according to a report on the meeting in Scientific American. Scientists caught in Catch-22 Ferrets are considered the best animal model for human infection with influenza. It is feared that a virus that could spread easily among the animals would spread easily among people as well. H5N1 currently does not transmit easily to people or among people. To date there have been 570 confirmed cases of H5N1 infection in 15 countries and 335 of those people have died. The other two recently published studies, one by scientists from the U.S. Centers for Disease Control and another by scientists at St. Jude's Children's Hospital in Memphis, Tenn., both involved engineering viruses with some genes from H5N1 viruses. Both papers were published without being referred to the biosecurity advisory board. Flu scientists may feel like they are caught in a Catch-22 situation. For years they've faced demands from governments anxious to know whether H5N1 could become a human flu virus and what it would take for that to happen. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 20 21:06:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 20 Nov 2011 22:06:33 -0500 Subject: [Infowarrior] - =?windows-1252?q?SOPA=92s_ugly_message_to_the_wor?= =?windows-1252?q?ld_about_America_and_internet_Innovation?= Message-ID: <56A6F22E-37CB-4F27-9134-BF7AAE2E1D01@infowarrior.org> Posted at 10:31 AM ET, 11/19/2011 SOPA?s ugly message to the world about America and internet Innovation By Dominic Basulto http://www.washingtonpost.com/blogs/innovations/post/sopas-ugly-message-to-the-world-about-america-and-internet-innovation/2010/12/20/gIQATlhEYN_blog.html Imagine a country where the government is able to shut down Web sites at the slightest provocation, where elected representatives invoke fears of "overseas pirates" to defend the interests of domestic industries, and where Internet companies like Google must cave in to the demands of government censors or risk being shut down. No, we are not talking about China, North Korea or Iran ? we are talking about the United States, where legislators in both the House and Senate are attempting to push through new anti-piracy legislation by year-end that would benefit Hollywood at the expense of Silicon Valley. Unlike other, more confusing efforts to regulate the relationship between content providers and other Web sites, opposition to the new Stop Online Piracy Act (SOPA) legislation has led to a unified front within the tech community. Some of the most powerful players in Silicon Valley ? Google, Facebook, Zynga, eBay, Twitter, Yahoo, and LinkedIn ? have made their opposition to the bill public, even going so far as to take out full-page advertisements ("We Stand Together to Protect Innovation") explaining their position. Companies like Tumblr and Reddit that benefit from user-generated content have gone one step further, with highly publicized efforts to show users why it is important to speak out against SOPA. (Full disclosure: Washington Post Co. Chairman and chief executive Donald E. Graham is a member of Facebook's board of directors.) The anti-piracy legislation in the House, which has companion legislation known as "Protect IP" in the Senate, has picked up the support of the Motion Picture Association of America, the Screen Actors Guild, the U.S. Chamber of Commerce and even the International Association of Firefighters. The legislation is a ham-handed effort to shut down Internet piracy anywhere on the Web, but it confuses "piracy protection" and "censorship." The bill also showcases a failure on the part of lawmakers to understand how the Internet works. Under SOPA, any site that contains user-generated content, such as Flickr, Etsy or Tumblr, could be found liable for copyright infringement and be forced to shut down until the offending content has been removed. There is obviously a lot at stake, and it goes far beyond a tally of dollars and cents lost to piracy. This new legislation, if enacted, would strike at the very core of the way the Internet has been structured. Sharing, openness, and participation are at the core of what the Internet represents. When it comes to a choice between an open Internet and an Internet of walled gardens patrolled by government censors, there is no doubt which is preferable. As Booz & Co. pointed out in a recent study, the SOPA legislation could lead to a decline in Internet innovation. The Chinese government attempts to portray dissidents as "pirates" and "rogues" outside the system. Entertainment interests are taking a similar approach, and have found what they consider to be the perfect bogeymen: the "rogue" sites and "overseas pirates" who steal content and make it available elsewhere on the Internet at a cheaper price. Under the cover of protecting intellectual property and making the Internet safe again for users, they risk destroying what makes the Internet so special and attractive to innovators and investors alike. Certainly, a lot has changed on the Internet in just the past year. We have seen how bureaucratic, despotic governments in the Middle East have attempted to silence the majority through control of the Internet and how hacktivist organizations are ready, willing and able to go after government bodies that do not embrace the transparency of the Web. The new SOPA bill may not "cripple the Internet" as some have suggested, but passage would send a strong message to the world about the way the U.S. really views the flow of information, data and content across the Web. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 20 23:41:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Nov 2011 00:41:17 -0500 Subject: [Infowarrior] - UC Davis pepper-spraying raises questions about role of police Message-ID: UC Davis pepper-spraying raises questions about role of police http://www.washingtonpost.com/lifestyle/style/uc-davis-pepper-spraying-raises-questions-about-role-of-police/2011/11/20/gIQAOr8dfN_print.html By Philip Kennicott, Published: November 20 It looks as though he?s spraying weeds in the garden or coating the oven with caustic cleanser. It?s not just the casual, dispassionate manner in which the University of California at Davis police officer pepper-sprays a line of passive students sitting on the ground. It?s the way the can becomes merely a tool, an implement that diminishes the humanity of the students and widens a terrifying gulf between the police and the people whom they are entrusted to protect. The video, which shows the officer using the spray against Occupy protesters Friday, went viral over the weekend. On Sunday, the university placed two police officers on administrative leave while a task force investigates. The clip probably will be the defining imagery of the Occupy movement, rivaling in symbolic power, if not in actual violence, images from the Kent State shootings more than 40 years ago. Although another controversial image, showing an elderly woman hit with pepper spray near an Occupy protest in Seattle, made this nonlethal form of crowd control an iconic part of the new protest movement, the UC-Davis video goes even further in crystallizing an important question: What does the social contract say about nonviolent protest, and what is the role of police in a democratic society? Pepper spray, which in many countries is defined as a weapon and is often illegal for civilians to possess, can cause tissue damage, respiratory attacks and, in rare cases, death. It is considered far superior during crowd control to more violent forms of self-defense. But, like Tasers, which can also cause severe injury and death, there is increasing concern than it is being used by law enforcement without discretion or proper understanding of its dangers. The UC-Davis video will only amplify those concerns. The police officer emerges from the margins of the scene, walks in front of a line of students on the ground with arms interlaced, and brandishes the can briefly in a gesture that feels both bored and theatrical, like someone on a low-budget television commercial displaying a miracle product or a magician holding the flowers he is about make disappear. He then proceeds to spray a thick stream of orange liquid into their faces. The crowd surrounding the students erupts in cries of ?shame, shame,? questioning the police about whom they are protecting. The spraying is slow and deliberate, one face after another, down the line. It is the multiple victims that makes it so chilling, recalling the mechanization of violence during the 20th century. Pepper spray, of course, isn?t meant to be lethal, and it was deployed during an effort to enforce university policy rather than a state-sanctioned campaign of violence. But the apparent absence of empathy from the police officer, applying a toxic chemical to humans as if they were garden pests, is shocking. Even more so because it is a university police officer. University police generally operate under a more benignly paternalistic understanding of the law than other police. They are there to ensure the safety of the students, to help with the messier details of the in loco parentis function of the university. A half-century ago, many parents told their children to ask a cop for help in case of trouble. With police forces now defining their role as more military than civilian, viewing citizens with suspicion and often treating them with hostility, that has changed. Saying the wrong thing to a cop, asking for a warrant before a search, throwing a snowball at an unmarked cop car, legally taking a picture of an official building, questioning a Capitol police officer about why a public area has been closed can lead to threats of arrest, or worse. But on university campuses, the police are often seen as they generally once were: your friend. The UC-Davis police force has defended the use of pepper spray. An independent police expert quoted by the Associated Press calls pepper spray a ?compliance technique,? in language eerily reminiscent of the George W. Bush administration?s euphemisms for torture. Even if it is determined that the police followed proper procedures, the video might have lasting power for outrage, tapping into growing concerns not that police are abusing standard policies, but that our policies might need to be revised. Indeed, the disjunction between how the UC-Davis police read this video (they see an officer doing his job) and how many others read this video (they see a man in a uniform causing great and unnecessary pain to unresisting students) indicates that we have reached a kind of intellectual impasse about what kind of police we want and what limits should be placed on their power. The UC-Davis video might open up a broader conversation about the proper role of the police, especially during an era in which it appears that protest against the established order may be more frequent and widespread. This new era of protest, if it continues to develop, will play out on the Internet, with rapidly uploaded videos providing not just evidence of what happens, but evidence from numerous perspectives, as each encounter is recorded by dozens of onlookers and participants. UC-Davis has announced an investigation into the officer?s action and whether it was merited and legal. It is a familiar pattern ? the video is uploaded, it spreads, outrage develops and then the institution issues a seemingly reluctant and reactive plea for caution. We don?t know the context. We don?t know what really happened. That kind of caution grew out of an age of skepticism in response to the manipulation of photographs by unscrupulous agents, including totalitarian governments. It was an appropriate skepticism, engendering a valuable resistance to the extraordinary power of images to seem transparently truthful. The times may be changing. Video can be as easily manipulated as photography, but multiple videos from multiple perspectives, arriving within hours or minutes after an event, require a different kind of skepticism. The repeated claims by officials that our eyes are lying begin to seem more and more incredible. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 21 07:21:38 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Nov 2011 08:21:38 -0500 Subject: [Infowarrior] - China's Great Firewall Tests Mysterious Scans On Encrypted Connections Message-ID: <431ACDB2-B821-4405-8B2C-96E8D5B74568@infowarrior.org> 11/17/2011 @ 10:16AM |10,896 views China's Great Firewall Tests Mysterious Scans On Encrypted Connections http://www.forbes.com/sites/andygreenberg/2011/11/17/chinas-great-firewall-tests-mysterious-scans-on-encrypted-connections/ In the cat-and-mouse game between Chinese censors and Internet users, the government seems to be testing a new mousetrap?one that may be designed to detect and block tunnels through its Great Firewall even when the data in those tunnels is aimed at a little-known computer and obscured by encryption. In recent months, administrators of services with encrypted connections designed to allow users secure remote access say they?ve seen strange activity coming from China: When a user from within the country attempts to reach a server abroad, a string of seemingly random data hits the destination computer before he or she can connect, sometimes followed by that user?s communication being mysteriously dropped. The anti-censorship and anonymity service Tor, for instance, has found that many of its ?bridge nodes??privately-placed servers around the world designed to connect users to the rest of Tor?s public network of traffic re-routing computers?have become inaccessible to Chinese users within hours or even minutes of being set up, according to Andrew Lewman, the project?s executive director. Users have told him that other censorship circumvention services like Ultrasurf and Freegate have seen similar problems, he says. ?Someone will try to connect, then there?s a weird scan, and the bridge stops working,? says Lewman. ?We see weird things all the time, but this is a semi-consistent weird thing, and it?s only coming from China.? Lewman believes that China?s internet service providers may be testing a new system that, rather than merely block IP addresses or certain Web pages, attempts to identify censorship circumvention tools by preceding a user?s connection to an encrypted service with a probe designed to reveal something about what sort of service the user is accessing. ?It?s like if I tell my wife I?m going bowling with my friends, and she calls the bowling alley ahead of time to see if that?s what I?m really doing,? says Lewman. ?It?s verifying that you?re asking for what you seem to be asking for.? But so far, Lewman says Tor?s developers haven?t determined how that probe is able to see what?s an encrypted connection to a Tor server and what?s merely a connection to an encrypted banking or ecommerce site, which in theory should both look to a snooping government like indecipherably scrambled web traffic. The Chinese government after all, wouldn?t be likely to block all encrypted connections, such as corporate VPNs, Lewman points out. ?If Foxconn were disconnected from Apple, that would be big problem,? he says. In the mean time, only a small fraction of Tor?s Chinese users are experiencing the issue, implying that it may be just a subset of Chinese broadband providers experimenting with the new tool, says Lewman. China?s sniffing around encrypted traffic isn?t limited to the United States. Leif Nixon, an IT security administrator at the National Supercomputer Centre of Sweden at Linkoping University, says he independently spotted the phenomenon hitting his servers a full year ago, when Chinese students or researchers tried to log on to the Centre?s systems through SSH connections, and wrote a blog post about his findings earlier this month. ?I don?t know what the probes are supposed to accomplish,? he wrote at the time. ?My only guess is that the government is looking for certain services it doesn?t approve of, like open proxies or Tor relays, and that precise fingerprinting may be too expensive. Instead, they resort to an inspection method similar to fuzzing, where pseudo-random data is thrown at the server, just to see what happens.? ?It also matches the known repulsive censorship the Chinese government subjects its citizens to,? he added. ?I strongly dislike this probing of our systems that the Chinese government appears to be performing.? Another security engineer at a supercomputing center in the U.S., who asked not to be named, says he saw similar anomalies in as many as 20% of cases where users connected from China. ?We initially thought it was an attack. But now it looks more like a probe to see if this is something they want to censor,? says the engineer. ?I?ve never seen anything quite like it, myself.? Since the clampdown around the 60th anniversary celebration of the founding of China?s communist regime and the country?s very public censorship spat with Google, China has been on the hunt for censorship circumvention tools. But the country had previously focused on blocking services based on their IP addresses, an endless game of ?whack-a-mole? as new servers aiming to help circumvent the government?s censorship with new IP addresses constantly appear around the world, says Tor?s Andrew Lewman. In 2009, Iran similarly began trying to distinguish connections to Tor bridge nodes from other encrypted traffic and block the service, Lewman says. Tor responded by finding ways to change its behavior to better fit in with other services online, such as adjusting how often it changed the SSL certificate that identifies the service to users. Lewman says he doubts China could implement a similar system across the entire country, with its hundreds of millions of Web users. Nevertheless, Tor?s staff hopes to stay a step ahead of China?s censors. ?We?re working on figuring it out,? says Lewman. ?It?s quite a curiosity.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 21 09:06:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Nov 2011 10:06:25 -0500 Subject: [Infowarrior] - OT: How Supermarkets Trick You Into Spending More Money Message-ID: <25D10049-4BC2-4F29-B4E7-CDB703B61C08@infowarrior.org> How Supermarkets Trick You Into Spending More Money Sanctuary Written by Shilo Urban http://www.stumbleupon.com/su/1FNAYr/www.organicauthority.com/sanctuary/how-supermarkets-trick-you-into-spending-more-money.html How many times have you made a quick stop by the grocery store for a couple of simple items like milk and bread, only to wander out in a daze almost an hour later with an entire basketful of random items, junk food and 2-for-1 deals? Perhaps you walked in with a mission and a list, only to be dazzled and delighted by the delicious smells in the bakery, shiny towers of fruits and vegetables, free samples of tasty dishes and the incredible deals ? well, at least they looked like deals. But supermarkets are employing a wide variety of psychological tricks to encourage you to buy more than you need, which not even the most astute shopper can resist. Discover the following tricks that supermarkets commonly use to entice shoppers to shell out, and you will be able to resist their sneaky methods and save your money for what you really want. ? Shopping carts: Invented in the 1930s to help shoppers tote their purchases, shopping carts are often grabbed automatically on the way into the store ? and then filled along the way out. Don?t absentmindedly go for a cart. Instead, choose a small handled basket, or only buy what you can carry in your arms, especially on those quick runs for one or two items. ? Bakery, floral & produce near the entrance: As soon as you walk in a supermarket, your senses are lambasted into happiness with the aroma of baking bread or fresh cut flowers and the colorful sights of the produce department. The shot of dopamine (and salivation) you get from these joyful sensations will make you more likely to impulse spend; enjoy the pleasure but remember your list! ? Dairy in the back: The #1 item bought at most supermarkets is milk, which is almost always in the very back of the store, past shelves of high mark-up products, new items and enticing endcaps. If milk is your mission, it is easy to lose focus and grab extra items on the path to the back of the store. ? Misty produce: Most supermarkets mist their fruits and vegetables every so often, despite the fact that it makes the produce rot faster. Why? Because humans like shiny things. We equate a dewy mist with being fresh, and consider shininess to always add value, from hair to cars and laptops to produce. Shinier = Better. Those misters are only there to make your brain think the produce is fresher and more valuable than it actually is. ? Tiny aisles & slow music: Ever notice that supermarket aisle barely provide enough room for two carts to pass? That?s no accident ? stores want you to go through them as slowly as possible. Slow music also makes you move slower, and the more stops you make, the more items you will buy. Shop at non-crowded times of the day (like early morning) to lessen this effect. ? Endcaps with no sales: Featured items are always located on the endcaps or the ends of aisles with a huge price sign, but often these products are not on sale at all. The special location makes shoppers think that the price has been lowered, but in reality the endcap?s prime real estate is used to sell products with a higher markup ? not lower. ? Sales signs with no $: We all know the $.99 trick ($.99 seems to cost much less than a penny than $1.00), which uses our subconscious desires to trump our logical brains that know better. Another version of this trick is to remove the almighty dollar sign, which makes us think about spending money. Numbers alone make us think about saving money. Your brain processes $2.99 as more expensive that 2.99 ? and supermarkets all over are following this trend of dropping the dollar sign. ? ?Limit 10 per customer?: Limiting the number of items you can buy makes the product seem scarcer and therefore more valuable. You might think everyone else is buying the limit and you will be left with none. Whenever you see a limit placed on the number of items that can be purchased, the grocery store is trying to tweak your brain. ? Free samples: Would you like to try some cheesy poofs? Free samples not only slow you down even more, but also engage the reciprocity factor in your mind. When someone gives you a gift, you want to give them one too ? and this works with free samples very well. You may buy a box of poofs just to ?even the score? and uphold your side of this psychological force. Don?t fall for it! ? Eye level: Expensive name brand items are always at eye level, with cheaper brands and generics on the top or bottom of the shelves where you are less likely to see them. One exception: The sugary cereal aisle, where the most expensive products are placed at children?s eye level and are likely to catch kids? eyes. ? Understaffed checkout lines: Do the check stands at your supermarket seem to always have lines no matter when you go? Grocery stores don?t want you zooming through the checkout stands, because this is where overpriced, impulse items like candy, soda, magazines and DVDs are located. While you?re waiting you may get hungry, thirsty or bored ? all of which work in favor of grabbing a stimulating magazine or candy bar. Be aware that you are being stalled for a reason, and resolve not to add to your cart in the checkout line. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 21 17:28:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Nov 2011 18:28:46 -0500 Subject: [Infowarrior] - UC Davis: Official 'spin' crumbles in the face of "too many videos" Message-ID: <6DB8D30D-8D2B-4716-A3D4-A7A5D36D7DF3@infowarrior.org> (Perhaps a tad idealistic towards the end, but the fundamental points are sound -- rick) iGeneration Home / News & Blogs / iGeneration UC Davis: Official 'spin' crumbles in the face of "too many videos" By Zack Whittaker | November 20, 2011, 4:25pm PST http://www.zdnet.com/blog/igeneration/uc-davis-official-spin-crumbles-in-the-face-of-too-many-videos/13347 Summary: UC Davis? pepper-spray videos have gone viral around the web, proving citizen journalism can allow us to form our own views of raw footage collected in the thick of it. 1970: Kent State shootings: One iconic Pulitzer Prize-winning photograph taken by chance of a student killed by the unfathomable brutality of National Guard troops; some no older than the students they killed. One person, one camera. 1991: Rodney King arrest: An African-American man who was beaten relentlessly by police with batons, showing the cruel brutality of Los Angeles? law enforcement and utter disregard of then societally-developing race relations. One person, one camera. 2011: UC Davis pepper-spray assault: Around fifty students at the California university sprayed at point-blank range by police, emphasising the disproportionate violence to what was a peaceful, orchestrated protest. One police officer, dozens of cameras. In the run-up to last weekend, students at the University of California, Davis told the world through a deafening silence how to hold a peaceful, arguably beautiful protest. In so many cases, its underlying message can be drowned out by the rage of violence, disruption and civil disorder. Students have long been portrayed in a particular way, as lay-about good-for-nothings, with little interest in anything beyond their own politics, causing disruption for anti-fur movements and sleeping in until late afternoon. Not to mention, these ?leeches? continue to put strain on the financial system they seem to complain about. But the university students at UC Davis, disaffected by decisions made by the state, the university and those who they thought they could trust, taught the world one important, crucial lesson in post-modern principles of today?s reporting. The truth will out. On Friday afternoon, UC Davis students sat down along a pathway and linked arms, peacefully defiant in the face of law enforcement, in that they would not be intimidated and had a right to protest without causing disorder or committing violence. The police were then called in to clear the student protesters, after the chancellor Linda Katehi claimed they were trespassing on university property. It was Katehi who ordered the UC David police to evict the protesters. Then this happened. Within hours of the ? ?incident? seems to trivialise it ? attack on the students, UC Davis police were forced to issue a press statement defending their actions. ?Students were given warnings to leave their tents [pitched on campus] by 3 p.m.?, it said. ?The protest initially involved about 50 students?, Annette Spicuzza, UC Davis? police chief said. ?Some were wearing protective gear and some held batons?. The final insult was when she said: ?Officers were forced to use pepper spray when students surrounded them?, adding, ?There was no way out of the circle?. It makes one see there could have been at least two sides to the story. Perhaps the students were being unruly, or defiant, or armed and ready to commit violence. It was possible, and had been previously witnessed in England during the student protests. But the statement was spin, and the spin doctor who wrote that statement was clearly unaware that citizens had recorded the event in full, and could in no way document the blas? attitude of the police officer, spraying the students at point-blank range with a thick fog of violent pepper-spray. The video had been published to YouTube, where it has amassed nearly a million viewers in just over 24 hours, but clearly had not been seen by those who released the pro-police spin. The next day at a news conference, describing the video images as ?chilling?, Katehi said that a task-force would be set up to investigate the actions of the police during the clearly peaceful demonstration. Katehi reportedly refused to leave the building she was in, after a large group of UC Davis students mobilised outside. Chanting, ?we are peaceful? and ?just walk home? in a bid to see their university?s leader, the students at least watched Katehi leave the building. The students, as you will see, engaged again in protest fitting for the occasion. It was not what you heard, but what you did not hear. A deafening silence of hushed voices but seething anger. The video was painfully awkward to watch as an outside observer, whilst equally inspiring and poignant. The contempt could be sliced through the air from the disgust felt by the students there. The rise of citizen journalism has been a contentious issue amongst many. But as I call it, ?