From rforno at infowarrior.org Sun Apr 1 10:21:39 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Apr 2012 11:21:39 -0400 Subject: [Infowarrior] - UK: Email and web use 'to be monitored' under new laws Message-ID: 1 April 2012 Last updated at 09:24 ET Email and web use 'to be monitored' under new laws http://www.bbc.co.uk/news/uk-politics-17576745?print=true The government will be able to monitor the calls, emails, texts and website visits of everyone in the UK under new legislation set to be announced soon. Internet firms will be required to give intelligence agency GCHQ access to communications on demand, in real time. The Home Office says the move is key to tackling crime and terrorism, but civil liberties groups have criticised it. Tory MP David Davis called it "an unnecessary extension of the ability of the state to snoop on ordinary people". Attempts by the last Labour government to take similar steps failed after huge opposition, including from the Tories. 'Unprecedented step' A new law - which may be announced in the forthcoming Queen's Speech in May - would not allow GCHQ to access the content of emails, calls or messages without a warrant. But it would enable intelligence officers to identify who an individual or group is in contact with, how often and for how long. They would also be able to see which websites someone had visited. In a statement, the Home Office said action was needed to "maintain the continued availability of communications data as technology changes". "It is vital that police and security services are able to obtain communications data in certain circumstances to investigate serious crime and terrorism and to protect the public," a spokesman said. "As set out in the Strategic Defence and Security Review we will legislate as soon as parliamentary time allows to ensure that the use of communications data is compatible with the government's approach to civil liberties." But Conservative MP and former shadow home secretary David Davis said it would make it easier for the government "to eavesdrop on vast numbers of people". "What this is talking about doing is not focusing on terrorists or criminals, it's absolutely everybody's emails, phone calls, web access..." he told the BBC. "All that's got to be recorded for two years and the government will be able to get at it with no by or leave from anybody." He said that until now anyone wishing to monitor communications had been required to gain permission from a magistrate. "You shouldn't go beyond that in a decent civilised society, but that's what's being proposed." 'Attack on privacy' Nick Pickles, director of the Big Brother Watch campaign group, called the move "an unprecedented step that will see Britain adopt the same kind of surveillance seen in China and Iran". "This is an absolute attack on privacy online and it is far from clear this will actually improve public safety, while adding significant costs to internet businesses," he said. Shami Chakrabarti, director of Liberty, added: "This is more ambitious than anything that has been done before. It is a pretty drastic step in a democracy." The Internet Service Providers Association said any change in the law much be "proportionate, respect freedom of expression and the privacy of users". The Sunday Times quoted an industry official who warned it would be "expensive, intrusive [and] a nightmare to run legally". Even if the move is announced in the Queen's Speech, any new law would still have to make it through Parliament, potentially in the face of opposition in both the Commons and the Lords. The previous Labour government attempted to introduce a central, government-run database of everyone's phone calls and emails, but eventually dropped the bid after widespread anger. The then Home Secretary Jacqui Smith did pursue efforts similar to those being revisited now, but the Conservatives and Liberal Democrats continued to voice their concerns. The shadow home secretary at the time, Chris Grayling, said the government had "built a culture of surveillance which goes far beyond counter terrorism and serious crime". Chris Huhne, then the Lib Dem home affairs spokesman, said any legislation requiring communications providers to keep records of contact would need "strong safeguards on access", and "a careful balance" would have to be struck "between investigative powers and the right to privacy". --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 1 15:00:07 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Apr 2012 16:00:07 -0400 Subject: [Infowarrior] - Bird-Flu Papers, Recently Deemed Too Dangerous, Are Freed for Publication Message-ID: <6D996BA2-B34E-462A-9DD5-C2F4052B8462@infowarrior.org> (c/o MS) March 30, 2012 Bird-Flu Papers, Recently Deemed Too Dangerous, Are Freed for Publication http://chronicle.com/article/Bird-Flu-Papers-Recently/131412/ By Josh Fischman In a move on Friday that elated many scientists and worried a few others, a U.S. biosecurity panel recommended the publication of two revised papers on the bird-flu virus. The same panel had, back in December, called for the papers to be partly censored before publication because, it said, they contained dangerous information that could trigger a bird-flu pandemic. "We've been saying all along that these papers should be published, so this is good news," said Vincent R. Racaniello, a professor of microbiology and immunology at Columbia University. One of the authors, Yoshihiro Kawaoka, a virologist at the University of Wisconsin at Madison, said his paper still contains the data and methods that caused concern in the first place, with some elaboration about safety issues. It is possible that both papers could be published online as soon as next week, some speculated. The papers show that a few mutations in the H5N1 avian influenza virus could make it transmissible through the air among mammals, including human beings. The wild form of the virus now mainly infects birds. The lead authors of each paper, Mr. Kawaoka and Ron Fouchier, a virologist at the Erasmus Medical Center, in the Netherlands, were set to publish them in the prominent journals Nature and Science, respectively. Then the National Science Advisory Board for Biosecurity, a panel of scientists that was asked to review the papers by the National Institutes of Health, threw a roadblock in the way. It said the list of mutations should be removed from the papers before they were published because the virus had an estimated human fatality rate of 50 to 60 percent, and many labs experimenting with the mutated form would raise the chances of an accidental escape or even give terrorists the chance to use it. The advisory board's action was an unprecedented form of censorship, and it set off a storm of controversy, with the authors and scientists like Mr. Racaniello arguing that studying those very mutations was the best way to watch for a threatening outbreak of the disease, and to develop ways to combat it. Journal editors decried the interference with communication among scientists. But some infectious-disease experts like D.A. Henderson, the scientist who led the worldwide effort to eradicate smallpox and is now a distinguished scholar at the Center for Biosecurity of the University of Pittsburgh Medical Center, said the censorship was a good idea because the risks of publishing outweighed the benefits. Improving Surveillance After meeting on Thursday and Friday morning in Washington, D.C., the board decided that the benefits now outweigh the risks. "The data described in the revised manuscripts do not appear to provide information that would immediately enable misuse of the research in ways that would endanger public health or national security," the board said in a statement. In addition, it said, "new evidence has emerged that underscores the fact that understanding specific mutations may improve international surveillance." Part of that evidence, Mr. Kawaoka wrote in an e-mail, is contained in his revisions, which "provided a more in-depth explanation of the significance of the findings to public health and a description of the laboratory biosafety and biosecurity." His paper, he added, would contain descriptions of all the mutations that enhanced transmission of the virus, the very data that initially concerned the board. Mr. Racaniello said that arguments made since the board's initial decision might have swayed its members. "All of these mutations have already been seen in circulating strains of H5N1," he said. With the papers, "we now know they contribute to transmissibility. So if you start seeing one of them, or more than one, you should increase surveillance in that geographic region." The board also changed its position, Mr. Kawaoka suggested, "because the meeting helped everyone to better understand not only the research, but the precautions taken to conduct these studies." The board did not focus on claims that the flu's lethality was exaggerated, though outside scientists repeatedly argued over that point. Dueling papers were published recently about the fatality rate, some asserting that it is lower than the official estimate and that the risk is overstated, and others arguing that those papers are miscalculations. Dr. Henderson, who stands by the official H5N1 fatality estimates, which come from the World Health Organization, appeared disappointed by the decision to publish the papers. The fatality rate is higher than that of smallpox, he said, "and this virus can spread better and faster than anything else we have." However, he agreed with Mr. Kawaoka that people better understood the safety issues now, and he said that was important. "There's been an educational process going on here that I'm very pleased about. The risk will be reduced because labs that work with this virus won't treat it casually, but as something that's very dangerous." He noted that in the debate "there was a lot of emphasis on the modified virus as a bioterror agent. But that's the least of the problem. It was the many labs that could work with the virus and its possible escape that really concerned me. If this got out of the lab, you are not going to be able to contain it." More details could emerge in London next Tuesday. There, at a meeting convened by the Royal Society, both flu-paper authors, the editors of Science and of Nature, and several other scientists are gathering to discuss the controversy. Given the publishing green light from the biosecurity board, they should be able to talk about the specifics of the work. The board has forwarded its new recommendation to the agency that first asked the scientists to withhold publication, the U.S. Department of Health and Human Services. The agency usually follows the board's advice. And Mr. Kawaoka, when asked if he was pleased with Friday's decision, answered in one emphatic word: "Yes." Correction (3/31/2012, 8:02 a.m.): This article originally stated that the board might have been swayed by arguments about flu fatality rates, but the board did not focus on those arguments. The article has been updated to reflect this correction. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 1 16:05:37 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 1 Apr 2012 17:05:37 -0400 Subject: [Infowarrior] - =?windows-1252?q?VelocityShares_Launches_New_=93S?= =?windows-1252?q?uper_Zero=94_ETN?= Message-ID: <875F5E1D-7FB4-4B21-BF3D-A86D6FFEE275@infowarrior.org> (just marking the holiday today, albeit with someone else's stuff for a change! --rick) VelocityShares Launches New ?Super Zero? ETN Designed to Go to Zero Faster Than Any Existing Product VelocityShares announced today the creation of LOSS, a new exchange traded note designed to accelerate the rate at which its Net Asset Value approaches zero. CFO Harry Dooker explained: ?We?ve previously structured some products that combine leverage and futures market contango into a package that is highly likely to result in a product whose long term value is zero, yet investors still clamored for them. In fact, amazingly, investors were willing to pay a huge premium to the underlying Net Asset Value for these products. As a result, and in keeping with the spirit of our name, VELOCITYShares, we realized that we could increase the velocity at which value was destroyed.? After much research, Dooker?s team realized that there was a way to crush NAV at an even higher rate. He explained: ?Two times leverage was good, which obviously means that four times leverage is better. Prospective investors should be sure to read the prospectus to understand the effect of four times DAILY leverage and how compounded daily leverage is not the same as compounded long term leverage. We slapped this quadruple leverage on a hybrid basket of natural gas futures and VIX futures in order to accelerate the rate at which the NAV asymptotically approaches zero.? Mr. Dooker further explained that he got the motivation for the product from the investment gurus at South Park: < - > http://kiddynamitesworld.com/velocityshares-launches-new-super-zero-etn-designed-to-go-to-zero-faster-than-any-existing-product/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 2 11:32:26 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Apr 2012 12:32:26 -0400 Subject: [Infowarrior] - Pastebin to crack down on 'sensitive material' leaks Message-ID: Sorry, Anonymous: Pastebin to crack down on 'sensitive material' leaks By Andrew Couts | Digital Trends ? 1 hr 39 mins ago http://news.yahoo.com/sorry-anonymous-pastebin-crack-down-sensitive-material-leaks-145201543.html Pastebin.com is about to lose its cool. The online text repository, a tool often used by Anonymous and other hackers to leak data, is preparing to crackdown on ?sensitive material? posted to the site. According to the BBC, Pastebin?s owner is preparing to hire a team tasked with monitoring what types of information is spread through the site. ?I am looking to hire some extra people soon to monitor more of the website content, not just the items reported,? said Jeroen Vader, a Dutch entrepreneur who purchased Pastebin in 2010, in an interview with the BBC. ?Hopefully this will increase the speed in which we can remove sensitive information.? Launched a little over eight years ago, Pastebin currently enjoys around 17 million unique visitors per month. That?s up from 10 million in October of last year. Much of this boom in traffic comes from use by Anonymous and affiliate groups (like AntiSec and LulzSec), which have used the site for some of their most infamous leaks. Recent posts on Pastebin include emails from private intelligence firm Stratfor, and the account information of millions of YouPorn users. Posting sensitive information is far from Pastebin?s only use, however; programmers and software developers have long used the site and others like it to post long blocks of code. In addition to its use as a way to leak massive amounts of data, Pastebin has also become a popular choice as a Twitter extension. When Twitter users want to post more than just the 140 characters allowed by Twitter, they often continue their post on Pastebin, and include a link to the rest on the post in a tweet. Pastebin?s popularity boom is far from a pure positive. First, the site has increasingly become a favorite target for hackers testing out their distributed denial of service (DDoS) attacks. Last August, Anonymous reportedly tested out its DDoS tool, nicknamed the Low Orbit Ion Cannon (LOIC). And Vader says that, over the past three months, ?not a single day has gone by that we didn?t get some kind of DDoS.? Its rising profile also makes the site a more popular target for law enforcement. Like Megaupload and countless other sites whose content rides the legal line, Pastebin makes its money off of advertising. It?s not much of a stretch then to imagine a crackdown on the site for ?making money off of illegal activity,? as so many sites before it have been accused. Regardless, the spread of confidential information is not going to stop. There are dozens of other sites like Pastebin online. If Pastebin decides to clean up its act, another will simply swoop in an take its place. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 2 11:34:44 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Apr 2012 12:34:44 -0400 Subject: [Infowarrior] - SCOTUS upholds routine jailhouse strip searches, even for people facing minor charges Message-ID: <9BE4C5CF-4988-4E91-B165-CDC26D0EF61F@infowarrior.org> Supreme Court upholds routine jailhouse strip searches, even for people facing minor charges By Associated Press, Updated: Monday, April 2, 11:16 AM http://www.washingtonpost.com/politics/courts_law/supreme-court-upholds-routine-jailhouse-strip-searches-even-for-people-facing-minor-charges/2012/04/02/gIQAvMspqS_print.html WASHINGTON ? The Supreme Court ruled Monday that jailers may subject people arrested for minor offenses to invasive strip searches, siding with security needs over privacy rights. By a 5-4 vote, the court ruled against a New Jersey man who complained that strip searches in two county jails violated his civil rights. Justice Anthony Kennedy said in his majority opinion for the court?s conservative justices that when people are going to be put into the general jail population, ?courts must defer to the judgment of correctional officials unless the record contains substantial evidence showing their policies are an unnecessary or unjustified response to problems of jail security.? In a dissenting opinion joined by the court?s liberals, Justice Stephen Breyer said strip searches improperly ?subject those arrested for minor offenses to serious invasions of their personal privacy.? Breyer said jailers ought to have a reasonable suspicion someone may be hiding something before conducting a strip search. Albert Florence was forced to undress and submit to strip searches following his arrest on a warrant for an unpaid fine, though the fine actually had been paid. Even if the warrant had been valid, failure to pay a fine is not a crime in New Jersey. But Kennedy focused on the fact that Florence was held with other inmates in the general population. In concurring opinions, Chief Justice John Roberts and Justice Samuel Alito said the decision left open the possibility of an exception to the rule and might not apply to someone held apart from other inmates. The first strip search of Florence took place in the Burlington County Jail in southern New Jersey. Six days later, Florence had not received a hearing and remained in custody. Transferred to another county jail in Newark, he was strip-searched again. The next day, a judge dismissed all charges. Florence?s lawsuit soon followed. He may still pursue other claims, including that he never should have been arrested. Florence?s problems arose in March 2005, as he was heading to dinner at his mother-in-law?s house with his pregnant wife and 4-year-old child. His wife, April, was driving when a state trooper stopped the family SUV on a New Jersey highway. Florence identified himself as the vehicle?s owner and the trooper, checking records, found an outstanding warrant for an unpaid fine. Florence, who is African-American, had been stopped several times before, and he carried a letter to the effect that the fine, for fleeing a traffic stop several years earlier, had been paid. His protest was in vain, however, and the trooper handcuffed him and hauled him off to jail. At the time, the State Police were operating under a court order, spawned by allegations of past racial discrimination, that provided federal monitors to assess state police stops of minority drivers. But the propriety of the stop is not at issue, and Florence is not alleging racial discrimination. Kennedy gave three reasons to justify routine searches ? detecting lice and contagious infections, looking for tattoos and other evidence of gang membership and preventing smuggling of drugs and weapons. Kennedy also said people arrested for minor offenses can turn out to be ?the most devious and dangerous criminals.? Oklahoma City bomber Timothy McVeigh initially was stopped by a state trooper who noticed McVeigh was driving without a license plate, Kennedy said. In his dissent, Breyer said inmates in the two New Jersey jails already have to submit to pat-down searches, pass through metal detectors, shower with delousing agents and have their clothing searched. Many jails, several states and associations of corrections officials say strip searches should only be done when there is reasonable suspicion, which could include arrest on drug charges or for violent crimes, Breyer said. In 1979, the Supreme Court upheld a blanket policy of conducting body cavity searches of prisoners who had had contact with visitors on the basis that the interaction with outsiders created the possibility that some prisoners got hold of something they shouldn?t have. For the next 30 or so years, appeals courts applying the high court ruling held uniformly that strip searches without suspicion violated the Constitution. But since 2008 ? and in the first appellate rulings on the issue since the Sept. 11, 2001, terrorist attacks ? appeals courts in Atlanta, Philadelphia and San Francisco decided that authorities? need to maintain security justified a wide-ranging search policy, no matter the reason for someone?s detention. The high court upheld the ruling from the Philadelphia court, the 3rd U.S. Circuit Court of Appeals. The case is Florence v. Board of Chosen Freeholders of County of Burlington, 10-945. Copyright 2012 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 2 13:57:18 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Apr 2012 14:57:18 -0400 Subject: [Infowarrior] - US draws up plans for nuclear drones Message-ID: US draws up plans for nuclear drones Technology is designed to increase flying time 'from days to months', along with power available for weapons systems ? Nick Fielding ? guardian.co.uk, Monday 2 April 2012 11.00 EDT http://www.guardian.co.uk/world/2012/apr/02/us-plans-nuclear-drones A conventionally powered MQ-9 Reaper drone, which has a flight time of 14 hours when loaded, could fly far longer with nuclear energy. Photograph: Ethan Miller/Getty American scientists have drawn up plans for a new generation of nuclear-powered drones capable of flying over remote regions of the world for months on end without refuelling. The blueprints for the new drones, which have been developed by Sandia National Laboratories ? the US government's principal nuclear research and development agency ? and defence contractor Northrop Grumman, were designed to increase flying time "from days to months" while making more power available for operating equipment, according to a project summary published by Sandia. "It's pretty terrifying prospect," said Chris Coles of Drone Wars UK, which campaigns against the increasing use of drones for both military and civilian purposes. "Drones are much less safe than other aircraft and tend to crash a lot. There is a major push by this industry to increase the use of drones and both the public and government are struggling to keep up with the implications." The highly sensitive research into what is termed "ultra-persistence technologies" set out to solve three problems associated with drones: insufficient "hang time" over a potential target; lack of power for running sophisticated surveillance and weapons systems; and lack of communications capacity. The Sandia-Northrop Grumman team looked at numerous different power systems for large- and medium-sized drones before settling on a nuclear solution. Northrop Grumman is known to have patented a drone equipped with a helium-cooled nuclear reactor as long ago as 1986, and has previously worked on nuclear projects with the US air force research laboratory. Designs for nuclear-powered aircraft are known to go back as far as the 1950s. The research team found that the nuclear drones were able to provide far more surveillance time and intelligence information per mission compared to other technologies, and also to reduce the considerable costs of support systems ? eliminating the need, for example, for forward bases and fuel supplies in remote and possibly hostile areas. A halt has been called to the work for now, due to worries that public opinion will not accept the idea of such a potentially hazardous technology, with the inherent dangers of either a crash ? in effect turning the drone into a so-called dirty bomb ? or of its nuclear propulsion system falling into the hands of terrorists or unfriendly powers. Sandia confirmed that the project had been completed: "Sandia is often asked to look at a wide range of solutions to the toughest technical challenges. The research on this topic was highly theoretical and very conceptual. The work only resulted in a preliminary feasibility study and no hardware was ever built or tested. The project has ended." According to a summary of the research published by the Federation of American Scientists, an independent thinktank, computer-based projections were used to test the concepts. "Based on requirements and direction provided by Northrop Grumman, Sandia performed focused studies to translate stated needs into conceptual designs and processes that could be transferred easily from Sandia to industry design and production personnel," the document says. So sensitive is the issue that the summary does not spell out the fact that it is referring to a nuclear-powered drone, referring instead to "propulsion and power technologies that went well beyond existing hydrocarbon technologies". However, the project's lead investigator at Sandia, Dr Steven Dron, is well known as a specialist in nuclear propulsion, having co-chaired a session at the 2008 Symposium on Space Nuclear Power and Propulsion, held at the University of New Mexico in 2008. The research summary also stated that the results "were to be used in the next generation of unmanned air vehicles used for military and intelligence applications", where they "would have provided system performance unparalleled by other existing technologies". It added that "none of the results will be used in the near-term or mid-term future", due to political constraints. The potential impact of nuclear-powered drones can be gauged by comparing them with existing aircraft such as the MQ-9 Reaper, which is used extensively in Afghanistan and Pakistan in operations against insurgents. The Reaper presently carries nearly two tonnes of fuel in addition a similar weight of munitions and other equipment and can stay airborne for around 42 hours, or just 14 hours when fully loaded with munitions. Using nuclear power would enable the Reaper not only to remain airborne for far longer, but to carry more missiles or surveillance equipment, and to dispense with the need for ground crews based in remote and dangerous areas. Coles believes the increasing sophistication of drones poses many threats: "As they become low-cost, low-risk alternatives to conventional warfare, the threshold for their use will inevitably drop. The consequences are not being thought through." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 2 13:57:58 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Apr 2012 14:57:58 -0400 Subject: [Infowarrior] - Arizona Passes Sweeping Internet Censorship Bill Message-ID: Arizona Passes Sweeping Internet Censorship Bill Steve Watson Infowars.com April 2, 2012 http://www.infowars.com/arizona-passes-sweeping-internet-censorship-bill/ The state legislature of Arizona has passed a bill that vastly broadens telephone harassment laws and applies them to the Internet and other means of electronic communication. The law, which is being pushed under the guise of an anti-bullying campaign, would mean that anything communicated or published online that was deemed to be ?offensive? by the state, including editorials, illustrations, and even satire could be criminally punished. The Comic Book Legal Defense Fund breaks down Arizona House Bill 2549: ?The bill is sweepingly broad, and would make it a crime to communicate via electronic means speech that is intended to ?annoy,? ?offend,? ?harass? or ?terrify,? as well as certain sexual speech. Because the bill is not limited to one-to-one communications, H.B. 2549 would apply to the Internet as a whole, thus criminalizing all manner of writing, cartoons, and other protected material the state finds offensive or annoying.? First Amendment activist group Media Coalition has written to Arizona Governor Jan Brewer, urging her not to sign the legislation into law. The letter notes that the terms used in the bill are not defined in the statute or by reference, and thereby the law could be broadly applied to almost any statement. ? A d v e r t i s e m e n t ? ?H.B. 2549 would make it a crime to use any electronic or digital device to communicate using obscene, lewd or profane language or to suggest a lewd or lascivious act if done with intent to ?annoy,? ?offend,? ?harass? or ?terrify,?? the letter notes. ? ?Lewd? and ?profane? are not defined in the statute or by reference. ?Lewd? is generally understood to mean lusty or sexual in nature and ?profane? is generally defined as disrespectful or irreverent about religion or religious practices.? ?H.B. 2549 is not limited to a one to one conversation between two specific people. The communication does not need to be repetitive or even unwanted. There is no requirement that the recipient or subject of the speech actually feel offended, annoyed or scared. Nor does the legislation make clear that the communication must be intended to offend or annoy the reader, the subject or even any specific person.? the letter continues. In this respect the law could even technically be applied to someone posting a status update on Facebook. ?Speech protected by the First Amendment is often intended to offend, annoy or scare but could be prosecuted under this law.?The Media Coalition letter continues. ?A Danish newspaper posted pictures of Muhammad that were intended to be offensive to make a point about religious tolerance. If a Muslim in Arizona considers the images profane and is offended, the paper could be prosecuted. Some Arizona residents may consider Rush Limbaugh?s recent comments about a Georgetown law student lewd. He could be prosecuted if he intended his comments to be offensive. Similarly, much general content available in the media uses racy or profane language and is intended to offend, annoy or even terrify.? ?Bill Maher?s stand up routines and Jon Stewart?s nightly comedy program, Ann Coulter?s books criticizing liberals and Christopher Hitchens? expressions of his disdain for religion, Stephen King?s novels or the Halloween films all could be subject to this legislation. Even common taunting about sports between rival fans done online is frequently meant to offend or annoy, and is often done using salty and profane language.? This type of legislation is far from unprecedented. Last year, former president Bill Clinton proposed a law to censor internet speech. ?It would be a legitimate thing to do,? Clinton said in an interview that aired on CNBC. Clinton suggested the government should set-up an agency that monitors all media speech for supposed factual errors. ?That is, it would be like, I don?t know, National Public Radio or BBC or something like that, except it would have to be really independent and they would not express opinions, and their mandate would be narrowly confined to identifying relevant factual errors? he said. ?And also, they would also have to have citations so that they could be checked in case they made a mistake. Somebody needs to be doing it, and maybe it?s a worthy expenditure of taxpayer money.? Cass Sunstein, head the Office of Information and Regulatory Affairs, has also proposed banning speech on the internet that the government disagrees with. Sunstein proposed the creation of an internet ?Fairness Doctrine? similar to the one that was used for years to limit and eliminate free speech on the radio. This legislation represents yet another move to police and control freedom of expression via the internet. Once again it grants the state and the government the direct right to determine what is and is not ?offensive? on a whim. It then allows for the prosecution of individuals and organisations based on such summations ? an extremely dangerous precedent to set. ?????????????????????