From rforno at infowarrior.org Thu Sep 1 06:23:17 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Sep 2011 07:23:17 -0400 Subject: [Infowarrior] - MS collects phone location data without permission, says researcher Message-ID: <3B81C347-9F43-41E3-8266-A4E16C9FDFBE@infowarrior.org> Microsoft collects phone location data without permission, says researcher By: Declan McCullagh September 1, 2011 12:24 AM PDT http://news.cnet.com/8301-31921_3-20100228-281/microsoft-collects-phone-location-data-without-permission-says-researcher/ A security researcher says that Microsoft's Windows Phone 7 software can transmit your location without your explicit permission. An analysis by Samy Kamkar says that the Camera application sends the device's location--complete with latitude and longitude, a unique ID, and nearby Wi-Fi access points--to Microsoft even when the user has not given the app permission to do so. Here are more details on how it works. "The Windows Mobile operating system is clearly sending information that can lead to accurate location information of the mobile device regardless of whether the user allowed it," Kamkar wrote in an analysis made public yesterday as part of a lawsuit filed against Microsoft. Lawyers for the suit, who are seeking class action status, hired him to perform the testing. Excerpt from analysis by Samy Kamkar, which he says shows the Camera app transmitting the phone's latitude and longitude to Microsoft servers. Microsoft declined to comment to CNET. Kamkar, who once landed in legal hot water for creating a worm that garnered him a million friends on MySpace overnight in 2005, has recently focused on geolocation privacy issues, including creating a Web site that allowed people to look up the unique ID of their computer or Wi-Fi access point and see its location. Google disabled that service after a CNET article in June drew attention to privacy concerns. The privacy issue that Kamkar identified may not be huge: for one thing, there's no evidence even a single customer was harmed as a result. Second, turning off location services completely (through the phone's global settings option) should disable any transmission of geolocation data to Microsoft. Like Google, Apple, and Skyhook Wireless, Microsoft is assembling a crowdsourced database using what customers' phones can see. On the other hand, if he's right, Microsoft would be violating its own privacy pledges to customers. A Microsoft Web page says the company "surveys available Wi-Fi access points" only when "the user has allowed a particular application to access location services and the application requests location information." Microsoft has made similar statements to Congress. Kamkar says the Camera application transmits location data to Microsoft's inference.location.live.net even if the user chooses to say "no" when prompted. Concern this year over geolocation privacy began in April, when researchers showed that iPhones and iPads surreptitiously record their owner's approximate location and store the data on the device. Apple responded by calling it a "bug" and promising a fix. (See related articles.) The Seattle-based law firm Tousley Brain Stephens, which boasts of having "a national reputation for achieving exceptional results" in class action lawsuits, filed the case against Microsoft yesterday in federal district court in Washington state. Their complaint, which cites an August 1 CNET article, says "Microsoft surreptitiously forces even unwilling users into its non-stop geo-tracking program in the interest of developing its digital marketing grid." (There's no evidence, however, that Microsoft is using its geolocation database for marketing. These databases are typically used to speed up location fixes with Wi-Fi when cellular connectivity is poor.) The class action lawyers claim that Microsoft violated a federal law called the Stored Communications Act, the Electronic Communications Privacy Act, and the Washington Consumer Protection Act. From rforno at infowarrior.org Thu Sep 1 06:47:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Sep 2011 07:47:33 -0400 Subject: [Infowarrior] - Mac OS X can't properly revoke dodgy digital certificates Message-ID: Mac OS X can't properly revoke dodgy digital certificates After DigiNotar hack, many Mac OS X users are having a hard time properly revoking the company's digital certificates By Robert McMillan August 31, 2011 07:08 PM ET http://www.computerworld.com/s/article/9219669/Mac_OS_X_can_t_properly_revoke_dodgy_digital_certificates IDG News Service - A programming glitch in Apple's OS X operating system is making it hard for Mac users to tell their computers not to trust digital certificates, exacerbating an ongoing security problem with a Dutch certificate authority that was recently hacked. Mac users began reporting problems Tuesday when they tried to revoke digital certificates issued by DigiNotar, a Dutch company whose servers were compromised last month and used to issue fraudulent digital certificates. Mac users revoked the certificates on their computers, but still saw some sites that used those certificates being marked as trustworthy. Digital certificates are an important part of the way the Internet works, and are essential whenever two computers try to connect using the HTTPS protocol. The problem is that Apple's operating system does not allow users to revoke DigiNotar certificates properly, and marks some websites as trustworthy when it shouldn't. Seth Bromberger noticed the issue Tuesday afternoon. After reading a news report about DigiNotar being compromised, he decided to take matters into his own hands and revoke DigiNotar's certificates on his Mac, using Apple's Keychain software. That meant that any time he tried to visit a site signed by DigiNotar or one of its intermediaries, he should have received a warning. He didn't. A visit to DigiNotar's website soon confirmed that all kinds of HTTPS material on the page that should have been marked by his browser as untrusted looked exactly as it had before he'd revoked the certificate. "I just wanted to validate that the solution that was proposed fixed the problem. And it didn't." Most users don't revoke digital certificates themselves; they let the browser makers handle it. Chrome, Firefox and Internet Explorer have all blocked DigiNotar certificates, but Apple hasn't said what it plans to do with its Safari browser. That means that, for now, Mac Safari users will have a hard time solving the problem. Ryan Sleevi, a software developer who has contributed to Google's Chrome project, noticed the issue too. After poking around the Mac OS X source code, though, he uncovered the cause. Users can revoke a certificate using Keychain, but if they happen to visit a site that uses the more-secure Extended Validation Certificates, the Mac will accept the EV certificate even if it's been issued by a certificate authority marked as untrusted in Keychain. "When Apple thinks you're looking at an EV Cert, they check things differently," Sleevi said in an interview Wednesday. "They override some of your settings and completely disregard them." Designed as a way to reassure Web surfers that they're not being phished, Extended Validation Certificates turn the browser address bar green. They're widely used by sites that have a lot of HTTPS traffic. It's troubling that such a basic component of Internet security could have such an obvious flaw on the Mac, several security experts said Wednesday. "In a real-world sense, it probably won't affect a lot of people, but for me it's a little bit troubling that the security advice on what you're supposed to do plain doesn't work," said Jeremiah Grossman, chief technology officer with WhiteHat Security. Apple, which is often tight-lipped about anything to do with computer security, did not return messages Wednesday seeking comment. Problems with digital certificates are troubling, but they're hard for hackers to exploit. That's because even when hackers can issue a fake digital certificate -- one saying that a server set up for phishing is Gmail.com, for example -- they still need to trick their victims into visiting that server and believing it really is Gmail. For that to happen, the bad guys must take control of their victim's DNS (Domain Name System) software too, using what's known as a man-in-the-middle attack. But someone seems interested in doing this. When DigiNotar was hacked in July, security experts say the hackers issued themselves hundreds of fake digital certificates for domains including google.com, mozilla.com, yahoo.com and torproject.org. On Sunday, Google said just such an attack had been launched against users of its Gmail service, primarily targeting users in Iran. Robert McMillan covers computer security and general technology breaking news for The IDG News Service. Follow Robert on Twitter at @bobmcmillan. Robert's e-mail address is robert_mcmillan at idg.com From rforno at infowarrior.org Thu Sep 1 15:04:53 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Sep 2011 16:04:53 -0400 Subject: [Infowarrior] - DOE devises security system to thwart rampant copper thefts Message-ID: US Dept. of Energy devises security system to thwart rampant copper thefts US DOE and Oak Ridge National Laboratory use anti-cut, anti-climb fence, intrusion detection cable, cameras for anti-copper theft system By Layer 8 on Thu, 09/01/11 - 12:54pm. http://www.networkworld.com/community/blog/us-dept-energy-devises-security-system-thwart The US Department of Energy and its Oak Ridge National Laboratory have built a security system that is aimed at thwarting at least some of the copper thefts that plague utilities and other large facilities. Specifically, "ORNL, DOE, the utility and several subcontractors installed a comprehensive perimeter security system consisting of energy efficient lighting, surveillance cameras that operate in a high voltage environment and an anti-cut, anti-climb fence system with integral intrusion detection cable. The complete system protects a perimeter area of 3600 linear feet." "This security system will deter future vandalism attempts, allow security officers to conduct surveillance remotely and will automatically alert security officers of an attempt to breach the perimeter so the officers can enact a proper response," said project manager Brigham Thomas of ORNL's Global Nuclear Security Technology Division in a release. The security system installation, calibration and performance testing were completed in early 2011. Since the implementation, the substation has not reported any security issues. ORNL said the development of the anti-theft system came in response to a 2009 attempted theft of copper cable at a one of the DOE's Power Marketing Administration substations which sparked an explosion and fire that tripped three transmission lines offline. Although the utility recovered by rerouting the substation's power, other power providers have experienced blackouts and loss of service from similar copper theft attempts. The 2009 incident resulted in more than $1 million in damages, ORNL stated. Copper thefts continue to rise as the metal's value remains high. A press release from Freemont Insurance this week noted there is a direct correlation between the number of thefts and the current selling price of copper. Recently copper traded between $4.50 and $5.00 per pound. This is up almost 60% since 2007. For about 30 minutes of work, often at night, criminals can pocket about $100 by selling the metal to recyclers, if they get a large enough unit, Freemont stated. The FBI has said in the past that the rising theft of the metal is threatening the critical infrastructure by targeting electrical substations, cellular towers, telephone land lines, railroads, water wells, construction sites, and vacant homes for lucrative profits. Copper thefts have increased dramatically since 2006; and they continue to disrupt the flow of electricity, telecommunications, transportation, water supply, heating, and security and emergency services, and present a risk to public safety and national security, the FBI stated. The FBI says industry and local officials are taking countermeasures to help address the scrapper problem, but apparently much more needs to be done. For example, while a variety of physical and technological security measures have been taken there are limited resources available to enforce these laws, and a very small percentage of perpetrators are arrested and convicted. Additionally, as copper thefts are typically addressed as misdemeanors, those individuals convicted pay relatively low fines and serve short prison terms. Follow Michael Cooney on Twitter: nwwlayer8 From rforno at infowarrior.org Thu Sep 1 15:50:12 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Sep 2011 16:50:12 -0400 Subject: [Infowarrior] - =?windows-1252?q?A_Spotlight_on_=93Top_Secret_Ame?= =?windows-1252?q?rica=94?= Message-ID: <63AFED08-40E5-4E52-8746-0FAAC526BCDA@infowarrior.org> A Spotlight on ?Top Secret America? September 1st, 2011 by Steven Aftergood http://www.fas.org/blog/secrecy/2011/09/top_secret_america.html Most people can vaguely recall that there was once no U.S. Department of Homeland Security and that there was a time when you didn?t have to take your shoes off before boarding an airplane or submit to other dubious security practices. But hardly anyone truly comprehends the enormous expansion of the military, intelligence and homeland security bureaucracy that has occurred over the past decade, and the often irrational transformation of American life that has accompanied it. The great virtue of the new book ?Top Secret America? by Dana Priest and William M. Arkin (Little Brown, September 2011) is that it illuminates various facets of our secret government, lifting them from the periphery of awareness to full, sustained attention. Top Secret America, which builds on the series of stories the authors produced for the Washington Post in July 2010, delineates the contours of ?the new American security state.? Since 9/11, for example, some 33 large office complexes for top secret intelligence work have been completed in the Washington DC area, the equivalent in size of nearly three Pentagons. More than 250,000 contractors are working on top secret programs. A bewildering number of agencies ? more than a thousand ? have been created to execute security policy, including at least 24 new organizations last year alone. And so on. But the vast scale of this activity says nothing about its quality or utility. The authors, who are scrupulous in their presentation of the facts, are critical in their evaluation: ?One of the greatest secrets of Top Secret America is its disturbing dysfunction.? ?Ten years after the attacks of 9/11, more secret projects, more secret organizations, more secret authorities, more secret decision making, more watchlists, and more databases are not the answer to every problem. In fact, more has become too much.? ?It is time to close the decade-long chapter of fear, to confront the colossal sum of money that could have been saved or better spent, to remember what we are truly defending, and in doing so, to begin a new era of openness and better security against our enemies.? (From this point of view, it was disappointing to hear the former chair of the 9/11 Commission, Gov. Tom Kean, declare yesterday that ?we are not as secure as we could or should be.? We need to accelerate along the path we have been following, Gov. Kean seemed to say, not to fundamentally change course.) According to Priest and Arkin, ?The government has still not engaged the American people in an honest conversation about terrorism and the appropriate U.S. response to it. We hope our book will promote one.? Despite the sobering subject matter, Top Secret America actually makes for lively reading. It is full of the authors? remarkable insights, anecdotes and encounters. Dana Priest explored some of the physical geography of the classified world, taking elevators to unmarked floors in suburban office buildings and driving up to guard booths at secret facilities to innocently ask for information. She accompanied police in Memphis while they conducted neighborhood surveillance with newfangled automatic license plate readers. She was polygraphed at her request ? and found to be a poor liar. Bill Arkin, whose painstaking research informed the entire work (which is narrated by Priest), spent ten days in Qatar at the U.S. military facility that controls air operations in Iraq, Afghanistan and Pakistan, and somehow got himself invited to classified briefings. One question that lurks throughout the book is whether the excesses and misjudgments that constitute so much of Top Secret America can be corrected or reversed. The authors are not very optimistic, particularly since there are so many people who benefit from current arrangements, however wasteful, useless or pointless they might be. By way of illustration they cite U.S. Northern Command, the newest military command that is nominally responsible for defense of North America but in practice is largely subordinate to other agencies and organizations. ?The fact that Northern Command would even continue to exist as a major, four-star-led, geographic military command, with virtually no responsibilities, no competencies, and no unique role to fill, demonstrated the resiliency of institutions created in the wake of 9/11 and just how difficult it would be to ever actually shrink Top Secret America,? they wrote. Secrecy is naturally a persistent theme throughout the book. As is often the case in national security reporting, the authors relied on unauthorized disclosures to complement their own research and reporting. And in this case, such disclosures served as a particularly effective antidote to overclassification. ?Most of those who helped us did so with the knowledge that they were breaking some internal agency rule in doing so; they proceeded anyway because they wanted us to have a more complete picture of the inner workings of the post-9/11 world we sought to describe and because they, too, believe too much information is classified for no good reason,? they wrote. At the same time, the authors noted that they ?have left out some information? based on national security considerations. Top Secret America will be featured on PBS Frontline on September 6, the book?s official release date. From rforno at infowarrior.org Thu Sep 1 18:22:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Sep 2011 19:22:20 -0400 Subject: [Infowarrior] - US regulators seek trading HFT secrets Message-ID: Exclusive: Regulators seek trading secrets http://www.reuters.com/article/2011/09/01/us-financial-regulation-algos-idUSTRE7806J420110901 7:13pm EDT By Sarah N. Lynch and Jonathan Spicer WASHINGTON/NEW YORK (Reuters) - U.S. securities regulators have taken the unprecedented step of asking high-frequency trading firms to hand over the details of their trading strategies, and in some cases, their secret computer codes. The requests for proprietary code and algorithm parameters by the Financial Industry Regulatory Authority (FINRA), a Wall Street brokerage regulator, are part of investigations into suspicious market activity, said Tom Gira, executive vice president of FINRA's market regulation unit. "It's not a fishing expedition or educational exercise. It's because there's something that's troubling us in the marketplace," he said in an interview. The Securities and Exchange Commission, meanwhile, has also begun making requests for proprietary algorithmic trading data as part of its authority to examine financial firms for compliance with U.S. regulations, according to agency officials and outside lawyers. The requests by SEC examiners are not necessarily related to any suspicions of specific wrong-doing, although the decision to ask for it can be triggered by a tip, complaint or referral. According to interviews with attorneys, traders, industry executives and regulators, the unusual requests for algo code and other computerized trading strategies really ramped up this year and have targeted stock-trading firms such as broker dealers and hedge funds. It has alarmed some traders who are afraid their "secret sauce" -- intellectual property sometimes developed over years and at great cost -- could get into the wrong hands, especially when SEC and FINRA examiners leave for the private sector. "I'd be disappointed and upset" if they asked for code, said a high-frequency trading firm executive who declined to be named. "I mean, are these people all going to work at the SEC forever?" The SEC's new focus on algo strategies will likely help inform any new structural rules the government agency applies to an electronic market, criticized by some as unstable or unfair, especially after the "flash crash" on May 6, 2010. While anything the regulators find could lead to legal action such as market manipulation suits, FINRA's effort appears more targeted at wrong-doing. FINRA, which reports to the SEC, usually focuses its requests on flawed codes in an effort to better understand how they are constructed, operate, and how they are supervised, Gira said. An unusually large wave of orders for a lightly traded stock, for example, could lead to a request, he said. "THE NEXT LEVEL" Trading code is a high-stakes secret for high-frequency firms that battle each other to earn razor-thin profits on tiny price imbalances in the market. Such firms can make thousands of trades per second and provide much liquidity to the market. High-frequency trading is estimated to be involved in more than half of all U.S. stock trading. Regulators have said the algos behind such trading were a factor in the flash crash, but that they did not cause it. Carlo di Florio, who heads the SEC's Office of Compliance, Inspections and Examinations, said the agency started asking firms for proprietary algorithmic trading data over a year ago, and has since more broadly incorporated such requests into its risk-based exams. Most of the algo-related requests, he said, have been made to hedge funds that use quantitative trading strategies. Although some lawyers and industry sources have said the SEC has asked for the actual computer code itself, di Florio said such a request is "very rare." Instead, most of the time the SEC has been asking for research papers containing sensitive information about trade reasoning and proprietary formulas. "When we go in ... we are thinking about what is the most critical information that will give us the insights we need, and often times, that is not the code itself," di Florio said in an interview. He said so-called white papers, which detail the purpose and strategy of a trading model, are often most helpful. SEC examiners want the information to ensure that hedge funds are actually using the strategies they market to investors. They also review it to make sure that algos are not being used to manipulate the market. An industry attorney said that FINRA and the SEC have also been asking firms specifically how their algos react to different market conditions, and what data feeds they use. "They've certainly taken this to the next level," the attorney said. Last year, SEC Chairman Mary Schapiro said regulators were investigating whether traders manipulated prices, encouraged volatility, or committed fraud by flooding the market with rapid-fire orders that were almost immediately canceled. FINRA, meanwhile, has made market manipulation a high priority since it fined a small firm called Trillium Brokerage Services $1 million last year for "baiting" other traders with a high volume of "illegitimate orders" in 2006 and 2007. INTELLECTUAL PROPERTY The requests by regulators for what is often considered intellectual property are making some firms nervous. Since Schapiro took the helm of the SEC in early 2009, she has pushed to revamp its enforcement and examination programs. Part of that effort is hiring outside industry experts -- some of whom will likely one day return to the private sector to work for these firms' competitors. Some high-profile industry hires include Rick Bookstaber, a former hedge fund manager who works in the SEC's Risk, Strategy and Financial Innovation Division, the SEC's "think tank" unit that often assists with exams and inspections. Other agency hires have included Erozan Kurtas, a former Standard & Poor's staffer with multiple degrees who has algo design experience, and Tim Techathuvanan, who previously worked at a hedge fund coding quantitative trading models. Although the agency currently only has about a half-dozen algo experts on staff, di Florio said he hopes to hire more people with these kinds of backgrounds -- especially as the number of firms using such automated trading strategies grows. Gira said FINRA also recently beefed up its staff to add people who better understand codes and their market impact. Underscoring the sensitivity of the matter, a former Goldman Sachs Group Inc programer, Sergey Aleynikov, was sentenced in March to eight years in prison for stealing code from the bank as he left for a job at start-up trading firm Teza Technologies. Both the SEC and FINRA said they understand that firms are concerned about confidentiality of intellectual property, noting they have policies barring employees from using sensitive information like codes to their advantage. Criminal laws also serve to deter people from stealing such data, they said. Still, one industry attorney said his client has lingering concerns that a staffer might remember something he saw in an exam and use it down the road. Even though the SEC believes it needs this algorithm information to help it police the market, many on Wall Street are still not convinced the agency will know what to do with the data. "Let's just say the good developers in the industry are being hired by the industry -- not by an SEC salary," a trader said. (Reporting by Sarah N. Lynch and Jonathan Spicer; Editing by Tim Dobbyn) From rforno at infowarrior.org Thu Sep 1 21:41:31 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Sep 2011 22:41:31 -0400 Subject: [Infowarrior] - Wikileaks releases 60GB archive Message-ID: I've not kept track of the WL story in recent months but I'm hearing that this is the vaunted "mother lode" of cables in the WL archive. If I receive more clarification/confirmation I'll pass along. -- rick http://www.twitlonger.com/show/cqpvpp Full, unencrypted, Cablegate2 archive: Cut and paste the following URL into a "magnet" compatible Bittorrent download client: magnet:?xt=urn:btih:AUHKVFRXREM7DCVK54MBDBGHQNPHLG5J Or for older Bittorrent clients: http://88.80.16.63/torrent/cablegate/cablegate-201108300212.7z.torrent The files are compressed with "7zip"(http://www.7-zip.org/) and unpack to 60Gb. If you have 60Gb or more of web-server space, unpack the material and tweet a link to it, prefixed by #wlmir IF you downlaoded the encrypted file we announced previously, you don't have to download the unencrypted torrent Instead, decrypt the encrypted file, name it cablegate-201108300212.7z and put it into your torrent client's download directory. Then tell your client to add the torrent at http://88.80.16.63/torrent/cablegate/cablegate-201108300212.7z.torrent and it will be automatically seeded. From rforno at infowarrior.org Thu Sep 1 22:42:57 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Sep 2011 23:42:57 -0400 Subject: [Infowarrior] - Spread of Leaked Cables on Web Prompts Dispute Message-ID: <4738B82C-089B-4F9F-B10E-680F79ED2827@infowarrior.org> September 1, 2011 Spread of Leaked Cables on Web Prompts Dispute By SCOTT SHANE http://www.nytimes.com/2011/09/02/us/02wikileaks.html?pagewanted=print WASHINGTON ? All 251,287 diplomatic cables obtained by WikiLeaks last year are now accessible in multiple locations on the Internet, a development that touched off a dispute on Thursday between the group and the British newspaper The Guardian about who was responsible for their release. The full publication of the cables will hugely enlarge a window on American diplomacy that first opened in November when WikiLeaks and several news organizations, including The New York Times, started publishing selected cables. The process proceeded slowly, with fewer than 20,000 cables on the Web until last week, when WikiLeaks suddenly accelerated publication and placed nearly 134,000 additional cables on its site. But the release of the unedited texts of all the cables will make meaningless past efforts by WikiLeaks and journalists to remove the names of vulnerable people in repressive countries, including activists, academics and journalists, who might face reprisals for speaking candidly to American diplomats. While no consequence more serious than dismissal from a job has been reported so far, both State Department officials and human rights advocates are concerned about the possibility that people named in the cables could face prison or worse. The cable texts were in an encrypted file that was apparently released inadvertently by WikiLeaks and subsequently copied and posted in multiple locations on the Internet. The Times confirmed Thursday that the file can be opened using a password that was included in a book about WikiLeaks published this year by David Leigh and Luke Harding of The Guardian. By Thursday night, Web sites were posting the unencrypted texts of all the cables along with tools to search the database. The postings appeared to overtake WikiLeaks, which had asked for an online vote to achieve a ?global consensus? on whether to post all the cables. The group suggested in a later Twitter message on Thursday that it was certain to post them. ?Given that the full database file is downloadable from hundreds of sites there is only one internally rational action,? the message said. A State Department spokeswoman, Victoria Nuland, said WikiLeaks has ?continued its well-established pattern of irresponsible, reckless and frankly dangerous actions.? Human rights groups last year criticized WikiLeaks and its founder, Julian Assange, after it published Afghan war documents without removing the names of Afghan citizens who were identified as providing information about the Taliban to American forces. The Taliban vowed to punish such people, but the Defense Department said this week that it was not aware of any retribution. WikiLeaks, founded in 2006 on the principle that government and corporate secrets should be disclosed, behaved far more cautiously in subsequent releases. It used software to remove proper names from Iraq war documents and worked with news organizations to redact the cables. The possibility that diplomats? sources could be harmed as a result of the release of all the unredacted cables touched off a bitter dispute over who was to blame. WikiLeaks, in a statement and Twitter messages, blamed Mr. Leigh, the investigations editor of The Guardian, who included the 58-character password as an epigraph of a chapter in his book, ?WikiLeaks: Inside Julian Assange?s War on Secrecy.? But Mr. Leigh, in an e-mail and an article on The Guardian?s Web site, said Mr. Assange had assured him when he turned over the password that it would work for only a matter of hours, so he assumed it was long obsolete by the time his book was published. In fact, the file had been inadvertently copied by a WikiLeaks worker in December and eventually spread around the Web. Jacob Harris contributed reporting from New York. From rforno at infowarrior.org Fri Sep 2 06:45:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Sep 2011 07:45:23 -0400 Subject: [Infowarrior] - What Waffle House teaches us about resiliency Message-ID: How to Measure a Storm's Fury One Breakfast at a Time Disaster Pros Look to 'Waffle House Index'; State of the Menu Gives Clue to Damage By VALERIE BAUERLEIN http://online.wsj.com/article/SB10001424053111904716604576542460736605364.html Last weekend, Waffle House restaurants in hurricane-struck communities in North Carolina rushed to reopen. The company has built a reputation as a place where, even under rough conditions, you can still get a hot meal. Valerie Bauerlein reports. WELDON, N.C.?When a hurricane makes landfall, the head of the Federal Emergency Management Agency relies on a couple of metrics to assess its destructive power. First, there is the well-known Saffir-Simpson Wind Scale. Then there is what he calls the "Waffle House Index." Green means the restaurant is serving a full menu, a signal that damage in an area is limited and the lights are on. Yellow means a limited menu, indicating power from a generator, at best, and low food supplies. Red means the restaurant is closed, a sign of severe damage in the area or unsafe conditions. "If you get there and the Waffle House is closed?" FEMA Administrator Craig Fugate has said. "That's really bad. That's where you go to work." Waffle House Inc. has 1,600 restaurants stretching from the mid-Atlantic to Florida and across the Gulf Coast, leaving it particularly vulnerable to hurricanes. Other businesses, of course, strive to reopen as quickly as possible after disasters. But the Waffle House, which spends almost nothing on advertising, has built a marketing strategy around the goodwill gained from being open when customers are most desperate. During Hurricane Irene, Waffle House lost power to 22 restaurants in North Carolina, Virginia, Maryland and Delaware. By Wednesday evening, all but one in hard-hit coastal Virginia were back in business. Hurricane Irene knocked out power in Weldon, N.C., on Saturday evening, but as the sun rose on this tobacco-farming town at 6:30 the next morning, the local Waffle House, still without electricity, was cooking up scrambled eggs and sausage biscuits. "I hadn't had a hot meal in two days, and I knew they'd be open," said Nicole Gainey, a 22-year-old secretary for a truck-repair company who drove over for breakfast. Waffle House, a privately held company based in suburban Atlanta, may be best known as a roadside stop for retirees driving south or the place where musician Kid Rock got into a brawl after a 2007 concert. Its yellow-and-black sign hasn't changed in 40 years, and its laminated menu with color photos is an intentional throwback to the heyday of the highway diner. Comedian Jim Gaffigan jokes the Waffle House "makes the IHOP seem international." The company fully embraced its post-disaster business strategy after Hurricane Katrina in 2005. Seven of its restaurants were destroyed and 100 more shut down, but those that reopened quickly were swamped with customers. The company decided to beef up its crisis-management processes. Senior executives developed a manual for opening after a disaster, bulked up on portable generators, bought a mobile command center and gave employees key fobs with emergency contacts. In a recent academic paper, Panos Kouvelis, a business-school professor at Washington University in St. Louis, pegged Waffle House as one of the top four companies for disaster response, with Wal-Mart Stores Inc., Home Depot Inc. and Lowe's Cos. Waffle House managers say sales volume can double or triple in the aftermath of a storm. The company, whose annual sales are estimated to exceed $600 million, won't discuss the costs or benefits of reopening quickly after disasters. It says its strategy is more about marketing and building goodwill than profits. "If you factor in all the resources we deploy, the equipment we lease, the extra supplies trucked in, the extra manpower we bring in, a place for them to stay, you can see we aren't doing it for the sales those restaurants generate," said Pat Warner, a member of the company's crisis-management team. Its hurricane playbook explains how to reopen a restaurant and what to serve if there is gas but no electricity, or a generator but no ice. An important element is limiting the menu so the company's supply chain can focus on keeping certain items stocked and chilled or frozen. Waffle House responded to several other disasters this year before Irene hit. After a series of deadly tornadoes tore through Alabama and Georgia in late April, one restaurant was destroyed and another 20 were without power. The ones without power all reopened within three days. In May, the two Waffle Houses in Joplin, Mo., were among the few places to stay open after the deadliest tornado in six decades tore through the area. The company began tracking Irene 10 days ago, moving ice and eggs to staging sites outside the potential damage zone. On Friday, the company's mobile command center?an RV named EM-50 after Bill Murray's urban-assault vehicle in the 1981 movie "Stripes"?headed north from the Norcross, Ga., headquarters. Power went off at the Waffle House just off Interstate 95 in Weldon on Saturday evening as Irene churned through. The restaurant kept serving until it got too dark for the grill cook to see when the food was cooked, then it shut down. It reopened the next day at dawn. The overhead lights and walk-in freezer weren't working, but the gas grill was. The cooks boiled water on the grill, then poured it through the coffee machine, over beans ground before the power went out. The district manager, Chris Barnes, handed employees copies of an emergency grill-only menu. The fare included ham-and-egg sandwiches for $3.15 and quarter-pound hamburgers for $2.70. Servers nudged customers to order sausage instead of bacon, because four sausage patties fit on the grill for every two slices of bacon. By 9 a.m., cars were lining up to get into the parking lot. At 10 a.m., the power came back on, the ceramic waffle irons were plugged in and waffles were added to the menu. Matthew Ray Booth, who lives a few miles away, came in at 4 p.m. He said he had spent two days drinking soda and eating canned pork and beans. He ordered bacon, scrambled eggs with cheese, hash browns "scattered, covered and smothered," and a glass of iced tea. "We didn't have no air, and no place to cook no food at the house," said the 69-year-old. Reggie Smith, a manager who came in from 100 miles away to help get the Weldon and nearby Roanoke Rapids restaurants up and running, gestured to customers sipping coffee Sunday afternoon, including locals who had been sleeping without air conditioning and travelers whose vacations had been disrupted. "They're displaced from their life," he said. "This is a brief bit of normal." Write to Valerie Bauerlein at valerie.bauerlein at wsj.com From rforno at infowarrior.org Fri Sep 2 06:52:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Sep 2011 07:52:46 -0400 Subject: [Infowarrior] - WL Cable: MPAA Was Behind Bogus Australian ISP Lawsuit Message-ID: Leaked State Department Cable Confirms What Everyone Already Knew: MPAA Was Behind Bogus Australian ISP Lawsuit from the pulling-the-strings dept When it comes to copyright issues, the various State Department leaks via Wikileaks have only served to confirm what pretty much everyone already knew. Earlier we'd covered revelations about US diplomatic involvement in new copyright laws in Spain, and the latest (as a bunch of you sent in) is the rather upfront admission that the MPAA was absolutely behind the decision to sue iiNet in Australia. As you may recall, the lawsuit, which was officially organized by the Australian Federation Against Copyright Theft (AFACT) along with the Australian arms of various movie studios, complained that Australian ISP iiNet didn't do enough to stop unauthorized file sharing. This was really a trial balloon of a case, because the MPAA knew damn well that blaming ISPs for the actions of their users was a tricky game to play. So, they tried to hit up iiNet from a slight tangent, sending over examples of infringement and then freaking out when iiNet didn't somehow magically stop all infringement. Of course, the reality was that this was all driven directly from the MPAA in the US and iiNet was carefully chosen as a trial balloon given its size. As Richard Chirgwin notes, iiNet got to enjoy this experience because of its "Goldilocks status. iiNet was just right: Telstra is large, loud, litigious, and possessed of significant lobbying experience; too small a target and the case risked inviting the ?bullying? perception that the MPAA was keen to avoid." < - > http://www.techdirt.com/articles/20110901/01544015760/leaked-state-department-cable-confirms-what-everyone-already-knew-mpaa-was-behind-bogus-australian-isp-lawsuit.shtml From rforno at infowarrior.org Fri Sep 2 15:56:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Sep 2011 16:56:20 -0400 Subject: [Infowarrior] - Payback time: The European Commission papers on ICANN Message-ID: Payback time: The European Commission papers on ICANN by Milton Mueller on Fri 02 Sep 2011 04:38 PM EDT | Permanent Link | ShareThis http://blog.internetgovernance.org/blog/_archives/2011/9/2/4891821.html The most notable thing about the EC Papers on ICANN is that they are designed to completely subordinate ICANN as an institution. We have not seen such a comprehensive attack by a government on ICANN since the World Summit on the Information Society. One can infer that this is payback for the Board?s decision to not treat the EC's views, expressed in its Governmental Advisory Committee (GAC), as binding instructions rather than as nonbinding advice. Most of our readers will remember that the EC?s new GAC representative, Gerard de Graaf, embarrassed himself at the June Singapore meeting by pounding his fist on the table and demanding tha the Board immediately comply with policy changes he wanted. Many of the points he made, however, were badly reasoned and revealed ignorance of the issues involved. The Board was right to depart from his advice. De Graaf should know, moreover, that the ICANN Articles and bylaws clearly specify the nonbinding status of GAC advice. Indeed, many of the GAC demands would have constituted unilateral modifications of painstakingly negotiated compromises among multiple stakeholders. Yet while the EC clearly lost the argument, it has chosen to get vindictive rather than admit a mistake. So now we have no less than six papers from the EC attacking almost every aspect of ICANN, from the growth in its staff to the new TLD program to its handling of ccTLDs. Moreover, the papers are clearly targeted at influencing the US government?s redraft of the IANA contract in ways that would be deeply unhealthy. While ICANN could certainly use some reforms, this set of attacks is just a destructive act of revenge rather than a good-faith effort to reform the organization or improve its policies. To support that assertion, IGP blog will go through the EC papers one by one, and show what a flimsy pretext they provide for what is, in reality, nothing more than an attempt by an intergovernmental entity to punish ICANN for not bowing to it. Today, we handle Paper 1 on ?Applicable Law.? Paper 1 continues de Graaf?s ill-informed attack on ICANN?s decision to permit new registries to own or operate their own registrars. The original EC correspondence shows that the EC was ignorant of the actual policy it purported to criticize. Its correspondence overlooks the fact that ICANN?s proposed policy would include a market power review, and allows for referral to antitrust authorities to make a market power determination. But there is a more fundamental flaw in Paper 1. Its underlying premise is that if ICANN chooses a policy that differs from that recommended by an EC official, then somehow it is "disregarding applicable national law." This premise is false. ICANN?s decision to adopt a different (and actually more pro-competitive) policy toward registry-registrar cross ownership does not in any way pre-empt or preclude the application of other national laws. Regardless of what ICANN decides, national authorities and transnational governmental authorities such as the EU are able to apply their laws to domain name registries and registrars who operate in their jurisdiction, if they can prove that the results of vertical integration are anti-competitive. Just as the EC has brought or threatened antitrust cases against American companies such as Intel, Microsoft or Apple, so the EC could bring antitrust cases against any domain name registrar or registry with a significant business presence in Europe if they felt that consumers were being harmed through abuses of market power. The difference, of course, is that such actions would have to follow well-specified law and procedure, and the governments would have to prove their case, not just make assertions. So this is really a dispute about policy, not about applicable law. And by the way, as a global authority ICANN cannot possibly be a surrogate for 200 different national antitrust laws. Incensed that ICANN did not suspend its long policy development process because of a few pages of superficial and uninformed speculation about the effects of cross ownership, the EC in Paper 1 complains about ?the limited possibilities that ICANN stakeholders, including governments and public authorities, have to contest ICANN Board decisions if they feel they are inconsistent with either ICANN's own by-laws or applicable law.? Paper 1 calls for ?some form of independent review mechanism.? What a joke this is. First, ICANN already has an independent review process (IRP); whoever wrote EC Paper 1 apparently doesn?t know this. The existing IRP is too expensive and limited, of course. But the EC is not making a good faith argument about the need for stronger accountability, it is just trying to lash back at ICANN because it didn?t get its way. We know that to be the case because the EC has tried to circumvent ICANN?s IRP. In 2009, a distinguished international review panel decided that ICANN failed to follow its bylaws and proper process in its decision to deny the .XXX application. So ICANN did the right thing and reversed its decision and approved the triple-X domain. But the EC, under the leadership of Neelie Kroes, asked the U.S. government to reverse that decision! Indeed, Kroes actually asked the US government to abuse its authority over root zone changes by arbitrarily refusing to enter .XXX into the root zone. How can anyone take the EC?s demand for accountability and independent review seriously when it has shown that it will seek to undermine or reverse an IRP when it doesn't get the result it wants? So much for Paper 1. Available Monday: an analysis of Paper 2, wherein the EC demands arbitrary and unlawful censorship powers over new top level domain names. From rforno at infowarrior.org Fri Sep 2 15:57:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Sep 2011 16:57:56 -0400 Subject: [Infowarrior] - Bank Suits Over Mortgages Are Filed Message-ID: <5964B71A-E7CC-4112-97FA-E288F1AC183F@infowarrior.org> September 2, 2011 Bank Suits Over Mortgages Are Filed By NELSON D. SCHWARTZ http://www.nytimes.com/2011/09/03/business/bank-suits-over-mortgages-are-filed.html Federal regulators filed suit on Friday against more than a dozen leading banks, seeking billions in compensation for huge losses suffered by Fannie Mae and Freddie Mac on mortgage-backed securities the banks assembled during the housing boom. Bank of America, Goldman Sachs, JPMorgan Chase, Deutsche Bank, Citigroup, Barclays and Morgan Stanley are among the defendants in the suits, brought by the Federal Housing Finance Agency, which oversees Fannie and Freddie. The agency?s plan to file the suits was reported on Thursday night by The New York Times. In the suit filed against Bank of America, the agency alleges that bank sold securities that ?contained materially false or misleading statements and omissions.? The company and several individual bankers named as defendants ?falsely represented that the underlying mortgage loans complied with certain underwriting guidelines and standards, including representations that significantly overstated the ability of the borrowers to repay their mortgage loans,? the suit says. Fannie Mae and Freddie Mac bought $6 billion in securities from the bank between September 2005 and November 2007. The legal action opens a broad front in a rapidly growing attempt to force the banks to pay tens of billions of dollars for helping stoke the housing bubble. It was the collapse of the housing market that helped prompt the financial crisis in 2008, and the hangover is still being felt in the housing sector as well as the broader economy. The litigation also marks a more intense effort by the federal government to go after the financial services industry for its alleged mortgage misdeeds. The Obama administration as well as regulators like the Federal Reserve have been criticized for going too easy on the banks, which benefited from a $700 billion bailout package shortly after the collapse of Lehman Brothers in the fall of 2008. Much of that money has been repaid by the banks ? but the rescue of the mortgage giants Fannie and Freddie has already cost taxpayers $153 billion, and the federal government estimates the effort could cost $363 billion through 2013. From rforno at infowarrior.org Fri Sep 2 16:00:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Sep 2011 17:00:03 -0400 Subject: [Infowarrior] - When cookies leak data Message-ID: <93452E9A-8E3B-44B3-A590-F4F2E7B0B4E1@infowarrior.org> When cookies leak data Written by Mike James Friday, 02 September 2011 11:41 We all know that cookies need to be handled with care and new research indicates that the Google search cookie has particular problems. http://www.i-programmer.info/news/149-security/2985-google-search-leaks-information.html Cookies - we programmers love them because they make it possible to turn a stateless web interaction into a stateful application. The trouble is cookies have a reputation for being evil - and perhaps they are if not managed with great care. A recent research paper from Alcatel-Lucent Bell Labs outlines in great detail how an apparently harmless session cookie can be used to find out a great deal about a user. So much so that the title of the paper is "Show me your cookie and I will tell you who you are". This is a little misleading because the paper also explains how to get hold of the cookie even if the user doesn't want to show it. The cookie in question is the Google SID cookie which is used to identify a user to a range of Google services including Search. The problem is that this cookie is used by many different services with differing security levels. For example, the SID cookie is used to personalize the search experience and keep a record of what a user searches for and even which websites they visit. This data is gathered on the basis of just the SID cookie without any further authorization, i.e. you don't have to supply a password. If you do want to examine the data they Google does ask for you to log in so the data is secure even if the cookie isn't - or is it? The paper explains first how to hijack a users SID cookie which is a fairly easy task because there are many services for which the cookie isn't considered a security risk and it is transmitted in the clear. The SID cookie is valid on the entire *.google.com domain so all you have to do is get the user to visit a spoof Google website that uses HTTP rather than HTTPS. This turns out to be fairly easy in most cases. Once the attacker has the SID cookie it at first appears to be useless because to see the users search history say or to do anything else requires authentication. This is the clever part. If the user has enabled Web Search History then any searches results are returned by Google color coded to show how many times they have been visited by the user. Performing a search using the SID cookie doesn't require authentication and by examining the color coding of the returned links you can tell if the user has visited them before. So all you have to do is perform a wide range of searches and read off where the user has visited. This is made much easier by the use of the "visited" and "social" filters. The first only returns results that have been visited and the second returns only social posts and comments made by user. Using the "Visited pages" filter and a search on the .info domain you'll discover I visit I Programmer a lot! The authors conducted an experiment to see how much data they could retrieve just using the SID cookie. To do this they extended the FireSheep add-in to capture the cookie and display the results. Ten users were asked to run the experiment. All had search history enabled and 6 of the 10 knew nothing about it before the experiments. It is estimated that 50% of Google accounts have search history enabled and many are not aware of this. Using a range of widely spread search targets .com for example with the visited filter on returns all of the .com sites that the user has visited. The experiment managed to retrieve typically between 10% and 80% of the sites that users had visited. The number of search targets was limited to avoid the user noticing the attack within their search history - although given that many were unaware that there was a search history this seems unlikely. How can you protect yourself against this information leakage? Simply use Google without logging into your account and the SID cookie isn't sent. You could also disable web search history. Alternatively always connect via a VPN. In the long run Google needs to improve the security of even the apparently harmless SID cookie so that it is always transmitted encrypted. From rforno at infowarrior.org Fri Sep 2 21:49:59 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Sep 2011 22:49:59 -0400 Subject: [Infowarrior] - Record Label Execs Suddenly Upset That False Copyright Claims Can Take Down Videos Message-ID: Record Label Execs Suddenly Upset That False Copyright Claims Can Take Down Videos from the shoulda-thought-of-that-before dept We already wrote about how a prankster used bogus copyright claims to takedown the videos of Justin Bieber on YouTube. It turns out that the mysterious prankster didn't just target Bieber, but also got videos by Lady Gaga, Rihanna and Shakira taken down. But what's funny is how some (anonymous, of course) record label execs are suddenly concerned about this process that involves taking down first and asking questions later. The article is a little strange in that it suggests a user needs to have "YouTube Partner status" to make a copyright claim. As far as I can tell that's not at all true. If it were, you'd see tons of copyright holders complaining that YouTube made them jump through hoops to be able to issue takedown notices. Either way, I'm still interested to see if the the labels actually decide to go after this guy. I'm guessing they won't, because the last thing they want to do is set a precedent over the filing of bogus DMCA takedowns. http://www.techdirt.com/articles/20110901/12350115770/record-label-execs-suddenly-upset-that-false-copyright-claims-can-take-down-videos.shtml From rforno at infowarrior.org Sat Sep 3 07:37:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 3 Sep 2011 08:37:49 -0400 Subject: [Infowarrior] - SECDEF's outrageous travel Message-ID: <20F079A9-5991-49A9-BFE9-74C80AACDF47@infowarrior.org> Wired world or not, if you accept a job of this magnitude, you move your a-- to DC and that becomes your primary residence when on Uncle Sam's paycheck. How much EXTRA is the taxpayer paying so Panetta can fly USG-owned comfy-class private-jet (plus local security escort and comms support) back and forth to the West Coast *every* weekend? Reimbursing for a coach-fare ticket is a frakking joke, too. Such utterly wasteful spending during an era of economic stringency,. The fact such a practice is APPROVED by this White House (at this time, too!) defies belief. --- rick Panetta's Commute Raises Eyebrows Los Angeles Times September 2, 2011 http://articles.latimes.com/2011/sep/01/nation/la-na-panetta-home-20110902 < - > Aides say that unless he is required to stay in Washington or travel elsewhere, Panetta will spend most weekends and days off at his 12-acre walnut farm in scenic Carmel Valley, where he and his wife, Sylvia, make their home. Panetta usually flies home late Friday and returns to Washington late Sunday, getting to work on Monday morning, his aides say. Before agreeing to run the Pentagon, he told the White House that he planned to go home frequently. His aides maintain he stays in touch while out of town. < - > Robert M. Gates, the previous defense secretary, kept a home in Washington state. Gates visited several times a year for holidays or vacation but did not go home each weekend. His predecessor, Donald H. Rumsfeld, made occasional visits to a home in Taos, N.M., when he led the Pentagon. But he mostly stayed in Washington or at his house on the nearby Chesapeake Bay. Panetta is required to fly on U.S. government aircraft, whether on official business or not, to ensure constant communication with the Pentagon and the White House in case of a national security crisis. On personal trips, like the weekend flights, Panetta is required to reimburse the Treasury for the cost of an equivalent coach fare. The actual cost of flying him is far higher -- about $3,200 per flight hour, according to the Defense Department. < - > From rforno at infowarrior.org Sat Sep 3 13:17:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 3 Sep 2011 14:17:20 -0400 Subject: [Infowarrior] - FAS publishes infamous John Yoo memo Message-ID: <84758C3E-9B7A-4B2B-86A6-AFB87C18A989@infowarrior.org> (albeit heavily heavily redacted -- but it gives a sense of the hair-splitting that took place in the lega interpretation of FISA after 9/11 and for presidential powers --- rick) Federation of American Scientists publishes infamous John Yoo memo http://www.fas.org/sgp/news/2011/08/aid-olc.pdf Highlights: intelligence gathering in direct support of military operations does not trigger constitutional rights against illegal searches and seizures. [...] A warrantless search can be constitutional "when special needs, beyond the normal need for law enforcement, make the warrant and probable-cause requirement impracticable." From rforno at infowarrior.org Sun Sep 4 09:18:13 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Sep 2011 10:18:13 -0400 Subject: [Infowarrior] - The Blast-Proof City Message-ID: <29EFD845-4EFB-41D4-81EB-EBA5529F7D6B@infowarrior.org> http://www.foreignpolicy.com/articles/2011/09/02/the_blast_proof_city?page=full The Blast-Proof City Federal buildings and monuments across the United States are now bomb-proof fortresses. But what's being lost in our relentless pursuit of total safety? BY WITOLD RYBCZYNSKI | SEPTEMBER 2, 2011 It used to be that D.C. architecture consisted of graceful Georgetown mansions, neoclassical federal buildings -- and, of course, the monuments. When the U.S. Commission of Fine Arts was founded in 1910 to guide Washington's architectural development, it reviewed designs such as those of the Lincoln Memorial and the Federal Triangle. Over the seven years I've served on the commission, however, an increasing amount of time is spent discussing security-improvement projects: screening facilities, hardened gatehouses, Delta barriers, perimeter fences, and seemingly endless rows of bollards. We used to mock an earlier generation that peppered the U.S. capital with Civil War generals on horseback; now I wonder what future generations will make of our architectural legacy of crash-resistant walls and blast-proof glass. How did we become so insecure about our buildings? Although the 9/11 attacks loom large in the public's imagination, the event that changed the way federal buildings in the United States are designed and used -- perhaps forever -- was a presidential directive issued six years prior to the attacks. Historically, U.S. presidents have shown little interest in architecture. You can count the exceptions on one hand: Franklin D. Roosevelt, who designed his own presidential library; Theodore Roosevelt, who had many architect friends and added the West Wing to the White House; and of course America's two great architect-presidents, Thomas Jefferson and George Washington. Mostly, however, presidents have preferred to leave design to designers, whether of public buildings, war memorials, or double eagles. President Bill Clinton, whose most prominent addition to the White House was a hot tub, is not known as an architecture buff. But by issuing Executive Order 12977 in October 1995, he set in motion a process that thrust politics squarely in the center of the design process. The executive order was the result of the Oklahoma City bombing. The day after the destruction of the Murrah Federal Building, which claimed 168 lives and injured more than 680 people, Clinton directed the Justice Department to assess the vulnerability of all federal facilities to acts of violence. The resulting report, prepared by a large team headed by the U.S. Marshals Service, is generally known as "The Marshals Report." To implement the report's recommendations, Executive Order 12977 established an interagency security committee charged with developing standards for all federal facilities as well as "long-term construction standards for those locations with threat levels or missions that require blast resistant structures." The Marshals Report classified all federal buildings according to rising levels of risk. The Murrah Building, which had 550 employees and housed offices of the Drug Enforcement Administration (DEA) and Bureau of Alcohol, Tobacco, Firearms and Explosives (ATF), would have been Level IV, a high-risk category that includes federal courthouses and all large federal office buildings, as well as ATF, DEA, and FBI offices. Level V is reserved for the highest-risk agencies such as the Defense Department, the CIA, and the Department of Homeland Security. Because the authors of the Marshals Report were security experts, they focused on the immediate security problem -- that is, safeguarding the occupants of federal buildings against explosives and other domestic threats. It is hard to question the good intention of protecting federal employees. As bombings in Madrid and Oslo later showed, however, terrorism does not confine itself to official targets; hardening government buildings simply moves the threat elsewhere. It is like deciding to protect only flight crew, rather than safeguarding the plane and all its passengers. The Marshals Report proposed no fewer than 52 specific criteria, which resulted in the deployment of a host of building security