@breakingnews culture?, based along the Twitter feed of the MSNBC Breaking News account, it gives citizens around the world chance to bring raw, unedited and unfettered truths to the masses. It uses citizen journalism through tweets and blog posts, mobile phone footage and other non traditionally-generated content to progress a ?legitimate? new-media news outlet. What we see in any modern event, no matter how off the cuff or sporadic, is a sea of cameras. One report likened it to a panopticon society. It is not 911 or 999 we call in an emergency. We do not think to engage with the situation. But what we do, as the Generation Y, is pull out our phones and start recording; documenting every second of the event for history?s benefit. Instead of being reliant on information given to the public through media channels, we are now able to instigate our own broadcasts. Immediately connected to a global audience, two YouTube videos alone are prime examples of how witness reports to scenarios like this are no longer chained to censorship or secrecy. This cultural shift allows people to see and feel themselves how it was in a situation like this. More than the printed word or carefully-trained television reporter, people have more freedom to make up their own minds and frame opinion around their own personal experiences. In this case, and in so many more to come, the police and government ? for all the money, tax revenue and intelligence that Western governments have at their disposal ? seemingly cannot get their heads around a simple enough concept that wherever one is, someone is watching and recording. For years, we have had to rely on information that is presented to us. Often, it would be from the sources that be, relayed to the middle-men and women of the media. But because we generate vast quantities of the media ourselves, and release it of our own volition and accord, we trust ourselves and our partners as members of the citizen journalism collective. But as the masses collect vital citizen-based intelligence, it is the normal citizens of this world who use Facebook and Twitter, and other social media platforms and networks with our colleagues, friends and family, who make our own decisions about the news of the day. As citizen journalism offers instant accountability to the actions made by those in authority, it gives us greater control over what we believe and consume as end-users of this world we live in. Spin no longer works. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 21 16:05:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Nov 2011 17:05:33 -0500 Subject: [Infowarrior] - Bradley Manning hearing date set Message-ID: Bradley Manning hearing date set as court martial process finally begins Manning, accused of leaking secrets to WikiLeaks, to go to pre-trial ? known as Article 32 hearing ? in Maryland next month ? Ed Pilkington in New York ? guardian.co.uk, Monday 21 November 2011 12.28 EST http://www.guardian.co.uk/world/2011/nov/21/bradley-manning-hearing-date-set/print Bradley Manning, the US soldier who has been held in confinement for the past 18 months on suspicion of having leaked a huge trove of state secrets to WikiLeaks, is to go before a military panel on 16 December at the start of the most high-profile prosecution of a whistleblower in a generation. The proceedings, at Fort Meade in Maryland, are expected to last five days, and will be the first opportunity for prosecuting officers and Manning's defence team to present their cases. It is known as an Article 32 hearing, and although it is preliminary, both sides will be able to call and cross-examine witnesses. Since he was arrested in Iraq in May 2010, Manning has become a cause c?l?bre for anti-war and free information advocates in America and around the world. His support network will be calling a rally outside the Article 32 hearing when it opens next month. Jeff Paterson, a Manning supporter, welcomed news that the military prosecution was finally getting under way. Since his arrest, Paterson said, Manning has been trapped in a form of legal limbo, with no recourse to any appeals. Now there will be a publicly named investigating officer assigned to the case. "We will be protesting against the charges levelled at Bradley Manning. If he is proven to have been the WikiLeaks source, then to us Bradley is a hero: he's the most important whistleblower in decades," Paterson said. The news of the Article 32 was announced by Manning's lawyer, David Coombs. In a blogpost, he said that the defence would be entitled to call and cross-examine witnesses, each of whom would be placed under oath and whose testimony could be used subsequently in the trial proper. Manning has been charged with multiple counts of obtaining and distributing state secrets to unauthorised parties ? WikiLeaks, in effect. He is specifically accused of having handed more than 50 of about 150,000 secret US government cables to the whistleblowing website ? offences that carry a possible sentence of up to 52 years. He has also been charged with "aiding the enemy" ? a count that technically carries the death penalty, though military prosecutors have indicated they will be pressing for a lengthy prison term rather than execution in this case. The standard of proof in an Article 32 hearing is relatively low, military law experts say. The prosecution has merely to present sufficient evidence to prove there is "reasonable cause to believe" that Manning committed the offences. Once the hearing has been completed, a recommendation will be made to a military general who will decide whether or not to proceed to a full trial. Philip Cave, a retired navy judge advocate who now works on court martial cases as a civilian lawyer, said the hearing would be a "road bump on the way towards Manning's trial. Does anybody seriously imagine that Bradley Manning isn't going to trial?" But the hearing would be significant, Cave said, because it would give the first public indication of the both the prosecution and defence cases. Manning's conditions of confinement led to an outpouring of criticism and protest, including the resignation of Hillary Clinton's press spokesman PJ Crowley. He was initially held in solitary confinement within the US at Quantico marine base, where he was stripped naked every night. The UN rapporteur on torture, Juan Mendez, is still investigating the treatment. In April, Manning was moved to a lower security jail at Fort Leavenworth and his lawyer says his conditions have greatly improved. Daniel Ellsberg, the whistleblower behind the Pentagon Papers, said: "The charges against Bradley Manning are an indictment of our government's obsession with secrecy. Manning is accused of revealing illegal activities by our government and its corporate partners that must be brought to the attention of the American people." ? ? 2011 Guardian News and Media Limited or its affiliated companies. All rights reserved. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 21 14:10:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Nov 2011 15:10:30 -0500 Subject: [Infowarrior] - =?windows-1252?q?AT=26T_Reports_=91Systematic=92_?= =?windows-1252?q?Hack_Attempt?= Message-ID: AT&T Reports ?Systematic? Hack Attempt By Scott Moritz and Eric Engleman - Nov 21, 2011 http://www.bloomberg.com/news/print/2011-11-21/at-t-tells-customers-of-systematic-hack-attempt.html AT&T Inc. (T), the largest U.S. telephone company, notified customers of an effort by hackers to collect online account information. ?We recently detected an organized and systematic attempt to obtain information on a number of AT&T customer accounts, including yours,? AT&T said in an e-mail to customers. ?We do not believe that the perpetrators of this attack obtained access to your online account or any of the information contained in that account.? AT&T said the hacking attempt used so-called auto script technology to ?determine whether AT&T telephone numbers were linked to online AT&T accounts,? company spokesman Mark Siegel wrote in an e-mail. In a telephone interview, Siegel said that less than 1 percent of the Dallas-based company?s customers were affected. ?Our investigation is ongoing to determine the source or intent of the attempt to gather this information,? Siegel wrote in the e-mail. Earlier today, AT&T customers in the northeastern U.S. experienced a wireless data outage that was restored after a three-hour service disruption. AT&T says there was no connection between the two events. Last year, AT&T was the target of hackers who managed to obtain the e-mail addresses of users of Apple Inc. (AAPL) iPads. At the time, hackers were able to collect the e-mail addresses from the auto-fill function on AT&T?s iPad customer logins. Siegel said there was also no connection to that hack. Sony, Citigroup The company says its focus on security and swift action helped identify the most recent hack attempt and alert customers quickly. AT&T fell 1.4 percent to $28.23 at 2:07 p.m. in New York trading. The shares were down 2.5 percent this year before today. Data breaches this year at companies including Sony Corp. (6758) and Citigroup Inc. (C) have focused U.S. government attention on hackers preying on corporate systems. The Obama administration is pushing Congress to pass legislation aimed at improving network security in financial services, energy, transportation and other industries considered critical to U.S. national and economic security. Senate Majority Leader Harry Reid intends to bring comprehensive cybersecurity legislation to the Senate floor for debate early next year. To contact the reporters on this story: Scott Moritz in New York at smoritz6 at bloomberg.net Eric Engleman in Washington, D.C. at eengleman1 at bloomberg.net To contact the editor responsible for this story: Ville Heiskanen at vheiskanen at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 21 14:13:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Nov 2011 15:13:30 -0500 Subject: [Infowarrior] - Pakistan telecom watchdog drafts rude text message ban Message-ID: <2187560E-B91A-4D74-99A4-896F52BAC589@infowarrior.org> Butt out! Pakistan telecom watchdog drafts rude text message ban Official list outlaws 1,500 'rude' words, ranging from the F word 'flatulence' to 'pocket pool' and 'quickie' http://www.guardian.co.uk/world/2011/nov/17/butt-out-pakistan-telecom-text-ban?newsfeed=true ? Saeed Shah in Karachi ? guardian.co.uk, Thursday 17 November 2011 10.26 EST ? Article history Guardians of linguistic purity have long warned against the pernicious impact that text messaging may have on the young, but Pakistan officials have taken such concerns to a new extreme by demanding that mobile phone operators block all text messages using offensive words. With a creativity and dedication to the task unusual for local officialdom, the country's telecoms regulator has issued a list of more than 1000 words and phrases which will be banned. After serious deliberation and consultation, officials from the Pakistan Telecommunication Authority (PTA) have come up with more than 50 phrases using the word "fuck" and 17 involving "butt". The list includes several apparently innocuous words and phrases, including "flatulence", "deposit" and "fondle". Others would likely only make sense to frustrated teenagers. Among the more printable terms are "strap-on", "beat your meat", "crotch rot", "love pistol", "pocket pool" and "quickie". The officials' flair for the task was apparent, with prohibition embracing more figurative language, such as "flogging the dolphin", and 51 terms with the suffix "ass" ? although only one variation of the word 'arse'. There were 17 variants on "tit" and 33 on "cock", with officials managing to produce eight obscenities involving the word "foot". Mobile phone firms were ordered to stop messages including the offending words this week, although tests by the Guardian suggested the blocking technology was not 100% effective. While admitting that Pakistan's constitution guaranteed free speech, the regulator told mobile phone companies that such freedom was "not unrestricted" under court rulings. Furthermore, said the telecom watchdog, they had obligations under their licences to prevent "obnoxious communication". In the letter to mobile phone firms, watchdog director Muhammad Talib Doger said "the system should be implemented within seven days ... and a report submitted to PTA on monthly basis on the number of blocked SMSs". The list was attached to the letter, with 1,109 words and phrases in English to be banned and 586 in the national language, Urdu, a tongue that also offers many rich possibilities for abuse. The watchdog has yet to tackle obscenity in Pakistan's four main regional languages, including the raucous Punjabi. Despite being a less-developed country, mobile phones are used widely across society, even in remote villages. Mohammad Younis, a spokesman for the PTA, said the ban was "the result of numerous meetings and consultations with stakeholders" after consumers complained of receiving offensive text messages. He said the list was not finished and the authority would continue to add to it. "Nobody would like this happening to their young boy or girl," said Younis. Mobile operators expect the PTA to fine them for any banned words that get through, which means that they will have to cut the connection of customers who persistently try to send such messages. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 21 20:36:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Nov 2011 21:36:23 -0500 Subject: [Infowarrior] - Qantas attempt at Twitter promotion a PR disaster Message-ID: <4AB6B592-39F7-4E72-99D9-512C65FDFADA@infowarrior.org> http://www.heraldsun.com.au/travel/news/qantas-attempt-at-twitter-promotion-a-pr-disaster/story-fn32891l-1226202446245 Qantas attempt at Twitter promotion a PR disaster ? by: Brendan Casey ? From: Herald Sun ? November 22, 2011 1:01PM QANTAS' attempt at social media promotion has turned into a classic PR disaster, with users hijacking the promotional tag to insult the airline. The airline?s official Twitter account asked its followers: "What is your dream luxury inflight experience? (Be creative!) Answer must include #QantasLuxury." But things quickly turned sour as many Twitter users barraged the airline's account with negative submissions, as disputes with workers' unions drag on. User smurray38 wrote ?#qantasluxury is seeing your planes on Getaway not Four Corners?. Another user Beta_Boy said ?#QantasLuxury is grounding the fleet so I can fly with @VirginAtlantic instead? ?#qantasluxury is outsourcing your unionized workforce but keeping your marketing team,? said Obfusc8. In the past week, Qantas hired four full-time social media monitors to keep tabs on what people are saying about it on Twitter and Facebook. After this latest debacle, they may certainly have their hands full. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 21 21:09:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 21 Nov 2011 22:09:29 -0500 Subject: [Infowarrior] - Screening Still a Pain at Airports, Fliers Say Message-ID: November 21, 2011 Screening Still a Pain at Airports, Fliers Say By SUSAN STELLIN http://www.nytimes.com/2011/11/22/business/airport-screening-is-still-a-pain-fliers-complain.html The lines will still be long and the screening still invasive at airport checkpoints this Thanksgiving. While the government has made some changes to security procedures, many passengers and travel executives contend that the moves do not go far enough. Since last November, the Transportation Security Administration has adopted a policy to reduce pat-downs of children 12 and under, altered some body scanners to display a generic outline of a human figure and begun testing programs that offer expedited screening to pilots and select frequent fliers. Still, some travelers are bothered by a screening process that has become increasingly time-consuming and intimate, and industry representatives say they are worried that these frustrations are contributing to a decline in air travel. The Air Transport Association expects 2 percent fewer people will fly this Thanksgiving week compared with last year, while AAA projects a 4 percent increase in automobile travel. As the T.S.A. observes its 10th anniversary, it also faces lawsuits over the legality of its passenger searches, growing scrutiny of the cost-effectiveness of its screening measures, questions about security lapses and complaints that some agents continue to make travelers feel humiliated or harassed. At a Senate Commerce Committee oversight hearing about the agency in early November, Senator Claire McCaskill, Democrat of Missouri, described her own discomfort with a particular agent at a St. Louis airport and expressed sympathy for passengers who complain. ?When you have the traveling public tell you that sometimes these pat-downs are unacceptable, trust me, they are not exaggerating,? Senator McCaskill said. ?There are many times that women put hands on me in a way that if it was your daughter or your sister or your wife you would be upset.? Based on her frequent travels, she also suggested that women who must submit to pat-downs have to wait longer than men, because there are fewer female agents to conduct searches. Other senators who attended the hearing or a separate one convened by the Committee on Homeland Security and Governmental Affairs voiced concerns about radiation emitted by the X-ray body scanners, security breaches at Atlanta and Newark airports, insensitive treatment of passengers with medical conditions and a child caught up in a watch list error. In response, John Pistole, head of the T.S.A., who testified at both hearings, cited the 1.8 million passengers screened every day, mostly without incident. ?We do have these ? I?ll call them one-off situations,? Mr. Pistole said. ?The vast, vast majority of people go through effectively and efficiently.? While passenger protests over the agency?s hands-on searches have diminished, airline and travel trade groups are growing more vocal about their concerns that checkpoint security annoyances are hurting their business. Last week, the U.S. Travel Association released a market research study showing that while most travelers who have flown at least once in the past year are satisfied with the T.S.A.?s overall performance, frequent fliers have more complaints. When asked to list their top frustrations with air travel, travelers chose these issues related to security: ?the wait time to clear the T.S.A. checkpoint,? ?having to remove shoes, belts and jackets at the T.S.A. checkpoint? and ?T.S.A. employees who are not friendly.? Geoff Freeman, chief operating officer for the association, complimented Mr. Pistole?s willingness to address the industry?s concerns, but added, ?We need to be much more aggressive in administering some common sense changes.? One of the agency?s attempts to move away from a one-size-fits-all approach to screening, the PreCheck program that allows participants to pass through security without removing their belts, shoes, jackets or laptops, has generally been well received. But only one in a thousand passengers currently receive this expedited screening, mostly elite frequent fliers on American and Delta who are departing on flights from Miami, Detroit, Atlanta or Dallas. The agency plans to expand this program to Las Vegas, Minneapolis and Los Angeles in the next few months as well as add other airlines. While government officials and travel executives have praised the PreCheck program as a positive first step toward a more risk-based approach to aviation security, some advocacy groups have been critical of the program?s emphasis on elite fliers and have raised questions about the potential for abuse. ?Once you start going down the road of trying to treat passengers differently based on things you know about their life, it?s either going to be so rough it?s useless ? and possibly counterproductive as a security measure ? or it?s overly intrusive,? said Jay Stanley, a senior policy analyst with the American Civil Liberties Union. Another advocacy group, the Electronic Privacy Information Center, is still pursuing a lawsuit against the Department of Homeland Security over the use of body scanners, and recently asked the court to force the agency to release documents containing radiation test results for the X-ray machines. The group also filed a motion to compel the department to comply with the court?s July ruling that the agency must conduct a formal public comment process about the use of body scanners at airports, which it failed to do before the machines were introduced. Greg Soule, a spokesman for the T.S.A., declined to comment on the agency?s plans to solicit public comment. The European Union recently adopted a rule prohibiting airport body scanners that use X-ray technology. About 250 X-ray body scanners and 260 machines that use electromagnetic waves have been installed at airports, and Mr. Soule said the second type of machine has been upgraded with privacy filters that display a generic body image. All future acquisitions of both types of machines will have the privacy feature, he added. Despite the agency?s efforts to address the issues raised last holiday season, some travelers are skeptical that anything has changed. Thomas Sawyer, the bladder cancer survivor whose urostomy bag was mishandled during a pat-down last November, forcing him to travel covered in urine, later met with T.S.A. officials in Washington as part of a group offering advice on screening passengers with medical conditions. But in July, Mr. Sawyer had another incident with a screener who squeezed his urostomy bag, leading him to conclude that his was not a ?one-off? situation, and that there are still holes in the agency?s training efforts. ?I see a real disconnect between what they say they?re doing and what?s really happening at the airport,? Mr. Sawyer said. ?I just don?t understand why it?s so difficult to train these agents.? The T.S.A. reauthorization bill introduced in the House in September includes a requirement that the agency adopt a plan to improve screening procedures for individuals with metal implants, prosthetics and physical disabilities. It would also require more training and better accountability for errors. While it is difficult to evaluate the overall performance of airport screeners, Bill Fisher, a former frequent flier who has cut back on his own travels, maintains an online list at Travel Underground of reports about screeners who have been arrested, airport security breaches and incidents involving mistreatment of passengers by agents. Mr. Fisher said he started the list to help answer his own question about airport security: ?Is it really as bad as it seems or are people overreacting?? A year later, he thinks passengers? concerns are not exaggerated, and have not gone away. ?The fact that these stories still surface routinely is probably a good indication that this issue hasn?t died down as much as anticipated,? he said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 22 17:48:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Nov 2011 18:48:36 -0500 Subject: [Infowarrior] - Big Sis warns about turkey fryers Message-ID: <643C9B69-3600-41EF-9349-822974DFF097@infowarrior.org> I won't say a thing! --rick DHS issues Turkey fryer warning byCharlie Spiering Commentary Staff Writer http://campaign2012.washingtonexaminer.com/blogs/beltway-confidential/dhs-issues-turkey-fryer-warning The Department of Homeland Security is taking any threat seriously during the Thanksgiving holiday, including the ominous threat to our national security posed by turkey fryers. "How dangerous can turkey fryers be?" asks a warning issued on the official DHS Twitter account. "Make sure the turkey is completely thawed before placing in a fryer, or this may happen." The department linked to an ominous video highlighting the dangers of deep frying a turkey. "Use turkey fryers outdoors at a safe distance from buildings." the DHS tweeted, "Never use turkey fryers in a garage or on a wooden deck." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 22 19:50:50 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 22 Nov 2011 20:50:50 -0500 Subject: [Infowarrior] - Carrier IQ Tries to Silence Security Researcher Message-ID: Mobile ?Rootkit? Maker Tries to Silence Critical Android Dev ? By David Kravets ? November 22, 2011 | ? 3:58 pm | http://www.wired.com/threatlevel/2011/11/rootkit-brouhaha/ A data-logging software company is seeking to squash an Android developer?s critical research into its software that is secretly installed on millions of phones, but Trevor Eckhart is refusing to publicly apologize for his research and remove the company?s training manuals from his website. Though the software is installed on millions of Android, BlackBerry and Nokia phones, Carrier IQ was virtually unknown until the 25-year-old Eckhart analyzed its workings, recently revealing that the software secretly chronicles a user?s phone experience, from its apps, battery life and texts. Some carriers prevent users who actually find the software from controlling what information is sent. Eckhart called the software a ?rootkit,? a security term that refers to software installed at a low-level on a device, without a user?s consent or knowledge in order to secretly intercept the device?s workings. Malware such as keyloggers and trojans are two examples. He also mirrored the Mountain View, Calif. company?s training manuals he?d found on Carrier IQ?s publicly available website. The manuals provide a limited roadmap for how Carrier IQ works, Eckhart said in a telephone interview. When Carrier IQ discovered Eckhart?s recent research and his posting of those manuals, Carrier IQ sent him a cease-and-desist notice, saying Eckhart was in breach of copyright law and could face damages of as much as $150,000, the maximum allowed under U.S. copyright law per violation. The company removed the manuals from its own website, as well. On Monday, the Electronic Frontier Foundation announced it had came to the assistance of the 25-year-old Eckhart of Connecticut, whom Carrier IQ claims has breached copyright law for reposting the manuals. ?I?m mirroring the stuff so other people are able to read this and verify my research,? he said. ?I?m just a little guy. I?m not doing anything malicious.? The company is demanding Eckhart retract (.pdf) his ?rootkit? characterization of the software, which is employed by most major carriers, Eckhart said. The EFF says Eckhart?s posting of the files is protected by fair use under the Copyright Act for criticism, commentary, news reporting and research, and that all of Carrier IQ?s claims and demands are ?baseless.? (.pdf) Andrew Coward, Carrier IQ?s marketing manager, said in a telephone interview Tuesday that the company, not Eckhart, should be in ?control? of the manuals. ?Whatever content we distribute we want to be in control of that,? he said. ?I think obviously, any company wants to be responsible for the information that gets distributed.? He said ?legal matters? prohibited the 6-year-old company from discussing the Eckhart flap further. He said the company?s wares are for ?gathering information off the handset to understand the mobile-user experience, where phone calls are dropped, where signal quality is poor, why applications crash and battery life.? ?We?re not looking at texts. We?re counting things. How many texts did you send and how many failed. That?s the level of metrics that are being gathered,? he said. He answered ?probably yes? when asked whether the company could read the text messages if it wanted. Marcia Hofmann, an EFF senior staff attorney, said the civil rights group has concluded that ?Carrier IQ?s real goal is to suppress Eckhart?s research and prevent others from verifying his findings.? In a Monday letter to Carrier IQ, Hofmann said Eckhart?s speech was protected by the First Amendment. What?s more, the company is demanding that Eckhart inform Carrier IQ of the names of all persons to which Eckhart has forwarded the training material. The company also wants Eckhart to send ?written retractions? to everybody who has viewed his research in hard copy or on the web. Among other things, Carrier IQ insists that Eckhart retract his ?root kit? characterization of the unremovable software, and other statements, by issuing a press release to The Associated Press. PC Magazine describes a rootkit as this: A type of Trojan that keeps itself, other files, registry keys and network connections hidden from detection. It enables an attacker to have ?root? access to the computer, which means it runs at the lowest level of the machine. A rootkit typically intercepts common API calls. For example, it can intercept requests to a file manager such as Explorer and cause it to keep certain files hidden from display, even reporting false file counts and sizes to the user. Rootkits came from the Unix world and started out as a set of altered utilities such as the ls command, which is used to list file names in the directory (folder). Legitimate Rootkits? Rootkits can also be used for what some vendors consider valid purposes. For example, if digital rights management (DRM) software is installed and kept hidden, it can control the use of licensed, copyrighted material and also prevent the user from removing the hidden enforcement program. However, such usage is no more welcomed than a rootkit that does damage or allows spyware to thrive without detection. In 2005, Sony came under fire for installing a rootkit on music CDs. Security expert Bruce Schneier wrote then that ?The Sony code modifies Windows so you can?t tell it?s there, a process called ?cloaking? in the hacker world. It acts as spyware, surreptitiously sending information about you to Sony. And it can?t be removed; trying to get rid of it damages Windows.? In a letter to Eckhart, Carrier IQ said, ?If you do not comply with these cease and desist demands within this time period, please be advised the Carrier IQ, Inc. will pursue all available legal remedies, including seeking monetary damages, injunctive relief, and an order that you pay court costs and attorney?s fees.? The deadline expired Nov. 18, but so far Carrier IQ has not made good on its threats. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 23 19:28:38 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Nov 2011 20:28:38 -0500 Subject: [Infowarrior] - Carrier IQ Drops Empty Legal Threat, Apologizes to Security Researcher Message-ID: <77133B0D-8CCE-4E55-9274-6B86A95AC1D9@infowarrior.org> https://www.eff.org/deeplinks/2011/11/carrier-iq-drops-empty-legal-threat-apologizes-security-researcher November 23, 2011 - 1:58pm | By Marcia Hofmann Carrier IQ Drops Empty Legal Threat, Apologizes to Security Researcher Today mobile software company Carrier IQ withdrew (pdf) a bogus legal threat to a security researcher who published an analysis of the company's software, as well as training materials on which he based his research. Last week, Trevor Eckhart published a detailed article pointing out that Carrier IQ's software logs a great deal of information about users' activities without their knowledge. Attempting to suppress his research, Carrier IQ fired off a baseless cease-and-desist demand (pdf) claiming that Eckhart infringed the company's copyrights and made "false allegations" about their software. Eckhart reached out to EFF for help, and we helped him push back against the unfounded threat. As EFF explained in a letter (pdf) to Carrier IQ on Monday, Eckhart's research and commentary is protected by fair use and the First Amendment right to free expression. We're pleased that Eckhart gave us an opportunity to help him fend off this attempt to censor his findings and shut down public discussion about important privacy concerns. We also hope this incident will serve as an example to others who would misuse the law to squelch legitimate research and criticism. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 23 19:29:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Nov 2011 20:29:43 -0500 Subject: [Infowarrior] - Google Now Censors The Pirate Bay, isoHunt, 4Shared and More Message-ID: <07DD2F07-E619-44A2-92E6-99B734192816@infowarrior.org> Google Now Censors The Pirate Bay, isoHunt, 4Shared and More ? Ernesto ? November 23, 2011 http://torrentfreak.com/google-now-censors-the-pirate-bay-isohunt-4shared-and-more-111123/ Google has expanded its search blacklist to include many of the top file-sharing sites on the Internet, including The Pirate Bay. The changes were quietly processed and appear to be broader than previous additions. Google?s blacklist prevents the names of sites appearing in their Instant and Autocomplete search services, while the pages themselves remain indexed. Since January 2011, Google has been filtering ?piracy-related? terms from its ?Autocomplete? and ?Instant? services. Google users searching for terms like ?torrent?, ?BitTorrent? and ?RapidShare? will notice that no suggestions and search results appear before they type the full word. As a consequence, there?s sharp decrease in Google searches for these terms. Initially only a handful of ?piracy-related? terms were censored, but a recent update to the blacklist includes nearly all the top file-sharing websites. Searches referring to torrent sites such as ?thepiratebay,? ?the pirate bay,? ?isohunt,? ?torrentreactor,? ?btjunkie,? ?kickasstorrents,? ?sumotorrent,? ?btmon,? ?extratorrent? and many others are now excluded from ?Autocomplete? and ?Instant?. Interestingly, the full url ?thepiratebay.org? is still offered as a suggestion. The new list further includes several cyberlocker websites that were perviously left unfiltered, such as ?4shared,? ?filesonic? and ?fileserve.? Although Google doesn?t censor the content of the websites in question, the Google searches for the affected terms drop significantly as can be seen below. Drop in Hotfile searches after it was censored in January. By voluntarily censoring parts of their search services, Google is trying to keep on friendly terms with copyright holders. The downside to this is that they put perfectly legitimate companies such as BitTorrent Inc and RapidShare at a disadvantage. There is currently no clear definition of what Google considers to be piracy-inducing, but Google claims that the blacklist helps to reduce online piracy. ?While there is no silver bullet for infringement online, this measure is one of several that we have implemented to curb copyright infringement online,? Google spokesman Mistique Cano previously told TorrentFreak. ?This is something we looked at and thought we could make some narrow and relatively easy changes to our Autocomplete algorithm that could make a positive difference,? Cano added. How positive this difference really is, of course depends on who you ask. IsoHunt owner Gary Fung told TorrentFreak that Google is going down a dangerous path. ?It?s a lot more subtle than the censorship attempts made possible by the pending PROTECT IP and SOPA bills, but it?s still censorship and it starts small. Google is increasingly becoming a self-righteous Big Brother of the Web. So much for ?Do no evil?,? Fung told us. A Pirate Bay insider also told TorrentFreak that Google doesn?t live up up to its famous motto. ??It?s just another step towards censoring their search engine altogether ? without a legal basis. We?re also wondering why this happens at almost the same time as they?ve released Google Music ? a service where they sell music which in some cases might be found on The Pirate Bay,? he added. Despite criticism from the public and the businesses affected by their blacklist, Google has said that it will continue to expand its piracy filter. The big question is, where will they draw the line? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 23 19:30:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 23 Nov 2011 20:30:58 -0500 Subject: [Infowarrior] - Malls track shoppers' cell phones on Black Friday Message-ID: <4C1D15E0-DC71-48FC-8CC0-99436F021B2F@infowarrior.org> http://money.cnn.com/2011/11/22/technology/malls_track_cell_phones_black_friday/index.htm Malls track shoppers' cell phones on Black Friday By Annalyn Censky @CNNMoneyTech November 22, 2011: 11:48 AM ET Through this signage at Promenade Temecula, the mall is notifying shoppers that their phones may be tracked as they move throughout the premises. NEW YORK (CNNMoney) -- Attention holiday shoppers: your cell phone may be tracked this year. Starting on Black Friday and running through New Year's Day, two U.S. malls -- Promenade Temecula in southern California and Short Pump Town Center in Richmond, Va. -- will track guests' movements by monitoring the signals from their cell phones. While the data that's collected is anonymous, it can follow shoppers' paths from store to store. The goal is for stores to answer questions like: How many Nordstrom shoppers also stop at Starbucks? How long do most customers linger in Victoria's Secret? Are there unpopular spots in the mall that aren't being visited? While U.S. malls have long tracked how crowds move throughout their stores, this is the first time they've used cell phones. But obtaining that information comes with privacy concerns. The management company of both malls, Forest City Commercial Management, says personal data is not being tracked. "We won't be looking at singular shoppers," said Stephanie Shriver-Engdahl, vice president of digital strategy for Forest City. "The system monitors patterns of movement. We can see, like migrating birds, where people are going to." Still, the company is preemptively notifying customers by hanging small signs around the shopping centers. Consumers can opt out by turning off their phones. The tracking system, called FootPath Technology, works through a series of antennas positioned throughout the shopping center that capture the unique identification number assigned to each phone (similar to a computer's IP address), and tracks its movement throughout the stores. The system can't take photos or collect data on what shoppers have purchased. And it doesn't collect any personal details associated with the ID, like the user's name or phone number. That information is fiercely protected by mobile carriers, and often can be legally obtained only through a court order. "We don't need to know who it is and we don't need to know anyone's cell phone number, nor do we want that," Shriver-Engdahl said. Manufactured by a British company, Path Intelligence, this technology has already been used in shopping centers in Europe and Australia. And according to Path Intelligence CEO Sharon Biggar, hardly any shoppers decide to opt out. "It's just not invasive of privacy," she said. "There are no risks to privacy, so I don't see why anyone would opt out." Now, U.S. retailers including JCPenney (JCP, Fortune 500) and Home Depot (HD, Fortune 500) are also working with Path Intelligence to use their technology, Biggar said. Home Depot has considered implementing the technology but is not currently using it any stores, a company spokesman said. JCPenney declined to comment on its relationship with the vendor. Why Apple and Google need to stalk you Some retail analysts say the new technology is nothing to be worried about. Malls have been tracking shoppers for years through people counters, security cameras, heat maps and even undercover researchers who follow shoppers around. And some even say websites that track online shoppers are more invasive, recording not only a user's name and purchases, but then targeting them with ads even after they've left a site. "It's important for shoppers to realize this sort of data is being collected anyway," Biggar said. Whereas a website can track a customer who doesn't make a purchase, physical stores have been struggling to perfect this kind of research, Biggar said. By combining the data from FootPath with their own sales figures, stores will have better measurements to help them improve the shopping experience. "We can now say, you had 100 people come to this product, but no one purchased it," Biggar said. "From there, we can help a retailer narrow down what's going wrong." But some industry analysts worry about the broader implications of this kind of technology. "Most of this information is harmless and nobody ever does anything nefarious with it," said Sucharita Mulpuru, retail analyst at Forrester Research. "But the reality is, what happens when you start having hackers potentially having access to this information and being able to track your movements?" Last year, hackers hit AT&T, exposing the unique ID numbers and e-mail addresses of more than 100,000 iPad 3G owners. To make it harder for hackers to get at this information, Path Intelligence scrambles those numbers twice. "I'm sure as more people get more cell phones, it's probably inevitable that it will continue as a resource," Mulpuru said. "But I think the future is going to have to be opt in, not opt out." First Published: November 22, 2011: 11:01 AM ET --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 25 07:40:57 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Nov 2011 08:40:57 -0500 Subject: [Infowarrior] - Filtering file-sharing breaches human rights, EU court rules Message-ID: http://euobserver.com/871/114389 24.11.11 @ 17:25 By Leigh Phillips BRUSSELS - One of the main weapons in the record industry's arsenal against illegal file-sharing has been struck down by the EU's top court as a breach of fundamental rights. The European Court of Justice ruled on Thursday (24 November) that internet service providers (ISPs) cannot be be forced to filter internet traffic and block users from trading copyright music or other files, as to do so undermines privacy rights and the ability of people to freely exchange information. In 2007, Sabam, a Belgian collecting society - the outfits that gather royalties on behalf of artists - took Scarlet, an internet provider, to court, seeking to force the company to filter all peer-to-peer traffic and then block any unlawful communications. A Belgian court approved the injunction, forcing the company to install a filtering system. The ISP appealed, and the case was referred to the EU top court. "EU law precludes the imposition of an injunction by a national court which requires an internet service provider to install a filtering system with a view to preventing the illegal downloading of files," the court decided. "[The] injunction could potentially undermine freedom of information since that system might not distinguish adequately between unlawful content and lawful content." Digital rights advocates are calling the ruling "hugely important" not just for file-sharers in Europe, but around the world. The principles laid down in just a few lines in one of the paragraphs in the judgment are so strong that it will take a lot for states, which in recent years have increasingly embraced efforts to have ISPs police the internet, to move forward with the strategy they have placed their bets on." "It pretty much fatally wounds the very strong effort on the part of governments to privatise law enforcement," Joe McNamee, the director of European Digital Rights, told EUobserver. "States have for some time now backed a model where the music industry goes to the ISP and says 'Look, we can save you a lot of money trying to avoid an injunction if on a voluntary basis, you just block this and this and this'. It turns into a relationship just between the rights holders and the ISP without ever going to court." If the court had ruled the other way, the responsibility to enforce intellectual property rights would have largely been delegated to internet companies, a development that would have encouraged ISPs across Europe to permanently surveille their networks with filtering. The EU has also been attempting to export this very 'law-enforcement privatisation' model to other countries - McNamee argued - via the Anti-Counterfeiting Trade Agreement (Acta), a global anti-piracy treaty that aims to set up a global intellectual property framework with its own governing body akin to the World Trade Organisation. Acta, criticised for being negotiated largely in secret, has long been the bete noire of online civil liberties advocates. "The ruling really places questions over the legality of Acta. The EU will have to completely rethink their approach or at least be a lot more subtle," he continued. "It they try to enforce injunctions outside Europe, it means that they are trying to push a model that has been struck down inside Europe, which opens them up to legal challenges." ISPs for their part, who have resisted such injunctions due to the significant cost of installing filtering systems, also cheered the result. Malcom Hutty, of the European Internet Services Providers Association called the decision "of fundamental importance for the future of the internet." "Considering the major contribution that the Internet industry can make to the economic recovery, it was indeed not the time to put the innovation of the Internet at risk." EUobserver was unable to reach Sabam for comment. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 25 18:18:09 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Nov 2011 19:18:09 -0500 Subject: [Infowarrior] - UK cyber security plan Message-ID: Criminals and cyber bullies to be banned from the web Criminals who commit offences online and cyber bullies will be banned from the internet as part of the Government?s new cyber security strategy, announced today. By Christopher Williams, Technology Correspondent 12:03PM GMT 25 Nov 2011 http://www.telegraph.co.uk/technology/news/8915245/Criminals-and-cyber-bullies-to-be-banned-from-the-web.html It calls for police and courts to make more use of existing ?cyber sanctions? to restrict access to the social networks and instant messaging services in cases of hacking, fraud and online bullying. Sex offenders and those convicted of harrassment or anti-social behaviour also face more internet restrictions under the new strategy. Similar orders have been imposed on those charged with involvement in a series of cyber attacks by the Anonymous and LulzSec groups earlier this year, while they await trial. Cyber sanctions were also used following the riots this summer. Two teenagers in Dundee were banned from the web for inciting riots via Facebook. Officials are now looking into whether "cyber tag" technology could be used to monitor offenders and report to authorities if break their bail or sentence conditions by using the internet. "The Ministry of Justice and the Home Office will consider and scope the development of a new way of enforcing these orders, using ?cyber-tags? which are triggered by the offender breaching the conditions that have been put on their internet use, and which will automatically inform the police or probation service," cyber security strategy said. It added that if the regime is a success restrictions on internet use could be imposed on "a wider group of offenders". Police forces across the country will also follow the example of the Met?s Police Central e-Crime Unit by recruiting ?cyber specials?; internet experts will be encouraged to volunteer as special constables to help investigate online crime. The four-year strategy is also designed to address cyber espionage and attacks from states such as China and Russia and "patriotic" hackers. GCHQ, Britain?s eavesdropping agency, is to receive around ?385m of the total ?650m budget to develop its ability to detect, defend and fight back online. The problem of discovering the true source of a cyber attack will be among the top priorities for the Cheltenham-based agency's experts, as well as developing "tactics and techniques? for online conflict in collaboration with the Ministry of Defence's new cyber unit. GCHQ will also declassify and commercialise some of its cyber technology to help the private sector improve its security online, as part of a broader effort to increase cooperation between government and industry. Other measures with include a new "hub" for information sharing to allow the security services to share information on cyber threats with major infrastructure firms such as BT, Barclays and utilities companies. ?This strategy not only deals with the threat from terrorists to our national security, but also with the criminals who threaten our prosperity as well as blight the lives of many ordinary people through cyber crime,? said David Cameron. Terrorists are not believed to yet have the ability to launch damaging cyber attacks against critical infrastructure such as water and power stations, but they are thought to have discussed such operations. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 25 18:29:53 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Nov 2011 19:29:53 -0500 Subject: [Infowarrior] - $350 Hardware Cracks HDMI Copy Protection Message-ID: No. 386 - Bochum, 24.11.2011 Checkmate! RUB researchers outsmart HDCP ?Man-in-the-Middle? attack: Intel copy protection circumvented http://aktuell.ruhr-uni-bochum.de/pm2011/pm00386.html.en For over a decade, Intel?s widely used copy protection HDCP has been trusted by the media industry, which carries out business in high-resolution digital video and audio content worth thousands of millions. Researchers from the working group on secure hardware led by Prof. Dr.-Ing. Tim G?neysu of the Ruhr-Universit?t Bochum were able to checkmate the protection system of an entire industry with relatively little effort using a so-called ?man-in-the-middle? attack. They will be presenting their results next week at the international security conference ReConFig 2011 in Cancun, Mexico. Protection for digital entertainment HDCP is now found in almost every HDMI or DVI-compliant TV or computer flat screen. It serves to pass digital content from a protected source media, such as a Blu-ray, to the screen via a fully encrypted channel. There have been concerns about the security of the HDCP system for some time. In 2010, an HDCP master key, which is intended to form the secret core element of the encryption system, appeared briefly on a website. In response, the manufacturer Intel announced that HDCP still represented an effective protection component for digital entertainment, as the production of an HDCP-compatible chip using this master key would be highly complex and expensive. Attack on field-programmable gate arrays (FPGA) That caught the attention of Bochum?s researchers. ?We developed an independent hardware solution instead, based on a cheap FPGA board? explained Prof. Dr.-Ing. Tim G?neysu, who set to work with the final year student Benno Lomb. ?We were able to tap the HDCP encrypted data streams, decipher them and send the digital content to an unprotected screen via a corresponding HDMI 1.3-compatible receiver.? We used the commercial ATLYS board from the company Digilent with a Xilinx Spartan-6 FPGA, which has the necessary HDMI interfaces and a serial RS232 port for communication. Material costs of approximately 200 Euros In their studies, the aim was never to find a way of making illegal copies. ?Rather, our intention was to fundamentally investigate the safety of the HDCP system and to financially assess the actual cost for the complete knockout? reported Prof. G?neysu. ?The fact that we have achieved our goal in a degree thesis and with material costs of approximately 200 Euro definitely does not speak for the safety of the current HDCP system.? Manipulation via the middleman This ?man-in-the-middle? attack in which a middleman (the ATLYS FPGA board) manipulates the entire communication between the Blu-ray player and the flat screen TV without being detected is of little interest for pirates in practice due to the availability of simpler alternatives. The scientists do, however, envisage a real threat to security-critical systems, for example at authorities or in the military. Although Intel is already offering a new security system, HDCP 2.0, due to the backward compatibility, the weak point will also remain a problem in coming years, concluded Prof. G?neysu. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Nov 25 18:32:21 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 25 Nov 2011 19:32:21 -0500 Subject: [Infowarrior] - More online idiocy by Sen Joe Lieberman Message-ID: Senator Lieberman asks Google to add 'terrorist' label to Blogger posts By James Gaskin, ITworld | Cloud Computing, Blogger, Google 5 comments http://www.itworld.com/cloud-computing/227991/senator-lieberman-asks-google-add-terrorist-label-blogger November 25, 2011, 8:07 AM ? U.S. Senator from Connecticut Joe Lieberman pauses during remarks at news conference in Stamford, CT, January 19, 2011. REUTERS/Mike Segar Terrorist suspect Jose Pimentel had a blog on Blogger, owned by Google. Senator Joe Lieberman (I-CT) wants Google to add a "terrorist" flag so readers can label terrorist content. Lieberman sent a letter (yes, on paper, but that's the best way to show the United States Senate letterhead) to Google CEO Larry Page taking him to task because "Blogger's Content Policy does not expressly ban terrorist content," and some other details. Lieberman goes on to point out that YouTube, also owned by Google, does ban terrorist content. He adds, quote, "Google's inconsistent standards are adversely affecting our ability to counter violent Islamist extremism online." So Blogger could hold back terrorists if it wanted to? Unfortunately, Lieberman doesn't define what he considers "terrorist content" or whether deleting posts with such content is within the purview of Blogger or the First Amendment. Google, not surprisingly, has yet to comment. Wonder if Larry Page still wished he had Eric Schmidt to handle such political fun and games. Nice little end run around the Constitution there, Joe. The government can't suppress free speech, so just strong-arm the private sector into "volunteering" to do it. From rforno at infowarrior.org Sat Nov 26 19:44:34 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Nov 2011 20:44:34 -0500 Subject: [Infowarrior] - Thai crackdown on Facebook remarks on king Message-ID: Thai crackdown on Facebook remarks on king Lindsay Murdoch November 26, 2011 http://www.smh.com.au/world/thai-crackdown-on-facebook-remarks-on-king-20111125-1nz1t.html BANGKOK: Thailand has warned users of Facebook that they could face prosecution under harsh lese-majeste laws if they press ''share'' or ''like'' on images or articles considered unflattering to the Thai monarchy. The prosecution of a Thai-born US citizen who has pleaded guilty to translating a banned biography of King Bhumibol Adulyadej has signalled that authorities are also targeting lese-majeste offences committed overseas. Thailand's Information and Communications Technology Minister, Anudith Nakornthap, says that even though Facebook clicks of ''like'' or ''share'' are only done to show support for messages, they could violate laws that carry sentences of three to 15 years jail for each charge. Advertisement: Story continues below Authorities in Thailand have asked Facebook to delete more than 10,000 pages of content as computer technicians in Bangkok scour the internet for royal insults. ''We have informed Facebook and sought their assistance in deleting content which is offensive to our monarchy,'' Mr Anudith said. Under Thai law, people face lese-majeste charges if they insult the king, queen, heir or regent. Even repeating details of an alleged offence is illegal. The Computer Crimes Act also carries five-year jail terms for digital dissemination of information that threatens the security of the country or violates the ''peace and concord or good morals of the people''. Public criticism of King Bhumibol, the world's longest-serving monarch, is rare in Thailand. In the past four years, authorities have blocked more than 70,000 internet pages, most for insults to the monarchy, officials say. The Asian Human Rights Commission has expressed ''grave concern'' over the latest conviction and sentence of a person for lese-majeste, Ampon Tangnoppakul, 61, a retired truck driver and grandfather suffering from cancer. He wept this week after being sentenced to 20 years jail for sending ''vulgar'' text messages judged to be insulting to Queen Sirikit. Human rights groups estimate that more than 300 lese-majeste charges that have been laid in Thailand since 2006. They include Australian English-language teacher Harry Nicolaides, who was sentenced to six years in jail, commuted to three years on pleading guilty, over a book hardly anyone read. Only 50 copies were published. He received a royal pardon in February 2009 and was deported. A Thai-born US citizen, Joe Gordon, 55, was detained in Thailand in May for translating the book about King Bhumibol in the US where he had lived for 30 years. He had returned to Thailand temporarily for medical treatment. Gordon, who pleaded guilty to a lese-majeste charge in October hoping for a lenient sentence, is awaiting sentencing. The webmaster of the Thai website Prachatai, Chiranuch Premchaiporn, is on trial over comments posted on the site that were deemed insulting to the monarchy. Ms Chiranuch, 44, told the court she regularly read through the thousands of items posted daily on the message board and deleted potentially offensive messages when she found them. Prosecutors allege she did not act quickly enough. Ms Chiranuch was recently awarded the Hellman-Hammett award given annually to writers or activists for expressing freedom of expression. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Nov 26 19:45:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 26 Nov 2011 20:45:36 -0500 Subject: [Infowarrior] - Palantir, the War on Terror's Secret Weapon Message-ID: <60B6BFA3-E427-4A91-8031-DB2C6EF4CFFE@infowarrior.org> Features November 22, 2011, 3:56 PM EST Palantir, the War on Terror's Secret Weapon A Silicon Valley startup that collates threats has quietly become indispensable to the U.S. intelligence community By Ashlee Vance and Brad Stone http://www.businessweek.com/printer/magazine/palantir-the-vanguard-of-cyberterror-security-11222011.html In October, a foreign national named Mike Fikri purchased a one-way plane ticket from Cairo to Miami, where he rented a condo. Over the previous few weeks, he?d made a number of large withdrawals from a Russian bank account and placed repeated calls to a few people in Syria. More recently, he rented a truck, drove to Orlando, and visited Walt Disney World by himself. As numerous security videos indicate, he did not frolic at the happiest place on earth. He spent his day taking pictures of crowded plazas and gate areas. None of Fikri?s individual actions would raise suspicions. Lots of people rent trucks or have relations in Syria, and no doubt there are harmless eccentrics out there fascinated by amusement park infrastructure. Taken together, though, they suggested that Fikri was up to something. And yet, until about four years ago, his pre-attack prep work would have gone unnoticed. A CIA analyst might have flagged the plane ticket purchase; an FBI agent might have seen the bank transfers. But there was nothing to connect the two. Lucky for counterterror agents, not to mention tourists in Orlando, the government now has software made by Palantir Technologies, a Silicon Valley company that?s become the darling of the intelligence and law enforcement communities. The day Fikri drives to Orlando, he gets a speeding ticket, which triggers an alert in the CIA?s Palantir system. An analyst types Fikri?s name into a search box and up pops a wealth of information pulled from every database at the government?s disposal. There?s fingerprint and DNA evidence for Fikri gathered by a CIA operative in Cairo; video of him going to an ATM in Miami; shots of his rental truck?s license plate at a tollbooth; phone records; and a map pinpointing his movements across the globe. All this information is then displayed on a clearly designed graphical interface that looks like something Tom Cruise would use in a Mission: Impossible movie. As the CIA analyst starts poking around on Fikri?s file inside of Palantir, a story emerges. A mouse click shows that Fikri has wired money to the people he had been calling in Syria. Another click brings up CIA field reports on the Syrians and reveals they have been under investigation for suspicious behavior and meeting together every day over the past two weeks. Click: The Syrians bought plane tickets to Miami one day after receiving the money from Fikri. To aid even the dullest analyst, the software brings up a map that has a pulsing red light tracing the flow of money from Cairo and Syria to Fikri?s Miami condo. That provides local cops with the last piece of information they need to move in on their prey before he strikes. Fikri isn?t real?he?s the John Doe example Palantir uses in product demonstrations that lay out such hypothetical examples. The demos let the company show off its technology without revealing the sensitive work of its clients. Since its founding in 2004, the company has quietly developed an indispensable tool employed by the U.S. intelligence community in the war on terrorism. Palantir technology essentially solves the Sept. 11 intelligence problem. The Digital Revolution dumped oceans of data on the law enforcement establishment but provided feeble ways to make sense of it. In the months leading up to the 2001 attacks, the government had all the necessary clues to stop the al Qaeda perpetrators: They were from countries known to harbor terrorists, who entered the U.S. on temporary visas, had trained to fly civilian airliners, and purchased one-way airplane tickets on that terrible day. An organization like the CIA or FBI can have thousands of different databases, each with its own quirks: financial records, DNA samples, sound samples, video clips, maps, floor plans, human intelligence reports from all over the world. Gluing all that into a coherent whole can take years. Even if that system comes together, it will struggle to handle different types of data?sales records on a spreadsheet, say, plus video surveillance images. What Palantir (pronounced Pal-an-TEER) does, says Avivah Litan, an analyst at Gartner (IT), is ?make it really easy to mine these big data sets.? The company?s software pulls off one of the great computer science feats of the era: It combs through all available databases, identifying related pieces of information, and puts everything together in one place. Depending where you fall on the spectrum between civil liberties absolutism and homeland security lockdown, Palantir?s technology is either creepy or heroic. Judging by the company?s growth, opinion in Washington and elsewhere has veered toward the latter. Palantir has built a customer list that includes the U.S. Defense Dept., CIA, FBI, Army, Marines, Air Force, the police departments of New York and Los Angeles, and a growing number of financial institutions trying to detect bank fraud. These deals have turned the company into one of the quietest success stories in Silicon Valley?it?s on track to hit $250 million in sales this year?and a candidate for an initial public offering. Palantir has been used to find suspects in a case involving the murder of a U.S. Immigration and Customs Enforcement special agent, and to uncover bombing networks in Syria, Afghanistan, and Pakistan. ?It?s like plugging into the Matrix,? says a Special Forces member stationed in Afghanistan who requested anonymity out of security concerns. ?The first time I saw it, I was like, ?Holy crap. Holy crap. Holy crap.? ? Palantir?s engineers fill the former headquarters of Facebook along University Avenue in the heart of Palo Alto?s main commercial district. Over the past few years, Palantir has expanded to four other nearby buildings as well. Its security people?who wear black gloves and Secret Service-style earpieces?often pop out of the office to grab their lunch, making downtown Palo Alto feel, at times, a bit like Langley. Inside the offices, sweeping hand-drawn murals fill the walls, depicting tributes to Care Bears and the TV show Futurama. On one floor, a wooden swing hangs from the ceiling by metal chains, while Lord of the Rings knickknacks sit on desks. T-shirts with cutesy cartoon characters are everywhere, since the engineers design one for each new version of their software. Of late, they?ve run out of Care Bears to put on the shirts and moved on to My Little Ponies. The origins of Palantir go back to PayPal, the online payments pioneer founded in 1998. A hit with consumers and businesses, PayPal also attracted criminals who used the service for money laundering and fraud. By 2000, PayPal looked like ?it was just going to go out of business? because of the cost of keeping up with the bad guys, says Peter Thiel, a PayPal co-founder. The antifraud tools of the time could not keep up with the crooks. PayPal?s engineers would train computers to look out for suspicious transfers?a number of large transactions between U.S. and Russian accounts, for example?and then have human analysts review each flagged deal. But each time PayPal cottoned to a new ploy, the criminals changed tactics. The computers would miss these shifts, and the humans were overwhelmed by the explosion of transactions the company handled. PayPal?s computer scientists set to work building a software system that would treat each transaction as part of a pattern rather than just an entry in a database. They devised ways to get information about a person?s computer, the other people he did business with, and how all this fit into the history of transactions. These techniques let human analysts see networks of suspicious accounts and pick up on patterns missed by the computers. PayPal could start freezing dodgy payments before they were processed. ?It saved hundreds of millions of dollars,? says Bob McGrew, a former PayPal engineer and the current director of engineering at Palantir. After EBay (EBAY) acquired PayPal in 2002, Thiel left to start a hedge fund, Clarium Capital Management. He and Joe Lonsdale, a Clarium executive who?d been a PayPal intern, decided to turn PayPal?s fraud detection into a business by building a data analysis system that married artificial intelligence software with human skills. Washington, they guessed, would be a natural place to begin selling such technology. ?We were watching the government spend tens of billions on information systems that were just horrible,? Lonsdale says. ?Silicon Valley had gotten to be a lot more advanced than government contractors, because the government doesn?t have access to the best engineers.? Thiel, Lonsdale, and a couple of former colleagues officially incorporated Palantir in 2004. Thiel originally wanted to hire a chief executive officer from Washington who could navigate the Byzantine halls of the military-industrial complex. His co-founders resisted and eventually asked Alex Karp, an American money manager living in Europe who had been helping raise money for Clarium, to join as temporary CEO. It was an unlikely match. Before joining Palantir, Karp had spent years studying in Germany under J?rgen Habermas, the most prominent living representative of the Frankfurt School, the group of neo-Marxist philosophers and sociologists. After getting a PhD in philosophy from the University of Frankfurt?he also has a degree from Stanford Law School?Karp drifted from academia and dabbled in stocks. He proved so good at it that, with the backing of a handful of European billionaires, he set up a money management firm called the Caedmon Group. His intellect, and ability to solve a Rubik?s Cube in under a minute, commands an awed reverence around the Palantir offices, where he?s known as Dr. Karp. In the early days, Palantir struggled to sell its message and budding technology to investors. Big-name venture capital firms such as Kleiner Perkins Caufield & Byers, Sequoia Capital, and Greylock Partners all passed. Lonsdale says one investor, whom he won?t name, actually started laughing on the phone at Karp?s nonbusiness academic credentials. Overlooked by the moneyed institutions on Sand Hill Road, Thiel put up the original funds before enticing In-Q-Tel, the investment arm of the CIA, to invest as well. Karp says the reason VC firms ?passed was that enterprise technology was not hot. And the government was, and still is, anti-hot.? Michael E. Leiter, the former head of the National Counterterrorism Center, recalls being skeptical when Karp arrived to sell Palantir?s system to the NCTC, created by President George W. Bush after the attacks. ?There?s Karp with his hair and his outfit?he doesn?t look like me or the other people that work for me,? he says. But Leiter soon discovered that Palantir?s software cost a fraction of competing products and actually worked. Palantir not only made the connections between the data sets but also drew inferences based on the clues and empowered the analysts. Leiter is now a Palantir consultant. At 44, Karp has a thin, sinewy physique?the result of a strict 1,200-calorie-a-day diet?and an angular face that gives way to curly brown, mad-scientist hair. On a November visit at Palantir?s headquarters, he?s wearing purple pants and a blue and orange athletic shirt. As he does every day, he walked to work. ?I never learned to drive because I was busy reading, doing things, and talking to people,? he says. ?And I?m coordinated enough to bike, but the problem is that I will start dreaming about the business and run into a tree.? During the era of social networks, online games, and Web coupons, Karp and his engineers have hit on a grander mission. ?Our primary motivation,? Karp says, ?is executing against the world?s most important problems in this country and allied countries.? That?s an unusual pitch in Silicon Valley, where companies tend to want as little to do with Washington as possible and many of the best engineers flaunt their counterculture leanings. Palantir?s name refers to the ?seeing stones? in Lord of the Rings that provide a window into other parts of Middle-earth. They?re magical tools created by elves that can serve both good and evil. Bad wizards use them to keep in touch with the overlord in Mordor; good wizards can peer into them to check up on the peaceful, innocent Hobbits of the Shire. As Karp explains with a straight face, his company?s grand, patriotic mission is to ?protect the Shire.? Most of Palantir?s government work remains classified, but information on some cases has trickled out. In April 2010, security researchers in Canada used Palantir?s software to crack a spy operation dubbed Shadow Network that had, among other things, broken into the Indian Defense Ministry and infiltrated the Dalai Lama?s e-mail account. Palantir has also been used to unravel child abuse and abduction cases. Palantir ?gives us the ability to do the kind of link-and-pattern analysis we need to build cases, identify perpetrators, and rescue children,? says Ernie Allen, CEO of the National Center for Missing and Exploited Children. The software recently helped NCMEC analysts link an attempted abduction with previous reports of the suspect to the center?s separate cyber-tip line?and plot that activity on a map. ?We did it within 30 seconds,? Allen says. ?It is absolutely a godsend for us.? In Afghanistan, U.S. Special Operations Forces use Palantir to plan assaults. They type a village?s name into the system and a map of the village appears, detailing the locations of all reported shooting skirmishes and IED, or improvised explosive device, incidents. Using the timeline function, the soldiers can see where the most recent attacks originated and plot their takeover of the village accordingly. The Marines have spent years gathering fingerprint and DNA evidence from IEDs and tried to match that against a database of similar information collected from villagers. By the time the analysis results came back, the bombers would be long gone. Now field operatives are uploading the samples from villagers into Palantir and turning up matches from past attacks on the spot, says Samuel Reading, a former Marine who works in Afghanistan for NEK Advanced Securities Group, a U.S. military contractor. ?It?s the combination of every analytical tool you could ever dream of,? Reading says. ?You will know every single bad guy in your area.? Palantir has found takers for its data mining system closer to home, too. Wall Street has been particularly receptive. Every year, the company holds a conference to promote its technology, and the headcount swelled from about 50 people at past events to 1,000 at the most recent event in October. ?I saw bankers there that don?t go to any other conferences,? says Gartner?s Litan. The banks have set Palantir?s technology loose on their transaction databases, looking for fraudsters, trading insights, and even new ways to price mortgages. Guy Chiarello, chief information officer for JPMorgan Chase (JPM), says Palantir?s technology turns ?data landfills into gold mines.? The bank has a Palantir system for fraud detection and plans to use the technology to better tailor marketing campaigns to consumers. ?Google (GOOG) unlocked the Internet with its search engine,? Chiarello says. ?I think Palantir is on the way to doing a similar thing inside the walls of corporate data.? One of the world?s largest banks has used Palantir software to break up a popular scam called BustOut. Criminals will steal or purchase access to thousands of people?s online identities, break into their bank and credit-card accounts, then spend weeks watching. Once they spot a potential victim purchasing a plane ticket or heading out on a holiday, they siphon money out of the accounts as fast as they can while the mark is in transit. The criminals hide their trails by anonymizing their computing activity and disabling alert systems in the bank and credit-card accounts. When the bank picks up on a few compromised accounts, it uses Palantir to uncover the network of thousands of other accounts that have to be tapped. A Palantir deal can run between $5 million and $100 million. The company asks for 20 percent of that money up front and the rest only if the customer is satisfied at the end of the project. Typically, it?s competing against the likes of Raytheon (RTN), Lockheed Martin (LMT), Northrop Grumman (NOC), and IBM (IBM), along with a scattering of less prominent data mining startups. ?We can be up and running in a bank in eight weeks,? Karp says. ?You will be getting results right away instead of waiting two to three years with our competitors.? Palantir has been doubling headcount every year to keep up with business. To get a job at the company, an applicant must pass a gauntlet of brain teasers. An example: You have 25 horses and can race them in heats of 5. You know the order the horses finished in, but not their times. How many heats are necessary to find the fastest? First and second? First, second, and third? (Answers: six, seven, and seven.) If candidates are able to prove themselves as what Karp calls ?a software artist,? they?re hired. The company gives new arrivals some reading material, including a guide to improvisational acting, a lecture by the entrepreneur Steve Blank on Silicon Valley?s secret history with the military, and the book The Looming Tower: Al-Qaeda and the Road to 9/11. They?re also rewarded with a low wage by Silicon Valley standards: Palantir caps salaries at $127,000. Instead of traditional salespeople, Palantir has what it calls forward deployed engineers. These are the sometimes awkward computer scientists most companies avoid putting in front of customers. Karp figures that engineers will always tell the truth about the pros and cons of a product, know how to solve problems, and build up a strong reputation with customers over time. ?If your life or your economic future is on the line,? he says, ?and there is one company where people are maybe kind of suffering from Asperger?s syndrome, but they have always been accurate, you end up trusting them.? The director of these forward deployed engineers is Shyam Sankar, a Palantir veteran. In his corner office there?s a Shamu stuffed animal, an antique Afghan rifle hanging overhead, and a 150-year-old bed frame decorated with a wild, multicolored comforter. The bed comes in handy during an annual team-building exercise: For one week, employees live in the Palantir offices; the bedless make shantytown houses out of cardboard boxes. Sankar celebrates Palantir?s mix of office frivolity and low salaries. ?We will feed you, clothe you, let you have slumber parties, and nourish your soul,? he says. ?But this is not a place to come to get cash compensation.? Like many of the young engineers, Sankar recounts a personal tale that explains his patriotic zeal. When he was young, his parents moved from India to Nigeria, where Sankar?s father ran a pharmaceutical plant. One night, burglars broke into their home, pistol-whipped his dad, and stole some valuables. After that traumatic event, the family moved to Florida and started over, selling T-shirts to theme parks. ?To come to a place and not have to worry about such bad things instilled a sense of being grateful to America,? Sankar says. ?I know it sounds corny, but the idea here is to save the Shire.? Karp acknowledges that to outsiders, Palantir?s Middle-earth-meets-National Security Agency culture can seem a bit much. ?One of my investors asked me, ?Is this a company or a cult?? ? he says. ?Well, I don?t seem to be living like a cult leader.? Then he begins a discourse on how Palantir?s unusual ways serve the business. ?I tend to think the critiques are true,? Karp says. ?To make something work, it cannot be about the money. I would like to believe we have built a culture that is about a higher purpose that takes the form of a company. I think the deep character anomalies of the company are the reasons why the numbers are so strong.? Using Palantir technology, the FBI can now instantly compile thorough dossiers on U.S. citizens, tying together surveillance video outside a drugstore with credit-card transactions, cell-phone call records, e-mails, airplane travel records, and Web search information. Christopher Soghoian, a graduate fellow at the Center for Applied Cybersecurity in the School of Informatics and Computing at Indiana University, worries that Palantir will make these agencies ever hungrier consumers of every piece of personal data. ?I don?t think Palantir the firm is evil,? he says. ?I think their clients could be using it for evil things.? Soghoian points out that Palantir?s senior legal adviser, Bryan Cunningham, authored an amicus brief three years ago supporting the Bush Administration?s position in the infamous warrantless wiretapping case and defended its monitoring domestic communication without search warrants. Another event that got critics exercised: A Palantir engineer, exposed by the hacker collective Anonymous earlier this year for participating in a plot to break into the PCs of WikiLeaks supporters, was quietly rehired by the company after being placed on leave. Karp stresses that Palantir has developed some of the most sophisticated privacy protection technology on the market. Its software creates audit trails, detailing who has seen certain pieces of information and what they?ve done with it. Palantir also has a permission system to make sure that workers in agencies using its software can access only the data that their clearance levels allow. ?In the pre-Palantir days, analysts could go into file cabinets and read whatever they want,? says former NCTC director Leiter. ?Nobody had any idea what they had seen.? Soghoian scoffs at the privacy-protecting features Palantir builds into its software. ?If you don?t think the NSA can disable the piece of auditing functionality, you have to be kidding me,? he says. ?They can do whatever they want, so it?s ridiculous to assume that this audit trail is sufficient.? Thiel, who sits on the board and is an avowed libertarian, says civil liberties advocates should welcome Palantir. ?We cannot afford to have another 9/11 event in the U.S. or anything bigger than that,? he says. ?That day opened the doors to all sorts of crazy abuses and draconian policies.? In his view, the best way to avoid such scenarios in the future would be to provide the government the most cutting-edge technology possible and build in policing systems to make sure investigators use it lawfully. After Washington and Wall Street, Karp says the company may turn its attention to health care, retail, insurance, and biotech. The thinking is that Palantir?s technology can illuminate health insurance scams just as well as it might be able to trace the origin of a virus outbreak. Despite all this opportunity, and revenue that is tripling every year, Karp insists that Palantir will remain grounded. An IPO, while not out of the question, ?dilutes nonmonetary motivation,? he says. One higher purpose in the coming year will be rescuing strapped companies and government bodies from the brink of financial ruin. Karp lists fraud, Internet security issues, Europe?s financial woes, and privacy concerns as possible drivers for Palantir?s business. For anyone in peril, the message is clear: Give us a signal and a forward deployed engineer will be at your doorstep. ?There are some people out there that don?t think to pick up the phone and call us,? Karp says. ?By next year, many of those people will.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 27 16:59:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Nov 2011 17:59:54 -0500 Subject: [Infowarrior] - =?windows-1252?q?The_Copyright_Industry_=96_A_Cen?= =?windows-1252?q?tury_Of_Deceit?