- Steve Watson is the London based writer and editor for Alex Jones? Infowars.net, and Prisonplanet.com. He has a Masters Degree in International Relations from the School of Politics at The University of Nottingham in England. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 2 14:00:01 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 2 Apr 2012 15:00:01 -0400 Subject: [Infowarrior] - Forget SOPA, You Should Be Worried About This Cybersecurity Bill Message-ID: Forget SOPA, You Should Be Worried About This Cybersecurity Bill from the this-is-not-good dept http://www.techdirt.com/articles/20120402/04425118325/forget-sopa-you-should-be-worried-about-this-cybersecurity-bill.shtml While most folks are looking elsewhere, it appears that Congress is trying to see if it can sneak an absolutely awful "cybersecurity" bill through Congress. We've discussed how there's been some fighting on the Senate side concerning which cybersecurity bill to support, but there's a similar battle going on in the House, and it appears that the Rogers-Ruppersberger bill, known as CISPA (for Cyber Intelligence Sharing and Protection Act) or HR 3523 is winning out, with a planned attempt to move it through Congress later this month. The bill is awful -- and yet has somehow already gained over 100 sponsors. In an attempt to pretend that this isn't a "SOPA-like" problem, the supporters of this bill are highlighting the fact that Facebook, Microsoft and TechAmerica are supporting this bill. However, this is a terrible bill for a variety of reasons. Even if we accept the mantra that new cybersecurity laws are needed (despite a near total lack of evidence to support this -- and, no, fearmongering about planes falling from the sky doesn't count), this bill has serious problems. As CDT warned when this bill first came out, it's way too broad and overreaching: However, the bill goes much further, permitting ISPs to funnel private communications and related information back to the government without adequate privacy protections and controls. The bill does not specify which agencies ISPs could disclose customer data to, but the structure and incentives in the bill raise a very real possibility that the National Security Agency or the DOD?s Cybercommand would be the primary recipient. If it's confusing to keep track of these different cybersecurity bills, the ACLU has put together a handy dandy (scary) chart (pdf) comparing them all. And what comes through loud and clear is that the Rogers-Ruppersberger CISPA bill will allow for much greater information sharing of companies sending private communication data to the government -- including the NSA, who has been trying very, very hard to get this data, not for cybersecurity reasons, but to spy on people. CISPA has broad definitions, very few limits on who can get the data, almost no limitations on how the government can use the data (i.e. they can use it to monitor, not just for cybersecurity reasons) and (of course) no real oversight at all for how the data is (ab)used. CDT has put together a reasonable list of 8 things that should be done if politicians don't want to turn cybersecurity into a new SOPA, but so far, Congress is ignoring nearly all of them. Similarly, EFF is asking people to speak out against CISPA, noting that it basically creates a cybersecurity exemption to all existing laws. If the government wants your data, it just needs to claim that it got it for "cybersecurity purposes" and then it can do pretty much whatever it wants. This is a really bad bill and it looks like it's going to pass unless people speak up. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 3 18:10:13 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Apr 2012 19:10:13 -0400 Subject: [Infowarrior] - Apple holds the master decryption key when it comes to iCloud security, privacy Message-ID: Apple holds the master decryption key when it comes to iCloud security, privacy By Chris Foresman | Published about 2 hours ago http://arstechnica.com/apple/news/2012/04/apple-holds-the-master-key-when-it-comes-to-icloud-security-privacy.ars Ars recently attempted to delve into the inner workings of the security built into Apple's iCloud service. Though we came away reasonably certain that iCloud uses industry best practices that Apple claims it uses to protect data and privacy, we warned that your information isn't entirely protected from prying eyes. At the heart of the issue is the fact that Apple can, at any time, review the data synced with iCloud, and under certain circumstances might share that information with legal authorities. We consulted several sources to understand the implications of iCloud's security and encryption model, and to understand what types of best practices could maximize the security and privacy of user data stored in increasingly popular cloud services like iCloud. In short, Apple is taking measures to prevent access to user data from unauthorized third parties or hackers. However, iCloud isn't recommended for the more stringent security requirements of enterprise users, or those paranoid about their data being accessed by authorities. Apple holds the (encryption) key As we noted in our original investigation, Apple can potentially decrypt and access all data stored on iCloud servers. This includes contacts, notes, unencrypted e-mails, application preferences, Safari bookmarks, calendars, and reminders. This was recently confirmed by a source speaking to Ars, and security researcher and forensic data analysis expert Jonathan Zdziarski agreed. "I can tell you that the iCloud terms and conditions are pretty telling about what the capabilities are at Apple with respect to iCloud, and suggests they can view any and all content," Zdziarski told Ars. In particular, Zdziarski cited particular clauses of iCloud Terms and Conditions that state that Apple can "pre-screen, move, refuse, modify and/or remove Content at any time" if the content is deemed "objectionable" or otherwise in violation of the terms of service. Furthermore, Apple can "access, use, preserve and/or disclose your Account information and Content to law enforcement authorities" whenever required or permitted by law. Apple further says that it will review content reportedly in violation of copyright under DMCA statutes. "If iCloud data was fully encrypted, they wouldn't be able to review content, provide content to law enforcement, or attempt to identify DMCA violations," Zdziarski told Ars. Securosis CEO Rich Mogull agreed that iCloud's encryption model gives Apple this access. "iCloud data is encrypted only for transport, and not on a per-user basis for the data itself," Mogull told Ars. "Apple may still encrypt data on the drives, but they have to have the key." In other words, to provide the variety of services Apple offers, Apple must hold the encryption key to your encrypted data. "If you can access something with a webpage, that means the webserver has the key," Mogull explained. "Thus we know that Apple could access at least anything iCloud related that shows in the browser. This is true of Dropbox, box.net, and nearly everyone else?if you can see it in a browser, they can see it on the server. iCloud data isn't encrypted with a user-defined key?it's protected with keys that Apple defines and controls." Still, vice president of products for cloud security firm Echoworx, Robby Gulri, noted that Apple is following best practices used throughout the industry. "Apple has taken the right steps to protect users' data and privacy as far as a widely public service like iCloud goes," he told Ars. "For example, data is transmitted using SSL, data is encrypted on disk using 128-bit keys, and Apple has stopped letting developers use individual UDIDs." "Just because the data is encrypted, however, doesn't mean that it's secure," Gulri said. "In a symmetric encryption system, there's always a back door. There's always the chance, however remote, that some rogue employee could use the master key to decrypt and access your data." Making "best practices" better Apple insists that it takes user privacy and data security very seriously, and we noted previously that the company has policies in place to prevent the kind of rogue access Gulri refers to. However, Gulri still believes that there are some best practices that should be adopted by both cloud storage providers and mobile device vendors to maximize user privacy and security. First, cloud services should use asymmetric PKI encryption. "With asymmetric encryption, the privacy and identity of each individual user" is better protected, Gulri said, because it uses one key to encrypt data before being sent to the server, and uses another, private key to decrypt data pulled from the server. Assuming no one else has access to that private key, then no one?not Apple, not Google, not the government, and not hackers?could decrypt and see the data. Additionally, Gulri recommends that the encryption chains for cloud services be regularly audited and verified by a trusted third party. Encryption is only as strong as the weakest link in the chain, and a third-party audit could identify any weak links so they can be corrected. Furthermore, the audit can verify that an encryption process is valid and effective. Finally, mobile device vendors need to improve the handling of PKI credentials. For instance, Mail on an iPhone can use S/MIME to send and receive encrypted conversations. E-mails sent using this method can also be signed and verified as coming from a trusted sender. However, installing and managing the public and private keys necessary to use S/MIME is neither simple nor straightforward. "It's a big problem with all mobile devices," Gulri told Ars. "Historically there hasn't been a way to push the credentials from a certificate authority over-the-air in a way that's secure and transparent to the end user." Once installed, there's also no simple way to leverage the credentials across various services. In other words, if asymmetric PKI encryption were easy and usable for anyone, everyone would be using it. "The reality is that the Apple way values usability over all else, including security," Gulri said. "And as it stands, PKI just isn't accessible to the average user." The problem affects more than the average user, though. Given the fact that Apple can decrypt and access any information stored on iCloud servers, enterprise users face a potentially higher risk that sensitive corporate data could be accessed or turned over to a third party. Because of various legal requirements or corporate policies, enterprise users simply should not use iCloud. Every security expert we talked to agreed that this was advisable, and at least one source suggested that Apple itself made the same recommendations to enterprise users. While corporate users could replace iCloud with Exchange, for example, that only covers e-mail, contacts, and calendars. Many enterprise users use iPhones (or other smartphones) for personal as well as work purposes, and iOS simply lacks any sort of method for syncing other data like bookmarks and such using a private server provided by you or your employer. As a sort of compromise, Gulri recommends configuring iCloud to only handle certain data you are comfortable with Apple potentially accessing. "I'm a big iPhone and iPad person, and my data is on iCloud, too," he said. "If you have some concerns about what's stored on iCloud, you can change the default settings. Turn off what you don't want in the cloud?I personally only sync photos and iTunes content like songs and apps." Ultimately, iCloud security is a matter of trust between individual users and Apple. As confirmed by industry experts, Apple takes a number of precautions to prevent unauthorized access to user data by third parties, but those precautions don't secure your data from Apple itself. If you require?or simply want?greater assurance than that, turn off whatever iCloud features you don't need. One day, mobile device vendors and cloud service providers will be able to build a user-accessible infrastructure to support asymmetric PKI encryption, but that day is not today. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 3 20:36:45 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Apr 2012 21:36:45 -0400 Subject: [Infowarrior] - Obama's NSA: Close to knowing all about us Message-ID: To vew this item online, visit http://www.wnd.com/2012/04/obamas-nsa-close-to-knowing-all-about-us/ SWEET LAND OF LIBERTY Obama's NSA: Close to knowing all about us Nat Hentoff sounds alarm over more citizens' info going into databases for future tracking Published: 1 hour ago http://www.wnd.com/2012/04/obamas-nsa-close-to-knowing-all-about-us/print/ Nat Hentoff is a nationally renowned authority on the First Amendment and the Bill of Rights and author of many books, including "The War on the Bill of Rights and the Gathering Resistance." Not long before Dick Armey ? a conservative Republican constitutionalist ? retired as House majority leader, he gave a speech expressing his worry about the government?s increasing blanket surveillance over We the People. He practically begged President George W. Bush to ?use these tools we have given you to make us safe in such a manner that?ll preserve our freedom? (my book, ?The War on the Bill of Rights and the Gathering Resistance,? Seven Stories Press, 2003). Bush?s response, alas, was to listen more and more to Vice President Dick Cheney. And now for the first time in American history, according to the Government Accountability Project?s Jesselyn Radack, Attorney General Eric Holder has officially and publicly declared ?new guidelines that permit the federal counterterrorism investigators to collect, search and store data about Americans who are not suspected of terrorism, or anything ? ?According to the Justice Department, law enforcement and other national security agencies can copy entire databases and sift through the data for suspicious patterns to stop potential terrorist threats? (?Govt. Keeping Data on Americans With No Connection to Terrorism,? whistleblower.org, March 23). Where in the Constitution do ?suspicious patterns? ? otherwise undefined and outside the jurisdiction of our courts ? allow the government to put large and growing numbers of us into databases for future tracking? Indeed, Radack writes, this gossamer of ?information? is being stored ?on Americans who are not even thinking about committing a crime.? As of this writing, Mitt Romney appears very likely to be the Republicans? choice to thwart President Barack Obama?s desire for a second term. Have you heard any objection from him on this purge of privacy? And which government agency will lead in this final death sentence for the Fourth Amendment? Emerging from its customary deep secrecy is our nation?s (and probably the world?s) most immense spy center, the National Security Agency. I became aware of the NSA when Sen. Frank Church, D-Idaho, was in charge of a Senate committee on intelligence activities in 1975. Church was fearfully startled when he came upon the agency, until then operating unknown to the great majority of Americans. Church became frightened by the NSA?s mastery of privacy-piercing technology. As Newsweek later reported in the middle of Bush?s war on terror, this technology would eventually enable the agency to secretly work on ?computer programs that could sift through vast amounts of information searching for patterns and connections? (?Full Speed Ahead,? Evan Thomas, Jan. 8, 2006). Especially ?suspicious patterns.? And dig what Church said in 1975, that the NSA?s ?capability at any time could be turned around on the American people, and no American would have any privacy left, such is the capability to monitor everything: telephone conversations, telegrams, it doesn?t matter.? Even though this technology was in its infancy compared to its ever-increasing range and depth today, Church had already found out enough to warn: ?There would be no place to hide ? There would be no way to fight back because the most careful effort to combine together in resistance to the government, no matter how privately it was done, is within the reach of the government to know.? Thirty years after Church?s principled stand, the Washington Post reported that the NSA had already been enlisting other intelligence agencies to assist its surveillance of ?people inside the country suspected of having terrorist connections? (?Bush Authorized Domestic Spying,? Dan Eggen, Dec. 16, 2005). On what basis? That?s classified. And here we are today, with Obama urgently working to extend his power as commander in chief over all of us not in uniform. The Rutherford Institute?s John Whitehead, the Frank Church of our time, reports: ?In the small town of Bluffdale, Utah, not far from bustling Salt Lake City, the federal government is quietly erecting what will be the crown jewel of its surveillance empire. Rising up out of the desert landscape, the Utah Data Center (UDC) ? a $2 billion behemoth designed to house a network of computers, satellites and phone lines that stretches across the world ? is intended to serve as (hold your breath) the central hub of the National Security Agency?s vast spying infrastructure. ?Once complete (the UDC is expected to be fully operational by September 2013) the last link in the chain of the electronic concentration camp that surrounds us will be complete, and privacy, as we have known it, will be extinct? (?Everybody?s a Target in the American Surveillance State,? rutherford.org, March 26). Don?t give up that fast. Members of Congress should be sharply awakened by their constituents and reminded what country they?re in; they should act for privacy if they want to remain in office. As for the next president, unless he is Ron Paul (not a chance), he will just continue to wave the flag and sing ?The Star-Spangled Banner.? Next week: There?s much more to learn from James Bamford, one investigator and reporter who keeps finding out what?s being planned inside the NSA. I?ve credited him for freshly grim news on what awaits this and future generations as the agency takes control of us ? no matter who is giving the State of the Union message. If more schools had civics classes, at least some of our kids and grandkids may yet text one another to organize for freedom. I don?t remember the Occupy Wall Street marchers and drummers ever mentioning the National Security Agency. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 3 20:38:19 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Apr 2012 21:38:19 -0400 Subject: [Infowarrior] - Beware the unholy alliance of state and internet Message-ID: <2233CD9F-7B2C-4A01-AB31-BE2D4BBA4C15@infowarrior.org> April 3, 2012 7:34 pm Beware the unholy alliance of state and internet By Evgeny Morozov http://www.ft.com/intl/cms/s/0/4f7adc4e-7cb0-11e1-8a27-00144feab49a.html Surveillance means safety. This is the argument wherever and whenever governments seek new powers to monitor their citizens. Proposed legislation in the UK to enable police and intelligence services to access emails, Skype calls and Facebook messages is another such example. It is also another case of the unnecessary and dangerous expansion of state power, in collaboration with companies, into our online ? and offline ? lives. The UK government has said that without a warrant it could only get ?who, when and where? forms of data ? times, dates, numbers and addresses of communications ? not the content of emails, chat messages or Skype calls. The latter would still require a warrant, according to the government. Some critics are sceptical, and rightly so. However, the controversy over warrants is not the only problem. The authorities may finally get real-time access to communication channels that are currently off-limits. The most straightforward way to do this would be to force technology companies to build ?back doors? into their services, making it possible to ?wiretap? an online exchange as if it was a conversation via telephone. Nick Clegg, UK deputy prime minister, hints at this in his justification for the law: ?All we are doing is updating the rules which currently apply to mobile telephone calls to allow the police and security services to go after terrorists and serious criminals and updating that to apply to technology like Skype.? This suggests Skype would need to build a ?back door? to allow intelligence services to track who is talking to whom and, provided they have a warrant, to eavesdrop on the content of those conversations. The problem here is that a third party might also be abusing such ?back doors? without anyone noticing. In Greece, for almost six months between 2004 and 2005, someone was secretly wiretapping more than 100 senior officials by exploiting vulnerabilities in Vodafone?s network. The procession of phone-hacking cases involving News International and the accompanying failure of the police suggest Britain should be especially concerned about such developments. The fear, according to intelligence agencies in the US and UK, is that the internet has put them on the verge of ?going dark?, the term used by the FBI and others to describe losing access to information on suspects who are hiding online. However, this ?going dark? argument is untenable, for it doesn?t accurately describe the internet. When a growing number of users are lured into disclosing their location via smartphones, when all of their friends are listed on Facebook, when browsing history can tell companies about a teenager?s pregnancy before her parents, it?s hard to believe the state is short-changed by the net. Take the case of grassroots privacy campaigner Max Schrems. In June 2011 the 24-year-old filed a complaint with the Irish data regulator and used a provision in Irish law to ask Facebook to send him everything it knew about him. He received a file 1,200 pages long. ?Going dark? is a myth; we live in a golden age of surveillance. Intelligence services have access to more data than ever before ? it just happens to be gathered by the private sector. Instead of granting intelligence services more power, we need to worry about the coming convergence of the data-gathering demands of the state and the business imperatives of internet companies. Take a recent example: a few weeks ago, Google was granted a patent that would potentially allow it to use our phones to study the environment around us ? to record noise levels, lighting conditions, temperature ? and customise adverts accordingly. It?s easy to imagine that the folks at intelligence agencies would be quite delighted if Google developed this idea ? at the very least, it would save them money on wiretaps. Google has an interest in keeping some of its stored data unencrypted. As Vint Cerf, the company?s ?chief internet evangelist?, said in 2011: ?We couldn?t run our system if everything in it were encrypted because then we wouldn?t know which ads to show you.? This is unfortunate. If encrypted, stored data would be out of reach for most governments. Imagine what this means in the context of Google?s highly anticipated self-driving cars. Will the route of the car be automatically recorded and stored on Google?s servers? If so, the police and intelligence agencies don?t need to install GPS trackers on suspects? cars; Google would have us record all of this information voluntarily. The state could just ask for it. The idea that we need to make it easier for governments to do this, in the UK and elsewhere, is ludicrous. We need to be doing the exact opposite. It is only by anticipating the consequences of this coming unholy alliance between internet companies and intelligence agencies that our freedoms can be defended. The writer is author of ?The Net Delusion: How Not to Liberate the World? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 3 20:40:01 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 3 Apr 2012 21:40:01 -0400 Subject: [Infowarrior] - From tracking al-Qaeda to tracking the wayward spouse Message-ID: <1A0CDF10-8DE3-4CE4-912A-47955CBF513A@infowarrior.org> From tracking al-Qaeda to tracking the wayward spouse By Dana Milbank http://www.washingtonpost.com/opinions/from-tracking-al-qaeda-to-tracking-the-wayward-spouse/2012/04/03/gIQAF75ytS_print.html You can find just about anything at the annual homeland security expo: X-ray machines, infrared cameras, a police cruiser with heat-sensing capability, a hovering ?gyroplane? ? and a GPS device that can spy on your spouse. The salesman for Blackline GPS Corp., maker of ?professional grade covert tracking? equipment, explained that his devices, in the shape of a legal envelope ($700) or an electric razor ($300), can be tucked behind seat cushions, under floor mats or into backpacks. ?We?re getting more requests from husbands and wives,? he explained. ?I?ve seen guys throw it in their wives? car and cover it with a hat. It keeps honest people honest.? That, in one convenient package, is what has become of the homeland security effort. What began as a well-intentioned campaign to harden targets and protect the nation from terrorists has metastasized into a sprawling and diffuse enterprise that has little to do with terrorists and a lot to do with government and employers spying on the citizenry ? and citizens spying on each other. The GovSec expo this week at Washington?s convention center reflects the shift. Billed as ?the premier government security event,? it began after the 9/11 attacks, its organizers told me, with vendors hawking security barriers, razor wire and the like. Now the 2,500 conventioneers can visit the booth of a vendor called ECM Universe, which specializes in monitoring Twitter. Its ?social media surveillance? package helps universities monitor online activity for evidence of bullying, among other things, ECM?s Scott Raimist told me Tuesday. Two weeks ago, the company helped authorities in Fort Lupton, Colo., identify a man who was tweeting such menacing things as ?kill people? and ?burn [expletive] school.? Said Raimist: ?He fit the profile of a pyromaniac.? So is the man behind bars? Well, no, Raimist admitted. ?He?s outside their jurisdiction. He?s still tweeting.? In fact, the man hasn?t been accused of a crime ? but that didn?t matter: His full name was projected on a display screen at the GovSec expo as an example of how technology can catch bad guys. Federal homeland security spending tripled in the years after Sept. 11, and recent cuts have been modest compared with reductions to other parts of the budget. States and private industry, too, have spent billions of dollars. But that money is going further and further afield. Government agencies and corporations are, for example, buying ?Pocket Hound? cellphone detectors, which indicate who is carrying a mobile phone (among the suggested uses: schools and airports). A competitor, Cellbusters, can locate where a cellphone is inside a building or whether someone in your conference room is violating a company?s no-cellphone policy. Catch many terrorists with this technology? ?Not so much,? Cellbusters? Derek Forde admitted. Neither is Fulcrum Biometrics likely to apprehend al-Qaeda operatives with its ID system using fingerprint, face, iris, palm and voice identification. Recommended uses include voter registration and ?civil ID,? said Fulcrum?s Kathleen Erickson. Also, gym memberships: ?You can use it in guest management, like a loyalty program.? One product enables employers to require construction workers and others at remote sites to clock in with their fingerprints. ?Can I scan you?? Erickson asked me. She waved a scanner at my convention badge, and with a ?boing? sound my registration information was transferred to her. There are, of course, legitimate uses for all such gizmos, as there are for gun vaults, portable bunkers and military gear. But Big Brother?s display space at the expo is expanding. Emergency Vehicles Inc. can convert a Honda Odyssey minivan into a ?covert surveillance platform? with heat-detecting cameras. ?They can focus in on a person and follow that person wherever they go,? explained salesman Michael Cox. A company called Telmate sells a kiosk that records and photographs prison inmates during conversation, games or religious services. Hunt Engineeringenables agencies and businesses to scan driver?s licenses or passports and run background checks before admitting visitors. Gamber Johnson is offering a GPS-enabled laptop dock that allows a company to map an employee?s travel for a month. Nearby, International Surveillance Technology is selling hidden cameras and audio recorders in alarm clocks, iPod docks, water coolers and suitcases. Among government security agencies, ?there?s nobody who isn?t buying this,? said chief executive Donald DiFrisco. ?Imagine: hookers in a hotel room with a clock radio.? That?s the homeland security mission creep: from Osama bin Laden to hookers in hotels. danamilbank at washpost.