devices. Some, such as reinforced structure, blast-resistant glass, and hardened curtain walls, have a small impact on a building's appearance. That is not the case with perimeter security. "Depending on the facility type," the report cautions, "the perimeter may include sidewalks, parking lots, the outside walls of the building, a hallway, or simply an office door." Because truck bombs are the simplest and cheapest way of creating large detonations and given what happened in Oklahoma City, the focus has been on keeping vehicles far away from their target by creating a so-called "standoff" distance. The optimal standoff is large -- at least 100 feet -- and new buildings, such as the ATF headquarters in Washington, achieve this standoff by creating a sort of landscaped demilitarized zone between the building and the street. (Note that the Marshals Report came out at a time when the federal agency with the greatest experience of terrorism was the State Department, which had developed expertise in hardening diplomatic buildings abroad in the wake of several embassy bombings. This may explain why federal buildings are protected as if they were divorced from their surroundings and why so many federal buildings today, surrounded by barricades and layers of security, resemble foreign outposts: They're actually modeled after embassies.) But existing urban buildings are generally too near the street. The only alternative to closing a street completely -- as with Pennsylvania Avenue in front of the White House -- is to keep the potential truck bomber from driving right up to the building. This is achieved by a device that could serve as a symbol for our insecurity: the bollard. Bollards are hardly new -- Baroque Rome was full of them. But the attractive marble bollards that Bernini placed in St. Peter's Square or those that prevented carriages from driving into his fountain in the Piazza Navona are a far cry from the security bollards of today. Old bollards were typically low enough to make a convenient seat and were spaced far apart, sometimes linked by chains. Cast-iron bollards were installed by 19th-century Dutch townspeople in front of their houses, but those decorative so-called Amsterdammertjes (little Amsterdammers) were not intended to stop a speeding truck, only to discourage driving on the sidewalk. Modern post-Oklahoma City bollards are not so delicate. Designed to halt a 15,000-pound vehicle going up to 50 miles per hour, they are big: 8 to 10 inches in diameter, typically 3 feet high, and spaced no more than 4 feet apart, according to current standards. A large, block-size building might be encircled by several hundred of these oversized fireplugs. To reduce the monotony, architects have tried mixing in hardened fences, low walls, flower planters, reinforced benches, and light poles. When a security line occurs at the curb, however, as is usually the case, solid barriers are impractical because people need to be able to exit cars, so bollards remain the chief perimeter protection. Whether they are clad in stainless steel or granite, they are a visual intrusion on the streetscape; they also pose a nuisance for pedestrians and bicyclists. Some agencies don't seem to mind this intrusion, as it's an external marker of their building's strategic importance. In Washington, we've come to see the bizarre phenomenon that one federal official characterized to me as "bollard envy," where the degree of protection becomes a symbol of bureaucratic status, like a choice parking spot or a corner office. Perhaps the most egregious example is the screening center for visitors that Congress built for itself; by the time the underground facility was finished it covered half a million square feet and cost $620 million. Government officials regularly speak of integrating perimeter security "unobtrusively" into a building's design. A rare case where this has been achieved is the landscape improvement to the Washington Monument. Designed by the OLIN landscape architecture firm, the perimeter security is disguised as a set of curving stone retaining walls that are invisible from the monument and are designed for visitors to sit on. A similar retaining wall provides security for the Lincoln Memorial, but here the topography requires additional intrusive bollards as well. The security plan being designed for the Jefferson Memorial will depend on walls as well as scores of bollards. Where to put the perimeter security is a Hobson's choice: put it farther away and you need more bollards; nearer and you need fewer, but they are more visually intrusive. In either case, the experience of John Russell Pope's handsome building will hardly be enhanced. The directive to secure the Jefferson Memorial is intended to protect a precious national icon. It may end up having the opposite effect. The team that prepared the Marshals Report did not feel obliged to mention the potential architectural impact of new security standards, but simply assumed that the criteria would be met -- somehow. That "somehow," after 10 years of the war on terrorism, has generally come at the expense of aesthetics. Standards, whether they govern the precise height of bollards or the minimum dimension of standoffs, tend to be inviolable and leave little discretion to the designer. And because everyone (at least, everyone inside the same risk-class building) deserves the same level of protection, there can be no exceptions. Most building-design decisions are tradeoffs -- between cost and benefit, maintenance and durability, and appearance and performance. Yet security -- "Are you ready to risk a life?" -- brooks no compromises. And yet, if that question were to be answered by citizens instead of by security consultants, the response might be different. Most decisions regarding building security have been the result of executive-branch directives, either from the president or from department heads, rather than from Congress. These decisions are not the result of public debate. The possibility of an open discussion about security -- for example, when is too much, too much? -- is further constrained by the necessary veil of secrecy that surrounds the subject. After all, security measures are intended to foil terrorists -- whether foreign or domestic -- and revealing too many details defeats the purpose. And herein lies the problem. The design of public buildings today is usually subject to review by design boards, municipal arts councils, neighborhood associations, and various community groups. But security concerns, which can greatly affect building design, are "off the table." Instead of reasoned discussion by citizens and their representatives, debate is stifled by the unarguable pronouncements of security experts. Last year, the Supreme Court decided that the public would no longer be able to ascend Cass Gilbert's iconic marble steps to enter the Supreme Court building. Instead, visitors would be redirected to a side door leading to a screening facility. Justices Stephen Breyer and Ruth Bader Ginsburg called the change unfortunate and unjustified, and Breyer pointed out that no other high court in the world has closed its front entrance due to security concerns. He wrote that the main entrance and the front steps of the 1935 building "are not only a means to, but also a metaphor for, access to the court itself." But Breyer and Ginsberg were in the minority. Justice Anthony Kennedy, who supported the closure, told a House Appropriations subcommittee that from a security perspective, entering from the side is "mandatory." According to ABC News, Kennedy said that the court spent millions of dollars on an updated security facility, "but decided, after talking to experts, that visitors no longer should be able to enter through the main front entrance." Once more, the experts carried the day. From rforno at infowarrior.org Sun Sep 4 09:33:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Sep 2011 10:33:46 -0400 Subject: [Infowarrior] - In Classroom of Future, Stagnant Scores Message-ID: <0EDBE148-D784-4B7C-92CE-9D2831A74BF5@infowarrior.org> September 3, 2011 In Classroom of Future, Stagnant Scores http://www.nytimes.com/2011/09/04/technology/technology-in-schools-faces-questions-on-value.html By MATT RICHTEL CHANDLER, Ariz. ? Amy Furman, a seventh-grade English teacher here, roams among 31 students sitting at their desks or in clumps on the floor. They?re studying Shakespeare?s ?As You Like It? ? but not in any traditional way. In this technology-centric classroom, students are bent over laptops, some blogging or building Facebook pages from the perspective of Shakespeare?s characters. One student compiles a song list from the Internet, picking a tune by the rapper Kanye West to express the emotions of Shakespeare?s lovelorn Silvius. The class, and the Kyrene School District as a whole, offer what some see as a utopian vision of education?s future. Classrooms are decked out with laptops, big interactive screens and software that drills students on every basic subject. Under a ballot initiative approved in 2005, the district has invested roughly $33 million in such technologies. The digital push here aims to go far beyond gadgets to transform the very nature of the classroom, turning the teacher into a guide instead of a lecturer, wandering among students who learn at their own pace on Internet-connected devices. ?This is such a dynamic class,? Ms. Furman says of her 21st-century classroom. ?I really hope it works.? Hope and enthusiasm are soaring here. But not test scores. Since 2005, scores in reading and math have stagnated in Kyrene, even as statewide scores have risen. To be sure, test scores can go up or down for many reasons. But to many education experts, something is not adding up ? here and across the country. In a nutshell: schools are spending billions on technology, even as they cut budgets and lay off teachers, with little proof that this approach is improving basic learning. This conundrum calls into question one of the most significant contemporary educational movements. Advocates for giving schools a major technological upgrade ? which include powerful educators, Silicon Valley titans and White House appointees ? say digital devices let students learn at their own pace, teach skills needed in a modern economy and hold the attention of a generation weaned on gadgets. Some backers of this idea say standardized tests, the most widely used measure of student performance, don?t capture the breadth of skills that computers can help develop. But they also concede that for now there is no better way to gauge the educational value of expensive technology investments. ?The data is pretty weak. It?s very difficult when we?re pressed to come up with convincing data,? said Tom Vander Ark, the former executive director for education at the Bill and Melinda Gates Foundation and an investor in educational technology companies. When it comes to showing results, he said, ?We better put up or shut up.? And yet, in virtually the same breath, he said change of a historic magnitude is inevitably coming to classrooms this decade: ?It?s one of the three or four biggest things happening in the world today.? Critics counter that, absent clear proof, schools are being motivated by a blind faith in technology and an overemphasis on digital skills ? like using PowerPoint and multimedia tools ? at the expense of math, reading and writing fundamentals. They say the technology advocates have it backward when they press to upgrade first and ask questions later. The spending push comes as schools face tough financial choices. In Kyrene, for example, even as technology spending has grown, the rest of the district?s budget has shrunk, leading to bigger classes and fewer periods of music, art and physical education. At the same time, the district?s use of technology has earned it widespread praise. It is upheld as a model of success by the National School Boards Association, which in 2008 organized a visit by 100 educators from 17 states who came to see how the district was innovating. And the district has banked its future and reputation on technology. Kyrene, which serves 18,000 kindergarten to eighth-grade students, mostly from the cities of Tempe, Phoenix and Chandler, uses its computer-centric classes as a way to attract children from around the region, shoring up enrollment as its local student population shrinks. More students mean more state dollars. The issue of tech investment will reach a critical point in November. The district plans to go back to local voters for approval of $46.3 million more in taxes over seven years to allow it to keep investing in technology. That represents around 3.5 percent of the district?s annual spending, five times what it spends on textbooks. The district leaders? position is that technology has inspired students and helped them grow, but that there is no good way to quantify those achievements ? putting them in a tough spot with voters deciding whether to bankroll this approach again. ?My gut is telling me we?ve had growth,? said David K. Schauer, the superintendent here. ?But we have to have some measure that is valid, and we don?t have that.? It gives him pause. ?We?ve jumped on bandwagons for different eras without knowing fully what we?re doing. This might just be the new bandwagon,? he said. ?I hope not.? A Dearth of Proof The pressure to push technology into the classroom without proof of its value has deep roots. In 1997, a science and technology committee assembled by President Clinton issued an urgent call about the need to equip schools with technology. If such spending was not increased by billions of dollars, American competitiveness could suffer, according to the committee, whose members included educators like Charles M. Vest, then president of the Massachusetts Institute of Technology, and business executives like John A. Young, the former chief executive of Hewlett-Packard. To support its conclusion, the committee?s report cited the successes of individual schools that embraced computers and saw test scores rise or dropout rates fall. But while acknowledging that the research on technology?s impact was inadequate, the committee urged schools to adopt it anyhow. The report?s final sentence read: ?The panel does not, however, recommend that the deployment of technology within America?s schools be deferred pending the completion of such research.? Since then, the ambitions of those who champion educational technology have grown ? from merely equipping schools with computers and instructional software, to putting technology at the center of the classroom and building the teaching around it. Kyrene had the same sense of urgency as President Clinton?s committee when, in November 2005, it asked voters for an initial $46.3 million for laptops, classroom projectors, networking gear and other technology for teachers and administrators. Before that, the district had given 300 elementary school teachers five laptops each. Students and teachers used them with great enthusiasm, said Mark Share, the district?s 64-year-old director of technology, a white-bearded former teacher from the Bronx with an iPhone clipped to his belt. ?If we know something works, why wait?? Mr. Share told The Arizona Republic the month before the vote. The district?s pitch was based not on the idea that test scores would rise, but that technology represented the future. The measure, which faced no organized opposition, passed overwhelmingly. It means that property owners in the dry, sprawling flatlands here, who live in apartment complexes, cookie-cutter suburban homes and salmon-hued mini-mansions, pay on average $75 more a year in taxes, depending on the assessed value of their homes, according to the district. But the proof sought by President Clinton?s committee remains elusive even today, though researchers have been seeking answers. Many studies have found that technology has helped individual classrooms, schools or districts. For instance, researchers found that writing scores improved for eighth-graders in Maine after they were all issued laptops in 2002. The same researchers, from the University of Southern Maine, found that math performance picked up among seventh- and eighth-graders after teachers in the state were trained in using the laptops to teach. A question plaguing many education researchers is how to draw broader inferences from such case studies, which can have serious limitations. For instance, in the Maine math study, it is hard to separate the effect of the laptops from the effect of the teacher training. Educators would like to see major trials years in length that clearly demonstrate technology?s effect. But such trials are extraordinarily difficult to conduct when classes and schools can be so different, and technology is changing so quickly. And often the smaller studies produce conflicting results. Some classroom studies show that math scores rise among students using instructional software, while others show that scores actually fall. The high-level analyses that sum up these various studies, not surprisingly, give researchers pause about whether big investments in technology make sense. One broad analysis of laptop programs like the one in Maine, for example, found that such programs are not a major factor in student performance. ?Rather than being a cure-all or silver bullet, one-to-one laptop programs may simply amplify what?s already occurring ? for better or worse,? wrote Bryan Goodwin, spokesman for Mid-continent Research for Education and Learning, a nonpartisan group that did the study, in an essay. Good teachers, he said, can make good use of computers, while bad teachers won?t, and they and their students could wind up becoming distracted by the technology. A review by the Education Department in 2009 of research on online courses ? which more than one million K-12 students are taking ? found that few rigorous studies had been done and that policy makers ?lack scientific evidence? of their effectiveness.. A division of the Education Department that rates classroom curriculums has found that much educational software is not an improvement over textbooks. Larry Cuban, an education professor emeritus at Stanford University, said the research did not justify big investments by districts. ?There is insufficient evidence to spend that kind of money. Period, period, period,? he said. ?There is no body of evidence that shows a trend line.? Some advocates for technology disagree. Karen Cator, director of the office of educational technology in the United States Department of Education, said standardized test scores were an inadequate measure of the value of technology in schools. Ms. Cator, a former executive at Apple Computer, said that better measurement tools were needed but, in the meantime, schools knew what students needed. ?In places where we?ve had a large implementing of technology and scores are flat, I see that as great,? she said. ?Test scores are the same, but look at all the other things students are doing: learning to use the Internet to research, learning to organize their work, learning to use professional writing tools, learning to collaborate with others.? For its part, Kyrene has become a model to many by training teachers to use technology and getting their ideas on what inspires them. As Mr. Share says in the signature file at the bottom of every e-mail he sends: ?It?s not the stuff that counts ? it?s what you do with it that matters.? So people here are not sure what to make of the stagnant test scores. Many of the district?s schools, particularly those in more affluent areas, already had relatively high scores, making it a challenge to push them significantly higher. A jump in students qualifying for free or reduced-price lunches was largely a result of the recession, not a shift in the population the district serves, said Nancy Dundenhoefer, its community relations manager. Mr. Share, whose heavy influence on more than $7 million a year in technology spending has made him a power broker, said he did not think demographic changes were a good explanation. ?You could argue that test scores would be lower without the technology, but that?s a copout,? he said, adding that the district should be able to deliver some measure of what he considers its obvious success with technology. ?It?s a conundrum.? Results aside, it?s easy to see why technology is such an easy sell here, given the enthusiasm surrounding it in some classrooms. Engaging With Paper ?I start with pens and pencils,? says Ms. Furman, 41, who is short and bubbly and devours young-adult novels to stay in touch with students. Her husband teaches eighth grade in the district, and their son and daughter are both students. At the beginning of the school year, Ms. Furman tries to inspire her students at Aprende Middle School to write, a task she says becomes increasingly difficult when students reach the patently insecure middle-school years. In one class in 2009 she had them draw a heart on a piece of paper. Inside the heart, she asked them to write the names of things and people dear to them. One girl started to cry, then another, as the class shared their stories. It was something Ms. Furman doubted would have happened if the students had been using computers. ?There is a connection between the physical hand on the paper and the words on the page,? she said. ?It?s intimate.? But, she said, computers play an important role in helping students get their ideas down more easily, edit their work so they can see instant improvement, and share it with the class. She uses a document camera to display a student?s paper at the front of the room for others to dissect. Ms. Furman said the creative and editing tools, by inspiring students to make quick improvements to their writing, pay dividends in the form of higher-quality work. Last year, 14 of her students were chosen as finalists in a statewide essay contest that asked them how literature had affected their lives. ?I was running down the hall, weeping, saying, ?Get these students together. We need to tell them they?ve won!? ? Other teachers say the technology is the only way to make this generation learn. ?They?re inundated with 24/7 media, so they expect it,? said Sharon Smith, 44, a gregarious seventh-grade social studies teacher whose classroom is down the hall from Ms. Furman?s. Minutes earlier, Ms. Smith had taught a Civil War lesson in a way unimaginable even 10 years ago. With the lights off, a screen at the front of the room posed a question: ?Jefferson Davis was Commander of the Union Army: True or False?? The 30 students in the classroom held wireless clickers into which they punched their answers. Seconds later, a pie chart appeared on the screen: 23 percent answered ?True,? 70 percent ?False,? and 6 percent didn?t know. The students hooted and hollered, reacting to the instant poll. Ms. Smith then drew the students into a conversation about the answers. The enthusiasm underscores a key argument for investing in classroom technology: student engagement. That idea is central to the National Education Technology Plan released by the White House last year, which calls for the ?revolutionary transformation? of schools. The plan endorses bringing ?state-of-the art technology into learning to enable, motivate and inspire all students.? But the research, what little there is of it, does not establish a clear link between computer-inspired engagement and learning, said Randy Yerrick, associate dean of educational technology at the University of Buffalo. For him, the best educational uses of computers are those that have no good digital equivalent. As examples, he suggests using digital sensors in a science class to help students observe chemical or physical changes, or using multimedia tools to reach disabled children. But he says engagement is a ?fluffy term? that can slide past critical analysis. And Professor Cuban at Stanford argues that keeping children engaged requires an environment of constant novelty, which cannot be sustained. ?There is very little valid and reliable research that shows the engagement causes or leads to higher academic achievement,? he said. Instruct or Distract? There are times in Kyrene when the technology seems to allow students to disengage from learning: They are left at computers to perform a task but wind up playing around, suggesting, as some researchers have found, that computers can distract and not instruct. The 23 kindergartners in Christy Asta?s class at Kyrene de las Brisas are broken into small groups, a common approach in Kyrene. A handful stand at desks, others sit at computers, typing up reports. Xavier Diaz, 6, sits quietly, chair pulled close to his Dell laptop, playing ?Alien Addition.? In this math arcade game, Xavier controls a pod at the bottom of the screen that shoots at spaceships falling from the sky. Inside each ship is a pair of numbers. Xavier?s goal is to shoot only the spaceship with numbers that are the sum of the number inside his pod. But Xavier is just shooting every target in sight. Over and over. Periodically, the game gives him a message: ?Try again.? He tries again. ?Even if he doesn?t get it right, it?s getting him to think quicker,? says the teacher, Ms. Asta. She leans down next to him: ?Six plus one is seven. Click here.? She helps him shoot the right target. ?See, you shot him.? Perhaps surprisingly given the way young people tend to gravitate toward gadgets, students here seem divided about whether they prefer learning on computers or through more traditional methods. In a different class, Konray Yuan and Marisa Guisto, both 7, take turns touching letters on the interactive board on the wall. They are playing a spelling game, working together to spell the word ?cool.? Each finds one of the letters in a jumbled grid, touching them in the proper order. Marisa says there isn?t a difference between learning this way and learning on paper. Konray prefers paper, he says, because you get extra credit for good penmanship. But others, particularly older students, say they enjoy using the technology tools. One of Ms. Furman?s students, Julia Schroder, loved building a blog to write about Shakespeare?s ?As You Like It.? In another class, she and several classmates used a video camera to film a skit about Woodrow Wilson?s 14-point speech during World War I ? an approach she preferred to speaking directly to the class. ?I?d be pretty bummed if I had to do a live thing,? she said. ?It?s nerve-racking.? Teachers vs. Tech Even as students are getting more access to computers here, they are getting less access to teachers. Reflecting budget cuts, class sizes have crept up in Kyrene, as they have in many places. For example, seventh-grade classes like Ms. Furman?s that had 29 to 31 students grew to more like 31 to 33. ?You can?t continue to be effective if you keep adding one student, then one student, then one student,? Ms. Furman said. ?I?m surprised parents aren?t going into the classrooms saying ?Whoa.? ? Advocates of high-tech classrooms say computers are not intended to replace teachers. But they do see a fundamental change in the teacher?s role. Their often-cited mantra is that teachers should go from being ?a sage on the stage to a guide on the side.? And they say that, technology issues aside, class sizes can in fact afford to grow without hurting student performance. Professor Cuban at Stanford said research showed that student performance did not improve significantly until classes fell under roughly 15 students, and did not get much worse unless they rose above 30. At the same time, he says bigger classes can frustrate teachers, making it hard to attract and retain talented ones. In Kyrene, growing class sizes reflect spending cuts; the district?s maintenance and operation budget fell to $95 million this year from $106 million in 2008. The district cannot use the money designated for technology to pay for other things. And the teachers, who make roughly $33,000 to $57,000 a year, have not had a raise since 2008. Many teachers have second jobs, some in restaurants and retail, said Erin Kirchoff, president of the Kyrene Education Association, the teacher?s association. Teachers talk of being exhausted from teaching all day, then selling shoes at the mall. Ms. Furman works during the summer at the Kyrene district offices. But that job is being eliminated in 2014, and she is worried about the income loss. ?Without it, we don?t go on vacation,? she said. Money for other things in the district is short as well. Many teachers say they regularly bring in their own supplies, like construction paper. ?We have Smart Boards in every classroom but not enough money to buy copy paper, pencils and hand sanitizer,? said Nicole Cates, a co-president of the Parent Teacher Organization at Kyrene de la Colina, an elementary school. ?You don?t go buy a new outfit when you don?t have enough dinner to eat.? But she loves the fact that her two children, a fourth-grader and first-grader, are learning technology, including PowerPoint and educational games. To some who favor high-tech classrooms, the resource squeeze presents an opportunity. Their thinking is that struggling schools will look for more efficient ways to get the job done, creating an impetus to rethink education entirely. ?Let?s hope the fiscal crisis doesn?t get better too soon. It?ll slow down reform,? said Tom Watkins, the former superintendent for the Michigan schools, and now a consultant to businesses in the education sector. Clearly, the push for technology is to the benefit of one group: technology companies. The Sellers It is 4:30 a.m. on a Tuesday. Mr. Share, the director of technology at Kyrene and often an early riser, awakens to the hard sell. Awaiting him at his home computer are six pitches from technology companies. It?s just another day for the man with the checkbook. ?I get one pitch an hour,? he said. He finds most of them useless and sometimes galling: ?They?re mostly car salesmen. I think they believe in the product they?re selling, but they don?t have a leg to stand on as to why the product is good or bad.? Mr. Share bases his buying decisions on two main factors: what his teachers tell him they need, and his experience. For instance, he said he resisted getting the interactive whiteboards sold as Smart Boards until, one day in 2008, he saw a teacher trying to mimic the product with a jury-rigged projector setup. ?It was an ?Aha!? moment,? he said, leading him to buy Smart Boards, made by a company called Smart Technologies. He can make that kind of decision because he has money ? and the vendors know it. Technology companies track which districts get federal funding and which have passed tax assessments for technology, like Kyrene. This is big business. Sales of computer software to schools for classroom use were $1.89 billion in 2010. Spending on hardware is more difficult to measure, researchers say, but some put the figure at five times that amount. The vendors relish their relationship with Kyrene. ?I joke I should have an office here, I?m here so often,? said Will Dunham, a salesman for CCS Presentation Systems, a leading reseller of Smart Boards in Arizona. Last summer, the district paid $500,000 to CCS to replace ceiling-hung projectors in 400 classrooms. The alternative was to spend $100,000 to replace their aging bulbs, which Mr. Share said were growing dimmer, causing teachers to sometimes have to turn down the lights to see a crisp image. Mr. Dunham said the purchase made sense because new was better. ?I could take a used car down to the mechanic and get it all fixed up and still have a used car.? But Ms. Kirchoff, the president of the teachers? association, is furious. ?My projector works just fine,? she said. ?Give me Kleenex, Kleenex, Kleenex!? The Parents Last November, Kyrene went back to voters to ask them to pay for another seven years of technology spending in the district. The previous measure from 2005 will not expire for two years. But the district wanted to get ahead of the issue, and leave wiggle room just in case the new measure didn?t pass. It didn?t. It lost by 96 votes out of nearly 50,000 cast. Mr. Share and others here said they attributed the failure to poor wording on the ballot that made it look like a new tax increase, rather than the continuation of one. They say they will not make the same wording mistake this time. And they say the burden on taxpayers is modest. ?It?s so much bang for the buck,? said Jeremy Calles, Kyrene?s interim chief financial officer. For a small investment, he said, ?we get state-of-the-art technology.? Regardless, some taxpayers have already decided that they will not vote yes. ?When you look at the big picture, it?s hard to say ?yes, spend more on technology? when class sizes increase,? said Kameron Bybee, 34, who has two children in district schools. ?The district has made up its mind to go forward with the technologically advanced path. Come hell or high water.? Other parents feel conflicted. Eduarda Schroder, 48, whose daughter Julia was in Ms. Furman?s English class, worked on the political action committee last November to push through an extension of the technology tax. Computers, she says, can make learning more appealing. But she?s also concerned that test scores haven?t gone up. She says she is starting to ask a basic question. ?Do we really need technology to learn?? she said. ?It?s a very valid time to ask the question, right before this goes on the ballot.? From rforno at infowarrior.org Sun Sep 4 15:26:13 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Sep 2011 16:26:13 -0400 Subject: [Infowarrior] - Censoring Afghanistan Message-ID: http://www.michaelyon-online.com/censoring-afghanistan.htm Censoring Afghanistan Next > Censorship 04 September 2011 Kandahar Province, Afghanistan A message came today that a certain General has told me to unpublish "Battlefield Forensics." ?Battlefield Forensics? was first published on 18 August 2011. This dispatch violates no policies. It has cleared all OPSEC hurdles. Again today an officer told me there are no OPSEC issues with any of my dispatches. OPSEC refers to Operational Security. Unless the General contacts me directly with justifiable cause, Battlefield Forensics will stay. It would be sad to end this way an embed that began at invitation of General Petraeus. It would most likely be my final embed with the US Army. The good news is that I will finish with both legs. If the military decides to end my embed, as it did last year, the Army will not end my coverage of the war. They will merely lose the opportunity to be seen through my lens and heard through my pen. I will no longer have the opportunity to tell their side of the war. There will be backlash against me. There always is. Typically they will wait until later to put some distance between events. Please read Battlefield Forensics. http://www.michaelyon-online.com/battlefield-forensics.htm From rforno at infowarrior.org Mon Sep 5 09:46:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Sep 2011 10:46:04 -0400 Subject: [Infowarrior] - Guarding America, one golf course at a time Message-ID: <6DCD4D04-5099-44CA-8E3C-9CCBE7EE6C15@infowarrior.org> Translation: FEAR = PROFIT!!! *headdesk* After 9/11, security guard on high alert at golf course By Marc Fisher, Published: September 4 ?One,? Chris Stegherr says as he breaks his staring contest with a young doe. He?s alone out here along the Potomac River, the only light a pure white gleam of moonshine, occasionally augmented by the flashlight he keeps on his black security belt, next to his Glock 9mm, Mace and handcuffs. His mission, as he calls it, is to watch, to be here if something bad happens, to patrol these 600 acres of manicured land with the same hypervigilance he once displayed as a Marine stationed in Iraq. Stegherr?s battle zone now is a Loudoun County golf course that hugs an especially quiet stretch of the Potomac River. He earns $16 an hour guarding Trump National Golf Club, where members pay $75,000 just to join. Before 9/11, Americans did not worry so much about random acts of terrorism, but now they find comfort in knowing that more than a million security guards ? double the number in the nation?s workforce a decade ago ? patrol shopping malls and power plants and work through the night to protect public spaces. Falken Industries, a Manassas company that hired Stegherr, saw opportunity in the country?s new anxiety. In just eight years, it ballooned from zero to 150 guards, blanketing government buildings, embassies and corporate sites in Washington and its suburbs with guards trained for every conceivable disaster. The company protects bowling alleys and jewelry stores with the same kind of attention it gives its top-secret government customers. But what kind of terrorist event could happen on a golf course, where the only sounds at night are crickets or a distant firecracker? Since passenger planes were turned into weapons, obscure possibilities have abounded. Stegherr?s rounds include close attention to a fenced area near the Potomac. Inside the chain-link wire is a water-filtration system ? a piece of ?critical infrastructure,? as it is known among homeland security types ? that someone might view as a target. < - > http://www.washingtonpost.com/local/after-911-security-guard-on-high-alert-at-golf-course/2011/07/19/gIQAqhJk2J_print.html From rforno at infowarrior.org Tue Sep 6 06:30:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Sep 2011 07:30:11 -0400 Subject: [Infowarrior] - Ten Years of "Homeland Security" Message-ID: What a Difference a Decade Makes: Ten Years of "Homeland Security" Thursday 1 September 2011 by: Nancy Murray and Kade Crockford, "Ten Years Later: Surveillance in the 'Homeland'" | Special Feature http://www.truth-out.org/what-difference-decade-makes/1314126592 On August 5, 2002, President George Bush declared, "We're fighting ... to secure freedom in the homeland." Strikingly, he did not use the word "nation," or "republic," but instead adopted a term, with its Germanic overtones of blood, roots and loyalty going back generations, for a country that is not the ancestral home of most of its citizens. Soon after, the Homeland Security Act of 2002 created the massive Department of Homeland Security (DHS), an amalgam of 22 agencies and nearly 200,000 employees. The FBI and CIA remained outside the DHS, while the military, in October 2002, established its own Northern Command (NORTHCOM) to defend the "homeland." In the years since then, the full weight of government has been bent on ensuring "homeland security" - a term rarely heard before the 2001 attacks. Over the decade, the government's powers of surveillance have expanded dramatically. They are directed not just at people suspected of wrongdoing, but at all of us. Our phone calls, our emails and web site visits, our financial records, our travel itineraries, and our digital images captured on powerful surveillance cameras are swelling the mountain of data that is being mined for suspicious patterns and associations. It doesn't take much to come to the attention of the watchers, as 13-year-old Vito LaPinta discovered earlier this year. Members of the Secret Service came to his Tacoma, Washington, middle school to question him about his Facebook posting urging President Obama to be aware of the danger from suicide bombers in the wake of Osama bin Laden's assassination. The American Civil Liberties Union (ACLU) of Tennessee was no less surprised to find itself listed by the Tennessee Fusion Center on an Internet map of "Terrorism Events and other Suspicious Activity." Why? The organization had carried out a "suspicious activity" by sending a letter to the state's school superintendents encouraging them to be supportive of all religions during the holiday season. While the government has gained more and more power to watch us, we are being kept in the dark about what it is doing. Over the past decade, a new architecture of mass surveillance has been erected, and we know very little about it. Surveillance in what we term the "age of Total Information Awareness" will be the subject of our Truthout postings throughout September. After providing an overview of 20th century surveillance, we will examine both the intelligence failures that opened the door to the attacks of September 11, 2001, and the government's response. Rather than fix the obvious problems and hold specific individuals and institutions accountable, the government embarked on a radical shift in how intelligence and law enforcement agencies interact and do their work and rapidly expanded their powers. Over the decade, we have seen the emergence of a national security surveillance state, in which some 800,000 local and state operatives file reports on the most common everyday behaviors and members of the public contribute hotline tips about "suspicious" people and activities. We will trace the contours of the new domestic intelligence architecture in terms of its nationwide and regional structures and its evolving technologies, drawing upon public sources and information obtained through Freedom of Information Act (FOIA) requests and leaks. We will also describe the impact of the surveillance system on specific targets - Muslims, political activists, immigrants - as well as on the general public, and on what have long been assumed to be core American values. It is our hope that this series will help stimulate a broader debate about whether we are on the right track in the "war against terrorism." In the decade since 9/11, there has been no sustained national attempt to probe root causes behind the September 11 attacks and subsequent plots. The federal government has yet to come up with a single definition of "terrorism," and there is not even a public agreement about what constitutes a '"terrorist" attack. So cowed was the DHS by the shrill denunciation of its April 2009 report on the danger of "right-wing extremism" that it has reportedly decided to focus its attention solely on "homegrown extremism" involving Muslims - despite the fact that the Southern Poverty Law Center has compiled a long list of homegrown plots in its report, "Terror from the Right," and that the DHS itself recognizes that Muslims have had nothing to do with the majority of terrorist plots and attacks within the United States in the 21st century. Amid all these ambiguities, a new surveillance network has been steadily constructed in the shadows with the help of DHS grants. Among the questions that should be asked is this: What happens to actual public safety when "homeland security" commands the lion's share of federal funds to fight the "terrorist" threat? The statistics suggest skewed priorities. According to the FBI, terrorist incidents in the United States accounted for 3,178 deaths in the period between 1980 and 2005. Apart from those killed in the 1995 Oklahoma City bombing and the September 11, 2001 attacks, 48 people lost their lives to terrorism in that 25-year period. Within the same time frame, 500,000 people were murdered in the United States. Being listed on a terrorist watch list might keep someone from getting on an airplane - and could conceivably land an American citizen on a government assassination list - but it will not prevent that person from legally buying a weapon - or several! - at a local gun store. What kind of "homeland" will we become if we do not demand that secretive domestic surveillance operations are brought in line with longstanding principles of liberty and the Constitution? From rforno at infowarrior.org Tue Sep 6 07:18:13 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Sep 2011 08:18:13 -0400 Subject: [Infowarrior] - =?windows-1252?q?Closed=2C_Says_Google=2C_but_Sho?= =?windows-1252?q?ps=92_Signs_Say_Open?= Message-ID: September 5, 2011 Closed, Says Google, but Shops? Signs Say Open By DAVID SEGAL http://www.nytimes.com/2011/09/06/technology/closed-in-error-on-google-places-merchants-seek-fixes.html In mid-August, Jason Rule learned some surprising news about the coffee shop that he owns and operates in Hays, Kan.: the place had closed for good. Not in the real world, where it is thriving. Coffee Rules Lounge was listed for a few days as ?permanently closed? on Google Maps. During that time, anyone searching for a latte on a smartphone, for instance, would have assumed the store was a goner. ?We?re not far from Interstate 70,? said Mr. Rule, ?and I have no doubt that a lot of people running up and down that highway just skipped us.? In recent months, plenty of perfectly healthy businesses across the country have expired ? sometimes for hours, other times for weeks ? though only in the online realm cataloged and curated by Google. The reason is that it is surprisingly easy to report a business as closed in Google Places, the search giant?s version of the local Yellow Pages. On Google Places, a typical listing has the address of a business, a description provided by the owner and links to photos, reviews and Google Maps. It also has a section titled ?Report a problem? and one of the problems to report is ?this place is permanently closed.? If enough users click it, the business is labeled ?reportedly closed? and later, pending a review by Google, ?permanently closed.? Google was tight-lipped about its review methods and would not discuss them. Google?s rivals, like Bing and Yahoo, have versions of Places ? called Bing Local and Yahoo Local ? and these let users report a business as closed. But neither has anything close to Google?s traffic, which means they are the scene of far less mischief. When Google created Places it had an eminently sensible type of crowd-sourcing in mind. The site contains millions of listings, and when owners close without updating their profile, the job falls to customers to keep information current. But like any open system, this one can be abused. Search engine consultants say that ?closing? a business on Google has become an increasingly common tactic among unscrupulous competitors. ?I?d say that it was in June that we started to see a big uptick in complaints about this in online forums,? said Linda Buquet of Catalyst eMarketing in San Marcos, Calif. ?It might be that a number of consultants are now offering services like ?nuke your competitor? in Google Places. But it could just be a competitor, acting alone.? Nobody is quite sure how prevalent these sham closings have become. In Google Forums, where users can pose questions about Google?s features, there are dozens of exasperated postings like this one, written in July: ?Help! My business is listed ?PERMANENTLY CLOSED? on Google Maps even though it has always been open! Help!? But this most likely represents a fraction of viable businesses that have been cyberpadlocked. Many owners, search consultants say, have no idea that they?ve been shuttered online, and many others fix the problem without asking anyone how to solve it. A Google spokesman, Gabriel Stricker, declined to comment on whether the company kept a running tally of fraudulent closings. But he said Google was aware of the issue and was already working on changes, which will be adopted in coming days, to prevent what he called ?malicious or incorrect labeling.? ?We know that accurate listings on Google Maps are an important tool for many business owners,? he wrote in an e-mail. ?We take reports of spam and abuse very seriously and do our best to ensure the accuracy of a listing before updating it.? If there is a historical antecedent to ?closing? a company on Google, it is a dirty trick that was fairly common in 19th-century politics, wherein supporters of a candidate would spread rumors that his opponent was dead. This didn?t always work ? Thomas Jefferson prevailed in the election of 1800, despite reports of his demise ? but the Internet corollary can have terrible consequences. ?For weeks, our bookings for September have been far lower than normal and we were wondering why,? said Charlene Cowan, who owns and operates Macadamia Meadows Farm, a bed-and-breakfast in Naalehu, Hawaii, which has been tagged as ?permanently closed? for weeks. ?I can?t imagine a customer is behind this ? if someone doesn?t like their visit here, they?d complain on TripAdvisor. I can?t prove it, but this seems like something a competitor did.? The owner of a closed business, and customers who know better, can click on a button marked ?not true,? which appears by all ?reportedly closed? and ?permanently closed? listings. In some instances, owners say, a business will ?open? shortly thereafter. But other owners, like Ms. Cowan, say that the button doesn?t work, or that it takes a week to have any effect. Still others say that immediately after clicking the ?not true? button, their business is immediately ?closed? again. ?In the last four days, I?ve hit that ?not true? button every six to eight hours,? said Daniel Navejas of RBI Divorce Lawyers of El Paso. ?It?s getting old.? In mid-August, a search consultant and blogger named Mike Blumenthal was so rankled by what he considered Google?s cavalier attitude to closings on Google that he committed an act of online disobedience: He ?closed? Google?s offices in Mountain View, Calif. For a brief period, Google itself was ?reportedly closed,? according to Places. ?I did it to point out how annoying this is when it happens,? he said. On Aug. 15, Mr. Blumenthal posted a screen shot of Google?s Places page ?reportedly closed,? noting that it took just two people ? him and a friend ? to pull off this stunt. It seemed to get the company?s attention. At least one change to closings on Places has already been made. Since late August, a business that is newly tagged ?permanently closed,? receives an alert via e-mail from Google, informing the business owner of the change. Mr. Blumenthal describes this as a good start, but hardly enough. ?The company really ought to give a heads-up when a business is tagged ?reportedly closed,? ? because those words alone are often enough to put off customers, he said. ?Google doesn?t understand how much fear and discomfort businesses have about this. One company gets to decide if you?re open or closed in the online world.? Although they allow users to report a business as closed, Bing Local and Yahoo Local don?t yet seem to have as many problems. Case in point: Macadamia Meadows Farm, that bed-and-breakfast in Hawaii, is open for business, according to both Bing Local and Yahoo Local. But after weeks of e-mails and even a call or two to Mountain View, its owner, Ms. Cowan, can?t scrub the ?permanently closed? label from Google Places. ?A few days ago, I put on our Places page that we?re running a special,? she said. ?I just hope people read that and think ?Well, they must actually be open.? ? From rforno at infowarrior.org Tue Sep 6 14:50:02 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Sep 2011 15:50:02 -0400 Subject: [Infowarrior] - Wheeler: The Cost of post-9/11 Wars Message-ID: (Note: Winslow is a longtime bipartisan former defense budget staffer from Congress and 'calls it like it is' -- even if it annoys the Folks In Charge. Full bio @ http://www.cdi.org/staff/staffinfo.cfm?StaffID=81 -- rick) -----Original Message----- From: Winslow Wheeler This week, as the media runs its displays on America ten years after the 9/11 attacks, there will be references to the dollar costs. A figure some will use is the one trillion dollars President Obama cited as for the war in Iraq. That figure is a gross underestimate. The war in Iraq and its costs are inseparable from the wars in Afghanistan, Yemen, Pakistan, the Philippines, Somalia and elsewhere. Indeed, when the Defense Department seeks appropriations for them, it does not distinguish the costs by location; nor does Congress in appropriations bills. Moreover, the DOD costs are hardly the whole story: add costs in the State Department budget for aid to the governments (such as they are) of Iraq, Afghanistan, Pakistan, Yemen and elsewhere. Add also the costs to care for the US veterans of these wars. That would include the care already extended and the care now obligated for the duration of these men's and women's lives. Add to that the expanded costs of domestic security against terrorism. Add also the interest we annually pay for the deficit spending that has financed the wars. In short, if all the wars were to end today without a single penny appropriated for military operations, etc. for the upcoming fiscal year (2012), the federal costs already incurred would be from $3.2 to $3.9 trillion. If the wars were to run their course -- as currently (and optimistically) estimated by the Congressional Budget Office -- the costs (together with additional interest payments for the required deficit spending out to the year 2020) would come to an additional $1.45 trillion. All that would make a total cost from $4.7 to $5.4 trillion -- assuming everything in the future goes according to plan. See a breakout of these costs in the summary table of Brown University's Costs of War study. Find that table athttp://costsofwar.org/article/economic-cost-summary and find there links to the detailed analyses. In sum, the costs to be incurred are very roughly five times the $1 trillion President Obama has articulated. Breaking down some of these costs is also instructive. The Congressional Research Service has assiduously tracked direct appropriations for DOD (and State Department) expenses for the wars. For the period up to the end of this month (after ten years of wars), CRS records the DOD appropriations for the wars to be $1.2 trillion. (Find the latest CRS study on this athttp://www.fas.org/sgp/crs/natsec/RL33110.pdf.) However, this amount does not include an additional $600+ billion that was added to DOD's "base" (non-war) budget as a result of the wars and the politics surrounding them. In short, the direct and indirect DOD costs for the wars up to the end of this month are $1.9 trillion (in 2011 dollars), not $1.2 trillion. I performed this analysis of the DOD budget for Brown's Costs of War study; find my analysis -- and an explanation of the $1.9 trillion total -- at http://costsofwar.org/article/pentagon-budget. If you think that the DOD spending for the wars has been prudently spent, or even accurately calibrated, I urge you to read this paper. Linda Bilmes of Harvard performed an analysis of the up to $1.4 trillion cost for veterans and their families; find her analysis at http://costsofwar.org/article/caring-us-veterans. Nobel Prize winning economist Joseph Stiglitz was not one of Brown University's Costs of War analysts, but he has written incisively about both the federal and the broader economic costs of the wars. Find a summary of his analysis (and links to other useful broader economic analysis of the wars) athttp://www.slate.com/id/2302949/?wpisrc=obinsite. There are, of course, other human and moral costs that the Costs of War Study addresses and that others have addressed as well. As the American media cranks it out for the 10th anniversary of 9/11, it will eagerly prompt the emotions of the original event. Thinking and reacting that way is precisely how we ended up spending something in excess of $5 trillion and achieved a result that is the solid basis for only an argument -- and very little more. _____________________________ Winslow T. Wheeler Director Straus Military Reform Project Center for Defense Information 301 791-2397 From rforno at infowarrior.org Tue Sep 6 14:54:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Sep 2011 15:54:36 -0400 Subject: [Infowarrior] - Air Travel Shoes-Off Rule to Be Eased in Future Message-ID: Air Travel Shoes-Off Rule to Be Eased in Future By Kate Andersen Brower and Jeff Bliss - Sep 6, 2011 3:30 PM ET http://www.bloomberg.com/news/2011-09-06/air-travel-shoes-off-rule-to-be-eased-in-future.html Air travelers won?t have to take their shoes off during security screenings in the future, said U.S. Homeland Security Secretary Janet Napolitano. ?One of the first things you will see over time is the ability to keep your shoes on,? Napolitano said today at a forum hosted by Politico Playbook in Washington. She didn?t specify when the change would take place. Napolitano said restrictions on the amount of liquids passengers can bring on a plane will likely remain in place for the foreseeable future because technology hasn?t yet progressed to differentiate between explosives and harmless liquids. Airline customers have complained since the Sept. 11 attacks about elements of tighter airport security. Representative Mike Rogers, an Alabama Republican who heads the House subcommittee overseeing the Transportation Security Administration, has urged the agency to only require passengers suspected of posing a threat to remove shoes and belts. General Electric Co. (GE) and other companies have sought for years to get U.S. government approval for their shoe-scanning devices. In 2009, Fairfield, Connecticut-based GE said it would sell an 81 percent stake in its homeland-protection business to Safran SA for $580 million. Deadline Ahead TSA?s goal was to have shoe scanners deployed at airports by 2015, according to an October 2009 report by the Government Accountability Office, which audits programs for Congress. The agency has tested machines made by L3 Communications Holdings Inc., in which passengers step on a black mat to have their shoes scanned. No decision has been made on the technology. TSA has said it will begin later this year ?Known Traveler,? a pilot program to allow frequent travelers who provide additional personal information to keep their shoes on and laptops in bags. The U.S. required passengers to remove their footwear and send them through scanners with carry-on luggage after Richard Reid in 2001 attempted to set off explosives concealed in his shoe while on a flight over the Atlantic Ocean. Napolitano said while her department is remaining vigilant before the 10th anniversary of the Sept. 11 terrorist attacks, there are no credible, ?pending? threats to the U.S. Still, she said, documents collected in the Pakistani compound where former al-Qaeda chief Osama bin Laden was killed revealed he considered the anniversary an ?iconic? date. While terrorists are focused on aviation, particularly targeting U.S. and European planes, a ?spectacular? attack in the mold of Sept. 11 is unlikely, she said. Homegrown terrorism is a ?key concern,? particularly the threat of an attack by a ?lone wolf? terrorist inspired by al- Qaeda to act, she said. To contact the reporter on this story: Kate Andersen Brower in Washington at Kandersen7 at bloomberg.net; Jeff Bliss in Washington at jbliss at bloomberg.net To contact the editor responsible for this story: Mark Silva at msilva at bloomberg.net From rforno at infowarrior.org Tue Sep 6 14:58:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Sep 2011 15:58:33 -0400 Subject: [Infowarrior] - OpEd: Feldman: Bin Laden Fulfilled His One True Ambition Message-ID: <21006DD6-9294-4936-A576-1019BC37ED92@infowarrior.org> Feldman: Bin Laden Fulfilled His One True Ambition By Noah Feldman Sep 5, 2011 8:00 PM ET 46 Comments http://www.bloomberg.com/news/2011-09-06/osama-bin-laden-fulfilled-his-one-true-ambition-noah-feldman.html Noah Feldman is a professor of constitutional and international law at Harvard and the author of five books, most recently "Scorpions: The Battles and Triumphs of FDRs Great Supreme Court Justices." Here is a bet about the decade since Sept. 11: Historians are going to be mystified by it. First, the U.S. won the Cold War -- or at least it appeared to. Then, like the U.K. initiating the Industrial Revolution at the height of its global dominance, the U.S. jump-started the Information Revolution. A decade after the Berlin Wall came down, the U.S. seemed poised for another century of global domination through a combination of hard and soft power. We could even afford an extended legal fight over who the next president was going to be. Now, another 10 years on, the U.S. remains the most significant superpower -- but its position looks increasingly shaky. Its hard power took a hit through the realization that it couldn?t, in fact, take over cantankerous countries and turn them into thriving democracies, no matter how much money was spent or how many noble American lives were sacrificed. China is rising, and U.S. willingness to defend Taiwan by force of arms - - once the centerpiece of the U.S. Pacific policy -- is increasingly in doubt. As for American soft power, forget about it (or if you prefer, fuggedaboudit). Always a subtle idea that depended upon the theory that culture follows the sword, the very notion now looks like a relic of a more confident age. Those today who preach the benefits of soft power sound very much unlike its originator: Joseph Nye. For the Harvard University professor of government and former senior Defense Department official, the theory was an adjunct to power from the barrel of a gun. Today, its expositors sound more like they think soft power is a substitute for the real thing. Eyes Averted What happened? The short answer is that Sept. 11 did. From the standpoint of future historians, the U.S. took its eye off the ball. (To be clear: the ball is China.) Instead of directing attention to the only fast-growing economic power that also has major geostrategic ambitions, the U.S. spent 10 years obsessed with Islam. When it all began, U.S. President George W. Bush, on the verge of invading Iraq, didn?t know the difference between Shiite and Sunni Muslims. Today, every minor television personality can lecture on ancient feuds in the Middle East. Journalists covering the uprising against Syrian President Bashar al-Assad note that he is an Alawi Muslim and that the Sunnis who hate him may have Salafi sympathies. A few close- reading Americans can even tell Pashtun from Tajik from Uzbek. Islam and Democracy As a sometime adviser to U.S. officials and to Iraqis drafting early versions of their constitution, I was one of the people trying to learn fast and apply what I was learning to make the best of a bad situation. I still believe that some of what was accomplished in Iraq was valuable. Iraqis definitively opted for democracy, with all its flaws -- making them the first large Arab state to do so. Their constitution demonstrates the compatibility of Islam and democracy. At the time, this was innovative. Now it seems like common sense. But was all this hard-earned