= Message-ID: <6FEDEB51-EAA3-482E-9996-65D2E59B32DD@infowarrior.org> The Copyright Industry ? A Century Of Deceit ? Rick Falkvinge ? November 27, 2011 http://torrentfreak.com/the-copyright-industry-a-century-of-deceit-111127/ It is said that those who don?t study history are doomed to repeat it. In the case of the copyright industry, they have learned that they can get new monopoly benefits and rent-seeker?s benefits every time there is a new technology, if they just complain loudly enough to the legislators. The past 100 years have seen a vast array of technical advances in broadcasting, multiplication and transmissions of culture, but equally much misguided legislators who sought to preserve the old at expense of the new, just because the old was complaining. First, let?s take a look at what the copyright industry tried to ban and outlaw, or at least receive taxpayer money in compensation for its existence: It started around 1905, when the self-playing piano was becoming popular. Sellers of note sheet music proclaimed that this would be the end of artistry if they couldn?t make a living off of middlemen between composers and the public, so they called for a ban on the player piano. A famous letter in 1906 claims that both the gramophone and the self-playing piano will be the end of artistry, and indeed, the end of a vivid, songful humanity. In the 1920s, as broadcast radio started appearing, another copyright industry was demanding its ban because it cut into profits. Record sales fell from $75 million in 1929 to $5 million four years later ? a recession many times greater than the record industry?s current troubles. (Speaking of recession, the drop in profits happened to coincide with the Great Depression.) The copyright industry sued radio stations, and collecting societies started collecting part of the station profits under a blanket ?licensing? scheme. Laws were proposed that would immunize the new radio medium from the copyright industry, but they did not pass. In the 1930s, silent movies were phased out by movies with audio tracks. Every theater had previously employed an orchestra that played music to accompany the silent movies, and now, these were out of a job. It is quite conceivable that this is the single worst technology development for professional performers. Their unions demanded guaranteed jobs for these performers in varying propositions. In the 1940s, the movie industry complained that the television would be the death of movies, as movie industry profits dropped from $120 million to $31 million in five years. Famous quote: ?Why pay to go see a movie when you can see it at home for free?? In 1972, the copyright industry tried to ban the photocopier. This push was from book publishers and magazine publishers alike. ?The day may not be far off when no one need purchase books.? The 1970s saw the advent of the cassette tape, which is when the copyright industry really went all-out in proclaiming their entitlement. Ads saying ?Home taping is killing music!? were everywhere. The band Dead Kennedys famously responded by subtly changing the message in adding ??industry profits?, and ?We left this side [of their tape] blank, so you can help.? The 1970s also saw another significant shift, where DJs and loudspeakers started taking the place of live dance music. Unions and the copyright industry went ballistic over this, and suggested a ?disco fee? that would be charged at locations playing disco (recorded) music, to be collected by private organizations under governmental mandate and redistributed to live bands. This produces hearty laughter today, but that laughter stops sharp with the realization that the disco fee was actually introduced, and still exists. The 1980s is a special chapter with the advent of video cassette recorders. The copyright industry?s famous quote when testifying before the US Congress ? where the film lobby?s highest representative said that ?The VCR is to the American film producer and the American public as the Boston strangler is to the woman home alone? ? is the stuff of legend today. Still, it bears reminding that the Sony vs Betamax case went all the way to the Supreme Court, and that the VCR was as near as could be from being killed by the copyright industry: The Betamax team won the case by 5-4 in votes. Also in the late 1980s, we saw the complete flop of the Digital Audio Tape (DAT). A lot of this can be ascribed to the fact that the copyright industry had been allowed to put its politics into the design: the cassette, although technically superior to the analog Compact Cassette, was so deliberately unusable for copying music that people rejected it flat outright. This is an example of a technology that the copyright industry succeeded in killing, even though I doubt it was intentional: they just got their wishes as to how it should work to not disrupt the status quo. In 1994, Fraunhofer Institute published a prototype implementation of its digital coding technique that would revolutionize digital audio. It allowed CD-quality audio to take one-tenth of the disk space, which was very valuable in this time, when a typical hard drive would be just a couple of gigabytes. Technically known as MPEG-1 Audio Layer III, it was quickly shortened to ?MP3? in everyday speak. The copyright industry screamed again, calling it a technology that only can be used for criminal activity. The first successful MP3 player, the Diamond Rio, saw the light in 1998. It had 32 megabytes of memory. Despite good sales, the copyright industry sued its maker, Diamond Multimedia, into oblivion: while the lawsuit was struck down, the company did not recover from the burden of defending. The monopoly middlemen tried aggressively to have MP3 players banned. The century ended with the copyright middlemen pushing through a new law in the United States called the Digital Millennium Copyright Act, which would have killed the Internet and social media by introducing intermediary liability ? essentially killing social technologies in their cradle. Only with much effort did the technology industry manage to stave off disaster by introducing so-called ?safe harbors? that immunizes the technical companies from liability on the condition that they throw the end-users to the wolves on request. The internet and social media survived the copyright industry?s onslaught by a very narrow escape that still left it significantly harmed and slowed. Right after the turn of the century, the use of Digital Video Recorders was called ?stealing? as it allowed for skipping of commercials (as if nobody did that before). In 2003, the copyright industry tried to have its say in the design of HDTV with a so-called ?broadcast flag? that would make it illegal to manufacture devices that could copy movies so flagged. In the USA, the FCC miraculously granted this request, but was struck down in bolts of lightning by courts who said they had way overstepped their mandate. What we have here is a century of deceit, and a century revealing the internal culture inherent in the copyright industry. Every time something new appears, the copyright industry has learned to cry like a little baby that needs more food, and succeeds practically every time to get legislators to channel taxpayer money their way or restrict competing industries. And every time the copyright industry succeeds in doing so, this behavior is further reinforced. It is far past due that the copyright industry is stripped of its nobility benefits, every part of its governmental weekly allowance, and gets kicked out of its comfy chair to get a damn job and learn to compete on a free and honest market. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Nov 27 19:48:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 27 Nov 2011 20:48:54 -0500 Subject: [Infowarrior] - Secret Fed Loans Gave Banks Undisclosed $13B Message-ID: Secret Fed Loans Gave Banks Undisclosed $13B By Bob Ivry, Bradley Keoun and Phil Kuntz - Nov 27, 2011 Bloomberg Markets Magazine The Federal Reserve and the big banks fought for more than two years to keep details of the largest bailout in U.S. history a secret. Now, the rest of the world can see what it was missing. The Fed didn?t tell anyone which banks were in trouble so deep they required a combined $1.2 trillion on Dec. 5, 2008, their single neediest day. Bankers didn?t mention that they took tens of billions of dollars in emergency loans at the same time they were assuring investors their firms were healthy. And no one calculated until now that banks reaped an estimated $13 billion of income by taking advantage of the Fed?s below-market rates, Bloomberg Markets magazine reports in its January issue. Saved by the bailout, bankers lobbied against government regulations, a job made easier by the Fed, which never disclosed the details of the rescue to lawmakers even as Congress doled out more money and debated new rules aimed at preventing the next collapse. A fresh narrative of the financial crisis of 2007 to 2009 emerges from 29,000 pages of Fed documents obtained under the Freedom of Information Act and central bank records of more than 21,000 transactions. While Fed officials say that almost all of the loans were repaid and there have been no losses, details suggest taxpayers paid a price beyond dollars as the secret funding helped preserve a broken status quo and enabled the biggest banks to grow even bigger. ?Change Their Votes? ?When you see the dollars the banks got, it?s hard to make the case these were successful institutions,? says Sherrod Brown, a Democratic Senator from Ohio who in 2010 introduced an unsuccessful bill to limit bank size. ?This is an issue that can unite the Tea Party and Occupy Wall Street. There are lawmakers in both parties who would change their votes now.? The size of the bailout came to light after Bloomberg LP, the parent of Bloomberg News, won a court case against the Fed and a group of the biggest U.S. banks called Clearing House Association LLC to force lending details into the open. The Fed, headed by Chairman Ben S. Bernanke, argued that revealing borrower details would create a stigma -- investors and counterparties would shun firms that used the central bank as lender of last resort -- and that needy institutions would be reluctant to borrow in the next crisis. Clearing House Association fought Bloomberg?s lawsuit up to the U.S. Supreme Court, which declined to hear the banks? appeal in March 2011. $7.77 Trillion The amount of money the central bank parceled out was surprising even to Gary H. Stern, president of the Federal Reserve Bank of Minneapolis from 1985 to 2009, who says he ?wasn?t aware of the magnitude.? It dwarfed the Treasury Department?s better-known $700 billion Troubled Asset Relief Program, or TARP. Add up guarantees and lending limits, and the Fed had committed $7.77 trillion as of March 2009 to rescuing the financial system, more than half the value of everything produced in the U.S. that year. ?TARP at least had some strings attached,? says Brad Miller, a North Carolina Democrat on the House Financial Services Committee, referring to the program?s executive-pay ceiling. ?With the Fed programs, there was nothing.? Bankers didn?t disclose the extent of their borrowing. On Nov. 26, 2008, then-Bank of America (BAC) Corp. Chief Executive Officer Kenneth D. Lewis wrote to shareholders that he headed ?one of the strongest and most stable major banks in the world.? He didn?t say that his Charlotte, North Carolina-based firm owed the central bank $86 billion that day. < - BIG SNIP - > http://www.bloomberg.com/news/print/2011-11-28/secret-fed-loans-undisclosed-to-congress-gave-banks-13-billion-in-income.html From rforno at infowarrior.org Mon Nov 28 06:53:10 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Nov 2011 07:53:10 -0500 Subject: [Infowarrior] - Cablegate One Year Later: How WikiLeaks Has Influenced Foreign Policy, Journalism, and the First Amendment Message-ID: <255B5F1E-811D-474B-A63C-249F41A4B25C@infowarrior.org> https://www.eff.org/deeplinks/2011/11/cablegate-one-year-later-how-wikileaks-has-influenced-foreign-policy-journalism November 28, 2011 - 12:00am | By Trevor Timm Cablegate One Year Later: How WikiLeaks Has Influenced Foreign Policy, Journalism, and the First Amendment One year ago today, WikiLeaks started publishing a trove of over 250,000 leaked U.S. State Department cables, which have since formed the basis of reporting for newspapers around the globe. The publication has given the public a window into the inner workings of government at an unprecedented scale, and in the process, has transformed journalism in the digital age. In recognition, WikiLeaks founder Julian Assange was just awarded Australia?s version of the Pulitzer Prize, in addition to the Martha Gellhorn journalism prize he won in the United Kingdom earlier this year. As Salon?s Glenn Greenwald observed, ?WikiLeaks easily produced more newsworthy scoops over the last year than every other media outlet combined.? Yet at the same time, the Justice Department has been investigating WikiLeaks for criminal violations for doing what other media organizations have been doing in the U.S. for centuries?publishing truthful information in the public interest. Here is a look at Cablegate?s impact on journalism surrounding six countries central to U.S. foreign policy, and why it is vital for the media to stand up for WikiLeaks? First Amendment right to publish classified information. The WikiLeaks Cables and Their Contributions to Journalism Libya This past summer, Senator John McCain was the most vocal member of Congress cheering for more aggressive military action to remove Libya's then-leader Muammar Gaddafi. But a WikiLeaks cable revealed just two years earlier, Sen. McCain had personally promised to arm Qaddafi with U.S. military equipment. Yet Gaddafi was one of the strongest critics of the WikiLeaks publications. The cables exposed the greed and corruption of his regime, and, according to some reports, seemed to drive him crazy. He even accused the CIA of leaking the documents to undermine him. Pakistan Long before U.S forces secretly entered Pakistan to kill Osama bin laden in August, the cables confirmed the U.S. military was already covertly operating inside the country?a fact that the U.S. government had previously denied for months. Despite public support for the Pakistani government, the cables also showed U.S. diplomats have long thought of the Pakistani intelligence service, the I.S.I., as a ?terrorist organization? that tacitly supports al-Qaeda and the Taliban. Yemen One of the first cables released in 2010 confirmed reports of another undeclared military action that the U.S. had previously denied?drones strikes in Yemen. At the same time, the cables detailed the secret deal the Yemeni President made with the U.S. to allow the strikes, which he lied to his people about in the process. When the C.I.A. extra-judicially killed alleged al-Qaeda leader and U.S. citizen Anwar al-Awaki with a drone in October 2011, the U.S. publicly announced the death but refused to officially release any information about the strike. A cable published by WikiLeaks provided a blueprint for how the attack was carried out. Egypt During the Egyptian revolution, the cables gave the rest of the world a stark and unflinching look at the brutality of Mubarak and his regime, facts of which Egyptians were already well aware. The cables painted a ?vivid picture? of the U.S.?s close ties with the regime, but also confirmed to the international community that police brutality in Egypt was "routine and pervasive" and that ?the use of torture [was] so widespread that the Egyptian government ha[d] stopped denying it exists.? Tunisia The cables have been credited with directly influencing what came to be known as the Jasmine Revolution. In the early stages of mass political protests in Tunisia, Nawaat?the influential Tunisian blogging group?set up a website called Tunileaks and widely distributed the cables to Tunisian citizens. The cables confirmed that the U.S. viewed Tunisian President Ben Ali as a corrupt and brutal tyrant and fanned the flames of the already smoldering revolution. Amnesty International would credit WikiLeaks and its media partners as ?catalysts? in the people?s successful ouster of Ali. Iraq In what may turn out to be WikiLeaks? most lasting legacy, CNN reported a month ago that a WikiLeaks cable played a role in expediting the return of all U.S. troops from Iraq and ending the decade long war. Negotiations to keep U.S. troops in Iraq longer than the original 2011 deadline were strained when Wikileaks released a cable showing the U.S. tried to cover up an incident where soldiers knowingly killed innocent women and children in Iraq. Iraqi negotiators indicated the cable gave them excuse to refuse to extend the troop presence. This, of course, only scratches the surface, as the cables have shed light on almost every major foreign policy story of 2011. In April, Atlantic Wire reported that nearly half of 2011?s New York Times issues relied on WikiLeaks documents. And while all of the cables have now been released, the impact is still reverberating. Zimbabwe?s notorious dictator Robert Mugabe may be next to feel the effects. The BBC recently reported that WikiLeaks revelations may force him to step down from power, a notion that was previously ?unthinkable.? Long Term Impact: WikiLeaks and Threats to the First Amendment As we look back at how the WikiLeaks cables have enriched and colored our understanding of recent history, it?s impossible to ignore that the Justice Department is currently investigating individuals allegedly associated with WikiLeaks, reportedly for possible violations of the Espionage Act of 1917?an outdated relic of World War I?which has recently been used to punish government leakers. No media organization has ever been indicted, much less convicted, under the Espionage Act. Constitutional scholars almost uniformly agree that a prosecution of a media organization would be devastating for press freedom and violate the First Amendment. The Justice Department has reportedly tried to avoid this constitutional problem by trying to craft charges against Wikileaks leader Julian Assange for soliciting or inducing classified information from his source under ?conspiracy to commit espionage? theory. Of course, asking sources for information is part of the normal news gathering process for any reporter, which is why Yale law professor Jack Balkin said the Justice Department?s strategy ?threatens traditional journalists as well.? Secrecy expert Steven Aftergood argued that a prosecution under this theory could criminalize ?ordinary conventions of national security reporting.? And former New York Times general counsel James Goodale remarked the Justice Department might as well be investigating WikiLeaks for ?conspiracy to commit journalism.? Yet the mainstream press, most notably the New York Times, has done little to defend WikiLeaks? right to publish, despite the fact that legal observers on both the left and right have said it?s impossible to distinguish WikiLeaks and the Times under the letter of the law. Assange?s rocky relationship with the Times and other media partners may be the reason for the Times? silence. But, no matter what one thinks of Assange, failing to defend WikiLeaks? right to publish government secrets is dangerously short sighted. With all the attention WikiLeaks has received, it?s easy to forget that newspapers have been publishing secret information for decades. In fact, in the past year, stories based on non-WikiLeaks classified information about Afghanistan, Pakistan, Russia, Yemen, Somalia, Libya, Iran, China have graced the pages of the country?s most established publications. And much of the information on which those stories were based is of a higher classification level than anything WikiLeaks published. The New York Times may feel safe in the Justice Department's indication that they are not the target of any investigation, but the ?trust us? argument will only last until the next big scoop. It was less than a decade ago that then-Attorney General Alberto Gonzales repeatedly claimed he would like to investigate the New York Times under the Espionage Act for its NSA warrantless wiretapping investigation. New York Times reporters James Risen and Eric Lichtblau won a Pulitzer Prize for exposing gross constitutional violations that also happened to be classified ?Top Secret.? But with a successful WikiLeaks prosecution, a threat like Gonzales? could force a paper to kill such a story, or worse: the next Pulitzer Prize winner may be forced to accept his or her prize from a jail cell. The mainstream American press has the most to lose from a WikiLeaks prosecution. Whether or not Julian Assange is indicted can?t extinguish the idea WikiLeaks represents. We now know the technology and expertise exists to create anonymously driven whistleblower platforms that can advocate for government transparency by publishing all over the world. As the Economist said, ?Jailing Thomas Edison in 1890 would not have darkened the night.? And despite the established press?s unwillingness to defend WikiLeaks, they are also trying to copy WikiLeaks' model. As the media look back on the WikiLeaks cables? wide-ranging impact on journalism this week, it?s important they also defend the idea behind WikiLeaks. Because if they do not stand up for WikiLeaks? right to publish, in the end, it will only be harder to preserve the publication rights of mainstream organizations like the New York Times. The real casualty in a Wikileaks prosecution will not be Julian Assange; it will be the death of a free press and the First Amendment itself. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 28 08:45:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Nov 2011 09:45:51 -0500 Subject: [Infowarrior] - Senate Moves To Allow Military To Intern Americans Without Trial Message-ID: Senate Moves To Allow Military To Intern Americans Without Trial NDAA detention provision would turn America into a ?battlefield? Paul Joseph Watson Infowars.com Monday, November 28, 2011 http://www.infowars.com/senate-moves-to-allow-military-to-intern-americans-without-trial/ The Senate is set to vote on a bill today that would define the whole of the United States as a ?battlefield? and allow the U.S. Military to arrest American citizens in their own back yard without charge or trial. ?The Senate is going to vote on whether Congress will give this president?and every future president ? the power to order the military to pick up and imprison without charge or trial civilians anywhere in the world. The power is so broad that even U.S. citizens could be swept up by the military and the military could be used far from any battlefield, even within the United States itself,? writes Chris Anders of the ACLU Washington Legislative Office. Under the ?worldwide indefinite detention without charge or trial? provision of S.1867, the National Defense Authorization Act bill, which is set to be up for a vote on the Senate floor this week, the legislation will ?basically say in law for the first time that the homeland is part of the battlefield,? said Sen. Lindsey Graham (R-S.C.), who supports the bill. The bill was drafted in secret by Senators Carl Levin (D-Mich.) and John McCain (R-Ariz.), before being passed in a closed-door committee meeting without any kind of hearing. The language appears in sections 1031 and 1032 of the NDAA bill. ?I would also point out that these provisions raise serious questions as to who we are as a society and what our Constitution seeks to protect,? Colorado Senator Mark Udall said in a speech last week. One section of these provisions, section 1031, would be interpreted as allowing the military to capture and indefinitely detain American citizens on U.S. soil. Section 1031 essentially repeals the Posse Comitatus Act of 1878 by authorizing the U.S. military to perform law enforcement functions on American soil. That alone should alarm my colleagues on both sides of the aisle, but there are other problems with these provisions that must be resolved.? ? A d v e r t i s e m e n t ? This means Americans could be declared domestic terrorists and thrown in a military brig with no recourse whatsoever. Given that the Department of Homeland Security has characterized behavior such as buying gold, owning guns, using a watch or binoculars, donating to charity, using the telephone or email to find information, using cash, and all manner of mundane behaviors as potential indicators of domestic terrorism, such a provision would be wide open to abuse. ?American citizens and people picked up on American or Canadian or British streets being sent to military prisons indefinitely without even being charged with a crime. Really? Does anyone think this is a good idea? And why now?? asks Anders. The ACLU is urging citizens to call their Senator and demand that the Udall Amendment be added to the bill, a change that would at least act as a check to prevent Americans being snatched off the streets without some form of Congressional oversight. We have been warning for over a decade that Americans would become the target of laws supposedly aimed at terrorists and enemy combatants. Alex Jones personally documented how U.S. troops were being trained to arrest U.S. citizens in the event of martial law during urban warfare training drills back in the 90?s. Under the the National Defense Authorization Act bill, no declaration of martial law is necessary since Americans would now be subject to the same treatment as suspected insurgents in places like Afghanistan and Iraq. If you thought that the executive assassination of American citizens abroad was bad enough, now similar powers will be extended to the ?homeland,? in other words, your town, your community, your back yard. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 28 09:27:42 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Nov 2011 10:27:42 -0500 Subject: [Infowarrior] - DHS' fear-mongering trends Message-ID: <5BB54B8F-8889-4DC2-8E4A-119C33AFE55A@infowarrior.org> Why am I reminded of this quote from "V For Vendetta"??? --- rick "...what we need is a clear message to the people of the country! This message should be read in every newspaper, heard on every radio, seen on every television. This message must resound throughout the ENTIRE INTERLINK! I want this country to realize that we stand on the edge of oblivion! I want every man, woman, and child to understand how close we are to chaos! I WANT EVERYONE to remember WHY THEY NEED US!!! http://publicintelligence.net/dhs-partners-with-major-league-soccer-to-promote-suspicious-activity-reporting/ ? DHS Partners With Major League Soccer to Promote Suspicious Activity Reporting ? DHS Partners with NCAA to Promote Suspicious Activity Reporting ? DHS Partners With NFL Teams, MLB Teams and Universities to Promote Suspicious Activity Reporting ? DHS Partners with Faith-Based Organizations to Promote Suspicious Activity Reporting ? DHS Partners With Hotel Television Providers to Promote Suspicious Activity Reporting ? DHS Partners With NBA to Promote Suspicious Activity Reporting ? DHS Partners With City of Houston to Promote Suspicious Activity Reporting ? DHS Releases Television PSAs to Promote Suspicious Activity Reporting ? Department of Homeland Security to Run Suspicious Activity Reporting Ads at Walmart Checkouts --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Nov 28 09:35:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 28 Nov 2011 10:35:20 -0500 Subject: [Infowarrior] - OT: Congressional Panic over insider trading feedback Message-ID: <3100DBD5-AE93-4150-A68C-D4DB619E2435@infowarrior.org> November 28, 2011, 6:00 am Lawmakers Look to Rein In Their Investing By CARL HULSE http://thecaucus.blogs.nytimes.com/2011/11/28/lawmakers-look-to-rein-in-trading/?hp The coverage was hard-hitting and shocking to some: Members of Congress received special opportunities to get in on the ground floor of stock offerings, and were actively trading in shares of companies ?whose prosperity they influence and whose conduct they help to regulate.? Those words weren?t from this month?s ?60 Minutes? piece raising questions about the Wall Street dealings of top lawmakers or a new book exploring the same issue. They appeared in the 1968 expos? ?The Case Against Congress? by the muckrakers Drew Pearson and Jack Anderson, who laid out dubious financial maneuvers by lawmakers seeking to enrich themselves using their powerful positions and inside knowledge. Finger-pointing over shady stock dealing in the hallways of the House and Senate is almost as old as Congress itself ? the infamous Cr?dit Mobilier scandal of the 1870s was partially about members of Congress cashing in on discounted railroad stock. Efforts to do something about it have never gained traction, leaving in doubt whether members of Congress and their well-informed staff advisers are subject to laws governing insider trading or free to profit from it. But in this era of Occupy Wall Street protests and public loathing of Congress, the sentiment toward any nexus between Congress and Wall Street seems to have changed considerably. In the wake of the ?60 Minutes? story on Nov. 13, about 90 House members of both parties have been racing to sign on to legislation limiting Congressional trading, which Representative Louise Slaughter, Democrat of New York, has been introducing since 2006 to little effect. ?My colleagues are really starting to understand that light needs to be shed on insider trading and political intelligence which has been creeping into the halls of Congress for years now,? Ms. Slaughter said after the Financial Services Committee agreed to hold a hearing on the measure. ?There are 535 of us privileged enough to serve in this Congress, and the fact that any one of us would think to personally profit off the information that?s shared with us upsets me greatly.? The bill she drafted with Representative Tim Walz, Democrat of Minnesota, would prohibit lawmakers from trading on knowledge gained from their status; prevent them from sharing that information; and establish new requirements for reporting transactions of $1,000 or more within 90 days. The Dec. 6 hearing in the House was scheduled by Representative Spencer Bachus, the Alabama Republican who chairs the committee and was one of the lawmakers who came under scrutiny from ?60 Minutes,? though he challenged any suggestion that he traded improperly. In the Senate, the Homeland Security and Governmental Affairs Committee is set to convene a hearing Thursday on new bills very similar to Ms. Slaughter?s ?Stop Trading on Congressional Knowledge? or Stock Act. Senator Scott P. Brown, the Massachusetts Republican who faces a difficult re-election bid, has introduced one; Senator Kirsten Gillibrand, the New York Democrat who is also up next year, is taking the lead on a competing bill that would change Congressional and Senate rules to ban insider trading. ?When members of Congress personally benefit from the legislation that they shape and vote on, there is a clear conflict of interest, and its effect on legislation can be corrosive,? Mr. Brown wrote in a letter to his colleagues. Top lawmakers appear ready to get on board even if they might not be totally up to speed on the legislation. ?I?m not familiar with the details,? Representative Eric Cantor, the Virginia Republican and House majority leader, told reporters recently about the Stock act, saying his sense was that it required more disclosure. ?If there is any sense of impropriety or any appearance of that, we should take extra steps to make sure the public?s cynicism is addressed,? he said. Given the political environment, members of Congress appear eager to insulate themselves not only from the suggestion that they have some market advantage over average Americans but also from what they expect could become a potent campaign charge in a year when many usually safe incumbents could face a challenge. Sarah Palin provided the contours of the political argument in an opinion article she published in The Wall Street Journal after the ?60 Minutes? report, asking how ?politicians who arrive in Washington, D.C., as men and women of modest means leave as millionaires?? ?The corruption isn?t confined to one political party or just a few bad apples,? she wrote. ?It?s an endemic problem encompassing leadership on both sides of the aisle. It?s an entire system of public servants feathering their own nests.? Many members of Congress say the problem is being exaggerated and that the vast majority of lawmakers play by the rules and would not take advantage of their position for financial gain. But at a time when many American families are struggling financially and when anything Wall Street carries a negative connotation, members of Congress have evidently decided that even if there is no insider trading, they?d better do something about it. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 29 06:55:27 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Nov 2011 07:55:27 -0500 Subject: [Infowarrior] - O'Reilly Guide to SOPA/PROTECTIP bills Message-ID: <92C39090-ED3D-4B87-B5A1-93B8192DBE76@infowarrior.org> Congress considers anti-piracy bills that could cripple Internet industries SOPA and PROTECT IP would harm innovation. by Alex Howard | @digiphile | +Alex Howard | Comments: 4 | 22 November 2011 Sections ? Opposition from the legal, technical and VC community ? Fundamental cybersecurity concerns about PROTECT IP ? More lawmakers come out against SOPA ? A Congressional hearing stacked against the Internet ? Wikileaks, DNS and the Internet commons ? ICE and the Internet ? SOPA and Internet freedom ? Intermediary liability and ACTA ? The sleeping Internet giant awakes Imagine a world where YouTube, Flickr, Facebook or Twitter had never been created due to the cost of regulatory compliance. Imagine an Internet where any website where users can upload text, pictures or video is liable for copyrighted material uploaded to it. Imagine a world where the addresses to those websites could not be found using search engines like Google and Bing, even if you typed them in directly. Imagine an Internet split into many sections, depending upon where you lived, where a user's request to visit another website was routed through an addressing system that could not be securely authenticated. Imagine a world where a government could require that a website hosting videos of a bloody revolution be taken down because it also hosted clips from a Hollywood movie. Imagine that it's 2012, and much of that world has come to pass after President Obama has signed into law an anti-online piracy bill that Congress enacted in a rare show of bipartisan support. In an election year, after all, would Congress and the President risk being seen as "soft on cybercrime?" Yes, the examples above represent worst-case scenarios, but unfortunately, they're grounded in reality. In a time when the American economy needs to catalyze innovation to compete in a global marketplace, members of the United States Congress have advanced legislation that could lead to precisely that landscape. The Stop Online Piracy Act "is a bill that would eviscerate the predictable legal environment created by the DMCA [Digital Millennium Copyright Act], subjecting online innovators to a new era of uncertainty and risk," said David Sohn, senior policy counsel at the Center for Democracy and Technology (CDT) in Washington, D.C., in a statement. "It would force pervasive scrutiny and surveillance of Internet users' online activities. It would chill the growth of social media and conscript every online platform into a new role as content police. And it would lay the groundwork for an increasingly balkanized Internet, directly undercutting U.S. foreign policy advocacy in support of a single, global, open network." The names of the "Stop Online Piracy Act (H.R. 3261) and "PROTECT IP Act" (S. 968) make it clear what they're meant to do: protect the intellectual property of content creators against online piracy. What they would do, if enacted and signed into law, is more contentious. SOPA is "really a Trojan horse that might be better named the Social Media Surveillance Act," said Leslie Harris, CEO of CDT, in a press conference. "Expect it to have a devastating effect on social media content and expression." To ground the potential issue in familiar examples, the Electronic Frontier Foundation (EFF) explained how SOPA could affect Etsy, Flickr and Vimeo. Don't use those sites? OK. Substitute eBay, Instagram and YouTube. Or the next generation of online innovation. Let's be clear: online piracy and the theft of intellectual property are serious problems for the global media. Nor is piracy something that legislators, regulators, publishers or members of the media should condone. Given that context, this legislation has strong support from an industry coalition of content creators, including labor unions, artists guilds, movie studios and television networks. Those pro-legislation constituencies do have their supporters. Andrew Keen wrote at TechCrunch that the "death of the Internet was exaggerated," disparaging the claims of the organizations, individuals and experts who have come out against the bills. Scott Cleland argued at Forbes, that this "anti-piracy legislation will become law," citing the scope of IP theft and the need to address it by some means. Neither of these commentators, however, addressed the significant technical, legal and security concerns that persist around the provisions in SOPA and the PROTECT IP Act. The drafters of SOPA apply several enforcement mechanisms to combat online piracy. There's broad support for measures to restrict revenues that support sites that distribute copyrighted material or child pornography. The most controversial provision of the bills centers on the use of the domain name system as a means to prevent people from accessing sites hosting infringing content. The Stop Online Privacy Act goes further than the Protect IP Act in a number of important ways, and it mirrors provisions in other acts. Nate Anderson wrote at Ars Technica that the House takes the Senate's bad Internet censorship bill and make it worse. The CDT recommends a more focused "follow-the-money" approach "narrowly targeting clear bad actors and drying up their financial lifeblood, could reduce online infringement without risking so much damage to Internet openness, innovation, and security," said Sohn. "Fighting large-scale infringement is an important goal. But SOPA would do far too much collateral damage to innovation, online expression, and privacy. Congress needs to listen to the full range of stakeholders and seriously rethink how it should address the problem of online infringement." Significant legal and technical concerns persist about SOPA and the PROTECT IP Act. CDT has a useful SOPA summary that clearly explains these issues. Sohn joined with Andrew McDiarmid to write an editorial in the Atlantic that says SOPA is a "dangerous bill that would threaten legitimate websites." < - BIG SNIP - > http://radar.oreilly.com/2011/11/sopa-protectip.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 29 06:56:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Nov 2011 07:56:58 -0500 Subject: [Infowarrior] - Privacy about to punted again when 'balanced' against need for govt spying Message-ID: <8106E603-F216-4639-92CC-4C4CA26C5000@infowarrior.org> Privacy about to punted again when 'balanced' against need for govt spying There was talk about balancing privacy against the online spying needs of governments and that this surveillance and tracking should not bother you if you've done nothing wrong and have nothing to hide. Balance? Bite me. By Ms. Smith on Mon, 11/28/11 - 3:34pm. http://www.networkworld.com/community/blog/privacy-about-punted-again-when-balanced-agai With the cyber-world such as it is now, constant breaches because companies are careless and lax about protecting our personal information, it might be true what the Office of Inadequate Security pointed out, "Maybe all companies should add 'check Pastebin' to their daily security to-do list." As if there's not enough personal info dumped about us all to invade privacy, any time there is talk about security and you hear the word 'balance' being used, citizens' privacy is about to be punted. This time it was in regard to online spying as being tracked by the government is, it would have you believe, for our own good to monitor and to stop all those potential terrorists and cybercrooks, not so it can build up massive databases with secret watchlists. Such is the case of 'balancing privacy' against many different governments needing to track people's online activities. At ZDNet Asia, Elle Todd, media, communications and technology group partner at law firm Olswang Asia, noted "most citizens would accept that surveillance is an important part of law enforcement" when limited to "justifiable circumstances" and not when being spied upon "just in case" you are some kind of terrorist scum or cybercrook. The ZDNet article mentions Singapore-based Shawn Lee who was asked to take down a blog post and complied, saying "I haven't done anything wrong [and] I have nothing to hide, so it is fine that the government is tracking me." This is where I could not disagree more; this entire concept of not objecting to privacy invasion if you have "nothing to hide" and have "done nothing wrong" makes me want to bite someone. Most of us don't want to live with unlimited surveillance and there are bad seeds and rogues in law enforcement who misuse and abuse their surveillance access to check on someone who has caught their attention. The wired/wireless world is setup to be anonymity-busting as it is, and full-pipe monitoring and mapping has been around for a very long time. It's ludicrous that valuing your privacy and civil liberties, freedom from snooping, would imply a person has something to hide or that objecting to such online spying means you are up to illicit or nefarious activities. The desire to be as anonymous as possible, which really is a contradiction when online, does not imply a person is a cyber-creep. Wired's David Kravets nailed it, "We're paranoid not because we have grandiose notions of our self-importance, but because the facts speak for themselves." While I disagree with innocent people's private info floating around as a result of whacking companies and dumping data in the war against white hats, if a person were to sail over to The Pirate Bay and actually peruse this torrent, it's not too hard to get behind the publishing of surveillance guidelines aimed at us all. Cryptome and Public Intelligence have also published the online spying guides that regular folks aren't supposed to know about, spying that is to be 'balanced' against citizens' privacy. Remember the FBI's claim of 'going dark'? Yeah right, about anything accessed via Windows machines like system and user data and apps, networking, Windows Internet-related data and logs from chat programs, IE or email [PDF] can be snooped through. Besides Big Brother in your browser, the treasure-trove of data we store in the cloud, and cell phone provider data storage, what more might be needed by law enforcement? BIOS password spying [PDF], Skype Log Files [PDF], Firefox Password Spying [PDF], iPod snooping [PDF], iChat [PDF], numerous iPhone guides, or magicJack surveillance [PDF]? There's also spy guides for MSN [PDF], Gmail 1 [PDF] and 2 [PDF], Facebook [PDF], Verizon [PDF], Time Warner Cable [PDF], Yahoo chat [PDF], World of Warcraft [PDF], Blizzard [PDF], or AOL [PDF]. It goes on and on; it's not that it's new by any means, simply that it seems endless and there's talk of finding balance between spying for security reasons and your rights. Don't be surprised in the least to see these companies throwing around DMCA notices just as Microsoft did at Cryptome over the Microsoft Online Services Global Criminal Compliance Handbook (zip). I don't think most people are "ok" with surveillance or censorship. The wise ones know enough to have their hackles raise when security is "balanced" against privacy concerns. When you hear 'balance' you are about to lose more civil liberties and have your privacy punted for your own protection of course. Yeah, yeah yeah security theater, surveillance, and the constant erosion of privacy and civil liberty rights shouldn't bother you if you've done nothing wrong and have nothing to hide. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 29 07:17:39 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Nov 2011 08:17:39 -0500 Subject: [Infowarrior] - "Battlefield USA" Message-ID: <02FB9DE0-5351-4E5D-928D-C255BB8A29DD@infowarrior.org> (McCain and Grahmn were out with a WaPo op-ed on Sunday defending their proposal. Also of interest is that this "policy" is wrapped up inside a "must-pass" bill that always draws on forced patriotism to encourage votess on the Hill....after all, nobody dares to be seen as 'not supporting the troops' right? It's the same trick used to enact REAL ID into law a few years ago .... tucking it into a defence authorisation bill that folks were scared to vote against it no matter what it contained -- rick) Battlefield US: Americans face arrest as war criminals under Army state law Get short URL email story to a friend print version Published: 29 November, 2011, 04:21 Edited: 29 November, 2011, 16:35 http://rt.com/usa/news/senate-mccain-battlefield-graham-429/ America is opening up a new warfront and it?s in your own backyard. It?s in your neighbor?s house, it?s three states over and it?s on the other side of the Mississippi. That?s what a new legislation could lead to and the consequences are dire and constitutionally damning. The United States Senate is set to vote this week on a bill that would categorize the entire USA as a ?battlefield,? allowing law enforcement duties to be dished out by the American Military, who in turn could detain any US citizen as a war criminal ? even coming into their own homes to issue arrests. The National Defense Authorization Act regularly comes before Congress for changes and additions, but the latest provision, S. 1867, proves to be the most powerful one yet in raping constitutional freedoms from Americans. Move over, Patriot Act. Should S. 1867 pass, lawmakers could conjure the text to keep even regular citizens detained indefinitely by their own military. Sen. Lindsey Graham (R-S.C.), a supporter of the bill, has explicitly stated that the passing of S. 1867 would ?basically say in law for the first time that the homeland is part of the battlefield? and could lead to the detention of citizens without charge or trial, writes Chris Anders of the American Civil Liberties Union?s Washington office. Sen. Kelly Ayotte (R-N.H) sits on the same side of the aisle and agrees wholeheartedly. ?America is part of the battlefield,? says the lawmaker. America?s Military is already operating in roughly 200 countries, dishing out detention and executions to citizens of other nations. As unrest erupts on the country?s own soil amid a recession, economic collapse and protests in hundreds of cities from coast-to-coast, is it that much of a surprise that lawmakers finally want to declare the US a warzone? Maybe not, but if the Senate has their way, the consequential could be detrimental to the US Constitution. ?The Senate is going to vote on whether Congress will give this president ? and every future president ? the power to order the military to pick up and imprison without charge or trial civilians anywhere in the world,? adds Anders. ?The power is so broad that even US citizens could be swept up by the military and the military could be used far from any battlefield, even within the United States itself.? ?American citizens and people picked up on American or Canadian or British streets being sent to military prisons indefinitely without even being charged with a crime. Really? Does anyone think this is a good idea? And why now?? asks Anders. Just like its supporters, the provision has attracted its share of critics as well. The Obama administration has threatened to veto the bill if it makes its way through Congress, but given the president?s poor standing among the American public (his disapproval rating is at its highest ever in recent polling), a hawkish Republican could usurp Obama as commander-in-chief as the 2012 election is less than a year away and the unemployment level stays stagnant and sad. With the exception of Congressman Ron Paul, the frontrunners currently vying for the Republican Party?s nomination for the presidency have remained outspoken in their support for not just increasing American military presence overseas at a time when the Pentagon?s budget dwarfs many governmental sectors, but in adding provisions to the Patriot Act itself to further remove freedoms from the people. During last week?s GOP debate televised on CNN, former House speaker Newt Gingrich said that the country must ?try to find that balancing act between our individual liberties and security.? That same night, pizzaman Herman Cain said suspected terrorists should be killed before identified and former Pennsylvania Senator Rick Santorum suggested that Muslims should be profiled by the American government because, ?obviously,? they are the group ?that are most likely to be committing these crimes,? speaking broadly of his assumption of those that construct terrorist attacks. ?I have a personal belief that you never have to give up liberty for security. You can still provide security without sacrificing our Bill of Rights,? responded Rep. Paul. ?You can prevent crimes by becoming a police state . . . So if you advocate the police state, yes, you can have safety and security and you might prevent a crime, but the crime then will be against the American people and against our freedoms.? Sen. Mark Udall (D-Colo.) has already aligned himself as an opponent of the legislation, but needs to garner the backing of others if he wants to keep Congress from enacting the provision. ?One section of these provisions, section 1031, would be interpreted as allowing the military to capture and indefinitely detain American citizens on US soil,? the Senator said in a speech last month. ?Section 1031 essentially repeals the Posse Comitatus Act of 1878 by authorizing the US military to perform law enforcement functions on American soil. That alone should alarm my colleagues on both sides of the aisle, but there are other problems with these provisions that must be resolved.? Udall isn?t the only one on Capitol Hill that has seen a problem with the provision, which was developed under shady circumstances. The text itself was drafted in secrecy in a closed-door meeting by US Sen. Carl Levin, D-Michigan, and Sen. John McCain, R-Arizona, two of the biggest names in Washington. No hearing was held to discuss the details and it was passed in a closed-door committee meeting, reports Infowar?s Paul Joseph Watson. Watson continues to conjure up a list of characteristics that the Department of Homeland Security have identified as traits of domestic terrorism, calling into question past maneuvers from the government that led to those owning guns, buying gold and even donating to charity being considered America?s enemy. At last week?s debate, Ron Paul added that ?It?s anybody associated with organizations, which means almost anybody can be loosely associated,? referring to how the government can use its discretion ? or lack thereof ? to bring terrorism charges against its own people. Calling into question the recent execution of two Americans with alleged ties to Al-Qaeda, Paul added, ?So, that makes all Americans vulnerable, and now we know American citizens are vulnerable to assassination.? The provision itself passed in the House all the way back in May, and only now is going before the Senate. Justin Amash, a Republican representative from Cascade Township, was one of the five House Republicans that voted against it. ?It is destructive of our Constitution,? he writes on his Facebook page. It would ?permit the federal government to indefinitely detain American citizens on American soil, without charge or trial, at the discretion of the president.? Given that the passing of the provision would allow for legally lengthy and questionable detention, it becomes bizarre why Sen. McCain, a former prisoner of war, would pen such a bill. McCain was imprisoned in North Vietnam for over five years in a camp where he was detained and tortured before entering American politics. ?The president should not have the authority to determine whether the Constitution applies to you, no matter what the allegations,? adds Amash, who also writes, ?Note that it does not preclude US citizens from being detained indefinitely, without charge or trial, it simply makes such detention discretionary. ?Please urge your Senators to oppose these outrageous provisions.? As a solution, Sen. Udall has offered a counter act, being dubbed the Udall Amendment, that would keep S. 1867 from its critical consequences and would instead require lawmakers to examine the necessity of detaining citizens domestically, and instead would make Congress consider whether any detention legislation is needed at all. In the meantime, Anders and ACLU are calling on Americans to voice their concerns to the US Senate. As political posturing keeps the country divided and the branches of government fight to find a solution to the crumbling economy, infrastructure ? and now the Constitution ? a solution to this problem is only the tip of the iceberg when it comes to the assaults on Americans that is underway. From rforno at infowarrior.org Tue Nov 29 07:26:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Nov 2011 08:26:48 -0500 Subject: [Infowarrior] - Elvis Costello: Steal This Record (blasts his record label) Message-ID: <99BD2FB6-FDB5-4B42-BA76-361E6E672722@infowarrior.org> Steal This Record http://www.elviscostello.com/news/steal-this-record/254 A Pastoral Address From The Right Reverend Jimmy Quickly There was a time when the release of a new title by your favourite record artist was a cause for excitement and rejoicing but sadly no more. 6th December 2011 sees the issue of ?The Return Of The Spectacular Spinning Songbook? by Elvis Costello and the Imposters. This beautifully designed compendium contains all manner of whimsical scribblings, photographs and cartoons, together with some rock and roll music and vaudevillian ballads. Tape and celluloid were rolling at the Wiltern Theater, Los Angeles in April this year and present a vivid snapshot of the early days of the Spectacular Spinning Songbook show on ?The Revolver Tour? of 2011. The live recording finds the Imposters in rare form, while the accompanying motion picture blueprints the wilder possibilities of the show, as it made its acclaimed progress across the United States throughout the year. Unfortunately, we at www.elviscostello.com find ourselves unable to recommend this lovely item to you as the price appears to be either a misprint or a satire. All our attempts to have this number revised have been fruitless but rather than detain you with tedious arguments about morality, panache and book-keeping - when there are really bigger fish to filet these days - we are taking the following unusual step. If you should really want to buy something special for your loved one at this time of seasonal giving, we can whole-heartedly recommend, ?Ambassador Of Jazz? - a cute little imitation suitcase, covered in travel stickers and embossed with the name ?Satchmo? but more importantly containing TEN re-mastered albums by one of the most beautiful and loving revolutionaries who ever lived ? Louis Armstrong. The box should be available for under one hundred and fifty American dollars and includes a number of other tricks and treats. Frankly, the music is vastly superior. If on the other hand you should still want to hear and view the component parts of the above mentioned elaborate hoax, then those items will be available separately at a more affordable price in the New Year, assuming that you have not already obtained them by more unconventional means. Tickets are currently on-sale for the Spectacular Spinning Songbook appearances in the U.S., U.K. and Europe during April, May and June in the Spring of 2012. More dates will be announced in the very near future. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 29 07:30:30 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Nov 2011 08:30:30 -0500 Subject: [Infowarrior] - Dueling Senate op-eds regarding detention policy changes Message-ID: Defense bill offers balance in dealing with detainees By Carl Levin and John McCain, Published: November 27 http://www.washingtonpost.com/opinions/defense-bill-offers-balance-in-dealing-with-detainees/2011/11/27/gIQAf2Qn2N_print.html Defense bill gives military too much responsibility for detainees By Mark Udall, Published: November 28 http://www.washingtonpost.com/opinions/defense-bill-gives-military-too-much-responsibility-for-detainees/2011/11/28/gIQAbbAO6N_print.html Mark Udall's floor speech against the detention policy changes: (h/t MC) http://www.youtube.com/watch?v=2q7_Dd7FUi4&feature=youtu.be --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 29 07:51:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Nov 2011 08:51:04 -0500 Subject: [Infowarrior] - Mori: Internment specter raises ugly head in forgetful U.S. Senate Message-ID: <1FE6A51C-4B87-474B-9F35-836CF0BF1B91@infowarrior.org> http://www.mercurynews.com/opinion/ci_19413004 S. Floyd Mori: Internment specter raises ugly head in forgetful U.S. Senate By S. Floyd Mori Special to the Mercury News Posted: 11/27/2011 08:00:00 PM PST The oldest generation of Japanese-Americans, those whose earliest memories were of their lives and families being upended by internment without charge or trial in concentration camps during World War II, at least take comfort in the hope that America is now committed to never inflicting that experience on any other group of Americans or immigrants. But our trust in that commitment is being shaken by a bill poised to go to the Senate floor that could once again authorize indefinite detention without charge of American citizens and others now living peacefully in our country. We have reason to believe in the commitment of Americans to say never again to indefinite detention. In 1988, the Civil Liberties Act officially declared that the Japanese-American internment had been a "grave injustice" that had been "carried out without adequate security reasons." In other words, the indefinite detention of Japanese-Americans during World War II was not only wrong, but unnecessary. A bill on the Senate floor raises the question of whether the Senate has forgotten our history. S. 1253, the National Defense Authorization Act, has a provision in it, unfortunately drafted by Sens. Carl Levin, D-Mich., and John McCain, R-Ariz., that would let any U.S. president use the military to arrest and imprison without charge or trial anyone suspected of having any relationship with a terrorist organization. Although Sen. Dianne Feinstein, D-Calif., and more than a dozen of her colleagues are bravely calling for a halt to a damaging bill, they face significant opposition. The troubling provision, Section 1031, would let the military lock up both Americans and noncitizens in the 50 states. There would be no charges, no trial, no proof beyond a reasonable doubt. All that would be required would be suspicion. Although the details of the indefinite detentions of Japanese-Americans during World War II and the proposed indefinite detentions of terrorism suspects may differ, the principle remains the same: Indefinite detentions based on fear-driven and unlawfully substantiated national security grounds, where individuals are neither duly charged nor fairly tried, violate the essence of U.S. law and the most fundamental values upon which this country was built. As the measures to indefinitely detain Japanese-Americans during World War II have been deemed a colossal wrong, the same should be true of modern indefinite detention of terrorism suspects. Our criminal justice system is more than equipped to ensure justice and security in terrorism cases, and we certainly should not design new systems to resurrect and codify tragic and illegitimate policies of the past. As our history shows, acting on fear in these situations can lead to unnecessary and unfruitful sacrifices of the most basic of American values. In the 10 years since the 9/11 attacks, Congress has shown admirable restraint in not enacting indefinite detention without charge or trial legislation. Now with the president seeking to end the current wars, the Senate must avoid repeating the mistakes of the past and protect American values before they are compromised. We cannot let fear overshadow our commitment to our most basic American values. The Senate can show that it has not forgotten the lessons of the Japanese-American internment. It should pass an amendment that has been offered by Sen. Mark Udall, D-Colo., that would remove Section 1031 from the act. This Senate should not stain that great body by bringing to the floor any detention provision that would surely be looked upon with shame and regret by future generations. S. Floyd Mori is national executive director of the Japanese American Citizens League. He wrote this for this newspaper. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 29 08:11:57 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Nov 2011 09:11:57 -0500 Subject: [Infowarrior] - =?windows-1252?q?DNS_=91Seizure=92_Takes_Out_Mega?= =?windows-1252?q?Upload?= Message-ID: DNS ?Seizure? Takes Out MegaUpload ? enigmax ? November 29, 2011 http://torrentfreak.com/dns-seizure-takes-out-megaupload-111129/ For the past 24 hours the hugely popular MegaUpload file-hosting service has been rendered inaccessible across many countries around the world. With the United States government ?Cyber Monday? domain seizures fresh in everyone?s mind, fingerpointing has been directed at the U.S. authorities. The problems, however, seem to be rooted with the site?s domain registrar since they appear to have ?seized? MegaUpload?s DNS records following a dispute. Make no mistake, the biggest entertainment companies in the world do not like file-hosting site MegaUpload. Currently the huge cyberlocker resides on the destroy-them-all SOPA-directed ?rogue site? list of the MPAA alongside The Pirate Bay. The site hasn?t gone unnoticed by the RIAA either. MegaUpload is on their list too, sandwiched between the leading torrent sites and warez forums. So given this background, particularly when viewed through the prism of the ?Cyber Monday? domain seizures, it?s hardly surprising that panic set in yesterday when MegaUpload suddenly failed to load for many people all around the world, not just for a few minutes but for hours on end and into today. The site is reported to be back up for some, but Twitter and other networks are awash with complaints that the problems are continuing. Speculation on the downtime is rife, but it appears that MegaUpload has problems with its domain registrar. At the time of writing, MegaUpload?s current DNS records as reported by Network Tools are listed as ns1.badwhoisshutdown.com and ns2.badwhoisshutdown.com. It?s unclear why the IP address listed (216.239.35.100) belongs to Google. One of the common causes of this kind of DNS diversion is when domain registrars doubt that the provided WHOIS details for a domain are correct, so they ?hijack? the DNS records to prevent the domain resolving to the correct site. In 2009, MegaUpload sister site MegaVideo suffered similar problems but eventually returned after downtime. TorrentFreak has put a request into MegaUpload for comment, but while we wait for the official response it seems clear that the problems have been massive. Right across the United States into Europe, from the Middle East to the Mediterranean, Japan, Australia, Canada, Brazil and UK, no area seems to have been unaffected. For many the site remains down even now, providing an interesting taster of what SOPA has in store should it pass. Some reports suggest that switching to Google?s DNS provides a solution to the problem, others that using one the site?s many IP addresses (http://174.140.154.23/ for example) is a better option. In the meantime the conspiracy theories will continue. Did MegaUpload?s registrar hijack the DNS over a simple WHOIS detail error? Or perhaps the ?trolls? warned about here laid some poison down for the site, or maybe there?s another more simple explanation? When we get official word from MegaUpload we?ll report back ? the AMA request on Reddit would be fun, but we doubt it will go answered. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 29 12:45:00 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Nov 2011 13:45:00 -0500 Subject: [Infowarrior] - OT: Neil DeGrasse Tyson interviewed by out-of-character Stephen Colbert Message-ID: Just a fun food-for-thought interview to brighten your day. --- rick Neil DeGrasse Tyson interviewed by out-of-character Stephen Colbert http://www.youtube.com/watch?v=YXh9RQCvxmg --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 29 16:17:27 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Nov 2011 17:17:27 -0500 Subject: [Infowarrior] - Senate defies Obama veto threat in terrorist custody vote Message-ID: Senate defies Obama veto threat in terrorist custody vote By Stephen Dinan The Washington Times Tuesday, November 29, 2011 http://www.washingtontimes.com/news/2011/nov/29/senate-defies-obama-veto-threat-terrorist-custody-/print/ Defying a veto threat from President Obama, the Senate voted Tuesday to preserve language that would give the U.S. military a crack at al Qaeda operatives captured in the U.S., even if they are American citizens. Led by Sen. Carl Levin, the Michigan Democrat who chairs the Senate Armed Services Committee, senators voted 61-37 to preserve the language that gives the military custody of al Qaeda suspects, rather than turning them over to law enforcement officials. "We are at war with al Qaeda and people determined to be part of al Qaeda should be treated as people who are at war with us," Mr. Levin said. He and Arizona Sen. John McCain, the ranking Republican on his committee, had struck a deal earlier this month on giving the military priority custody, while allowing the administration to waive that and give civilian authorities priority if it deems the waiver in the interests of national security. The White House and its Senate allies objected and tried to block the changes, instead calling for the issue to be studied further. They argued giving the military priority could complicate investigations into terrorist suspects in the U.S., and said it opens the door to indefinite military detention of U.S. citizens. "We're ignoring the advice and the input of the director of the FBI, the director of our intelligence community, the attorney general of the United States," said Sen. Mark Udall, Colorado Democrat, who led the effort to block the compromise. The White House earlier had threatened to veto the bill over the provisions, saying they amounted to an effort to micromanage the war on terror. "Any bill that challenges or constrains the president's critical authorities to collect intelligence, incapacitate dangerous terrorists and protect the nation would prompt the president's senior advisers to recommend a veto," the White House said in a statement. But 16 Democrats, one independent and 44 Republicans joined together to defy Mr. Obama's threat. Two Republicans ? Sens. Rand Paul of Kentucky and Mark Steven Kirk of Illinois ? voted to strip out the detainee language. The fight was part of a broader debate over the annual defense policy bill, which is considered one of the few must-pass pieces of legislation Congress considers each year. The House has already passed its version with strict detainee language, so the Senate vote makes it likely whatever final bill reaches the president's desk will contain the provision. ? Copyright 2011 The Washington Times, LLC. Click here for reprint permission. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 29 18:55:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Nov 2011 19:55:35 -0500 Subject: [Infowarrior] - Long Term Privacy with Forward Secrecy Message-ID: <163FB036-5A56-4C88-8E31-40E6E316C475@infowarrior.org> https://www.eff.org/deeplinks/2011/11/long-term-privacy-forward-secrecy November 29, 2011 - 4:03pm | By Parker Higgins (@thisisparker) Long Term Privacy with Forward Secrecy This week, Google activated a web privacy feature called ?forward secrecy?, becoming one of the web?s first major players to put this important component in place. It?s an important step, and other sites should follow suit. In order to understand why enabling forward secrecy is so important, it?s helpful to know how HTTPS works in the first place. HTTPS encrypts requests that your browser makes to web servers, and then encrypts the resulting pages. That makes the exchanged messages incomprehensible to anybody in between, such as your ISP or an eavesdropper. Each web server has a secret key, and only somebody with that secret key can decrypt the messages.1 That arrangement provides a basic layer of security from many online threats to your privacy. (It?s worth noting that some websites that allow HTTPS connections don?t use them by default. To tell your browser to default to encrypted connections with over 1,000 sites, you can use our Firefox extension HTTPS Everywhere.) Without forward secrecy enabled, the encrypted messages can be stored and decrypted with the private key at any time. That can lead to major issues: if your traffic has been intercepted, and the web server?s key is ever compromised, there?s no way to stop the attacker from decrypting and reading the old messages ? even years later. Forward secrecy is the way to address that threat. With forward secrecy enabled, some of the information that?s needed to decrypt those messages is ephemeral and never stored. That means that even if the secret key is compromised, only new encrypted traffic is at risk ? and if the web server operator detects the attack, they can revoke the old secret key and create a new one. This technique is already in use in other cryptographic technologies. One popular example is the Off-The-Record (OTR) messaging protocol, co-developed by 2011 EFF Pioneer Award winner Ian Goldberg. Because it uses forward secrecy, instant messages exchanged using OTR can only be decrypted with a private key at the time they are received, and encrypted messages that are intercepted and stored can never again be unscrambled and read. Other web sites have implemented HTTPS with forward secrecy before ? we have it enabled by default on https://www.eff.org/ ? but it hasn?t yet been rolled out on a site of Google?s scale. Some sites have publicly resisted implementing forward secrecy because it is more CPU intensive than standard HTTP or HTTPS. In order to address that problem, Google made improvements to the open source OpenSSL library, and has incorporated those changes into the library for anybody to use. Forward secrecy is an important step forward for web privacy, and we encourage sites, big and small, to follow Google?s lead in enabling it! 1. Technically, the web server?s secret key is used to encrypt data that becomes a new, random session key that is shared between the two parties. But because the session key is encrypted with the server key, a compromised server key can decrypt the session key, which can then decrypt the data. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Nov 29 20:22:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 29 Nov 2011 21:22:17 -0500 Subject: [Infowarrior] - US judge orders hundreds of sites "de-indexed" from Google, Facebook Message-ID: US judge orders hundreds of sites "de-indexed" from Google, Facebook http://arstechnica.com/tech-policy/news/2011/11/us-judge-orders-hundreds-of-sites-de-indexed-from-google-twitter-bing-facebook.ars By Nate Anderson | Published about 5 hours ago After a series of one-sided hearings, luxury goods maker Chanel has won recent court orders against hundreds of websites trafficking in counterfeit luxury goods. A federal judge in Nevada has agreed that Chanel can seize the domain names in question and transfer them all to US-based registrar GoDaddy. The judge also ordered "all Internet search engines" and "all social media websites"?explicitly naming Facebook, Twitter, Google+, Bing, Yahoo, and Google?to "de-index" the domain names and to remove them from any search results. The case has been a remarkable one. Concerned about counterfeiting, Chanel has filed a joint suit in Nevada against nearly 700 domain names that appear to have nothing in common. When Chanel finds more names, it simply uses the same case and files new requests for more seizures. (A recent November 14 order went after an additional 228 sites; none had a chance to contest the request until after it was approved and the names had been seized.) How were the sites investigated? For the most recent batch of names, Chanel hired a Nevada investigator to order from three of the 228 sites in question. When the orders arrived, they were reviewed by a Chanel official and declared counterfeit. The other 225 sites were seized based on a Chanel anti-counterfeiting specialist browsing the Web. That was good enough for Judge Kent Dawson to order the names seized and transferred to GoDaddy, where they would all redirect to a page serving notice of the seizure. In addition, a total ban on search engine indexing was ordered, one which neither Bing nor Google appears to have complied with yet. Missing from the ruling is any discussion of the Internet's global nature; the judge shows no awareness that the domains in question might not even be registered in this country, for instance, and his ban on search engine and social media indexing apparently extends to the entire world. (And, when applied to US-based companies like Twitter, apparently compels them to censor the links globally rather than only when accessed by people in the US.) Indeed, a cursory search through the list of offending domains turns up poshmoda.ws, a site registered in Germany. The German registrar has not yet complied with the US court order, though most other domain names on the list are .com or .net names and have been seized. The US government has made similar domain name seizures through Operation In Our Sites, grabbing US-based domains that end in .com and .net even when the sites are located abroad. Such moves by themselves would seem to do little to stop piracy in the long-term; they simply teach would-be miscreants to register future domain names in other countries. Why wait for SOPA? Law professor Venkat Balasubramani, writing about the case yesterday, sums it up eloquently: "Wow." "I'm sympathetic to the 'whack-a-mole' problem rights owners face, but this relief is just extraordinarily broad and is on shaky procedural grounds," he writes. "I'm not sure how this court can direct a registry to change a domain name's registrar of record or Google to de-list a site, but the court does so anyway. This is probably the most problematic aspect of the court's orders." Rightsholders have asked Congress to write these provisions (and a few more) into law, and they have pushed for government seizures like those from Operation In Our Sites (which just seized another batch of new domains this last weekend). But as Balasubramani points out, cases like Chanel's show that rightsholders can already get what they want from judges, and they can go after far more sites more quickly than the government. "The fight against SOPA [the Stop Online Piracy Act] may be a red herring in some ways," he notes, "since IP plaintiffs are fashioning very similar remedies in court irrespective of the legislation. Thus, even if SOPA is defeated, it may turn out to be a Pyrrhic victory?opponents may win the battle but may not have gained much as a result." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 30 07:05:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Nov 2011 08:05:11 -0500 Subject: [Infowarrior] - BUSTED! Secret app on millions of phones logs key taps Message-ID: <9A84B341-C3F8-41A9-8BB5-354772DB30C1@infowarrior.org> BUSTED! Secret app on millions of phones logs key taps By Dan Goodin in San Francisco ? Get more from this author Posted in Security, 30th November 2011 02:34 GMT http://www.theregister.co.uk/2011/11/30/smartphone_spying_app/ An Android app developer has published what he says is conclusive proof that millions of smartphones are secretly monitoring the key presses, geographic locations, and received messages of its users. In a YouTube video posted on Monday, Trevor Eckhart showed how software from a Silicon Valley company known as Carrier IQ recorded in real time the keys he pressed into a stock EVO handset, which he had reset to factory settings just prior to the demonstration. Using a packet sniffer while his device was in airplane mode, he demonstrated how each numeric tap and every received text message is logged by the software. Ironically, he says, the Carrier IQ software recorded the ?hello world? dispatch even before it was displayed on his handset. Eckhart then connected the device to a Wi-Fi network and pointed his browser at Google. Even though he denied the search giant's request that he share his physical location, the Carrier IQ software recorded it. The secret app then recorded the precise input of his search query ? again, ?hello world? ? even though he typed it into a page that uses the SSL, or secure sockets layer, protocol to encrypt data sent between the device and the servers. ?We can see that Carrier IQ is querying these strings over my wireless network [with] no 3G connectivity and it is reading HTTPS,? the 25-year-old Eckhart says. The video was posted four days after Carrier IQ withdrew legal threats against Eckhart for calling its software a ?rootkit.? The Connecticut-based programmer said the characterization is accurate because the software is designed to obscure its presence by bypassing typical operating-system functions. In an interview last week, Carrier IQ VP of Marketing Andrew Coward rejected claims the software posed a privacy threat because it never captured key presses. ?Our technology is not real time,? he said at the time. "It's not constantly reporting back. It's gathering information up and is usually transmitted in small doses.? Coward went on to say that Carrier IQ was a diagnostic tool designed to give network carriers and device manufacturers detailed information about the causes of dropped calls and other performance issues. Eckhart said he chose the HTC phone purely for demonstration purposes. Blackberrys, other Android-powered handsets, and smartphones from Nokia contain the same snooping software, he claims. The 17-minute video concluded with questions, including: ?Why does SMSNotify get called and show to be dispatching text messages to [Carrier IQ]?? and ?Why is my browser data being read, especially HTTPS on my Wi-Fi?? The Register has put the same questions to Carrier IQ, and will update this post if the company responds. ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 30 07:07:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Nov 2011 08:07:17 -0500 Subject: [Infowarrior] - GAO: Guess the Size of Fed IT Security Workforce Message-ID: http://www.govinfosecurity.com/articles.php?art_id=4285&opg=1 Guess the Size of Fed IT Security Workforce Agencies Don't Know How Many Cybersec Experts They Employ November 30, 2011 - Eric Chabrow, Executive Editor, GovInfoSecurity.com The lack of government-wide definitions for information security occupations means the agencies with the largest IT budgets don't know how many cybersecurity experts they employ. That's one finding in a Government Accountability Office report released Tuesday that details how eight surveyed agencies have taken varied steps to implement workforce planning for IT security personnel. The report, entitled Cybersecurity Human Capital: Initiatives Need Better Planning and Coordination, also revealed: ? All surveyed agencies had defined roles and responsibilities for their cybersecurity workforce, but these roles did not always align with guidelines issued by the federal Chief Information Officers Council and National Institute of Standards and Technology. ? Some agencies had few problems recruiting qualified IT security personnel while others had a hard time hiring infosec experts. One department, Veterans Affairs, said it can find qualified personnel, but once they've been trained, they leave for higher paying jobs, often with government contractors. ? Most agencies employed some form of incentives to support their IT security workforce, but none of the eight agencies had metrics to measure the effectiveness of those inducements. ? The robustness and availability of cybersecurity training and development programs varied significantly among the agencies. For example, the departments of Commerce and Defense required cybersecurity personnel to obtain certifications and fulfill continuing education requirements. Other agencies used an informal or ad hoc approach to identifying required training. None of the agencies could precisely enumerate the number of IT security personnel they employed. In fact, estimates within agencies varied widely, based on who was reporting and analyzing employment data. When GAO auditors examined the Defense Department's Federal Information Security Management Act report for 2010, they counted 87,846 employees with significant information security responsibilities. But when they reviewed the Office of Management and Budget's analysis of Defense's FISMA data, it showed 66,000 fulltime equivalent IT security employees. A much lower estimate, 18,955 infosec employees, came from the Office of Personnel Management. Similar variations can be found in data provided by other agencies. "The difficulty in identifying the size of the cybersecurity workforce is partly due to the challenge of defining a cybersecurity worker," wrote the GAO authors of the report, Gregory Wilshusen, director of information security issues, and Valerie Melvin, director of information management and human capital issues. "FISMA-related guidance asks federal agencies to track the number of personnel who have significant information security responsibilities and have received role-based security training each year," they wrote. "It is possible for an employee to perform a significant security responsibility, such as authorizing operation of a system, without that being the majority of his or her work. In addition, many employees may perform cybersecurity responsibilities as an additional duty." Need for Cybersecurity Occupational Series, or Not Since there is no federal occupational series that identifies federal cybersecurity positions, many agencies use the occupational series developed by OPM, but they generally reflect information technology - not specific IT security - occupations, such as security administration, program management and intelligence. Several agency officials told GAO that a single occupational series for cybersecurity would make collecting information on their cybersecurity workforce easier, but they and OPM said a cybersecurity occupational series would present other problems such as not accurately reflecting the non-cybersecurity work particular employees may perform that could limit their career mobility. That doesn't surprise Melissa Hathaway, who surveyed the government's cybersecurity capabilities when she led President Obama's cyberspace initiative in 2009. "The challenge is that there are a lot of different jobs associated with cybersecurity and none are necessarily binned as cyber when it comes to headcount," Hathaway said. "Jobs range from analyst, system administrator, chief information security officer, operations planner, policy coordinator, etc. They also associate with a wide range of missions: law enforcement, homeland security, critical infrastructure protection, counter-intelligence, information system security, and so on." Still, OPM officials agreed that there is no way other than creating an occupational series to allow easy identification of cybersecurity employees government-wide, yet it has no plans to create such a job series. OPM officials told GAO that determining a way to track federal cybersecurity personnel will be part of some future efforts to reform federal personnel systems. The eight agencies GAO reviewed varied in their ability to fill cybersecurity positions. Officials at four agencies told GAO that they were generally able to recruit and hire to fill needed cybersecurity positions. Officials at several agencies reported challenges in filling more technical positions, and officials at two agencies reported being under a hiring freeze. The GAO report pointed out that the federal government has begun several government-wide initiatives to enhance the federal cybersecurity workforce. The National Initiative for Cybersecurity Education, known as NICE and coordinated by NIST, includes activities to examine and more clearly define the federal cybersecurity workforce structure and roles and responsibilities, and to improve cybersecurity workforce training (see 7 Key Infosec Occupation Categories). "The initiative lacks plans defining tasks and milestones to achieve its objectives, a clear list of agency activities that are part of the initiative, and a means to measure the progress of each activity," Wilshusen and Melvin wrote. While the Federal CIO Council, NIST, Office of Personnel Management and Department of Homeland Security have taken steps to define skills, competencies, roles and responsibilities for the federal cybersecurity workforce, the GAO report said, these efforts overlap and are potentially duplicative, although officials from these agencies reported beginning to take steps to coordinate activities. Still, there is no plan to promote use of the outcomes of these efforts by individual agencies. OMB and DHS have identified several agencies to be service centers for government-wide cybersecurity training, but none of the service centers or DHS evaluates the training for duplicative content, effectiveness or extent of use by federal agencies, GAO said. The Scholarship for Service program, run by the National Science Foundation, is a small though useful source of new talent for the federal government, but the program lacks data on whether its participants remain in the government long-term, the report said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 30 07:21:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Nov 2011 08:21:49 -0500 Subject: [Infowarrior] - Fed + Other Central Banks intervene again Message-ID: <2C9F257E-B8DD-47C7-B328-415599BC44C6@infowarrior.org> Release Date: November 30, 2011 For release at 8:00 a.m. EST http://www.federalreserve.gov/newsevents/press/monetary/20111130a.htm The Bank of Canada, the Bank of England, the Bank of Japan, the European Central Bank, the Federal Reserve, and the Swiss National Bank are today announcing coordinated actions to enhance their capacity to provide liquidity support to the global financial system. The purpose of these actions is to ease strains in financial markets and thereby mitigate the effects of such strains on the supply of credit to households and businesses and so help foster economic activity. These central banks have agreed to lower the pricing on the existing temporary U.S. dollar liquidity swap arrangements by 50 basis points so that the new rate will be the U.S. dollar overnight index swap (OIS) rate plus 50 basis points. This pricing will be applied to all operations conducted from December 5, 2011. The authorization of these swap arrangements has been extended to February 1, 2013. In addition, the Bank of England, the Bank of Japan, the European Central Bank, and the Swiss National Bank will continue to offer three-month tenders until further notice. As a contingency measure, these central banks have also agreed to establish temporary bilateral liquidity swap arrangements so that liquidity can be provided in each jurisdiction in any of their currencies should market conditions so warrant. At present, there is no need to offer liquidity in non-domestic currencies other than the U.S. dollar, but the central banks judge it prudent to make the necessary arrangements so that liquidity support operations could be put into place quickly should the need arise. These swap lines are authorized through February 1, 2013. Federal Reserve Actions The Federal Open Market Committee has authorized an extension of the existing temporary U.S. dollar liquidity swap arrangements with the Bank of Canada, the Bank of England, the Bank of Japan, the European Central Bank, and the Swiss National Bank through February 1, 2013. The rate on these swap arrangements has been reduced from the U.S. dollar OIS rate plus 100 basis points to the OIS rate plus 50 basis points. In addition, as a contingency measure, the Federal Open Market Committee has agreed to establish similar temporary swap arrangements with these five central banks to provide liquidity in any of their currencies if necessary. Further details on the revised arrangements will be available shortly. U.S. financial institutions currently do not face difficulty obtaining liquidity in short-term funding markets. However, were conditions to deteriorate, the Federal Reserve has a range of tools available to provide an effective liquidity backstop for such institutions and is prepared to use these tools as needed to support financial stability and to promote the extension of credit to U.S. households and businesses. Information on Related Actions Being Taken by Other Central Banks Information on the actions to be taken by other central banks is available on the following websites: Bank of Canada Bank of England Bank of Japan (PDF) European Central Bank Swiss National Bank (PDF) Frequently Asked Questions: Foreign Currency Liquidity Swaps For media inquiries, call 202-452-2955. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 30 07:31:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Nov 2011 08:31:04 -0500 Subject: [Infowarrior] - Is Apple's Siri "pro-life?" Message-ID: http://venturebeat.com/2011/11/29/siri-and-sex-stuff/ Need an abortion, Plan B or birth control? Don?t expect Siri to help you out November 29, 2011 | Jolie O'Dell Siri, the iPhone 4S?s virtual assistant, has a puzzling new glitch ? one with significant moral and political overtones. If you ask Siri to direct you to a Planned Parenthood, you get the results you?d expect. But if you ask for an abortion clinic more generally, Siri will not return any results, even if they?re available. In some cases, Siri will even return results for ?crisis pregnancy centers? that counsel women against abortions. Similarly, if you simply say, ?Siri, I need an abortion,? Siri will respond that there are no abortion clinics nearby, even if the opposite is true and even though Siri clearly understands your intent and language. And its response proves Siri knows the term ?abortion clinic.? Siri was able to tell us that there were four Planned Parenthood locations near our downtown San Francisco location. However, when we specifically asked for abortion information, we were told nothing was available. We decided to test a range of related queries, starting with emergency contraception. Siri drew a natural-language-processing blank when it came to Plan B, the brand name for the commonly available emergency contraception pill. Apparently not having the data to interpret the phrase ?Plan B? as a brand name, it returned other local businesses containing similar words or phrases. When we asked for the product with a more general term, emergency contraception, Siri recommended nearby emergency rooms ? irrelevant, but better than nothing, we suppose. When we point-blank asked for ?the morning-after pill,? as it is also commonly called, Siri replied with, ?Ok,? and ?Is that so?? but did not offer any retailers or directions. (Judgey much?) Moving to the proactive side of the equation, Siri was able to tell us the location of drugstores where we could buy condoms. But when we asked for birth control pills, Siri said nothing was available nearby. While it?s not in our purview to offer bald-faced speculations on the reasons for these discrepancies, VentureBeat CTO Chris Peri?s professional opinion is that the supposed glitch is actually ?purposeful programming.? Peri elaborated, ?Given how well Siri interprets other requests, and that Google and Bing will give you the proper responses when doing a search, and [that Siri] offers [anti-abortion] CPC sites? this has to have been something placed in the code or taught to Siri by someone(s). If this is the case, then we have a problem here.? While Apple has been known to hand down judgements on moral issues such as pornography, we?re not certain Siri is taking any sides on a particular moral battleground. After all, it?ll still find you an escort service if you ask for a prostitute. We?ve reached out to Apple for clarification and will update you, dear readers, as soon as more information is available. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 30 07:41:15 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Nov 2011 08:41:15 -0500 Subject: [Infowarrior] - DHS Building its own TIA? Message-ID: <6AA8A38A-CAC4-4C64-888D-1D5AFF85F29B@infowarrior.org> The Department Of Homeland Security Wants All The Information It Has On You http://www.forbes.com/sites/kashmirhill/2011/11/29/department-of-homeland-security-wants-all-the-information-it-has-on-you-accessible-from-one-place/ Information sharing (or lack thereof) between intelligence agencies has been a sensitive topic in the U.S. After 9/11, there was a push to create fusion centers so that local, state, and federal agencies could share intelligence, allowing the FBI, for example, to see if the local police have anything in their files on a particular individual. Now the Department of Homeland Security wants to create its own internal fusion center so that its many agencies can aggregate the data they have and make it searchable from a central location. The DHS is calling it a ?Federated Information Sharing System? and asked its privacy advisory committee to weigh in on the repercussions at a public meeting in D.C. last month. The committee, consisting of an unpaid group of people from the world of corporate privacy as well as the civil liberty community, were asked last December to review the plan and provide feedback on which privacy protections need to be put in place when info from DHS components (which include the TSA, the Secret Service, and Immigration Services, to name a few) are consolidated. The committee raised concerns about who would get access to the data given the potentially comprehensive profile this would provide of American citizens. The committee?s recommendations are available in draft form below. DHS would not provide the original document ? a ?tasking letter? ? that it issued to the committee describing its plans. But DHS?s Immigration and Customs Enforcement division did announce this month that it had awarded a contract to Raytheon for a ?new system [that] will enhance how agencies manage, investigate, and report on law enforcement and intelligence activities by improving data sharing between multiple law-enforcement agencies,? reported Information Week. Raytheon?s work started on September 27, a week before the privacy committee got back to DHS with its draft privacy policy recommendations (available below). The committee noted that it had been given an ?aggressive timeline? by DHS on coming up with its recommendations. Better data aggregation in order to root out patterns to prevent terror attacks and enhance security is the new hotness for law enforcement (see BusinessWeek?s piece on the start-up that wants to help the CIA sort through data). But there are privacy concerns. One big assumption that the DHS privacy committee made in its reports is that officials will be searching their new awesome databanks using specific personal information (i.e., What has Kashmir Hill been up to this month?) as opposed to general patterns (i.e., Who all took the train between D.C. and New York this week?). The latter, pattern-based searches would make the DHS?s new fusion-center-like system too much like Total Information Awareness, say critics. The ACLU sent DHS a letter [pdf] this month voicing its concerns about the mingling of commercial and government databases and the potential civil liberties violations, giving an example of a person?s laptop being inspected by Customs & Border Control and then having any reports of its contents put into a profile accessible to the rest of DHS. ?Will DHS limit sharing of this information on innocent people or purge it from the system?? asks the ACLU. ? Just because an ordinary American has had an encounter with DHS does not mean that his or her movements, work history, or other data should be open to widespread scrutiny.? The ACLU urges the DHS not to ?rush into? things, but as noted about, at least one contract to lay the foundation for the system is already signed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 30 12:52:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Nov 2011 13:52:16 -0500 Subject: [Infowarrior] - iTunes flaw 'allowed government spying for 3 years' Message-ID: <94B026E7-3E73-40D9-92ED-4D159CC8CB49@infowarrior.org> Apple iTunes flaw 'allowed government spying for 3 years' By Christopher Williams, Technology Correpsondent http://www.telegraph.co.uk/technology/apple/8912714/Apple-iTunes-flaw-allowed-government-spying-for-3-years.html 1:27PM GMT 24 Nov 2011 A British company called Gamma International marketed hacking software to governments that exploited the vulnerability via a bogus update to iTunes, Apple's media player, which is installed on more than 250 million machines worldwide. The hacking software, FinFisher, is used to spy on intelligence targets? computers. It is known to be used by British agencies and earlier this year records were discovered in abandoned offices of that showed it had been offered to Egypt?s feared secret police. Apple was informed about the relevant flaw in iTunes in 2008, according to Brian Krebs, a security writer, but did not patch the software until earlier this month, a delay of more than three years. ?A prominent security researcher warned Apple about this dangerous vulnerability in mid-2008, yet the company waited more than 1,200 days to fix the flaw,? he said in a blog post. "The disclosure raises questions about whether and when Apple knew about the Trojan offering, and its timing in choosing to sew up the security hole in this ubiquitous software title." On average Apple takes just 91 days to fix security flaws after they are disclosed, Mr Krebs wrote. Francisco Amato, the Argentinian security researcher who warned Apple about the problem suggested that "maybe they forgot about it, or it was just on the bottom of their to-do list". In response to reports that FinFisher targeted iTunes, Apple has said that it works "to find and fix any issues that could compromise systems". "The security and privacy of our users is extremely important,? a spokeswoman said. This month's iTunes update 10.5.1 explained that "a man-in-the-middle attacker may offer software that appears to originate from Apple", adding that the "issue has been mitigated". Gamma International has not commented on the matter. Registered in Winchester, the firm is one of several companies that sell computer hacking services to governments. They offer "zero day" security flaws, which have not been publicly disclosed, so attempts to exploit them are unlikely to be detected by anti-virus programs. From rforno at infowarrior.org Wed Nov 30 18:05:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Nov 2011 19:05:29 -0500 Subject: [Infowarrior] - =?windows-1252?q?Comedy_of_Errors_Led_to_False_?= =?windows-1252?q?=91Water-Pump_Hack=92_Report?= Message-ID: <2D388F65-B42E-4B90-B1F1-CDCD1113ECCA@infowarrior.org> (c/o DOD, no not that one!) Exclusive: Comedy of Errors Led to False ?Water-Pump Hack? Report ? By Kim Zetter ? November 30, 2011 | ? 5:54 pm | ? Categories: Cybersecurity, Hacks and Cracks http://www.wired.com/threatlevel/2011/11/water-pump-hack-mystery-solved/ It was the broken water pump heard ?round the world. Cyberwar watchers took notice this month when a leaked intelligence memo claimed Russian hackers had remotely destroyed a water pump at an Illinois utility. The report spawned dozens of sensational stories characterizing it as the first-ever reported destruction of U.S. infrastructure by a hacker. Some described it as America?s very own Stuxnet attack. Except, it turns out, it wasn?t. Within a week of the report?s release, DHS bluntly contradicted the memo, saying that it could find no evidence that a hack occurred. In truth, the water pump simply burned out, as pumps are wont to do, and a government-funded intelligence center incorrectly linked the failure to an internet connection from a Russian IP address months earlier. Now, in an exclusive interview with Threat Level, the contractor behind that Russian IP address says a single phone call could have prevented the string of errors that led to the dramatic false alarm. ?I could have straightened it up with just one phone call, and this would all have been defused,? said Jim Mimlitz, founder and owner of Navionics Research, who helped set up the utility?s control system. ?They assumed Mimlitz would never ever have been in Russia. They shouldn?t have assumed that.? Mimlitz?s small integrator company helped set up the Supervisory Control and Data Acquisition system (SCADA) used by the Curran Gardner Public Water District outside of Springfield, Illinois, and provided occasional support to the district. His company specializes in SCADA systems, which are used to control and monitor infrastructure and manufacturing equipment. Mimlitz says last June, he and his family were on vacation in Russia when someone from Curran Gardner called his cell phone seeking advice on a matter and asked Mimlitz to remotely examine some data-history charts stored on the SCADA computer. Mimlitz, who didn?t mention to Curran Gardner that he was on vacation in Russia, used his credentials to remotely log in to the system and check the data. He also logged in during a layover in Germany, using his mobile phone. ?I wasn?t manipulating the system or making any changes or turning anything on or off,? Mimlitz told Threat Level. But five months later, when a water pump failed, that Russian IP address became the lead character in a 21st-century version of a Red Scare movie. Jim Mimlitz at the airport in Frankfurt, Germany, during a layover last June on his way to Russia. Courtesy of Jim Mimlitz. On Nov. 8, a water district employee investigating the pump failure called in a contract computer repairman to check it out. The repairman examined the logs on the SCADA system and saw the Russian IP address connecting to the system in June. Mimlitz?s username appeared in the logs next to the IP address. The water district passed the information to the Environmental Protection Agency, which governs rural water systems. ?Why we did that, I think it was just out of an abundance of caution,? says Don Craven, a water district trustee. ?If we had a problem we would have to report it to EPA eventually.? But from there, the information made its way to the Illinois Statewide Terrorism and Intelligence Center, a so-called fusion center composed of Illinois State Police and representatives from the FBI, DHS and other government agencies. Even though Mimlitz?s username was connected to the Russian IP address in the SCADA log, no one from the fusion center bothered to call him to ask if he had logged in to the system from Russia. Instead, the center released a report on Nov. 10 titled ?Public Water District Cyber Intrusion? that connected the broken water pump to the Russian log-in five months earlier, inexplicably stating that the intruder from Russia had turned the SCADA system on and off, causing the pump to burn out. ?And at that point ? all hell broke loose,? Craven said. Whoever wrote the fusion center report assumed that someone had hacked Mimlitz?s computer and stolen his credentials in order to use them to hack into Curran Gardner?s SCADA system and sabotage the water pump. It?s not clear whether it was the computer repairman or the fusion center that first jumped to this conclusion. A spokeswoman for the Illinois State Police, which is responsible for the fusion center, pointed the finger at local representatives of DHS, FBI and other agencies who are responsible for compiling information that gets released by the fusion center. ?We did not create the report,? said spokeswoman Monique Bond. ?The report is created by a number of agencies, including the Department of Homeland Security, and we basically are just the facilitator of the report. It doesn?t originate from the [fusion center] but is distributed by the [fusion center].? But DHS is pointing the finger back at the fusion center, saying if the report had been DHS-approved, six different offices would have had to sign off on it. ?Because this was an Illinois [fusion center] product, it did not undergo such a review,? a DHS official said. The report was released on a mailing list that goes to emergency management personnel and others, and found its way to Joe Weiss, managing partner of Applied Control Solutions, who wrote a blog post about it and provided information from the document to reporters. The subsequent media blitz identified the intrusion as the first real hack attack against a SCADA system in the U.S., something that Weiss and others in the security industry have been predicting would happen for years. The hack was news to Mimlitz. He put two and two together, after glancing through his phone records, and realized the Russian ?hacker? the stories were referring to was him. Teams from the FBI and DHS?s Industrial Control Systems-Cyber Emergency Response Team (ICS-CERT) subsequently arrived in Illinois to investigate the intrusion and quickly determined, after speaking with Mimlitz and examining the logs, that the fusion center report was wrong and should never have been released. ?I worked real close with the FBI and was on speakerphone with the fly-in team from CERT, and all of them were a really sharp bunch and very professional,? Mimlitz said. DHS investigators also quickly determined that the failed pump was not the result of a hack attack at all. ?The system has a lot of logging capability,? Mimlitz said. ?It logs everything. All of the logs showed that the pump failed for some electrical-mechanical reason. But it did not have anything to do with the SCADA system.? Mimlitz said there was also nothing in the logs to indicate that the SCADA system had been turned on and off. He cleared up another mystery in the fusion report as well. The report indicated that for two to three months prior to the pump failure, operators at Curran Gardner had noticed ?glitches? in their remote access system, suggesting the glitches were related to the suspected cyber intrusion. But Mimlitz said the remote access system was old and had been experiencing problems ever since it was modified by another contractor. ?They had made some modifications about a year ago that was creating problems logging in,? he said. ?It was an old computer ? and they had made network modifications that I don?t think were done correctly. I think that?s why they were seeing problems.? Joe Weiss says he?s shocked that a report like this was put out without any of the information in it being investigated and corroborated first. ?If you can?t trust the information coming from a fusion center, what is the purpose of having the fusion center sending anything out? That?s common sense,? he said. ?When you read what?s in that [report] that is a really, really scary letter. How could DHS not have put something out saying they got this [information but] it?s preliminary?? Asked if the fusion center is investigating how information that was uncorroborated and was based on false assumptions got into a distributed report, spokeswoman Bond said an investigation of that sort is the responsibility of DHS and the other agencies who compiled the report. The center?s focus, she said, was on how Weiss received a copy of the report that he should never have received. ?We?re very concerned about the leak of controlled information,? Bond said. ?Our internal review is looking at how did this information get passed along, confidential or controlled information, get disseminated and put into the hands of users that are not approved to receive that information. That?s number one.? Additional reporting by Ryan Voyles in Illinois. Kim Zetter is a senior reporter at Wired covering cybercrime, privacy, security and civil liberties. Follow @KimZetter and @ThreatLevel on Twitter. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 30 19:20:19 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Nov 2011 20:20:19 -0500 Subject: [Infowarrior] - US-China Cyber Hotline? Message-ID: US-China Cyber Hotline? By Adam Segal December 1, 2011 http://the-diplomat.com/china-power/2011/12/01/us-china-cyber-hotline/ China Daily has responded to a very detailed study Project 2049 published two weeks ago about Chinese signals intelligence and cyber reconnaissance. The response, which doesn't directly address any of the report?s specific claims about the role that the PLA General Staff Department?s Third Department plays in computer network exploitation, is essentially: those in glass houses shouldn?t throw stones. The United States may portray itself as the victim in cyberspace, ?but it is no secret that the U.S. has already developed an information warfare doctrine and has capability to make cyber attacks on other nations.? And ?the U.S. military is clearly capable of conducting offensive operations in cyberspace at any time and against any country.? This is one of the standard comebacks to U.S. claims of Chinese cyberattacks (the other being China is also a victim) and would normally not be worthy of too much attention. But this article does end with two suggestions about how China and the United States might build trust in cyberspace. The first, that the two sides should cooperate and exchange information about ?profit-driven? cyber crime, isn't much to get excited about, as it has been made several times in different fora. In November 2010, Gu Jian, head of Network Security in the Ministry of Public Security, suggested the United States and China cooperate on cases where there is ?double criminality?-- acts that are illegal in both countries. In May 2011, the EastWest Institute announced a joint agreement on battling spam. The problem, of course, is that the United States? main complaint with China is not cyber crime, but cyber espionage -- the theft of military and political secrets as well as commercial intellectual property, business plans, and corporate strategy. Mistrust will remain high unless this is tackled head on. The second suggestion of communicating during a cyber crisis so as to avoid miscommunication and escalation does seem to be a small, yet important, step forward. A couple of months ago, U.S. State Department officials told me that the Chinese were notably lukewarm about setting up a cyber hotline, perhaps because it's too reminiscent of the Cold War or because the United States and Russia are reportedly discussing a cyber hotline and the Chinese want their own thing, not a repeat of what the U.S is doing with the Russians. It may also be that the Chinese were resistant because they had no idea who should answer the phone on their end when it rang during a crisis. The Project 2049 report describes a widely distributed and stove-piped set of organizations conducting cyber operations. How closely the civilian and military leadership oversees or understands what these groups are doing and how well they might coordinate a response is an open question. Past performance in crisis management doesn't instill a great deal of confidence. It's hard not to recall Admiral Joseph Prueher's frustration that the Ministry of Foreign Affairs and the PLA wouldn't answer the phone as the EP-3 incident developed in April 2001. Discussions about a crisis hotline might seem like an obvious first step in improving relations. But if it's a sign the Chinese government is beginning to think about how to coordinate a rapid, unified response to cyber emergencies, then it is an extremely important one. Adam Segal is the Ira A. Lipman Senior Fellow for Counterterrorism and National Security Studies at the Council on Foreign Relations. He blogs at Asia Unbound, where this piece originally appeared. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Nov 30 20:39:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 30 Nov 2011 21:39:43 -0500 Subject: [Infowarrior] - White House's Totally Clueless Response To Copyright Infringement Message-ID: ....our tax dollars at work. ;( --- rick White House's Totally Clueless Response To Copyright Infringement: Call In McGruff The Crime Dog from the this-apparently-is-not-a-joke dept The White House has shown itself to be totally and completely out of touch on intellectual property issues for a while, so it should come as little surprise that it went even further into silly town, with a big White House briefing, involving IP Czar Victoria Espinel, Attorney General Eric Holder, Acting Deputy Secretary Rebecca Blank and ICE boss John (due process? what due process?) Morton to announce (I'm not kidding) that McGruff the Crime Dog was taking a bite out of "intellectual property theft." Of course, the first thing McGruff the Crime Dog (and our illustrious White House officials) might want to do is learn what the actual law says and recognize that infringement and theft are two different things. It seems like in all his "biting" out of crime, McGruff forgot that lying about what the law actually is isn't a particularly good idea. The campaign is really ridiculous, with tons of absolutely laughable statements, debunked claims and web design from a decade ago. For example, it takes the famously and thoroughly debunked (years ago!) claims that "counterfeiting and piracy costs the U.S. economy more than $250 billion in lost revenue and 750,000 jobs every year." Those numbers came from the upper end of a "stick your finger in the air" estimate from a few decades ago. And they have no bearing on reality. Even the US government in the form of the GAO has debunked these numbers. So why is the White House standing behind them? Espinel isn't stupid. She knows that these numbers are false and have been shown to be false. Why would she support a campaign based on them? The site just gets more and more full of stupid the deeper you dig. It feels like it was put together by someone with only a passing familiarity with the actual debate on copyright infringement (and one that is about 10 years out of date) and a heavy dose of US Chamber of Commerce propaganda. It's like what you'd get if you simply hired some random clueless ad agency to create the campaign -- which it appears is exactly what was done here. Take a bow, CauseWay Agency of Westport Connecticut. You bring the debate over infringement down to new lows by repeating long debunked information and stats as if it were factual. Next time, maybe find someone who actually understands these issues. Take this page of "facts" for example (complete with stock photo of a girl using a rather old ipod. Piracy of intellectual property that?s protected by copyright law is a serious crime. Not only does it rob the makers of recordings, videos, movies, games, and other creative works of the money they are entitled to, but it costs tens of thousands of people their jobs each year. It also deprives governments at all levels of tax revenue. Piracy itself is a crime, and it causes an increase in other types of crime. Gangs and organized crime groups have both been linked to the piracy of creative work. Almost everything in that paragraph is either wrong or highly misleading. Most infringement is a civil offense. Some may be criminal, but most of it is not. Implying otherwise is pretty sleazy. And someone sharing some stuff with a friend is hardly "robbing" anyone. The jobs estimates have already been debunked. The "tax" claims have also been debunked years ago, based on pretending that money not spent on content never gets spent. Worst of all? That whole thing about "linked to gangs and organized crime"? Totally and completely debunked. SSRC investigated such reports in their report that came out earlier this year and it could find no evidence to support any links to organized crime or gangs, and pointed to additional research that found "no overt references to professional organized crime groups" anywhere in relation to copyright infringement. The one key study that claimed there was such a connection was from a RAND report that involved "Decades-old stories... recycled as proof of contemporary terrorist connections, anecdotes... as evidence of wider systemic linkages, and the threshold for what counts as organized crime is set very low." In other words, there's no there there. At all. < - big debunking snip > http://www.techdirt.com/articles/20111129/15095716926/white-houses-totally-clueless-response-to-copyright-infringement-call-mcgruff-crime-dog.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.