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 4 09:19:22 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 4 Apr 2012 10:19:22 -0400 Subject: [Infowarrior] - Cybersecurity entangled in turf wars Message-ID: Like....duh!! --rick Cybersecurity entangled in turf wars By: Jennifer Martinez and Jonathan Allen April 3, 2012 11:39 PM EDT http://dyn.politico.com/printstory.cfm?uuid=364188F6-A09A-4BC5-9BB9-94F31A458E69 The White House is scrambling to influence cybersecurity legislation that?s been tangled in a web of policy, politics and parochialism ? even reaching out to Republican leaders as the House prepares to act on the issue later this month. On the surface, the players are battling over the best way to protect the nation?s electric grid, water facilities and other critical infrastructure from being taken down by a crippling cyberattack. But underneath, it?s really a quintessential Washington turf war, spiced up by election-year politics. In one corner, the champions of the civilian Homeland Security Department: the White House and the Homeland Security panels in the House and Senate. In another corner, proxies for the National Security Agency: House Republicans and Rep. Dutch Ruppersberger, the top Democrat on the Intelligence Committee, who represents the NSA?s Maryland headquarters. A third group, led by John McCain (R-Ariz.) in the Senate and Mary Bono Mack (R-Calif.) in the House, has also weighed in with a bill that focuses on fostering information sharing about cyberthreats between the government and critical infrastructure operators without tacking new security mandates onto businesses. It all makes for a twisted tale of how a basic national security imperative ? cooperation between the government and private companies ? could fall victim to the vagaries and vanities of Congress. ?Initially, we saw each chamber really take a cross-committee approach and now, we?re seeing the emergence of jurisdiction and parochial interests that are trumping that,? an administration official said in an interview with POLITICO. Still, with the Senate snarled over competing versions of the bill, House leaders and administration officials are talking. House Republican aides have met with officials from the Department of Homeland Security and other agencies to discuss the White House?s cybersecurity plan, and Republican leaders are confident they?ll have Democratic votes for a package of bills that they plan to bring to the floor ? though they are certain to get some backing from Democrats with or without the White House?s blessing. ?We think it?s possible that the package of bills we plan to bring to the floor at the end of April ? which deal with information-sharing and liability changes, among other matters ? will be able to garner bipartisan support,? a House GOP leadership aide said. The administration, which plans to lobby House Democrats in the next two weeks, is hoping that Democrats can gain leverage to demand changes by withholding their votes. ?We?re going to say to Dems, ?Have you read all the ACLU and Center for Democracy & Technology?s concerns with the bill??? the administration official said, referring to a measure by House Intelligence Committee Chairman Mike Rogers (R-Mich.) and Ruppersberger. ?House Dems should be demanding answers.? But House GOP leaders could suffer 25 defections before they would need a single Democratic vote ? and only one of the eight Democrats on the Intelligence panel, Jan Schakowsky of Illinois, voted against the Rogers-Ruppersberger bill at the committee level. There are a few electoral wild cards in the mix, too. The president must weigh the benefit of burnishing his national security credentials against concerns from the left that privacy rights could be compromised. Republicans have to decide whether to push for the law even if it means giving the president the national security victory. And House GOP leaders are trying to find a way to let Rep. Dan Lungren salvage some of his Homeland-flavored version of the legislation as he campaigns for reelection in California?s newly redrawn and highly competitive 7th District. ?Subcommittee Chairman Lungren and I have been working very closely with the speaker in crafting cybersecurity legislation. We have also been in contact with the other committees involved,? House Homeland Security Committee Chairman Peter King (R-N.Y.) said. ?We are working to ensure that the legislation that comes out of the full committee has as much consensus as possible while also preserving the elements that we believe are essential. My intention is to have that for the full committee when we come back after the Easter recess.? Need a scorecard? You will soon because the House is expected to move forward later this month on the Intelligence Committee?s bill, which would encourage private companies to voluntarily share information with intelligence agencies while providing liability protections. That version, which the panel approved 17-1, is the anchor for a planned ?cyberweek? in the House, beginning April 23, that would also feature smaller-bore legislation from the Judiciary, Oversight and Government Reform, and Homeland Security panels. Major Internet providers, the U.S. Chamber of Commerce and tech companies such as IBM have lined up behind the House Intelligence Committee?s bill because it doesn?t hold industry responsible for meeting new security requirements, unlike a version drafted by Senate Homeland Security and Governmental Affairs Committee Chairman Joe Lieberman of Connecticut and his committee?s top Republican, Susan Collins of Maine. Lieberman?s bill would require operators of critical infrastructure to work with the Department of Homeland Security to develop a set of security standards that they will be responsible for meeting. And that?s part of the reason the administration is racing to influence the House bill after devoting most of its attention to the Senate bill. FBI Director Robert Mueller, Homeland Security Secretary Janet Napolitano and NSA Director Gen. Keith Alexander plan to huddle with House members the week of April 16 to outline the escalating threat the U.S. faces from cyberattacks and vulnerabilities in critical infrastructure systems, the administration official said. For more than a year, the White House has been organizing a series of classified briefings for senators but has only recently turned its attention to the House. That?s in part because Senate Majority Leader Harry Reid has other items, including a ?Buffett rule? bill, a reauthorization of the Violence Against Women Act and a postal reform measure lined up first. It could be May or later before the Senate acts on cybersecurity legislation. While the House is still ironing out the final details of its cybersecurity package, leaders are expected to put several bills on the floor separately and then use a procedural maneuver to combine them before they are sent to the Senate. Nothing is set in stone yet but so far, four bills are expected to be put on the House floor for a vote. They include: the industry-backed Intelligence Committee measure, Texas Republican Rep. Mike McCaul?s bill aimed at boosting cybersecurity research and development and the pool of trained cyberprofessionals, Rep. Darrell Issa?s Federal Information Security Management Act reform bill and some version of Lungren?s Promoting and Enhancing Cybersecurity and Information Sharing Effectiveness Act of 2011. The House avoided some of the Senate?s acrimony by splitting up responsibility for cybersecurity issues among the various committees of jurisdiction. Several Senate committees have worked on the issue as well. But Reid, acting in accordance with the White House?s preference for a more comprehensive bill with DHS as the federal government?s cybersecurity lead, gave primacy to Lieberman, who wrote the legislation creating the Homeland Security Department a decade ago. He has been joined by Collins, who can expect to hold the committee?s gavel and its jurisdiction over the massive department if Republicans retake the Senate. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 5 11:21:34 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Apr 2012 12:21:34 -0400 Subject: [Infowarrior] - Russia working on electromagnetic radiation guns Message-ID: <48244468-ED06-4E0E-A2FE-2761ADCD5D91@infowarrior.org> Russia working on electromagnetic radiation guns ? by: Staff Writers ? From: mX ? April 04, 2012 12:00AM http://www.heraldsun.com.au/technology/sci-tech/russia-working-on-electromagnetic-radiation-guns/story-fn5iztw3-1226317396841 WHILE many believed it to be an April Fool's Day joke, Vladimir Putin has confirmed Russia has been testing mind-bending psychotronic guns that can effectively turn people into zombies. The futuristic weapons - which attack their victims' central nervous system - are being developed by scientists and could be used against Russia's enemies and even its own dissidents by the end of the decade. Mr Putin has described the guns, which use electromagnetic radiation like that found in microwave ovens, as entirely new instruments for achieving political and strategic goals. Plans to introduce the super-weapons were announced by Russian defence minister Anatoly Serdyukov. While the technology has been around for some time, MrTsyganok said the guns were recently tested for crowd control purposes. ?When it was used for dispersing a crowd and it was focused on a man, his body temperature went up immediately as if he was thrown into a hot frying pan," Mr Tsyganok said. "Still, we know very little about this weapon and even special forces guys can hardly cope with it,'' he said. Research into electromagnetic weapons has been carried out in the US and Russia since the '50s but it appears Putin has stolen a march on the US. Precise details have not been revealed but previous research has shown that low-frequency waves or beams can affect brain cells, alter psychological states and make it possible to transmit suggestions and commands directly into someone's thoughts. Mr Putin said the technology is comparable in effect to nuclear weapons but ?more acceptable in terms of political and military ideology''. Mr Serdyukov said the weaponry based on new physics principles - direct-energy weapons, geophysical weapons, wave-energy weapons, genetic weapons and psychotronic weapons - were part of the state arms procurement program for 2011-2020. Maybe there will be a reason to purchase that zombie safe house, after all. Last year Texan Austin Fleming?s created the Vagabond Mobile Safe House Device, which incorporates potable water filtration, tracking devices and photovoltaic cells into a handy and stylish leather backpack. The whole things flips out armadillo-style in under three minutes and is covered in reflective coating to confuse drooling marauders. The design won the 2011 Architects Southwest Zombie Safe House competition. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 5 16:13:06 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Apr 2012 17:13:06 -0400 Subject: [Infowarrior] - Chris Dodd Suggests Backroom Negotiations On New SOPA Are Well Underway Message-ID: Chris Dodd Suggests Backroom Negotiations On New SOPA Are Well Underway from the not-dead-yet dept Ah, Chris Dodd. It seems like every time he opens his mouth, he makes things worse. In an interview with the Hollywood Reporter, he responds to a series of questions about SOPA by trying to tiptoe around the issue, but basically admits that there are backroom conversations going on between a small number of people, and that "between now and sometime next year," Hollywood and the tech industry will "come to an understanding." He's asked specifically if there are conversations going on now, and if the White House is pressuring folks to come to such "an understanding." < -- > http://www.techdirt.com/articles/20120405/13292918393/chris-dodd-suggests-backroom-negotiations-new-sopa-are-well-underway.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 5 16:56:49 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 5 Apr 2012 17:56:49 -0400 Subject: [Infowarrior] - Bill Would Suspend Passport Rights For Delinquent Taxpayers Message-ID: (A fine idea, but why must it e buried deep in a totally unrelated bill? --rick) Owe The IRS? Bill Would Suspend Passport Rights For Delinquent Taxpayers April 4, 2012 11:57 AM http://losangeles.cbslocal.com/2012/04/04/owe-the-irs-bill-would-suspend-passport-travel-rights-for-delinquent-taxpayers/ LOS ANGELES (CBS) ? A bill authored by a Southland lawmaker that could potentially allow the federal government to prevent any Americans who owe back taxes from traveling outside the U.S. is one step closer to becoming law. Senate Bill 1813 was introduced back in November by Senator Barbara Boxer (D-Los Angeles) to ?reauthorize Federal-aid highway and highway safety construction programs, and for other purposes? . After clearing the Senate on a 74 ? 22 vote on March 14, SB 1813 is now headed for a vote in the House of Representatives, where it?s expected to encounter stiffer opposition among the GOP majority. In addition to authorizing appropriations for federal transportation and infrastructure programs, the ?Moving Ahead for Progress in the 21st Century Act? or ?MAP-21? includes a provision that would allow for the ?revocation or denial? of a passport for anyone with ?certain unpaid taxes? or ?tax delinquencies?. Section 40304 of the legislation states that any individual who owes more than $50,000 to the Internal Revenue Service may be subject to ?action with respect to denial, revocation, or limitation of a passport?. The bill does allow for exceptions in the event of emergency or humanitarian situations or limited return travel to the U.S., or in cases when any tax debt is currently being repaid in a ?timely manner? or when collection efforts have been suspended. However, there does not appear to be any specific language requiring a taxpayer to be charged with tax evasion or any other crime in order to have their passport revoked or limited ? only that a notice of lien or levy has been filed by the IRS. Boxer vowed last week to push House Republicans to pass the bipartisan transportation bill that would keep the Highway Trust Fund from going bankrupt. ?Thousands of businesses are at stake, and eventually we are talking about nearly three million jobs at stake,? she said in a statement. ?There are many people on both sides of the aisle in the Senate who want to get our bill, MAP-21, passed into law, and I am going to do everything I can to keep the pressure on the Republican House to do just that.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 6 12:50:40 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Apr 2012 13:50:40 -0400 Subject: [Infowarrior] - Why The TSA Fears Thirteen-Inch Laptops, But Not Eleven-Inch Ones Message-ID: <659BAFD8-6D77-48E4-A64B-F2F0182D510D@infowarrior.org> Why The TSA Fears Thirteen-Inch Laptops, But Not Eleven-Inch Ones http://www.techdirt.com/articles/20120404/17021118376/size-matters-why-tsa-fears-thirteen-inch-laptops-not-eleven-inch-ones.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 6 18:22:13 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Apr 2012 19:22:13 -0400 Subject: [Infowarrior] - US Air Force will need 'years' to analyze its drone footage Message-ID: <65E463E1-DEC0-49E5-9503-B9D1E66D57E8@infowarrior.org> (c/o KM) US Air Force will need 'years' to analyze its drone footage By Adi Robertson on April 6, 2012 03:13 pm Drones have freed US pilots from running surveillance missions, but the footage they collect still has to be watched by human analysts to determine its importance. And, unfortunately for them, it's turned out to be nearly impossible to keep up. Michael Donley, the secretary of the Air Force, says it will be "years" before they've finally worked through current videos and photographs. It's a problem that's been going on for years already ? in 2010, one general estimated that it would take 2,000 analysts to go through the information collected by a single Predator drone. Over at Wired, Spencer Ackerman details how the military is using everything from drone cutbacks to automated software in order to bring footage to a manageable level, and why catching up "isn?t as simple as clearing a DVR cache." http://www.theverge.com/2012/4/6/2930823/us-air-force-drone-footage-overload --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 6 18:23:08 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Apr 2012 19:23:08 -0400 Subject: [Infowarrior] - ABB won't patch industrial control system flaw Message-ID: (c/o DM) ABB won't patch industrial control system flaw 05 April 2012 http://www.infosecurity-magazine.com/view/25004/abb-wont-patch-industrial-control-system-flaw/ Swiss industrial conglomerate ABB does not plan to patch an arbitrary code execution vulnerability in components of itsWebWare Server application, used in various industrial systems, because it is a legacy product nearing the end of its lifecycle. Independent researchers Terry McCorkle and Billy Rios identified a buffer overflow vulnerability that could allow an attacker to execute arbitrary code and remotely gain control of the target machine. The flaw could also be used for a denial-of-service attack and privilege escalation, according to an advisory issued by the US Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). But because the system is near the end of its lifecycle, ABB no longer supports it and does not plan to issue a patch, despite the risk that an attacker could remotely take over the industrial machine. While there are no known exploits targeting these components, crafting an exploit would only require a medium skill level, ICS-CERT judged. The researchers found vulnerabilities in the COM and scripting interfaces of the WebWare Server products, which include the WebWare Server (including Data Collector and Interlink), WebWare SDK, ABB Interlink Module, S4 OPC Server, QuickTeach, RobotStudio S4, and RobotStudio Lite. The products are used in several different roles in a factory. WebWare Server is used for data gathering and backup handling; WebWare SDK, ABB Interlink Module, and S4 OPC Server are used for communications to and from a robot controller; and QuickTeach, RobotStudio S4, and RobotStudio Lite are PC tools used for training, installation, and programming of a robot cell. ABB customers using these products are encouraged to contact their local ABB Robotics service organization or send questions to: cybersecurity at ch.abb.com. Commenting on the vulnerability disclosure, Anne Saita wrote on Kaspersky Lab?s Threat Post that this is ?yet another sign the basic security model underlying the ICS systems that run critical services such as power, water and others, is not prepared for the risks now present through internet connectivity and web-based mobile devices such as smartphones.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 6 19:13:11 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Apr 2012 20:13:11 -0400 Subject: [Infowarrior] - Arizona Politicians Scramble To Adjust Internet Censorship Bill After The Internet Mocks Them For Being Clueless Message-ID: <10E5F768-0B19-4A1D-8900-5C366B1E4325@infowarrior.org> Arizona Politicians Scramble To Adjust Internet Censorship Bill After The Internet Mocks Them For Being Clueless from the this-won't-end-well dept You know what's a bad sign? When you're a state legislature, and you pass what's clearly an unconstitutional law that criminalizes using technology to "annoy or offend" others -- and then you have to scramble after-the-fact to amend the bill you already passed. Yes, thanks to a rather loud public mocking of Arizona politicians for ignoring the First Amendment in its internet censorship bill, the Arizona legislature is trying to amend the bill quickly. Here's a thought, though: if you passed a bill so bad that people around the globe are mocking you, perhaps it suggests you don't know what you're doing. At that point, shouldn't you back away from mucking with the internet, and leave that to the professionals who actually understand technology? Somehow, diving back in and pretending that this time you'll get it right doesn't inspire confidence. And, in fact, the details suggest that any amendments considered at this point will almost certainly still be First Amendment violations. < - > http://www.techdirt.com/articles/20120406/03264218403/arizona-politicians-scramble-to-adjust-internet-censorship-bill-after-internet-mocks-them-being-clueless.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 6 19:14:46 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 6 Apr 2012 20:14:46 -0400 Subject: [Infowarrior] - Activists fight "cyber-security" bill that would give NSA more data Message-ID: <4057947F-82C8-4896-81D8-2D232B4407C8@infowarrior.org> Activists fight "cyber-security" bill that would give NSA more data By Timothy B. Lee | Published about 3 hours ago http://arstechnica.com/tech-policy/news/2012/04/activists-fight-cyber-security-bill-that-would-give-nsa-more-data.ars An online activist site has collected 300,000 signatures in opposition to a pending "cyber-security" bill that critics say would allow increased government spying on the Internet. The petition focuses on a bill by Rep. Mike Rogers (R-MI), but his legislation is one of at least four proposals now being considered by Congress. According to Jerry Brito, a researcher at the Mercatus Center at George Mason University, there are four competing bills because the two parties?and the two houses of Congress?disagree about how best to deal with online security issues. One point of controversy is over who will take the lead on the issue, the Department of Homeland Security or the National Security Agency. A bill by Senator Joseph Lieberman (I-CT), which would have given the leading role to DHS, was originally expected to pass easily through the Senate. But several Senate Republicans, led by Sen. John McCain (R-AZ) were dissatisfied with the Lieberman bill and introduced competing legislation that envisioned a larger role for the NSA. The ensuing partisan gridlock in the Senate created an opening for the House to act, and at least two pieces of legislation have been introduced in the lower chamber. The leading bill, by Rep. Mike Rogers (R-MI), follows Senate Republicans in allowing sharing with the NSA. It focuses on facilitating information sharing, both between the government and the private sector, and between private network operators. It exempts "cyber-security" information-sharing from other legal restrictions, and it immunizes network providers from liability for failing to act on information they receive under the provisions of the act. A competing bill sponsored by Rep. Dan Lungren (R-CA), places stricter limits on which agencies can receive information and what they can do with it. "Classic case of overreach" Ars Technica asked Jim Dempsey of the Center for Democracy and Technology to evaluate the competing bills. He argued that all four bills go too far in allowing private companies broad authority to share information with the government. He said the Rogers and McCain bills, in particular, "allow private companies very broadly to share cyber-security information with the government," including the NSA. Dempsey argued that was troubling. "The NSA is responsible for protecting the government's classified systems," he said. "It's not responsible for protecting private networks. The agency should not be getting routine disclosure of information about private information over private networks." Dempsey said the House bill by Rep. Dan Lungren (R-CA) is the narrowest of the four bills, requiring that information shared with the government only be used for "cyber-security" purposes. Still, Dempsey questioned whether new legislation authorizing private-to-government information sharing was needed at all. "If you're being attacked, either in the real world or the cyber world, you're always permitted to disclose that information to the government," he said. He said that CDT could support legislation to clarify that private firms are allowed to report network intrusions to the government, but he said the current proposals are a "classic case of overreach." Dempsey did voice support for a few other tweaks to the law. He suggested Congress should update wiretapping law to make it clear that service providers are allowed to share information about attacks with one another. Under existing law, he said, service providers are allowed to monitor their own networks for security purposes, but it's unclear how much information a network provider can share with other networks to help coordinate defenses against online attacks. Unintended consequences Dempsey said this approach?focusing on narrow fixes to existing statutes?hasn't been popular on Capitol Hill. He said the lawmakers he has spoken to have expressed doubt about whether wiretapping law was the only obstacle to effective network security measures. But rather than trying to figure out what other legal obstacles to information sharing might exist, and fixing them directly, the leading bills all grant broad exemptions for sharing information related to "cyber-security." That has the obvious advantage of reassuring network providers that they can share information without legal problems. But it could also have significant unintended consequences. By granting firms who share information broad immunity from other provisions of law, Congress may be effectively changing any number of other statutes. Dempsey described it as a "blunt instrument," and warned it could become a loophole for circumventing any number of important privacy protections. Brito is even more skeptical than Dempsey about the need for new legislation. He argues that private parties already have ample incentives and capabilities to lock down their own networks. If the government has information that would be helpful to the private sector, it should share it, he said. That doesn't require action by Congress. The breadth of the proposals, and especially Rep. Rogers's Cyber Intelligence Sharing and Protection Act, has sparked a growing public backlash, with some opponents comparing the bill to the Stop Online Piracy Act that was defeated in January. The comparison is a bit of a stretch; SOPA was focused on blocking access to information, while the current crop of "cyber-security" bills are more focused on network monitoring and information sharing with the government. But the bills do have one important similarity: they're likely to attract many of the same enemies. The Internet freedom activists who helped kill SOPA in January have been looking for their next target. And CISPA seems like a good choice. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Apr 7 09:31:04 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Apr 2012 10:31:04 -0400 Subject: [Infowarrior] - Limits on Lobbyists as Hosts? Message-ID: <9D8A482A-586E-4544-B081-C85FCA55D669@infowarrior.org> I love how the MPAA (go figure!) considers lobbying in the form of movie screenings on K Street as a form of "education" .... how typical. --rick April 6, 2012 Limits on Lobbyists as Hosts? Simply Unworkable, They Say By ROBERT PEAR http://www.nytimes.com/2012/04/07/us/politics/lobbyists-object-to-proposed-limits-on-courting-officials.html?_r=1&hp=&pagewanted=print WASHINGTON ? Tough new limits proposed on the way special interests could court executive branch officials have prompted a fierce counterattack from lobbyists who fear they will end a cherished Washington ritual: hosting federal workers at events like conferences, cocktail parties, galas and movie screenings. Filmmakers and farmers, gun makers and real estate agents, and people in dozens of other industries say the rules under consideration by the Obama administration would choke off their ability to have a mutually beneficial dialogue with government officials. As a result, they say, public policy would be made in a vacuum, and federal rules would be more unrealistic and unworkable. The proposal would extend restrictions now on political appointees to more than two million government workers. Federal employees could no longer accept ?gifts of free attendance? at the many seminars, receptions and other social gatherings held by registered lobbyists and lobbying organizations as a matter of course in Washington. In issuing the proposal under instructions from President Obama, the Office of Government Ethics said lobbyists often used such events to curry favor with federal employees. The ethics office, which is now weighing the response to the proposal it made last September, said lobbyists had used these gatherings not only to discuss business with federal employees, but also to ?foster a social bond that may be of greater use in the long run.? The problem, it said, is ?not the brazen quid pro quo, but rather the cultivation of familiarity and access that a lobbyist may use in the future to obtain a more sympathetic hearing for clients.? The American League of Lobbyists, a trade group, denounced the proposal as excessive, and leaders of other groups branded it as demeaning and dismissive of the role that industry experts can play in formulating sound public policy. The Motion Picture Association of America, the trade group for major Hollywood studios, strenuously objected to a suggestion by the ethics office that movie screenings were social events where lobbyists built good will, thus enhancing their influence with federal employees. The association said that movie screenings at its headquarters two blocks from the White House ?are not purely social events akin to sporting events or theatrical and musical events, but rather serve as educational opportunities,? allowing federal employees to learn about moviemaking techniques and ?challenges facing the industry.? Ronald L. Phipps, former president of the National Association of Realtors, said the restrictions would ?perpetuate the problem of the Beltway bubble,? isolating regulators from the industries they regulate. The USA Rice Federation, the lobby for rice growers, called the proposal insulting. The administration, it said, appears to view lobbyists as predators and federal employees as ?weak, unprincipled victims.? Under current rules, federal employees can accept free invitations to certain ?widely attended gatherings,? and they often do so. Under the proposal, they could no longer accept such ?gifts? from registered lobbyists and lobbying organizations. Administration officials are still reviewing the comments, and it is unclear when a final decision may be made on whether to impose the new rules. But the Obama administration defended the proposal as a way to curb the influence of special interests, just as Mr. Obama did in 2010 when he told federal officials not to appoint registered lobbyists to advisory committees, boards and commissions. Special interests can drown out the voices of ordinary Americans by deploying ?lobbyists who have special access that is not available to all citizens,? Mr. Obama said then. Mr. Obama promised to run the most ethical and transparent administration in history. While berating lobbyists in public, the administration has worked with them in private. White House officials have often met with lobbyists at coffee shops near the White House, so the meetings do not show up in White House visitor logs. Despite a pledge not to take money from registered federal lobbyists, Mr. Obama has relied on people active in the lobbying industry to raise millions of dollars for his re-election bid. The proposed rules are aimed at lobbyists who work for trade associations. The new restrictions would not apply to institutions of higher education or to certain nonprofit groups like professional associations, scientific organizations and learned societies. While these entities may lobby, the ethics office said, they pose less risk of ?ethical harm,? and they can promote the professional development of government scientists and other federal employees. By contrast, it said, professional education is usually not the primary concern of trade associations. This distinction infuriated lobbyists for trade associations. Groups like the American Frozen Food Institute, the American Hospital Association and the Edison Electric Institute said they engaged in both lobbying and educational activities, with training as a major part of their mission. However, watchdog groups like the Project on Government Oversight, the Government Accountability Project and Common Cause welcomed the proposal, saying it would help break up the cozy relationships between federal regulators and regulated industries. Lobbyists said such relationships were essential at a time when the government regulates almost every corner of the economy and federal officials are continually promoting public-private partnerships to create jobs. The Consumer Electronics Association, which holds a giant trade show each year, said the new restrictions would ?drive a wedge between policy makers and job creators? and lead to a ?drastic dumbing-down of government.? The National Shooting Sports Foundation said the proposal would make it far more difficult to have ?a constructive and mutually beneficial dialogue? between its members ? manufacturers of firearms ? and federal officials who regulate the industry. Several members of Congress share the critics? concerns. In a letter to the ethics office, nine House Democrats, including Representatives Chris Van Hollen of Maryland and James P. Moran of Virginia, said the rules could disrupt ?the necessary flow of information between the public and private sectors? and adversely affect their constituents, including businesses and federal employees. Civil servants say the rules could impose onerous new obligations on them. The rules suggest that federal employees check a searchable online database of lobbyists, maintained by Congress, to see if an invitation comes from a registered lobbyist or lobbying organization. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Apr 7 15:32:41 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Apr 2012 16:32:41 -0400 Subject: [Infowarrior] - Even worse than SOPA: New CISPA cybersecurity bill will censor the Web Message-ID: <460FC0BF-0DE3-4442-AC78-CAC8C4D20E83@infowarrior.org> Even worse than SOPA: New CISPA cybersecurity bill will censor the Web Published: 04 April, 2012, 01:18 http://rt.com/usa/news/cispa-bill-sopa-internet-175/ An onrush of condemnation and criticism kept the SOPA and PIPA acts from passing earlier this year, but US lawmakers have already authored another authoritarian bill that could give them free reign to creep the Web in the name of cybersecurity. As congressmen in Washington consider how to handle the ongoing issue of cyberattacks, some legislators have lent their support to a new act that, if passed, would let the government pry into the personal correspondence of anyone of their choosing. H.R. 3523, a piece of legislation dubbed the Cyber Intelligence Sharing and Protection Act (or CISPA for short), has been created under the guise of being a necessary implement in America?s war against cyberattacks. But the vague verbiage contained within the pages of the paper could allow Congress to circumvent existing exemptions to online privacy laws and essentially monitor, censor and stop any online communication that it considers disruptive to the government or private parties. Critics have already come after CISPA for the capabilities that it will give to seemingly any federal entity that claims it is threatened by online interactions, but unlike the Stop Online Privacy Act and the Protect IP Acts that were discarded on the Capitol Building floor after incredibly successful online campaigns to crush them, widespread recognition of what the latest would-be law will do has yet to surface to the same degree. Kendall Burman of the Center for Democracy and Technology tells RT that Congress is currently considering a number of cybersecurity bills that could eventually be voted into law, but for the group that largely advocates an open Internet, she warns that provisions within CISPA are reason to worry over what the realities could be if it ends up on the desk of President Barack Obama. So far CISPA has been introduced, referred and reported by the House Permanent Select Committee on Intelligence and expects to go before a vote in the first half of Congress within the coming weeks. ?We have a number of concerns with something like this bill that creates sort of a vast hole in the privacy law to allow government to receive these kinds of information,? explains Burman, who acknowledges that the bill, as written, allows the US government to involve itself into any online correspondence, current exemptions notwithstanding, if it believes there is reason to suspect cyber crime. As with other authoritarian attempts at censorship that have come through Congress in recent times, of course, the wording within the CISPA allows for the government to interpret the law in such a number of degrees that any online communication or interaction could be suspect and thus unknowingly monitored. In a press release penned last month by the CDT, the group warned then that CISPA allows Internet Service Providers to ?funnel private communications and related information back to the government without adequate privacy protections and controls. The bill does not specify which agencies ISPs could disclose customer data to, but the structure and incentives in the bill raise a very real possibility that the National Security Agency or the DOD?s Cybercommand would be the primary recipient,? reads the warning. The Electronic Frontier Foundation, another online advocacy group, has also sharply condemned CISPA for what it means for the future of the Internet. ?It effectively creates a ?cybersecurity'? exemption to all existing laws,? explains the EFF, who add in a statement of their own that ?There are almost no restrictions on what can be collected and how it can be used, provided a company can claim it was motivated by ?cybersecurity purposes.?? What does that mean? Both the EFF and CDT say an awfully lot. Some of the biggest corporations in the country, including service providers such as Google, Facebook, Twitter or AT&T, could copy confidential information and send them off to the Pentagon if pressured, as long as the government believes they have reason to suspect wrongdoing. In a summation of their own, the Congressional Research Service, a nonpartisan arm of the Library of Congress, explains that ?efforts to degrade, disrupt or destroy? either ?a system or network of a government or private entity? is reason enough for Washington to reach in and read any online communiqu? of their choice. The authors of CISPA say the bill has been made ?To provide for the sharing of certain cyber threat intelligence and cyber threat information between the intelligence community and cybersecurity entities,? but not before noting that the legislation could be used ?and for other purposes,? as well ? which, of course, are not defined. ?Cyber security, when done right and done narrowly, could benefit everyone,? Burman tells RT. ?But it needs to be done in an incremental way with an arrow approach, and the heavy hand that lawmakers are taking with these current bills . . . it brings real serious concerns.? So far CISPA has garnered support from over 100 representatives in the House who are favoring this cybersecurity legislation without taking into considerations what it could do to the everyday user of the Internet. And while the backlash created by opponents of SOPA and PIPA has not materialized to the same degree yet, Burman warns Congress that it could be only a matter of time before concerned Americans step up to have their say. ?One of the lessons we learned in the reaction to SOPA and PIPA is that when Congress tries to legislate on things that are going to affect Internet users? experience, the Internet users are going to pay attention,? says Burman. H.R. 3523, she cautions, ?Definitely could affect in a very serious way the internet experience.? Luckily, adds Burman, ?People are starting to notice.? Given the speed that the latest censorship bill could sneak through Congress, however, anyone concerned over the future of the Internet should be on the lookout for CISPA as it continues to be considered on Capitol Hill. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Apr 7 15:34:51 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 7 Apr 2012 16:34:51 -0400 Subject: [Infowarrior] - Major textbook publishers sue open-education textbook start-up Message-ID: Major textbook publishers sue open-education textbook start-up posted by Thom Holwerda on Sat 7th Apr 2012 17:52 UTC http://www.osnews.com/story/25774/Major_textbook_publishers_sue_open-education_textbook_start-up Rage-inducing and despicable. As The Chronicle of Higher Education reports, three major textbook publishers, Pearson, Cengage Learning, and Macmillan Higher Education, are suing a small startup company that produces open and free alternative textbooks. This startup, Boundless Learning, builds textbooks using creative commons licensed and otherwise freely available material - and this poses a threat to the three large textbook publishers. So, what do you do when you feel threatened? Well, file a copyright infringement lawsuit, of course. Let's back up for a second to explain exactly what it is Boundless Learning does. It is important to note this description of Boundless' activities comes from the large textbook publishers themselves, since Boundless is still in closed beta and doesn't want to open up at this point (the lawsuit might be a good opportunity to open up, to eliminate any doubts). Students select the traditional textbooks from the big publishers that were assigned to them in class, and Boundless Learning then pulls all matter of content from free and open sources to create free and open versions of the textbooks the student selected. It's important to stress that only free material is selected - texts and images that are licensed under creative commons, for instance. According to the large three textbook publishers, this constitutes copyright infringement - even if no text or images are actually being copied. As an example, the three big publishers mention Boundless' alternative to a Biology book (this one). The big publishers' book uses images of a running bear and a fish-eating bear to illustrate the first and second laws of thermodynamics. Boundless' alternative uses similar, but not the same, bear images, which came from Wikipedia, are licensed under creative commons, and are properly attributed. It goes further than just Boundless, though. The textbook publishers are also suing venture-capital firm Venrock, which just invested $8 million in Boundless. Furthermore, they name 10 anonymous defendants, which include the people who are supposedly doing the "stealing", and those that benefit from this supposed "stealing". It's no secret that the textbook industry is just as despicable as, say, the entertainment industry, working hard to artificially dive up pricing and get governments to mandate their expensive books - effectively creating a monopoly you can't circumvent. Now, personally, I live in a ridiculously wealthy country, and grew up in a family where money for a proper education was never an issue - I went to the best schools in the country and never had to worry about not being able to afford the proper materials. However, I also know that several of my friends weren't as lucky as I was, and had to work very hard to be able to afford their education. I can only imagine what the situation is like in a country with severe poverty problems, like the US. Having textbook manufacturers maintain very high prices for mandatory learning materials ensures that only those that have the means to do so will be able to attend the best schools - not a desirable state of affairs, I'd say. As such, I welcome any initiative that tries to break this monopoly, especially smart and inventive ones like this. All this feels remarkably like trying to lock up learning and knowledge, which ought to be a crime. Like the music and film industries before them, the textbook industry responds to potential threats the only way anti-innovation incumbents know how: lawsuits, lawsuits, lawsuits. So, do we have any industries left who haven't followed this utterly predictable pattern? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 8 09:32:39 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Apr 2012 10:32:39 -0400 Subject: [Infowarrior] - Government Surveillance Crackdown On Internet Goes Into Overdrive Message-ID: <6D69FC41-5929-40C8-9895-035642A892B9@infowarrior.org> Government Surveillance Crackdown On Internet Goes Into Overdrive Cyber bills legislate for mass surveillance; Former Cybersecurity Czar calls for Homeland Security data ?customs inspections? Steve Watson Infowars.com April 5, 2012 http://www.infowars.com/government-sureillance-crackdown-on-internet-goes-into-overdrive/ In a New York Times editorial, former government cybersecurity czar Richard A. Clarke has called for the creation of customs checks on all data leaving and entering US cyberspace. Clarke makes the call in relation to Chinese hackers stealing information and intellectual property from US firms. ?If given the proper authorization, the United States government could stop files in the process of being stolen from getting to the Chinese hackers.? Clarke writes. ?If government agencies were authorized to create a major program to grab stolen data leaving the country, they could drastically reduce today?s wholesale theft of American corporate secrets.? While Clarke may well be coming at this subject well intentioned, the fact that government has a long history of attempting to crackdown on internet freedom and control the web will mean his words are a cause of concern for many. ?Under Customs authority, the Department of Homeland Security could inspect what enters and exits the United States in cyberspace?? Clarke continues. ?And under the Intelligence Act, the president could issue a finding that would authorize agencies to scan Internet traffic outside the United States and seize sensitive files stolen from within our borders.? We have seen with the recent attempts to pass legislation such as SOPA, PIPA, and ACTA, that the federal government is hell bent on skirting around legal oversight in order to seize more control over web content and communications. While those particular bills have more of a focus on copyright protection, there is a huge move afoot to use the issue of cybersecurity as a means to crack down on the free internet. The Obama administration is going all out to muster support in Congress for a bipartisan cybersecurity bill co-sponsored by Republican Senator Susan Collins and Independent Senator Joseph Lieberman and Democratic Senators Jay Rockefeller and Dianne Feinstein. Critics contend that the bill contains several provisions that represent a sweeping power grab on behalf of the federal government. A measure recently added to the bill by Collins and Lieberman, and supported by Obama, would empower the Department of Homeland Security to conduct ?risk assessments? of private companies in sectors deemed critical to U.S. national and economic security, forcing them to comply with expensive mandates to secure their systems. ISPs AT&T and Comcast have denounced the provision, declaring that federal oversight will stifle innovation. ?Such requirements could have an unintended stifling effect on making real cybersecurity improvements,? Edward Amoroso, chief security officer for Dallas-based AT&T, said in testimony at a recent hearing. ?Cyber adversaries are dynamic and increasingly sophisticated, and do not operate under a laboriously defined set of rules or processes.? As we have previously reported, the bill originally legislated for an Internet ?kill switch? that would allow the President to shut down parts of the Internet in an emergency. There are a whole host of other cybersecurity bills in the works including a GOP bill, co-sponsored by John McCain known as The Secure IT Act, and a newly introduced GOP bill known as The Cyber Intelligence Sharing and Protection Act (CISPA), sponsored by Michigan Republican Mike Rogers. All of the bills have the same vague wording and do not clearly define what a cybersecurity threat is. This has prompted groups such as The Electronic Freedom Foundation and The Center for Democracy and Technology to speak out about what they see as legislating for broad information sharing between private companies and the government for ill-defined purposes. ?The Rogers bill gives companies a free pass to monitor and collect communications and share that data with the government and other companies, so long as they do so for ?cybersecurity purposes,?? the EFF said in a blog post. ?Just invoking ?cybersecurity threats? is enough to grant companies immunity from nearly all civil and criminal liability, effectively creating an exemption from all existing law.? Kendall Burman of the Center for Democracy and Technology spoke about CISPA in an interview with RT: ?We have a number of concerns with something like this bill that creates sort of a vast hole in the privacy law to allow government to receive these kinds of information.? Burman added that the bill, as it stands, allows the U.S. government to involve itself in any online correspondence if it believes there is reason to suspect ?cyber crime?, which it does not even clearly define. Watch the interview: Both the EFF and the CDT have noted that CISPA effectively legislates for monitoring and collecting online communications without the knowledge of the parties concerned and funneling them directly to the National Security Agency or the DOD?s Cybercommand. Essentially all of these bills legislate for moves by the federal government to access and monitor the online communications of all Americans, much like the more open agenda of the British government to snoop on citizens. With the additional ongoing construction of a city sized secret NSA data collection center in the Utah desert, about which the agency will not even give details to Congress about, it is clear that the powers that be fully expect to go ahead with such plans, with or without the legislation to do so. ?????????????????????- Steve Watson is the London based writer and editor for Alex Jones? Infowars.net, and Prisonplanet.com. He has a Masters Degree in International Relations from the School of Politics at The University of Nottingham in England. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 8 12:40:42 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Apr 2012 13:40:42 -0400 Subject: [Infowarrior] - US government hires company to hack into video game consoles Message-ID: <142C165D-CF64-4399-BD0E-F17C9B9D6E6B@infowarrior.org> US government hires company to hack into video game consoles By Emil Protalinski | April 7, 2012, 2:32pm PDT http://www.zdnet.com/blog/security/us-government-hires-company-to-hack-into-video-game-consoles/11395 Summary: The U.S. Navy is paying a company six figures to hack into used video game consoles and extract sensitive information. The tasks to be completed are for both offline and online data. The U.S. government recently posted a project asking for the ?Development of Tools for Extracting Information from Video Game Systems.? The listing was posted just two months ago, and last week a contract was signed with the California-based company Obscure Technologies. The U.S. is paying $177,237.50 for the job. The U.S. Navy says it is looking to hack into used consoles to extract any sensitive information exchanged through their messaging services. The organization says it will only use the technology on consoles belonging to nations overseas, because the law doesn?t allow it to be used on any ?US persons.? Here?s the official description from the U.S. Navy listing, posted on February 15: ?This project involves furnishing video game systems, both new and used, and creating prototype rigs for capturing data from the video game systems.? Obscure Technologies responded three days later. Even better is the description from the actual contract from the Federal Business Opportunites website, posted on March 26: ?R & D effort for the development and delivery of computer forensic tools for analyzing network traffic and stored data created during the use of video game systems.? The Statement of Work document (doc) gives more insight into what the project is all about. Obscure Technologies will have to perform the following online monitoring tasks: ? Provide monitoring for 6 new video game systems, a maximum of 2 of any type from any given vendor. ? Generate clean data (data that does not contain any identifiable information from real people) from new video game systems. ? Design a prototype rig for capturing data from new video game systems. ? Implement the prototype rig on the new video game systems. ? Provide data captured by the prototype rig in the following formats: Packets shall be delivered in PCAP format, Disk images shall be delivered in E01/EWF format. ? Write a final report, between 10 and 20 pages, to include details of work performed, the engineering approach used and the reason why, any engineering decisions that were made and why, what work remains to be done, and any failings of the approaches followed. It will also be required to implement the following offline monitoring tasks: ? Provide used video games systems purchased on the open market. Used systems provided shall be likely to contain data from previous users. ? Extend tool development to implement creating signatures over sections. ? Survey console chat room technology and identify potential chokepoints where data may be committed to storage. ? Identify data storage points on used video game systems and attempt to demonstrate proof of concept. ? Extract real data from used video game systems. ? Provide data captured from used video game systems in the following formats: Packets shall be delivered in PCAP format, Disk images shall be delivered in E01/EWF format. ? Provide video game system extraction software and/or hardware. ? Write a final report, between 10 and 20 pages, to include details of work performed, the engineering approach used and the reason why, any engineering decisions that were made and why, what work remains to be done, and any failings of the approaches followed. Obscure Technologies was chosen because it ?is the only US company that appears to offer the purchasing of used computer equipment for access to the contained information as a commercial service,? according to the Contracting Activity document (docx). The company also has ?substantial experience in working with such systems? including a ?lead scientist having previously reverse engineered the Microsoft Xbox.? Leveraging content on video game consoles to watch and understand what citizens are up to isn?t a exactly a new idea. Gaming studios and academic minds have been tracking gamers for a long time: the former typically want to know how customers use their products while the latter often use the findings for psychological research. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 8 16:31:33 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 8 Apr 2012 17:31:33 -0400 Subject: [Infowarrior] - How So-Called Strategic Intelligence Actually Makes Us Dumber Message-ID: <22D257E4-541F-4FA4-A2A7-D45F9D6196F4@infowarrior.org> Peak Intel: How So-Called Strategic Intelligence Actually Makes Us Dumber By Eric Garland Apr 5 2012, 7:31 AM ET 51 An industry that once told hard truths to corporate and government clients now mostly just tells them what they want to hear, making it harder for us all to adapt to a changing world -- and that's why I'm leaving it. http://www.theatlantic.com/international/archive/2012/04/peak-intel-how-so-called-strategic-intelligence-actually-makes-us-dumber/255413/ I recently quit my job as a "futurist" and "strategic intelligence analyst" after a successful 15-year career of writing books and consulting to corporations and governments around the world. I spent a decade and a half analyzing disruptive new technologies, predicting the effects of the Internet on the international construction industry, helping executives decide whether to spend billions in the nuclear power market, profiling the customer of the future -- and training thousands of executives to do likewise for their own companies. It was exciting and fulfilling, but this is the end of the road. My employment status is interesting to nobody except my wife and I, but why I am leaving the business of intelligence is important to everybody, because it stems from the endemic corruption of how decisions are made in our most critical institutions. I am not quitting this industry for lack of passion, as I still believe -- more than ever -- in using good information and sophisticated analytical techniques to decode the future and make decisions. The problem is, the market for intelligence is now largely about providing information that makes decision makers feel better, rather than bringing true insights about risk and opportunity. Our future is now being planned by people who seem to put their emotional comfort ahead of making decisions based on real -- and often uncomfortable -- information. Perhaps one day, the discipline of real intelligence will return triumphantly to the world's executive suites. Until then, high-priced providers of "strategic intelligence" are only making it harder for their clients -- for all of us -- to adapt by shielding them from painful truths. Many people have not encountered the job title, "intelligence analyst." For the past 50 years, since the rise of the Central Intelligence Agency as a clearing house for information about the Soviet Union, this has been a job that involves researching trends, analyzing their potential impact, and reporting the possibilities to decision-makers. In the age of nuclear weapons, the world was changing too fast for leaders to make decisions based only on their own outdated assumptions. Organizations learned to critically assess their futures -- or literally lead humanity into possible mass extinction. The model mostly worked, and eventually the CIA was joined by other agencies, as well as for-profit consulting companies, which mimicked many of the techniques pioneered in the Cold War. Since the middle part of the 20th century, both corporations and governments have used strategic intelligence, forecasting, scenario planning, and other intelligence tools that keep decision-makers informed and ready to lead their institutions safely through tumultuous periods. According to the private intelligence industry's view of itself, a phalanx of analysts collect data, assess the risks and opportunities inherent in trends, and provide a series of scenarios that help their clients make contingency plans, such that no matter what future arrives, people will thrive. But the reality of 2012 is quite different. A large number of people promise these services, from generalist mega-consultancies such as Booz Allen, Accenture, and McKinsey, to more boutique providers such as Global Business Network, the Institute for the Future, Frost & Sullivan, and countless individual practitioners. And many executives claim to practice state-of-the-art strategic management, dutifully using the insights of these providers in their day-to-day operations. Still, the culture of intelligence has been in free-fall since the financial crisis of 2008. While people may be pretending to follow intelligence, impostors in both the analyst and executive camps actually follow shallow, fake processes that justify their existing decisions and past investments. The War Against Foresight When the intelligence business works, it helps create organizational cultures where empirical evidence and concern for the long-range strategic impact of a decision trump internal politics and short-term expediency. And in the past, many such cultures have thrived in businesses and government agencies alike. But three trends are making this harder, or even leading these intelligence providers to have the opposite effect. First, the explosion of cheap capital from Wall Street has led major industries to consolidate. Where a sector such as pharmaceuticals or telecommunications (and, of course, banking) might have had dozens of big players a couple of decades ago, now it has closer to five. When I began in the intelligence industry 15 years ago, I did projects for Compaq, Amoco, Wyeth Pharmaceuticals, and Cingular -- all of which have since been rolled into the conglomerates of Hewlett Packard, British Petroleum, Pfizer, and AT&T. There are fewer firms for an intelligence analyst to track, and their behavior has to be understood on totally different terms than when this discipline was created. Where once an automotive industry analyst might have based her predictions on the efficient marketplace theory or classical competitive analysis, now she has to use very different analytical tools. Most of these firms are considered Too Big to Fail by their respective nation-states, as evidenced by General Motors and Chrysler in 2009, and the markets are thus convoluted by subsidies, special regulations, and protectionism. One cannot predict the future of a marketplace by trend analysis alone, because oligopolies do not compete the same way as do firms in free markets. Second, industry consolidations have created gigantic bureaucracies. Hierarchical organizations have a very different logic than smaller firms. In less consolidated industries, success and failure are largely the result of the decisions you make, so intelligence about the reality of the marketplace is critical. Life is different in gigantic organizations, where success and failure are almost impossible to attribute to individual decisions. Though a given conglomerate might have hundreds or thousands of "executives," each is much more beholden to a complex culture of bosses. Even if people mean well, they're living and dying by a system where the incentives are to seek advancement by pushing responsibility downward and pulling credit upwards. In large, slow-moving bureaucracies, conventional thinking and risk avoidance become paramount, irrespective of how many times a day people at that organization use the word "strategy" or "innovation." It is far more preferable to fail conventionally than to make a daring but uncertain decision without the full backing of the entire organization. Because massive bureaucracies are so much more common than they were even a few years ago, decisions are simply not in vogue right now. Finally, and most importantly, the world's economy is today driven more by policy makers than at any time in recent history. At the behest of government officials, banks have been shielded from the consequences of their market decisions, and in many cases exempt from prosecution for their potential law-breaking. Nation-state policy-makers pick the winners in industries, such as automotive, and guarantee the smooth operations of others, such as Verizon and General Electric, both of which received zero-interest cash flow via the TARP program in 2008 and 2009. Eventually, states might do less of directing specific outcomes in the world markets, but for now, these policy-makers have suspended many critical free market principles, and at times the rule of law, on the notion that we are in a crisis, and keeping the system together comes first. Thus, what use is the old model of competitive analysis if you are looking at markets in Greece right now? Which would have more impact on a given market: the clever, innovative actions of a CEO in Athens, or the politics within the European Central Bank? And how about analyzing the future of the housing market in the United States? Are you going to examine how much people are able to pay for accommodations and the level of housing stocks available in given cities, or shall you look at the desires of central bankers and Congressional policy-makers able to start new financing programs to end up with a desired outcome? How can you use classical competitive analysis to examine the future of markets when the relationships between firms and government agencies are so incestuous and the choices of consumers so severely limited by industrial consolidation? There is no good way to reliably predict the future in these markets anymore, except maybe by being privy to the desires of an ever-decreasing number of centrally connected power players. Companies still need guidance, but if rational analysis is nearly impossible, is it any wonder that executives are asking for less of it? What they are asking for is something, well, less productive. The Anti-Intelligence Culture Strategic