knowledge worth getting? Put another way, did the years spent in Iraq and Afghanistan serve the U.S. national interest? The historians, I fear, are likely to think not. Jihadist terrorism needed to be addressed. Yet even mainstream, non- radical Islam demands self-defensive jihad against a non-Muslim invader. Given this, historians will note that it was probably not ideal to address the al-Qaeda threat by invading Muslim lands -- especially if the goal was to win hearts and minds. World Dominance Oil will always seem like a valid concern for a superpower. But the historians of the future will notice that Afghanistan has none of this commodity and that Iraq under Saddam Hussein never stopped selling the stuff at a reasonable market price. Above all, historians are going to be confused about why the U.S. was so cavalier about protecting its position of unquestioned world dominance. Being No. 1 isn?t merely a feel-good proposition. The status of the dollar as the preferred reserve currency is a direct benefit of global hegemony. As we all now know now -- and as historians of the future will teach their wide-eyed freshmen -- printing the global reserve currency is an extraordinary financial advantage. Some of us used to envy Saudi Arabia. Any time it seemed even slightly unstable, oil prices would rise. The increase, in turn, would strengthen the Saudi regime: a perpetual-motion machine of oil-rigged stability. Now we know the same is true (for the moment) of America. Global economic instability driven by, say, U.S. political turmoil? The result is a flight to quality that makes it cheaper for the U.S. to borrow. Top that, sons of Saud! Real Threat The question, then, on which a million future midterms will turn and a thousand pinhead dissertations will dance is how the attacks of Sept. 11 brought the U.S. foreign-policy establishment -- including the very people who persuaded George H.W. Bush not to order an attack on Baghdad during the Gulf War of 1991 -- to decide that the most important threat facing the U.S. was Islamic terrorism. Part of the answer is that the threat was real. Osama bin Laden and his coterie were creative, effective and brutal. They showed that just a few people willing to die could wreak substantial havoc on an unprepared liberal democracy. But this won?t do to explain the breadth and depth of the U.S. response. Hardening our targets was wise. Wasting untold millions of person-hours in pointless airline-security lines (beware the 3- ounce deodorant) can be explained as an unavoidable side effect of bureaucracy and a placebo for our understandable worries. Thinking Clearly But something more is needed to make sense of our adventures abroad. A deeper answer lies in the reality of trauma as a force that can make it hard to think clearly. I distinctly remember the post-Sept. 11 comment of a brilliant, rational and sophisticated close friend (as it happens, of Muslim origin) whose pregnant spouse worked downtown. ?I feel like someone tried to kill my wife,? he said. That painful -- and accurate -- sentiment was felt broadly. Bin Laden tried to kill the U.S. president and his family. The vice president (remember him?) was in the White House. The 3,000 Americans of all backgrounds who were murdered were stand-ins for all of our family members. New York was a stand-in for America. In the wake of this trauma, infinitely repeated on television, thinking straight was barely an option. We could have treated bin Laden as a minor figure in an obscure terrorist network. We could have gambled that, after being chased from power, the Taliban wouldn?t harbor al-Qaeda again. We might have opted to contain Saddam, an evil man whose policies we had basically helped to shape. But, moved as we were, we could hardly imagine these things. Bin Laden?s true goal was to change the course of history. He did. (Noah Feldman, a law professor at Harvard University, is a Bloomberg View columnist. The opinions expressed are his own.) To contact the writer of this article: Noah Feldman in Cambridge, Massachusetts, at noah.feldman at harvard.edu To contact the editor responsible for this article: David Shipley at djshipley at bloomberg.net From rforno at infowarrior.org Tue Sep 6 15:25:31 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Sep 2011 16:25:31 -0400 Subject: [Infowarrior] - more on: Air Travel Shoes-Off Rule to Be Eased in Future Message-ID: <89DCA0B7-69AF-4E72-AB2B-EB4F7D63D3D5@infowarrior.org> From: Lauren Weinstein Date: September 06, 2011 3:56:55 PM Subject: [ PRIVACY Forum ] Inanity in Action: False "Shoe" Logic from TSA Inanity in Action: False "Shoe" Logic from TSA TSA has vaguely suggested that they will be phasing out the need to remove shoes before flying -- especially if you hand over the personal info for their "trusted traveler" program. http://j.mp/rfUPcD (Washington Post) But in a lovely example of inane false logic, the TSA administrator said this: "We have had over 5.5 [billion] people travel since Richard Reid [the only would-be shoe bomber] and there have been no shoe bombs because we have people take their shoes off," Pistole said in an interview last month with Business Travel News. But the same article notes that: "You don't take your shoes off anywhere but in the U.S. - not in Israel, in Amsterdam, in London," said Yossi Sheffi, an Israeli-born expert on risk analysis at the Massachusetts Institute of Technology. "We all know why we do it here, but this seems to be a make-everybody-feel-good thing rather than a necessity." So, apparently Mr. Pistole is using the famous "elephant repellent" argument, which usually goes something like this: She: "Why are you snapping your fingers?" He: *snap*snap* "To keep away the elephants." She: "There aren't any elephants around here!" He: *snap*snap* "See? It's working!" One word only: *Idiotic*. --Lauren-- Lauren Weinstein (lauren at vortex.com): http://www.vortex.com/lauren Co-Founder: People For Internet Responsibility: http://www.pfir.org Founder: - Network Neutrality Squad: http://www.nnsquad.org - Global Coalition for Transparent Internet Performance: http://www.gctip.org - PRIVACY Forum: http://www.vortex.com Member: ACM Committee on Computers and Public Policy Blog: http://lauren.vortex.com Google+: http://vortex.com/g+lauren Twitter: https://twitter.com/laurenweinstein Tel: +1 (818) 225-2800 / Skype: vortex.com From rforno at infowarrior.org Tue Sep 6 15:40:07 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Sep 2011 16:40:07 -0400 Subject: [Infowarrior] - Big Sis: Drudge is 'just wrong' on privacy Message-ID: <28F8D878-E496-47EA-8919-309C63BE9BCF@infowarrior.org> September 06, 2011 http://www.politico.com/blogs/joshgerstein/0911/Janet_Napolitano_Drudge_is_just_wrong_on_privacy.html Janet Napolitano: Drudge is 'just wrong' on privacy Homeland Security Secretary Janet Napolitano is calling out web news aggregator Matt Drudge for suggesting that she's an ogre eager to invade the privacy of Americans and in particular those who travel by air. "I think my nickname is 'Big Sis.' I don't think he means it kindly, actually," Napolitano said Tuesday, accurately recalling the moniker that often accompanies scary-looking photos of her on Drudge's popular news site. "I think that what he means is we are watching too much?kind of an Orwellian view. He's just wrong. I mean, he's just wrong," Napolitano declared during a POLITICO Playbook breakfast at the Newseum. She said the privacy impact of new airport screening technology and similar programs are thoroughly vetted before they are implemented. "We want to be conscious of civil liberties and civil rights protections?and we are," Napolitano insisted. "We don't do anything without kind of running it through our own civil rights and privacy office. We're one of only two departments in the federal government that actually has a presidentially-appointed privacy office and officer." (While Obama did name a privacy officer for the Department of Homeland Security, the president has so far failed to nominate a quorum for a Congressionally-mandated oversight board to track civil liberties issues government-wide.) "We run all of our programs our technology buys all of those kinds of things we think about privacy and when too much is too much, but on the other hand our responsibility is to maximize our ability to prevent something violent from being successful. So we're always striking that balance but we think we've hit it pretty right," she said. Napolitano said full-body airport scanners are becoming more respectful of privacy: where previous versions showed a detailed outline of the body passing through the machine, the new generation simply shows a stick figure with an indication of what area of the body may require further checking. The Homeland Security chief called privacy concerns "overblown" and offered praise for the proliferation of surveillance cameras in some big U.S. cities. "They are a very, very helpful methodology, particularly in areas where we know there are constant threats," she said. During the discussion with POLITICO's Mike Allen, Napolitano said the requirement that air travelers take their shoes off could soon be history, while the limits on taking liquids on board will be around for a while. The DHS chief seemed to take her "Big Sis" nickname with good humor. "It's kind of a deal. You know you've made it when you get your own nickname. Asked if she has a nickname for Drudge, Napolitano replied mischievously. "Maybe," she replied, before demurring by saying, "I think we should try to keep our discussion at a high level." From rforno at infowarrior.org Tue Sep 6 19:11:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Sep 2011 20:11:46 -0400 Subject: [Infowarrior] - Sony hires former DHS NCSC director as CISO Message-ID: <38FC5E40-35A5-42F4-863F-5276B026D0F9@infowarrior.org> Sony recruits information security boss after hacking http://www.reuters.com/article/2011/09/06/us-sony-idUSTRE7851PH20110906 TOKYO | Tue Sep 6, 2011 5:18am EDT (Reuters) - Sony Corp picked a former official at the U.S. Department of Homeland Security for the new post of chief information security officer, months after a massive hacking attack leaked information on 100 million user accounts on its games networks. Philip Reitinger, previously director of the U.S. National Cyber Security Center, will become senior vice president and will report to general counsel Nicole Seligman, the Japanese electronics conglomerate said on Tuesday. "Certainly the network issue was a catalyst for the appointment," a Sony spokesman said. "We are looking to bolster our network security even further." Shares in Sony have fallen 55 percent since the company revealed the hacking on April 27, sparking widespread criticism and casting a shadow over its plans for expansion in online businesses including music and movie distribution. Concerns about losses in the TV department and the yen's rise against the euro have also contributed to Sony's woes. Reitinger, who has also worked for Microsoft and the U.S. Department of Defense, will be based in Washington. (Reporting by Isabel Reynolds; Editing by Joseph Radford) From rforno at infowarrior.org Tue Sep 6 23:17:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Sep 2011 00:17:54 -0400 Subject: [Infowarrior] - WSJ: SEC Looks Into Effect Of ETFs On Market Volatility Message-ID: SEPTEMBER 6, 2011, 9:00 P.M. ET WSJ: SEC Looks Into Effect Of ETFs On Market Volatility http://online.wsj.com/article/BT-CO-20110906-716528.html By Scott Patterson Of THE WALL STREET JOURNAL U.S. securities regulators are looking into whether turbocharged exchange-traded funds amplified August's topsy-turvy swings in the stock market. Securities and Exchange Commission officials have had discussions with firms that trade ETFs, asking questions about whether they added to the market's volatility, according to people familiar with the talks. ETFs, which typically track market indexes, trade on exchanges like stocks. Exchange-traded funds have surged in popularity and now generate 35% to 40% of exchange trading volume, according to Morningstar Inc. Such funds sometimes are used by high-frequency traders, who buy and sell stocks and other assets at a rapid clip, making money on small moves. (This story and related background material will be available on The Wall Street Journal website, WSJ.com.) SEC officials are zeroing in on "leveraged" ETFs, which amplify investor bets, often through derivatives. Derivatives are financial contracts with values linked to another asset. The funds typically offer double or even triple the return of an index, such as the Standard & Poor's 500-stock index. So-called inverse ETFs, which also can be leveraged, are like mirror-image indexes, gaining if the index falls and falling if the index gains. The SEC inquiry into ETFs is part of a broader look by regulators into exotic trading vehicles and high-frequency trading. The SEC voted last week to open up a public dialogue about the use of derivatives by mutual funds and ETFs, among other things. Some critics have long said the high-octane funds can intensify market volatility, because ETFs often reflect moves in a number of securities through a single trade, in contrast to individual stocks. In August, stocks swung wildly as investors reacted to Europe's debt crisis, economic woes in the U.S. and Standard & Poor's downgrade of long-term U.S. government debt. The Dow Jones Industrial Average swung by at least 400 points on four consecutive days for the first time in its 115-year history. Numerous high-speed trading firms posted high profits during the August volatility, according to traders. While popular with high-frequency traders, leveraged ETFs also are increasingly traded by individual investors. The ETFs can magnify profits, but they also raise the risk of big losses. Leveraged ETFs are primarily intended for short-term day trading and often miss their mark on returns if held for longer periods. Last week, SEC officials spoke by telephone with Thomas Peterffy, chief executive of Interactive Brokers Group Inc. The Greenwich, Conn., brokerage firm's Timber Hill unit is one of the biggest market makers in ETFs, buying and selling the funds on behalf of investors. Mr. Peterffy said he was asked if leveraged ETFs can add to the market's volatility at the open and close of trading. Market makers buy and sell stocks or other underlying assets in ETFs just after the open and before the close to rebalance their portfolios. If the market makes a big move in overnight trading or during regular trading hours, ETF market makers must buy or sell large chunks of underlying assets during a short period. The moves can be worsened by other investors trading in anticipation of a rebalancing. Mr. Peterffy says he told the SEC that ETF trading can produce big swings anytime during the trading day. "It is not only during the open or close but also during the day," Mr. Peterffy said in an interview. He said he told SEC officials that "many high-frequency traders go with the momentum by [trading ETFs] in the direction the market is moving." ProShares, a unit of ProFunds Group, which says it is the world's largest manager of leveraged and inverse funds, declined to comment. More than "half the volume on the exchange is high-frequency trading, and ETFs have become the vehicle of choice for high-frequency trading," said Robert Litan, vice president for research and policy at the Kauffman Foundation. Mr. Litan has written about the risks posed by leveraged ETFs. Scott Burns, a Morningstar researcher who tracks ETFs, says the use of leveraged ETFs "picked up dramatically" during the August turmoil. The funds likely didn't play a major role in the swings because not enough cash is invested in the funds, he said. In the first two weeks of August, leveraged ETFs accounted for about 13% of total ETF trading volume, according to Morningstar. Big end-of-day swings were more likely caused by mutual-fund managers buying or selling to meet jittery investor demands during a time of high anxiety, Mr. Burns said. High-frequency trading came under scrutiny in 2010 after the May 6 "flash crash," when the Dow Jones Industrial Average fell about 900 points in minutes. Many high-speed traders sold their holdings as the decline accelerated, putting further pressure on the market, according to the SEC. Other factors, such as heavy selling of futures contracts and ETFs, also played a large role in the flash crash, the SEC found. From rforno at infowarrior.org Wed Sep 7 06:34:57 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Sep 2011 07:34:57 -0400 Subject: [Infowarrior] - Judge Decimates BitTorrent Lawsuit With Common Sense Ruling Message-ID: Judge Decimates BitTorrent Lawsuit With Common Sense Ruling ? enigmax ? September 7, 2011 ? 4 ? Copyright Enforcement Group, http://torrentfreak.com/judge-decimates-bittorrent-lawsuit-with-common-sense-ruling-110907/ In an ongoing BitTorrent lawsuit of particular interest, in which the plaintiff?s lawyer has already refused to comply with a court order demanding to know how much money is being made from settlements, a judge has now dismissed all but one of the defendants. This welcome news for more than 5,000 John Does is further augmented by a wave of criticism from the presiding judge who clearly understands ?copyright-troll? style lawsuits. As predicted, On The Cheap, LLC vs Does 1-5011 is proving to be a must-read case for anyone interested in mass anti-filesharing lawsuits in the United States. The case is one of the porn-based BitTorrent lawsuits filed in 2010 by Ira M. Siegel using evidence from the Copyright Enforcement Group. The ?work? in question is Danielle Staub Raw ? a sex tape featuring reality show star Danielle Staub. The case has become particularly interesting during the last couple of weeks. Judge Bernard Zimmerman?s criticism has been developing on a number of fronts include a general lack of progress, issues of jurisdiction, joinder, and the nagging feeling that the court is being used a collection agency ? i.e a means to an end of achieving cash settlements from BitTorrent users. Now, following Ira M. Siegel?s late and incomplete filing in response to a court order in late August, Judge Zimmerman has dealt a crippling blow to the case by dismissing all but one of the 5,000+ defendants. ?Having reviewed plaintiff?s response to the order to show cause as well as an amicus brief filed by the Electronic Frontier Foundation, and having considered the arguments of counsel, I find that almost 5,000 remaining Doe defendants are improperly joined..[..],? Zimmerman writes. In short, just because BitTorrent users may have participated in the same swarm at varying points in time it does not follow that they worked in concert. Furthermore, Judge Zimmerman ruled that having around 5,000 defendants in one case would not promote judicial efficiency, not least because many defendants will have their own unique defenses to the accusations. Of course, to keep costs down Ira M. Siegel and his client want to process defendants all at once and in common with almost all of these settlement-driven cases, avoid taking defendants to court. But in keeping up appearances to the contrary, that defendants will be taken to court, the whole premise begins to look ridiculous when the logistics are examined. ?No courtroom in this building can hold over 200, let alone 5000,? said Judge Zimmerman. He then went on to bemoan the issues of jurisdiction which have plagued this and similar cases. ?Plaintiff, well aware of the difficulties out-of-state and out-of-district defendants would face if required to appear in San Francisco, has nonetheless sent them settlement demands which apparently inform them they have been sued in this District.? This, notes the Judge, is incompatible with ?principles of fundamental fairness.? Finally, and perhaps most importantly, Judge Zimmerman added an interesting footnote to his ruling which shows that he has a very clear understanding of what these mass anti-filesharing lawsuits are all about. ?The Court?s concerns are heightened by plaintiff?s refusal to file under seal a copy of its settlement letter and related information about its settlement practices. The film sells for $19.95 on plaintiff?s website. According to public reports, plaintiffs in other BitTorrent cases, rather than prosecuting their lawsuits after learning the identities of Does, are demanding thousands of dollars from each Doe defendant in settlement,? Judge Zimmerman begins. ?If all this is correct, it raises questions of whether this film was produced for commercial purposes or for purposes of generating litigation and settlements. Put another way, Article 1, section 8 of the Constitution authorizes Congress to enact copyright laws ?to promote the Progress of Science and useful Arts?. ?If all the concerns about these mass Doe lawsuits are true, it appears that the copyright laws are being used as part of a massive collection scheme and not to promote useful arts,? he concludes. From rforno at infowarrior.org Wed Sep 7 06:50:34 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Sep 2011 07:50:34 -0400 Subject: [Infowarrior] - TSA Agent Threatens Woman With Defamation, Demands $500k For Calling Intrusive Search 'Rape' Message-ID: <37829C06-A78F-4BB5-8C29-1134EE28EBCA@infowarrior.org> TSA Agent Threatens Woman With Defamation, Demands $500k For Calling Intrusive Search 'Rape' from the don't-be-a-victim dept http://www.techdirt.com/articles/20110906/11065015824/tsa-agent-threatens-woman-with-defamation-demands-500k-calling-intrusive-search-rape.shtml Amy Alkon is an advice columnist and blogger who is just one of many people who has had a horrifying and traumatizing experience going through airport security lately. After being pulled aside for an "enhanced" search, she found the process to be so invasive and so in violation of her own rights that she was left sobbing. She wrote about the experience on her blog, noting that she didn't think the search was just "invasive" in the emotional sense, but flat out physically invasive: < -- snip so 'evil' but legitimate words about anatomy don't trip your employer's paranoid censoring bots- > Upon leaving, still sobbing, I yelled to the woman, "YOU RAPED ME." And I took her name to see if I could file sexual assault charges on my return. This woman, and all of those who support this system deserve no less than this sort of unpleasant experience, and from all of us. After investigating whether or not she could file sexual assault charges, and being told that this was probably a non-starter, she instead wrote about the experience, and named the TSA agent who she dealt with: Thedala Magee. Alkon felt that if people can't stop these kinds of searches, they should at least be able to name the TSA agents who are doing them. Magee responded by lawyering up and threatening Alkon with defamation and asking for $500,000 and the removal of the blog post. No free woman should endure what your client did to Ms. Alkon. < - snip - > This was not only her right -- it was her responsibility. I honestly don't know if this reaches the "technical" definition of rape, but I am massively troubled, if not horrified, by the idea that a woman who feels sexually assaulted based on what happened above ends up being threatened for saying she felt violated. Talk about adding insult to injury. From rforno at infowarrior.org Wed Sep 7 16:56:05 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Sep 2011 17:56:05 -0400 Subject: [Infowarrior] - How Apple's Lion won't let you trash documents Message-ID: <71AAD7FD-8A18-4EB0-86AD-41F769727BE9@infowarrior.org> QOTA: "Those of us at Vulture Central who made the mistake of upgrading quickly wonder if Lion is the biggest boon Windows has ever had." Scary! --- rick http://go.theregister.com/feed/www.reghardware.com/2011/09/07/apple_mac_os_x_lion_the_nanny_os/ How Apple's Lion won't let you trash documents The operating system for the nanny state? By Tony Smith 7th September 2011 16:02 GMT Comment Apple's Mac OS X 10.7 is branded Lion. The Lion may be king of the jungle, but from where we sit, it's the king of bungles. A case in point. Someone emails you a document, and you open it in, say, Apple's Pages app for a look. You read it through then, having done with it, you quit Pages. You no longer require the document so you chuck it in the wastebasket. Doubly sure you never want it to darken your desktop again, you empty the trash. You have a second document you want to look at, so you double-click on it, a process that, as you expect, fires up Pages and loads the file. What you don't expect - but what you get - is a copy of the file you no only threw away but thought you'd zapped for good. This is, of course, in classic Microsoft parlance, "a feature not a bug". Lion saves document changes in a hidden file .DocumentRevisions-V100, though only on drives formatted with the HFS+ file system. For an in-depth exploration of Lion's versioning, see blog Tech, TeX and Theory. Smartly, .DocumentRevisions-V100 only contains an initial copy of the file and changes, so it won't fill up your hard drive with unwanted versions of the same document. Well, it shouldn't - we'll have to wait and see how it manages over time. But clearly it does retain copies of files that have been subsequently deleted. Not a problem, perhaps, with RTF files, but an issue if you're used to throwing big graphics files around. Then again, even RTFs may contain confidential information you thought you had deleted for good. Well, you haven't. All this is part of Apple's attempt, through Lion, to get rid of files altogether, or at least abstract them away from the notion of discrete blocks of data on the hard drive. Yes, there's a file you can move around, but in Lion it's accompanied by a version databased with all the changes you've made. Move the file to a non-HFS+ volume and any changes made there but the last one will not be retained. Copy the file back, not unreasonably replacing the one you had originally, and you'll be able to revert to the last version saved on HFS+ but nothing later than that other than the most recent incarnation. Open up a file you keep as a template, make some changes but don't save the file - or 'save a version', as Lion calls the venerable Command-S - and you'll still end up the the modified file not the orginal. Yes, you can use Lion's 'Browse all versions' command - found not in the File menu but in an easily missed, and sometimes invisible until you put the pointer nearby, arrow icon by the filename in the document's window header - but since you never saved the file, you shouldn't have to recover unwanted changes. Not all apps currently support Lion's versioning system, but most eventually will. The fundamental issue here is Lion's assumption that you don't know what you're doing, and it's going to ensure you're protected from cock-ups that, in your ignorance, you may make. That's fine for novice users. There are a lot of folk I know who could really benefit from this, the one who usually create a new document everytime they make a change, and end up with dozens of copies of what is essentially the same file. But there's no way those of us who know what we're doing - and are happy to live with the consequences of our mistakes - can disable it. Or, at least not consistently. Lion by default locks files that haven't been touched for two weeks. Generally, you don't track that time, so you open an old file, start typing only to find that Lion is asking to unlock the file or create a duplicate. But not before one or two characters have gotten from the buffer onto the page, into the field or whatever, so it's not like the locking system leaves an old document entirely protected. You can disable locking, but only by navigating first to the Time Machine preferences panel, and then to its Options? section. In other words, not a location most folk are likely to check. So Apple doesn't really want you to touch it. Nanny knows best. Nanny knows you really don't want to open that JPEG you downloaded a week ago but didn't get round to looking at then, so will give you a dire warning about opening it now, something she doesn't do at the time. Lion is, alas, the future of the Mac OS, so Mac users have to get used to it, or change operating systems. Those of us at Vulture Central who made the mistake of upgrading quickly wonder if Lion is the biggest boon Windows has ever had. At least we can, with a bit of jiggery pokery, go back to Snow Leopard, which was a joy to use. Not so owners of Apple's latest and future kit, which have been tied to Lion, blocking what might be called a downgrade but really isn't. So, we call on the Hackintosh community, not only to continue enabling Mac OS X to run on non-Apple kit, but to make the real Mac OS X, Snow Leopard, to run on Apple kit. ? From rforno at infowarrior.org Thu Sep 8 07:32:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Sep 2011 08:32:47 -0400 Subject: [Infowarrior] - NSA, CYBERCOM Leadership Should Be Split, Hayden Says Message-ID: <24D246D0-FC04-46E7-B734-141EF6D4F64D@infowarrior.org> AOL Defense (defense.aol.com) September 7, 2011 NSA, CYBERCOM Leadership Should Be Split, Hayden Says By Carlo Munoz Washington: Gen. Keith Alexander should give up his role as head of the National Security Agency to focus more on his job as chief of Cyber Command, former CIA director Mike Hayden said today. Alexander was already the top military officer at NSA when he was nominated to receive his fourth star and head up Cyber Command last year. Despite the fact that the NSA chief has always been a three-star general, DoD and the White House opted to give Alexander both jobs. Alexander's nomination was confirmed by the Senate last May. In July, DoD released its long-awaited cyberwarfare strategy which provides the blueprint for how the Pentagon will defend against potential national security threats in cyberspace. But as the role of cyber in military and intelligence operations grows, the head of Cyber Command will likely have to give up the NSA job to focus on that mission, Hayden said during a intelligence and national security symposium sponsored by the Center For Strategic and International Studies today. Hayden, who held the top job at CIA from 2006 to 2009, added that splitting up command of both organizations would also ensure that NSA does not become too focused on cyber operations and lose sight of its main mission of signals and imagery analysis. Breaking up command of NSA and Cyber Command would also make both organizations more responsive, since each caters to different areas of the military and intelligence communities, Hayden added. NSA, according to Hayden, is primarily responsible for providing intelligence and analysis for DoD's combatant commands. It is, by and large, an intelligence "force provider" for the military, he said. On the other hand, Cyber Command will be the preeminent cyberwarfare arm for the entire Defense Department, similar to Special Operations Command. Putting such a wide range of responsibilities under one commander simply does not make sense and will likely not continue, Hayden argued. That said, the respective heads of both organizations must maintain close ties with each other, as well as with other agencies in the intelligence community and the office of the director for national intelligence, he added. From rforno at infowarrior.org Thu Sep 8 11:22:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Sep 2011 12:22:33 -0400 Subject: [Infowarrior] - Newshour: After 9/11, Suspicions Fall on Some Shoppers Message-ID: Sad viewing/reading. I suggest you not watch it while eating or having sharp objects lying around. The piece begins: "You're looking at the front line of America's war on terror, the Mall of America, near Minneapolis, one of the biggest malls in the country.....The mall has created its own private counterterrorism unit. And they look out for what they call suspicious persons." Welcome to the United States of Paranoia, people. --- rick After 9/11, Suspicions Fall on Some Shoppers After 9/11, the Department of Homeland Security created the Nationwide Suspicious Activity Reporting Initiative to help spot potential terrorists, while the Mall of America launched its own security program. NPR and the Center for Investigative Reporting report how such efforts aimed at security affect our civil liberties. < - > http://www.pbs.org/newshour/bb/terrorism/july-dec11/mallofamerica_09-07.html From rforno at infowarrior.org Thu Sep 8 17:20:50 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Sep 2011 18:20:50 -0400 Subject: [Infowarrior] - Wasn't The PATRIOT Act Supposed To Be About Stopping Terrorism? Message-ID: <6DB11E8D-25A3-431F-9629-AFD5E2B4969D@infowarrior.org> Wasn't The PATRIOT Act Supposed To Be About Stopping Terrorism? from the oh-look dept The PATRIOT Act was all about stopping terrorism, right? We were told that special provisions that ate away at our civil liberties were needed specifically to catch dangerous terrorists -- and that the reason for such an abdication of our rights had nothing to do with simply giving the government more useful surveillance powers. Aaron DeOliveira points us to a fascinating chart that shows how often law enforcement has been using "sneak-and-peek" warrants. These warrants let officials search private property without letting the target of the investigation know. Again, we were told that these expanded powers were needed to stop terrorism. So what have they been used for? Take a look: < - > Yup. They're all pretty much being used in drug cases. Now some might make the argument that it's important to go after drug dealers -- but that's not how the PATRIOT Act was supposed to be used. http://www.techdirt.com/articles/20110908/02534215846/wasnt-patriot-act-supposed-to-be-about-stopping-terrorism.shtml From rforno at infowarrior.org Thu Sep 8 17:30:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Sep 2011 18:30:58 -0400 Subject: [Infowarrior] - Google Details Electricity Usage of Its Data Centers Message-ID: <5C7C89D2-C0D5-48D1-A5F0-FE8B41AAA1BC@infowarrior.org> http://www.nytimes.com/2011/09/09/technology/google-details-electricity-output-of-its-data-centers.html Google Details Electricity Usage of Its Data Centers By JAMES GLANZ Google released what was once among its most closely guarded secrets on Thursday: how much electricity its enormous computing facilities consume. The company said that its data centers continuously drew almost 260 million watts ? about a quarter of the output of a nuclear power plant ? to run Google searches, YouTube views, Gmail messaging and display ads on all those services around the world. Though the electricity figure may seem large, the company asserts that the world is using less energy as a result of the billions of operations carried out in Google data centers. Google says people should consider things like the amount of gasoline saved when someone conducts a Google search rather than, say, driving to the library. ?They look big in the small context,? Urs Hoelzle, Google?s senior vice president of technical infrastructure, said in an interview. Google says that people conduct over a billion searches a day and numerous other downloads and queries, and it calculates that the average energy consumption for a typical user is small, about 180 watt-hours a month, or the equivalent of running a 60-watt light bulb for three hours. The overall electricity figure includes all Google operations worldwide, including the energy required to run its campuses and office parks, he added. While comparing different types of electricity loads is difficult, utility companies estimate that 260 million watts could power all of the homes in a sizable city ? say, 100,000 to 200,000 homes. For years, Google maintained a wall of silence worthy of a government security agency on how much electricity the company used ? a silence that experts speculated was used to cloak how quickly it was outstripping the competition in the scale and sophistication of its data centers. The electricity figures are no longer seen as a key to decoding the company?s operations, said Mr. Hoelzle. Google is known to have built efficient data centers. Unlike many data-driven companies, Google designs and builds most of its data centers from scratch, including its servers that use energy-saving chips and software. Noah Horowitz, senior scientist at the Natural Resources Defense Council in San Francisco, applauded Google for releasing the figures but cautioned that despite the advent of increasingly powerful and energy-efficient computing tools, electricity use at data centers was still rising, as every major corporation now relied on them. He said the figures did not include the electricity drawn by the personal computers, tablets and iPhones that use information from Google?s data centers. ?When we hit the Google search button,? Mr. Horowitz said, ?it?s not for free.? Google also estimated that its total carbon emissions for 2010 were just under 1.5 million metric tons, with most of that attributable to carbon fuels that provide electricity for the data centers. In part because of special arrangements the company has made to purchase electricity from wind farms, Google says that 25 percent of its energy is supplied by renewable fuels, and estimates that it will reach 30 percent in 2011. Google also released an estimate that an average search uses 0.3 watt-hours of electricity, a figure that may be difficult for many people to understand intuitively. But when multiplied by Google?s estimate of more than a billion searches a day, the figure yields a somewhat surprising result: approximately 12.5 million watts of Google?s 260-million-watt total can be accounted for by searches, the company?s bread-and-butter service. The rest is used by Google?s other services, including YouTube, whose power consumption the company also depicted as very small. The announcement is likely to spur further competition in an industry where every company is already striving to appear ?greener? than the next, said Dennis Symanski, a senior data center project manager at the Electric Power Research Institute, a nonprofit organization. At professional conferences on the topic, Mr. Symanski said, ?They?re all clamoring to get on the podium to claim that they have the most efficient data center.? From rforno at infowarrior.org Thu Sep 8 18:20:27 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Sep 2011 19:20:27 -0400 Subject: [Infowarrior] - The Spy Who Tweeted Me Message-ID: <4B6F498C-B746-44A8-A54B-05504D6FAE3D@infowarrior.org> The Spy Who Tweeted Me: Intelligence Community Wants to Monitor Social Media ? By Sharon Weinberger ? September 7, 2011 | ? 9:00 am | ? Categories: Info War http://www.wired.com/dangerroom/2011/09/social-media-spies/ A research arm of the intelligence community wants to sweep up public data on everything from Twitter to public webcams in the hopes of predicting the future. The project is the brainchild of the Intelligence Advanced Research Projects Activity, or Iarpa, a relatively new part of the spy community that?s supposed to help investigate breakthrough technologies. While other projects exist for predicting political events, the Open Source Indicators program would be perhaps the first that mines data from social media websites. The idea is to use automated analysis to sift through the deluge of publicly available data to help predict significant societal events, like a popular revolution. The nascent project, called ?Open Source Indicators,? is just the latest move by the national security community to come to grips with the flood of information now available on social media. As Danger Room?s Lena Groeger has reported, it?s also intended to predict natural disasters or economic disruptions. The science underlying the project is the notion that early indicators of major social upheavals might be hidden in plain, socially-networked sight. ?Some of these changes may be indirectly observable from publicly available data, such as web search queries, blogs, micro-blogs, internet traffic, financial markets, traffic webcams, Wikipedia edits, and many others,? the announcement, published August 25, says. ?Published research has found that some of these data sources are individually useful in the early detection of events such as disease outbreaks, political crises, and macroeconomic trends.? Indeed, social media sites, such as Twitter and Facebook, garnered major attention during recent events like the Arab Spring, and have been credited with helping to organize protesters and even foment revolution. Authoritarian governments trying to hold on to power noted the trend, and attempted at times to shut down access to those sites ? and occasionally the Internet as a whole ? in the hopes of stymieing efforts to organize protests. The idea of the U.S. intelligence community culling data from social media is still a new one, and is likely to raise a number of questions. For example: what constitutes public data? Iarpa, for its part, defines public data as ?lawfully obtained data available to any member of the general public, to include by purchase, subscription or registration.? That raises its own host of questions, like whether the intelligence community could register a fake profile on Facebook, in order to ?friend? people and obtain more information. For those who fear the all-seeing surveillance state, Iarpa says there are some things the program won?t do. It won?t be used to predict events in the United States, for instance. Nor will it be used to track specific individuals. From rforno at infowarrior.org Thu Sep 8 18:31:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Sep 2011 19:31:46 -0400 Subject: [Infowarrior] - DHS: 'Credible' threats to USA on 9/11 Message-ID: <965553E5-3504-4C7C-84E3-16793018D203@infowarrior.org> As usual, one has to consider the timing and context of such proclaimations, though the 10-year mark might make such occurrances somewhat more 'probable' --- but take as you will. This statement doesn't really say anything actionable in my view other than generate a flash news headline or two tonight. -- rick Via ZH: ?As we know from the intelligence gathered from the OBL raid, AQ has shown an interest in important dates and anniversaries, such as 9/11. In this instance, it?s accurate that there is specific, credible but unconfirmed threat information. As we always do before important dates like the anniversary of 9/11, we will undoubtedly get more reporting in the coming days. Sometimes this reporting is credible and warrants intense focus, other times it lacks credibility and is highly unlikely to be reflective of real plots underway. Regardless, we take all threat reporting seriously, and we have taken, and will continue to take all steps necessary to mitigate any threats that arise. We continue to ask the American people to remain vigilant as we head into the weekend.? Matt Chandler Press Secretary Office of Public Affairs U.S. Department of Homeland Security O - (202) 282-8010 matthew.chandler at dhs.gov From rforno at infowarrior.org Thu Sep 8 20:31:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Sep 2011 21:31:03 -0400 Subject: [Infowarrior] - Regarding the San Diego power outage ... Message-ID: SDG&E: "Power Out Into the Night" http://www.nbcsandiego.com/news/local/San-Diego-Communities-Experience-Blackout-129493378.html < - > A transmitter line between Arizona and California was severed, causing both major connections in the region, causing the outage. The extreme heat in some areas also may have caused some problems with the lines, according to SDG&E. "Essentially we have two connections from the rest of the world: One of from the north and one is to the east. Both connections are severed," said the SDG&E official. < - > http://www.nbcsandiego.com/news/local/San-Diego-Communities-Experience-Blackout-129493378.html From rforno at infowarrior.org Fri Sep 9 07:01:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Sep 2011 08:01:47 -0400 Subject: [Infowarrior] - How 9/11 attacks reshaped U.S. privacy debate Message-ID: <2BBFBA8F-A1AF-4625-8C6C-503C16B9DBB1@infowarrior.org> Discussing THESE sort of "rememberances" about 9/11 is far more important than the tear-jerker, lets-look-backwards-not-forwards made-for-TV stuff IMHO. -- rick How 9/11 attacks reshaped U.S. privacy debate http://news.cnet.com/8301-31921_3-20103750-281/how-9-11-attacks-reshaped-u.s-privacy-debate/ By: Declan McCullagh September 9, 2011 4:00 AM PDT It was not that long ago that U.S. congressman Spencer Bachus, a conservative Republican from Alabama, was defending Americans' right to privacy against overreaching government surveillance. "Technology has outrun the law," Bachus said during a July 2000 hearing. He wondered: "What level of monitoring do we, as a country, want to have on private conversations?" Soon afterward, that House of Representatives committee took the unprecedented step of voting, by a 20-1 margin, to require police to obtain a warrant from a judge before e-mail could be read or mobile phones could be tracked. The legislation even specified that police couldn't use illegally obtained electronic communications as evidence in court. "This was the first Congress that took privacy seriously," I wrote at the end of 2000, noting that a privacy caucus had formed that year. A consensus seemed to be coalescing around protecting Americans' electronic privacy, coupled with sharp criticism of the FBI's Carnivore wiretapping tool, Byzantine U.S. encryption regulations, and the shadowy surveillance system that became known as Echelon. After the attacks on the Pentagon and World Trade Center, however, the sentiment in political circles quickly shifted from protecting electronic privacy to facilitating government surveillance. The privacy bill approved by the committee by such a lopsided margin disappeared. Bachus not only voted for the Patriot Act, but he ended up writing part of it. Other politicians shared his sentiments. The Justice Department "really does want to use cell phones as a tracking device, and that worries a lot of people," said then-Rep. Bob Barr, a Georgia Republican, in September 2000. A year later, Barr voted for the Patriot Act (though later said he regretted it and seems to have experienced a complete change of heart). (Credit: Declan McCullagh/CNET) The high, or low, points of the next decade are well known: The enactment of the Patriot Act. The creation of the Department of Homeland Security. The National Security Agency's warrantless surveillance, followed by retroactive immunity for communications companies that illegally opened their networks and a whistle-blower who offered disturbing details about the depth of AT&T's involvement. "Perhaps the biggest systemic change in the way the government conducts investigations since 9/11 is the transition from targeted surveillance--where the government picks a target and spies on that person--to untargeted wholesale surveillance, where masses of people are surveilled," says Kevin Bankston, a senior staff attorney at the Electronic Frontier Foundation. "And then the government decides who it wants to focus on." In the decades prior to the 9/11 attacks, the FBI generally specialized in targeted surveillance, while the NSA tended to conduct wholesale surveillance of non-Americans. After September 2001, however, the NSA's electronic ear turned inward. In his book titled "State of War," New York Times reporter James Risen says the NSA has "extremely close relationships with both the telecommunications and computer industries." The Los Angeles Times reported that AT&T has opened its customer information database to the NSA. And USA Today reported that the NSA "has been secretly collecting the phone call records of tens of millions of Americans" from AT&T, Verizon, and BellSouth. What's not as well known is how much of the preparatory work for that shift toward greater surveillance had begun long before September 2011. Attorneys at the Department of Justice had spent years drafting the so-called Enhancement of Privacy and Public Safety in Cyberspace Act (PDF), which goes by the awkward and not very memorable acronym of EPPSCA. The Clinton administration forwarded EPPSCA to Congress in July 2000, where it was introduced by Sen. Patrick Leahy (D-Vt.) and met with a generally chilly response. Leahy himself said, referring to his own bill, that while portions seemed reasonable, "the merits of other provisions in this legislation would benefit from additional scrutiny and debate." EPPSCA was designed to give police more authority to conduct Internet surveillance, not thwart terrorists armed with box cutters. In a July 2000 speech at the National Press Club on the day the administration sent EPPSCA to Capitol Hill, White House Chief of Staff John Podesta included only a single reference to "cyber-terrorism," and nothing about the non-cyber sort. But within hours of the 9/11 attacks, the Justice Department had dusted off EPPSCA as a way to respond to bin Laden. On September 13, 2001, two days after the worst terrorist attack in U.S. history, the U.S. Senate approved the "Combating Terrorism Act of 2001," which includes portions copied word-for-word directly from EPPSCA. Over the next 45 days, the Combating Terrorism Act of 2001 morphed into the Patriot Act, which was broadened to address unrelated topics such as immigration and financial institutions. Portions of EPPSCA survived verbatim. When the final vote on the Patriot Act was held the following month, members of Congress were required to vote on the bill without time to read it. The measure "has been debated in the most undemocratic way possible, and it is not worthy of this institution," Rep. Barney Frank, D-Mass., said at the time. Rep. Ron Paul, R-Texas, added later: "Almost all significant legislation since 9/11 has been rushed through in a tone of urgency with reference to the tragedy." Only now, nearly a decade later, does the political pendulum appear to be swinging back to favor privacy. It's being driven by concerns over mobile device tracking, government access to data, airport body scanners--and the Patriot Act itself. Concerns about Facebook privacy and Web security have probably helped. (The ACLU has documented what it calls "widespread abuses" of the 2001 law.) Accelerating this process are warnings from U.S. senators that the Justice Department has twisted the Patriot Act into a "secret" surveillance mechanism far broader than Americans realize. "I believe that when more of my colleagues and the American public come to understand how the Patriot Act has actually been interpreted in secret, they will insist on significant reforms too," Sen. Ron Wyden, an Oregon Democrat who tried to block the law's renewal, said in May. Sen. Mark Udall, a Colorado Democrat, offered a similar warning. Industry and civil liberties groups are better organized than they were a decade or so ago. Last year, Apple, Amazon.com, Google, Facebook, IBM, Americans for Tax Reform, the Electronic Frontier Foundation, and others created a coalition to lobby Congress into enacting some of the same privacy protections that almost became law in 2000, including requiring a warrant to read e-mail or tracking someone's location. (CNET disclosed that police were engaging in warrantless tracking of cell phones.) On the other hand, the FBI and other police agencies aren't exactly eager to relinquish their expanded authority. In April, the Justice Department outlined what amounts to a frontal attack on the coalition, saying its proposals would have an "adverse impact" on criminal investigations. Making location information only available with a search warrant, James Baker, an associate deputy attorney general, told Congress, would hinder "the government's ability to obtain important information in investigations of serious crimes." A DOJ-backed data retention bill was approved by a House committee. Handicapping where this process will lead is difficult, but it's fair to say that privacy interest is growing, and fears about terrorism are being evaluated in a broader perspective (you're four times more likely to be killed by lightning than by a terrorist, for instance). Says Bankston, the EFF attorney, on increased surveillance: "It isn't making us safer. Instead, it's adding more hay to the haystack and making it harder for us to find the needle." From rforno at infowarrior.org Fri Sep 9 07:11:39 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Sep 2011 08:11:39 -0400 Subject: [Infowarrior] - Boiler Room, Meet Mail Room Message-ID: <690C1D2B-76F6-4097-827E-EC05EBFA16F1@infowarrior.org> September 8, 2011, 10:00 AM ET Boiler Room, Meet Mail Room By Josh Brown http://blogs.wsj.com/financial-adviser/2011/09/08/boiler-room-meet-mail-room/ Do you know anyone in the infomercial business? Go ask them how they can possibly give away ?not one, but TWO!? of each item, be it potato peeler or miracle meatslicer. The answer is that they make all their profit in the ?shipping and handling? figure. By throwing in a second item ?for free? they get to charge that $9.95 S&H fee twice. Get it now? So there ya go, you?ve learned something today?now keep that to yourself so Judy the TIME Life operator doesn?t lose her job and add to the already out-of-hand unemployment epidemic. Anyway, some of the last remaining transactional retail brokerage firms have learned this trick as well and they?ve used the old handling fee game to pad the amount of revenue they get from each customer transaction (as if it really costs $70 to regular-mail a trade confirmation in the continental United States). Finra caught on and yesterday announced total fines of almost a million dollars against some of the firms who were adding exorbitant handling charges onto stock trades that they were also taking commissions on (yes, amazingly there are still people paying stockbrokers full service 3% commissions in 2011 ? I know). From Financial Planning: "In its ruling on the five brokerages, Finra characterized their postage and handling fees as ?far in excess? of the handling-related service the firms provided. In some cases, brokerages hit customers with handling fees of almost $100 per transaction, earning a ?substantial percentage? of their revenue from the fees. The fees were charged in addition to commissions." There is no industry standard on postage and handling fees, say brokerage operations executives unrelated to the cases. Some firms charge as little as $3 per transaction while others charge more than $50. Let me give you a hint, civilians: If you are paying full service commissions for ordinary stock trades topped with $100 ?handling fees? on each transaction, your broker better be named Warren Buffett. I?m gonna go make some popcorn?I can?t wait to see what these firms come up with next. From rforno at infowarrior.org Fri Sep 9 14:35:03 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Sep 2011 15:35:03 -0400 Subject: [Infowarrior] - RIAA Sending DMCA Takedowns On *FREE* Music Being Distributed Directly Off Universal Music Website Message-ID: RIAA Sending DMCA Takedowns On *FREE* Music Being Distributed Directly Off Universal Music Website & Promoted By The Artist http://www.techdirt.com/articles/20110908/13510715850/riaa-sending-dmca-takedowns-free-music-being-distributed-directly-off-universal-music-website-promoted-artist.shtml from the left-hand,-right-hand? dept A week or so ago, we wrote about how Twitter had suspended accounts of a bunch of hip hop bloggers, after receiving DMCA takedown notices because the twitter accounts of those bloggers linked to blog posts about music that was sent by promoters working for the labels themselves. Anyone familiar with the hip hop promotion world knows that this is how it works. Hip hop blogs are the new radio for that genre, and the way you get your artist noticed is by sending a track to one of those blogs. So then issuing a takedown is kind of like having the promoter you hire ask a radio station to play a song... and then sending a legal threat letter when they do. Just another day in the major label world, however. In asking questions about these takedowns, Twitter sent over some recent links to Chilling Effects showing the details of the takedown, which leads us to some interesting discoveries. First, the party actually sending the takedowns is the RIAA. All of the letters in question say they come from "Job title: Online Anti-Piracy, RIAA." Elsewhere it says that the takedown notices are from Universal Music... but sent by the RIAA. Kinda makes you wonder what the RIAA actually knows about what the marketing folks are doing. Or, hell, what the actual artists and execs at Universal Music are doing. In some cases, the evidence suggests not much at all. Let's take just a few examples. If you start looking at some of the takedown notices -- try this one and this one and this one for starters, you see that a bunch of the takedowns were over the following: Description of original work: Sound and video recordings as performed by the artist known as The Dream. As you may know, The-Dream, also known as Terius Youngdell Nash, is one of the top producers, song writers and performers out there today. Take a look at the list of songs he has his fingerprints on. He wrote Beyonce's "Single Ladies." He wrote Justin Bieber's "Baby." He's written songs for pretty much every top artist. Rihanna, Usher, Mary J. Blige, Mariah Carey, Janet Jackson, Britney Spears. Even Celine Dion. He works for Def Jam, which is owned by Universal Music, as one of their key moneymaking songwriters. He's at the top of the game here. So, clearly, when he puts out his own work, you could understand why the RIAA would rush around demanding that everyone take down tweets linking to the music. Except... He also has his own label under the Def Jam label, known as Radio Killa. And if you go to the front page of Radio Killa Records right now, as we speak, you see that The Dream's new EP, 1977 is being given away free. Here's a screenshot of the front page. Note it says "THE NEW FREE ALBUM." If you click on the cover on his website (obviously not on our screenshot of it), it offers you a download of a .zip file containing all of the tracks. In other words, this Universal Records-owned label is giving away the music directly off of its own site. While the tweets that the RIAA demanded be taken down are gone, in looking it over and talking to some people, it appears they were linking to the download themselves. So the "infringing links" -- according to the RIAA's "anti-piracy expert" -- were to the Universal Music-owned label's own website and files. Brilliant. Meanwhile, The Dream himself was tweeting up a storm, telling people to download the tracks. And while he joked at one point that the lawyers might crack down and force him to take down the music, it's still up on a Universal Music website, and it seems quite reasonable for anyone linking to it to recognize that it's been authorized by Universal Music for distribution. Not only that, but he talks up the importance of giving the music away and jokes about all the "freeloaders" who are "flooding" his site with downloads. From there, he talks up how awesome it is that "everyone's playin'" the album and how much he loves and thanks his fans. When asked about it, he even stated that it's "free literally and figuratively." And... for those of his fans who promote the work that he's giving away for free directly on his label's website by linking to that free music on a Universal Music website... the RIAA sends takedown notices, and people risk completely losing their Twitter accounts. Yup. This is the RIAA. Protecting the interests of the "artists" right? From rforno at infowarrior.org Fri Sep 9 14:35:00 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Sep 2011 15:35:00 -0400 Subject: [Infowarrior] - Bamford: Post-9/11, NSA 'enemies' include us Message-ID: <06C322EA-F6E4-411D-8006-A76E0C352E0F@infowarrior.org> Post-9/11, NSA 'enemies' include us By: James Bamford September 8, 2011 09:34 PM EDT http://www.politico.com/news/stories/0911/62999.html Somewhere between Sept. 11 and today, the enemy morphed from a handful of terrorists to the American population at large, leaving us nowhere to run and no place to hide. Within weeks of the attacks, the giant ears of the National Security Agency, always pointed outward toward potential enemies, turned inward on the American public itself. The Foreign Intelligence Surveillance Court, established 23 years before to ensure that only suspected foreign agents and terrorists were targeted by the NSA, would be bypassed. Telecom companies, required by law to keep the computerized phone records of their customers confidential unless presented with a warrant, would secretly turn them over in bulk to the NSA without ever asking for a warrant. Around the country, in tall, windowless telecom company buildings known as switches, NSA technicians quietly began installing beam-splitters to redirect duplicate copies of all phone calls and email messages to secret rooms behind electronic cipher locks. There, NSA software and hardware designed for ?deep packet inspection? filtered through the billions of email messages looking for key names, words, phrases and addresses. The equipment also monitored phone conversations and even what pages people view on the Web ? the porn sites they visit, the books they buy on Amazon, the social networks they interact with and the text messages they send and receive. Because the information is collected in real time, attempting to delete history caches from a computer is useless. At the NSA, thousands of analysts who once eavesdropped on troop movements of enemy soldiers in distant countries were now listening in on the bedroom conversations of innocent Americans in nearby states. ?We were told that we were to listen to all conversations that were intercepted, to include those of Americans,? Adrienne Kinne, a former NSA ?voice interceptor,? told me. She was recalled to active duty after Sept. 11. ?Some of those conversations are personal,? she said. ?Some even intimate. ? I had a real problem with the fact that people were listening to it and that I was listening to it. ? When I was on active duty in ?94 to ?98, we would never collect on an American.? Despite his hollow campaign protests, President Barack Obama has greatly expanded what President George W. Bush began. And through amendments to the Foreign Intelligence Surveillance Act, Congress largely ratified the secret Bush program. So much intercepted information is now being collected from ?enemies? at home and abroad that, in order to store it all, the agency last year began constructing the ultimate monument to eavesdropping. Rising in a remote corner of Utah, the agency?s gargantuan data storage center will be 1 million square feet, cost nearly $2 billion and likely be capable of eventually holding more than a yottabyte of data ? equal to about a septillion (1,000,000,000,000,000,000,000,000) pages of text. By Sept. 11, 2011, the words of George Orwell in his novel ?1984? will have become prophetic. ?Any sound that Winston made, above the level of a very low whisper, would be picked up by it,? he wrote in 1949, long before the Internet. ?You have to live ? did live, from habit that became instinct ? in the assumption that every sound you made was overheard.? On Sept. 10, 2001, however, Winston would have found a radically different society. The NSA, the surveillance equivalent of a nuclear bomb, was allowed to point its massive antennas and satellites only away from the country. Before an American could be targeted, a judge from the Foreign Intelligence Surveillance Court would first have to find a link to terrorism or espionage in order to issue a warrant. And installing permanent taps on all of the country?s major communications links would have been impossible. More than 35 years earlier, one person warned of such a possibility. On Aug. 17, 1975, as America was enjoying a lazy summer watching ?Jaws? and ?The Exorcist? at the movies, Idaho Sen. Frank Church took his seat on ?Meet the Press.? For months, as the first chairman of the Senate Intelligence Committee, Church had been conducting the first in-depth investigation of America?s growing intelligence community. When he looked into the NSA, he came away shocked by its potential for abuse. Without mentioning the agency?s name ? almost forbidden at the time ? he nonetheless offered an unsolicited but grave warning: ?That capability at any time could be turned around on the American people and no American would have any privacy left, such [is] the capability to monitor everything: telephone conversations, telegrams, it doesn?t matter,? Church said. ?There would be no place to hide. If this government ever became a tyrant, if a dictator ever took charge in this country, the technological capacity that the intelligence community has given the government could enable it to impose total tyranny, and there would be no way to fight back because the most careful effort to combine together in resistance to the government, no matter how privately it was done, is within the reach of the government to know. Such is the capability of this technology. ?I don?t want to see this country ever go across the bridge. I know the capacity that is there to make tyranny total in America, and we must see to it that this agency and all agencies that possess this technology operate within the law and under proper supervision so that we never cross over that abyss. That is the abyss from which there is no return.? Church?s warning then has even more resonance today. In 1975, most people communicated only by telephone and the mail. While the NSA had the technical capability back then to intercept the limited telephone calls sent by satellite, it lacked the capability to monitor the millions of calls transmitted around the country over wires, the predominant method used, or anything sent through the mail. Today, with everyone constantly communicating over cellphones and email, and spending hours on the Internet, the agency has the ability not just to hear and read what someone says but even to understand what and how they think. America crossed Church?s proverbial bridge not because of the attacks. It?s been clearly shown that Sept. 11 could have easily been prevented with just the technology at hand ? it was caused by human failure, not technological failure. Rather, it was years of fearmongering that sent everyone rushing across the bridge. Without these draconian measures, we were told, we were in imminent danger of death by terrorist. For the Bush administration, the constant drumbeat of fear was necessary to launch and support the war in Iraq since no real danger existed. From the outside, America began resembling Deputy Barney Fife from ?The Andy Griffith Show,? shaking and trembling and constantly pointing a gun in every direction. There was Homeland Security with its rainbow of colors for security alerts; the weekly warnings of dire attacks, with no indication of time or location, none of which ever turned out to be credible; messages plastered on buses and billboards warning members of the public to keep a close eye on their neighbors and even their family; and body frisks at airports by security thugs looking for forbidden tubes of toothpaste. Church was also right in his warning that once over the abyss, there is no return. Laws put in place stay in place ? even if the reason for the fear is gone or never existed in the first place. And technology always moves forward; it never recedes. A surveillance system capable of monitoring 10 million people simultaneously this year will be able to monitor 100 million the next year ? at probably half the cost. And every time new communications technology appears on the market, rest assured that someone at the NSA has already found a way to monitor it. It?s what the NSA does. What Church likely never anticipated was the rise of the security-industrial complex, a revolving door between those generating the fears and those profiting from them. When warning the country of the dangers of an unchained NSA, Church may have been thinking of a passage from Friedrich Nietzsche when he spoke of the abyss: ?Whoever fights monsters should see to it that In the process he does not become a monster And when you look long into the abyss The abyss also looks into you.? James Bamford writes frequently on intelligence and produces documentaries for PBS. His latest book is ?The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America.? From rforno at infowarrior.org Fri Sep 9 14:54:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Sep 2011 15:54:33 -0400 Subject: [Infowarrior] - Senate Joins House to Pass Biggest Revamp of U.S. Patent System Since 1952 Message-ID: <90C07B4C-0745-4FBE-BE03-29A572216147@infowarrior.org> Senate Joins House to Pass Biggest Revamp of U.S. Patent System Since 1952 By Kathleen Hunter and Susan Decker - Sep 9, 2011 http://www.bloomberg.com/news/print/2011-09-08/senate-passes-revamp-of-u-s-patent-system.html The Senate passed an overhaul of the U.S. patent system that President Barack Obama has called crucial to his administration?s effort to boost job growth. In an 89-9 vote yesterday, the Senate cleared a bill passed by the House in June that would fundamentally alter the way patents are reviewed and mark the biggest change to U.S. patent law since at least 1952. The measure, called the America Invents Act, now heads to the White House for Obama?s signature. The legislation, H.R. 1249, would let the U.S. Patent and Trademark Office set its own fees and exercise greater control over its budget, providing the agency with more funding to address a backlog of almost 700,000 applications awaiting first review. Reducing the time it takes to give inventions legal protection will speed new products to the market and spur economic growth, according to the bill?s supporters. ?The creativity that drives our economic engine has made America the global leader in invention and innovation,? Senator Patrick Leahy, a Vermont Democrat who sponsored the measure, said in a statement. ?The America Invents Act will ensure that inventors large and small maintain the competitive edge that has put America at the pinnacle of global innovation.? The legislation, which culminates more than six years of negotiations and lobbying, covers every step of the patent process, setting new procedures to review issued patents while curtailing some litigation. It has the support of large companies including Microsoft Corp. (MSFT), International Business Machines Corp. (IBM) and a group that represents Johnson & Johnson (JNJ), Eli Lilly & Co. (LLY), 3M Co. (MMM) and General Electric Co. (GE) ?Rational Patent System? ?The America Invents Act, coupled with recent court decisions that provide more clarity and confidence for inventors, puts our patent system in a much better position to spur innovation and economic growth in the 21st century,? Robert Weber, IBM?s general counsel, said in an e-mail. He called the measure a ?bipartisan, common-sense bill that will significantly improve the U.S. patent system.? The funding provision, which also would let the agency increase fees paid by inventors and patent owners, is the cornerstone of the bill and has been a unifying issue even for those who oppose other provisions. Since 1990, the agency says, more than $800 million in fees have been diverted by lawmakers to non-patent purposes. 