intelligence is more and more like reading the Harvard Business Review through a fun house mirror. Sure, people use the words strategy, future, and foresight, but they mean something quite different. In my experiences, and based on what my colleagues in the field tell me, executives today do not do well when their analysts confront them with challenging, though often relatively benign, predictions. Confusion, anger, and psychological transference are common responses to unwelcome analysis. While executives pride themselves on being supremely rational technocrats able to calmly assess changes in the world without letting their personal emotions cloud their analysis, the reality is often quite a bit more human. One senior executive shut down a half-day event about future trends within the first ten minutes after a slide warning about "global aging populations" came up. The silver-haired alpha dog not only refused to discuss the fact that their average customer was near the age of social security and getting ready to leave active economic life, he asserted that Baby Boomers are not in fact aging, that "60 is the new 40," that all future strategic problems will be solved by "getting our numbers up," and that nobody in the company was to mention aging populations ever again. One group of government officials, while discussing the anticipated tax base from housing and retail, became suddenly unhinged when an analyst suggested that those sectors would not immediately re-inflate back to pre-2008 levels. When shown charts illustrating that Americans have ten times as much retail square footage as Europeans, and that housing bubble was, well, a bubble, the politicians angrily retorted that America was special and its population required ten times as many options when shopping. They blustered that houses always regain value and that the multi-trillion dollar bailout was "a one-time mistake." In early 2009, many European executives were quick to point out to me that the "financial crisis" was a "uniquely American problem" -- and that Portugal and Greece were fine, thank you very much. As European central banks privately rushed to keep the peripheral countries solvent in 2010, I was told not to publicly discuss any such possibilities while working with European groups. They didn't want to hear it. When a colleague of mine was brought into his employer's "corporate strategy group" a couple of years ago, he saw it as a great honor to be included in the one unit dedicated solely to the company's long-term success. Once allowed in to the secretive confines of the group, he discovered that the mandate of the position had, after 2008, been radically altered. Rather than mapping out how the markets were likely to change and his company might stay ahead, he was made to flip through old spreadsheets to find which products were most profitable, then get salesmen to "sell more of them." When he asked if he should perhaps include analysis of trends in society, technology, and economics to anticipate what long-term options they should be exploring, he was informed, "You need to go back to grad school if you just want to study stuff for no reason." A 2008 U.S. government report on "Future Trends 2025" made the following predictions: that the U.S. dollar might not be the world's reserve currency forever, Iran would continue to be a rogue nation, China would have more economic power, Russia would be rife with corruption and organized crime, and oil would be replaced by some other magic, stable, powerful, liquid fuel for the world's increasing fleet of cars and trucks. The report cost the U.S. government millions of dollars, all to produce a document that effectively predicted 2006, plus an extra pipedream forecast of getting out of the world's peak oil predicament, supported by zero technological forecasts from experts in the field. It looked and smelled like strategic forecasting, but was carefully produced to keep from upsetting anyone with scary challenges to their assumptions about the future strategic position of the United States. This is the new business model for an intelligence industry that once lived to disrupt its customers' thinking, not reassure it. For too many business and government executives, foresight is a luxury that is hardly necessary in this new "hypercompetitive" post-crisis world. Perhaps it's always been superfluous, we just didn't notice. The study of the future used to be easier to sell, maybe because the analysis usually predicted the growth of the consumer economy or the next great gadget. But the future is no longer nearly as palatable, and the customers are less interested. That's too bad, because companies and governments still need help planning for the future. But it takes discomfort, courage and humility to face that future, and who wants to pay for bad news? It will not always be this way. When the real pain of our losses and poor decisions finally occurs to people, when the last quantitative easing bailout no longer hides the logical incongruities that are fundamental to the system, and when enough people refuse to believe that "the new normal" is normal at all, we will then return to a real discussion of what is next. In the meantime, the remnants of the strategic intelligence world will be happy to take your money in exchange for telling you that everything is fine. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 9 14:51:00 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Apr 2012 15:51:00 -0400 Subject: [Infowarrior] - =?windows-1252?q?Don=92t_Let_Congress_Use_=22Cybe?= =?windows-1252?q?rsecurity=22_Fears_to_Trample_on_Civil_Liberties?= Message-ID: Don?t Let Congress Use "Cybersecurity" Fears to Trample on Civil Liberties https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8444 Congress is considering legislation that would create backdoor wiretaps into our daily communications. These ?cybersecurity? bills would give companies a free pass to monitor and collect communications, including huge amounts of personal data like your text messages and emails. Companies could ship that data wholesale to the government or anyone else provided they claim it was for "cybersecurity purposes." Tell Congress that they can?t use vaguely defined "cybersecurity threats" as a shortcut to shredding the Constitution. Under Rep. Mike Rogers? Cyber Intelligence Sharing and Protection Act of 2011 (CISPA),and Sen. John McCain?s SECURE IT Act, there are almost no restrictions on what information can be spied upon and how it can be used. That means a company like Google, Facebook, Twitter, or AT&T could intercept your emails and text messages, send copies to one another and to the government, and modify those communications or prevent them from reaching their destination if it fits into their plan to stop ?cybersecurity? threats. Worst of all, the stated definition of "cybersecurity purpose" is so broad that it leaves the door open to censor any speech that a company believes would "degrade the network." Parts of the proposed legislation specifically state that cybersecurity purpose includes protecting against the "theft or misappropriation of private or government information" including "intellectual property." Such sweeping language would give companies and the government new powers to monitor and censor communications for copyright infringement. It could also be a powerful weapon to use against whistleblower websites like WikiLeaks. Congress wants to use the threat of "cybersecurity" to undermine our Constitutional rights. Tell your lawmakers that we won?t stand for dangerous, unsupervised information sharing under the guise of cybersecurity. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 9 15:34:05 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 9 Apr 2012 16:34:05 -0400 Subject: [Infowarrior] - SOPA supporters await cash infusion from Netflix PAC Message-ID: <64222DEC-9F9F-47E5-B4E7-1FD90418CCEC@infowarrior.org> (c/o CB) http://www.rawstory.com/rs/2012/04/09/sopa-supporters-await-cash-infusion-from-netflix-pac/ Video streaming giant Netflix has recognized the compelling financial logic behind Washington?s anti-piracy efforts. In a recent filing with the Federal Elections Commission (FEC), Netflix revealed that it has created its own political action committee called FLIXPAC, designed to support anti-piracy measures in Washington and the candidates that favor them. The FEC filing, made April 5, was first spotted by Politico. The company has seen its spending on federal lobbying ramp up in recent years, going from approximately $20,000 in 2009 to half a million in 2011, amid heated debates in Washington over restrictions on Americans? Internet use. Those restrictions, represented most clearly in the Stop Online Piracy Act (SOPA), were initially supported by Netflix CEO Reed Hastings, who reportedly sent a letter to the Chamber of Commerce expressing solidarity with that bill?s ultimate goals. But as the Internet backlash began and a growing number of major websitesjoined a mass work stoppage protestearlier this year, the company insisted to reporters it had been ?neutral? on the matter all along. This year, however, the company would seem to have compelling reason to join the fray at the level of their advancing competitors at Time Warner and Comcast. Both cable network operators have been angling to compete with Netflix by launching their own on-demand video services, along with implementing some policies like bandwidth caps that impose a monthly data limit, which limits the amount of time some users can spend watching streaming video on sites like Netflix. Comcast, the nation?s largest cable network operator, even went so far as to exempt its own video service from the bandwidth caps, giving them a clear leg up on Netflix. Added, Comcast and Time Warner were both big supporters of SOPA and other anti-piracy measures, and both have signed on for the content industry?s ?graduated response? plan to police individual users? Internet habits and inject stern warnings onto the screens of customers who might be flouting copyright law by downloading media on peer-to-peer networks. Those measures will take effect across most U.S. Internet service providers? networks on July 1. Similar rules in France, codified in law instead of by a private agreement between stakeholders, were recently shown to tremendously benefit content creators and network operators because they reduce overall rates of media piracy and drive up use of streaming networks. A recent report by the French High Authority for the Dissemination of Creative Works and Protection of Rights on the Internet found that intercepting pirate traffic and delivering stern warnings of legal perils did help cut down on overall use of media sharing software by nearly 45 percent, growing digital platforms in France by about 20 percent over just two years. (Despite this growth, the movie and music industries in France still shrank in recent years.) Still, growth in the streaming media market is precisely what Netflix, and its competitors, want to see. To those ends, Comcast and Time Warner both have PACs that have donated millions in recent election cycles. Both companies? PACs notably gave significant amounts to a PAC supporting Rep. Lamar Smith (R-TX), the author of SOPA, but Comcast moreso than Time Warner. Both PACs similarly tend to lean Republican, but not by much: 2012 contribution data shows thatTime Warner gave $304,500, with 44 percent to Democrats and 56 percent to Republicans; whereas Comcast donated $980,000, with 48 percent going to Democrats and 52 percent to Republicans. In the face of the recent numbers out of France, and its competitors? apparent escalation in political giving over prior election years, Netflix finds itself with compelling reason to throw yet more money at Washington lawmakers to bend ears and elevate favored candidates. What?s not clear is how the Internet and its activists, many of whom remain ardent supporters of services like Netflix as the true silver bullet for piracy, will react to news that their subscriptions dollars are now going to a company that appears poised to become a prominent advocate of widely opposed limits to Internet freedom. FLIXPAC did not respond to a request for comment. Disclosure: Raw Story?s management participated in the mass work stoppage protestagainst SOPA earlier this year. Correction: An earlier version of this story mistakenly identified the author of SOPA as Rep. Joe Barton (R-TX). --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 10 06:55:36 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Apr 2012 07:55:36 -0400 Subject: [Infowarrior] - Fwd: Update on Netflix References: <1334033764.24703.2.camel@bunny1> Message-ID: <94D25CAD-7B60-4250-A7C9-C50ECBBCEF92@infowarrior.org> c/o CB Begin forwarded message: > http://www.siliconbeat.com/2012/04/09/netflix-stories-about-our-new-pac-and-sopa-are-not-true/ > > > Netflix: Stories about our new PAC and SOPA are not true > > Posted by Chris O'Brien on April 9th, 2012 at 3:26 pm | Categorized as > O'Brien, Social Media, Strategy | Tagged as anonymous, Netflix, sopa > > It doesn?t take much to start an insta-campaign these days against > someone or something thanks to social media. So when an editor emailed a > link to a story about Netflix creating a new SuperPAC to support SOPA, I > could see this would be a story that was going to prompt a strong > backlash against a company that doesn?t really need another one at this > point. > > Sure enough, it appeared Anonymous seemed to be making some waves with > an anti-Netflix campaign at: #OpBoycottNetflix . > > So, I decided to look for the offending document, and found instead a > generic registration for a Political Action Committee filed on April 5 > that seemed pretty benign. No mention of taking any positions on SOPA or > any other insues. > > Then I emailed the company. Noting that the original report about the > PAC came from the ?Russian News Agency,? a Netflix spokesman said: > > ?PACs are commonplace for companies that lead a big, growing market > and Netflix is no exception. Our PAC is a way for our employees to > support candidates that understand our business and technology. It was > not set up for the purpose of supporting SOPA or PIPA. Instead, Netflix > has engaged on other issues including network neutrality, bandwidth > caps, usage based billing and reforming the Video Privacy Protection > Act.? > > On the whole, Netflix has a fairly small presence in Washington. It just > formally registered to lobby for the first time in late 2010. And in > 2011, the company spent $500,000 lobbying Congress on topics such as: > ?Telecommunications issues, Internet non-discrimination; Internet > privacy, Intellectual property issues; Internet competition issues; H.R. > 2471, Video Privacy Protection Act,? according to Senate lobbying > disclosure records. > > Will any of this halt the campaign? Probably not. As I write, the tweets > are still flying fast and furious. > From rforno at infowarrior.org Tue Apr 10 06:58:01 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Apr 2012 07:58:01 -0400 Subject: [Infowarrior] - Pentagon to fast-track cyberweapons acquisition Message-ID: <60C1F3C9-A9B2-4A7F-8EE2-5A7D3203C82F@infowarrior.org> Washington Post April 10, 2012 Pg. 3 Pentagon to fast-track cyberweapons acquisition Plan for rapid acquisition process; Congress informed on strategy for 'urgent' threats By Ellen Nakashima http://www.washingtonpost.com/world/national-security/2012/04/09/gIQAuwb76S_story.html The Pentagon is planning to dramatically speed up the development of new cyberweapons, giving it the ability in some cases to field weapons against specific targets in a matter of days, according to a new Pentagon report to Congress. The rapid acquisition process is designed to respond to ?urgent, mission-critical? needs when the risk to operations and personnel is unacceptable if threats are not addressed quickly, according to the 16-page report, a copy of which was obtained by The Washington Post. Congress required the Pentagon to prepare the report on how it could accelerate acquisition of cyberweapons. The result, which builds on the 2011 defense strategy for cyberspace, puts the Pentagon?s two-year-old Cyber Command in charge of a new registry of weapons that would catalogue their capabilities and where they are stored. The military is also grappling with the establishment of rules for cyberwarfare. The report on cyberweapons acquisition, sent to Congress in recent weeks but not made public, describes a new level of department-wide oversight with the establishment of a Cyber Investment Management Board, chaired by senior Pentagon officials. The board, which has already met once, was set up to prevent abuse of the fast-track process, since the cost of cyberweapons is often too low to trigger normal oversight processes. The board will also help ensure that military and intelligence cyber authorities are coordinated, officials said. ?We can?t sit around and wait for? the traditional weapons-building process, Frank Kendall, the Pentagon?s acting undersecretary of defense for acquisition, technology and logistics and co-chairman of the new board, said in a speech at the Center for Strategic and International Studies in February. ?We?ve got to take it outside the conventional system for these major, long-term weapon systems entirely.? The new framework sets up two systems for cyberweapons development: rapid and deliberate. The rapid process will take advantage of existing or nearly completed hardware and software developed by industry and government laboratories. This approach could take several months in some cases, or a few days in others. The deliberate process is designed for weapons whose use carries greater risks. It would be for projects expected to take longer than nine months ? still short compared with the years-long process to develop most Pentagon weapon systems. Under the rapid plan, weapons can be financed through the use of operational funds, in ?days to months,? and some steps that ordinarily would be required would be eliminated. These include some planning documents and test activities, according to the report. The weapons may be designed for a single use or for some other limited deployment, and they would be used in offensive cyber operations or to protect individual computer systems against specific threats, said the report. Herbert S. Lin, an expert on the subject at the National Research Council of the National Academy of Sciences, said the Pentagon has recognized that ?cyberweapons are fundamentally different? than conventional weapons in some key ways. ?That can only be good news.? ?You can make a general-purpose fighter plane and it will function more or less the same in the Pacific as in the Atlantic,? Lin said. ?The same is not true for going after a Russian cyber-target versus a Chinese target.? Designers of cyberweapons need to know a target?s operating system, what patches have been made, when security updates were made and what switches it is connected to, he said. Even sophisticated cyberweapons can be rendered obsolete in weeks or months. The strategy also noted that Cyber Command, which is based at Fort Meade and falls under U.S. Strategic Command, will be in charge of ensuring that development of new weapons and tools is ?undertaken only when required? and that ?existing capabilities are broadly available.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 10 07:18:33 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Apr 2012 08:18:33 -0400 Subject: [Infowarrior] - Big Brother Everywhere Message-ID: <675E0380-AC0A-41BF-B38F-C9434A1F4644@infowarrior.org> Big Brother Everywhere http://www.zerohedge.com/contributed/2012-15-09/big-brother-everywhere --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 10 17:09:57 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Apr 2012 18:09:57 -0400 Subject: [Infowarrior] - Best Buy Swipes Driver's License: No Returns For 90 Days Message-ID: courant.com/business/custom/consumer/hc-bottom-line-best-buy-returns-20120409,0,5063368.column Courant.com After Best Buy Swipes His Driver's License: No Returns For 90 Days Kevin Hunt - The Bottom Line The Bottom Line 4:31 PM EDT, April 9, 2012 Peter Peel of Middletown thought he had all the twists and turns he needed for at least a day when he bought "The French Connection" Blu-ray disc from Best Buy in early March. Unfortunately, the disc proved defective so, three days later, he brought it back to the Best Buy in Newington. That's when he got the surprise ending. Despite having the receipt, Peel was also asked for his driver's license. (Unlike the "French Connection, however, no one asked if he had ever picked his feet in Poughkeepsie.) After an employee swiped the license, Peel was told the movie-disc return would be accepted but the store would not authorize any other returns or exchanges for 90 days. "I was told that I could not return or exchange any other items, even with a valid receipt," he says, "because of some third-party return activity company. How can this be legal when a consumer clearly has a valid receipt?" It's not only legal, but many other retailers are using The Retail Equation, a California company that verifies return authorizations by tracking consumers' return-exchange behavior at participating stores. It checks the purchase price and whether the consumer had a receipt. Throw in the driver's-license scanning and it strikes a lot of consumers like Peel as invasive, even creepy. "Our system is compliant with all state and federal laws regarding the security and privacy of the information," says Best Buy spokeswoman Kelly Groehler, "and provides far greater security than more traditional retail return practices, such as collecting consumer information on hard-copy return slips or saving consumer information on paper logs." Best Buy adopted the program more than a year ago to reduce fraudulent returns: the big-screen television bought the Friday before the Super Bowl and returned the day after or the video camera purchased before graduation weekend and quickly returned. Best Buy, already beaten down by consumers who use its stores as a showroom before ordering more cheaply online, also must deal with fraudulent receipts, returns of stolen merchandise for cash and price switching. The retailer can't afford to bleed any more money: The company Forbes earlier this year said is moving toward bankruptcy recently announced it would close 50 stores and lay off 400 workers in the United States. And Tuesday, CEO Brian Dunn resigned. The Retail Equation says its Verify-2 software identifies the 1 percent of consumers whose behavior can be identified as return fraud or abuse. The company, whose software is in 20,000 stores throughout the country, says return fraud ranges from $14.3 billion to $18.4 billion each year. "Verify-2 enables retailers to rely on objective, verifiable data," says spokeswoman Lisa Mendenhall, "to determine whether a return is valid rather than relying on subjective observations and guesswork by sales clerks. This objectivity ensures that only those with highly suspect return-and-exchange behavior are affected. The vast majority ? approximately 99 percent ? of returns are accepted." Peel said he had several returns after Christmas, then a few other returns and exchanges ? all with a receipt. That, apparently, was enough to put him on The Retail Equation's most-wanted list and Best Buy's no-returns-or-exchanges-for-90-days list. The Retail Equation says its consumer profiles use frequency of returns, dollar amounts, whether a return-receipt was involved and purchase history. It does not use information on age, race, gender, nationality, marital status or whether the consumer is a Yankees or Red Sox fan. If a sales clerk scans your original sales receipt or swipes your driver's license (a government-issued ID, like a passport, is also accepted) then you're probably shopping at an affiliate of The Retail Equation. What are your rights? If you've been denied a return or exchange or have been put on a 90-day hold, you can request an activity report from The Retail Equation by sending an email to returnactivityreport at theretailequation.com with both your name and phone number. A Retail Equation representative will call, not write, asking for a return transaction ID and the last four digits of the customer's ID (driver's license or passport) number. And if it's a little too invasive or too creepy, you can always shop elsewhere. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 10 17:12:33 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Apr 2012 18:12:33 -0400 Subject: [Infowarrior] - 9th Circuit narrows reach of computer fraud law Message-ID: <56831F5D-8C0E-45BC-93F5-D85DB18BB13D@infowarrior.org> 9th Circuit narrows reach of computer fraud law 4/10/2012 http://newsandinsight.thomsonreuters.com/Legal/News/2012/04_-_April/9th_Circuit_narrows_reach_of_computer_fraud_law/ April 10 (Reuters) - A U.S. appeals court rejected the government's broad reading of a computer fraud law to prosecute workers who steal from company computers, saying it could expose millions of Americans to prosecution for harmless activities at work. The 9-2 decision by the 9th U.S. Circuit Court of Appeals in San Francisco diverges from broader readings of the federal Computer Fraud and Abuse Act by three other federal appeals courts. This raises the chance that the U.S. Supreme Court might decide to try to resolve the issue. Tuesday's decision written by Chief Judge Alex Kozinski upheld a lower court's dismissal of five of 20 counts against David Nosal, a former manager at Korn/Ferry International who left that executive search firm in October 2004. Nosal had been accused of convincing former colleagues to use their log-in credentials to steal confidential client data from Korn/Ferry, to help him start a rival business. The defendant was also charged with mail fraud, theft of trade secrets and conspiracy, and has yet to be tried. The U.S. Department of Justice did not immediately respond to requests for comment. Dennis Riordan, a lawyer for Nosal, welcomed the decision. "It leaves in place all the purposes of the anti-hacking statute, but it frees people from fearing they could be prosecuted for violating arcane provisions of employer policies," he said. Nosal had sought to dismiss the CFAA counts on the ground that the 1984 law targets hackers, not people who misuse data that was obtained legally - in this case, obtained by the former colleagues. U.S. District Judge Marilyn Hall Patel agreed in a January 2010 ruling to dismiss those counts, but a divided three-judge 9th Circuit panel in April 2011 reversed that ruling. Tuesday's decision overturns that panel ruling. Kozinski said the law's criminalization of computer activity that "exceeds authorized access" addresses how information is accessed, not how it is used. He said the government's interpretation would transform the law into an "sweeping Internet-policing mandate" to criminalize any unauthorized use of information from a computer, rather than simply a statute to thwart hacking. He said such an approach could make "minor dalliances" at work such as playing games online, emailing family, social networking or even watching ESPN.com against the law. "While it's unlikely that you'll be prosecuted for watching Reason.TV on your work computer, you could be," Kozinski wrote. "And sudoku enthusiasts should stick to the printed puzzles, because visiting www.dailysudoku.com from their work computers might give them more than enough time to hone their sudoku skills behind bars." Judge Barry Silverman dissented, saying "this case has nothing to do with playing sudoku, checking email, fibbing on dating sites," or other ordinarily noncriminal activity. "It has everything to do with stealing an employer's valuable information to set up a competing business with the purloined data, siphoned away from the victim, knowing such access and use were prohibited in the defendants' employment contracts," he wrote. In a recent case, prosecutors used the computer fraud law to convict Lori Drew, a Missouri woman accused of using a fake MySpace account to bully a 13-year-old girl who then committed suicide. A California federal judge later threw out Drew's conviction. The case is U.S. v. Nosal, 9th U.S. Circuit Court of Appeals, No. 10-10038. For the prosecution: Jenny Ellickson of the Justice Department. For Nosal: Ted Sampsell-Jones of William Mitchell College of Law and Dennis Riordan and Donald Horgan of Riordan & Horgan. (Reporting By Terry Baynes and Jonathan Stempel) Follow us on Twitter: @ReutersLegal --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 10 17:41:21 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Apr 2012 18:41:21 -0400 Subject: [Infowarrior] - CISPA is SOPA 2.0 Message-ID: CISPA is SOPA 2.0: petition to stop it By Cory Doctorow at 2:59 pm Tuesday, Apr 10 CISPA, the Cyber Intelligence Sharing and Protection Act of 2011 (H.R. 3523), is a successor, of sorts, to the loathesome SOPA legislative proposal, which was shot down in flames earlier this year. EFF's chilling analysis of the bill shows how it could be used to give copyright enforcers carte blanche to spy on Internet users and censoring the Internet (it would also give these powers to companies and governments who'd been embarrassed by sites like Wikileaks). < - > http://boingboing.net/2012/04/10/cispa-is-sopa-2-0-petition-to.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 10 17:57:59 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Apr 2012 18:57:59 -0400 Subject: [Infowarrior] - OT: D'oh! Springfied revealed! Message-ID: <5B481BEE-A089-45C0-B98C-75019D505EA1@infowarrior.org> April 10, 2012 5:38 PM "The Simpsons" creator Matt Groening reveals location of Springfield By Jessica Derschowitz http://www.cbsnews.com/2102-31749_162-57412068.html (CBS News) For 23 seasons, "The Simpsons" have lived at 742 Evergreen Terrace in Springfield. But it was never specified which of the nation's many Springfields they called home. Now, series creator Matt Groening has spilled the beans on where Homer, Marge, Bart, Lisa, Maggie and the rest of the gang reside. "Springfield was named after Springfield, Oregon," Groening told Smithsonian magazine in its May issue. "The only reason is that when I was a kid, the TV show 'Father Knows Best' took place in the town of Springfield, and I was thrilled because I imagined that it was the town next to Portland, my hometown. When I grew up, I realized it was just a fictitious name. I also figured out that Springfield was one of the most common names for a city in the U.S. In anticipation of the success of the show, I thought, 'This will be cool; everyone will think it's their Springfield.' And they do." Groening added that he never revealed Springfield's location because he didn't want to spoil it for fans. "I don't want to ruin it for people, you know?" he said in the interview. "Whenever people say it's Springfield, Ohio, or Springfield, Massachusetts, or Springfield, wherever, I always go, "Yup, that's right." The show, which premiered in 1989, has made a running joke of hiding Springfield's true location. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 10 18:14:10 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Apr 2012 19:14:10 -0400 Subject: [Infowarrior] - Android Zero-Permission Applications Message-ID: <9CBDE4C0-10AD-4153-9FAC-A20BCF2CB94E@infowarrior.org> (c/o HaB) Android Zero-Permission Applications http://leviathansecurity.com/blog/archives/17-Zero-Permission-Android-Applications.html There's been a lot of research in the Android security space. The most notable examples are Jon Oberheide's fake Twilight app, Georgia Weidman's SMS bot, and the numerous clever root exploits. Recently in the mainstream media, there's been buzz about apps (allegedly) misusing permissions; some of these apps include Facebook, Skype, Path, and just about every advertisement library. One question that was posed internally was: what data can an app access when it has no permissions? I thought this was an interesting question, so I decided to make a proof-of-concept app to explore this idea. Some previous work had been demonstrated by Thomas Cannon of viaForensics. I wanted to develop that work further through a discussion backed by source code. I created a ''No Permissions'' Android app that explores what data is available to be harvested from an Android device even when the installed app has no permissions. The following three actions can be completed by pressing the corresponding button in the app: The first privileged access area is the SD Card. Every application has at least read-only access to the contents of this external storage. ''No Permissions'' scans the /sdcard directory and returns a list of all non-hidden files. While it's possible to fetch the contents of all those files, I?ll leave it to someone else to decide what files should be grabbed and which are going to be boring. It's worth noting that even though the Android developer docs state that there's no security enforced upon files stored on external storage, many things are stored on the SD Card, including photos, backups, and any external configuration files -- on my own device, I found that OpenVPN certificates were stored on the SD card (which I promptly corrected!) Secondly, I can fetch the /data/system/packages.list file to determine what apps are currently installed on the device. From there, I can scan each directory used by those applications to determine whether sensitive data can be read from those directories. In the ??No Permissions?? app, this functionality returns a list of installed apps and a list of any readable files. When testing this on the Android emulator, I am only able to read the app's own directory, but when testing on a real device, I am able to read some files belonging to other apps. This feature could be used to find apps with weak-permission vulnerabilities, such as those that were reported in Skype last year. The third action I was able to take was to grab identifiable information about the device itself. Without the PHONE_STATE permission, it's not possible to read the IMEI or IMSI, however the GSM & SIM vendor IDs can still be read. The /proc/version pseudofile, which reveals the kernel version and possibly the name of the custom ROM installed, can also be read. In addition to those identifying values, the app reads the Android ID, which is a 64-bit number randomly generated when a device is first booted and remains constant thereafter. More information about the Android ID is available in the Android Developer Docs. Though this app uses buttons to activate the three different actions detailed above, it's trivial for any installed app to execute these actions without any user interaction. What can be done with the data once it?s collected? Without the INTERNET permission, how can it be sent anywhere? While it's true that most network access is restricted, there is one network call that can be made without any permissions: the URI ACTION_VIEW Intent opens a browser. By passing data via GET parameters in a URI, the browser will exfiltrate any collected data. In my tests, I found that the app is able to launch the browser even after it has lost focus, allowing for transmission of large amounts of data by creating successive browser calls. The attached code was tested against Android 4.0.3 and Android 2.3.5 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 10 21:30:13 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 10 Apr 2012 22:30:13 -0400 Subject: [Infowarrior] - Maryland bans employers from asking for employee social media passwords Message-ID: <80B96A9E-9A04-4460-8B14-84ABADDC0BAC@infowarrior.org> Maryland bans employers from asking for employee social media passwords By Josh Peterson - The Daily Caller 11:28 PM 04/09/2012 http://dailycaller.com/2012/04/09/maryland-bans-employers-from-asking-for-employee-social-media-passwords/?print=1 Maryland became the first state in the U.S. to ban employers from asking their employees and applicants for the passwords to their personal social media accounts. A state Democratic-led effort co-sponsored the bill, which ?prohibits an employer from requiring or requesting employees or job applicants to disclose electronic passwords, such as for social media sites,? reported Herald-Mail.com. Maryland American Civil Liberties Union Legislative Director Melissa Goemann told The Daily Caller that despite the Democratic leadership, support for the bill was largely bipartisan. The bill passed both houses of the Maryland General Assembly ? unanimously in the Senate, and 128-10 in the House ? in the final hours of Maryland?s 90-day legislative session on Monday. Similar legislation is pending in Illinois, California, Minnesota, Michigan and Massachusetts, and a similar proposal may soon be introduced in New Jersey. After the bill?s passage on Monday, the ACLU reported on its blog that it had taken up the case of a former division corrections officer for the Maryland Department of Public Safety and Correctional Services, Robert Collins, after he was asked for the passwords to his social media accounts during a job interview. Feeling that both his privacy, and the privacy of his friends and family that ?didn?t ask for that,? were violated, the ACLU said that Collins contacted them on the way out of the interview. In a statement by the ACLU, Collins said, ?I am excited to know that our esteemed policymakers in Maryland found it important to protect the privacy of Maryland?s citizens.? ?I believe privacy should not be an alternative in lieu of securing employment, but a fundamental right,? Collins said. The bill currently awaits the signature of Gov. Martin O?Malley. Maryland ACLU legislative director Melissa Goemann told TheDC that the bill was a bipartisan effort and that she hadn?t ?heard anything negative from the governor?s office.? Congressional House Republicans recently shot down a bill at the federal level that would have instituted a nationwide ban against employers demanding the passwords to employee social media accounts. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 11 07:12:50 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Apr 2012 08:12:50 -0400 Subject: [Infowarrior] - US Abandons Fig-Leaf of Transparency & Cancels TPPA Stakeholder Programme Message-ID: Unhappy With Even Minimal Scrutiny, US Removes Last Pretense Of TPP Transparency from the running-scared dept One of the central problems of ACTA has been its lack of transparency. TPP has also been negotiated behind closed doors, but unlike ACTA has permitted at least one small opportunity for public groups to engage with the negotiators through the use of stakeholder forums, where organizations and even individuals were permitted to give short presentations about aspects of TPP. This has allowed points of view other than those of industry lobbyists to be heard by negotiators. But it seems that even that tiny shaft of sunlight being shone upon the measures believed to be in TPP was too bright for the US, which is hosting the next round of the negotiations in Dallas, from May 8 to 18: "As anticipated, now that the US has taken control of the Trans-Pacific Partnership Agreement negotiations it has removed the only pretense of transparency -- the day-long 'stakeholder' programme where critics can present information and analysis directly to negotiators", says Professor Jane Kelsey, from the Law School at the University of Auckland. < - > http://www.techdirt.com/articles/20120404/11004718369/unhappy-with-even-minimal-scrutiny-us-removes-last-pretense-tpp-transparency.shtml --- From rforno at infowarrior.org Wed Apr 11 07:33:33 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Apr 2012 08:33:33 -0400 Subject: [Infowarrior] - The privacy-first ISP Message-ID: <1FD089E6-6FA1-4F49-A630-C51BABC176DE@infowarrior.org> This Internet provider pledges to put your privacy first. Always. Step aside, AT&T and Verizon. A new privacy-protecting Internet service and telephone provider still in the planning stages could become the ACLU's dream and the FBI's worst nightmare. by Declan McCullagh April 11, 2012 4:00 AM PDT Nicholas Merrill is planning to revolutionize online privacy with a concept as simple as it is ingenious: a telecommunications provider designed from its inception to shield its customers from surveillance. Merrill, 39, who previously ran a New York-based Internet provider, told CNET that he's raising funds to launch a national "non-profit telecommunications provider dedicated to privacy, using ubiquitous encryption" that will sell mobile phone service, for as little as $20 a month, and Internet connectivity. The ISP would not merely employ every technological means at its disposal, including encryption and limited logging, to protect its customers. It would also -- and in practice this is likely more important -- challenge government surveillance demands of dubious legality or constitutionality. A decade of revelations has underlined the intimate relationship between many telecommunications companies and Washington officialdom. Leading providers including AT&T and Verizon handed billions of customer telephone records to the National Security Agency; only Qwest refused to participate. Verizon turned over customer data to the FBI without court orders. An AT&T whistleblower accused the company of illegally opening its network to the NSA, a practice that the U.S. Congress retroactively made legal in 2008. By contrast, Merrill says his ISP, to be run by a non-profit called the Calyx Institute with for-profit subsidiaries, will put customers first. "Calyx will use all legal and technical means available to protect the privacy and integrity of user data," he says. Merrill is in the unique position of being the first ISP exec to fight back against the Patriot Act's expanded police powers -- and win. Nick Merrill says that "we will use all legal and technical means to resist having to hand over information, and aspire to be the partner in the telecommunications industry that ACLU and EFF have always needed but never had." In February 2004, the FBI sent Merrill a secret "national security letter" (not an actual court order signed by a judge) asking for confidential information about his customers and forbidding him from disclosing the letter's existence. He enlisted the ACLU to fight the gag order, and won. A federal judge barred the FBI from invoking that portion of the law, ruling it was "an "unconstitutional prior restraint of speech in violation of the First Amendment." Merrill's identity was kept confidential for years as the litigation continued. In 2007, the Washington Post published his anonymous op-ed which said: "I resent being conscripted as a secret informer for the government," especially because "I have doubts about the legitimacy of the underlying investigation." He wasn't able to discuss his case publicly until 2010. His recipe for Calyx was inspired by those six years of interminable legal wrangling with the Feds: Take wireless service like that offered by Clear, which began selling 4G WiMAX broadband in 2009. Inject end-to-end encryption for Web browsing. Add e-mail that's stored in encrypted form, so even Calyx can't read it after it arrives. Wrap all of this up into an easy-to-use package and sell it for competitive prices, ideally around $20 a month without data caps, though perhaps prepaid for a full year. "The idea that we are working on is to not be capable of complying" with requests from the FBI for stored e-mail and similar demands, Merrill says. A 1994 federal law called the Communications Assistance for Law Enforcement Act was highly controversial when it was enacted because it required telecommunications carriers to configure their networks for easy wiretappability by the FBI. But even CALEA says that ISPs "shall not be responsible for decrypting" communications if they don't possess "the information necessary to decrypt." Translation: make sure your customers own their data and only they can decrypt it. Merrill has formed an advisory board with members including Sascha Meinrath from the New America Foundation; former NSA technical director Brian Snow; and Jacob Appelbaum from the Tor Project. "I have no doubt that such an organization would be extremely useful," ACLU deputy legal director Jameel Jaffer wrote in a letter last month. "Our ability to protect individual privacy in the realm of telecommunications depends on the availability of phone companies and ISPs willing to work with us, and unfortunately the number of companies willing to publicly challenge the government is exceedingly small." The next step for Merrill is to raise about $2 million and then, if all goes well, launch the service later this year. Right now Calyx is largely self-funded. Thanks to a travel grant from the Ford Foundation, Merrill is heading to the San Francisco Bay area later this month to meet with venture capitalists and individual angel investors. "I am getting a lot of stuff for free since everyone I've talked to is crazy about the idea," Merrill says. "I am getting all the back-end software written for free by Riseup using a grant they just got." < - SNIP - > http://news.cnet.com/8301-31921_3-57412225-281/this-internet-provider-pledges-to-put-your-privacy-first-always/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 11 17:42:38 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Apr 2012 18:42:38 -0400 Subject: [Infowarrior] - TSA Security Theater Described In One Simple Infographic Message-ID: <3C4C0CE6-09C5-48F9-89BF-D4D474284FD2@infowarrior.org> TSA Security Theater Described In One Simple Infographic http://www.techdirt.com/articles/20120405/04390118385/tsa-security-theater-described-one-simple-infographic.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 11 18:13:38 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 11 Apr 2012 19:13:38 -0400 Subject: [Infowarrior] - Everything that is wrong with Microsoft Word Message-ID: In 2010 I began using Nisus Writer Pro more and more for my formal writing activities. I only use Word when I absolutely have to. i've found the latest Mac version quite annoying/buggy, but used MS Word 2004 Mac for seven years w/few if any problems except for complex tables. -- rick Death to Word It?s time to give up on Microsoft?s word processor. By Tom Scocca| Posted Wednesday, April 11, 2012, at 7:28 AM ET http://www.slate.com/articles/technology/technology/2012/04/microsoft_word_is_cumbersome_inefficient_and_obsolete_it_s_time_for_it_to_die_.single.html Nearly two decades and several text-handling paradigms ago, I was an editorial assistant at a weekly newspaper, where a few freelancers still submitted their work on typewritten pages. Stories would come in over the fax machine. If the printout was clear enough, and if our giant flatbed scanner was in the mood, someone would scan the pages in, a text-recognition program would decipher the letters, and we would comb the resulting electronic file for nonsense and typos. If the scanner wasn't in the mood, we would prop up the hard copy beside a computer and retype the whole thing. Technology was changing fast, and some people were a few steps slow. You couldn't blame them, really, but for those of us who were fully in the computer age, those dead-tree sheets meant tedious extra work. Nowadays, I get the same feeling of dread when I open an email to see a Microsoft Word document attached. Time and effort are about to be wasted cleaning up someone's archaic habits. A Word file is the story-fax of the early 21st century: cumbersome, inefficient, and a relic of obsolete assumptions about technology. It's time to give up on Word. It took years for me to get to this point. I came of age with Word. It?s the program I used to write my college papers, overcoming old-fashioned page counts with its magical font-switching technology: Times, tightly justified, if the writing was running too long; airily monospaced Courier if things were too short. In those days, Word was an obedient and resourceful servant. Today, it's become an overbearing boss, one who specializes in make-work. Part of this is Microsoft's more-is-more approach to adding capabilities, and leaving all of them in the "on" position. Around the first time Clippy launched himself, uninvited, between me and something I was trying to write, I found myself wishing Word had a simple, built-in button for "cut it out and never again do that thing you just did." It's possible that the current version of Word does have one; I have no idea where among the layers of menus and toolbars it might be. All I really know how to do up there anymore is to go in and disable AutoCorrect, so that the program will type what I've typed, rather than what some software engineer thinks it should think I'm trying to type. Word's stylistic preferences range from the irritating?the superscript "th" on ordinal numbers, the eagerness to forcibly indent any numbered list it detects?to the outright wrong. Microsoft's inability to teach a computer to use an apostrophe correctly, through its comically misnamed "smart quotes" feature, has spread from the virtual world into the real one, till professional ballplayers take the field with amateur punctuation on their hats. Even so, people can live with typos in their input. (Witness the boom in paraphasic email Sent From My iPhone.) What makes Word unbearable is the output. Like the fax machine, Word was designed to put things on paper. It was a tool of the desktop-publishing revolution, allowing ordinary computer users to make professional (or at least approximately professional) document layouts and to print them out. That's great if you're making a lot of church bulletins or lost-dog fliers. Keep on using Word. (Maybe keep better track of your dog, though.) For most people now, though, publishing means putting things on the Web. Desktop publishing has given way to laptop or smartphone publishing. And Microsoft Word is an atrocious tool for Web writing. Its document-formatting mission means that every piece of text it creates is thickly wrapped in metadata, layer on layer of invisible, unnecessary instructions about how the words should look on paper. I just went into Word and created a file that read, to the naked eye, as follows: the Word Then I copy-pasted that text into a website that revealed the hidden code my document was carrying. Here's a snippet: Normal 0 false false false And it goes on: And on: The whole sprawling thing runs to 16,224 characters. When I dumped it back into Word, it was an eight-page document. Online publishing systems gag on this stuff; gremlins breed in the hidden spaces. Some publishing platforms have a built-in button especially for pasting text from Word, to clear away the worst of it, but they don't work very well. Beyond the invisible code, there are those annoying typographical flourishes?the ordinal superscripts, the directional quotation marks, the automatic em dashes?that will create their own headaches in translation. Multiple websites exist simply to unmangle Word text and turn it into plain text or readable HTML. When a standard tool requires this many workarounds, we need to find a new standard. Word wants to show that it knows the world isn't merely about paper?you can make documents that have real, live hyperlinks in the text! You just can't necessarily put those hyperlinks up on the Internet for anyone else to click on. Again and again, Word is defeated by the basic job of contemporary writing and editing: smoothly moving text back and forth among different platforms. The fundamental unit of Word is the single, proprietary file, anchored to one computer. Microsoft showed users how it feels about sharing work when it switched its default format from .doc to .docx in Office 2007, locking old and new Word customers out of each other's files. (There are workarounds, of course. There are always workarounds.) Word's idea of effective collaboration is its Track Changes feature, which makes an uneventful edit read like a color-coded transcript of an argument between the world's most narcissistic writer and the world's most pedantic and passive-aggressive copy editor. No change is too small to pass without the writer's explicit approval, and the editor is psychopathically unwilling to accept a blanket concession: "On page 5: our house style is 'eleven,' not '11,' so I changed your '11' to 'eleven.' Do you understand?" Yes, OK, sure. "On page 9, you wrote '11,' so I changed it to 'eleven,' do you understand?" Yes, yes, house style, got it. "On page 15, you wrote '11' ..." Some people have already moved on to a post-Word world. One national sportswriter told me he writes everything in TextEdit, because it goes easy on memory and it opens and closes in a snap. (My own latest copy of Word won't launch a new blank document without demanding that I identify which of a half-dozen kinds of project files?most of which are meaningless to me?I'm trying to create.) When I was writing a book, which required lots of alone time with a giant file?and lots of word-counting, which Microsoft is good at?I stuck with Word. But for everyday projects, I go days or weeks without opening it. This piece started out as a Gmail message, which saved automatically and was easy to access at home, at the office, or on my phone in transit. Then I switched over to TextEdit, which gives me a bigger window to work with and handles line breaks more cleanly than Gmail does. For protracted edits, I create a Google document, so multiple readers can work on it at once. If they want to track the changes, they can read the revision history. For short blog posts, I write straight into the publisher. If I really want a word count, I open a Word document and paste my work into it. Once I have the number, I dump the document, unsaved, so nothing gets contaminated with Word-iness. I know only one person who loves working in Word: my 4-year-old. It's valuable to him to be able to put the names of subway lines in their correct colors, or to spell out "autumn" with each letter a different falling-leaf hue, or to jump from Times New Roman to Comic Sans to Chalkboard in midstory. He also loves to write things on my old manual Smith-Corona. A tool that's lost its purpose makes a great toy. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 12 07:54:49 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Apr 2012 08:54:49 -0400 Subject: [Infowarrior] - End of Windows XP support era signals beginning of security nightmare Message-ID: <3B81BE71-73D6-4D48-87F9-2E1189F1C521@infowarrior.org> End of Windows XP support era signals beginning of security nightmare By Colin Neagle Created Apr 11 2012 - 11:02am http://www.networkworld.com/community/print/80263 Microsoft?s recent announcement that it will end support for the Windows XP operating system [1] in two years signals the end of an era for the company, and potentially the beginning of a nightmare for everyone else. When Microsoft cuts the chord on XP in two years it will effectively leave millions of existing Windows-based computers vulnerable to continued and undeterred cyberattacks, many of which hold the potential to find their way into consumer, enterprise and even industrial systems running the latest software. Jason Miller, manager of research and development at VMware, says the introduction of Windows XP ?was the hey-dey of buying computers,? with markets having become familiar with Windows 95 or 98 and manufacturers like Dell releasing affordable options. With such an influx of new users, it comes as no surprise that Windows XP remains one of the most common operating systems despite the introduction of two entirely new versions in the decade since it hit shelves. In fact, March 2012 statistics from NetMarketShare.com [4] show XP in the lead for operating system market share, at 43.09%. Although that number is on a steady decline, its high volume just two years before support is cutoff is cause for concern, Qualys CTO Wolfgang Kandek says. Most enterprises are likely to upgrade their operating systems in the wake of the announcement that XP support would be cutoff. They have plenty of reasons to, such as security concerns raised by the IT department or the need for the latest version of Word or Excel to open new document formats. Remaining consumers, though, will be much less inclined to make an upgrade. Several trends account for this. First, and foremost, is cost. At-home computer users who are still content with XP are unlikely to purchase a new operating system without any financial incentive, especially considering that many of the features for Windows 7 require hardware upgrades. Try telling someone who uses their home computer to just check their email and read the latest Yahoo News headlines that they need to spend $500 for a new one. Then there?s the awareness issue. How many at-home consumer users will even know that Microsoft will be cutting off XP support? How many will know what ?the end of support? means for them at the user level, and how many will actually care? Microsoft is of course doing what it can to help spread the word, providing a deployment toolkit [5] and its "Springboard Series [6]" to hold its users hands through the process. Microsoft can only lead these XP-running horses to water, though. It can?t make them drink it. Finally, the burgeoning tablet market could present a roadblock to PC software upgrades. Amol Sarwate, director of Vulnerability Labs for Qualys, says that many entertainment-minded users who purchase a tablet may still have XP-based PCs still kicking around their homes. ?If I have a Windows XP machine and I go buy a new tablet, for most of my needs I will use my tablet, but I still keep my XP machine for doing some chores that only a desktop can do. So that could also play a role here,? Sarwate says. Although most of the subsequent security issues appear to be at the consumer level, it may not be long until they find a way into corporate networks or industrial systems, Miller says. ?Where do you think all these botnets are set up? They?re not set up on the corporate computers,? Miller says. ?They?re set up on my grandmother?s computer, my mother?s computer, and they don?t even know its running because they?re running vulnerable software out there.? Even scarier, Sarwate says many SCADA systems for industrial networks still run a modified version of XP, and are not in a position to upgrade. Because much of the software running on SCADA systems is not compatible with traditional Microsoft OS capabilities, an OS upgrade would entail much more work than it would for a home or corporate system. ?A lot of these systems are connected to critical infrastructure and that particular SCADA software running on Windows XP has to be first upgraded to a new operating system,? Sarwate says. ?So there is a SCADA vendor also in this picture and some SCADA software and hardware which is already configured in plants, factories or critical infrastructure. So in the typical SCADA environment I don?t think Microsoft could encourage people to upgrade because the problems there are completely different.? In a blog post [7], Sarwate also highlighted the dangers inherent in many SCADA systems stemming from an inadvertent connection to the public internet. Many companies are under the impression that their SCADA networks are disconnected from others, Sarwate wrote, when in fact they may be just as susceptible to malware as corporate or at-home desktops. ?A search for ?data presentation and control? software on the internet yields SCADA systems with management services exposed to the internet,? Sarwate wrote. ?If an organization's SCADA network is not securely connected with the IT network, worms can jump from the HR desktops or reception kiosk into the SCADA network.? Of course, there are other factors to consider, including the notion that many XP users who will not be protected by Microsoft in 2014 most likely haven?t been deploying the patches Microsoft has issued since 2004. Similarly, Sarwate says that traditionally when Microsoft issues its monthly bulletins, ?SCADA system administrators will not apply the patch.? But at the same time the sophistication of cyberthreats appears to be evolving. Miller cited the increased intelligence of spam attacks, which used to make such obvious spam-like claims as discounts on designer handbags or erectile dysfunction medication, but have lately begun more frequently sending more fake, but seemingly legitimate, emails from UPS or Delta Airlines. By then, new attacks may be designed to leverage these outstanding XP devices without the knowledge of their owners nor the others that they infect, Miller says. "If you?re writing viruses your main goal is to be non-intrusive. I do not blue-screen the machine. I do not crash the machine. I am on the machine silently. They do not even know I?m there. Hence the bot that runs," Miller says. "So there probably will be quite a few people that will be in a security nightmare in that aspect of it." Colin Neagle covers Microsoft security and network management for Network World. Keep up with his blog: Rated Critical [8], follow him on Twitter: @ntwrkwrldneagle [9]. Colin?s email is cneagle at nww.com. Source URL: http://www.networkworld.com/community/blog/end-windows-xp-support-era-signals-beginning-security-nightmare Links: [1] http://www.networkworld.com/community/blog/it?s-end-xp-vista-and-office-support-we-know-it [2] http://www.networkworld.com/news/2012/041012-patch-tuesday-258151.html?hpg1=bn [3] http://www.networkworld.com/slideshow/36532 [4] http://www.netmarketshare.com/report.aspx?qprid=11&qpaf=&qpcustom=Windows XP [5] http://www.microsoft.com/download/en/details.aspx?displaylang=en&id=25175 [6] http://technet.microsoft.com/en-us/gg426312.aspx [7] https://community.qualys.com/blogs/securitylabs/2012/03/29/six-ways-to-improve-scada-security [8] http://www.networkworld.com/community/blog/26138 [9] https://twitter.com/#!