34-Month Wait The patent office is funded entirely by user fees. The Obama administration says the money is needed to hire more examiners and improve agency computer systems to cut the current 34-month wait for patent approval. ?This legislation should enable us to access all of our fees,? David Kappos, director of the patent office, said in a statement. ?Having access to all of our fee collections will enable us to immediately start hiring new examiners, instituting new patent acceleration tools, and aggressively modernizing our IT infrastructure.? The U.S. Chamber of Commerce, Washington?s largest business lobbying organization, supported passage, as did the United Steelworkers. A group representing large technology companies including Google Inc. (GOOG), Apple Inc. (AAPL), and Intel Corp. (INTC) also backed the measure. ?By promoting clearer, more certain and more consistent patent rights, this bipartisan legislation gives America?s inventors the intellectual property guarantees they need to raise funds, invest in research and development and launch technologies that will help them expand and hire more workers,? Acting Commerce Secretary Rebecca Blank said in a statement. Job Creation Representative Lamar Smith, the Texas Republican who sponsored the House version, said that once the president signs it into law, the measure ?will be one of the most significant jobs creation bills enacted by Congress this year.? Obama cited the bill?s passage in his speech last night to a joint session of Congress. ?You passed reform that will speed up the outdated patent process, so that entrepreneurs can turn a new idea into a new business as quickly as possible,? he said. ?That?s the kind of action we need.? A group of technology companies that includes InterDigital Inc. and Tessera Technologies Inc. (TSRA) had said the House-passed measure doesn?t do enough to guarantee more funding for the patent office since the agency still has to get congressional approval to spend money it collects above its annual budget. Coburn Criticism ?Hopefully, Congress will deliver on the funding the PTO needs to administer its charge,? Brad Ditty, general patent counsel for InterDigital, said in an interview. ?One of the things we?re concerned about is the PTO has a lot of difficult work ahead of it, and without knowing what type of multiyear funding situation they?re in, it could be difficult for them to execute some of the more aggressive steps they need to take.? Senator Tom Coburn, an Oklahoma Republican who tried unsuccessfully to alter the bill to give the agency full control over the fees it collects, said language in the House bill was inadequate to keep Congress from diverting the funds. Groups representing small businesses say the legislation will benefit large companies over independent inventors, create a rush to the patent office and establish onerous review procedures that will weaken the power of patents to protect inventions. ?This legislation will irreversibly damage the ability of small-business owners and entrepreneurs to create, develop and commercialize their innovations,? said Todd McCracken, president of the National Small Business Association, a Washington-based group that says it represents 150,000 small businesses nationwide. ?To think this bill will have anything but negative implications on job creation is absurd.? First to File Under the bill, patents would be granted to the first inventor to file an application, ending an often time-consuming procedure to determine who came up with an idea first and bringing the U.S. in line with patent laws in other countries. All newly issued patents may be subject to a challenge from third parties, a variation of a process used by the European Patent Office. Third parties would be allowed to submit information for consideration during the application process. The bill also would limit patents on tax-avoidance strategies, though companies including Intuit Inc. (INTU) and H&R Block Inc. (HRB) have said they would retain protections for their tax- preparation software. Finance Patents Banks including Bank of America Corp. (BAC) and Citigroup Inc. (C) would get new power to seek to cancel finance-related business method patents that they argue are of questionable validity. Companies that own such patents, including DataTreasury Corp. and Trading Technologies International Inc., have accused the banks of using their clout in Washington to avoid paying for using someone else?s inventions. The trade group for generic-drug companies including Mylan Inc. and Watson Pharmaceuticals Inc. opposes the bill because there?s a provision that lets patent owners retroactively correct errors that might otherwise lead a court to invalidate the patents. The Washington-based Generic Pharmaceutical Association also objects to language in the bill that would ease deadlines for seeking a patent-term extension granted to compensate drugmakers for the time it takes to get regulatory approval. The provision would provide a clear victory to Medicines Co. (MDCO), which won a court ruling that it was entitled to an extension even though it missed a deadline for an extension on the main patent for its only drug, the anticoagulant Angiomax. Fresenius SE (FRE)?s APP Pharmaceuticals unit is appealing that decision after the government said it wouldn?t challenge the judge?s decision in favor of Medicines Co. Other provisions would limit lawsuits in which a manufacturer is accused of putting expired patent numbers on packaging and establish satellite offices the agency could set up nationwide to tap into local workforces. To contact the reporters on this story: Kathleen Hunter in Washington at khunter9 at bloomberg.net; Susan Decker in Washington at sdecker1 at bloomberg.net To contact the editors responsible for this story: Katherine Rizzo at krizzo5 at bloomberg.net; Allan Holmes at aholmes25 at bloomberg.net From rforno at infowarrior.org Sat Sep 10 08:18:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Sep 2011 09:18:43 -0400 Subject: [Infowarrior] - 9/11: The day we lost our privacy and power Message-ID: <2542609F-4E91-4394-B09C-13146A888379@infowarrior.org> Original URL: http://www.theregister.co.uk/2011/09/10/how_september_11_changed_our_world/ 9/11: The day we lost our privacy and power Every day, we have to prove we have 'nothing to hide' By Duncan Campbell Posted in Government, 10th September 2011 10:00 GMT Investigative reporter Duncan Campbell reflects how 9/11 has torpedoed resistance to intrusion and undermined privacy rights born of earlier struggles. It may, irreversibility, have changed the way we think. ----- 9/11 was a savage nightmare that took too long to happen for some in the West. For 12 fallow years, from the fall of the Wall to the fall of the Towers, there was a brief golden period in which no great common enemy menaced all unseen beyond the distant horizon. There was no simple spectre of fear on which to construct, fund and operate surveillance platforms, or reason to tap data funnels into society's communications and transport arteries. Through the '90s, in debates about the control of communications and electronic security measures ? amid a US-led hue and cry for government control of all cryptography (remember the "Clipper Chip [1]"?) ? the "what if" question hung always in the mouths of the proponents of more control. What if terrorists had a nuke? A new virus to plague civilisation? But the bad guys largely stayed off stage. The inter-Irish conflict that had dogged the UK had subsided into a peace process. There was a global terrorist shortage. Then the catastrophe hardliners had secretly longed for was on everyone's screens, providing the justification for rafts of intrusive new surveillance measures. The common criminality that caused carnage in New York and Washington was elevated to a war that became the GWOT, the global war on terror that endures today. It seems that on that day, and for the sake of that war, civil society's power to control surveillance of the wired world has eroded, and with it the moral authority to impose controls on what shall be done in security's name. The zeitgeist has changed. Much aided and abetted by the internet giants [2]' readily expressed contempt for privacy in the rush to monetise their customers and their customers' data, the long-term legacy of 9/11 is that new generations are being schooled to no longer see or understand why control of personal information may really matter, and why in history it does and did matter. "Warrantless wiretapping" of the internet and other intrusions have become a fact of life. When secret agreements made by the US National Security Agency (NSA) to access American telephone and cable networks started to become public in 2005, it was soon apparent that they had been made unlawfully, on the basis of questionable and undisclosed secret authorities from the Bush White House given after 9/11. Privacy advocates fight back But when lawsuits started by the Electronic Frontier Foundation [3] and other privacy advocates started to gather traction, the rules were changed. Supported, sadly, by Senator Obama before his election, the lawmakers handed out get-out-of-jail-free cards indemnifying the communications companies and their executives from prosecution and lawsuits. GWOT was their trump card. Once, we did understand. Twenty-five years ago, Independent science correspondent Steve Connor and I wrote a tome about Britain's Databanks and the effect of growing data processing on civil society. Steve had located Britain's first ever vehicle Automatic Number Plate Recognition (ANPR) device, a washing-machine-sized contraption planted on a motorway bridge near St Albans. It heralded the potentially tyrannical ultimate development of a nationwide movement surveillance. We both reached for and proclaimed words from early reviews of data protection laws that had warned that new sensors and new software such as free text retrieval (FTR) raised "new dimensions of unease". A quarter-century on [4], these words are all but unsayable. The thoughts no longer fit the world. Every sort of record is analysed in every way. A vast nationwide ANPR network is in place and growing every week, collating years of movement records in a Hendon database for potential analysis for any purpose. Every traveller, whether of current interest or not, has her or his movements logged. There was no parliamentary debate. Only on one occasion, in Birmingham, has an ANPR network been rolled back from a community targeted for intense surveillance. For now, ANPR sensors placed around Britain's roads remain marginally distinguishable from "ordinary" traffic cameras and CCTV (since they feature infrared illuminators and require at least one camera per lane). But that will change within less than a decade, as the signatures of these and other new surveillance devices vanish to invisibility. For this writer, the political effect of 9/11 was immediate, personal and direct. Six days before the towers came down, the European Parliament had passed 25 recommendations for securing domestic and international satellite communications from the Anglo?American surveillance system known as Echelon. I had uncovered and first reported on the Echelon network in 1988. It took a decade more for its significance to become widely known, mainly because of further investigation and revelations by New Zealand investigator Nicky Hager [5] in his book Secret Power. Although now widely mis-described in web chat as a generalised surveillance octopus, Echelon's purpose and hardware was quite specific. In 1969, new receive-only satellite ground stations were built in Cornwall, UK and West Virginia, USA, and soon after around the world, to copy and analyse all international satellite communications. That part of all international communications which was digital ? communications addresses, data streams, faxes and telexes ? were fed into early text-recognition software, the Echelon Dictionary, and then extracted and fed out. In 1999, the European Parliament commissioned reports [6] on Echelon, and then asked for further checks and legal recommendations for controlling spying from EP vice president Gerhard Schmid. Schmid's detailed recommendations were passed without exception by the full parliament on 5 September 2011. They would have been an important new step to protect the privacy of global communications. But in less than a week, the project to control Echelon and its like lost moral authority. The proposals soon sank into the dustbin of history. In their wake, quite apart from the now well-publicised episodes of kidnapping (rendition) and torture, a new archipelago of monitoring and control and extrajudicial punishment has come into being. The US has according to a major new study published this week, created a vast and almost unseen archipelago of secret operations and control centres. Top Secret America [7] is the product of two years' of research by former military intelligence analyst Bill Arkin and a team from the Washington Post [8]. They found that since 9/11, more than 1,200 government agencies and 2,000 private corporations at over 10,000 locations within the United States alone have created an unstoppable and barely controllable top secret network to support the GWOT. Like Arkin and his team, I have tramped around recondite suburbs and industrial parks in Maryland, Virginia, Washington, Colorado and elsewhere to view the architecture of this new world. In Washington alone, the new homeland security, intelligence and counterterrorism real estate includes 33 new building complexes erected since 2001, with a net floorspace 22 times greater than the Congress [9]. Constellations of these centres have grown everywhere: in the UK at Menwith Hill in the Yorkshire dales; in the US in Texas, Georgia, Colorado. The monolithic and windowless nature of the buildings is dictated by an extreme electronic security requirement that they be SCIFs (Secure Compartmented Information Facilities). Apart from physical security and personnel control systems, the signature physical aspect of a SCIF is that no electronic emanations reflecting what happens inside should be carried out by cable, fibre or through a window. Not a photon shall escape. Some are merely windowless and featureless blockhouses. Others sport multiple satellite connections that supplement the buried and unseen fibre global networks. Bolling Airforce Base on the Potmomac. Denver and Buckley buildings Arkin and co?author Dana Priest conclude that "hardly anyone truly comprehends the enormous expansion of the military, intelligence and homeland security bureaucracy that has occurred over the past decade, and the often irrational transformation of American life that has accompanied it." Some centres manage satellites. Others collate and assess information harvested from the internet. Modern warfare bases in Nevada and California and on the east coast house control centres for the growing fleets of UACVs which can remotely administer final punishment on those considered to be threats. No courts or judges are required, or indeed allowed in. A large part of the new technical apparatus since 9/11 is devoted to filtering international communications passing through the United States, including the communications of American citizens. Thanks to courageous whistleblowers and the persistence of campaigners such as EFF, details of NSA's surveillance network have been coming to light since 2006. Wiring plans and fibre schematics provided by a former technician for the communications company AT&T showed how optical fibres running through their San Francisco hub had been spliced and tapped to take much of the United States' west coast internet traffic into a secret monitoring room, and on into analysis centres. Wiring plans and fibre schematics provided by a former technician for the communications company AT&T Further and later investigations [10] showed that the plans for the San Francisco and other taps into the global internet had been developed in the late 1990s, but that the full?scale go ahead was only given late in 2001. EFF assessed that there might be hundreds of similar access points spread through communications centres. Pivotal to sanctioning breaches of law and the setting aside of historic protections that the United States had gained after the War of Independence and in its Bill of Rights, was a lie about terrorists and computers. The lie remains on the internet to this day. On 6 December 2001, US Attorney General John Ashcroft ? desperate to leverage support from the US Senate for the radical post 9/11 PATRIOT act that would hand the government powers unprecedented in peacetime ? announced the publication of an "Al Qaeda manual" found by the US government. The manual he said, was "a "how? to" guide for terrorists ? that instructs enemy operatives in the art of killing in a free society ? in this manual, al Qaeda terrorists are told how to use America's freedom as a weapon against us. ? Imprisoned terrorists are instructed to concoct stories of torture and mistreatment at the hands of our officials." (sic) The manual was allegedly "found in a computer file" [11] described as "the military series" related to the "Declaration of Jihad". Among the many problems with these assertions is that the document Aschroft described was not on a computer and could not have been. It was a limited edition paper book prepared in the 1980s, at a time when Al Qaeda did not exist and when Mr Bin Laden was helping run a guesthouse for fighters supporting the US-backed attacks on the Soviet occupiers of Afghanistan. It was souvenir from that first war kept by a fighter who had moved to Manchester, England. When the police called on him in 2001, there were no computers in his house. He handed it to them and told them what it was. The rest of the story was made up in Washington after 9/11. The book is not called the al Qaeda manual, and does not mention al Qaeda or Osama Bin Laden. Its target was not the West but rather corrupt Arab states. It was written at a time when the Soviet Union was ruled by the communist party. The manual is still online, and still dishonestly described, here [12]. Can the zeitgeist change back? Part of the problem lies in the construction of journalism in approaching privacy issues. No newspaper or magazine wants to talk about theory or abstract principles. Anecdotes rule the day. Editors want victims of the putative harms of excessive surveillance. And not just any victims: they want fresh new and charismatic victims whose stories are exclusive to their outlet, whose allegations and fears are sufficiently well documented and clear to satisfy lawyers, yet simple enough to slim to a soundbyte. This is not a new structural problem in journalism or politics. It can make it hard for many to argue against the jibe that they have "nothing to hide". This is never true, of course, but it leads an informed audience away from the central harm, which is that it is the existence of uncontrolled surveillance and (critically) the power to act on its results, that causes harm to society. This is the "chilling effect". Fear, no more and no less. Enhanced fear has now been common currency for a decade. It could be why ? following Winston Smith, the central character of 1984 ? that since 9/11 we may all be headed to a time why we don't understand anymore why privacy matters. Perhaps part of this may have been inevitable, driven by Moore's Law and the related effects of decades of exponential growth in IT capabilities. What 9/11 has done to take away the idea that we should have the power to control what happens next. ? From rforno at infowarrior.org Sat Sep 10 09:01:57 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Sep 2011 10:01:57 -0400 Subject: [Infowarrior] - OT: So much for citizens helping citizens Message-ID: <3B17BA2D-0273-4DBC-936C-D079C252650B@infowarrior.org> Citizen Ticketed For Directing Traffic After Police Fail To In South Pasadena September 9, 2011 2:57 PM http://losangeles.cbslocal.com/2011/09/09/citizen-ticketed-for-directing-traffic-after-police-fail-to-in-south-pasadena/ SOUTH PASADENA (CBS) ? We?ve all heard the saying: no good deed goes unpunished . . . and that?s exactly what happened to a South Pasadena resident who was issued a ticket by police for his charitable act. When a major traffic light in the area went out Thursday morning, Alan Ehrlich took matters into his own hands, directing traffic at Fair Oaks and Huntington avenues. ?I grabbed a bright orange shirt that I have and a couple of orange safety flags. I took it upon myself to help get motorists through that intersection faster,? said Ehrlich. Before Ehrlich stepped in, traffic was backed up for more than a mile and it took more than 30 minutes to get through the busy intersection. Ehrlich said the Sept. 8 incident wasn?t the first and that the light goes out regularly. ?It was just kind of chaos of cars . . . there were stop signs up. But people were challenging each other to get through the intersection,? said Richard Gerrish who works at an office located at the intersection. Gerrish said Ehrlich cleared up the mess in 10 minutes. After 15 minutes, South Pasadena police say they finally received a call about their newest traffic officer. Police responded to the scene and told Ehrlich to stop and issued him a ticket, but never stepped into direct traffic themselves. ?I don?t know if this ticket is $50 or $400 dollars. It?s a small price to pay for the greater good,? Ehrlich said. South Pasadena Police Chief Joe Payne said he did not have the man power needed to staff officers at Fair Oaks and Huntington Thursday and that is safer to allow traffic to back up. ?We have limited resources . . . we need to prioritize them. One of the major intersections out at rush hour in our city should be a priority,? Ehrlich added. He already has plans to address the matter at an upcoming city council meeting. Police and the city of South Pasadena say they currently have no plans to change any procedures. From rforno at infowarrior.org Sat Sep 10 11:43:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Sep 2011 12:43:29 -0400 Subject: [Infowarrior] - Summit Entertainment's at it again.... Message-ID: Summit Entertainment Sues Guy Who Registered Twilight.com In 1994 For Trademark Infringement from the are-you-freaking-serious? dept http://www.techdirt.com/articles/20110909/01214215861/summit-entertainment-sues-guy-who-registered-twilightcom-1994-trademark-infringement.shtml Movie studio Summit Entertainment has become somewhat notorious for its ridiculously over aggressive attempts to "protect" what it believes is its intellectual property. Just look at the list of stories, we've written about the company. It has shut down fanzines, stopped a documentary about the real town where Twilight is supposed to take place, sued a fashion designer for accurately noting that one of its jackets was worn by "Bella" in Twilight, been involved in a legal battle with Bath & Bodyworks for selling a body lotion called "Twilight Woods," which had nothing to do with the movies, and pressed criminal charges against a fan who tweeted some photos from the movie set of the latest Twilight flick. This is a company that has a massive entitlement complex, and a somewhat faulty notion of intellectual property law. Its latest move is to sue the guy who owns Twilight.com -- which he registered in 1994, eleven years before Stephenie Meyer published the first Twilight book and thirteen years before Summit Entertainment bought the movie rights to the book. The site, which is rather simple, does present some Amazon links to let people buy legitimate Twilight products (something you'd think Summit would like...). The key complaint, once again, shows the technological cluelessness of Summit. The studio says that the site infringes with links to unauthorized Twilight contests and casting calls. But, as THREsq points out in the link above, Summit appears to be confusing the content found in the Google AdSense on Twilight.com with specific links put up by the site's owner, Tom Markson. One hopes that Markson can find himself a good (pro bono?) lawyer who can explain to Summit and the court that this is not how trademark law works. From rforno at infowarrior.org Sat Sep 10 13:26:09 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Sep 2011 14:26:09 -0400 Subject: [Infowarrior] - ITU: The Quest for Cyber Peace Message-ID: <509AFD19-9FD4-4259-83E9-8792BDB924EC@infowarrior.org> International Telecommunication Union THE QUEST FOR CYBER PEACE By Dr Hamadoun I. Tour? Secretary-General of the International Telecommunication Union and the Permanent Monitoring Panel on Information Security World Federation of Scientists January 2011 http://www.itu.int/en/publications/gs/pages/publications.aspx?parent=S-GEN-WFS.01-1-2011&media=electronic From rforno at infowarrior.org Mon Sep 12 06:20:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Sep 2011 07:20:36 -0400 Subject: [Infowarrior] - Judge: "staggering chutzpah" describes copyright troll Message-ID: Kurt from the Electronic Frontier Foundation sez, "A judge the the Northern District of Texas writes a blistering opinion, sanctioning Evan Stone, attorney for porn studio Mick Haig Productions, $10,000 for improperly issuing subpoenas to ISPs without court permission in order to obtain the identities of alleged p2p file sharers. The Court had appointed EFF and Public Citizen to represent the alleged file sharers." Gotta love copyright trollery that causes a judge to use the term "Staggering Chutzpah" in his official communications from the bench. < - > To summarize the staggering chutzpah involved in this case: Stone asked the Court to authorize sending subpoenas to the ISPs. The Court said ?not yet.? Stone sent the subpoenas anyway. The Court appointed [EFF and Public Citizen] to argue whether Stone could send the subpoenas. Stone argued that the Court should allow him to ? even though he had already done so ? and eventually dismissed the case ostensibly because the Court was taking too long to make a decision. All the while, Stone was receiving identifying information and communicating with some Does, likely about settlement. The Court rarely has encountered a more textbook example of conduct deserving of sanctions. http://boingboing.net/2011/09/11/judge-copyright-troll-showed-staggering-chutzpah-in-sending-its-own-subpoenas-to-isps.html From rforno at infowarrior.org Mon Sep 12 16:31:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Sep 2011 17:31:41 -0400 Subject: [Infowarrior] - MTA: If you see something, sue something. Message-ID: c/o DG Updated: Sun., Sep. 4, 2011, 7:10 AM MTA sees something - says stop! http://www.nypost.com/f/print/news/local/mta_sees_something_says_stop_B5W9Moodq0Vl8d6NbvW5RO By ANNIE KARNI Last Updated: 7:10 AM, September 4, 2011 Posted: 1:08 AM, September 4, 2011 If you see something, sue something. The Metropolitan Transportation Authority is challenging copycats attempting to obtain the trademark for its "If you see something, say something" counterterrorism slogan born in the wake of 9/11. Midwestern T-shirt hawker Gregory Pastor applied to trademark the catchphrase in order to advertise a clothing store in the small village of Mantua, Ohio, according to paperwork at the US Patent and Trademark Office. And a cyberstalking watchdog group based in Scottsdale, Ariz., NCAP Security Systems, filed an application last February to trademark the alliterative six-word motto. The MTA is moving quickly to protect the slogan it trademarked in 2007 and plans to mount challenges before a federal trial and appeals board against both applicants. "The slogan is not allowed for use in communications other than the intended anti-terrorism message," said MTA spokesman Sam Zambuto. In fact, the agency allows 54 entities, from the Department of Homeland Security to the Maryland Natural Resources Police, to use the catchphrase in public campaigns. Federal officials say the trademark office does not reject applications unless an examiner deems it will "cause confusion with a prior registered mark." But it's not the first time the MTA has taken a hard line against knockoff artists to protect its favorite catchphrase. Unapproved copycats -- including Harvard -- have popped up "several times" in the last few years. Transit officials sent a terse letter to the Ivy League school in 2008 after it attempted to use the slogan to advertise a student-safety campaign on campus, an MTA spokesman said. The MTA didn't realize that campus security at Vanderbilt University in Nashville, Tenn., also employs the phrase on posters. It is now looking into that encroachment. "See Something, Say Something" was coined by Allen Kay, chairman of the ad agency Korey Kay & Partners, which counted the MTA as a longtime client. Over the last 10 years, Kay's pithy slogan has gone global. Even the mayor of Amsterdam uses it -- with permission. But it enrages Kay when competitors try to bastardize his work. "I don't think they have a right to it," he said of the competing trademark applicants. "I live for original ideas. "It galls me anytime someone does something derivative -- or outright steals. I think that's despicable." akarni at nypost.com From rforno at infowarrior.org Mon Sep 12 17:03:39 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Sep 2011 18:03:39 -0400 Subject: [Infowarrior] - =?windows-1252?q?Copyright_Troll_Righthaven_Says_?= =?windows-1252?q?It=92s_Nearing_Bankruptcy?= Message-ID: <20774D6F-3FA4-4BC5-8ED1-61E7F3BBC750@infowarrior.org> Couldn't happen to a more worthy company IMHO. -- rick Copyright Troll Righthaven Says It?s Nearing Bankruptcy ? By David Kravets http://www.wired.com/threatlevel/2011/09/righthaven-nearing-bankruptcy/ The Las Vegas copyright-trolling firm Righthaven told a Nevada federal judge Friday it might file for bankruptcy protection, or cease operations altogether. To prevent that, Righthaven is asking U.S. District Judge Philip Pro to stay his decision requiring Righthaven pay $34,000 in legal fees to an online commenter it wrongly sued for infringement. Judge Pro ruled in June that a Vietnam Veteran?s posting of an entire Las Vegas Review-Journal article was fair use, and ordered opposing legal fees. Righthaven is appealing the order, which it says would leave it insolvent. ?Righthaven faces the very real threat of being forced out of business or being forced to seek protection through bankruptcy (.pdf) if the court does not stay the judgement pending resolution of the company?s appeal to the Ninth Circuit,? Shawn Mangano, Righthaven?s attorney, wrote Judge Pro. Righthaven?s lawsuit, one of about 275, targeted Wayne Hoehn, who posted all 19 paragraphs of November editorial from the Las Vegas Review-Journal, which is owned by Stephens Media. Hoehn posted the article, and its headline, ?Public Employee Pensions: We Can?t Afford Them? on medjacksports.com to prompt discussion about the financial affairs of the nation?s states. Hoehn was a user of the site, not an employee. The deadline for Righthaven to pay Hoehn for his legal defense is Wednesday. Prevailing parties in Copyright Act cases are entitled to attorney fees and costs. Marc Randazza, Hoehn?s attorney, says Righthaven should cough up the legal fees. ?Remember, it?s not like we sued them,? Randazza said in a telephone interivew. ?Righthaven figured this guy was some defenseless yahoo, he?d settle up quick and move on. They underestimated him hard. He fought, and now that the judge has ruled, you break it, you buy it.? ?Nobody is playing a violin for these guys,? Randazza added of Righthaven. Steve Gibson, Righthaven?s chief executive, did not immediately respond for comment. Righthaven?s acknowledgment that it was nearing insolvency came two days after the new chief executive of MediaNews Group, publisher of the Denver Post and 50 other newspapers, told Wired.com it was ?a dumb idea? for the nation?s second-largest newspaper chain to sign up with Righthaven, and was terminating relations at month?s end. And on Wednesday, Wired reported that Righthaven, founded more than a year ago to monetize print news content through copyright infringement lawsuits, was struggling after several courtroom setbacks, and was ceasing filing new lawsuits pending resolution of the Hoehn case and others. Some of the appeals question Righthaven?s legal standing to even bring lawsuits. Righthaven?s only other known client, Stephens Media of Las Vegas, had invested $500,000 into the operation last year. From rforno at infowarrior.org Mon Sep 12 20:37:04 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Sep 2011 21:37:04 -0400 Subject: [Infowarrior] - Study Shows Insulin Spray Boosts Memory in Alzheimer's Patients Message-ID: <030EE5AB-17DF-4A1B-9AE1-496D3AA75702@infowarrior.org> HEALTH -- September 12, 2011 at 5:01 PM EDT Study Shows Insulin Spray Boosts Memory in Alzheimer's Patients By: Murrey Jacobson http://www.pbs.org/newshour/rundown/2011/09/insulin-spray-boosts-memory-in-alzheimers-patients.html What if you could prevent or slow Alzheimer's Disease just by giving patients nasal spray containing insulin, just once or twice a day after a meal? Researchers have been exploring that possibility for some time. But a new study out Monday provides the best indications yet that such a treatment might provide some hope for helping at least early stage Alzheimer's patients. Results from the trial -- a so-called Phase II trial designed to test the safety and early efficacy of such an approach -- were published in the Journal of Neurology. Scientists tested 104 patients with either early to moderate-stage Alzheimer's or mild cognitive impairment (often a harbinger for Alzheimer's) to see how they responded to the insulin spray. Thirty-six participants received a moderate dose of the insulin spray twice a day for four months, 36 got double that dose, and 30 of the patients were on placebo. The initial results were encouraging. Compared to the placebo group, patients who took the moderate dose did 25 percent better on testing for memory than the placebo group over a four-month period, said Suzanne Craft, who led the research at the Veterans Affairs Puget Sound Health Care System and University of Washington School of Medicine. Craft will discuss the results on the NewsHour Monday. "We also saw improvement on a test of general thinking by both groups that were treated with insulin," Craft said. "Their family members also said they showed a better ability to function daily like managing things at home, taking care of daily finances." "The proof of principle here is important because it tells us that this area of study is important," said Craft. "Areas of insulin regulation are important targets for Alzheimer's Disease." More than 5 million Americans have Alzheimer's, and that number is expected to swell in coming years as the population ages. The idea behind the insulin trial, Craft said, is that researchers increasingly understand that insulin plays an important role in the brain in both supporting memory, processing new information and protecting against the toxic effects of proteins like beta-amyloid, which collects in the brains of people with Alzheimer's. "Alzheimer's patients," she said, "seem to have a deficiency of insulin in their brains. This led to the hypothesis that if we were to supplement insulin, we might be able to improve their symptoms or the pathology that is causing the disease. We were searching ways to get insulin to the brain. What we came up with was administering it to the nose -- using a specialized device that targets insulin to the upper part of the naval cavity. Insulin reaches the brain within a 15 to 30-minute timeframe that way." Doctors also took PET scans of some patients, comparing the decline of the glucose metabolism in the brains. As shown in this slide of those scans, patients who took a daily dose of insulin had less of a decline in that metabolism than the placebo group. "I absolutely believe this is an important step forward," said Craft. "It needs to be taken to the next level of a Phase III trial (the gold standard) to see if it can be a therapy. At the very least we hope that if we can stabilize patients with mild cognitive impairment, they're quite functional. To stabilize that group would be a huge advantage. And there are reasons based on biology of what insulin does to examine whether it can do more than just stabilize pathology: Could it reverse or improve that pathology?" Dr. Laurie Ryan, who oversees clinical trials of Alzheimer's Disease at NIH's Institute of Aging (which funded this study, too) cautioned that individuals should not place too much hope in a Phase II trial just yet. "It's very encouraging," she said. "But there's not going to be just a single treatment for Alzheimer's. We're exploring this. We're also studying and testing other drugs and vaccines. There's not going to be a single magic bullet." "I think there are several pathways to developing Alzheimer's disease," added Craft. "So an approach that might work for one group of patients might not work for another. And I think that makes things a bit more complicated. We'd like to have a one-size-fits-all approach, but that's not likely." From rforno at infowarrior.org Tue Sep 13 09:07:51 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Sep 2011 10:07:51 -0400 Subject: [Infowarrior] - National Archives sits on 9/11 Commission records Message-ID: <7F364275-BA86-40B7-9775-DA65BA55D922@infowarrior.org> Exclusive: National Archives sits on 9/11 Commission records http://www.reuters.com/article/2011/09/08/us-sept11-archive-idUSTRE7872QI20110908 Thu, Sep 8 2011 By Scot J. Paltrow NEW YORK (Reuters) - Ten years after al Qaeda's attack on the United States, the vast majority of the 9/11 Commission's investigative records remain sealed at the National Archives in Washington, even though the commission had directed the archives to make most of the material public in 2009, Reuters has learned. The National Archives' failure to release the material presents a hurdle for historians and others seeking to plumb one of the most dramatic events in modern American history. The 575 cubic feet of records were in large part the basis for the commission's public report, issued July 22, 2004. The commission, formally known as the National Commission on Terrorist Attacks Upon the United States, was established by Congress in late 2002 to investigate the events leading up to the 9/11 attacks, the pre-attack effectiveness of intelligence agencies and the Federal Bureau of Investigation, and the government's emergency response. In a Reuters interview this week, Matt Fulgham, assistant director of the archives' center for legislative affairs which has oversight of the commission documents, said that more than a third of the material has been reviewed for possible release. But many of those documents have been withheld or heavily redacted, and the released material includes documents that already were in the public domain, such as press articles. Commission items still not public include a 30-page summary of an April 29, 2004 interview by all 10 commissioners with President George W. Bush and Vice President Dick Cheney, conducted in the White House's Oval Office. This was the only time the two were formally questioned about the events surrounding the attacks. The information could shed light on public accounts the two men have given in recent weeks of their actions around the time of the attacks. Several former commission staff members said that because there is no comprehensive effort to unseal the remaining material, portions of the records the commission had hoped would be available by now to scholars and the public instead will remain sealed indefinitely. In 2004 Commission Chairman Thomas Kean said publicly that he was eager for most of the records to be released as quickly as possible. In a Reuters interview last week, Kean said he was not aware until told by Reuters that only a small portion of the records have since been unsealed, and he saw no justification for withholding most of the unreleased material. Kean said the commissioners had agreed on the January 2, 2009 date for release so that the material would not come out until after the 2008 elections. "We didn't want it to become a political football," he said. But he added: "It should all be available now... We (commissioners) all felt that there's nothing in the records that that shouldn't be available" once the election had passed. STILL CLASSIFIED The still-sealed documents contain source material on subjects ranging from actions by President Bush on the day of the attacks to the Clinton White House's earlier response to growing threats from al Qaeda - information that in some instances was omitted from the 2004 report because of partisan battles among the commissioners. The sealed material also includes vast amounts of information on al Qaeda and U.S. intelligence efforts in the years preceding the attacks. Shortly before the commission ceased to exist in August 2004, it turned over all of its records to the archives. In a letter dated August 20, 2004, the commission's chairman and vice chairman instructed the archives to make the material public "to the greatest extent possible" on January 2, 2009, "or as soon thereafter as possible." Philip Zelikow, who was the commission's staff director, said the summary "could be declassified in full without any harm to national security." Zelikow, a historian at the University of Virginia who for a time also was a top adviser to Secretary of State Condoleezza Rice, said the same is true for a 7,000-word summary he helped prepare for the commission of daily presidential intelligence briefings from 1998 through the attack. He said the summary would be a boon to scholars studying the history of U.S. intelligence work. Stephanie Kaplan, a former commission staff member who is now working on a Ph.D. dissertation at the Massachusetts Institute of Technology on al Qaeda, said she has had to rely heavily on other sources because so little of the commission data is public. Fulgham said that in preparation for the 2009 deadline, the archives assigned additional employees for some months to help prepare disclosure of an initial batch of records. But since then the effort has ground to a halt, in part because of a shortage of personnel and the difficulty of dealing with classified material, Fulgham said. He said another big problem is that roughly two-thirds of the commission material remains classified by the agencies that gave it to the commission. In its 2004 letter, the commission had asked the archives to submit all classified material to the agencies that created the documents to review them for declassification. But Fulgham said the archives has not done so. He said there was little point in asking agencies such as the CIA and State Department to declassify the material because they already are swamped evaluating other, much older material for release, in part in response to a presidential order to declassify as many records as possible that are at least 25 years old. Scholars and public-interest organizations that focus on foreign policy and national security have long complained that the government classifies far more material than necessary. Kean said when he headed the commission, "Most of what I read that was classified shouldn't have been." He said. "Easily 60 percent of the classified documents have no reason to be classified - none." Kristen Wilhelm, the sole archives official now assigned to review the commission documents, said in an interview that the records agency has focused on releasing material created by the commission itself, such as "memoranda for the record" in which commission staff summarized research and interviews. She said the archives decided to emphasize releasing that material because it is the only possible source for it. Wilhelm said she now mainly just responds to individual requests for information, and in most instances refers applicants to the agencies that created the documents rather than working to unseal the material herself. She said researchers could file Freedom of Information Act requests with individual federal agencies for documents they had turned over to the commission. Commission records held by the Archives itself are exempt from FOIA because the commission was established by Congress and the legislative branch records are exempt from FOIA. Some of the material now public is posted on the archives website, particularly the staff-written memoranda and transcripts of some commission interviews. But Wilhelm said most of the released material can be viewed only at the archives' headquarters. John Berger, an author who maintains a website of terrorism and 9/11-related documents, said the failure to release more material is bad for the country because scholars and journalists are often able to analyze such material in depth, producing valuable insights. "You can point to things produced from declassified documents that help our understanding and the government's understanding of urgent problems," he said. From rforno at infowarrior.org Tue Sep 13 09:10:24 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Sep 2011 10:10:24 -0400 Subject: [Infowarrior] - JSTOR Freely Releases Public Domain Papers That Greg Maxwell Already Freed Message-ID: JSTOR Freely Releases Public Domain Papers That Greg Maxwell Already Freed from the competition-is-good dept http://www.techdirt.com/articles/20110912/10132515906/jstor-freely-releases-public-domain-papers-that-greg-maxwell-already-freed.shtml You may recall that following the indictment of Aaron Swartz for downloading some JSTOR papers, a guy named Greg Maxwell decided to upload 33GBs of public domain papers from JSTOR and make them available via The Pirate Bay. He had the papers for a while, but was afraid that he'd get legally harassed for distributing them. However, it appears the opposite has happened. Copycense points us to the news that JSTOR has now agreed to allow free access to all of its public domain material. In the announcement about this, JSTOR's managing director admits that Maxwell's actions had an impact on this effort, though she claims that JSTOR was planning to do this already: On a final note, I realize that some people may speculate that making the Early Journal Content free to the public today is a direct response to widely-publicized events over the summer involving an individual who was indicted for downloading a substantial portion of content from JSTOR, allegedly for the purpose of posting it to file sharing sites. While we had been working on releasing the pre-1923/pre-1870 content before the incident took place, it would be inaccurate to say that these events have had no impact on our planning. We considered whether to delay or accelerate this action, largely out of concern that people might draw incorrect conclusions about our motivations. In the end, we decided to press ahead with our plans to make the Early Journal Content available, which we believe is in the best interest of our library and publisher partners, and students, scholars, and researchers everywhere. From rforno at infowarrior.org Tue Sep 13 11:09:01 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Sep 2011 12:09:01 -0400 Subject: [Infowarrior] - TSA officers arrested on drug charges in CT Message-ID: <11141546-FB4F-4E70-A115-67FB2CE3EA17@infowarrior.org> TSA officers arrested on drug charges in Conn. ASSOCIATED PRESS Last Updated: 10:35 AM, September 13, 2011 Posted: 10:34 AM, September 13, 2011 http://www.nypost.com/p/news/local/tsa_officers_arrested_on_drug_charges_hyGeqc8GW8r27TFmGcMX6K?CMP=OTC-rss&FEEDNAME= STAMFORD, Conn. ? Federal prosecutors in Connecticut say a state trooper, a police officer and three Transportation Security Administration officers based at airports have been arrested on charges of participating in a conspiracy to distribute tens of thousands of highly addictive painkiller pills. Authorities say the TSA officers, based at airports in Florida and New York, a Westchester County, N.Y., police officer and a Florida state trooper received cash payments to help transport oxycodone pills from Florida to New York and Connecticut and/or transport cash proceeds from the sale of the drugs back to Florida. Authorities plan to announce details of the arrests at a news conference in Stamford on Tuesday afternoon. From rforno at infowarrior.org Tue Sep 13 11:10:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Sep 2011 12:10:41 -0400 Subject: [Infowarrior] - Google to Offer More Privacy for Owners of Wi-Fi Routers Message-ID: September 13, 2011 Google to Offer More Privacy for Owners of Wi-Fi Routers By KEVIN J. O'BRIEN http://www.nytimes.com/2011/09/14/business/global/14iht-google14.html?hpw=&pagewanted=print BERLIN ? Google on Tuesday defused a clash with European privacy regulators by announcing that it would give the owners of residential Wi-Fi routers around the world the option of removing their devices from a registry Google uses to locate cellphone users. The change comes less than four months after European regulators warned that the unauthorized use of data sent by Wi-Fi routers, which can broadcast the names, locations and identities of cellphones within their range, violated European law. ?Google in this case is only doing voluntarily what they would probably have been forced to do under German and European law anyway,? said Ulrich B?rger, a privacy lawyer in Hamburg at Latham & Watkins, a U.S. firm. Google?s concession, while motivated by Europe?s stricter privacy laws, will have an impact beyond the Continent?s borders because Google plans to offer the option around the world, including in the United States. The move also comes little more than a year after it angered European officials by collecting unencrypted Internet data from residential Wi-Fi routers while compiling its StreetView maps. The company apologized for collecting the data, which it attributed to a programmer?s error, and has since settled most national complaints by paying fines or making simple apologies. In a blog post, Peter Fleischer, the Google global privacy counsel, said the company only used Wi-Fi access points that did not identify people by name. ?At the request of several European data protection authorities, we are building an opt-out service that will allow an access point owner to opt out from Google?s location services,? Mr. Fleischer wrote. ?Once opted out, our services will not use that access point to determine users? locations.? Mr. Fleischer said Google intended to introduce the opt-out system this autumn. The mobile business, especially in Europe, is becoming increasingly important to Google, which earns the bulk its money through advertising, as computing shifts from desktop PCs to smartphones and tablet computers. In Europe, the search engine leader is being investigated by competition officials for allegedly calculating its rankings to disadvantage smaller, rival engines, a charge the company has denied. Google makes the Android mobile operating system, No.1 in the world in the second quarter with 48 percent share of all new cellphone shipments, according to Canalys, a research firm in Reading, England. Last month, Google said it would buy the mobile phone business of Motorola for $12.5 billion. Following its initial difficulties with StreetView in Europe and elsewhere, Google has taken a more conciliatory approach in European countries like Germany and France, which had previously expressed strong objections to its data-collection methods. In Germany, Google last year gave consumers the option of excluding photos of their rented or owned properties, apartments and businesses from Google?s StreetView online map service before it went live last autumn. As a result, the panoramic maps are now available throughout much of Germany, although with some storefronts and homes blacked out. The controversy over Wi-Fi data collection flared again this year when European officials in Germany and France began investigating Apple, the maker of the iPhone, after researchers uncovered files on the popular smartphone that routinely logged the location of users, which were calculated in part by the location of nearby Wi-Fi routers. In May, the privacy advisory panel to the European Commission said the unauthorized collection of the location data of individual cellphone users violated Europe?s privacy law, which forbids the commercial use of private data without an owner?s prior consent. Apple, which attributed the iPhone?s collection of geographic data to a software error, stopped the automatic collection of Wi-Fi data on iPhone users through a software fix. The French privacy regulator, C.N.I.L., and privacy officials in Bavaria, the southern German state leading the investigation in that country, dropped their investigations. Mr. B?rger, the Hamburg lawyer, said Google wanted to avoid another public investigation that could damage its reputation. While allowing Wi-Fi users to opt out of Google?s tracking system may limit its ability to sell location-based advertising, it will not prevent Google from using cell towers and global positioning satellites, two other common methods of finding a cellphone, to sell location-specific mobile ads. In urban areas, cell towers are located closer together, allowing advertisers to pinpoint a user?s location to within a few blocks. From rforno at infowarrior.org Wed Sep 14 10:56:25 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Sep 2011 11:56:25 -0400 Subject: [Infowarrior] - CIA investigates whether laws broken helping NYPD Message-ID: <8398C483-A1E7-4346-ACD2-87D472E860F6@infowarrior.org> http://www.breitbart.com/article.php?id=D9PO0GDO2&show_article=1 CIA investigates whether laws broken helping NYPD Sep 13 09:49 PM US/Eastern By KIMBERLY DOZIER and MATT APUZZO Associated Press WASHINGTON (AP) - The CIA inspector general is investigating whether the agency broke the law by helping the New York Police Department build intelligence-gathering programs that monitored life in Muslim communities, the agency said Tuesday following an investigation by The Associated Press. Separately, the U.S. government's top intelligence official conceded that it looked bad for the CIA to be working with city police departments. "It's my own personal view that that's not a good optic, to have CIA involved in any city-level police department," said James Clapper, the U.S. director of national intelligence. "But I think CIA is going to address that." The agency's unprecedented cooperation with the NYPD was a subject of an eight-month investigative reporting project by The Associated Press. The AP found that NYPD intelligence officers analyzed hundreds of mosques and student organizations, infiltrating dozens of them. Undercover officers eavesdropped in cafes and restaurants and wrote daily reports about what they overheard. The department also maintained a list of 28 countries that, along with "American Black Muslim," the department labeled "ancestries of interest." A CIA officer, Lawrence Sanchez, helped create and guide these programs. From 2002 to 2004, when these programs were being built, Sanchez was on the CIA payroll and maintained an office at both the NYPD and the CIA's offices in New York. The programs have continued with at least the tacit support of President Barack Obama, whose administration has repeatedly sidestepped questions about them. The NYPD also sent a detective on a temporary assignment to the CIA, where he completed the agency's 17-week foreign espionage course. After that rare training, he then returned to New York to supervise intelligence investigations. It's unclear to what extent Mayor Michael Bloomberg oversaw these programs and he has repeatedly refused to answer questions about them. On Tuesday, he again referred questions to the NYPD, which said it welcomed the CIA's investigation. During a rare joint intelligence oversight hearing on Capitol Hill, Rep. Jan Schakowsky, D-Ill., asked Clapper about the government's use of enhanced interrogation techniques, electronic surveillance of some U.S. citizens and the AP's reporting about CIA and New York police working together closely. "Do you believe that domestic activity by federal intelligence agencies, particularly the CIA, has crossed the line?" she asked. Clapper said some of what Schakowsky cited was done in response to the attacks on the World Trade Center and Pentagon. "Some things that were done right after, in the immediate aftermath of 9/11?and I think that in itself is a very important factoid to remember," he said. "What was the atmosphere and the conditions then that led to certain of these actions?" Clapper did not describe exactly how he expects the CIA will respond to the concerns he expressed about perceptions of the spy agency's work with New York police, and members of Congress did not press him on the subject. The CIA's new director, David Petraeus, told lawmakers that the agency's inspector general began investigating the CIA-NYPD nexus at the request of acting director Michael Morell, before Petraeus took office just over one week ago. Petraeus, testifying for the first time as CIA director, said he would follow up on the investigation "and just ensure that we are doing the right thing." The CIA is prohibited from domestic spying. The NYPD, the CIA and Obama's counterterrorism advisor, John Brennan, have said the relationship never crossed that line and said Americans expected such collaboration after the Sept. 11, 2001, terrorist attacks. CIA spokeswoman Marie E. Harf said Tuesday that the recently launched investigation was a "preliminary review of the CIA's post-9/11 cooperation with the New York City Police Department." Much of the NYPD's intelligence-gathering was conducted by a secret team called the Demographics Unit, which used plainclothes officers to help map and monitor ethnic communities in New York, New Jersey and Connecticut. The NYPD has denied that unit ever existed, despite documents and interviews showing otherwise. Sanchez took a leave of absence from the CIA in 2004 to become a senior official in the NYPD Intelligence Division. But some in the CIA raised questions about the relationship, forcing him to choose in 2007 whether to remain with the CIA or the NYPD. He left the NYPD last year. After he left, the CIA dispatched one of its most senior clandestine officers to the NYPD, where he serves as a special assistant to intelligence chief David Cohen, himself a retired senior CIA officer. The officer, whom the AP is not identifying because he remains undercover, twice served as station chief in the Middle East and has run a major division at CIA headquarters. Clapper described him on Capitol Hill as an analyst, but his office later said he misspoke and recognized the officer's career in the clandestine service. Officials have described the posting as a sabbatical, a chance for him to learn the management of other departments. They have said he is not operating in the same role as Sanchez. Civil rights groups have urged the Justice Department to investigate the NYPD for what it said was racial profiling. The New York Civil Liberties Union applauded the CIA investigation but it called for a parallel investigation into the NYPD saying, "The NYPD should not be engaged in warrantless surveillance or racial or religious profiling." The Justice Department has said it is reviewing the matter. Under Attorney General Eric Holder, the department has stepped up enforcement of civil rights violations by police departments, but none of those cases involves national security investigations like the ones being conducted by the NYPD. Also Tuesday, Rep. Rush Holt, D-N.J., called on the Justice Department to investigate. Holt, who previously served on the Intelligence Committee, said he doesn't remember being told about these programs or about the CIA's involvement. "I think this is pretty troubling," he said. "It sounds to me like profiling." __ Follow Matt Apuzzo and Kimberly Dozier at http://twitter.com/mattapuzzo and http://twitter.com/kimberlydozier Copyright 2011 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Wed Sep 14 11:03:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Sep 2011 12:03:16 -0400 Subject: [Infowarrior] - New Medical Codes for Diagnosis & Billing Message-ID: <34507648-6A28-4606-88FC-DE069B1C83B5@infowarrior.org> (Some of these are absolutely a laugh-riot. Wonder if there's one called "Idiot, initial encounter" and "Idiocy, subsequent encounter." -- rick) THE A-HED SEPTEMBER 13, 2011 Walked Into a Lamppost? Hurt While Crocheting? Help Is on the Way http://online.wsj.com/article/SB10001424053111904103404576560742746021106.html New Medical-Billing System Provides Precision; Nine Codes for Macaw Mishaps By ANNA WILDE MATHEWS Today, hospitals and doctors use a system of about 18,000 codes to describe medical services in bills they send to insurers. Apparently, that doesn't allow for quite enough nuance. A new federally mandated version will expand the number to around 140,000?adding codes that describe precisely what bone was broken, or which artery is receiving a stent. It will also have a code for recording that a patient's injury occurred in a chicken coop. (See code.) Indeed, health plans may never again wonder where a patient got hurt. There are codes for injuries in opera houses (see code), art galleries (see code), squash courts (see code) and nine locations in and around a mobile home (see codes), from the bathroom to the bedroom. Health insurers, doctors and hospitals are bracing for chaos as they prepare to adopt a new federally mandated format for medical billing. Anna Wilde Mathews has details on Lunch Break. Some doctors aren't sure they need quite that much detail. "Really? Bathroom versus bedroom?" says Brian Bachelder, a family physician in Akron, Ohio. "What difference does it make?" The federal agencies that developed the system?generally known as ICD-10, for International Classification of Diseases, 10th Revision?say the codes will provide a more exact and up-to-date accounting of diagnoses and hospital inpatient procedures, which could improve payment strategies and care guidelines. "It's for accuracy of data and quality of care," says Pat Brooks, senior technical adviser at the Centers for Medicare and Medicaid Services. Billing experts who translate doctors' work into codes are gearing up to start using the new system in two years. They say the new detail is welcome in many cases. But a few aspects are also causing some head scratching. W61.11XA: A code for injuries related to macaws. Some codes could seem downright insulting: R46.1 is "bizarre personal appearance (see code)," while R46.0 is "very low level of personal hygiene (see code)." It's not clear how many klutzes want to notify their insurers that a doctor visit was a W22.02XA, "walked into lamppost, initial encounter" (or, for that matter, a W22.02XD, "walked into lamppost, subsequent encounter"). Why are there codes for injuries received while sewing, ironing, playing a brass instrument, crocheting, doing handcrafts, or knitting?but not while shopping, wonders Rhonda Buckholtz, who does ICD-10 training for the American Academy of Professional Coders, a credentialing organization. Code V91.07XA, which involves a "burn due to water-skis on fire (see codes)," is another mystery she ponders: "Is it work-related?" she asks. "Is it a trick skier jumping through hoops of fire? How does it happen?" Much of the new system is based on a World Health Organization code set in use in many countries for more than a decade. Still, the American version, developed by the Centers for Disease Control and Prevention and the Centers for Medicare and Medicaid Services, is considerably more fine-grained. Y93.J4: A code for injuries received while playing brass instruments. The WHO, for instance, didn't see the need for 72 codes about injuries tied to birds. But American doctors whose patients run afoul of a duck (see codes), macaw (see codes), parrot (see codes), goose (see codes), turkey (see codes) or chicken (see codes) will be able to select from nine codes for each animal, notes George Alex, an official at the Advisory Board Co., a health-care research firm. There are 312 animal codes in all, he says, compared to nine in the international version. There are separate codes for "bitten by turtle" and "struck by turtle." (See codes.) U.S. hospitals and insurers are bracing for possible hiccups when the move to ICD-10 happens on Oct. 1, 2013, even though they've known it was coming since early 2009. "You have millions of transactions flowing in the health-care system and this is an opportunity to mess them all up," says Jeremy Delinsky, chief technology officer for athenahealth Inc., which provides billing services to doctors. Medicare officials say they believe many big insurers and hospital systems are making preparations, but there may be some issues with smaller ones that won't be ready. With the move to ICD-10, the one code for suturing an artery will become 195 codes, designating every single artery, among other variables, according to OptumInsight, a unit of UnitedHealth Group Inc. A single code for a badly healed fracture could now translate to 2,595 different codes, the firm calculates. Each signals information including what bone was broken, as well as which side of the body it was on. Some companies hope to grab business from the shift. One medical-coding website operator, Find A Code LLC, has created a series of YouTube videos with the tagline, "Yeah, there's a code for that." Snow White biting the poisoned apple, the firm says, may be a case of T78.04, "anaphylactic shock due to fruits and vegetables (see codes)." On April 1, the company posted a document with the secret "X-codes" to describe medical conditions stemming from encounters with aliens. Other coding cognoscenti spot possible hidden messages in the real codes. The abbreviation some use for the new system itself, I10, is also a code for high blood pressure. Several codes involving drainage devices end in "00Z." Then there are two of the codes describing sex-change operations that end in N0K1 and M0J0. "You could see it ripple through the room as people said, 'nookie and mojo!'" says Kathryn DeVault, who has been teaching ICD-10 classes for the American Health Information Management Association. "Was it purposeful? We don't know." Code V91.07XA: A code for a 'burn due to water-skis on fire.' No, it wasn't, says the Medicare agency's Ms. Brooks, who says the codes are built according to a consistent pattern in which each digit has a meaning. "I couldn't if I wanted to insert a cute message," says Ms. Brooks, who admits that she could be described by Z73.1, "Type A behavior pattern (see code)." Medicare and CDC officials say codes were selected based on years of input from medical experts in various fields. Codes describing the circumstances of injuries are important for public-health researchers to track how people get hurt and try to prevent injuries, they say. Being able to tabulate risks tied to locations such as chicken coops could be "important as far as surveillance activities" for public health research, says Donna Pickett, a medical systems administrator at the CDC. She says the current code for a badly healed fracture is so vague it isn't useful. Another CMS official, Denise M. Buenning, compares ICD-10 to a phone book. "All the numbers are in there," she says. "Are you going to call all of the numbers? No. But the numbers you need are in there." From rforno at infowarrior.org Thu Sep 15 06:17:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Sep 2011 07:17:48 -0400 Subject: [Infowarrior] - UBS Had $2B Loss From Unauthorized Trading Message-ID: <66372CFE-9E5B-4A47-BC93-A553C3025E5A@infowarrior.org> UBS Had $2B Loss From Unauthorized Trading By Elena Logutenkova - Sep 15, 2011 http://www.bloomberg.com/news/print/2011-09-15/ubs-may-have-unprofitable-quarter-on-unauthorized-trade-s-2-billion-loss.html UBS AG (UBSN), Switzerland?s biggest bank, may be unprofitable in the third quarter after a $2 billion loss from unauthorized trading at its investment bank. London police arrested a 31-year-old man on suspicion of fraud. UBS management aims to ?get to the bottom of the matter as quickly as possible, and will spare no effort to establish exactly what has happened,? the bank?s group executive board, led by Chief Executive Officer Oswald Gruebel, said in a memo to employees today. ?While the news is distressing, it will not change the fundamental strength of our firm.? The bank tumbled as much as 9.6 percent in Swiss trading following the announcement, which deals a blow to Gruebel?s attempts to revive the investment bank after the division recorded 57.1 billion Swiss francs ($65 billion) in cumulative pretax losses in three years through 2009. The trading loss may revive calls for Gruebel to shrink or shut the unit. ?How many times do we have to see huge UBS losses?? said Simon Maughan, head of sales and distribution at MF Global Ltd. in London. ?It looks unreformed, unwieldy and ultimately unsustainable. This could be a critical tipping point for UBS?s strategy.? UBS fell 79 centimes, or 7.2 percent, to 10.14 francs by 11:43 a.m. in Zurich, bringing the drop this year to 34 percent. UBS said in a statement the matter is still under investigation, and that the ?current estimate of the loss on the trades is in the range of $2 billion.? No client positions were affected, UBS said, declining to comment further. Arrest in London An unidentified 31-year-old man was arrested in central London at 3:30 a.m. on ?suspicion of fraud by abuse of position,? the police said in a statement. The man remains in custody and an investigation has been started, the statement said. Switzerland?s Neue Zuercher Zeitung newspaper, citing the bank, reported that the trading loss took place in the equities unit in London, and was discovered yesterday afternoon. UBS spokeswoman Tatiana Togni declined to confirm or deny the report. UBS had to raise more than $46 billion in capital from investors, including the Swiss state, to make up for the record losses during the credit crisis. The investment-banking unit had pretax earnings of 1.21 billion francs in the first half of 2011, while UBS as a whole had net income of 2.82 billion francs in the period. The bank?s tier 1 capital at the end of the second quarter was 37.39 billion francs, giving it a tier 1 capital ratio of 18.1 percent, compared with 14 percent at Deutsche Bank AG, Germany?s biggest bank. Risk Management While the loss is ?manageable? for UBS, it?s ?obviously not helpful for sentiment and confidence in the bank?s risk management following the near-death experience of 2008-2009,? said Andrew Lim, a London-based analyst at Espirito Santo Investment Bank, in a note. Lim had estimated third-quarter net income of 1.1 billion francs for UBS. UBS last month said it will eliminate about 3,500 jobs, with about 45 percent of the reductions coming from the investment bank, as stricter capital requirements and market turmoil hurt the earnings outlook. The bank in July scrapped the target of doubling pretax profit from last year?s level to 15 billion francs by 2014. Gruebel, 67, and Carsten Kengeter, 44, who runs the investment bank, have been trying to revive earnings at the division for two years. They hired more than 1,700 people across the investment bank and brought in new business heads to replace those that left or were fired. They?ve also increased risk- taking to improve earnings opportunities. Kerviel, Leeson The investment bank last had a pretax loss in the third quarter of 2010 when what Gruebel called ?very low levels of client activity? and a charge related to the bank?s own debt hurt revenue at the division. Gruebel, who formerly ran Credit Suisse Group AG, was brought out of retirement by UBS in February 2009 to take over from Marcel Rohner after the company posted the biggest annual loss in Swiss corporate history. A former bond trader, Gruebel doubled profit at Credit Suisse between 2004 and 2006. UBS isn?t alone in suffering from unauthorized trading. Societe Generale (GLE) SA of Paris said in January 2008 that the bank lost 4.9 billion euros ($6.7 billion) after trader Jerome Kerviel took unauthorized positions on European stock index futures. Credit Suisse, Switzerland?s second-biggest bank, had a loss in the first quarter of 2008 in part because of writedowns on debt securities that were intentionally mispriced by a group of traders. Nick Leeson piled up $1.4 billion of losses that brought down Barings Plc in 1995. To contact the reporter on this story: Elena Logutenkova in Zurich at elogutenkova at bloomberg.net To contact the editor responsible for this story: Frank Connelly at fconnelly at bloomberg.net; From rforno at infowarrior.org Thu Sep 15 07:57:35 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Sep 2011 08:57:35 -0400 Subject: [Infowarrior] - U.S., Australia to add cyber realm to defense pact Message-ID: <40EA38FF-1183-44F9-BB64-382FA5EE7994@infowarrior.org> U.S., Australia to add cyber realm to defense pact http://news.cnet.com/8301-1009_3-20106450-83/u.s-australia-to-add-cyber-realm-to-defense-pact/ By: Leslie Katz September 14, 2011 8:02 PM PDT Cyberattacks are about to carry even more weight, with the United States and Australia expected to include them in a mutual defense treaty. The two nations will declare the cyber realm to be part of the 60-year-old treaty tomorrow, Reuters reports. The inclusion will mean that a cyberattack on one country could lead to a response by both. "We will be releasing a joint statement saying that the ANZUS treaty applies to cyberspace," Reuters quoted a senior U.S. defense official as saying of the rare move. The Australia, New Zealand, United States Security Treaty, signed in 1951, is the military alliance that binds Australia and New Zealand and, separately, Australia and the United States to cooperate on defense matters in the Pacific region. The agreement, however, is understood today to relate to attacks in any area. The expansion of the treaty will take place in San Francisco, where defense and diplomacy leaders from the U.S. and Australia are meeting 60 years after the alliance was sealed in the city on September 1. New Zealand has been an inactive partner of the alliance since 1985. Speaking to the press today on a flight to San Francisco, U.S. Defense Secretary Leon Panetta said applying the cyber realm to ANZUS underscores the seriousness with which the U.S. views cyberthreats. "I think it's in large measure a recognition of what I've been saying time and time again, which is that cyber is the battlefield of the future," Panetta said. State Hillary Rodham Clinton will join Panetta to meet with Australian Foreign Minister Kevin Rudd and Defense Minister Stephen Smith for tomorrow's Australia-United States Ministerial Consultations. It will be held at San Francisco's historic Presidio, where ANZUS was originally signed. To illustrate the sophistication of cyberattacks, William Lynn, deputy secretary of defense, this summer cited a March cyberattack that led to 24,000 files being stolen from military computers. Virtual intruders have tried to extract files related to missile tracking systems, UAVs, and the Joint Strike Fighter, Lynn said. "Just as our military organizes to defend against hostile acts from land, air, and sea, we must also be prepared to respond to hostile acts in cyberspace, Lynn said in a July speech at the National Defense University in Washington D.C. "Accordingly, the United States reserves the right, under the laws of armed conflict, to respond to serious cyberattacks with a proportional and justified military response at the time and place of our choosing." Also earlier this year, President Obama reportedly laid out guidelines for the U.S. Department of Defense to determine how it should respond to cyberwarfare. Press reports cited anonymous defense officials as saying those measures include a wide range of cyberwar efforts to be employed by the U.S. during both peacetime and conflicts, including installing viruses on international computers and takin From rforno at infowarrior.org Thu Sep 15 10:05:32 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Sep 2011 11:05:32 -0400 Subject: [Infowarrior] - SCADA zero-days published by Italian Message-ID: (Exploit list / details @ http://aluigi.altervista.org/) Zero day industrial control system exploits published By Darren Pauli on Sep 15, 2011 6:37 PM Filed under Hackers Power, water and waste SCADA systems affected. http://www.scmagazine.com.au/News/272175,zero-day-industrial-control-system-exploits-published.aspx A security researcher has disclosed a laundry list of unpatched vulnerabilities and detailed proof-of-concept exploits that allow hackers to completely compromise major industrial control systems. Security researcher Luigi Auriemma disclosed the attacks against six SCADA (Supervisory Control and Data Acquisition) systems including US giant Rockwell Automation. The step-by-step exploits allowed attackers to execute full remote compromises and denial of service attacks. Some of the affected SCADA systems were used in power, water and waste distribution and agriculture. Such zero-day information disclosure was generally frowned upon in the information security industry because it exposed customers to attack while published vulnerabilities remained unpatched. Attacks against SCADA systems were particularly controversial because exploits could affect a host of machinery from lift control mechanisms to power plants. Auriemma appeared unrepentant in a post on his website. ?And remember that I find bugs, I don't create them, the developers are the only people who create bugs (indirectly naturally) so they are ever (sic) the only responsible (sic),? he said. ?As everything in the world, [it] is not possible to control the usage of what we create (like the producers of knives just to make an example comprehensible by anyone) so for me, it is only important that my research has been useful or interesting.? From rforno at infowarrior.org Thu Sep 15 16:44:28 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Sep 2011 17:44:28 -0400 Subject: [Infowarrior] - TSA Creator Says Dismantle, Privatize the Agency Message-ID: <8D38B738-81B5-467E-9BAE-9C5CD1EB6F20@infowarrior.org> TSA Creator Says Dismantle, Privatize the Agency by Audrey Hudson 09/12/2011 http://www.humanevents.com/article.php?id=46114 They?ve been accused of rampant thievery, spending billions of dollars like drunken sailors, groping children and little old ladies, and making everyone take off their shoes. But the real job of the tens of thousands of screeners at the Transportation Security Administration (TSA) is to protect Americans from a terrorist attack. Yet a decade after the TSA was created following the September 11 attacks, the author of the legislation that established the massive agency grades its performance at ?D-.? ?The whole program has been hijacked by bureaucrats,? said Rep. John Mica (R. -Fla.), chairman of the House Transportation Committee. ?It mushroomed into an army,? Mica said. ?It?s gone from a couple-billion-dollar enterprise to close to $9 billion.? As for keeping the American public safe, Mica says, ?They?ve failed to actually detect any threat in 10 years.? ?Everything they have done has been reactive. They take shoes off because of [shoe-bomber] Richard Reid, passengers are patted down because of the diaper bomber, and you can?t pack liquids because the British uncovered a plot using liquids,? Mica said. ?It?s an agency that is always one step out of step,? Mica said. It cost $1 billion just to train workers, which now number more than 62,000, and ?they actually trained more workers than they have on the job,? Mica said. ?The whole thing is a complete fiasco,? Mica said. In a wide-ranging interview with HUMAN EVENTS just days before the 10th anniversary of the 9/11 attacks, Mica said screeners should be privatized and the agency dismantled. Instead, the agency should number no more than 5,000, and carry out his original intent, which was to monitor terrorist threats and collect intelligence. The fledgling agency was quickly engulfed in its first scandal in 2002 as it rushed to hire 30,000 screeners, and the $104 million awarded to the company to contract workers quickly escalated to more than $740 million. Federal investigators tracked those cost overruns to recruiting sessions held at swank hotels and resorts in St. Croix, the Virgin Islands, Florida and the Wyndham Peaks Resort and Golden Door Spa in Telluride, Colo. Charges in the hundreds of thousands of dollars were made for cash withdrawals, valet parking and beverages, plus a $5.4 million salary for one executive for nine months of work. Other over-the-top expenditures included nearly $2,000 for 20 gallons of Starbucks Coffee, $8,000 for elevator operators at a Manhattan hotel, and $1,500 to rent more than a dozen extension cords for the Colorado recruiting fair. The agency inadvertently caused security gaps by failing for years to keep track of lost uniforms and passes that lead to restricted areas of airports. Screeners have also been accused of committing crimes, from smuggling drugs to stealing valuables from passengers' luggage. In 2004, several screeners were arrested and charged with stealing jewelry, computers and cameras, cash, credit cards and other valuables. One of their more notable victims was actress Shirley McClain, who was robbed of jewelry and crystals. One of the screeners confessed that he was trying to steal enough to sell the items and buy a big-screen television. In 2006, screeners at Los Angeles and Chicago O'Hare airports failed to find more than 60% of fake explosives during checkpoint security tests. The sometimes rudder-less agency has gone through five administrators in the past decade, and it took longer than a year for President Obama to put his one man in place. Mica?s bill also blocked collective bargaining rights for screeners, but the Obama administration managed to reverse that provision. Asked whether the agency should be privatized, Mica answered with a qualified yes. ?They need to get out of the screening business and back into security. Most of the screening they do should be abandoned,? Mica said. "I just don?t have a lot of faith at this point,? Mica said. Allowing airports to privatize screening was a key element of Mica?s legislation and a report released by the committee in June determined that privatizing those efforts would result in a 40% savings for taxpayers. ?We have thousands of workers trying to do their job. My concern is the bureaucracy we built,? Mica said. ?We are one of the only countries still using this model of security," Mica said, "other than Bulgaria, Romania, Poland, and I think, Libya." From rforno at infowarrior.org Thu Sep 15 18:42:47 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Sep 2011 19:42:47 -0400 Subject: [Infowarrior] - NFL wants pat downs from ankles up at all stadiums Message-ID: <8BB0DC27-66F4-46B6-92C9-45A74CFCC531@infowarrior.org> http://content.usatoday.com/communities/gameon/post/2011/09/nfl-orders-ankles-up-frisks-for-16-million-fans-enterting-stadiums-security-buffalo-bills/1 Sep 15, 2011 NFL wants pat downs from ankles up at all stadiums By Michael McCarthy, USA TODAY Updated 4h 24m ago The NFL wants all fans patted down from the ankles up this season to improve fan safety. Previously, security guards only patted down fans from the waist up before gaining entry to NFL stadiums. Under the new "enhanced" pat-down procedures, the NFL wants all 32 clubs to search fans from ankles to the knees as well as the waist up. The stricter security approach impacts the 16.6 million fans expected to attend live regular season NFL games this season. The league wanted all clubs to implement the enhanced searches for Week One of the new season, says spokesman Brian McCarthy. The NFL hopes fans will be "patient" -- and arrive earlier to games to avoid lengthy delays. "The enhanced security procedures recommended by our office before the start of the season will further increase the safety of fans but will require some additional time," McCarthy told USA TODAY in a statement Thursday. "We encourage fans to come early, enjoy their tailgating tradition, and be patient as they enter the stadium." The NFL suffered damage to its family-friendly image when a South Carolina man was arrested for using an illegal taser on other fans at a New York Jets-Dallas Cowboys game Sunday night. THE HUDDLE: Brady tells Pats fans to start drinking early The NFL predicts its live gate will be equal this year to last season's overall regular season attendance of 16,569,514. From rforno at infowarrior.org Fri Sep 16 06:01:34 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Sep 2011 07:01:34 -0400 Subject: [Infowarrior] - OT: NASA discovers Tatooine Message-ID: <69AC5521-7D0D-404E-9CE6-D07EDA72FDBE@infowarrior.org> (Will George Lucas sue for copyright infringement? Or wait until Jar Jar Binks shows up as its lone inhabitant? -- rick) Planet Like 'Star Wars' Tatooine Discovered Orbiting 2 Suns By Charles Q. Choi , SPACE.com Contributor Space.com | SPACE.com ? 15 hrs ago http://news.yahoo.com/planet-star-wars-tatooine-discovered-orbiting-2-suns-181404397.html It's a real-life Tatooine. A spectacle made popular by the "Star Wars" saga ? a planet with two suns ? has now been confirmed in space for the first time, astronomers revealed. Scientists using NASA's Kepler space telescope captured details of a giant planet in orbit around the pair of binary stars that make up the Kepler-16 system, which is about 200 light-years away. "This discovery is stunning," said study co-author Alan Boss at the Carnegie Institute in Washington. "Once again, what used to be science fiction has turned into reality." [See an image and video of Tatooine planet Kepler 16b] When Tatooine was depicted on film, many scientists doubted that such planets could really exist. Now there's proof. "It's possible that there's a real Tatooine out there," said John Knoll, visual effects supervisor at the special-effects firm Industrial Light and Magic, which was behind the "Star Wars" films. "Kepler 16b is unambiguous and dramatic proof that planets really do form around binaries." The new discovery is expanding the bounds of what scientists, as well as filmakers, can conceive, he said. "Again and again we see that the science is stranger and cooler than fiction," Knoll said during a NASA press conference today. "The very existence of these discoveries gives us cause to dream bigger, to question our assumptions." The planet, dubbed Kepler-16(AB)-b, passes in front of both stars in view of the satellite, regularly dimming their light. Each star also eclipses its companion as they orbit each other. Altogether, these motions allow scientists to precisely calculate the masses, radii and trajectories of all three bodies. The newfound planet keeps a distance from its stars nearly three-quarters that of the distance between the Earth and the sun. It is somewhat like Saturn in size, although nearly 50 percent denser, suggesting it is richer in heavy elements. [10 Real Alien Worlds That Could Be In 'Star Wars'] "Kepler-16(AB)-b is not habitable as we know it," said study lead author Laurance Doyle , an astrophysicist at the Search for Extraterrestrial Intelligence (SETI) Institute in Mountain View, Calif. This alien world travels on a nearly circular 229-day orbit around its two parent stars, Kepler-16A and Kepler-16B, which are about 69 and 20 percent as massive as the sun, respectively. The stars keep close to each other ? only a fifth of the distance between Earth and the sun on average, which is closer than Mercury gets to the sun ? completing an orbit around each other every 41 days, researchers added. [Infographic: New Planet is Like "Star Wars'" Tatooine] Worlds that orbit around two stars, known as circumbinary planets, had been hinted at before. Stars in pairs both orbit around a point in space called barycenter, and researchers at times saw these orbits were slightly off, suggesting the presence of a planet tugging at both stars. However, Kepler-16(AB)-b is the first planet that scientists have detected directly passing in front of, or transiting, its stars, temporarily dimming their light. Since the movements of this world and its two stars are all virtually confined to the same plane, the researchers suggest they all formed from the same disk of dust and gas. Planets that were captured from other star systems might be expected to orbit at a range of angles. "Now that we know how to detect circumbinary planets, I think we are going to find a lot more rapidly," Doyle told SPACE.com. The scientists detailed their findings in the Sept. 16 issue of the journal Science. From rforno at infowarrior.org Fri Sep 16 07:03:43 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Sep 2011 08:03:43 -0400 Subject: [Infowarrior] - U.S. Army Orders First Suicide Drones Message-ID: (And yet I've seen emails from some clowns who think this kind of stuff has no reason being reported by the media. Frankly I think it sends a strong message to those whom it may be sent to target that we're just as crazy as they are. -- rick) U.S. Army Orders First Suicide Drones Published September 07, 2011 http://www.foxnews.com/scitech/2011/09/07/us-army-orders-first-suicide-drones/ A "suicide drone" from AeroVironment, capable of launching from a small tube, loitering in the sky and then diving at a target upon command. Soldiers who fly hand-launched drone scouts to spot enemies on the battlefield may soon get a deadly robotic device capable of also delivering a knockout blow. The U.S. Army has ordered its first batch of small suicide drones that are capable of launching from a small tube, loitering in the sky and then diving at a target upon command. The backpack-size "Switchblade" drone and its launch tube give individual soldiers a new level of precise control over an explosive weapon. Rather than calling in supporting artillery fire or airstrikes, soldiers can simply launch the Switchblade from out of sight, confirm a target on a live video feed from the drone, and then command the robotic device to arm itself and fly into the target at high speed. "The unique capabilities provided by the Switchblade agile munition for standoff engagement, accuracy and controlled effects make it an ideal weapon for today's fight and for U.S. military forces of the future," said Bill Nichols, deputy product director at the Army's Close Combat Weapons Systems project office. Operators can even call off strikes at the last second after arming the Switchblade. That kind of control allows soldiers to retarget in case an enemy moves out of sight, or avoid collateral damage if a civilian wanders too close. The drone, created by AeroVironment, is able to fly in both autonomous robot mode or as a remotely-piloted air vehicle. Either way, its small size and quiet electric motor allow it to approach targets without warning. It can even switch off its motor and glide in for a stealthy attack. "Just as our small unmanned aircraft systems provide game-changing reconnaissance capabilities to ground forces, Switchblade provides a revolutionary rapid strike capability to protect our troops and give them a valuable new advantage on the battlefield," said Tom Herring, AeroVironment senior vice president and general manager of Unmanned Aircraft Systems. AeroVironment received a $4.9 million contract from the Army's Close Combat Weapons Systems on June 29. The company publicly announced the deal on Sept. 1. From rforno at infowarrior.org Fri Sep 16 16:25:15 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Sep 2011 17:25:15 -0400 Subject: [Infowarrior] - Families Urge Action as US Drafts Alzheimer's Plan Message-ID: September 16, 2011 Families Urge Action as US Drafts Alzheimer's Plan http://www.nytimes.com/aponline/2011/09/16/us/politics/AP-US-FEA-Aging-America-Alzheimers-Plan.html By THE ASSOCIATED PRESS WASHINGTON (AP) ? As her mother's Alzheimer's worsened over eight long years, so did Doreen Alfaro's bills: The walker, then the wheelchair, then the hospital bed, then the diapers ? and the caregivers hired for more and more hours a day so Alfaro could go to work and her elderly father could get some rest. Alfaro and her husband sold their California house to raise money for her mother's final at-home care. Six years later, the 58-year-old Alfaro wonders if she eventually develops Alzheimer's, too, "what happens to my care? Where will I go?" Dementia is poised to become a defining disease of the rapidly aging population, ? and a budget-busting one for Medicare and Medicaid, the U.S. government's medical programs for the sick and the elderly, as well as for American families. Now the Obama administration is developing the first National Alzheimer's Plan, to combine research aimed at fighting the mind-destroying disease with help that caregivers need to stay afloat. "This is a unique opportunity, maybe an opportunity of a lifetime in a sense, to really have an impact on this disease," says Dr. Ronald Petersen of the Mayo Clinic, who chairs a committee that begins this month advising the government on what that plan should include. An estimated 5.4 million Americans have Alzheimer's or similar dementias. It is the sixth-leading killer. There is no cure; treatments only temporarily ease some symptoms. Barring a research breakthrough, those numbers will worsen steadily as the baby boomers gray: By 2050, from 13 million to 16 million Americans are projected to have Alzheimer's, costing $1 trillion in medical and nursing home expenditures. That is not, however, the full toll. Sufferers lose the ability to do the simplest activities of daily life and can survive that way for a decade or more, requiring years of care from family, friends or paid caregivers. Already a recent report finds that nearly 15 million people, mostly family members, are providing more than $200 billion worth of unpaid care. Thousands of those caregivers have turned out at public meetings since early August, and at a "telephone town meeting" organized by the Alzheimer's Association that drew 32,000 people, pleading for a national Alzheimer's strategy to bring changes. They want primary care doctors trained to diagnose dementia earlier, describing how years of missed symptoms cost them precious time to make plans or seek treatment. They demand to know why the National Institutes of Health spends about six times more on AIDS research than on Alzheimer's, when there are good drugs to battle back the HIV virus but nothing comparable for dementia. Overwhelmingly, they ask for resources to help Alzheimer's patients live their last years at home without ruining their caregivers' own health and financial future. "Either you're rich and can afford $25 an hour for care at home, or you send him to a facility. We're in the middle of the road," says Shirley Rexrode of suburban San Francisco, whose 85-year-old father, Hsien-Wen Li, was diagnosed with Alzheimer's nearly three years ago. Adult day care did not work out; even at $90 a day, the only place with an opening could not handle the behaviors of Alzheimer's. Rexrode's mother, Li's primary caregiver, already has suffered some depression. "We just have to muddle through, but we don't know how long we can," Rexrode says. And while Medicare will pay for doctor bills and medications, even getting to the doctor can be a hurdle. When her 89-year-old mother with advanced Alzheimer's developed a urinary tract infection, Susan Lynch could not find a doctor willing to come to her parents' home in Fall River, Massachusetts. Lynch flew there from her Gaithersburg, Maryland, home but could not carry her mother down the stairs. A private ambulance service did not have an opening for weeks. Lynch wound up calling the town ambulance for a costly but Medicare-covered trip to the emergency room. Federal health officials, who promise a first draft of the national plan by December, say they are getting the message. "Folks desperately, desperately want to be able to provide the care themselves," says Donald Moulds, a deputy assistant secretary at the Department of Health and Human Services who oversees the project. "It's very, very hard work. Figuring out better mechanisms for supporting people who are trying to do that work is, one, the right thing to do." It also may be cheaper for taxpayers. Nursing homes not only are pricier than at-home care, but many families can afford them only through Medicaid, the health care program for the poor. Another key, Moulds said, is better care coordination as Alzheimer's complicates the many other health problems of aging. Also, given the U.S. government's budget crisis, the big question is whether any anti-Alzheimer's strategy can come with enough dollars and other incentives attached to spur true change. "That's a concern, a very real one," says Mayo's Petersen. The law that requires a national Alzheimer's plan did not set funding, and Moulds is silent on about possible price tag. Almost complete is an inventory of all Alzheimer's-related research and care reimbursement paid for by the U.S. government, to look for gaps that need filling and possible savings to help pay for them. Other countries including England and Australia ? and 25 U.S. states, by Moulds' count ? have developed their own Alzheimer's plans. But the United States is taking a special look at France, where President Nicolas Sarkozy in 2008 pledged to invest 1.6 billion euros over five years for better diagnosis, research and caregiver support and training. Sarkozy told an international Alzheimer's Association meeting in July that he wants to guarantee "that no French family is left without support." Moulds says it is too early to know what is working in France, but U.S. families are telling him that any Alzheimer's plan must bring better understanding of a disease too often suffered in isolation. "What I want to see is mainly awareness, awareness of this disease and what it does not only to the individual but also to the network of family and friends that are going to care for the person," says Alfaro, of Aptos, California. "It should be as understood as diabetes, and as treatable," adds Audrey Wiggins of Triangle, Virginia, whose father has Alzheimer's and his grandmother died of it. From rforno at infowarrior.org Sat Sep 17 18:03:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Sep 2011 19:03:11 -0400 Subject: [Infowarrior] - Sony Asks (er, requires) Gamers To Waive Right to Sue Message-ID: 16 September 2011 Last updated at 10:10 ET http://www.bbc.co.uk/news/technology-14948701 Sony asks gamers to sign new terms or face PSN ban Sony is preparing to ban gamers from the PlayStation Network (PSN) unless they waive the right to collectively sue it over future security breaches. The firm has amended PSN's terms and conditions and users have to agree to them next time they log in. The move comes months after a string of hacking attacks compromised over 100 million accounts of the PlayStation Network subscribers. It is, however, possible to opt out of the agreement within the next 30 days. Gamers will now have to try to resolve any legal issues with an arbitrator picked by Sony, before being able to file a lawsuit. The new clauses, dubbed "Binding Individual Arbitration," state that "any Dispute Resolution Proceedings, whether in arbitration or court, will be conducted only on an individual basis and not in a class or representative action or as a named or unnamed member in a class, consolidated, representative or private attorney general action". The re-written terms and conditions are being presented to gamers when they log in, but some have questioned who will notice the changes. Tech news site The Register wondered who would notice the small print outlining the opt-out terms, and not simply click the "agree" box having scrolled all the way down. Those that want to opt out will have to send a letter to Sony's Los Angeles headquarters in the US. Once they do, the subscribers will be able to keep their right to file a class action lawsuit without any need for arbitration. But before subscribers have a chance to opt out, they will still be required to agree to the new terms the next time they log into their accounts. Otherwise they will not be able to use the online services. Attacks and apology A class action lawsuit filed against Sony in April after the first attack, in which the details of 77 million users were stolen and PSN went offline for 40 days, could end up costing the Japanese electronics giant billions of dollars. Sony Online Entertainment, the company's computer games service, was also hit, as well as the Sony Pictures website, exposing personal information for 25 million more accounts. In addition, personal data of 2,000 consumers was stolen from a Sony Ericsson website in Canada and details of 8,500 users were leaked on a Sony Music Entertainment website in Greece. Some time later, a group called Lulz Security claimed to have broken into Sonypictures.com. Sony has since apologised over the security breaches and offered compensation packages. From rforno at infowarrior.org Sat Sep 17 18:03:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Sep 2011 19:03:20 -0400 Subject: [Infowarrior] - Online ID Verification Plan Carries Risks Message-ID: http://www.nytimes.com/2011/09/18/business/online-id-verification-plan-carries-risks.html?hpw Call It Your Online Driver?s License By NATASHA SINGER Published: September 17, 2011 WHO?S afraid of Internet fraud? Consumers who still pay bills via snail mail. Hospitals leery of making treatment records available online to their patients. Some state motor vehicle registries that require car owners to appear in person ? or to mail back license plates ? in order to transfer vehicle ownership. But the White House is out to fight cyberphobia with an initiative intended to bolster confidence in e-commerce. The plan, called the National Strategy for Trusted Identities in Cyberspace and introduced earlier this year, encourages the private-sector development and public adoption of online user authentication systems. Think of it as a driver?s license for the Internet. The idea is that if people have a simple, easy way to prove who they are online with more than a flimsy password, they?ll naturally do more business on the Web. And companies and government agencies, like Social Security or the I.R.S., could offer those consumers faster, more secure online services without having to come up with their own individual vetting systems. ?What if states had a better way to authenticate your identity online, so that you didn?t have to make a trip to the D.M.V.?? says Jeremy Grant, the senior executive adviser for identity management at the National Institute of Standards and Technology, the agency overseeing the initiative. But authentication proponents and privacy advocates disagree about whether Internet IDs would actually heighten consumer protection ? or end up increasing consumer exposure to online surveillance and identity theft. If the plan works, consumers who opt in might soon be able to choose among trusted third parties ? such as banks, technology companies or cellphone service providers ? that could verify certain personal information about them and issue them secure credentials to use in online transactions. Industry experts expect that each authentication technology would rely on at least two different ID confirmation methods. Those might include embedding an encryption chip in people?s phones, issuing smart cards or using one-time passwords or biometric identifiers like fingerprints to confirm substantial transactions. Banks already use two-factor authentication, confirming people?s identities when they open accounts and then issuing depositors with A.T.M. cards, says Kaliya Hamlin, an online identity expert known by the name of her Web site, Identity Woman. The system would allow Internet users to use the same secure credential on many Web sites, says Mr. Grant, and it might increase privacy. In practical terms, for example, people could have their identity authenticator automatically confirm that they are old enough to sign up for Pandora on their own, without having to share their year of birth with the music site. The Open Identity Exchange, a group of companies including AT&T, Google, Paypal, Symantec and Verizon, is helping to develop certification standards for online identity authentication; it believes that industry can address privacy issues through self-regulation. The government has pledged to be an early adopter of the cyber IDs. But privacy advocates say that in the absence of stringent safeguards, widespread identity verification online could actually make consumers more vulnerable. If people start entrusting their most sensitive information to a few third-party verifiers and use the ID credentials for a variety of transactions, these advocates say, authentication companies would become honey pots for hackers. ?Look at it this way: You can have one key that opens every lock for everything you might need online in your daily life,? says Lillie Coney, the associate director of the Electronic Privacy Information Center in Washington. ?Or, would you rather have a key ring that would allow you to open some things but not others?? Even leading industry experts foresee challenges in instituting across-the-board privacy protections for consumers and companies. For example, people may not want the banks they might use as their authenticators to know which government sites they visit, says Kim Cameron, whose title is distinguished engineer at Microsoft, a leading player in identity technology. Banks, meanwhile, may not want their rivals to have access to data profiles about their clients. But both situations could arise if identity authenticators assigned each user with an individual name, number, e-mail address or code, allowing companies to follow people around the Web and amass detailed profiles on their transactions. ?The whole thing is fraught with the potential for doing things wrong,? Mr. Cameron says. But next-generation software could solve part of the problem by allowing authentication systems to verify certain claims about a person, like age or citizenship, without needing to know their identities. Microsoft bought one brand of user-blind software, called U-Prove, in 2008 and has made it available as an open-source platform for developers. Google, meanwhile, already has a free system, called the ?Google Identity Toolkit,? for Web site operators who want to shift users from passwords to third-party authentication. It?s the kind of platform that makes Google poised to become a major player in identity authentication. But privacy advocates like Lee Tien, a senior staff lawyer at the Electronic Frontier Foundation, a digital rights group, say the government would need new privacy laws or regulations to prohibit identity verifiers from selling user data or sharing it with law enforcement officials without a warrant. And what would happen if, say, people lost devices containing their ID chips or smart cards? ?It took us decades to realize that we shouldn?t carry our Social Security cards around in our wallets,? says Aaron Titus, the chief privacy officer at Identity Finder, a company that helps users locate and quarantine personal information on their computers. Carrying around cyber IDs seems even riskier than Social Security cards, Mr. Titus says, because they could let people complete even bigger transactions, like buying a house online. ?What happens when you leave your phone at a bar?? he asks. ?Could someone take it and use it to commit a form of hyper identity theft?? For the government?s part, Mr. Grant acknowledges that no system is invulnerable. But better online identity authentication would certainly improve the current situation ? in which many people use the same one or two passwords for a dozen or more of their e-mail, e-tail, online banking and social network accounts, he says. Mr. Grant likens that kind of weak security to flimsy locks on bathroom doors. ?If we can get everyone to use a strong deadbolt instead of a flimsy bathroom door lock,? he says, ?you significantly improve the kind of security we have.? But not if the keys can be compromised. From rforno at infowarrior.org Sun Sep 18 13:21:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Sep 2011 14:21:11 -0400 Subject: [Infowarrior] - UBS details rogue trades that lost bank $2.3 billion Message-ID: <7A5CDFDD-5091-454E-A26E-A8F6F6381DB2@infowarrior.org> UBS raises rogue equity trade losses to $2.3 billion By Emma Thomasson and Silke Koltrowitz ZURICH | Sun Sep 18, 2011 12:55pm EDT http://www.reuters.com/article/2011/09/18/us-ubs-trades-idUSTRE78H17X20110918 (Reuters) - Swiss bank UBS on Sunday increased the amount it said it had lost on rogue equity trades to $2.3 billion and alleged a trader concealed his risky deals by creating fictitious hedging positions in internal systems. UBS stunned markets on Thursday when it announced unauthorised trades had lost it some $2 billion. London trader Kweku Adoboli was charged on Friday with fraud and false accounting dating back to 2008. "The loss resulted from unauthorised speculative trading in various S&P 500, DAX, and EuroStoxx index futures over the last three months," UBS said in a brief statement. "The loss arising from this matter is $2.3 billion. As previously stated, no client positions were affected." Global stock markets have been extremely volatile in recent months, plunging on concerns over euro zone and U.S. debt crises and then rebounding on hopes for their resolution. The loss is a disaster for the reputation of Switzerland's biggest bank, which had just started to recover after it almost collapsed during the financial crisis and faced a damaging U.S. investigation into aiding wealthy Americans to dodge taxes. "Loss even more. Reads like they're making excuses," said Helvea analyst Peter Thorne of the UBS statement. The new scandal has prompted calls for its top managers to step down and for its investment bank to be split into a separate unit from its core wealth management business. Chief Executive Oswald Gruebel, who was brought out of retirement in 2009 to turn the bank around, was quoted in a newspaper on Sunday as saying he is not considering quitting over the crisis, but said it was up to the board to decide. In a memo to staff on Sunday, he said: "Ultimately, the buck stops with me. I and the rest of senior management are responsible for dealing with wrongdoing." Swiss newspapers quoted unnamed insiders as saying the UBS board and important shareholders such as the Singapore sovereign wealth fund were still backing Gruebel, with immediate changes at the top the last thing the bank needed. Gruebel is widely expected to present plans to drastically cut back the investment bank at an investor day in November. INDEPENDENT INVESTIGATION The bank, whose three keys logo symbolise "confidence, security, discretion," has pulled its "We will not rest" global advertising campaign for now, that was designed by advertising agency Publicis to try to rebuild its image. Meanwhile, UBS client advisers have been writing to customers to reassure them of the underlying financial strength of the bank despite the trading loss, a spokesman said. "That we now suffer this setback at this point in our efforts to improve our reputation is very disappointing. This incident also sets us back somewhat in our capital-building efforts," Gruebel said in his memo. "However, I wish to remind you that our fundamental strengths as a firm remain intact... we remain one of the best capitalized banks in the industry. UBS said its board of directors had set up a committee chaired by independent director David Sidwell, former chief financial officer at Morgan Stanley, to conduct an independent investigation into the trades and the bank's control systems. The bank said it had covered the risk resulting from the unauthorised trades, and its equities business was again operating normally within previously defined risk limits. It said the trader had allegedly concealed the fact his trades violated UBS risk limits by executing fake exchange-traded fund (ETFs) positions. "Following inquiries directed to him by UBS control functions that were reviewing his positions, the trader revealed his unauthorised activity," the bank said. "The positions taken were within the normal business flow of a large global equity trading house as part of a properly hedged portfolio," UBS said. "However, the true magnitude of the risk exposure was distorted because the positions had been offset in our systems with fictitious, forward-settling, cash ETF positions." The Sunday Times cited unnamed insiders saying the trader placed bets worth $10 billion before his losses were detected. ETFs are index funds listed on an exchange and can be traded just like regular stocks. They try to replicate index performances and offer lower costs than actively managed funds, but regulators have warned about risks from some complex ETFs. In the past three months, DAX futures have fallen 22 percent, Eurostoxx 50 futures have dropped 20 percent and S&P 500 futures have dipped 4 percent. The instruments involved in the UBS case are similar to those that Jerome Kerviel, the rogue trader at Societe Generale, traded when he racked up a $6.7 billion loss in unauthorised deals in 2008. Christoph Blocher, vice-president of the right-wing Swiss People's Party (SVP) -- the country's biggest -- renewed his calls for a splitting off of the investment bank. "One has to seriously examine a ban on investment banking for commercial banks," he told the SonntagsZeitung, adding his party might team up with the center-left Social Democrats to push for such a move. (Reporting by Emma Thomasson and Silke Koltrowitz; Additional reporting by Steve Slater; Editing by David Hulmes) From rforno at infowarrior.org Mon Sep 19 07:59:08 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Sep 2011 08:59:08 -0400 Subject: [Infowarrior] - Setting Boundaries for Internet Privacy Message-ID: September 18, 2011 Setting Boundaries for Internet Privacy By KEVIN J. O'BRIEN http://www.nytimes.com/2011/09/19/technology/internet/setting-boundaries-for-internet-privacy.html BERLIN ? Watchful European privacy regulators are wielding increasing influence beyond the Continent?s borders. Last week, they pressed Google, as they had Apple, to change the way it collected data on cellphone locations worldwide. But there is one area where even European regulators appear stymied ? the tracking of consumer Internet surfing habits by technology companies, advertisers, Internet service providers and Web businesses that focus on consumers on the basis of online behavior. For 18 months, the European Commission has been considering how to put into practice a 2009 law that regulates software cookies, the unique digital markers that Web sites place on visiting computers to identify consumers and deliver ads tailored to individual interests. This year, a consensus appeared to be building in Brussels for letting the online advertising industry regulate its use of cookies. The main industry group, the Interactive Advertising Bureau Europe, set up a Web site this summer to let consumers choose not to receive ? ?opt out? of ? receiving advertisements directed as a result of profiling. The idea was conceived in a series of roundtable meetings this year by Interactive Advertising members and Neelie Kroes, the European commissioner responsible for electronic privacy. The site, called youronlinechoices.eu, is supported by members of Interactive Advertising ? the majority of online advertisers. But regulators representing E.U. member states, backed by consumers? rights groups, are balking at the voluntary arrangement, which they argue does not adequately protect individuals from unwittingly permitting marketers to collect personal data. Last week, they began a drive to require E.U. consumers to ?opt in? to profiling by clicking on Web icons within ads. Consumer advocates hope to insert an opt-in mandate in the revision of the European Union?s Data Protection Directive, the main body of privacy law, which will be considered next year. ?We believe that by having consumers opt in, rather than opt out, they will be better protected and informed about what happens with their information,? said Kostas Rossoglou, a senior legal officer at the European Consumers? Organization, a Brussels group. An opt-in requirement would be cumbersome, Web advertisers argue, requiring a layer of pop-up windows, and could kill a popular, growing form of online advertising. The opt-out ?fits with the needs of today?s Internet users,? said Stephan Noller, chief executive of a Berlin ad firm, nugg.ad, who heads Interactive Advertising?s policy committee. ?Information is provided contextually where relevant and is instantly available. We use the dynamism and interactivity of the Internet to provide pragmatic privacy control.? According to Interactive Advertising, online advertising generated revenue of ?17.7 billion, or $24.4 billion, in Europe in 2010. The bureau has no estimate on how much of that was behavioral ads. But a 2010 survey by AWeber Communications, a company in Huntingdon Valley, Pennsylvania, found that two-thirds of merchants intended to use such advertising. On Wednesday, the privacy advisers to the commission, a panel of national regulators called the Article 29 Working Party, held a closed-door meeting with members of Interactive Advertising and other industry groups to discuss concerns about industry self-regulation. After the meeting, the panel reiterated its belief that the opt-out approach violated European privacy law, which requires consent before personal data can be used. A consumer?s failure to opt out of behavioral ads, the panel said in its statement, is not a form of implicit consent, which is the position held by the industry. ?Only statements or actions, not mere silence or inaction, constitute valid consent,? the Article 29 panel said in a statement released after the meeting. The group is planning to make a recommendation this year that may call for more stringent controls. The European commissioner in charge of revising the bloc?s data protection law, Viviane Reding, said she was also likely to call for a form of prior consent in her draft of the new data protection legislation, which will not be completed until early next year. ?Companies must obtain prior consent before individuals? data is used,? Mrs. Reding said in a statement released by her office. The European debate has the potential to influence a parallel discussion on behavioral advertising under way in the United States, where the Federal Trade Commission has also expressed concern about the sufficiency of the opt-out approach. On Wednesday, an international coalition of 80 consumer groups in the United States and Europe called the Trans Atlantic Consumer Dialogue sent letters to the European Commission and members of Congress urging more stringent controls. The letter, sent a day before a hearing on behavioral ads held by the House Subcommittee on Commerce, Manufacturing and Trade, urged Congress to follow Europe?s lead. ?There is much the United States could learn from other countries about how to address such challenges and the E.U. Data Directive provides a very good starting point,? according to a copy of the letter obtained by the International Herald Tribune. But consumer advocates face an uphill battle in Washington, where the U.S. advertising industry also opposes an opt-in mandate. In its letter to U.S. Representative Mary Bono Mack, the chairwoman of the subcommittee, the coalition wrote that it was ?somewhat surprised by what appears to be an effort to call into question the purpose and ?burden? of the E.U. data directive.? The outcome of the debate in Europe, for now, is also uncertain. Kimon Zorbas, the vice president of the Interactive Advertising Bureau Europe, said most Europeans were not troubled by behavioral advertising, and those who were could simply block them through the industry?s Web site. ?Right now, we are starting to hear a lot of people saying they want to stop profiling,? Mr. Zorbas said in an interview. But if that were to happen, he said, the fastest-growing segment of online advertising would also suffer. ?Customer profiling is a basic to any business, not just online business,? Mr. Zorbas said. ?If that were to happen, I am afraid it would kill a significant part of the industry.? From rforno at infowarrior.org Mon Sep 19 08:27:09 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Sep 2011 09:27:09 -0400 Subject: [Infowarrior] - Netflix to split into two businesses Message-ID: <6F05F0BB-C9D9-4950-9176-317FAE01B674@infowarrior.org> Netflix to split into two businesses By Hayley Tsukayama http://www.washingtonpost.com/blogs/faster-forward/post/netflix-to-split-into-two-businesses/2011/09/19/gIQA09iueK_blog.html?hpid=z4 Netflix is set to split into two businesses, one for DVDs and one for streaming video, chief executive Reed Hastings announced in a blog post late Sunday. The change will take place in a few weeks, Hastings wrote. Hastings apologized to all Netflix subscribers for not being clearer about the company?s plans, particularly in regards to pricing. In July, Netflix faced a wave of customer backlash over changes it made to its pricing structure, losing the company around 1 million of its subscribers. ?I messed up. I owe everyone an explanation,? Hastings wrote. The company?s DVD business will be renamed Qwikster, and will also include an optional upgrade to include video game rentals. Customers using Netflix?s DVD site will be able to retain their accounts and queues, but will access the service through quikster.com. The streaming business will remain the same, Hastings wrote, adding that the company is expecting to add ?substantial? streaming content to the service in the coming months. The company recently ended its contract with the Starz media group, losing about 8 percent of its streaming content. Hastings promised there would be no further changes to pricing, though he said he did not regret the company's decision to change the structure. ?