/ntwrkwrldneagle --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 12 07:54:44 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Apr 2012 08:54:44 -0400 Subject: [Infowarrior] - Bonding Experience Is Lost as a Traditional Gift Disappears Message-ID: (Yes, this sounds like a typical government operation; inconvenient for everyone in the name of modernity. --- rick) Bonding Experience Is Lost as a Traditional Gift Disappears Fans Miss Paper U.S. Savings Bonds, Struggle With Online Ones; 'Family Thing' By ROBIN SIDEL http://online.wsj.com/article/SB10001424052702303302504577327950075343104.html Pam Root always bought U.S. savings bonds to commemorate the birth of her grandchildren. But the newest addition to her family will get cold, hard cash. When her four other grandchildren were born, Ms. Root walked into her local bank to buy the bonds. Starting this year, however, the only way to buy savings bonds is directly from the Treasury Department?online. "I don't feel comfortable putting my grandchild's Social Security number online," says the 58-year-old receptionist from Harwinton, Conn., whose grandson Matthew arrived last month. Across the U.S., grandparents and other fans of traditional savings bonds are mourning their loss. A mainstay of American finance since the 1930s, the paper bonds have been eliminated as a government cost-saving measure. The bonds strike an emotional chord with generations of Americans who have bought and received them for birthdays, weddings, graduations and bar mitzvahs. "It's a family thing," says New Yorker Robyn Miller, 53 years old, whose two teenage sons have received thousands of dollars worth of paper savings bonds over the years from grandparents, cousins and family friends. She stashes them in a safe-deposit box. For generations, the government urged Americans to buy savings bonds as part of their patriotic duty. Companies rewarded productive workers with them and encouraged employees to buy them through automatic payroll deductions. They cost as little as $25 and increase in value slowly until they mature in as many as 30 years. Hollywood jumped on the bond bandwagon, too. In 1966, "Bewitched" actress Elizabeth Montgomery stood in front of a Christmas tree and told television viewers that the bonds were "guaranteed to please." Bob Hope, John Wayne and Bugs Bunny pitched savings bonds in TV ads. But sales of savings bonds plummeted as Americans gravitated to other financial instruments like mutual funds and college-savings accounts. The government sold just $1.5 billion worth of paper savings bonds last year, down 86% from $11.3 billion in 2003. "It's time for us to take a 1935 model and make it a 21st-century investment tool," Public Debt Commissioner Van Zeck said when the government announced the all-electronic move last summer. The change is expected to save $70 million in processing costs over the next five years. Existing paper bonds can still be redeemed at banks. The switch doesn't sit well with many savings-bond buyers, who say an electronic gift is a poor replacement for a paper bond that can be tucked away for the future. Many savings-bond fans prefer the certainty of a savings bond to a stock certificate whose underlying worth can fluctuate widely. They also say U.S. savings bonds provide children with an important lesson about saving for the future. "The kids nowadays, they have too many toys and too many clothes," says Sinmin Wu, 81 years old, of San Diego, who has bought paper bonds for his daughter's two young sons. One of the biggest drawbacks to the electronic system is that it is difficult to navigate. Those hurdles become even bigger for grandparents who aren't computer savvy or lack easy access to the Internet. To buy savings bonds online, buyers first have to set up an account on the Treasury's website, which requires an email address, Social Security number and bank-account number. Once purchased, the bond is placed in the buyer's electronic account. The site doesn't accept credit cards. Money to purchase the bond comes out of the buyer's bank account. "It's not an easy site to use. We will admit that," says Mckayla Braden, a spokeswoman for the Bureau of the Public Debt, which is part of the Treasury Department. She says the agency has been deluged by angry consumers since the January change, receiving some 18,000 calls a week, up from 1,000 before the change. One woman who thought she was buying paper bonds online was so upset that the department agreed to refund her $2,000 purchase. Even some younger consumers are flummoxed. "I was uncomfortable with it. If I could use a credit card, maybe I'd buy one," says John Hedges, a 48-year-old human-resources manager who lives in Glastonbury, Conn. He poked around on the government website after learning that the bonds weren't available at his bank. The new procedure is equally exasperating for bankers, who often have to break the unpleasant news to customers who still expect to buy savings bonds at a branch. Taylor Thompson, a financial consultant at Pioneer Investment Services in Rapid City, S.D., says he tries to help his clients navigate the online process. "By the time we get halfway through it, they are so confused and frustrated that it just ends up deterring them," he says. Two of his clients are Sharon and Bill Costner, parents of actor Kevin Costner. The couple recently spent hours with Mr. Thompson trying to figure out how to register for an account so they could track two $5,000 bonds that they bought for themselves last year. "We will take our $10,000 out as soon as we can?one way or another?and we no longer intend to buy them," says Mrs. Costner, 83 years old. It is even a lot of work to give an electronic savings bond as a gift because the recipient must also set up an account. The sender can't zap the gift to the recipient without knowing the recipient's full name, Social Security number and Treasury account number. "The element of surprise is completely gone," says Doug Schoen, a 59-year-old political analyst in New York who recently bought a savings bond online for a colleague's new baby. Barbara Petrick, a retired high-school teacher who lives in Jersey City, N.J., usually presents a $25 savings bond as a history prize to a graduating senior at William L. Dickinson High School where she used to work. She already is resigned to replacing this spring's savings bond with a gift certificate. "I'm disappointed," says Mrs. Petrick, who describes herself as "not that great with a computer." Mr. Wu says he is willing to give the electronic process a try in order to buy savings bonds for his new twin granddaughters. Lin-Hua Wu, his daughter and mother of the baby girls, is skeptical. "He'll never do it," she says. "He won't try to buy anything on Amazon." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 12 13:50:37 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Apr 2012 14:50:37 -0400 Subject: [Infowarrior] - MPAA Just Won't Quit: Says Links & Embeds Are Infringing Message-ID: (Didn't this get settled a few years ago when newspapers said the same thing when folks were linking to their articles from third party sites? Oh, but this is the MPAA, whose reality distortion field makes the one operated by the late Steve Jobs look positively tame in comparison. -- rick) MPAA Just Won't Quit: Jumps Into Legal Dispute To Argue Links & Embeds Are Infringing from the what-happens-when-you-have-no-one-technological-on-staff dept It appears that the MPAA has jumped into a legal dispute that hits on a few different points, all of which are interesting, but the really crazy point is the fact that the crux of their argument is that merely embedding or linking (technically, the same thing) to infringing videos is infringement itself -- and someone setting up a site that lets people embed or link should also be guilty of infringement. This is, to put it mildly, crazy talk from an organization that still seems to have an institutional cluelessness about how the internet works. To be sure, there are a few different issues related to this case, which was really about porn company Flava Works suing the site MyVidster and its owner, Marques Gunter. MyVidster lets people link or embed videos from other sites. It did not host any of the content itself. In accordance with the DMCA's notice and takedown provisions, Gunter would take down any embeds or links when he received a notice. However, the judge said that the site lost its DMCA safe harbor provisions because he did not take any further action: specifically because he did not cut off repeat infringers: < -- > This is what's so pitiful about the MPAA. When they lose, they don't realize they were wrong, they just keep arguing the same damn thing in court over and over again, and act shocked that anyone might argue otherwise, even though they've lost this argument in court over and over again. http://www.techdirt.com/articles/20120411/20434818458/mpaa-just-wont-quit-jumps-into-legal-dispute-to-argue-links-embeds-are-infringing.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 12 22:14:45 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 12 Apr 2012 23:14:45 -0400 Subject: [Infowarrior] - Nanex ~ The SEC Redefines Liquidity (when it's convenient) Message-ID: <9EBF092C-F225-4338-BA37-CB2778BC005D@infowarrior.org> Nanex ~ The SEC Redefines Liquidity (when it's convenient) April 12, 2012 While rereading the SEC's flash crash report, Findings Regarding the Market Events of May 6, 2010, and a very similar report written at the same time by some of the same authors, we came across statements that are clearly false, and grossly mischaracterize the algorithm that executed the 75,000 S&P futures contracts and blamed for causing the flash crash. Be sure to see our recently updated detailed analysis and charts of the contracts sold by the algo. We contacted one of the co-authors and things grew murkier. The email exchange was very disturbing because the explanation was basically a new and bizarre definition of liquidity in an attempt to try and make the paper's text agree with the facts. That, or the authors have based the foundation of the entire paper on a very unusual interpretation of liquidity: something that would completely nullify any conclusion. The SEC report for example, uses the word "liquidity" 249 times in 89 pages: a word that may now have a completely different meaning from anyone's current understanding of that term. < -- > http://www.nanex.net/aqck/2977.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 13 08:56:06 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Apr 2012 09:56:06 -0400 Subject: [Infowarrior] - Using GPS to stay aware of red light cameras Message-ID: <7B5BE594-3602-46FE-957A-5EE19D66A6CE@infowarrior.org> Using GPS to stay aware of red light cameras http://hackaday.com/2012/04/12/using-gps-to-stay-aware-of-red-light-cameras/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 13 14:58:52 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Apr 2012 15:58:52 -0400 Subject: [Infowarrior] - The Real Reason for the Tragedy of the Titanic Message-ID: <55B351FC-DD17-4FA8-95EB-C9BDC786A58F@infowarrior.org> The Real Reason for the Tragedy of the Titanic The disaster is often seen as a tale of hubris, social stratification and capitalist excess. The truth is considerably more sobering. By CHRIS BERG http://online.wsj.com/article/SB10001424052702304444604577337923643095442.html?mod=googlenews_wsj In the 1958 Titanic film "A Night to Remember," Captain Smith is consulting with the shipbuilder Thomas Andrews. After the two realize that the Titanic will sink and that there are not enough lifeboats for even half those aboard, Smith quietly says "I don't think the Board of Trade regulations visualized this situation, do you?" In the run-up to the 100th anniversary of this tragedy this weekend, there's been a lot of commentary about who and what were to blame. Left unsaid is that the Titanic's lifeboat capacity is probably the most iconic regulatory failure of the 20th century. The ship had carried 2,224 people on its maiden voyage but could only squeeze 1,178 people into its lifeboats. There were a host of other failures, accidents, and mishaps which led to the enormous loss of life, but this was the most crucial one: From the moment the Titanic scraped the iceberg, the casualties were going to be unprecedented. Yet the Titanic was fully compliant with all marine laws. The British Board of Trade required all vessels above 10,000 metric tonnes (11,023 U.S. tons) to carry 16 lifeboats. The White Star Line ensured that the Titanic exceeded the requirements by four boats. But the ship was 46,328 tonnes. The Board of Trade hadn't updated its regulations for nearly 20 years. Enlarge Image Getty Images Artistic rendering of the Titanic from Le Petit Journal Paris, April 28, 1912 The lifeboat regulations were written for a different era and enforced unthinkingly. So why didn't the regulators, shipbuilders or operators make the obvious connection between lifeboat capacity and the total complement of passengers and crew? It had been 40 years since the last serious loss of life at sea, when 562 people died on the Atlantic in 1873. By the 20th century, all ships were much safer. Moreover, the passage of time changed what regulators and shipowners saw as the purpose of lifeboats. Lifeboats were not designed to keep all the ship and crew afloat while the vessel sank. They were simply to ferry them to nearby rescue ships. Recent history had confirmed this understanding. The Republic sank in 1909, fatally crippled in a collision. But it took nearly 36 hours for the Republic to submerge. All passengers and crew?except for the few who died in the actual collision?were transferred safely, in stages, to half a dozen other vessels. Had Titanic sunk more slowly, it would have been surrounded by the Frankfurt, the Mount Temple, the Birma, the Virginian, the Olympic, the Baltic and the first on the scene, the Carpathia. The North Atlantic was a busy stretch of sea. Or, had the Californian (within visual range of the unfolding tragedy) responded to distress calls, the lifeboats would have been adequate for the purpose they were intended?to ferry passengers to safety. There was, simply, very little reason to question the Board of Trade's wisdom about lifeboat requirements. Shipbuilders and operators thought the government was on top of it; that experts in the public service had rationally assessed the dangers of sea travel and regulated accordingly. Otherwise why have the regulations at all? This is not the way the story is usually told. Recall in James Cameron's 1997 film, "Titanic," the fictionalized Thomas Andrews character claims to have wanted to install extra lifeboats but "it was thought by some that the deck would look too cluttered." Mr. Cameron saw his movie as a metaphor for the end of the world, so historical accuracy was not at a premium. Yet the historian Simon Schama appears to have received his knowledge of this issue from the Cameron film, writing in Newsweek recently that "Chillingly, the shortage of lifeboats was due to shipboard aesthetics." (Mr. Schama also sees the Titanic as a metaphor, this time for "global capitalism" hitting the Lehman Brothers iceberg.) This claim?that the White Star Line chose aesthetics over lives?hinges on a crucial conversation between Alexander Carlisle, the managing director of the shipyard where Titanic was built, and his customer Bruce Ismay, head of White Star Line, in 1910. Carlisle proposed that White Star equip its ships with 48 lifeboats?in retrospect, more than enough to save all passengers and crew. Yet after a few minutes discussion, Ismay and other senior managers rejected the proposal. The Titanic historian Daniel Allen Butler (author of "Unsinkable") says Carlisle's idea was rejected "on the grounds of expense." But that's not true. In the Board of Trade's post-accident inquiry, Carlisle was very clear as to why White Star declined to install extra lifeboats: The firm wanted to see whether regulators required it. As Carlisle told the inquiry, "I was authorized then to go ahead and get out full plans and designs, so that if the Board of Trade did call upon us to fit anything more we would have no extra trouble or extra expense." So the issue was not cost, per se, or aesthetics, but whether the regulator felt it necessary to increase the lifeboat requirements for White Star's new, larger, class of ship. This undercuts the convenient morality tale about safety being sacrificed for commercial success that sneaks into most accounts of the Titanic disaster. The responsibility for lifeboats came "entirely practically under the Board of Trade," as Carlisle described the industry's thinking at the time. Nobody seriously thought to second-guess the board's judgment. This is a distressingly common problem. Governments find it easy to implement regulations but tedious to maintain existing ones?politicians gain little political benefit from updating old laws, only from introducing new laws. And regulated entities tend to comply with the specifics of the regulations, not with the goal of the regulations themselves. All too often, once government takes over, what was private risk management becomes regulatory compliance. It's easy to weave the Titanic disaster into a seductive tale of hubris, social stratification and capitalist excess. But the Titanic's chroniclers tend to put their moral narrative ahead of their historical one. At the accident's core is this reality: British regulators assumed responsibility for lifeboat numbers and then botched that responsibility. With a close reading of the evidence, it is hard not to see the Titanic disaster as a tragic example of government failure. Mr. Berg is a fellow at the Institute of Public Affairs in Melbourne, Australia. This op-ed originally appeared on the Australian Broadcasting Corporation's website The Drum (www.abc.net.au) on April 11. A version of this article appeared April 13, 2012, on page A13 in some U.S. editions of The Wall Street Journal, with the headline: The Real Reason for the Tragedy of the Titanic. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 13 21:23:38 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Apr 2012 22:23:38 -0400 Subject: [Infowarrior] - Facebook defends support for CISPA monitoring bill Message-ID: Facebook defends support for CISPA monitoring bill By Iain Thomson in San Francisco Posted in Security, 14th April 2012 00:03 GMT http://www.theregister.co.uk/2012/04/14/cispa_facebook_support/ Facebook has issued a statement explained why it is supporting the Cyber Intelligence Sharing and Protection Act (CISPA) HR 3523, which is currently being considered by Congress. CISPA would set up a mechanism for the government's security services to share information on new threats with private companies and utilities. In return, those companies can share data on their users with the government if requested, and the bill ensures they are bulletproof from legal fallout if people complain. Data sharing is voluntary and some data can be stripped of identifying features. But internet rights campaigners are concerned that the loose language of the legislation will leave it open to be used in a much wider context than national online security. Dan Auerbach, staff technologist with the Electronic Frontier Foundation (EFF), told The Register that the provisions of the bill could be stretched to include sharing data for crimes like piracy. "The biggest problem with the bill is that it's too vague," he explained. "The language in it now is broad enough that it could be used to allow, or compel companies, to do copyright enforcement." He explained that while the information exchange was voluntary, the government is adept at encouraging companies to play ball. Access to lucrative federal contracts could be offered to those who are willing to cooperate and compliance might be written into such contracts. It's a pattern of behavior that's been noted before, he said. The bill will be debated in the US House of Representatives this month, and has attracted over 100 co-sponsors. There's also an impressive list of technology companies lining up to support CISPA, including Microsoft, Intel, EMC, Oracle and Facebook. Facebook is the only company to respond to El Reg's requests for comment, and then it stuck to a general statement. "HR 3523 would impose no new obligations on us to share data with anyone ? and ensures that if we do share data about specific cyber threats, we are able to continue to safeguard our users? private information, just as we do today,' said Facebook's Joel Kaplan, vice president of US public policy in a statement on the site. "We recognize that a number of privacy and civil liberties groups have raised concerns about the bill. The concern is that companies will share sensitive personal information with the government in the name of protecting cybersecurity. Facebook has no intention of doing this and it is unrelated to the things we liked about HR 3523 in the first place." Facebook's support was seen as important in persuading legislators to drop the proposed SOPA and PIPA laws, along with the market and lobbying muscle of Google. The Chocolate Factory isn't listed as a supporter of the legislation and it has not replied to requests for comment. A committee staffer working on the bill told The Register that the provisions of the bill were open to amendment and that talks are ongoing between civil liberties groups and the bill's sponsors that would clear up many of the issues. A series of amendments will be introduced next week, which should allay concerns over the scope of CISPA. In particular, the staffer said that there is a provision within CISPA that explicitly bans the government from insisting on getting information on customers in exchange for security information, and any exchange would be absolutely voluntary. There is also no provision for the data to be used just for intellectual property theft, and the IP clauses in the bill had been included were intended to go after overseas players going after military or commercial data via network hacking, not file sharers. "They're not looking for some kid in the Dallas suburbs hacking into his school to change his grade," the staffer said. "This is about foreign intelligence services and organized crime figures from overseas." ? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 13 21:24:15 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Apr 2012 22:24:15 -0400 Subject: [Infowarrior] - New Draft Of CISPA Announced: Some Progress, Still Big Problems Message-ID: New Draft Of CISPA Announced: Some Progress, Still Big Problems from the it's-a-start-I-guess dept The House Intelligence Committee has published a new draft of CISPA (pdf and embedded below), which includes the two amendments that were already approved, plus several other additions and changes. In some areas, there is genuine progress?in others, things actually seem to have gotten worse. Unfortunately, some of the biggest problems with the bill remain, and some of the new language seems to have little effect at all. Some changes I will discuss in future posts, but there are two that I wanted to look at right away: < -- > http://www.techdirt.com/articles/20120413/15420218488/new-draft-cispa-announced-some-progress-still-big-problems.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 13 21:35:49 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Apr 2012 22:35:49 -0400 Subject: [Infowarrior] - Former TSA chief op-ed is surprisingly honest Message-ID: (Yes, he's pitching excerpts from his forthcoming book, so there's likely some spinning to protect his legacy, but even so, I think much of what he writes here is pretty much correct. -- rick) Updated April 13, 2012, 8:30 p.m. ET Why Airport Security Is Broken? And How To Fix It Air travel would be safer if we allowed knives, lighters and liquids and focused on disrupting new terror plots. A former head of the Transportation Security Administration, Kip Hawley, on embracing risk. By KIP HAWLEY http://online.wsj.com/article/SB10001424052702303815404577335783535660546.html Airport security in America is broken. I should know. For 3? years?from my confirmation in July 2005 to President Barack Obama's inauguration in January 2009?I served as the head of the Transportation Security Administration. You know the TSA. We're the ones who make you take off your shoes before padding through a metal detector in your socks (hopefully without holes in them). We're the ones who make you throw out your water bottles. We're the ones who end up on the evening news when someone's grandma gets patted down or a child's toy gets confiscated as a security risk. If you're a frequent traveler, you probably hate us. More than a decade after 9/11, it is a national embarrassment that our airport security system remains so hopelessly bureaucratic and disconnected from the people whom it is meant to protect. Preventing terrorist attacks on air travel demands flexibility and the constant reassessment of threats. It also demands strong public support, which the current system has plainly failed to achieve. The crux of the problem, as I learned in my years at the helm, is our wrongheaded approach to risk. In attempting to eliminate all risk from flying, we have made air travel an unending nightmare for U.S. passengers and visitors from overseas, while at the same time creating a security system that is brittle where it needs to be supple. Any effort to rebuild TSA and get airport security right in the U.S. has to start with two basic principles: First, the TSA's mission is to prevent a catastrophic attack on the transportation system, not to ensure that every single passenger can avoid harm while traveling. Much of the friction in the system today results from rules that are direct responses to how we were attacked on 9/11. But it's simply no longer the case that killing a few people on board a plane could lead to a hijacking. Never again will a terrorist be able to breach the cockpit simply with a box cutter or a knife. The cockpit doors have been reinforced, and passengers, flight crews and air marshals would intervene. Second, the TSA's job is to manage risk, not to enforce regulations. Terrorists are adaptive, and we need to be adaptive, too. Regulations are always playing catch-up, because terrorists design their plots around the loopholes. I tried to follow these principles as the head of the TSA, and I believe that the agency made strides during my tenure. But I readily acknowledge my share of failures as well. I arrived in 2005 with naive notions of wrangling the organization into shape, only to discover the power of the TSA's bureaucratic momentum and political pressures. There is a way out of this mess?below, I'll set out five specific ideas for reform?but it helps to understand how we got here in the first place. The airport checkpoint as we know it today sprang into existence in spring 2002, over a month and a half at Baltimore/Washington International airport. New demands on the system after 9/11, like an exhaustive manual check of all carry-on bags, had left checkpoints overwhelmed by long lines and backlogs. A team of management consultants from Accenture delved into the minutiae of checkpoint activity at BWI: How long did it take to pass from one point to another? How did the behavior of travelers affect line speed? How were people interacting with the equipment? The consultants had a million ideas for improvement, but with no infrastructure, acquiring even the most ordinary items became a quest. For example, before passengers walked through the metal detectors, they needed to place their keys, jewelry and change into a container. But the long, skinny plastic dishes in use at the time tipped over. So a team member went to PetSmart, bought a bunch of different dog bowls and tested each one. The result was the white bowl with a rubber bottom that's still in use at many airports. (Please, no jokes about the TSA treating passengers like dogs.) One brilliant bit of streamlining from the consultants: It turned out that if the outline of two footprints was drawn on a mat in the area for using metal-detecting wands, most people stepped on the feet with no prompting and spread their legs in the most efficient stance. Every second counts when you're processing thousands of passengers a day. Members of Congress, who often fly home to their districts for the weekend, had begun demanding wait times of no longer than 10 minutes. But security is always about trade-offs: A two-minute standard would delight passengers but cost billions more in staffing; ignoring wait times would choke the system. After I was confirmed as TSA administrator in 2005, one of the first things I did in office was to attend screener training at the Minneapolis-St. Paul International Airport. I sat down at a computer with Gary, a solidly built guy in his 40s with a mustache and a shaved head. Gary pointed at a screen that simulated the carry-on bag monitors at checkpoints. "What do you see?" he asked, a half smile on his face. I stared at the series of colorful, ghostly images that Gary froze on the screen and tried to pick an easy one. "Well, that's a computer or some electronic, there are wires, maybe a battery." The sharp edges were easy to pick out, and the recognizable pattern of a motherboard jumped out. "But I don't know about that big orange blob on top of it." "Right," said Gary. "The orange-colored part?. That means it's organic. Anything made of organic material?clothes, shoes, food?it's all going to register orange here." As a confidence boost, Gary gave me a series of images with guns and knives in various positions. Knives lying flat were giveaways, but when viewed lengthwise, they had very little visible surface. Explosives were a whole different story. A plastic explosive like C4 is organic and dense. It appears as a heavy orange mass. Unfortunately, a block of cheddar cheese looks roughly the same. As we started testing with a moving scanner, Gary warned me that too many false positives would be a big problem. A "hair-trigger" strategy would get me flunked. Images with guns took about one second to identify. Clear bags took roughly five seconds to double check for blade edges. It was cluttered bags?with their multihued oranges, blues, greens and grays jumbled together?that were the killers. I wish that more of our passengers could see the system from the perspective of a screener. It is here, at the front lines, where the conundrum of airport security is in sharpest relief: the fear of missing even the smallest thing, versus the likelihood that you'll miss the big picture when you're focused on the small stuff. Clearly, things needed to change. By the time of my arrival, the agency was focused almost entirely on finding prohibited items. Constant positive reinforcement on finding items like lighters had turned our checkpoint operations into an Easter-egg hunt. When we ran a test, putting dummy bomb components near lighters in bags at checkpoints, officers caught the lighters, not the bomb parts. I wanted to reduce the amount of time that officers spent searching for low-risk objects, but politics intervened at every turn. Lighters were untouchable, having been banned by an act of Congress. And despite the radically reduced risk that knives and box cutters presented in the post-9/11 world, allowing them back on board was considered too emotionally charged for the American public. We did succeed in getting some items (small scissors, ice skates) off the list of prohibited items. And we had explosives experts retrain the entire work force in terrorist tradecraft and bomb-making. Most important, Charlie Allen, the chief of intelligence for the Department of Homeland Security, tied the TSA into the wider world of U.S. intelligence, arranging for our leadership to participate in the daily counterterrorism video conference chaired from the White House. With a constant stream of live threat reporting to start each day, I was done with playing defense. But the frustrations outweighed the progress. I had hoped to advance the idea of a Registered Traveler program, but the second that you create a population of travelers who are considered "trusted," that category of fliers moves to the top of al Qaeda's training list, whether they are old, young, white, Asian, military, civilian, male or female. The men who bombed the London Underground in July 2005 would all have been eligible for the Registered Traveler cards we were developing at the time. No realistic amount of prescreening can alleviate this threat when al Qaeda is working to recruit "clean" agents. TSA dropped the idea on my watch?though new versions of it continue to pop up. Taking your shoes off for security is probably your least favorite part of flying these days. Mine, too. I came into office dead set on allowing people to keep their shoes on during screening. But, contrary to popular belief, it isn't just Richard Reid's failed shoe-bomb attempt in December 2001 that is responsible for the shoe rule. For years, the TSA has received intelligence on the terrorists' footwear-related innovations. Some very capable engineer on the other side is spending a lot of time improving shoe bombs, which can now be completely nonmetallic and concealed in a normal street shoe. There's still no quick way to detect them without an X-ray. I was initially against a ban on liquids as well, because I thought that, with proper briefing, TSA officers could stop al Qaeda's new liquid bombs. Unfortunately, al Qaeda's advancing skill with hydrogen-peroxide-based bombs made a total liquid ban necessary for a brief period and a restriction on the amount of liquid one could carry on a plane necessary thereafter. Existing scanners could allow passengers to carry on any amount of liquid they want, so long as they put it in the gray bins. The scanners have yet to be used in this way because of concern for the large number of false alarms and delays that they could cause. When I left TSA in 2009, the plan was to designate "liquid lanes" where waits might be longer but passengers could board with snow globes, beauty products or booze. That plan is still sitting on someone's desk. The hijackings of the 1960s gave us magnetometers, to keep guns off planes. After the Pan Am 103 bombing over Lockerbie, Scotland, a small amount of international checked baggage was scanned and people were required to fly with their luggage. After 9/11, the TSA was created and blades were banned. Looking at the airport security system that we have today, each measure has a reason?and each one provides some security value. But taken together they tell the story of an agency that, while effective at stopping anticipated threats, is too reactive and always finds itself fighting the last war. Airport security has to change. The relationship between the public and the TSA has become too poisonous to be sustained. And the way that we use TSA officers?as little more than human versions of our scanners?is a tremendous waste of well-trained, engaged brains that could be evaluating risk rather than looking for violations of the Standard Operating Procedure. What would a better system look like? If politicians gave the TSA some political cover, the agency could institute the following changes before the start of the summer travel season: 1. No more banned items: Aside from obvious weapons capable of fast, multiple killings?such as guns, toxins and explosive devices?it is time to end the TSA's use of well-trained security officers as kindergarten teachers to millions of passengers a day. The list of banned items has created an "Easter-egg hunt" mentality at the TSA. Worse, banning certain items gives terrorists a complete list of what not to use in their next attack. Lighters are banned? The next attack will use an electric trigger. 