[Netflix] realized that streaming and DVD by mail are becoming two quite different businesses, with very different cost structures, different benefits that need to be marketed differently, and we need to let each grow and operate independently,? he wrote. Netflix stock, which fell heavily on the news that it had lost subscribers last week, was down slightly in pre-market trading ? just under one percent. From rforno at infowarrior.org Mon Sep 19 08:30:41 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Sep 2011 09:30:41 -0400 Subject: [Infowarrior] - gTLD WHOIS Privacy and Proxy Relay and Reveal Survey Message-ID: <59836985-ECAD-4E0E-BEFF-55D941B4B9DC@infowarrior.org> gTLD WHOIS Privacy and Proxy Relay and Reveal Survey Now Live As part of a broader examination of gTLD WHOIS, ICANN?s Generic Names Supporting Organization (GNSO) Council is seeking to gain further insight into the origination and handling of ?relay? and ?reveal? requests. A relay request is a request to forward a message to the registrant of a domain registered using a privacy service. A reveal request is a request to reveal the identity of the licensee of a domain registered using a proxy service. ICANN is seeking input from providers of privacy and proxy registration, from those who interact or communicate with privacy and proxy providers (in particular those who make relay and reveal requests), from registrars, and from other interested parties. The objective is that any potential future policy-making and any efforts to develop or support standardized procedures, tools, formats, etc., be based on data that accurately and broadly represent the experiences of those who use these aspects of the WHOIS system. http://blog.icann.org/2011/09/gtld-whois-privacy-and-proxy-relay-and-reveal-survey-now-live/ From rforno at infowarrior.org Mon Sep 19 21:36:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Sep 2011 22:36:20 -0400 Subject: [Infowarrior] - OT: Best Buy nostalgia Message-ID: <99EE76B2-69D6-481E-A733-7639F7DF626A@infowarrior.org> It's September 19, 1996 - 15 years ago today. You walk into a Best Buy. What's on sale? Check the flyer.... http://gregarious24.imgur.com/best_buy_flyer_september_1996 From rforno at infowarrior.org Tue Sep 20 07:59:02 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2011 08:59:02 -0400 Subject: [Infowarrior] - A future for drones: Automated killing Message-ID: <5B4E41F4-8C7E-4C68-9285-E7677339497E@infowarrior.org> Back to previous page A future for drones: Automated killing By Peter Finn, Published: September 19 http://www.washingtonpost.com/national/national-security/a-future-for-drones-automated-killing/2011/09/15/gIQAVy9mgK_print.html One afternoon last fall at Fort Benning, Ga., two model-size planes took off, climbed to 800 and 1,000 feet, and began criss-crossing the military base in search of an orange, green and blue tarp. The automated, unpiloted planes worked on their own, with no human guidance, no hand on any control. After 20 minutes, one of the aircraft, carrying a computer that processed images from an onboard camera, zeroed in on the tarp and contacted the second plane, which flew nearby and used its own sensors to examine the colorful object. Then one of the aircraft signaled to an unmanned car on the ground so it could take a final, close-up look. Target confirmed. This successful exercise in autonomous robotics could presage the future of the American way of war: a day when drones hunt, identify and kill the enemy based on calculations made by software, not decisions made by humans. Imagine aerial ?Terminators,? minus beefcake and time travel. The Fort Benning tarp ?is a rather simple target, but think of it as a surrogate,? said Charles E. Pippin, a scientist at the Georgia Tech Research Institute, which developed the software to run the demonstration. ?You can imagine real-time scenarios where you have 10 of these things up in the air and something is happening on the ground and you don?t have time for a human to say, ?I need you to do these tasks.? It needs to happen faster than that.? The demonstration laid the groundwork for scientific advances that would allow drones to search for a human target and then make an identification based on facial-recognition or other software. Once a match was made, a drone could launch a missile to kill the target. Military systems with some degree of autonomy ? such as robotic, weaponized sentries ? have been deployed in the demilitarized zone between South and North Korea and other potential battle areas. Researchers are uncertain how soon machines capable of collaborating and adapting intelligently in battlefield conditions will come online. It could take one or two decades, or longer. The U.S. military is funding numerous research projects on autonomy to develop machines that will perform some dull or dangerous tasks and to maintain its advantage over potential adversaries who are also working on such systems. The killing of terrorism suspects and insurgents by armed drones, controlled by pilots sitting in bases thousands of miles away in the western United States, has prompted criticism that the technology makes war too antiseptic. Questions also have been raised about the legality of drone strikes when employed in places such as Pakistan, Yemen and Somalia, which are not at war with the United States. This debate will only intensify as technological advances enable what experts call lethal autonomy. The prospect of machines able to perceive, reason and act in unscripted environments presents a challenge to the current understanding of international humanitarian law. The Geneva Conventions require belligerents to use discrimination and proportionality, standards that would demand that machines distinguish among enemy combatants, surrendering troops and civilians. ?The deployment of such systems would reflect a paradigm shift and a major qualitative change in the conduct of hostilities,? Jakob Kellenberger, president of the International Committee of the Red Cross, said at a conference in Italy this month. ?It would also raise a range of fundamental legal, ethical and societal issues, which need to be considered before such systems are developed or deployed.? Drones flying over Afghanistan, Pakistan and Yemen can already move automatically from point to point, and it is unclear what surveillance or other tasks, if any, they perform while in autonomous mode. Even when directly linked to human operators, these machines are producing so much data that processors are sifting the material to suggest targets, or at least objects of interest. That trend toward greater autonomy will only increase as the U.S. military shifts from one pilot remotely flying a drone to one pilot remotely managing several drones at once. But humans still make the decision to fire, and in the case of CIA strikes in Pakistan, that call rests with the director of the agency. In future operations, if drones are deployed against a sophisticated enemy, there may be much less time for deliberation and a greater need for machines that can function on their own. The U.S. military has begun to grapple with the implications of emerging technologies. ?Authorizing a machine to make lethal combat decisions is contingent upon political and military leaders resolving legal and ethical questions,? according to an Air Force treatise called Unmanned Aircraft Systems Flight Plan 2009-2047. ?These include the appropriateness of machines having this ability, under what circumstances it should be employed, where responsibility for mistakes lies and what limitations should be placed upon the autonomy of such systems.? In the future, micro-drones will reconnoiter tunnels and buildings, robotic mules will haul equipment and mobile systems will retrieve the wounded while under fire. Technology will save lives. But the trajectory of military research has led to calls for an arms-control regime to forestall any possibility that autonomous systems could target humans. In Berlin last year, a group of robotic engineers, philosophers and human rights activists formed the International Committee for Robot Arms Control (ICRAC) and said such technologies might tempt policymakers to think war can be less bloody. Some experts also worry that hostile states or terrorist organizations could hack robotic systems and redirect them. Malfunctions also are a problem: In South Africa in 2007, a semiautonomous cannon fatally shot nine friendly soldiers. The ICRAC would like to see an international treaty, such as the one banning antipersonnel mines, that would outlaw some autonomous lethal machines. Such an agreement could still allow automated antimissile systems. ?The question is whether systems are capable of discrimination,? said Peter Asaro, a founder of the ICRAC and a professor at the New School in New York who teaches a course on digital war. ?The good technology is far off, but technology that doesn?t work well is already out there. The worry is that these systems are going to be pushed out too soon, and they make a lot of mistakes, and those mistakes are going to be atrocities.? Research into autonomy, some of it classified, is racing ahead at universities and research centers in the United States, and that effort is beginning to be replicated in other countries, particularly China. ?Lethal autonomy is inevitable,? said Ronald C. Arkin, the author of ?Governing Lethal Behavior in Autonomous Robots,? a study that was funded by the Army Research Office. Arkin believes it is possible to build ethical military drones and robots, capable of using deadly force while programmed to adhere to international humanitarian law and the rules of engagement. He said software can be created that would lead machines to return fire with proportionality, minimize collateral damage, recognize surrender, and, in the case of uncertainty, maneuver to reassess or wait for a human assessment. In other words, rules as understood by humans can be converted into algorithms followed by machines for all kinds of actions on the battlefield. ?How a war-fighting unit may think ? we are trying to make our systems behave like that,? said Lora G. Weiss, chief scientist at the Georgia Tech Research Institute. Others, however, remain skeptical that humans can be taken out of the loop. ?Autonomy is really the Achilles? heel of robotics,? said Johann Borenstein, head of the Mobile Robotics Lab at the University of Michigan. ?There is a lot of work being done, and still we haven?t gotten to a point where the smallest amount of autonomy is being used in the military field. All robots in the military are remote-controlled. How does that sit with the fact that autonomy has been worked on at universities and companies for well over 20 years?? Borenstein said human skills will remain critical in battle far into the future. ?The foremost of all skills is common sense,? he said. ?Robots don?t have common sense and won?t have common sense in the next 50 years, or however long one might want to guess.? ? The Washington Post Company From rforno at infowarrior.org Tue Sep 20 08:11:13 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2011 09:11:13 -0400 Subject: [Infowarrior] - The F-22 Is Back in the Sky! And Still Kinda Broken! Message-ID: <57115DBF-1653-44DF-9851-A44AECF70899@infowarrior.org> The F-22 Is Back in the Sky! And Still Kinda Broken! http://gizmodo.com/5841894/the-f+22-is-back-in-the-sky-and-still-defective-as-ever Remember when the Pentagon let the F-35 start flying again, even though its underlying defects hadn't been fixed? They just did literally the exact same thing with the F-22 Raptor. Hope you're not worried about oxygen deprivation. This past spring, the country's entire $62 billion F-22 fleet was grounded after pilots reported symptoms of oxygen deprivation. That's indicative of flawed design, and a serious risk even during peacetime. So what has the Air Force done to get its expensive wondertoy back back in action? Nothing. Absolutely nothing. But that's not going to stop them from throwing the things back into the air anyway?you see, we'll all just forget about the possibly-fatal oxygen deprivation issues. Instead, we'll just kinda see how it goes! < - > The return-to-fly plan implements several risk mitigation actions, to include rigorous inspections, training on life support systems, and continued data collection.The aircraft is capable and authorized to fly above 50,000 feet. Pilots will use additional protective equipment and undergo baseline physiological tests. The return-to-fly process will begin with instructor pilots and flight leads regaining their necessary proficiency, then follow with other F-22 wingmen. Prior to the stand down, ACC officials convened a Class E Safety Investigation Board in January 2011 to look into hypoxia-related reports. At the same time, a Hypoxia Deep-Dive Integrated Product Team began an in-depth study on safety issues involving aircraft oxygen generation systems. In June 2011, the Secretary of the Air Force directed the Air Force Scientific Advisory Board to continue the oxygen generation study concurrent with the ongoing SIB. A releasable report will be made available later this year. < - > Straight from the Air Force's mouth. So, essentially, nothing is fixed, the risk persists, and the Pentagon will try to figure things out as it goes along. Swell. [DoD Buzz] From rforno at infowarrior.org Tue Sep 20 08:44:14 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2011 09:44:14 -0400 Subject: [Infowarrior] - Italy Proposes Law That Will Ban People From The Internet Based On Single Accusation Message-ID: Italy Proposes Law That Will Ban People From The Internet Based On Single Accusation Of Infringement From Anyone from the seems-a-bit-strict dept http://www.techdirt.com/articles/20110919/03081816004/italy-proposes-law-that-will-ban-people-internet-based-single-accusation-infringement-anyone.shtml Glyn Moody points us to a frightening analysis of a proposed copyright law in Italy that seems positively ridiculous, in that you could lose access to the internet based on a single accusation (which doesn't even have to come from the copyright holder): 1) citizens, outside of any judicial proceeding and without the right to appeal to the judicial authority, may be banned to access the Internet if ANYONE (a rightholder or an ordinary citizen) notifies a provider about alleged infringement of copyright or trademark or patent ("one strike" disconnections); 2) Internet service providers must comply to the blacklisting of citizens who are *suspected* of copyright or trademark or patent infringements ("proscription lists" to ban citizens from any access to the Net); 3) an Internet service provider must use preventive filters against services that infringe copyright, trademark or patents; 4) an Internet service provider must not promote or advertise, and must use preventive filters against, services that do not directly violate copyright, trademark or patents, but that *may* lead citizens to *think* that infringing services exist; 5) a provider or a hosting provider which does not use effective filters will be charged with civil liability. The post notes that this law would be compliant with an early version of ACTA, and suggests that this was done on purpose. However, the report also notes that this proposed law would clearly not be compatible with current EU law. Either way, that's quite a wish list from the entertainment industry. From rforno at infowarrior.org Tue Sep 20 09:26:58 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2011 10:26:58 -0400 Subject: [Infowarrior] - Hackers break SSL encryption used by millions of sites Message-ID: <0615EEA4-EFDD-489F-B181-A47C5858C312@infowarrior.org> Original URL: http://www.theregister.co.uk/2011/09/19/beast_exploits_paypal_ssl/ Hackers break SSL encryption used by millions of sites Beware of BEAST decrypting secret PayPal cookies By Dan Goodin in San Francisco Posted in ID, 19th September 2011 21:10 GMT Researchers have discovered a serious weakness in virtually all websites protected by the secure sockets layer protocol that allows attackers to silently decrypt data that's passing between a webserver and an end-user browser. The vulnerability resides in versions 1.0 and earlier of TLS, or transport layer security, the successor to the secure sockets layer technology [1] that serves as the internet's foundation of trust. Although versions 1.1 and 1.2 of TLS aren't susceptible, they remain almost entirely unsupported in browsers and websites alike, making encrypted transactions on PayPal, GMail, and just about every other website vulnerable to eavesdropping by hackers who are able to control the connection between the end user and the website he's visiting. At the Ekoparty security conference [2] in Buenos Aires later this week, researchers Thai Duong and Juliano Rizzo plan to demonstrate proof-of-concept code called BEAST, which is short for Browser Exploit Against SSL/TLS. The stealthy piece of JavaScript works with a network sniffer to decrypt encrypted cookies a targeted website uses to grant access to restricted user accounts. The exploit works even against sites that use HSTS, or HTTP Strict Transport Security [3], which prevents certain pages from loading unless they're protected by SSL. The demo will decrypt an authentication cookie used to access a PayPal account, Duong said. Like a cryptographic Trojan horse The attack is the latest to expose serious fractures in the system that virtually all online entities use to protect data from being intercepted over insecure networks and to prove their website is authentic rather than an easily counterfeited impostor. Over the past few years, Moxie Marlinspike and other researchers have documented ways of obtaining digital certificates that trick the system into validating sites that can't be trusted. Earlier this month, attackers obtained digital credentials for Google.com and at least a dozen other sites after breaching the security of disgraced certificate authority DigiNotar. The forgeries were then used to spy on people in Iran accessing protected GMail servers. By contrast, Duong and Rizzo say they've figured out a way to defeat SSL by breaking the underlying encryption it uses to prevent sensitive data from being read by people eavesdropping on an address protected by the HTTPs prefix. ?BEAST is different than most published attacks against HTTPS,? Duong wrote in an email. ?While other attacks focus on the authenticity property of SSL, BEAST attacks the confidentiality of the protocol. As far as we know, BEAST implements the first attack that actually decrypts HTTPS requests.? Duong and Rizzo are the same researchers who last year released a point-and-click tool [4] that exposes encrypted data and executes arbitrary code on websites that use a widely used development framework. The underlying ?cryptographic padding oracle? exploited in that attack isn't an issue in their current research. Instead, BEAST carries out what's known as a plaintext-recovery attack that exploits a vulnerability in TLS that has long been regarded as mainly a theoretical weakness. During the encryption process, the protocol scrambles block after block of data using the previous encrypted block. It has long been theorized that attackers can manipulate the process to make educated guesses about the contents of the plaintext blocks. If the attacker's guess is correct, the block cipher will receive the same input for a new block as for an old block, producing an identical ciphertext. At the moment, BEAST requires about two seconds to decrypt each byte of an encrypted cookie. That means authentication cookies of 1,000 to 2,000 characters long will still take a minimum of a half hour for their PayPal attack to work. Nonetheless, the technique poses a threat to millions of websites that use earlier versions of TLS, particularly in light of Duong and Rizzo's claim that this time can be drastically shortened. In an email sent shortly after this article was published, Rizzo said refinements made over the past few days have reduced the time required to under 10 minutes. ?BEAST is like a cryptographic Trojan horse ? an attacker slips a bit of JavaScript into your browser, and the JavaScript collaborates with a network sniffer to undermine your HTTPS connection,? Trevor Perrin, an independent security researcher, wrote in an email. ?If the attack works as quickly and widely as they claim it's a legitimate threat.? Mozilla and OpenSSL: 'It's terrible, isn't it?' Duong and Rizzo said the underlying vulnerability BEAST exploits is present in virtually all applications that use TLS 1.0, making it possible to apply the technique to monitor private communications sent through many instant messenger and Virtual Private Networking programs. Although TLS 1.1 has been available since 2006 and isn't susceptible to BEAST's chosen plaintext attack, virtually all SSL connections rely on the vulnerable TLS 1.0, according to a recent research from security firm Qualys that analyzed the SSL offerings of the top 1 million internet addresses. Chief culprits for the inertia are the Network Security Services [5] package used to implement SSL in Mozilla's Firefox and Google's Chrome browsers, and OpenSSL [6], an open-source code library that millions of websites use to deploy TLS. In something of a chicken-and-egg impasse, neither toolkit offers recent versions of TLS, presumably because the other one doesn't. ?The problem is people will not improve things unless you give them a good reason, and by a good reason I mean an exploit,? said Ivan Ristic, Qualys's director of engineering. ?It's terrible, isn't it?? While both Mozilla and the volunteers maintaining OpenSSL have yet to implement TLS 1.2 at all, Microsoft has performed only slightly better. Secure TLS versions are available in its Internet Explorer browser and IIS webserver, but not by default. Opera remains the only browser that deploys TLS 1.2 by default. Support for TLS 1.1 and 1.2 is virtually non-existent, Qualys Director of Engineering Ivan Ristic says Ristic, who presented his findings at the Black Hat security conference in August, has found additional evidence that websites often delay deploying upgrades that fix SSL security holes. His analysis found that as much as 35 percent of websites had yet to patch a separate TLS vulnerability discovered in November 2009 [7] that made it possible to inject text into encrypted traffic passing between two SSL endpoints. Researches said upgrading TLS is proving surprisingly difficult, mostly because almost every fix breaks widely used applications or technologies. A technology recently added to Google Chrome [8] that significantly reduces the time it takes websites to establish encrypted connections with end-user browsers is just one example, said cryptographer Nate Lawson, principal of the Root Labs security consultancy. Duong and Rizzo said there are many more examples. "Actually we have worked with browser and SSL vendors since early May, and every single proposed fix is incompatible with some existing SSL applications," Duong wrote. ?What prevents people is that there are too many websites and browsers out there that support only SSL 3.0 and TLS 1.0. If somebody switches his websites completely over to 1.1 or 1.2, he loses a significant part of his customers and vice versa.? ? This article was updated to add details about the amount of time required to decrypt authentication cookies. From rforno at infowarrior.org Tue Sep 20 13:37:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2011 14:37:55 -0400 Subject: [Infowarrior] - Is Yahoo Blocking People From Sending Any Email That Mentions OccupyWallSt.org? Message-ID: <5CD8D813-109C-4B9A-9EC8-1B921DAFA4A0@infowarrior.org> Is Yahoo Blocking People From Sending Any Email That Mentions OccupyWallSt.org? from the what-if-you-just-wrote-occupywallst-is-a-dumb-idea dept http://www.techdirt.com/articles/20110920/02444416023/is-yahoo-blocking-people-sending-any-email-that-mentions-occupywallstorg.shtml Zacqary Adam Green points us to the rumor that Yahoo Mail, in its infinite wisdom, has decided that no one should be allowed to send any emails that merely mention the website http://OccupyWallSt.org. That's the website of the folks currently protesting in NY. Zacqary decided to test this out and produced a video showing Yahoo sending a bunch of lorem ipsum (gibberish) text without a problem -- and then refusing to send the same text once he added the URL at the bottom. We did some testing ourselves, and it appears that the message will go through if you just type OccupyWallSt.org. But if you do the full URL, with the http:... well, then you might just be a terrorist or something. The message provided by Yahoo is that it refuses to send the email because "suspicious activity" was detected on the account and to "protect" the user, the message has not been sent. We also noted that once this happens, Yahoo starts asking you to input a captcha to send future emails. Because, um, linking to that one URL makes Yahoo claim you're a bot. Seriously, Yahoo? First off, it's troubling enough that Yahoo has apparently decided that merely mentioning a URL can have your messages blocked from being sent entirely. But almost as bad is claiming that it's to "protect" the user. Yahoo has been struggling lately to retain users. Blocking outbound messages for no good reason isn't likely to win any converts. No wonder ex-CEO Carol Bartz was fired over the phone. Perhaps Yahoo's Chairman of the Board was prevented from emailing her for his own safety... From rforno at infowarrior.org Tue Sep 20 13:42:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2011 14:42:55 -0400 Subject: [Infowarrior] - More OSX Lion hiccups Message-ID: The more I hear about OSX Lion, the more I think it's going to be a huge boon to Windows 7 (or 8) sales. I see no compelling reason to move to Lion, especially given its file system file-locking-if-its-an-old-file 'feature' and the increasing number of (IMHO) stupid security issues. Here's another one --- Password security flaws in Mac OS X Lion exposed http://www.neowin.net/news/password-security-flaws-in-mac-os-x-lion-exposed From rforno at infowarrior.org Tue Sep 20 14:22:13 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2011 15:22:13 -0400 Subject: [Infowarrior] - NYPD antiterror guide for nightclubs Message-ID: <5BEE2680-B80B-4B11-9C4D-E58013B59244@infowarrior.org> (So that last line in the extract below means that any person going on a first date or "playing the meat market" in a club might be a potential tear'ist? BE AFRAID, people! -- rick) NYPD teaches nightclubs to look out for possible terrorists with 'bulging veins in the neck' BY Erik Badia DAILY EWS STAFF WRITER Tuesday, September 20th 2011, 4:00 AM The NYPD issued a 27-page booklet called "Best Practices for Nightlife Establishments" to teach operators how to spot possible terrorists. The NYPD's updated guide to bolstering the safety of city nightclubs offers tips on how to spot patrons who are bombed - as well as those carrying bombs. The 27-page booklet, titled "Best Practices for Nightlife Establishments," advises owners to be cautious about nervous customers who are sweating profusely and with "bulging veins in the neck." < -- > http://www.nydailynews.com/ny_local/2011/09/20/2011-09-20_nypd_teaches_nightclubs_to_look_out_for_possible_terrorists_with_bulging_veins_i.html From rforno at infowarrior.org Tue Sep 20 14:23:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2011 15:23:33 -0400 Subject: [Infowarrior] - 4.2M people have a security clearance? Message-ID: Posted at 12:50 PM ET, 09/20/2011 How many security clearances have been issued? Nearly enough for everyone in the Washington area By Greg Miller http://www.washingtonpost.com/blogs/checkpoint-washington/post/how-many-security-clearances-has-the-government-issued-nearly-enough-for-everyone-in-the-washington-area/2011/09/20/gIQAMW3OiK_blog.html More than 4.2 million people have security clearances for access to classified information, a number that vastly outstrips previous estimates and nearly rivals the population of metropolitan Washington. The number was disclosed in a new report that was mandated by Congress and marks the first time that the government has produced a detailed accounting of the clearances issued to federal, military and contract employees. The official count is so much greater than previous estimates that it caught security experts off-guard. Steven Aftergood of the Federation of American Scientists said the new total is an ?astonishingly large figure? and ?another reminder of how quickly the national security bureaucracy has expanded over the past decade.? Aftergood noted in his blog that just two years ago the Government Accountability Office estimated that about 2.4 million people held clearances. The Washington region?s overall population is just under 5.5 million. The vast majority of clearance holders are federal employees or members of the U.S. armed services. But more than a million contractors also have access to classified information. Remarkably, nearly as many contractors hold top secret clearances (524,990) as do federal workers (666,008). The report, which was mandated by last year?s intelligence authorization act, also examines how long it takes for various agencies to conduct background investigations and grant clearances. The National Security Agency appears to be particularly slow, with 192 cases that are more than a year old. At least one application has been under review for nearly three years. From rforno at infowarrior.org Tue Sep 20 15:58:12 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2011 16:58:12 -0400 Subject: [Infowarrior] - U.S. companies playing by Chinese cyber-rules References: <4E78F44C.1050109@inetassoc.com> Message-ID: Begin forwarded message: > http://www.washingtonpost.com/blogs/checkpoint-washington/post/us-companies-play-by-chinese-cyber-rules/2011/09/19/gIQAAUPNgK_blog.html > > Posted at 01:00 AM ET, 09/20/2011 > > > U.S. companies playing by Chinese cyber-rules > > By Ellen Nakashima > > U.S.-based tech firms seeking access to China?s exploding population of computer users bend too easily to China?s rules of censorship and surveillance, according to a new report by SecDev Group , a think tank focused on regions at risk from violence and insecurity. > > And though the United States is at the forefront of nations supporting freedom of expression online, the report says that voluntary codes of ethical conduct so far have not worked. > > In ?Collusion and Collision: Searching for guidance in Chinese cyberspace ,? SecDev researchers criticized search engine firms for ?conforming to China?s censorship and surveillance policies? as the price of doing business in a market with 450 million Internet users. > > ?Internet companies operate in a narrow space between collusion and collision with the Chinese government,? said the Ottawa-based group, which has produced illuminating reports on vast campaigns of Chinese cyber espionage on the Dalai Lama, dissidents and other groups. > > In 2005, Yahoo complied with a request by the Chinese government to hand over information related to the private e-mail correspondence of Chinese dissidents ? including Chinese poet Shi Tao -- who were then jailed, the report said. (Yahoo later apologized. It sold its China business to Chinese tech firm Alibaba Group in 2005 but maintained a 40 percent stake in Alibaba Group.) > > Microsoft, which has e-mail, search engine and blog platform services in China, shut down a popular blog by reporter Zhao Jing at the government?s request in 2005, the report stated. And like Yahoo, Microsoft has complied with government requests to filter online content, the report said. > > Microsoft ?both respects local authority and culture and makes clear that we have differences of opinion with official content management policies,? a company spokeswoman told SecDev, in a quote included in the report.. > > Router firm Cisco was also the subject of scrutiny. ?Irrefutable evidence has surfaced that Cisco hardware is a critical component of China?s online surveillance system,? the report said. (Cisco has said in other news reports that its equipment is built to global standards and not customized for use in any particular nation.) > > One company -- Google -- bucked the trend, opting to shutter its search engine business on the mainland rather than continue to censor at the government?s request, SecDev noted. The firm did so after discovering that China had hacked into its computer networks and stolen valuable intellectual property, while also compromising e-mail accounts of dissidents. > > As a result of its decision, however, Google has paid a price. Microsoft has moved in, partnered with Chinese search engine Baidu and grabbed more of the market. > > The SecDev report applauds U.S. policy as articulated by Secretary of State Hillary Rodham Clinton, who has aligned Franklin D. Roosevelt?s four freedoms ? freedom of speech, freedom of religion, freedom from fear and freedom from want ? with a fifth: freedom of expression online. > > But voluntary codes of ethical behavior have not worked, SecDev concludes. The think tank urged a new approach: legally enforceable, binding, specific commitments. What is needed, it said, were polices that ensure that U.S.-based businesses operate ethically at home and abroad. > > ?As responsible corporate citizens, these companies ?as well as their home governments?cannot continue ?business as usual,? ? said Rafal Rohozinski, founder and chief executive of the SecDev Group. > > > From rforno at infowarrior.org Tue Sep 20 16:16:23 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2011 17:16:23 -0400 Subject: [Infowarrior] - Press Starts to Doubt Anti-Piracy Propaganda Machine Message-ID: <39AA5755-029F-4237-827B-24316F9D028C@infowarrior.org> Press Starts to Doubt Anti-Piracy Propaganda Machine ? Ernesto ? September 20, 2011 http://torrentfreak.com/press-starts-to-doubt-anti-piracy-propaganda-machine-110920/ The anti-piracy lobby group AFACT just championed a study which claims that nearly all of the popular files on BitTorrent point to infringing material. Although the study in question is probably not far off, the press-release of the anti-piracy group has been met with more doubt than ever before. Slowly journalists are starting to reflect on the ongoing propaganda stream from anti-piracy outfits, and some are even brave enough to call them out on it. Last week the MPAA-supported lobby group AFACT released a study claiming that 72 percent of people would stop downloading infringing content if their Internet provider warned them. The results claimed to support the effectiveness of a 3-strikes system for copyright infringers, but those who took a closer look saw that this was not the case. As we pointed out, the results could also show that none of the current file-sharers would be deterred, as the question was also answered by the 78 percent of people who don?t even use file-sharing software. The press release was nothing more that a cheap and misleading marketing stunt and it?s tricks like this that are causing the anti-piracy lobby to lose credibility at a rapid pace. Just a few hours ago AFACT came out with another press release. This time they plug the results of a study they appear to be unrelated to, conducted by the University of Ballarat?s Internet Commerce Security Laboratory (ICSL). These are the same researchers who released some rather incompetent reports in the past, but their latest study shows signs of improvement. As AFACT is happy to point out, the researchers conclude that 97.2 percent of the most popular files on BitTorrent are infringing (and that a lot are faked). Although this conclusion is probably not too far off, not all journalists are eager to pick it up as some are starting to see that AFACT has a habit of twisting the truth. In a piece titled ?Fooling some of the media, some of the time,? Canberra Times journalist Myles Peterson explains his concerns. When Peterson received the three-strikes study press release last week he couldn?t help but notice that News Corp newspapers received the details before ?regular? journalists did. Yes indeed, that is the same News Corp organization that is a partner of anti-piracy groups such as IPAF, DEAA and AFACT. ?Last Monday, The Australian ran a full-court press in print and online dubbed ?Piracy, the disease that?s crippling our creative industries?, comprising a number of articles from various angles, all attacking the scourge of online file sharing. Articles also appeared in News Corp tabloids The Adelaide Advertiser and The Daily Telegraph,? Peterson writes. ?That?s odd, I thought. The avalanche of coverage seemed to disproportionately reference the new study. Would a media outlet co-operate with a lobby group to generate mass coverage of a topic, I wondered.? While following up on the study, Petersen noticed that various Australian anti-piracy outfits are conveniently sharing personnel. This, added with the recent Wikileaks revelation that the MPAA is the driving force behind these groups, lead to further doubts. They were only heightened when the obvious flaws in the ?independent? study were pointed out by us. Using journalists in a propaganda war orchestrated by foreign companies wasn?t a very pleasant thought to Petersen. ?The story behind the stories, both those that appeared in News Corp media and TorrentFreak?s balancing rebuttal, stayed with me, as did a series of worrying questions. Are AFACT, the DEAA and IPAF being co-ordinated by the same group of people? Are these people being directed by the Motion Picture Association of America, as the WikiLeaks cable suggested? ? he writes. ?What stuck with me most was a similar concern to one uttered recently by Australian Greens leader Senator Bob Brown. Did a group of journalists put together a press campaign based on a biased study supplied by a lobby group that represents their own employer?? And if that?s not bad enough, in a few days the anti-piracy outfits have a meeting at the Federal General Attorney?s office to push their agenda at the highest level. The fear is that this talk will be far from balanced, and we can only hope that the hosts will be able to see through it. ?When our federal lawyers host these lobby groups at the end of the week, I hope they cast a more critical eye over any research presented than certain media outlets did. I also hope they are able to work out which person in the room represents the ACIG, AFACT, DEAA, IPAF, MPA, MPAA or all of the above,? Petersen concludes. The good news is that the piece in the Canberra Times shows that not all journalists are indirectly working for the MPAA. Increasingly, we see skepticism towards the continuous stream of anti-piracy propaganda and more room for a sensible discussion about the topics at stake. Perhaps the tide is turning? From rforno at infowarrior.org Tue Sep 20 16:28:16 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2011 17:28:16 -0400 Subject: [Infowarrior] - Smart meters reveal TV viewing habits Message-ID: 20 September 2011, 15:59 Smart meters reveal TV viewing habits http://www.h-online.com/security/news/item/Smart-meters-reveal-TV-viewing-habits-1346385.html Researchers at the M?nster University of Applied Sciences have discovered that it is possible to use electricity usage data from smart electricity meters to determine which programmes consumers are watching on a standard TV set. The experiments were carried out as part of the state-funded DaPriM (data privacy management) project. By analysing electricity consumption patterns, it is, in principle, also possible to identify films played from a DVD or other source. Light and dark passages in these films, large volumes of data, and a minimum of interference from other devices are the key to performing this analysis. The group's experiments used data from a standard EasyMeter smart meter installed in a normal home. The meter sends electricity usage data to a server every two seconds. The customer profile on the supplier's web server shows the household's total consumption, from which it is possible to extract and analyse TV viewing data. Until now, the general assumption has been that it would be possible to use typical electricity consumption data from the smart meter for different appliances to determine whether a customer had prepared his or her dinner in the microwave, on the hob or in the oven, but nothing more. That possibility had already spurred data protection officials in the USA, where smart meters are already widely used, into action ? they demanded precise regulations on how electricity meters deal with and protect collected data. Second by second data transfer makes it possible to carry out much finer analysis. In the opinion of the M?nster-based research team, this calls for a tightening of data protection regulations. One solution might be to increase the polling interval or simply to transfer a statistical summary to the electricity generator or provider. This would make the high resolution consumption data required for close analysis unavailable. Either way, the consumer is reliant on the provider taking the appropriate measures. From rforno at infowarrior.org Tue Sep 20 21:01:01 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Sep 2011 22:01:01 -0400 Subject: [Infowarrior] - OnStar Tracks Your Car Even When You Cancel Service Message-ID: OnStar Tracks Your Car Even When You Cancel Service ? By David Kravets ? September 20, 2011 | ? 8:04 pm | ? Categories: Surveillance, privacy http://www.wired.com/threatlevel/2011/09/onstar-tracks-you/ Navigation-and-emergency-services company OnStar is notifying its six million account holders that it will keep a complete accounting of the speed and location of OnStar-equipped vehicles, even for drivers who discontinue monthly service. OnStar began e-mailing customers Monday about its update to the privacy policy, which grants OnStar the right to sell that GPS-derived data in an anonymized format. Adam Denison, a spokesman for the General Motors subsidiary, said OnStar does not currently sell customer data, but it reserves that right. He said both the new and old privacy policies allow OnStar to chronicle a vehicle?s every movement and its speed, though it?s not clear where that?s stated in the old policy. ?What?s changed [is that if] you want to cancel your OnStar service, we are going to maintain a two-way connection to your vehicle unless the customer says otherwise,? Denison said in a telephone interview. The connection will continue, he said, to make it ?easier to re-enroll? in the program, which charges plans from $19 to $29 monthly for help with navigation and emergencies. The privacy changes take effect in December, Denison said, adding that the policy reinforces the company?s right to sell anonymized data. ?We hear from organizations periodically requesting our information,? he said. He said an example of how the data might be used would be for the Michigan Department of Transportation ?to get a feel for traffic usage on a specific section of freeway.? The policy also allows the data to be used for marketing purposes by OnStar and vehicle manufacturers. Collecting location and speed data via GPS might also create a treasure trove of data that could be used in criminal and civil cases. One could also imagine an eager police chief acquiring the data to issue speeding tickets en masse. Jonathan Zdziarski, an Ohio forensics scientist, blogged about the new terms Tuesday. In a telephone interview, he said he was canceling his service and making sure he was being disconnected from OnStar?s network. He said the new privacy policy goes too far. ?They added a bullet point allowing them to collect any data for any purpose,? he said. From rforno at infowarrior.org Wed Sep 21 00:57:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Sep 2011 01:57:49 -0400 Subject: [Infowarrior] - Using plastic to pay Anthem bill? Prepare to lose your coverage Message-ID: <8241D995-727E-49EF-9FD1-0160A7F2546A@infowarrior.org> Using plastic to pay Anthem bill? Prepare to lose your coverage Notice of cancellation was a shock to one policyholder who had been making automatic payments with her credit card. It's just one case involving a policy switch at the health insurer. http://www.latimes.com/business/la-fi-lazarus-20110920,0,2211923.column By David Lazarus September 20, 2011 Andrea Kreuzhage is the kind of customer all health insurers dream of having. She's in excellent shape, never submits medical claims and pays all her bills on time. So, of course, Anthem Blue Cross canceled her coverage last week. This is the latest twist in Anthem's decision to no longer allow members to make automatic payments with credit cards. As Kreuzhage's case illustrates, it may not be a smooth transition for many people. She was told by the company that she was joining the ranks of the uninsured because she didn't pay her bill. "This occurred either because Blue Cross did not receive your premium within 31 days of the premium due date, or because we did not receive sufficient funds to cover your premium," Kreuzhage, 48, was informed by letter. "I was shivering when I read this," the Baldwin Hills documentary filmmaker told me. "I had done everything right. I had never missed a payment. And yet now I had no health insurance for the first time in my life. It felt like doomsday." It wasn't doomsday. It was just an example of a major corporation turning the screws on a customer to get what it wanted. In this case, what it wanted was access to Kreuzhage's checking account, rather than her credit card account. Anthem announced a few months ago that it planned to stop allowing members to automatically pay their bills by credit card. For those still wanting to use plastic, they could call a service rep each month and give their card number over the phone, although this would entail a $15 "convenience fee." After I first reported the policy change, for which Anthem repeatedly declined to provide a rationale, many readers speculated that the insurer may be trying to dodge costly credit card processing fees. Some also wondered whether Anthem was trying to make it easier to get rid of members who might miss a payment. The company said it would reconsider the $15 fee only after I reported that California law says no business "in any sales, service or lease transaction with a consumer may impose a surcharge on a cardholder who elects to use a credit card in lieu of payment by cash, check or similar means." A spokeswoman for Atty. Gen. Kamala D. Harris said state officials were concerned about Anthem's move and would "monitor the situation and make sure health consumers are protected." Kreuzhage has been making automatic payments to the company by credit card for more than a decade. "It's more convenient," she said. "I never have to worry about missing a payment." But after receiving the letter about her coverage being canceled, Kreuzhage called Anthem and was told that the insurer was no longer charging premiums to her credit card. Nobody at Anthem had called to warn her that her bill wasn't being paid, she said. The company didn't bother to send an email. It just waited for 30 days to pass and then cut off Kreuzhage's coverage. After pointing out to a service rep that she'd been a customer in good standing since 1995, Kreuzhage succeeded in getting her coverage restored. But only if she agreed to have all future bills deducted from her checking account. Kreuzhage felt as if she was being muscled, but she was determined to do whatever Anthem wanted for her to remain insured. "I've tried to explain to my friends and family in Europe how the healthcare system works here," Kreuzhage said. "They just can't conceive of a system that works like this." Indeed, people in other countries are often mystified by the United States' position that healthcare is a privilege and not a right, and that for-profit insurance companies get to decide who has access to treatment and who doesn't. An Anthem spokeswoman, Kristin Binns, was unable to comment on Kreuzhage's experience for privacy reasons. But she acknowledged that the company stopped allowing automatic credit card payments as of Aug. 1. She also said the $15 fee for using plastic remains on hold ? a move that appears to get around the California law prohibiting surcharges for using a credit card. So here we are. By allowing only automatic payments from checking accounts, Anthem has clearly tipped the scales in the company's favor. Sure, you can still pay by credit card. But you have to remember to call in every month to do so. If you forget, your coverage can disappear. Kreuzhage, for one, has learned her lesson. She's forked over the checking account number that Anthem wanted all along and now approaches her health insurance with a renewed sense of humility. "If this is how they treat me when things are perfect, when I file no claims, how are they going to treat me if I ever have a serious medical problem?" Kreuzhage asked. She probably doesn't want to know. David Lazarus' column runs Tuesdays and Fridays. He also can be seen daily on KTLA-TV Channel 5. Send your tips or feedback to david.lazarus at latimes.com From rforno at infowarrior.org Wed Sep 21 16:46:18 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Sep 2011 17:46:18 -0400 Subject: [Infowarrior] - Appeals Court OKs Challenge to Warrantless Electronic Spying Message-ID: Appeals Court OKs Challenge to Warrantless Electronic Spying ? By David Kravets ? September 21, 2011 | ? 4:01 pm | ? Categories: Surveillance, privacy http://www.wired.com/threatlevel/2011/09/fisa-amendment-challenge/ A legal challenge questioning the constitutionality of a federal law authorizing warrantless electronic surveillance of Americans inched a step closer Wednesday toward resolution. The 2nd U.S. Circuit Court of Appeals for the second time rejected the Obama administration?s contention that it should toss a lawsuit challenging the 2008 Foreign Intelligence Surveillance Amendments Act. Among other things, the government said the plaintiffs ? Global Fund for Women, Global Rights, Human Rights Watch, International Criminal Defence Attorneys Association, The Nation magazine, PEN American Center, Service Employees International Union and others ? don?t have standing to bring a constitutional challenge because they cannot demonstrate that they were subject to the eavesdropping or suffered hardships because of it. The lawsuit, backed by the American Civil Liberties Union, was lodged within hours of the FISA Amendments Act (.pdf) being signed into law by President George W. Bush in July 2008. The legislation is being challenged because it allows the National Security Agency to electronically eavesdrop on Americans without a probable-cause warrant if one of the parties to the communication resides outside the United States and is suspected of a link to terrorism. ?It is the glory of our system that even our elected leaders must defend the legality of their conduct when challenged,? (.pdf) Judge Gerard Lynch wrote for the divided court. In a 6-6 vote, the New York-based appeals court let stand its March decision allowing the case to proceed. A majority vote of the court?s active judges is required to rehear cases. After three years of litigation over whether the plaintiffs had standing, the merits of the case could soon be litigated in a New York federal court. That is, if the Supreme Court does not intervene or the administration does not play its trump card: an assertion of the powerful state secrets privilege that lets the executive branch effectively kill lawsuits by claiming they threaten to expose national security secrets. The courts tend to defer to such claims. But in a rare exception in 2008, a San Francisco federal judge refused to throw out a wiretapping lawsuit against AT&T under the state secrets privilege. The AT&T lawsuit was later killed anyway, because the same FISA Amendments Act also granted the phone companies retroactive legal immunity for their alleged participation in warrantless wiretapping of Americans? internet communications. The Electronic Frontier Foundation claims the spying is ongoing and telecoms are siphoning all electronic communications to the National Security Agency without warrants. An EFF lawsuit challenging the immunity is on appeal at the San Francisco-based 9th U.S. Circuit Court of Appeals. The FISA Amendments Act ? which passed with the support of then-senator Barack Obama ? generally requires the Foreign Intelligence Surveillance Act Court to rubber-stamp terror-related electronic surveillance requests. The government does not have to identify the target or facility to be monitored. It can begin surveillance a week before making the request, and the surveillance can continue during the appeals process, in the rare instance of rejection by the secret FISA court. The FISA Act, first enacted in 1978 in the wake of disclosures about abuses of intelligence powers to spy on Americans, previously required targeted warrants for any spying directed at American citizens. The plaintiffs in the 2nd Circuit case claim the legislation chills their speech, and violates their Fourth Amendment privacy rights. In a bid to win standing, they argued that they often work with overseas dissidents who might be targets of the National Security Agency program. So instead of speaking with those people on the phone or through e-mails, the groups asserted that they have had to make expensive overseas trips in a bid to maintain attorney-client confidentiality. From rforno at infowarrior.org Thu Sep 22 07:07:24 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Sep 2011 08:07:24 -0400 Subject: [Infowarrior] - Idea: Fair trade music Message-ID: <6E78B53F-AC96-4953-815D-75BEBB5D7236@infowarrior.org> Fair trade music http://newmusicstrategies.com/2011/09/22/fair-trade-music/ At New Music Strategies, we?ve been thinking about an idea that we believe would be really helpful for music marketing, would contribute toward ethical and sustainable practices for musicians and music businesses, and which we believe consumers would get behind. We were talking this week about the fact that many people (on all sides of the digital copyright debate) speak about their relationship with music consumption as having an ethical and moral dimension. People talk about how they like to ?support the artist? in certain instances ? whether it?s that they are fans of a specific artist and want to see them create more works, or that they have a more general sense of obligation, gratitude or individual ethics when it comes to online music purchasing. Most people seem to be conflicted ? not sure what impact their decision to download unauthorised content might have, or whether it makes any difference at all. Some feel that there is an element of protest and ethical civil disobedience in their decision to download music released by multinational corporations, or music represented by organisations who support the disproportionate legal action against music fans. Some artists are known to be in an exploitative relationship with the record label and wouldn?t necessarily get paid anyway. And it?s even more complicated than that too, when you consider the treatment of contributing (but not featured) artists, sustainable use of materials in manufacture ? and the durations and conditions within contracts that may be considered unfair. So we came up with the notion of Fair Trade Music. The idea We thought it would be interesting to develop and implement an online benchmarking process that would set a series of criteria up as representing ethical, sustainable music industry practices that parallel the ethical trading standards set by Fair Trade grocery items. We thought it would be important to make it so that consumers had the opportunity to easily choose Fair Trade alternatives, just as there are Organic Food sections in supermarkets. We would love to see a Fair Trade Music section in Amazon and on iTunes as well as elsewhere online and off. We believe that just as they do with Fairtrade groceries, consumers would be encouraged to consider the practices that support the music that they buy, and make decisions informed by those practices. Fair trade music need not necessarily be more expensive ? in fact, it may actually be cheaper than the alternatives, but they would represent not just a better deal for the featured artist, but a more sustainable and less exploitative music industry overall. We do not pretend to know or have a grasp of all of the criteria that would ideally be included as part of the benchmarking process. We think that would need to be negotiated amongst all interested parties, and conducted as part of a proper research project. Our idea was to consult with a range of consumers, musicians and music industry workers to try and ascertain what those criteria would be for Fair Trade in the music sector ? whether it be that record label deals offered artists a particular split of the proceeds, that contracts were only of a certain duration, that artists had a certain degree of creative control unfettered by commercial imperatives, that CD covers were made of renewable resources? stuff like that. The plan Stage one would be to figure out the parameters. What exactly would constitute ?Fair Trade? in music releases? In live music events? That?s the research phase. Stage two would be to design and implement the database and registration process as well as way in which the labelling could be implemented. This would be the prototype phase. Stage three would be to promote and ensure its adoption. This is the implementation phase. Partnering possibilities There are a number of organisations that we think would perhaps be interested in exploring these ideas ? from organisations that represent the interests of musicians to consumer information groups, universities and music schools, creative industry business groups and so on. We believe that the system would act as a great marketing tool for genuinely ethical music producers and labels, an incentive for music companies that come close to the benchmark to go that extra mile, and an extra incentive for music purchasers (as well as some clarity and transparency about where their money will go). Our idea is to develop the benchmarking system and online registration, pitch the idea to online (and offline) retailers, but create the register as an open database of music releases (and possibly even live music promoters and events) that fall under the Fair Trade music banner. We do not wish to set up a new retail outlet to compete with existing offerings, but rather establish an open system for marking music that does get sold in existing retailers as offering an ethical music purchasing choice. This would enable consumers to make informed choices about where their money goes, and would encourage record labels who wish for their releases to be considered fair trade as a marketing strategy to have transparent and sustainable agreements with the artists they release. We?d love to hear your thoughts about this, and look forward to the conversation that follows. PUBLIC DOMAIN NOTICE: All written content (excluding user comments) published on this website prior to 1st January 2011 is now entirely without copyright. You are free to use it for any purpose, commercial or otherwise, without restriction and without the need for permission. No rights reserved. From rforno at infowarrior.org Thu Sep 22 07:33:08 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Sep 2011 08:33:08 -0400 Subject: [Infowarrior] - =?windows-1252?q?Movie_Institute_Feels_Pain_Of_IP?= =?windows-1252?q?_Address-Only_Piracy_=91Evidence=92?= Message-ID: <02019414-0EE9-4E95-9DCA-83106064B1BF@infowarrior.org> Movie Institute Feels Pain Of IP Address-Only Piracy ?Evidence? ? enigmax ? September 22, 2011 http://torrentfreak.com/movie-institute-feels-pain-of-ip-address-only-piracy-evidence-110922/ The Swedish Film Institute (SFI) is in the middle of a crisis after an anti-piracy company revealed that it had tracked several leaked movies on The Pirate Bay back to its servers. Desperate to deflect the accusations, today the SFI made a long statement. It turned out to be a perfect illustration that allegations of piracy based on an IP address and nothing else, simply must be backed up by something more solid. Early September it came to light that the Swedish Film Institute (SFI) was being sucked into a scandal. While monitoring movies leaked to The Pirate Bay, anti-piracy company DoubleTrace said it had discovered that IP addresses in the BitTorrent swarms belonged to none other than the SFI. The drama only escalated when Sweden?s Ministry of Culture and angry movie-industry figures became involved. After first playing down the news, SFI managing director Bengt Toll later made an announcement which indicated that following an internal audit of firewalls and other logs, no wrong-doing could be found. Considering the embarrassment of becoming the focus of movie piracy allegations and the importance of dealing with them effectively, some might look at SFI?s initial denial and say, ?Well they would say that, wouldn?t they?? But let?s slow down and take a look at information made available today by the Institute. Although SFI acknowledge that the IP address (or addresses) logged by DoubleTrace does indeed belong to them, they reveal that it?s hardly trivial to discover the real-life person behind it. Not only do all of SFI?s staff share that IP, but several tenants (such as film and TV producers) do too. And visitors to their library, and visitors to some of their cinemas, and diners in the restaurant, not to mention those using the open WiFi in the cafe and foyer areas. As indicated by the way they have been proactive in this case by calling in the police, the SFI really seem to want to get to the bottom of the allegations. They say they have firewall logs that could show when and from where in their infrastructure the movies were being shared. But ? and little surprise here ? DoubleTrace, the anti-piracy company behind the allegations, aren?t being forthcoming with their evidence. ?The week before the incident became public we carried out intensive work in which we asked the information technology company DoubleTrace AB and production company Strix to show us the data that they claim to have, to get a chance to see if the sharing actually took place here, and if so, from where,? the SFI explains. ?Since we are being denied the material it means that we can not verify whether the information is correct.? In an effort to show how it has attempted to find the source of the problem, SFI goes on to list a whole range of activities carried out to locate any infringement including searching all PCs, servers, networks and logs, calling in auditors, advising the Ministry of Culture and engaging the wider film industry. As previously detailed, the police were also called in to investigate and are apparently concentrating on the illegal distribution of four films. Their focus is said to be on the illegal activities, not the SFI themselves, yet because the SFI?s IP address was allegedly used to carry out the uploads, they are getting all the bad press. Now, it?s certainly possible that the SFI person who handles the Internet account could be responsible for the uploads, but equally a passing Pirate Bay fan with access to the free cafe WiFI could have carried out the offenses too. Maybe it was more than one person, maybe DoubleTrace?s systems screwed up ? who knows? The important thing here is that when it comes to the allegations against SFI, and the refusal of the anti-piracy company to make their ?evidence? available, SFI should be given the benefit of the doubt. But, unlike the hundreds of thousands of other ISP account holders around the world who receive letters claiming that they illegally uploaded a movie or song and therefore should pay compensation or, increasingly, be disconnected from the Internet, they are treated more respectfully, quite simply because of who they are. An IP address is not a person, and unless anti-piracy companies want to let their ?evidence? be seen and tested in public, perhaps it?s better if they keep their allegations to themselves. From rforno at infowarrior.org Thu Sep 22 07:44:56 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Sep 2011 08:44:56 -0400 Subject: [Infowarrior] - Zumwalts Get Seawolfed Message-ID: <4E848CD8-FA2E-4A60-83EB-7EB04E28A114@infowarrior.org> http://www.strategypage.com/htmw/htsurf/articles/20110921.aspx Zumwalts Get Seawolfed September 21, 2011: After many close calls and threats of cancellation, the U.S. Navy believes it has found the money to complete construction of the second and third DDG 1000 Zumwalt class destroyers. These ships were to be the next generation of destroyers. Design began in the early 1990s as a search for a radical new design for 21st century warships. These post-Cold War vessels were to be unique warships of the future. While lower cost was one of the objectives, it was skyrocketing costs, more than anything else, that killed the effort to build 32 of these ships. Now there will only be three, and maybe only one, if Congress disagrees with the admirals. Three years ago, the U.S. Navy ordered the first two DDG 1000s, at a projected cost $3.3 billion each. At that point, the navy was only planning to buy seven Zumwalts. Since then, the buy has been reduced to three ships, and the cost (partly because R&D had to be spread over fewer ships) escalated to $6.6 billion a ship. That's more than the last, 100,000 ton, Nimitz class aircraft carrier cost ($6.2 billion, in 2009). Until the recent decision, only the construction of the first one was assured. Cutting the buy to seven ships, and then to three, was only partly due to the escalating costs. There was also the growing realization that the Zumwalts were seen as the wrong ship, at the wrong time. For one thing, the navy was eager to build more of the older, and cheaper, DDG 51s, which had proven highly capable, especially when they underwent an inexpensive modification that gave them the ability to shoot down ballistic missiles. There was talk of tweaking the DDG 51 design a bit, and forgetting all about DDG 1000. The DDG 51 is back in production, and only three DDG 1000s will be built. The navy will then be able to see just how successful, or not, this new design actually was. Meanwhile, the navy knows that the DDG 51s work well, which is why so many admirals, and sailors, wanted more of them. Most importantly, the new DDG 51s cost less than a quarter what a DDG 1000 goes for. Thus there are 15 new DDG 51s on order, and upgrades to existing ones will keep them in service for at least 40 years. The Bueke?s began entering service just as the Cold War ended. Compared to the previous class of American destroyers (the DDG 51s), the Zumwalts are very different. The DDG 51s displaced 9,200 tons and had a crew of 281. The DDG 1000s displace 14,000 tons and have a crew of 142. The DDG 1000s are stealthy and carry a larger gun (two automated, long range 155mm weapons). It also has 80 vertical cells for anti-aircraft, land attack and anti-ship missiles. It can carry one or two helicopters, plus three RQ-8A helicopter UAVs. The DDG 1000s are highly automated and are crammed with the latest electronics. The first DDG 1000 will enter service in four years. This is the second new ship design that the U.S. Navy has had to back off on since the end of the Cold War. In 1995, the U.S. Navy cancelled mass production of the new Seawolf SSNs (nuclear attack boats). Designed at the end of the Cold War, the Seaworls were too expensive for the post-Cold War navy, and only three were built. A new, cheaper, Virginia class SSN was designed and put into mass production, to replace the aging Los Angeles class boats. From rforno at infowarrior.org Thu Sep 22 10:49:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Sep 2011 11:49:49 -0400 Subject: [Infowarrior] - At CIA, Climate Change is a Secret Message-ID: <65C614F6-714A-45A8-B6D9-5CD16D90A8CD@infowarrior.org> At CIA, Climate Change is a Secret September 22nd, 2011 by Steven Aftergood http://www.fas.org/blog/secrecy/2011/09/cia_climate.html When the Central Intelligence Agency established a Center on Climate Change and National Security in 2009, it drew fierce opposition from congressional Republicans who disputed the need for an intelligence initiative on this topic. But now there is a different, and possibly better, reason to doubt the value of the Center: It has adopted an extreme view of classification policy which holds that everything the Center does is a national security secret. Last week, the CIA categorically denied (pdf) a request under the Freedom of Information Act for a copy of any Center studies or reports concerning the impacts of global warming. ?We completed a thorough search for records responsive to your request and located material that we determined is currently and properly classified and must be denied in its entirety?,? wrote CIA?s Susan Viscuso to requester Jeffrey Richelson, an intelligence historian affiliated with the National Security Archive. With some effort, one can imagine records related to climate change that would be properly classified. Such records might, for example, include information that was derived from classified collection methods or sources that could be compromised by their disclosure. Or perhaps such records might present analysis reflecting imminent threats to national security that would be exacerbated rather than corrected by publicizing them. But that?s not what CIA said. Rather, it said that all of the Center?s work is classified and there is not even a single study, or a single passage in a single study, that could be released without damage to national security. That?s a familiar song, and it became tiresome long ago. But in this case, it is more than an annoyance. The CIA response indicates a fundamental lack of discernment that calls into question the integrity of the Center on Climate Change, if not the Agency as a whole. If the CIA really thinks (or pretends to think) that every document produced by the Center constitutes a potential threat to national security, who can expect the Center to say anything intelligent or useful about climate change? Security robots cannot help us navigate the environmental challenges ahead. Better to allocate the scarce resources to others who can. Meanwhile, access by scientists to classified military intelligence data on the environment has actually been improving lately, reports Geoff Brumfiel in the latest edition of Nature (?Military surveillance data: Shared intelligence,? 21 September 2011, sub. req?d). Among other things, the Clinton-Gore era group of cleared scientists known as MEDEA (Measurements of Earth Data for Environmental Analysis) was reconvened in 2008 at congressional request. A Federation of American Scientists proposal to expand public access to unclassified open source intelligence products (?Open Up Open Source Intelligence,? Secrecy News, August 24) did not find favor with the White House. Nothing like it was included in the new U.S. National Action Plan (pdf) for the Open Government Partnership, which mostly elaborates and restates previous commitments. From rforno at infowarrior.org Thu Sep 22 14:44:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Sep 2011 15:44:54 -0400 Subject: [Infowarrior] - Particles found to break speed of light Message-ID: <702A3579-7959-4289-ABAA-C8BBF6130FB2@infowarrior.org> UPDATE 1-Particles found to break speed of light By Robert Evans http://www.reuters.com/article/2011/09/22/science-light-idUSL5E7KM4CW20110922 GENEVA, Sept 22 (Reuters) - An international team of scientists said on Thursday they had recorded sub-atomic particles travelling faster than light -- a finding that could overturn one of Einstein's long-accepted fundamental laws of the universe. Antonio Ereditato, spokesman for the researchers, told Reuters that measurements taken over three years showed neutrinos pumped from CERN near Geneva to Gran Sasso in Italy had arrived 60 nanoseconds quicker than light would have done. "We have high confidence in our results. We have checked and rechecked for anything that could have distorted our measurements but we found nothing," he said. "We now want colleagues to check them independently." If confirmed, the discovery would undermine Albert Einstein's 1905 theory of special relativity, which says that the speed of light is a "cosmic constant" and that nothing in the universe can travel faster. That assertion, which has withstood over a century of testing, is one of the key elements of the so-called Standard Model of physics, which attempts to describe the way the universe and everything in it works. The totally unexpected finding emerged from research by a physicists working on an experiment dubbed OPERA run jointly by the CERN particle research centre near Geneva and the Gran Sasso Laboratory in central Italy. A total of 15,000 beams of neutrinos -- tiny particles that pervade the cosmos -- were fired over a period of 3 years from CERN towards Gran Sasso 730 (500 miles) km away, where they were picked up by giant detectors. Light would have covered the distance in around 2.4 thousandths of a second, but the neutrinos took 60 nanoseconds -- or 60 billionths of a second -- less than light beams would have taken. "It is a tiny difference," said Ereditato, who also works at Berne University in Switzerland, "but conceptually it is incredibly important. The finding is so startling that, for the moment, everybody should be very prudent." Ereditato declined to speculate on what it might mean if other physicists, who will be officially informed of the discovery at a meeting in CERN on Friday, found that OPERA's measurements were correct. "I just don't want to think of the implications," he told Reuters. "We are scientists and work with what we know." Much science-fiction literature is based on the idea that, if the light-speed barrier can be overcome, time travel might theoretically become possible. The existence of the neutrino, an elementary sub-atomic particle with a tiny amount of mass created in radioactive decay or in nuclear reactions such as those in the Sun, was first confirmed in 1934, but it still mystifies researchers. It can pass through most matter undetected, even over long distances, and without being affected. Millions pass through the human body every day, scientists say. To reach Gran Sasso, the neutrinos pushed out from a special installation at CERN -- also home to the Large Hadron Collider probing the origins of the universe -- have to pass through water, air and rock. The underground Italian laboratory, some 120 km (75 miles) to the south of Rome, is the largest of its type in the world for particle physics and cosmic research. Around 750 scientists from 22 different countries work there, attracted by the possibility of staging experiments in its three massive halls, protected from cosmic rays by some 1,400 metres (4,200 feet) of rock overhead. (Reporting by Robert Evans; Editing by Tom Miles and Kevin Liffey) From rforno at infowarrior.org Thu Sep 22 14:47:52 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Sep 2011 15:47:52 -0400 Subject: [Infowarrior] - 'Stingray' Phone Tracker Fuels Constitutional Clash Message-ID: SEPTEMBER 22, 2011 'Stingray' Phone Tracker Fuels Constitutional Clash By JENNIFER VALENTINO-DEVRIES http://online.wsj.com/article/SB10001424053111904194604576583112723197574.html For more than a year, federal authorities pursued a man they called simply "the Hacker." Only after using a little known cellphone-tracking device?a stingray?were they able to zero in on a California home and make the arrest. Stingrays are designed to locate a mobile phone even when it's not being used to make a call. The Federal Bureau of Investigation considers the devices to be so critical that it has a policy of deleting the data gathered in their use, mainly to keep suspects in the dark about their capabilities, an FBI official told The Wall Street Journal in response to inquiries. A stingray's role in nabbing the alleged "Hacker"?Daniel David Rigmaiden?is shaping up as a possible test of the legal standards for using these devices in investigations. The FBI says it obtains appropriate court approval to use the device. Stingrays are one of several new technologies used by law enforcement to track people's locations, often without a search warrant. These techniques are driving a constitutional debate about whether the Fourth Amendment, which prohibits unreasonable searches and seizures, but which was written before the digital age, is keeping pace with the times. On Nov. 8, the Supreme Court will hear arguments over whether or not police need a warrant before secretly installing a GPS device on a suspect's car and tracking him for an extended period. In both the Senate and House, new bills would require a warrant before tracking a cellphone's location. More ? Key Documents in 'Stingray' Case ? Digits: How 'Stingray' Devices Work ? Digits: How Technology Is Testing the Fourth Amendment And on Thursday in U.S. District Court of Arizona, Judge David G. Campbell is set to hear a request by Mr. Rigmaiden, who is facing fraud charges, to have information about the government's secret techniques disclosed to him so he can use it in his defense. Mr. Rigmaiden maintains his innocence and says that using stingrays to locate devices in homes without a valid warrant "disregards the United States Constitution" and is illegal. His argument has caught the judge's attention. In a February hearing, according to a transcript, Judge Campbell asked the prosecutor, "Were there warrants obtained in connection with the use of this device?" The prosecutor, Frederick A. Battista, said the government obtained a "court order that satisfied [the] language" in the federal law on warrants. The judge then asked how an order or warrant could have been obtained without telling the judge what technology was being used. Mr. Battista said: "It was a standard practice, your honor." Judge Campbell responded that it "can be litigated whether those orders were appropriate." On Thursday the government will argue it should be able to withhold details about the tool used to locate Mr. Rigmaiden, according to documents filed by the prosecution. In a statement to the Journal, Sherry Sabol, Chief of the Science & Technology Office for the FBI's Office of General Counsel, says that information about stingrays and related technology is "considered Law Enforcement Sensitive, since its public release could harm law enforcement efforts by compromising future use of the equipment." The prosecutor, Mr. Battista, told the judge that the government worries that disclosure would make the gear "subject to being defeated or avoided or detected." A stingray works by mimicking a cellphone tower, getting a phone to connect to it and measuring signals from the phone. It lets the stingray operator "ping," or send a signal to, a phone and locate it as long as it is powered on, according to documents reviewed by the Journal. The device has various uses, including helping police locate suspects and aiding search-and-rescue teams in finding people lost in remote areas or buried in rubble after an accident. The government says "stingray" is a generic term. In Mr. Rigmaiden's case it remains unclear which device or devices were actually used. The best known stingray maker is Florida-based defense contractor Harris Corp. A spokesman for Harris declined to comment. Harris holds trademarks registered between 2002 and 2008 on several devices, including the StingRay, StingRay II, AmberJack, KingFish, TriggerFish and LoggerHead. Similar devices are available from other manufacturers. According to a Harris document, its devices are sold only to law-enforcement and government agencies. Some of the gadgets look surprisingly old-fashioned, with a smattering of switches and lights scattered across a panel roughly the size of a shoebox, according to photos of a Harris-made StingRay reviewed by the Journal. The devices can be carried by hand or mounted in cars, allowing investigators to move around quickly. A rare public reference to this type of technology appeared this summer in the television crime drama "The Closer." In the episode, law-enforcement officers use a gadget they called a "catfish" to track cellphones without a court order. The U.S. armed forces also use stingrays or similar devices, according to public contract notices. Local law enforcement in Minnesota, Arizona, Miami and Durham, N.C., also either possess the devices or have considered buying them, according to interviews and published requests for funding. The sheriff's department in Maricopa County, Ariz., uses the equipment "about on a monthly basis," says Sgt. Jesse Spurgin. "This is for location only. We can't listen in on conversations," he says. Sgt. Spurgin says officers often obtain court orders, but not necessarily search warrants, when using the device. To obtain a search warrant from a court, officers as a rule need to show "probable cause," which is generally defined as a reasonable belief, based on factual evidence, that a crime was committed. Lesser standards apply to other court orders. A spokeswoman with the Bureau of Criminal Apprehension in Minnesota says officers don't need to seek search warrants in that state to use a mobile tracking device because it "does not intercept communication, so no wiretap laws would apply." FBI and Department of Justice officials have also said that investigators don't need search warrants. Associate Deputy Attorney General James A. Baker and FBI General Counsel Valerie E. Caproni both said at a panel at the Brookings Institution in May that devices like these fall into a category of tools called "pen registers," which require a lesser order than a warrant. Pen registers gather signals from phones, such as phone numbers dialed, but don't receive the content of the communications. To get a pen-register order, investigators don't have to show probable cause. The Supreme Court has ruled that use of a pen register doesn't require a search warrant because it doesn't involve interception of conversations. But with cellphones, data sent includes location information, making the situation more complicated because some judges have found that location information is more intrusive than details about phone numbers dialed. Some courts have required a slightly higher standard for location information, but not a warrant, while others have held that a search warrant is necessary. The prosecution in the Rigmaiden case says in court documents that the "decisions are made on a case-by-case basis" by magistrate and district judges. Court records in other cases indicate that decisions are mixed, and cases are only now moving through appellate courts. The FBI advises agents to work with federal prosecutors locally to meet the requirements of their particular district or judge, the FBI's Ms. Sabol says. She also says it is FBI policy to obtain a search warrant if the FBI believes the technology "may provide information on an individual while that person is in a location where he or she would have a reasonable expectation of privacy." Experts say lawmakers and the courts haven't yet settled under what circumstances locating a person or device constitutes a search requiring a warrant. Tracking people when they are home is particularly sensitive because the Fourth Amendment specifies that people have a right to be secure against unreasonable searches in their "houses." "The law is uncertain," says Orin Kerr, a professor at George Washington University Law School and former computer-crime attorney at the Department of Justice. Mr. Kerr, who has argued that warrants should be required for some, but not all, types of location data, says that the legality "should depend on the technology." In the case of Mr. Rigmaiden, the government alleges that as early as 2005, he began filing fraudulent tax returns online. Overall, investigators say, Mr. Rigmaiden electronically filed more than 1,900 fraudulent tax returns as part of a $4 million plot. Federal investigators say they pursued Mr. Rigmaiden "through a virtual labyrinth of twists and turns." Eventually, they say they linked Mr. Rigmaiden to use of a mobile-broadband card, a device that lets a computer connect to the Internet through a cellphone network. Investigators obtained court orders to track the broadband card. Both orders remain sealed, but portions of them have been quoted by the defense and the prosecution. These two documents are central to the clash in the Arizona courtroom. One authorizes a "pen register" and clearly isn't a search warrant. The other document is more complex. The prosecution says it is a type of search warrant and that a finding of probable cause was made. But the defense argues that it can't be a proper search warrant, because among other things it allowed investigators to delete all the tracking data collected, rather than reporting back to the judge. Legal experts who spoke with the Journal say it is difficult to evaluate the order, since it remains sealed. In general, for purposes of the Fourth Amendment, the finding of probable cause is most important in determining whether a search is reasonable because that requirement is specified in the Constitution itself, rather than in legal statutes, says Mr. Kerr. But it is "odd" for a search warrant to allow deletion of evidence before a case goes to trial, says Paul Ohm, a professor at the University of Colorado Law School and a former computer-crime attorney at the Department of Justice. The law governing search warrants specifies how the warrants are to be executed and generally requires information to be returned to the judge. Even if the court finds the government's actions acceptable under the Fourth Amendment, deleting the data is "still something we might not want the FBI doing," Mr. Ohm says. The government says the data from the use of the stingray has been deleted and isn't available to the defendant. In a statement, the FBI told the Journal that "our policy since the 1990s has been to purge or 'expunge' all information obtained during a location operation" when using stingray-type gear. As a general matter, Ms. Sabol says, court orders related to stingray technology "will include a directive to expunge information at the end of the location operation." Ms. Sabol says the FBI follows this policy because its intent isn't to use the data as evidence in court, but rather to simply find the "general location of their subject" in order to start collecting other information that can be used to justify a physical search of the premises. In the Rigmaiden example, investigators used the stingray to narrow down the location of the broadband card. Then they went to the apartment complex's office and learned that one resident had used a false ID and a fake tax return on the renter's application, according to court documents. Based on that evidence, they obtained a search warrant for the apartment. They found the broadband card connected to a computer. Mr. Rigmaiden, who doesn't confirm or deny ownership of the broadband card, is arguing he should be given information about the device and about other aspects of the mission that located him. In the February hearing, Judge Campbell said he might need to weigh the government's claim of privilege against the defendant's Fourth Amendment rights, and asked the prosecution, "How can we litigate in this case whether this technology that was used in this case violates the Fourth Amendment without knowing precisely what it can do?" Write to Jennifer Valentino-DeVries at Jennifer.Valentino-DeVries at wsj.com From rforno at infowarrior.org Fri Sep 23 06:36:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Sep 2011 07:36:11 -0400 Subject: [Infowarrior] - Sens Wyden & Udall To DOJ: Stop Saying Patriot Act Isn't A Secret Law When You Know It Is Message-ID: <468BB9CC-1466-4ABF-BCAD-20991433DCBC@infowarrior.org> Senators Wyden & Udall To DOJ: Stop Saying Patriot Act Isn't A Secret Law When You Know It Is from the will-it-matter? dept http://www.techdirt.com/articles/20110922/03520616050/senators-wyden-udall-to-doj-stop-saying-patriot-act-isnt-secret-law-when-you-know-it-is.shtml Senators Ron Wyden and Mark Udall have been pressing the feds for a while now concerning their secret interpretation of the Patriot Act, which appears to go way, way, way beyond what most in the public believe on simply reading the bill. While the two Senators had put forth an Amendment to explain these secret interpretations when certain provisions of the Patriot Act were up for renewal, they eventually dropped the Amendment in exchange for some other concessions, and a promise that hearings would be held on the issue. Since then, the Senators have continued to press the feds on this issue at every opportunity, leading to quite a lot of doublespeak from the feds. The latest development is that the two Senators have sent a letter to Attorney General Eric Holder, saying that Justice Department representatives are clearly misleading the public about the interpretation of the law. Basically, they say that there's a classified ruling about the interpretation of the law, which some in the government (including Wyden, Udall and Holder) are clearly aware of, but which likely interprets the law vastly differently than most in the public would. And the statements from the Justice Department improperly imply that the details surrounding the law are publicly known -- when they are not. Shorter version: There's a secret court ruling out there that says the government can spy on a ton of people under the Patriot Act, even though the text of the law seems to suggest otherwise. And the Justice Department is implying that the text of the law is an accurate representation of what the law actually is -- when the secret court ruling seems to say otherwise. < - > While we are sure that you would agree that government officials should not describe government authorities in a way that misleads the public, during your tenure Justice Department officials have -- on a number of occasions -- made what we believe are misleading statements pertaining to the government's interpretation of surveillance law. The first set of statements that concern us are the repeated claims by Justice Department officials that the government's authority to obtain business records or other 'tangible things' under section 215 of the USA Patriot Act is analogous to the use of a grand jury subpoena. This comparison -- which we consider highly misleading -- has been made by Justice Department officials on multiple occasions, including in testimony before Congress. As you know, Section 215 authorities are not interpreted the same way that grand jury subpoena authorities are, and we are concerned that when Justice Department officials suggest that the two authorities are "analogous" they provide the public with a false understanding of how surveillance law is interpreted in practice. More recently, we were troubled to learn that a Justice Department spokesman state that "Section 215 [of the Patriot Act] is not a secret law, nor has it been implemented under secret legal opinions by the Justice Department." This statement is also extremely misleading. As the NSA General Counsel testified in July of this year, significant interpretations of section 215 of the Patriot Act are contained in classified opinions of the Foreign Intelligence Surveillance Court and these opinions -- and the legal interpretations they contain -- continue to be kept secret. In our judgment, when the government relies on significant interpretations of public statutes that are kept secret from the American public, the government is effectively relying on secret law. < - > Separately, they note that when the truth comes out, the government is going to be severely embarrassed: < - > Americans will eventually and inevitably come to learn about the gap that currently exists between the public's understanding of government surveillance authorities and the official, classified interpretation of these authorities. We believe the best way to avoid a negative public reaction and an erosion in confidence in US intelligence agencies is to initiate an informed public debate about these authorities today. From rforno at infowarrior.org Sat Sep 24 13:08:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 24 Sep 2011 14:08:29 -0400 Subject: [Infowarrior] - Asthma sufferers take note.... Message-ID: OTC inhalers to be phased out to protect ozone layer Asthma patients will need to switch to prescription-only alternatives by Dec. 31 as part of US efforts to protect environment By MATTHEW PERRONE updated 9/22/2011 12:32:55 PM ET http://today.msnbc.msn.com/id/44627081/ns/today-today_health/t/otc-inhalers-be-phased-out-protect-ozone-layer/# WASHINGTON ? Asthma patients who rely on over-the-counter inhalers will need to switch to prescription-only alternatives as part of the federal government's latest attempt to protect the Earth's atmosphere. The Food and Drug Administration said Thursday patients who use the epinephrine inhalers to treat mild asthma will need to switch by Dec. 31 to other types that do not contain chlorofluorocarbons, an aerosol substance once found in a variety of spray products. The action is part of an agreement signed by the U.S. and other nations to stop using substances that deplete the ozone layer, a region in the atmosphere that helps block harmful ultraviolet rays from the Sun. But the switch to a greener inhaler will cost consumers more. Epinephrine inhalers are available via online retailers for around $20, whereas the alternatives, which contain the drug albuterol, range from $30 to $60. The FDA finalized plans to phase out the products in 2008 and currently only Armstrong Pharmaceutical's Primatene mist is available in the U.S. Other manufacturers have switched to an environmentally-friendly propellant called hydrofluoroalkane. Both types of inhalers offer quick-relief to symptoms like shortness of breath and chest tightness, but the environmentally-friendly inhalers are only available via prescription. "If you rely on an over-the-counter inhaler to relieve your asthma symptoms, it is important that you contact a health care professional to talk about switching to a different medicine to treat your asthma," said Badrul Chowdhury, FDA's director of pulmonary drug division. Chowdhury told reporters and doctors via teleconference that "in the worst case scenario we are looking at 1 to 2 million people using" Primatene, adding that most of those patients likely use multiple medications to treat their asthma. Copyright 2011 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. From rforno at infowarrior.org Sun Sep 25 10:08:53 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Sep 2011 11:08:53 -0400 Subject: [Infowarrior] - Logging out of Facebook is not enough Message-ID: <1A0AF231-46D5-40C8-924A-3F1BDA968490@infowarrior.org> Logging out of Facebook is not enough 25th September 2011 http://nikcub.appspot.com/logging-out-of-facebook-is-not-enough Dave Winer wrote a timely piece this morning about how Facebook is scaring him since the new API allows applications to post status items to your Facebook timeline without a users intervention. It is an extension of Facebook Instant and they call it frictionless sharing. The privacy concern here is that because you no longer have to explicitly opt-in to share an item, you may accidentally share a page or an event that you did not intend others to see. The advice is to log out of Facebook. But logging out of Facebook only de-authorizes your browser from the web application, a number of cookies (including your account number) are still sent along to all requests to facebook.com. Even if you are logged out, Facebook still knows and can track every page you visit. The only solution is to delete every Facebook cookie in your browser, or to use a separate browser for Facebook interactions. < -- > This is not what 'logout' is supposed to mean - Facebook are only altering the state of the cookies instead of removing all of them when a user logs out. From rforno at infowarrior.org Sun Sep 25 10:10:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Sep 2011 11:10:11 -0400 Subject: [Infowarrior] - Non-Disease Virus Kills Breast Cancer Cells In Lab Message-ID: <95E2A54A-344A-46FB-A23B-AE792DC29129@infowarrior.org> Non-Disease Virus Kills Breast Cancer Cells In Lab Article Date: 23 Sep 2011 - 2:00 PDT http://www.medicalnewstoday.com/articles/234882.php A virus that infects humans without causing disease kills breast cancer cells in the laboratory. Researchers from Pennsylvania State University (Penn State) College of Medicine in the US, tested an unaltered form of adeno-associated virus type 2 (AAV2) on three different human breast cancer types representing different stages of cancer and found it targeted all of them. They hope by uncovering the pathways the virus uses to trigger cancer cell death, their work will lead to new targets for anti-cancer drugs. A paper on this work appeared recently in the journal Molecular Cancer. In earlier studies, the team also showed that AAV2 promotes cell death in cervical cancer cells infected with human papillomavirus (HPV). Cells have different ways of dying. When a healthy cell gets damaged, or starts behaving in an abnormal way, this normally triggers production of proteins that cause apoptosis or cell suicide: part of this process also involves switching off proteins that trigger cell division. The problem with cancer cells is that apoptosis fails, and the proteins that regulate cell division and proliferation stay switched on, so abnormal cells continue to multiply and create new abnormal cells and that is how tumors develop. Breast cancer is the most common cancer in the world and the main cause of cancer-related death in women. First author Dr Samina Alam, research associate in microbiology and immunology at Penn State, told the press in a statement released on Thursday that breast cancer is also "complex to treat". Senior investigator Dr Craig Meyers, professor of microbiology and immunology at Penn State, explained why: "Because it has multiple stages, you can't treat all the women the same. Currently, treatment of breast cancer is dependent on multiple factors such as hormone-dependency, invasiveness and metastases, drug resistance and potential toxicities." However, he went on to say that in their study, they showed that "AAV2, as a single entity, targets all different grades of breast cancer". He and his team believe that AAV2 is switching back on the apoptosis pathways that were switched off in the cancer cells. For their study they used lab tissue cultures of cancer cells and found AAV2 killed 100% of them within seven days, with most of the cell death proteins activated on day five. In another experiment, working with cancer cells from an aggressive form of breast cancer, they found the virus took three weeks to kill the cells. Alam said they can see the virus is killing the cells, but exactly how it is doing it remains somewhat of a mystery. "If we can determine which viral genes are being used, we may be able to introduce those genes into a therapeutic. If we can determine which pathways the virus is triggering, we can then screen new drugs that target those pathways. Or we may simply be able to use the virus itself," said Alam. They still need to do more to find out exactly how AAV2 kills the cancer cells and for instance establish which of its proteins trigger the cell death pathways. Although AAV2 does not affect healthy cells, if it were used directly as a treatment, the human immune system would probably target it and expel it from the body. That is why the researchers think a better approach would be to find which pathways it uses and then develop drugs that use them. Meyers has a hunch that it involves the cellular myc gene. This gene is usually linked to cell proliferation, but sometimes myc protein is known to be involved in apoptosis as well. In their paper, he and his co-authors explain how they found increased expression of this gene close to the time of death in the breast cancer cells. The researchers at Penn State have also found that AAV2 can kill cells derived from prostate cancer, methoselioma, squamous cell carcinoma, and melanoma. They have also studied the effect of AAV2 on the most aggressive form of breast cancer in a mouse model; preliminary tests suggest it destroys such tumors in mice, and they will be reporting those findings soon, they said in a statement. Written by Catharine Paddock PhD Copyright: Medical News Today From rforno at infowarrior.org Sun Sep 25 10:18:46 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Sep 2011 11:18:46 -0400 Subject: [Infowarrior] - With 'real-time' apps, Facebook is always watching Message-ID: <6FAF6161-007A-4D1E-A0FC-268F145307D1@infowarrior.org> With 'real-time' apps, Facebook is always watching -------------- next part -------------- A non-text attachment was scrubbed... Name: 1px.gif Type: image/gif Size: 43 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 1px.gif Type: image/gif Size: 43 bytes Desc: not available URL: -------------- next part -------------- A non-text attachment was scrubbed... Name: 1px.gif Type: image/gif Size: 43 bytes Desc: not available URL: -------------- next part -------------- September 23, 2011|By John D. Sutter, CNN http://articles.cnn.com/2011-09-23/tech/tech_social-media_facebook-real-time_1_facebook-friends-netflix-ceo-reed-hastings-zuckerberg-s-law -------------- next part -------------- A non-text attachment was scrubbed... Name: pixel.gif Type: image/gif Size: 43 bytes Desc: not available URL: -------------- next part -------------- Facebook announced a new class of "real-time" apps on Thursday at an event in San Francisco. A couple years ago, a Microsoft researcher named Gordon Bell embarked on a personal experiment: He would wear a video camera around his neck all the time and keep this "life recorder" always turned on, so it would record everything he did. It was like an external memory drive for his brain, he wrote in a book called "Total Recall." Sounds pretty sci-fi, right? Not so much. The "real-time sharing" updates Facebook announced Thursday aim to do something quite similar -- only for the Internet instead of in real life. -------------- next part -------------- A non-text attachment was scrubbed... Name: pixel.gif Type: image/gif Size: 43 bytes Desc: not available URL: -------------- next part -------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: pixel.gif Type: image/gif Size: 43 bytes Desc: not available URL: -------------- next part -------------- Before we get into the details and implications, here's a "real-time" example of how the updates, which are rolling out in the coming weeks, will work: As I write this, I'm listening to the band LCD Soundsystem on an Internet music service called Spotify. Because I've updated my Facebook page (here's a TechCrunch article on how to do that if you're interested) and because I've logged in to Spotify with my Facebook identity, every song I listen to is automatically shared to Facebook. Suddenly, my listening experience isn't private. It's public. All my Facebook friends are watching. And judging. Chances are this will affect people's behavior online. If you're a closet fan of Lady Gaga or Bjork or Enya (I'm all three), then you'll just have to stop listening to those potentially mockable artists -- either that, or all your Facebook friends will be chiming in with comments: "OMG, you're listening to that?!" In the old world of Facebook, I would have to click that I "liked" a song for it to show up on my Facebook profile page. That's something you have to think about: "OK, I really like this song, and I really want all of my friends to know that I'm listening to it right now." Now, sharing is both passive and automatic. It's a choice you make in advance -- one time -- and never again. And so it goes with all kinds of the new "real-time" apps. Since I've logged in to Yahoo! News with Facebook, every time I read an article on that site, it goes to my Timeline. The same is true for Hulu and TV shows. And for the Internet game "Words with Friends." When I play a Scrabble-style word in that game, it will show up on Facebook, along with an image of the current playing board. For Facebook, this is obviously a good thing. The site's goal -- as postulated in "Zuckerberg's Law" -- always has been to get people to share more and more information about themselves. That's bound to happen in this new auto-share era. It's also ostensibly good for makers of Facebook apps. In a presentation in San Francisco on Thursday, Netflix CEO Reed Hastings said he was initially skeptical of the deal, since it would give Facebook so much information about Netflix's customers' preferences for movies and TV shows. He decided it was smart, however, after he used the real-time app integration for himself and decided it was so addictive that it would doubtlessly result in more people watching more videos on Netflix -- a good thing for him, of course. -------------- next part -------------- A non-text attachment was scrubbed... Name: pixel.gif Type: image/gif Size: 43 bytes Desc: not available URL: -------------- next part -------------- -------------- next part -------------- A non-text attachment was scrubbed... Name: pixel.gif Type: image/gif Size: 43 bytes Desc: not available URL: -------------- next part -------------- But the benefits for Facebook users are less clear. Tech bloggers and analysts worry these automatic, real-time updates will kick off a new level of oversharing. If you were sick of hearing about what your aunt had for breakfast and who your co-workers had "friended" on Facebook, wait until you know every single song they've listened to and every single movie they've watched. "It's not hard to imagine Facebook sharing more than doubling after the f8 launches," Liz Gannes wrote at the blog AllThingsD. "Millions of tiny little actions are going to move from implicit to explicit. You can start to see why Facebook enabled its 'ticker' news feed earlier this week (that's the dizzying real-time stream that many users have been complaining about). There's going to be a ton of information flying by." With every one of these "passive" shares, users are teaching Facebook a little more about themselves. That's incredibly valuable to advertisers, who can use that data for target marketing. It's also a potential invasion of privacy, Justin Brookman of the Center for Democracy and Technology writes at The Daily Beast. "Since a one-time click will grant a persistent permission to any app to collect and disclose personal information on your behalf, Facebook will have to make sure its users fully understand the implications of these new apps before roll-out, or risk another round of privacy backlash," he says. Brookman sides with Facebook on the changes, though. "For Facebook, of course, the point is for you to provide them more data about your life, which they can use to serve you ads you'll be more likely to engage with (which makes them more money). But there's potentially real value here too, if people can discover ways to share their music-listening and cooking habits with friends in a perhaps lighter-touch way." Passive sharing isn't a privacy invasion, but it is "killing taste," Farhad Manjoo wrote at Slate. "Why do you share a story, video, or photo? Because you want your friends to see it. And why do you want your friends to see it? Because you think they'll get a kick out of it," he says. "I know this sounds obvious, but it's somehow eluded Zuckerberg that sharing is fundamentally about choosing. You experience a huge number of things every day, but you choose to tell your friends about only a fraction of them, because most of what you do isn't worth mentioning." "The new features may prove controversial," Tom Simonite says. "In some ways they resemble Beacon, a failed project from 2007 in which sites like Amazon automatically posted updates to Facebook when a person bought something. Beacon was canceled after public protests over a lack of privacy controls." We'll see how the public reacts to what Zuckerberg calls "real-time serendipity" when these changes launch in a few weeks. But if these changes stand, and if people do sign up for these new-new Facebook apps with auto-share built in, then all of us may soon have a semi-public record of everything we do online. Just like Bell, the researcher with a camera around his neck. From rforno at infowarrior.org Sun Sep 25 10:22:36 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Sep 2011 11:22:36 -0400 Subject: [Infowarrior] - Low-Latency Network To Connect London And HK Message-ID: <0F83F557-BCB7-4AF5-B81F-3A214E97C980@infowarrior.org> http://www.eweekeurope.co.uk/news/low-latency-network-to-connect-london-and-hong-kong-40545 Low-Latency Network To Connect London And HK A high-speed fibre network between London and Hong Kong could help decrease financial trading times Financial traders and law firms are set to benefit from a new low-latency network between London and Hong Kong, which can conduct data on a round trip from Europe to Asia in around 176 milliseconds. The cable network, run by UK-based trading technology company BSO Network Solutions, has been in place for some time, but previously had to route around large parts of Russia, due to difficulties laying fibre in that country. However, a new lower latency and higher availability ?Transit Mongolia? connection has helped to reduce the time of a round trip by more than 20 milliseconds during the last 12 months. Improvements have also been made at BSO?s Ancotel point-of-presence (POP) in Frankfurt and Mega-I POP in Hong Kong. ?These modifications and improvements to the BSO Network Solutions? Backbone enables us to offer the fastest network from London to Hong Kong,? said Scott Ritchie, Managing Director of BSO Network Solutions, in a statement. New ?Transit Mongolia? connection Ritchie told eWEEK Europe that large sections of the network run through Russia and China, both of which have assets and infrastructure that is either only used for internal projects or is ?protected? (ie. hidden) for historic or security reasons. Recently, however, Western companies have been gaining a better understanding of how existing assets can be used for commercial benefit. ?In this instance the improvements were made through better utilisation of the existing infrastructure through the Western Sector of the cable system through Europe and more significantly we have been able to replace the Trans-Siberian Section by activating capacity on the Transit Mongolia Path,? said Ritchie (pictured). ?This not only improves our latency but also adds further resilience to our Backbone as our former path has not been decommissioned but is being used as further protection to the new Ultra Low Latency long haul route,? he said. The new super-fast connection could allow high frequency traders and professional service specialists such as law firms to gain a competitive advantage by rapidly sending and receiving large volumes of data from Europe to Asia. BSO?s deployment over Ethernet and Virtual Private LAN Services (VPLS) also makes networks more stable and secure, the company claims. According to Ritchie, the media industry could also benefit from low-latency networks, due to the increasing demand for content and digital distribution throughout the production phase. ?Latency is a tool for any network engineer in any industry. It is about the return that a company wants to generate,? said Ritchie. ?As is so often the case, the Traders are the early adopters and they are really starting to reap the benefits, getting access to new markets, new customers and new revenue. ?In today?s economy I believe that getting access to these three things should be every company?s goal,? he added. New transatlantic submarine cable Last week it was annouced that a new transatlantic submarine communications cable would be installed on the Atlantic seabed at a reported cost of $300 million (?189m). The high speed fibre optic cable, known as the Hibernian Express, will eventually stretch to 3,741 miles (6,021km), as seabed survey work begins on the east coast of America. The cable will offer sub 60ms latency, and it will connect financial traders in New York and London. The company behind the project, Hibernia Atlantic, said the cable would initially be lit with 40Gb technology, which could be upgraded to 100Gb technology in the future. ?Demand for low latency routes has grown exponentially over the past several years,? said Bjarni Thorvardarson, CEO of Hibernia Atlantic at the time. ?Project Express will offer the lowest latency from New York to London and provide demanding customers the speed and accuracy they require.? The technology is available to the market now and CommScope said the Amsterdam Internet Exchange is already using it to achieve greater performance. From rforno at infowarrior.org Sun Sep 25 19:50:08 2011 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 25 Sep 2011 20:50:08 -0400 Subject: [Infowarrior] - NYPD chief: Police could take down plane if needed Message-ID: <3C8F3DBD-BC08-403D-843E-582BF3465FBB@infowarrior.org> NYPD chief: Police could take down plane if needed http://hosted.ap.org/dynamic/stories/U/US_NYPD_60_MINUTES?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2011-09-25-19-59-04 NEW YORK (AP) -- The chief of the New York Police Department says city police could take down a plane if necessary. Commissioner Ray Kelly tells CBS' "60 Minutes" that after the Sept. 11 attacks, he decided the city couldn't rely on the federal government alone. He set about creating the NYPD's own counter-terrorism unit. He says the department is prepared for multiple scenarios and could even take down a plane. Kelly didn't divulge details but said "obviously this would be in a very extreme situation." Other measures include sending NYPD officers abroad, using radiation detectors and creating a network of surveillance cameras in Manhattan. The interview airs Sunday evening. It comes two weeks after the tenth anniversary of 9/11, when hijackers flew planes into the World Trade Center and Pentagon. From rforno at infowarrior.org Mon Sep 26 10:50:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Sep 2011 11:50:48 -0400 Subject: [Infowarrior] - DHS truly going insane Message-ID: (via IP) From: Paul S The Dept of Homeland Security has plans to make former Government Hospital for the Insane its new headquarters. This is proof that either: a) Somewhere deep inside the utterly humorless DHS, someone actually has a sense of humor, or b) the DHS bureaucracy is so utterly devoid of humor that the irony utterly escapes them. see: LAT: Homeland Security operating without a home ( http://www.latimes.com/news/nationworld/nation/la-na-homeland-security-hq-20110924,0,4523164.story ) In these tough economic times the DHS has thus unwittingly creating real jobs stimulus -- as this is a full emplloyment act for satirists, journalists and wing-nut conspiracy types... From rforno at infowarrior.org Mon Sep 26 10:51:31 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Sep 2011 11:51:31 -0400 Subject: [Infowarrior] - Aussie researcher cracks OS X Lion passwords Message-ID: <70D5EF08-A2FE-451F-B1E0-16A8BB9CD412@infowarrior.org> (c/o KM) News - Written by Renai LeMay on Monday, September 26, 2011 12:36 - 8 Comments Aussie researcher cracks OS X Lion passwords http://delimiter.com.au/2011/09/26/aussie-researcher-cracks-os-x-lion-passwords/ news An Australian security expert respected for his work testing the defences of Apple software has published a method which appears to allow an attacker to break through the password defences of Cupertino?s latest Max OS X Lion operating system. According to his LinkedIn profile, Patrick Dunstan is currently an information security specialist at the University of Adelaide, although he also works as a guest lecturer at the University of South Australia. Dunstan had previously attracted attention in late 2009 with a blog post explaining how a user who had already gained access to a Mac OS X system could extract a user?s password on that system. In a new blog post this week ? first reported by Secure Computing Magazine last week ? Dunstan published an update to his technique. However, this time around he discovered a startling new fact with respect to Lion?s security protection ? according to the researcher it leaves a crucial step out which could allow remote access to user passwords on the system. In previous versions of Mac OS X, in order to access a users? password, an attacker would need to break into what is referred to in Unix-based operating systems (such as Mac OS X) as a ?shadow? file ? a file which stores critical data but can only be accessed by users with a high privilege ? such as root access. ?So for all modern OS X platforms (Tiger, Leopard, Snow Leopard and Lion) each user has their own shadow file (hash database) whose data is accessible only by the root user ? or at least it should be,? wrote Dunstan in his post. ?It appears in the redesign of OS X Lion?s authentication scheme a critical step has been overlooked. Whilst non-root users are unable to access the shadow files directly, Lion actually provides non-root users the ability to still view password hash data.? This means, according to the researcher, that it might be possible for an attacker to crack a users? Lion password by attacking their system through a Java app hosted online. The attack vector would still require the owner of the computer running Mac OS X to allow the Java app to run ? but it is possible. Dunstan noted that due, no doubt, to Lion?s relatively short time being available for use, he could not find any major cracking software supporting the ability to crack encrypted passwords in the operating system ? but he has published a simple script which allows users to do so. It is not yet clear whether Apple is aware of the issue, but a temporary workaround allows users to secure their system through setting different permissions on a certain file. The news comes as Mac OS X continues to be subject to fewer security attacks than Microsoft Windows. Security researchers have stated in the past that there could be a number of reasons for the appearance of heightened security on the Apple platform, ranging from its Unix basis, which allows a high degree of fine-grained permissions to be used on files and applications, to the relative dominance of Windows in the desktop PC market. However, researchers have also speculated that attacks on Mac OS X could increase in future, along with the platform?s growing popularity and use on mobile devices such as iPhone and iPads. opinion/analysis As this attack would likely require a user to allow an application to run on their system before it could succeed, I would regard it as less dangerous than many other security headaches out there, which would require no support from a user. However, what Dunstan?s blog post demonstrates is that Mac OS X is not inherently safe from security problems. They do exist on the Mac; and I?m sure we?ll see more of them as time goes on; especially aimed at devices such as iPads. From rforno at infowarrior.org Mon Sep 26 11:36:29 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Sep 2011 12:36:29 -0400 Subject: [Infowarrior] - =?windows-1252?q?Brennan_Center_on_=93Curbing_Nee?= =?windows-1252?q?dless_Secrecy=94?= Message-ID: Brennan Center on ?Curbing Needless Secrecy? September 26th, 2011 by Steven Aftergood The Brennan Center for Justice will sponsor a panel discussion October 5 at the National Press Club in Washington DC on overclassification and ?Curbing Needless Secrecy? to accompany the release of a new report on the subject. Participants include former Rep. Christopher Shays, former ISOO director J. William Leonard, former NRO director and chair of the Public Interest Declassification Board Martin C. Faga, and Elizabeth Goitein of the Brennan Center. http://www.fas.org/blog/secrecy/2011/09/brennan_curbing.html From rforno at infowarrior.org Mon Sep 26 11:58:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Sep 2011 12:58:55 -0400 Subject: [Infowarrior] - Senate Lets Copyright Lobby Set Up Shop In Senate Building During PROTECT-IP Debate Message-ID: Senate Lets Copyright Lobby Set Up Shop In Senate Building During PROTECT-IP Debate from the how-about-some-bias-with-your-coffee? dept http://www.techdirt.com/articles/20110923/03004416062/senate-lets-copyright-lobby-set-up-shop-senate-building-during-protect-ip-debate.shtml This is pretty ridiculous. Just as the Senate is debating the PROTECT IP bill, the Copyright Alliance, a lobbying group created and funded by a bunch of the big legacy copyright maximalist companies, apparently got to set up an "educational display" in the Senate Russell Building Rotunda. The Copyright Alliance has no shame about how it's using this "educational display" to influence the vote: < - > The exhibit is an opportunity to showcase for lawmakers and visitors to the U.S. Capitol Complex the importance of copyright to creators across America, by focusing on people behind the lens, sharing stories about the images, and helping viewers understand the investment and commitment made by photographers capturing our nation?s many stories. < - > I'm curious if the Senate allows such other totally biased parties to set up exhibits like that during debate on other bills. How about pharmaceutical lobbyists setting up an "educational" nursing station in the Senate, just to show the "importance" of protecting pharma. And I'm sure the banks would love to set up an "educational" bank vault in the rotunda during Wall Street reform hearings. How could anyone in the Senate see such a biased effort as being okay? From rforno at infowarrior.org Mon Sep 26 18:04:18 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Sep 2011 19:04:18 -0400 Subject: [Infowarrior] - Facebook to form its own PAC Message-ID: Facebook to form its own PAC to back political candidates By Gautham Nagesh - 09/26/11 04:27 PM ET http://thehill.com/blogs/hillicon-valley/technology/183951-facebook-forming-own-pac-to-back-candidates Facebook confirmed it filed paperwork on Monday to start its own political action committee. "FB PAC will give our employees a way to make their voice heard in the political process by supporting candidates who share our goals of promoting the value of innovation to our economy while giving people the power to share and make the world more open and connected," said a spokesman via email. The firm acknowledged the formation of the PAC after reports emerged of Facebook registering the domain names FBPAC.org and FBPAC.us. Creating a PAC is just the latest step in Facebook's continued expansion of its presence in Washington, but this is the first time the firm will back candidates. Facebook is likely looking to avoid the type of Washington scrutiny that has affected other firms like Microsoft and Google, which is currently under a Federal Trade Commission antitrust probe. The perception Google was previously sympathetic towards Democrats hasn't helped with the GOP in charge of the House. Facebook's lobbying spending has totalled $550,000 for fiscal 2011, a significant boost over he $350,000 spent in 2010 and $200,000 in 2009. From rforno at infowarrior.org Mon Sep 26 20:44:11 2011 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Sep 2011 21:44:11 -0400 Subject: [Infowarrior] - Semi OT: Gen. Stanley McChrystal on How to Lead Like a General Message-ID: Gen. Stanley McChrystal on How to Lead Like a General The retired four-star U.S. Army general overhauled communications for troops in Afghanistan. Today, he's a speaker and educator who thinks business leaders have a lot to learn from military management styles. By Christine Lagorio | @lagorio | Sep 26, 2011 http://www.inc.com/articles/201109/general-stanley-mcchrystal-leading-like-a-general.html Gen. Stanley McChrystal is best known as the retired four-star U.S. Army general who served as commander of all U.S. and NATO forces in Afghanistan. He's credited with the death of Abu Musab al-Zarqawi, leader of Al-Qaeda in Iraq, and is known for speaking his mind?both when other military leaders were reluctant to challenge decisions, and in off-the-cuff political remarks to the press. This tendency toward over-communication may have been the beam that buckled, crumbling Gen. McChrystal's career. However, during his military tenure, bolstering in-force communications was arguably one of his greatest achievements. And in recent years, the skill has helped him build another career as an author, public speaker, and educator (that part is counterintuitive, McChrystal joked: "I could have never gotten into Yale; now I'm grading their papers"). McChystal spoke at the Inc. 500 in Washington, D.C., about his leadership style, wide-ranging career, and what leaders in the business world can glean from military management styles. We've broken down the most intruiging lessons the general shared during his speech and an exclusive interview with Inc.com's Christine Lagorio. 1. Let your guard down strategically. When asked why he was photographed not wearing body armor, McChrystal said he generally didn't suit up into armor when on the streets in Afghanistan. "Why I didn't wear it is I would deal with Afghans daily. They wouldn't think, 'He's smart; he's in a helmet and armor.' They would think, 'He's not as brave as I am.'" It was not only a subtle tactic to bridge a culture gap, it was also a way to send his troops a message. "I was asking people to go out and risk their lives," he said. "You can't say one thing and then keep yourself in a hermetically sealed armored bubble." 2. Communication should be your top priority. McChrystal is noted for having spent his commander's discretionary fund not on better guns, but on purchasing bandwidth so that all the nodes of his network could communicate with each other. He worked hard to create teams of teams in order to rival the tribal and social structure of the al Qaeda organization. Maintaining this complicated structure required steady communications between parts of the network in far-flung locations. McChrystal explains his strategy: What I believe is you need to establish processes, you need to establish correct forums?ways that you decide that you're going to communicate?and then you need to make that work. And part of that is the equivilant of a pump or a heart, and if the heart is not pumping information through the body just like it needs, then you have to do CPR. You have ed to force it to work. You have to force that information to flow both ways. Part of that is pumping information out, and part of it is creating an environment that pulls information in. You'll find that things like a cubicle wall or a walk across the street can be as wide as an ocean was 100 years ago. Sometimes it's far more distance than a walk across the street that you're dealing with. "You can't get out there and touch people on the shoulder that much anymore?you have to use digital means," McChrystal says. That said, McChrystal, even at the height of conflict, says he made time to hand-write letters of praise or thanks. "I used to get thank-you notes for my thank-you notes," he says. "I'd find them framed in [the troops' bunk] areas." 3. Watch your communication etiquette. Just communicating isn't enough; tone is extremely important to the message. McChrystal illustrates this by saying you should never respond to an e-mail with a two-letter reply. "What happens is someone writes a very good e-mail. They'll frame a problem and then they'll give background to it, and then they'll make a recommendation," McChrystal says. "They'll send it to their supervisor...and they get back, typically from a BlackBerry or smartphone, 'OK.'" What does that even mean? "I think it can mean that someone is so important that they can only send two letters. I think it means, for me, that I'll never write that person another e-mail. Because I don't know what that e-mail means." While a short e-mail can work between members of a married couple, or very close associates, dynamics at work involving hierarchy are too complex to disregard. "It can give the feel of fending someone off, that stops communications forever. I would never do it," McChrystal says. 4. Use Commander's Intent?especially in times of crisis. The idea of clearly expressing your vision of an end result is know as Commander's Intent. And in a time of strain or uncertainty, McChrystal says it's crucial."This sounds simple, but if you really go into most organizations and ask what winning is going to look like, they have different ideas," McChrystal says. "Once you define winning, you have to define strategy, and it will all roll in the same direction," he says. 5. Own your failings. Following unflattering remarks about Vice President Joe Biden attributed to McChrystal and his aides in a Rolling Stone article, McChrystal offered his resignation to President Barack Obama. McChrystal's reaction today? "I'm absolutely comfortable with it; I have been since that day." When asked about issues in maintatining strong leadership in the face of bad press, McChrystal explained he believes the best thing a leader can do is communicate thoroughly with his or her team, and with the public. "When you do explain, you've got to tell them the truth," he says. "If you do an Enron and you say, 'All's well, I think you should buy stock,' and then you turn around and you're selling stock, then you've got a credibilty gap that communication isn't going to help." 6. Stay fit. You're probably not hiking the mountains of Afghanistan from nine to five, but McChrystal believes that physical fitness should still be a priority for any leader. "It is a sign of, in my opinion, personal self-discipline. If you are willing to do the things that keep you healthy?and they don't have to be athletic, but to keep you healthy?I think that means that you've shown a level of self-discipline that I think translates sometimes into business," he says. And for him, it's not just physical. "I think it keeps me more alert. I know I'm a fairly intense person by nature. I know that if I work out in the morning, I'm a little easier to work with, a little easier for people deal with than I might be otherwise. So people in fact encourage me to go and work out in the mornings for that reason." From rforno at infowarrior.org Tue Sep 27 07:14:26 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Sep 2011 08:14:26 -0400 Subject: [Infowarrior] - Fed Reserve plans massive social media monitoring Message-ID: (The questions raised in the full article are worth discussion...glad someone picked up on these items. -- rick) The Federal Reserve Plans To Identify ?Key Bloggers? And Monitor Billions Of Conversations About The Fed On Facebook, Twitter, Forums And Blogs The Federal Reserve wants to know what you are saying about it. In fact, the Federal Reserve has announced plans to identify "key bloggers" and to monitor "billions of conversations" about the Fed on Facebook, Twitter, forums and blogs. This is yet another sign that the alternative media is having a dramatic impact. As first reported on Zero Hedge, the Federal Reserve Bank of New York has issued a "Request for Proposal" to suppliers who may be interested in participating in the development of a "Sentiment Analysis And Social Media Monitoring Solution". In other words, the Federal Reserve wants to develop a highly sophisticated system that will gather everything that you and I say about the Federal Reserve on the Internet and that will analyze what our feelings about the Fed are. Obviously, any "positive" feelings about the Fed would not be a problem. What they really want to do is to gather information on everyone that views the Federal Reserve negatively. It is unclear how they plan to use this information once they have it, but considering how many alternative media sources have been shut down lately, this is obviously a very troubling sign. You can read this "Request for Proposal" right here. Posted below are some of the key quotes from the document (in bold) with some of my own commentary in between the quotes.... < -- > http://theeconomiccollapseblog.com/archives/the-federal-reserve-plans-to-identify-key-bloggers-and-monitor-billions-of-conversations-about-the-fed-on-facebook-twitter-forums-and-blogs From rforno at infowarrior.org Tue Sep 27 17:11:27 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Sep 2011 18:11:27 -0400 Subject: [Infowarrior] - Stalking the Secret Patriot Act Message-ID: <7D60BE1E-CCAE-49E5-A7C6-B42FE880CAF6@infowarrior.org> (c/o JH) Stalking the Secret Patriot Act Posted by Julian Sanchez http://www.cato-at-liberty.org/stalking-the-secret-patriot-act/ Since this spring?s blink-and-you-missed-it debate over reauthorization of several controversial provisions of the Patriot Act, Senators Ron Wyden (D-OR) and Mark Udall (D-CO) have been complaining to anyone who?d listen about a ?Secret Patriot Act??an interpretation of one of the law?s provisions by the classified Foreign Intelligence Surveillance Court granting surveillance powers exceeding those an ordinary person would understand to be conferred from the text of the statute itself. As I argued at the time, there is an enormous amount of strong circumstantial evidence suggesting that this referred to a ?sensitive collection program? involving cell phone location tracking?potentially on a mass scale?using Patriot?s ?Section 215? or ?business records? authority. Lest anyone think they?d let the issue drop, Wyden and Udall last week released a sharply-worded letter to Attorney General Eric Holder, blasting the Justice Department for misleading the public about the scope of the government?s surveillance authority. The real audience for an open letter of this sort, of course, is not the nominal recipient, but rather the press and the public. Beyond simply reminding us that the issue exists, the letter confirms for the first time that the ?secret law? of which the senators had complained does indeed involve Section 215. But there are some additional intriguing morsels for the attentive surveillance wonk. The letter focuses particularly on ?highly misleading? statements by Justice Department officials analogizing Section 215 powers to grand jury subpoenas. ?As you know,? Wyden and Udall write, ?Section 215 authorities are not interpreted in the same way that grand jury subpoena authorities are, and we are concerned that when Justice Department officials suggest that the two authorities are ?analogous? they provide the public with a false understanding of how surveillance law is interpreted in practice.? Now, this is a little curious on its face. Ever since the original debate over the passage of the Patriot Act, its defenders have tried to claim that a variety of provisions allowing the FBI to more easily obtain sensitive records and documents were no big deal, because grand juries have long enjoyed similarly broad subpoena powers. The comparison has been specious all along: grand juries are an arm of the judicial branch designed (at leas in theory) to serve as a buffer between the power of prosecutors and the citizenry. It exists for the specific purpose of determining whether grounds for a criminal indictment exist, and is granted those broad subpoena powers precisely on the premise that it is not just another executive branch investigative agency. To argue, then, that it would make no difference if the FBI or the police could secretly exercise the same type of authority is to miss the point of how our system of government is meant to work in a pretty stunning way. It?s akin to suggesting that, since juries can sentence people to life in prison, it would be no big deal to give the president or the director of the FBI the same power. That?s not what Wyden and Udall are stressing here, however. Rather, they seem to be suggesting that the scope of the 215 authority itself has been secretly interpreted in a way that goes beyond the scope of the grand jury subpoena power. Now that ought to be striking, because the grand jury?s power to compel the production of documents really is quite broad. Yet, what Wyden and Udall appear to be suggesting is that there is some kind of limit or restriction that does apply to grand jury subpoenas, but has been held by the secret court not to apply to Section 215 orders. One possibility is that the FISC may have seen fit to issue prospective 215 orders, imposing an ongoing obligation on telecommunications companies or other recipients to keep producing records related to a target as they?re created, rather than being limited to records and documents already in existence. But given the quantity of evidence that already suggests the ?Secret Patriot Act? involves location tracking, I find it suggestive that the very short list of specific substantive limits on grand jury subpoena power in the U.S. Attorneys? Manual includes this: < - > It is improper to utilize the grand jury solely as an investigative aid in the search for a fugitive in whose testimony the grand jury has no interest. In re Pedro Archuleta, 432 F. Supp. 583 (S.D.N.Y. 1977); In re Wood, 430 F. Supp. 41 (S.D.N.Y. 1977), aff?d sub nom In re Cueto, 554 F.2d 14 (2d Cir. 1977). ? Since indictments for unlawful flight are rarely sought, it would be improper to routinely use the grand jury in an effort to locate unlawful flight fugitives. < - > As the manual makes clear, the constraints on the power of the grand jury generally are determined by its purpose and function, but locating subjects for the benefit of law enforcement (rather than as a means of securing their testimony before the grand jury) is one of the few things so expressly and specifically excluded. Could this be what Wyden and Udall are obliquely referring to? On a possibly related note, the Director of National Intelligence?s office sent Wyden and Udall a letter back in July rebuffing his request for information about the legal standard governing geolocation tracking by the intelligence community. While refusing to get into specifics, the letter explains that ?there have been a diverse set of rulings concerning the quantum of evidence and the procedures required to obtain such evidence.? Now, a bit of common sense here: it is inconceivable that any judge on the secret court would not permit cell phone geolocation tracking of a target who was the subject of a full-blown FISA electronic surveillance warrant based on probable cause. There would be no ?diversity? if the intelligence agencies were uniformly using only that procedure and that ?quantum of evidence.? This claim only makes sense if the agencies have sought and, under some circumstances, obtained authorization to track cell phones pursuant to some other legal process requiring a lower evidentiary showing. (Again, you would not have ?diversity? if the court had consistently responded to all such requests with: ?No, get a warrant.?) The options here are pretty limited, because the Foreign Intelligence Surveillance Act only provides for a few different kinds of orders to be issued by the FISC. There?s a full electronic surveillance warrant, requiring a probable cause showing that the target is an ?agent of a foreign power.? There?s a warrant for physical search, with the same standard, which doesn?t seem likely to be relevant to geotracking. The only other real options are so-called ?pen register? orders, which are used to obtain realtime communications metadata, and Section 215. Both require only that the information sought be ?relevant? to an ongoing national security investigation. For pen registers, the applicant need only ?certify? that this is the case, which leaves judges with little to do beyond rubber-stamping orders. Section 215 orders require a ?statement of facts showing that there are reasonable grounds? to think the information sought is ?relevant,? but the statute also provides that any records are automatically relevant if they pertain to a suspected ?agent of a foreign power,? or to anyone ?in contact with, or known to? such an agent, or to the ?activities of a suspected agent of a foreign power who is the subject of [an] authorized investigation.? The only way there can logically be ?a diverse set of rulings? about the ?quantum of evidence and the procedures required? to conduct cell phone location tracking is if the secret court has, on at least some occasions, allowed it under one or both of those authorities. Perhaps ironically, then, this terse response is not far short of a confirmation. In criminal investigations, as I noted in a previous post, the Justice Department normally seeks a full warrant in order to do highly accurate, 24-hour realtime location, though it is not clear they believe this is constitutionally required. With a court order for the production of records based on ?specific and articulable facts,? they can get call records generally indicating the location of the nearest cell tower when a call was placed?a much less precise and intrusive form of tracking, but one that is increasingly revealing as providers store more data and install ever more cell towers. For realtime tracking that is less precise, they?ll often seek to bundle a records order with a pen register order, to create a ?hybrid? tracking order. Judges are increasingly concluding that these standards do not adequately protect constitutional privacy interests, but you?d expect a?diverse set of rulings? if the FISC had adopted a roughly parallel set of rules?except, of course, that the standards for the equivalent orders on the intelligence side are a good deal more permissive. The bottom line, though, is that this makes it all but certain the intelligence agencies are secretly tracking people?and potentially large numbers of people?who it does not have probable cause to believe, and may not even suspect, are involved in terrorism or espionage. No wonder Wyden and Udall are concerned. From rforno at infowarrior.org Tue Sep 27 20:27:18 2011 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Sep 2011 21:27:18 -0400 Subject: [Infowarrior] - State Department Employee Faces Firing for Posting WikiLeaks Link Message-ID: <6E491B96-D7BA-4BAC-AE66-020353441F86@infowarrior.org> State Department Employee Faces Firing for Posting WikiLeaks Link ? By Kim Zetter ? September 27, 2011 | ? 7:03 pm | http://www.wired.com/threatlevel/2011/09/gov-employee-faces-firing/ A veteran U.S. State Department foreign service officer says his job is on the line after he posted a link on his blog to a WikiLeaks document. Peter Van Buren, who has worked for the department for 23 years and just published a book that is critical of U.S. reconstruction projects in Iraq, said this week that the State Department had launched an investigation against him earlier this month for disclosing classified information. His crime, he said, was a link he posted on August 25 in a blog post discussing the hypocrisy of recent U.S. actions against Libyan leader Muammar Qadaffi. The link went to a 2009 cable about the sale of U.S. military spare parts to Qadaffi through a Portuguese middleman. We recently recapped the weird history of US-Libyan relations, focusing on how, after years of hating on and bombing Qaddafi, soon after the Iraq war commenced we suddenly decided we liked him. The US opened diplomatic relations in 2009 and had all sorts of warm feelings for the once-pariah state. Then somehow in 2011 he started hating on and bombing Qaddafi again. New cables, on Wikileaks, now give us a hint at how cozy the US-Libyan relationship (briefly) was. To start, Libya needed lots of spare parts for its military after years of embargoes. The US was happy to assist. An unclassified cable from 2009 outlined that the US sold ?Miscellaneous parts, components, accessories, and attachments for the L100 aircraft and T56 engines belonging to the Libyan Air Force,? conveniently through a Portuguese middleman. Wonder if any of those refitted aircraft played any part in the recent unpleasantness in Libya? The cable asked Embassy Lisbon and Embassy Tripoli to check up on these exports, as they had (duh) military usage and cordially concludes ?Department is grateful for Post?s assistance in this matter.? Van Buren wrote in a post published on Tuesday, the same day his new book, We Meant Well: How I Helped Lose the Battle for the Hearts and Minds of the Iraqi People is being released, that he was interrogated by State Department officials twice this month. Van Buren said he was under investigation for allegedly disclosing classified information ? even though he had merely linked to documents that were already widely available on the internet. The cable was just one in a cache of more than 250,000 State Department cables that WikiLeaks allegedly obtained from former Army intelligence analyst Bradley Manning last year and has been posting piecemeal online with media partners in the U.S. and Europe since last November. ?In other words, a link to a document posted by who-knows-who on a public website available at this moment to anyone in the world was the legal equivalent of me stealing a Top Secret report, hiding it under my coat, and passing it to a Chinese spy in a dark alley,? Van Buren wrote this week. The State Department investigators, he said, demanded to know who had helped him with his blog and told him that every blog post, Facebook post, and tweet by State Department employees had to be pre-cleared by the Department prior to publication. They also drilled him about the details of his publishing contract ? including how much he had been paid ? and told him that his refusal to answer questions would lead to his firing. And they warned him against writing about their interrogation, saying he could be charged with interfering with a government investigation if he did so. Van Buren said the Principal Deputy Secretary of State subsequently wrote his publisher demanding small national security redactions from his book, which had already shipped to bookstores. Among the cuts requested was a vignette that he said was based on a scene from the movie Black Hawk Down. Van Buren linked to the cable after WikiLeaks abruptly opened the spigot on its cache of cables in August, spewing out more than 130,000 over a few days after a news story in a German news weekly revealed that the entire database of cables had already been inadvertently leaked online by WikiLeaks supporters, along with the password to unlock the file. ?The State Department and its Bureau of Diplomatic Security never took responsibility for their part in the loss of all those cables, never acknowledged their own mistakes or porous security measures,? Van Buren wrote this week. ?No one will ever be fired at State because of WikiLeaks?except, at some point, possibly me.? Van Buren said his real crime appeared to be speaking critically about U.S. policies in the Middle East. ?The advantage of all this? It gets rid of a ?troublemaker,? and the Bureau of Diplomatic Security people can claim that they are ?doing something? about the WikiLeaks drip that continues even while they fiddle,? he wrote. ?Of course, it also chills free speech, sending a message to other employees about the price of speaking plainly.? The State Department did not respond to a request for comment. From rforno at infowarrior.org Wed Sep 28 05:37:09 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Sep 2011 06:37:09 -0400 Subject: [Infowarrior] - =?windows-1252?q?Even_Those_Cleared_of_Crimes_Can?= =?windows-1252?q?_Stay_on_F=2EB=2EI=2E=92s_Watch_List?= Message-ID: (The same old issues remain when trying to disprove a negative when the facts and rationale behind the creation of such facts remains hidden in a 'democracy.' And once again the "just trust us" philosophy is at work in defending this situation to the citizenry. Anyone who says the terrorists aren't winning our little war with them is sorely misinformed. -- rick) September 27, 2011 Even Those Cleared of Crimes Can Stay on F.B.I.?s Watch List By CHARLIE SAVAGE http://www.nytimes.com/2011/09/28/us/even-those-cleared-of-crimes-can-stay-on-fbis-terrorist-watch-list.html?_r=1&pagewanted=print WASHINGTON ? The Federal Bureau of Investigation is permitted to include people on the government?s terrorist watch list even if they have been acquitted of terrorism-related offenses or the charges are dropped, according to newly released documents. The files, released by the F.B.I. under the Freedom of Information Act, disclose how the police are instructed to react if they encounter a person on the list. They lay out, for the first time in public view, the legal standard that national security officials must meet in order to add a name to the list. And they shed new light on how names are vetted for possible removal from the list. Inclusion on the watch list can keep terrorism suspects off planes, block noncitizens from entering the country and subject people to delays and greater scrutiny at airports, border crossings and traffic stops. The database now has about 420,000 names, including about 8,000 Americans, according to the statistics released in connection with the 10th anniversary of the Sept. 11 attacks. About 16,000 people, including about 500 Americans, are barred from flying. Timothy J. Healy, the director of the F.B.I.?s Terrorist Screening Center, which vets requests to add or remove names from the list, said the documents showed that the government was balancing civil liberties with a careful, multilayered process for vetting who goes on it ? and for making sure that names that no longer need to be on it came off. ?There has been a lot of criticism about the watch list,? claiming that it is ?haphazard,? he said. ?But what this illustrates is that there is a very detailed process that the F.B.I. follows in terms of nominations of watch-listed people.? Still, some of the procedures drew fire from civil liberties advocates, including the Electronic Privacy Information Center, which made the original request and provided the documents to The New York Times. The 91 pages of newly disclosed files include a December 2010 guidance memorandum to F.B.I. field offices showing that even a not-guilty verdict may not always be enough to get someone off the list, if agents maintain they still have ?reasonable suspicion? that the person might have ties to terrorism. ?If an individual is acquitted or charges are dismissed for a crime related to terrorism, the individual must still meet the reasonable suspicion standard in order to remain on, or be subsequently nominated to, the terrorist watch list,? the once-classified memorandum says. Ginger McCall, a counsel at the Electronic Privacy Information Center, said: ?In the United States, you are supposed to be assumed innocent. But on the watch list, you may be assumed guilty, even after the court dismisses your case.? But Stewart Baker, a former Homeland Security official in the Bush administration, argued that even if the intelligence about someone?s possible terrorism ties fell short of the courtroom standard of ?beyond a reasonable doubt,? it could still be appropriate to keep the person on the watch list as having attracted suspicion. Mr. Baker noted that being subjected to extra questioning ? or even kept off flights ? was different than going to prison. The guidance memo to F.B.I. field offices says someone may be deemed a ?known or suspected terrorist? if officials have ?particularized derogatory information? to support their suspicions. That standard may be met by an allegation that the suspect has terrorism ties if the claim is corroborated by at least one other source, it said, but ?mere guesses or ?hunches? are not enough.? Normally, it says, if agents close the investigation without charges, they should remove the subject?s name ? as they should also normally do in the case of an acquittal. But for exceptions, the F.B.I. maintains a special file for people whose names it is keeping in the database because it has decided they pose a national security risk even they are not the subject any active investigation. The F.B.I.?s Terrorist Screening Center shares the data with other federal agencies for screening aircraft passengers, people who are crossing the border and people who apply for visas. The data is also used by local police officers to check names during traffic stops. The December memorandum lays out procedures for police officers to follow when they encounter people who are listed. For example, officers are never to tell the suspects that they might be on the watch list, and they must immediately call the federal government for instructions. In addition, it says, police officers and border agents are to treat suspects differently based on which ?handling codes? are in the system. Some people, with outstanding warrants, are to be arrested; others are to be questioned while officers check with the Department of Homeland Security to see whether it has or will issue a ?detainer? request; and others should be allowed to proceed without delay. The documents show that the F.B.I. is developing a system to automatically notify regional ?fusion centers,? where law enforcement agencies share information, if officers nearby have encountered someone on the list. The bureau also requires F.B.I. supervisors to sign off before an advisory would warn the police that a subject is ?armed and dangerous? or has ?violent tendencies.? The F.B.I. procedures encourage agents to renominate suspects for the watch list even if they were already put on it by another agency ? meaning multiple agencies would have to be involved in any attempt to later remove that person. The procedures offer no way for people who are on the watch list to be notified of that fact or given an opportunity to see and challenge the specific allegations against them. Chris Calabrese, a counsel with the American Civil Liberties Union, called the watch list system a ?Star Chamber? ? ?a secret determination, that you have no input into, that you are a terrorist. Once that determination is made, it can ripple through your entire life and you have no way to challenge it.? But Mr. Healy said the government could not reveal who was on the list, or why, because that would risk revealing intelligence sources. He also defended the idea of the watch list, saying the government would be blamed if, after a terrorist attack, it turned out the perpetrator had attracted the suspicions of one agency but it had not warned other agencies to scrutinize the person. Mr. Healy also suggested that fears of the watch list were exaggerated, in part because there are many other reasons that people are subjected to extra screening at airports. He said more than 200,000 people have complained to the Department of Homeland Security about their belief that they were wrongly on the list, but fewer than 1 percent of them were actually on it. From rforno at infowarrior.org Wed Sep 28 06:04:15 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Sep 2011 07:04:15 -0400 Subject: [Infowarrior] - Princeton bans academics from handing all copyright to journal publishers Message-ID: <90D1812C-331C-4EBB-A579-5263642EA6AB@infowarrior.org> 28 September 2011, 1.25pm AEST Princeton bans academics from handing all copyright to journal publishers http://theconversation.edu.au/princeton-bans-academics-from-handing-all-copyright-to-journal-publishers-3596 Prestigious US academic institution Princeton University has banned researchers from giving the copyright of scholarly articles to journal publishers, except in certain cases where a waiver may be granted. The new rule is part of an Open Access policy aimed at broadening the reach of their scholarly work and encouraging publishers to adjust standard contracts that commonly require exclusive copyright as a condition of publication. Universities pay millions of dollars a year for academic journal subscriptions. People without subscriptions, which can cost up to $25,000 a year for some journals or hundreds of dollars for a single issue, are often prevented from reading taxpayer funded research. Individual articles are also commonly locked behind pay walls. Researchers and peer reviewers are not paid for their work but academic publishers have said such a business model is required to maintain quality. At a September 19 meeting, Princeton?s Faculty Advisory Committee on Policy adopted a new open access policy that gives the university the ?nonexclusive right to make available copies of scholarly articles written by its faculty, unless a professor specifically requests a waiver for particular articles.? ?The University authorizes professors to post copies of their articles on their own web sites or on University web sites, or in other not-for-a-fee venues,? the policy said. ?The main effect of this new policy is to prevent them from giving away all their rights when they publish in a journal.? Under the policy, academic staff will grant to The Trustees of Princeton University ?a nonexclusive, irrevocable, worldwide license to exercise any and all copyrights in his or her scholarly articles published in any medium, whether now known or later invented, provided the articles are not sold by the University for a profit, and to authorise others to do the same.? In cases where the journal refuses to publish their article without the academic handing all copyright to the publisher, the academic can seek a waiver from the open access policy from the University. The policy authors acknowledged that this may make the rule toothless in practice but said open access policies can be used ?to lean on the journals to adjust their standard contracts so that waivers are not required, or with a limited waiver that simply delays open access for a few months.? Academics will also be encouraged to place their work in open access data stores such as Arxiv or campus-run data repositories. A step forward Having prestigious universities such as Princeton and Harvard fly the open access flag represented a step forward, said open access advocate Professor Simon Marginson from the University of Melbourne?s Centre for the Study of Higher Education. ?The achievement of free knowledge flows, and installation of open access publishing on the web as the primary form of publishing rather than oligopolistic journal publishing subject to price barriers, now depends on whether this movement spreads further among the peak research and scholarly institutions,? he said. ?Essentially, this approach ? if it becomes general ? normalises an open access regime and offers authors the option of opting out of that regime. This is a large improvement on the present position whereby copyright restrictions and price barriers are normal and authors have to attempt to opt in to open access publishing, or risk prosecution by posting their work in breach of copyright.? ?The only interests that lose out under the Princeton proposal are the big journal publishers. Everyone else gains.? Professor Tom Cochrane, Deputy Vice-Chancellor Technology, Information and Learning Support at the Queensland University of Technology, who has also led an Open Access policy mandate at QUT welcomed Princeton?s new rule but warned that the waiver must not be used too regularly, lest the policy be undermined. If all universities and research institutions globally had policies similar to Princeton?s, the ultimate owner of published academic work would be universities and their research communities collectively, Professor Cochrane said. ?They are the source of all the content that publishers absolutely require to run their business model,? he said. Dr Danny Kingsley, an open access expert and Manager of Scholarly Communication and ePublishing at Australian National University said the move was a positive step and that the push for open access should come from the academic community. In practice, however, the new policy requires staff have a good understanding of the copyright arrangements they currently have with journal publishers in their field. They will need to ensure future publisher?s agreements accommodate the new position and if not, obtain a waiver from the University. ?This sounds easy but in reality might be a challenge for some academics. There is considerable evidence to show that academics often have very little understanding of the copyright situation of their published work,? she said. ?What will be most telling will be the publishers' response over the next year or so. If they start providing amended agreements to Princeton academics then the door will be open for other universities to follow this lead. I suspect however they will not, as generally the trend seems for publishers to make the open access path a complex and difficult one.? From rforno at infowarrior.org Wed Sep 28 11:00:48 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Sep 2011 12:00:48 -0400 Subject: [Infowarrior] - DOJ Guide to How Much Data Phone Companies Keep Message-ID: <28574A96-F4FF-438D-B1D8-E404E2D45CA8@infowarrior.org> A Justice Department Guide to How Much Data Phone Companies Keep Adam Martin http://old.news.yahoo.com/s/atlantic/20110928/tc_atlantic/justicedepartmentguidehowmuchdataphonecompanieskeep43059/print For those who want to keep their digital correspondence a secret from the feds, or anyone else who may be watching, a document prepared by the U.S. Department of Justice in August and pointed out by Wired's Threat Level today is crucial reading. The document, dated August 2010, has been floating around the web for some time (you can find PDF's of it here and here) and details how long cellular service providers store information on users's correspondence, web behavior, and bill payment. Depending on which of those areas are most important to keep private, the results are a mixed bag, as Wired's David Kravets explains: Verizon, for example, keeps a list of everyone you?ve exchanged text messages with for the past year, according to the document. But T-Mobile stores the same data up to five years. It?s 18 months for Sprint, and seven years for AT&T. That makes Verizon appear to have the most privacy-friendly policy. Except that Verizon is alone in retaining the actual contents of text messages. It allegedly stores the messages for five days, while T-Mobile, AT&T, and Sprint don?t store them at all. For those concerned with companies tracking their movements via cell site, however, Verizon does seem to be the best option. "Verizon keeps that data on a one-year rolling basis; T-Mobile for 'a year or more;' Sprint up to two years, and AT&T indefinitely, from July 2008." Which means that time you called in sick to go to Atlantic City two years ago could still be hanging around in AT&T's records, should your boss have the subpoena power to ask for it. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 28 13:05:20 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Sep 2011 14:05:20 -0400 Subject: [Infowarrior] - NSA Sponsors $84K in student scholarships for MDC3 Message-ID: <2D0C83E6-24E5-47AD-B179-BCBFE4F413DC@infowarrior.org> Disclosure: I am co-chair of the event and also overseeing the Challenge. Full information about the Maryland Cyber Challenge & Conference can be found at www.mdc3.org. The conference agenda (in its almost-final form) can be found at http://mdc3.org/files/MDC3Schedule_9.21.11.pdf. --- rick < -- > National Security Agency to Award $84,000 in Scholarships to Student Winners of the 2011 Maryland Cyber Challenge College and high school teams will compete for top honors on October 22 at the Baltimore Convention Center Baltimore, Md. ? September 28, 2011 ? The National Security Agency (NSA) will fund college scholarships for the high school and college student winners of the Maryland Cyber Challenge & Conference (MDC3) ? a move to encourage young Marylanders to pursue degrees in science, technology, engineering and mathematics (STEM). ?We have an obligation to get the country?s youth more interested in math and science and to understand the importance of cyber security to ensure a larger and more diverse hiring pool in this field for the good of the country,? said John ?Chris? Inglis, Deputy Director, NSA. ?We are pleased to be able to support the education of the talented young Americans competing in the Maryland Cyber Challenge.? Each first-place winner of the high school and college team competitions will receive a $5,000 scholarship, and each member of the second-place high school and college teams will receive a $2,000 scholarship to support their higher education. ?Of necessity, cybersecurity professionals are discreet about their work. This event enables us to promote the industry and to excite young Marylanders about defending our nation?s cyber systems,? said Freeman A. Hrabowski, III, president of the University of Maryland, Baltimore County. ?We?re delighted NSA has joined us in this effort and that the agency is committed to cultivating new talent and supporting the robust cyber industry in Maryland.? MDC3 was created by the University of Maryland, Baltimore County (UMBC) and Science Applications International Corporation (SAIC) [NYSE: SAI], in partnership with the Department of Business & Economic Development (DBED), the Tech Council of Maryland (TCM) and the National Cyber Security Alliance (NCSA). MDC3 is leveraging federal, state and private sector resources to effectively address a critical area of national need. ?Cybersecurity is a challenge that affects every single industry in our nation?s economy, and we have a strong need to increase the young talent within this field,? said Larry Cox, SAIC senior vice president and business unit general manager. ?We applaud NSA for this significant investment in the future of our national security by creating more educational opportunity for Maryland?s brightest and most-talented future cybersecurity professionals.? About the Maryland Cyber Challenge & Conference (MDC3) The inaugural Maryland Cyber Challenge & Conference (MDC3) will be held October 21-22 at the Baltimore Convention Center. The event will give teams of high school students, college and university students, and professionals the opportunity to learn more about cybersecurity and develop practical skills for defending computers while competing for scholarships in a fun environment. The conference will feature keynote speakers, breakout sessions and cyber innovation exhibits for an audience of students, parents and professionals from academia, industry and government. Sponsorship and exhibitor opportunities are both available. MDC3 was founded by Science Applications International Corporation (SAIC) [NYSE: SAI] and the University of Maryland, Baltimore County (UMBC) in partnership with the Department of Business & Economic Development (DBED), the Tech Council of Maryland (TCM) and the National Cyber Security Alliance (NCSA) with the goal of encouraging Maryland students and young professionals to pursue education and careers in cybersecurity. MDC3 supports the State of Maryland?s initiative to become the nation?s epicenter for innovation in cybersecurity. For more information, please visit www.MDC3.org. # # # From rforno at infowarrior.org Wed Sep 28 14:03:08 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Sep 2011 15:03:08 -0400 Subject: [Infowarrior] - more on....DOJ Guide to How Much Data Phone Companies Keep References: <20110928184841.GF20294@reznor.com> Message-ID: (c/o AJR) Begin forwarded message: > Date: September 28, 2011 2:48:41 PM EDT > Subject: Re: [Infowarrior] - DOJ Guide to How Much Data Phone Companies Keep > > This is old, VZW may have changed their policy, but read the dates of texts in the Jackson case: > > http://www.zdnet.com/news/police-blotter-verizon-forced-to-turn-over-text-messages/178942 > "The messages actually produced cover the following dates (all in 2007): June 6, June 12-14, June 17, June 19, July 3-4, and > October 23-31." > > That's way more than the 'days' claimed for VZW here. > > > From 2004 (linked above) : > http://www.sptimes.com/2004/06/21/Technology/Think_before_you_text.shtml > AT&T Wireless spokesman Mark Siegel said the company co-operates with law enforcement officials for investigations but > refused to discuss its policies on storing text messages. > > The company's Web site said messages not immediately delivered are held for 72 hours for more delivery attempts, then > deleted. How messages in the Bryant case would be available four months later isn't known; most likely they were retrieved > from an archival storage system. > > "It's just a common practice," said Kagan, the telecoms analyst. "I don't know an instance where they delete them." > > Later, it reads: > > Verizon Wireless spokeswoman Jenny Weaver and Sprint PCS spokesman Dave Mellin said text messages are not stored anywhere > after delivery. > > 2004 VZW doesn't store any, in 2007 they go back many months at least, today it's a matter of mere days? Not making a lot of > sense here. And, again, the texts in the Bryant case were retrieved by ATT more than four months later. Wha?! > > > An interesting side-read from LEO perspective: > http://cops2point0.com/2011/07/why-how-add-mapping-your-cell-phone-evidence/ > > That's July this year, the VZW value is still 'days' but a few higher. Also includes that MetroPCS, a more regional carrier, > stores SMS for 60 days. Worth noting. > > > Also in digging around for the above (side data to what I was trying to locate but couldn't) I came across this : > http://www.gomycell.com/ > > Requires installation for both parties; sends encrypted sms, allows for remote delete of data you've sent, etc. Interesting > if it works. I'd like to see an in-depth code review to ensure good keys are generated, no escrow, etc. > > From rforno at infowarrior.org Wed Sep 28 16:19:49 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Sep 2011 17:19:49 -0400 Subject: [Infowarrior] - Hurt Locker File Sharing Lawsuit Lists Hockey Stadium IP Address Message-ID: (I'm reminded of how the Blues Brothers listed Wrigley Field as their home address on their DMV records. Life imitating art? -- rick) Hurt Locker File Sharing Lawsuit Lists Hockey Stadium IP Address from the those-canadians-and-their-hockey dept http://www.techdirt.com/articles/20110928/02302616122/hurt-locker-file-sharing-lawsuit-lists-hockey-stadium-ip-address.shtml It's a bit of a stereotype that Canadians love their hockey. But do they love it so much that they file share while attending hockey games? Recently, the movie studio Voltage Pictures decided to extend its braindead, shortsighted, shakedown of those it accuses (on weak evidence) of file sharing its movie, The Hurt Locker, to Canada. Voltage hired a law firm to go to court and identify who was behind 29 IP addresses. Of course, some individuals did a little investigating on the IP addresses and, as noted by Michael Geist, have apparently fingered one of the culprits: the Bell Centre in Montreal, better known as the home of the Montreal Canadiens hockey team. I'm guessing Voltage will just drop that IP address from the lawsuit, but it's another reminder that an IP address is not very useful evidence, in some cases. And, of course, anyone involved with the lawsuit could have checked the IP address themselves and realized what it resolved to -- providing yet more evidence that the folks filing these lawsuits aren't particularly clued in on the technology they're suing over. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Sep 28 20:52:55 2011 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Sep 2011 21:52:55 -0400 Subject: [Infowarrior] - Firefox devs mull dumping Java to stop BEAST attacks Message-ID: <2DF918D6-5C52-486B-8CBC-E6EAE91217FE@infowarrior.org> Firefox devs mull dumping Java to stop BEAST attacks http://www.theregister.co.uk/2011/09/29/firefox_killing_java/ By Dan Goodin in San Francisco ? Get more from this author Posted in Enterprise Security, 29th September 2011 01:02 GMT Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework. The move, which would prevent Firefox from working with scores of popular websites and crucial enterprise tools, is one way to thwart a recently unveiled attack that decrypts traffic protected by SSL, the cryptographic protocol that millions of websites use to safeguard social security numbers and other sensitive data. In a demonstration last Friday, it took less than two minutes for researchers Thai Duong and Juliano Rizzo to wield the exploit to recover an encrypted authentication cookie used to access a PayPal user account. Short for Browser Exploit Against SSL/TLS, BEAST injects JavaScript into an SSL session to recover secret information that's transmitted repeatedly in a predictable location in the data stream. For Friday's implementation of BEAST to work, Duong and Rizzo had to subvert a safety mechanism built into the web known as the same-origin policy, which dictates that data set by one internet domain can't be read or modified by a different address. The researchers settled on a Java applet as their means to bypass SOP, leading Firefox developers to discuss blocking the framework in a future version of the browser. ?I recommend that we blocklist all versions of the Java Plugin,? Firefox developer Brian Smith wrote on Tuesday in a discussion on Mozilla's online bug forum. ?My understanding is that Oracle may or may not be aware of the details of the same-origin exploit. As of now, we have no ETA for a fix for the Java plugin.? About four hours later, fellow developer Justin Scott updated the thread, writing: ?In the interest of keeping this bug updated with the latest status, this morning I asked Johnath for some help in understanding the balance between the horrible user experience this would cause and the severity/prevalence of the security issue and am waiting to hear back. We also discussed this in the Products team meeting today and definitely need better understanding of that before putting the block in place.? On Wednesday morning, Johnath, the alias for Firefox Director of Engineering Johnathan Nightingale, weighed in: ?Yeah - this is a hard call. Killing Java means disabling user functionality like facebook video chat, as well as various java-based corporate apps (I feel like Citrix uses Java, for instance?)? He went on to say that Firefox already has a mechanism for ?soft-blocking? Java that allows users to re-enable the plugin from the browser's addons manager or in response to a dialogue box that appears in certain cases. ?Click to play or domain-specific whitelisting will provide some measure of benefit, but I suspect that enough users will whitelist, e.g., facebook that even with those mechanisms (which don't currently exist!) in place, we'd have a lot of users potentially exposed to java weaknesses.? The Draconian move under consideration is in stark contrast to the approach developers of Google's Chrome browser have taken. Last week, they updated the developer and beta versions of Chrome to split certain messages into fragments to reduce the attacker's control over the plaintext about to be encrypted. By adding unexpected randomness to the encryption process, the new behavior in Chrome is intended to throw BEAST off the scent of the decryption process by feeding it confusing information. The update has created incompatibilities between Chrome and at least some websites, as this Chromium bug report shows. Google has yet to push out the update to the vast majority of Chrome users who rely on the stable version of the browser. Microsoft, meanwhile, has recommended that users apply several workaround fixes while it develops a permanent patch. The company hasn't outlined the approach it plans to take. The prospect of Firefox no longer working with Java could cause a variety of serious problems for users, particularly those in large corporations and government organizations that rely on the framework to make their browsers work with virtual private networks, intranet tools, and web-conferencing applications such as Cisco Systems' WebEx. Presumably, Java would be killed by adding it to the Mozilla Blocklisting Policy. ?Whatever decision we make here, I really hope Oracle gets an update of their own out,? Nightingale wrote. ?It's the only way to keep their users affirmatively safe.? ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Sep 29 06:17:26 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Sep 2011 07:17:26 -0400 Subject: [Infowarrior] - Ranum on Cyberwar (series) Message-ID: <72490E58-3279-4170-A474-946786F15B10@infowarrior.org> 2 September 2011 Cyberwar: a Whole New Quagmire. Part 1: The Pentagon Cyberstrategy http://fabiusmaximus.wordpress.com/2011/09/02/28486/ 11 September 2011 Cyberwar: a Whole New Quagmire. Part 2: ?Do as I say, not as I do? shall be the whole of the law. http://fabiusmaximus.wordpress.com/2011/09/11/28842/ 14 September 2011 Cyberwar: a Whole New Quagmire. Part 3: Conflating Threats http://fabiusmaximus.wordpress.com/2011/09/14/28778/ 29 September 2011 Cyberwar: a Whole New Quagmire. Part 4: About Stuxnet?, the next generation of warfare? http://fabiusmaximus.wordpress.com/2011/09/29/29291/ From rforno at infowarrior.org Thu Sep 29 06:55:33 2011 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Sep 2011 07:55:33 -0400 Subject: [Infowarrior] - Pilot almost rolls an ANA 737 Message-ID: <023AF767-9D00-4BB1-B1DC-D15C8359576F@infowarrior.org> [September 28, 2011] ANA plane flew almost belly-up after copilot error http://callcenterinfo.tmcnet.com/news/2011/09/28/5811150.htm (Japan Economic Newswire Via Acquire Media NewsEdge) TOKYO, Sept. 28 -- (Kyodo) _ An All Nippon Airways airplane briefly flew almost belly-up when it nosedived off Shizuoka Prefecture en route to Tokyo early this month, the Japan Transport Safety Board said Wednesday. Flight 140 from Naha to Haneda, with 117 crew and passengers on board, managed to land at the Tokyo airport despite dropping about 1,900 meters from a height of about 12,500 meters in 30 seconds. Two flight attendants were slightly hurt, while four passengers later complained of ill-health. The safety board's head, Norihiro Goto, told a news conference that data on the Boeing 737-700's digital flight recorder showed that in the incident which occurred at 10:50 p.m. Sept. 6, the twin-engine jet rolled to the left and descended after slightly rolling to the right when a copilot mistakenly operated the rudder trim knob in the cockpit. The narrow-body aircraft continued to roll until it reached 131.7 degrees to the left, leaving it almost belly-up, according to the board. Its nose pointed down as much as 35 degrees at one point. "The centrifugal force (exerted by the maneuver) may have helped lessen the impact on the passengers," Goto said. Following the revelation that the airplane had flown almost belly-up, ANA Senior Executive Vice President Shin Nagase said at a separate news conference, "We deeply apologize for causing tremendous trouble and anxiety to our passengers." The unintended maneuver was caused when the copilot, in trying to unlock the cockpit door for the captain who was returning from a rest room in the cabin, mistook the rudder trim knob for the cockpit door lock switch nearby. The incident occurred while the aircraft was flying over the Pacific about 40 kilometers south of Hamamatsu. The transport safety board is investigating the incident. (c) 2011 Kyodo News International, Inc. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Sep 30 08:15:54 2011 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Sep 2011 09:15:54 -0400 Subject: [Infowarrior] - Bill Introduced To Let Robots Call Your Cellphone Message-ID: <16C80FCE-5223-49B7-91A9-4E934B7F0E27@infowarrior.org> Bill Introduced To Let Robots Call Your Cellphone By Ben Popken on September 29, 2011 3:00 PM Since '91, it's been illegal for telemarketers to use autodialers and other robot-like devices to call your cellphone. Last week, a bill was introduced to change that. While in the past email hoaxes have gone around saying that your cellphone could be opened up to telemarketers, HR 3035 seeks to let businesses contact your cellphone "for informational purposes." Here is the text of the bill: < -- > http://consumerist.com/2011/09/bill-introduced-to-let-robots-call-your-cellphone.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.