2. Allow all liquids: Simple checkpoint signage, a small software update and some traffic management are all that stand between you and bringing all your liquids on every U.S. flight. Really. 3. Give TSA officers more flexibility and rewards for initiative, and hold them accountable: No security agency on earth has the experience and pattern-recognition skills of TSA officers. We need to leverage that ability. TSA officers should have more discretion to interact with passengers and to work in looser teams throughout airports. And TSA's leaders must be prepared to support initiative even when officers make mistakes. Currently, independence on the ground is more likely to lead to discipline than reward. 4. Eliminate baggage fees: Much of the pain at TSA checkpoints these days can be attributed to passengers overstuffing their carry-on luggage to avoid baggage fees. The airlines had their reasons for implementing these fees, but the result has been a checkpoint nightmare. Airlines might increase ticket prices slightly to compensate for the lost revenue, but the main impact would be that checkpoint screening for everybody will be faster and safer. 5. Randomize security: Predictability is deadly. Banned-item lists, rigid protocols?if terrorists know what to expect at the airport, they have a greater chance of evading our system. In Richmond, Va., we tested a system that randomized the security procedures encountered by passengers (additional upper-torso pat-downs, a thorough bag search, a swab test of carry-ons, etc.), while not subjecting everyone to the full gamut. At other airports, we tried out a system called "Playbook," which gave airports a virtual encyclopedia of possible security actions and let local law-enforcement, airport and TSA officials choose a customized set of counterterror measures. Implemented nationally, this approach would give to the system as a whole a value greater than the sum of its parts?making it much harder for terrorists to learn how to evade our security protocols. To be effective, airport security needs to embrace flexibility and risk management?principles that it is difficult for both the bureaucracy and the public to accept. The public wants the airport experience to be predictable, hassle-free and airtight and for it to keep us 100% safe. But 100% safety is unattainable. Embracing a bit of risk could reduce the hassle of today's airport experience while making us safer at the same time. Over the past 10 years, most Americans have had extensive personal experience with the TSA, and this familiarity has bred contempt. People often suggest that the U.S. should adopt the "Israeli method" of airport security?which relies on less screening of banned items and more interviewing of passengers. But Israeli citizens accept the continued existence of a common enemy that requires them to tolerate necessary inconveniences, and they know that terror plots are ongoing. In America, any successful attack?no matter how small?is likely to lead to a series of public recriminations and witch hunts. But security is a series of trade-offs. We've made it through the 10 years after 9/11 without another attack, something that was not a given. But no security system can be maintained over the long term without public support and cooperation. If Americans are ready to embrace risk, it is time to strike a new balance. ?Mr. Hawley is the author of "Permanent Emergency: Inside the TSA and the Fight for the Future of American Security," to be published April 24 by Palgrave Macmillan. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 13 21:41:00 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 13 Apr 2012 22:41:00 -0400 Subject: [Infowarrior] - =?windows-1252?q?China=92s_Great_Firewall_locks_u?= =?windows-1252?q?p?= Message-ID: <94595967-8A09-49B3-8956-CC251BE4C7BA@infowarrior.org> China?s Great Firewall locks up Down for a couple of hours By Dave Neal Fri Apr 13 2012, 15:35 http://www.theinquirer.net/inquirer/news/2167744/china-s-firewall-locks THE GLORIOUS Great Firewall of China caused a total web blackout in that country yesterday, possibly as a chilling example of what could happen. The Great Firewall blocks a lot of what the Chinese government thinks is unsavoury content, but would be normal for everyone else, and gobbles up dissent and criticism like duck dumplings. Yesterday, thanks to a software glitch, it blocked the entire internet for two hours. No one in China could do anything online for that 120 minute period, and some people outside the country could not access major Chinese web sites like Baidu. There is some speculation about the downtime because there is no official line. It could have been intentional, or an experiment to see how much fuss was caused by a total lockdown, but that is perhaps extreme. It could also have been hacked, or maybe it was just a big software cockup. This week hackers associated with Anonymous said that they are chipping away at the Great Firewall of China but expected that an actual suspension of services could take some time. Another possibility is that it went down during or after an upgrade to reinforce the bamboo curtain. China's iron boot did make some moves this week, shutting down a range of controversial, to it, web sites and web posts. Perhaps it took a wild swing before falling back into its usual stride. ? Source: The Inquirer (http://s.tt/19gxs) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Apr 14 10:54:37 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 14 Apr 2012 11:54:37 -0400 Subject: [Infowarrior] - More wins for TSA. But who protects us from THEM? Message-ID: <94A92C2F-AAEA-417B-ACDD-C7FC9B1EAA69@infowarrior.org> TSA inspector accused of stealing iPads at DFW Airport http://www.star-telegram.com/2012/04/13/3882741/tsa-inspector-accused-of-stealing.html Jose Salgado, TSA Agent, Arrested In Child Porn Crackdown http://www.huffingtonpost.com/2012/04/11/jose-salgado-tsa_n_1417686.html Report: TSA agent arrested for dousing pilot with hot coffee http://www.wtsp.com/news/national/article/249273/81/Report-TSA-agent-arrested-for-dousing-pilot-with-hot-coffee --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 15 09:45:45 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Apr 2012 10:45:45 -0400 Subject: [Infowarrior] - A Wall Street Fit for C-3PO and R2-D2 Message-ID: <211C36EE-363D-4B52-A7BA-C843F1D8FF31@infowarrior.org> A Wall Street Fit for C-3PO and R2-D2 By JIM MCTAGUE | MORE ARTICLES BY AUTHOR Regulators still don't have a handle on the robotic trading that figured in the 2010 Flash Crash. CFTC points finger at SEC. http://online.barrons.com/article/SB50001424053111904857404577333863557725538.html Boy, did George Lucas get it wrong! Based on what we all learned back on May 6, 2010, the Star Wars director should have had mechanical servants C-3PO and R2-D2 trading Luke Skywalker's portfolio several thousand times a minute. That would have been a lot more profitable than helping the young Jedi outwit the evil that Darth Vader turned out to be. That date in May brought the infamous Flash Crash, when the world was shocked into the realization that Wall Street is now dominated by artificial intelligence. We are fast approaching the crash's second anniversary, with regulators not yet fully understanding exactly what caused it. But this won't stop them from eventually offering a cornucopia of prescriptions to make it look as if they are doing something. This May, both the Securities and Exchange Commission and the Commodities Futures Exchange Commission are expected to announce rule-making processes for regulating high-speed robotic trading. And don't be surprised if the process takes years. Machines whirl, but regulators plod. WALL STREET'S ROBOTIC REVOLUTION has been stunning -- faster and more sweeping than the automation of any other industry. Between 60% and 70% of all trades are made by decision-making machines, compared with 20% in 2006, the year before the SEC made equity markets more machine-friendly. The smart robots simultaneously buy and sell stocks, commodities and futures on multiple exchanges at the speed of light and generally take small profits in seven seconds or less. With 23,400 seconds in a trading day, those incremental gains mount. A high-frequency trader once boasted to me that his machines made him a 300% profit every year. The souped-up, nitrogen-cooled trading machines are programmed by physicists and mathematicians who have abandoned university labs to join the biggest get-rich-quick scheme since condo-flipping. They view the rest of us as members of the Flat Earth Society. An individual investor might consider himself a genius if he sells 100 shares of Apple Computer on which he has doubled or tripled his money. But the high-frequency crowd might regard this investor as an idiot because, by doing only a simple trade, he's left money on the table. The high-frequency trading machine, which can analyze 20 years of market data in the blink of an eye, will sell Apple and simultaneously short related stocks that generally go down when Apple is sold. And the machine will buy related stocks that generally rise when Apple is sold. Similarly, if a particular commodity always rises when Apple is sold and another always falls, the machine will send the appropriate buy and short orders instantaneously -- even if the reasons for the commodities' moves never become clear. In the Flash Crash, a tsunami of selling by "smart" machines overwhelmed U.S. stock exchanges, pushing down investors' equity by $1 trillion in just 10 minutes. Even though the markets quickly recovered, the dramatic event so spooked individuals that many have stayed on the sidelines to this day, missing the recent bull market. Wall Street's regulators instigated the market's transition from man to machine without anticipating all the ramifications. The machines were supposed to replace inefficient middlemen, not long-term investors. This high-speed trading, according to critics, is a big reason that market volatility has been so pronounced in recent years. LAST JULY, THE FBI AND SEC both started digging into robotic trading in the equities and commodities markets. Critics of the robotic traders say that some of the machines may be manipulating the market. As part of the probe, the SEC issued subpoenas to high-frequency trading firms that traded heavily during the Flash Crash. This suggests that the agency is having second thoughts about the Flash Crash report it released in September 2010, with the staff of the Commodities Futures Trading Commission. That report asserted that an unusually large sell order by mutual-fund purveyor Waddell & Reed in the CME Group's S&P 500 E-mini futures market was the snowball that started the avalanche. The Chicago-based CME, the world's largest commodities and futures exchange, is regulated by the CFTC. We were among the first critics to accuse the regulators of being overly eager to find a scapegoat. Subsequent internal CME Group studies challenged the SEC's finding. In fact, the CME contends that the Flash Crash was limited to the stock exchanges regulated by the SEC. Because these markets are so fragmented and inefficient, the CME asserts, they simply couldn't handle an exceptionally high number of sell orders. The CFTC has been re-examining high-frequency trading. Its chairman, Gary Gensler, has been telegraphing his intention to announce a formal rule-making process aimed at regulating high-frequency trading. The industry expects him to make an announcement around the anniversary of the Flash Crash. Whatever is announced will generate headlines and controversy, but be meaningless. The real problem is that high-frequency trading robots have bridged the commodities and equities markets. Yet special interests have convinced Congress not to merge the SEC and the CFTC to create a more rational regulatory regime. This is preserving the perfect environment for inefficiency -- and for future flash crashes. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 15 09:50:05 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Apr 2012 10:50:05 -0400 Subject: [Infowarrior] - Google BBS - how retro! Message-ID: This is kind of old-school nifty. http://www.masswerk.at/googleBBS/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 15 12:00:45 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Apr 2012 13:00:45 -0400 Subject: [Infowarrior] - Google's Sergey Brin: Facebook and Apple a threat to Internet freedom Message-ID: Google's Sergey Brin: Facebook and Apple a threat to Internet freedom In an interview with the Guardian, Google co-founder Sergey Brin said that the openness and accessibility that led to the creation of the Internet is under serious threat. by Dan Farber April 15, 2012 9:27 AM PDT In an interview with the Guardian, Google co-founder Sergey Brin warned that the "open" Internet is in danger from very powerful forces, including Facebook and Apple. "I am more worried than I have been in the past ... it's scary," he said Brin identified the serious threats to the open Internet as repressive governments trying to control access to the Internet, entertainment industry crackdowns on piracy and so-called "wall gardens" that maintain more strict control over what can be done on their technology platforms, citing Facebook and Apple. He said that Facebook and Apple are stifling innovation and risk Balkanizing the Web, and went as far as to say that Google would never have come into existence if Facebook were dominant. < -- > http://news.cnet.com/8301-1023_3-57414316-93/googles-sergey-brin-facebook-and-apple-a-threat-to-internet-freedom/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 15 18:02:43 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 15 Apr 2012 19:02:43 -0400 Subject: [Infowarrior] - =?windows-1252?q?Fwd=3A_The_Cybercrime_Wave_That_?= =?windows-1252?q?Wasn=92t?= References: Message-ID: Begin forwarded message: > From: Simon > > The Cybercrime Wave That Wasn?t > By DINEI FLOR?NCIO and CORMAC HERLEY > Published: April 14, 2012 > > http://www.nytimes.com/2012/04/15/opinion/sunday/the-cybercrime-wave-that-wasnt.html > > Ii less than 15 years, cybercrime has moved from obscurity to the > spotlight of consumer, corporate and national security concerns. > Popular accounts suggest that cybercrime is large, rapidly growing, > profitable and highly evolved; annual loss estimates range from > billions to nearly $1 trillion. While other industries stagger under > the weight of recession, in cybercrime, business is apparently > booming. > > Yet in terms of economics, there?s something very wrong with this > picture. Generally the demand for easy money outstrips supply. Is > cybercrime an exception? If getting rich were as simple as downloading > and running software, wouldn?t more people do it, and thus drive down > returns? > > We have examined cybercrime from an economics standpoint and found a > story at odds with the conventional wisdom. A few criminals do well, > but cybercrime is a relentless, low-profit struggle for the majority. > Spamming, stealing passwords or pillaging bank accounts might appear a > perfect business. Cybercriminals can be thousands of miles from the > scene of the crime, they can download everything they need online, and > there?s little training or capital outlay required. Almost anyone can > do it. > > Well, not really. Structurally, the economics of cybercrimes like spam > and password-stealing are the same as those of fishing. Economics long > ago established that common-access resources make for bad business > opportunities. No matter how large the original opportunity, new > entrants continue to arrive, driving the average return ever downward. > Just as unregulated fish stocks are driven to exhaustion, there is > never enough ?easy money? to go around. > > How do we reconcile this view with stories that cybercrime rivals the > global drug trade in size? One recent estimate placed annual direct > consumer losses at $114 billion worldwide. It turns out, however, that > such widely circulated cybercrime estimates are generated using > absurdly bad statistical methods, making them wholly unreliable. > > Most cybercrime estimates are based on surveys of consumers and > companies. They borrow credibility from election polls, which we have > learned to trust. However, when extrapolating from a surveyed group to > the overall population, there is an enormous difference between > preference questions (which are used in election polls) and numerical > questions (as in cybercrime surveys). > > For one thing, in numeric surveys, errors are almost always upward: > since the amounts of estimated losses must be positive, there?s no > limit on the upside, but zero is a hard limit on the downside. As a > consequence, respondent errors ? or outright lies ? cannot be canceled > out. Even worse, errors get amplified when researchers scale between > the survey group and the overall population. > > Suppose we asked 5,000 people to report their cybercrime losses, which > we will then extrapolate over a population of 200 million. Every > dollar claimed gets multiplied by 40,000. A single individual who > falsely claims $25,000 in losses adds a spurious $1 billion to the > estimate. And since no one can claim negative losses, the error can?t > be canceled. > > THE cybercrime surveys we have examined exhibit exactly this pattern > of enormous, unverified outliers dominating the data. In some, 90 > percent of the estimate appears to come from the answers of one or two > individuals. In a 2006 survey of identity theft by the Federal Trade > Commission, two respondents gave answers that would have added $37 > billion to the estimate, dwarfing that of all other respondents > combined. > > This is not simply a failure to achieve perfection or a matter of a > few percentage points; it is the rule, rather than the exception. > Among dozens of surveys, from security vendors, industry analysts and > government agencies, we have not found one that appears free of this > upward bias. As a result, we have very little idea of the size of > cybercrime losses. > > A cybercrime where profits are slim and competition is ruthless also > offers simple explanations of facts that are otherwise puzzling. > Credentials and stolen credit-card numbers are offered for sale at > pennies on the dollar for the simple reason that they are hard to > monetize. Cybercrime billionaires are hard to locate because there > aren?t any. Few people know anyone who has lost substantial money > because victims are far rarer than the exaggerated estimates would > imply. > > Of course, this is not a zero-sum game: the difficulty of getting rich > for bad guys doesn?t imply that the consequences are small for good > guys. Profit estimates may be enormously exaggerated, but it would be > a mistake not to consider cybercrime a serious problem. > > Those who?ve had their computers infected with malware or had their > e-mail passwords stolen know that cleaning up the mess dwarfs any > benefit received by hackers. Many measures that tax the overall > population, from baroque password policies to pop-up warnings to > ?prove you are human? tests, wouldn?t be necessary if cybercriminals > weren?t constantly abusing the system. > > Still, that doesn?t mean exaggerated loss estimates should be > acceptable. Rather, there needs to be a new focus on how consumers and > policy makers assess the problem. > > The harm experienced by users rather than the (much smaller) gain > achieved by hackers is the true measure of the cybercrime problem. > Surveys that perpetuate the myth that cybercrime makes for easy money > are harmful because they encourage hopeful, if misinformed, new > entrants, who generate more harm for users than profit for themselves. > > Dinei Flor?ncio is a researcher and Cormac Herley is a principal > researcher at Microsoft Research. > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 16 07:06:13 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Apr 2012 08:06:13 -0400 Subject: [Infowarrior] - From the Birthplace of Big Brother Message-ID: <0CA300BC-713A-4369-8259-7326059B3A52@infowarrior.org> http://www.nytimes.com/2012/04/16/opinion/from-the-birthplace-of-big-brother.html?hp=&pagewanted=print April 15, 2012 From the Birthplace of Big Brother The George W. Bush team must be consumed with envy. Britain?s government is preparing sweeping new legislation that would let the country?s domestic intelligence agencies monitor all private telephone, e-mail, text message, social network and Internet use in the country, bypassing requirements for judicial warrants. As with all such legislation on both sides of the Atlantic, sponsors promote the bill as a necessary new tool to keep the public safer from would-be terrorists, child molesters and common criminals. We are not convinced. What such sweeping new powers surely would do is compromise the privacy and liberty of law-abiding British citizens without reasonable justification. Proper warrants, in Britain, as in the United States, are not hard to obtain whenever there is reasonable cause. And without such cause, the authorities should not have unchecked power to snoop on private conversations. As Britain?s ongoing hacking scandals demonstrate, unflattering private information in police hands can be selectively leaked or bartered to unprincipled media outlets with painful consequences. The measures now being contemplated would betray the election promises of both parties in Prime Minister David Cameron?s coalition to be more protective of traditional British civil liberties than their Labor Party predecessors. When Tony Blair proposed similar legislation in 2006, the Conservatives and Liberal Democrats, both then in opposition, rightly opposed it and Labor backed down. The government?s proposed law will not be unveiled until next month. But the British press is full of semi-official leaks. The Sunday Times of London reported a few weeks ago that Internet companies would be required to install hardware that would let intelligence agencies routinely monitor headers and patterns of communication and give the agencies the capacity to monitor the contents of individual communications without a warrant. There is still time for more reasonable voices to prevail. David Davis, for example, a leading Conservative backbencher, has publicly challenged the proposal for not focusing on terrorists or criminals, but on ?absolutely everybody.? He rightly characterizes it as ?an unnecessary extension of the ability of the state to snoop on ordinary innocent people in vast numbers.? Britain has no formal equivalent of America?s constitutional guarantee against unreasonable search, although that concept is rooted in English common law. But Britain has its own long and admirable civil liberties traditions going back to the Magna Carta of 1215. With London?s Olympics just months away, we recognize the need for vigilance against terrorist plots. But this legislation would go much too far. It needs to be rethought to protect the privacy of innocent British citizens. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 16 19:53:34 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 16 Apr 2012 20:53:34 -0400 Subject: [Infowarrior] - Happy 35th birthday, Apple ][ Message-ID: <8022B9DC-275B-4966-B06D-F83C2FE28488@infowarrior.org> Happy 35th birthday, Apple II by Victor Agreda, Jr. Apr 16th 2012 at 7:00PM Harry McCracken has a nice write up on the debut, evolution and legacy of the Apple II (or, ][ as I like to call it). The Apple II was unveiled 35 years ago, and it ushered in the home computing revolution. I am a product of that revolution, as my dad bought an Apple ][ in 1978 and it sits by my desk now, shown in the picture above. There were no computer stores back then so he bought one in the back of a bike shop, where a little hobbyist section had Altairs and other user-unfriendly computers. From then my own path was set, as I wouldn't own a "PC" running anything other than an Apple OS until the 90s. For millions of other Apple customers, the same thing would be true. The Apple II proved to be a great computer for schools, small businesses and homes. Here's to the machine that started it all! http://www.tuaw.com/2012/04/16/happy-35th-birthday-apple-ii --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 17 06:54:39 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Apr 2012 07:54:39 -0400 Subject: [Infowarrior] - DHS chief contemplating proactive cyber attacks Message-ID: <13C13DF6-8589-4069-819D-01801DA61960@infowarrior.org> (c/o PF, and I echo is "WTF" comment to me. --rick) Homeland Security chief contemplating proactive cyber attacks By Steve Johnson sjohnson at mercurynews.com Posted: 04/16/2012 07:35:38 PM PDT Updated: 04/16/2012 09:08:36 PM PDT http://www.mercurynews.com/rss/ci_20410915 Homeland Security Secretary Janet Napolitano said Monday she would consider having tech companies participate with the government in "proactive" efforts to combat hackers based in foreign countries. Napolitano, who made the comments during a meeting at the San Jose Mercury News with the editorial board and reporters, declined to say what steps corporations and federal agencies might take against foreign cybercrooks, who have been blamed for numerous computerized incursions against the United States. She made the remarks in response to a question, and emphasized the idea is merely one she would consider and that no decisions have been made. In discussing the private partnerships she is promoting to combat cyberattacks, Napolitano was asked if instead of just taking defensive measures, the government and companies should be launching proactive counterattacks against foreign-based culprits. "Should there be some aspect that is in a way proactive instead of reactive?" she responded, and then answered her own question with "yes." She added, "it is not something that we haven't been thinking about," noting someone else had raised the subject with her earlier Monday. However, Napolitano said some restrictions might have to be placed on businesses participating in such cyber activities because "what you are doing is authorizing a private entity to do what might otherwise be construed as an attack on another entity." Coming from one of the Obama administration's top national security officials, Napolitano's comments alarmed some cybersecurity specialists and civil libertarians, who said having companies participate in such activities could have grave consequences. Melissa Hathaway, a former top federal cybersecurity official with the National Security Council and the Office of the Director of National Intelligence who now has a consulting firm, said she was surprised at Napolitano's comments and was unaware of any businesses that had participated in proactive cyberattacks. "The private sector is not allowed to perform what is an inherently government activity" without a law permitting such activity, Hathaway said. An electronic pre-emptive strike against a foreign cyber adversary "could be interpreted as an act of war or armed aggression" depending on who is targeted, she added. Napolitano's comments also troubled Dan Auerbach, staff technologist with the Electronic Frontier Foundation, a nonprofit group that lobbies to protect the privacy and civil liberties of people using the Internet. "We all support having an environment where these cyber threats can't happen," he said. But he fears some proactive efforts -- such as shutting down a computer network that crooks have infiltrated -- might harm others who legitimately use the same network. "When I hear proactive effort, it makes me cringe a little bit because it makes me wonder what the mechanism is going to be," Auerbach said. Claiming many cyberattacks on targets in this country have been launched from China, experts say those and others have cost U.S. corporations billions of dollars and victimized many federal agencies. In July, then-Deputy Defense Secretary William Lynn revealed that "foreign intruders" have taken "terabytes of data" from defense companies, ranging from specifications for parts of tanks, airplanes and submarines to "our most sensitive systems." As a result, federal officials have been actively recruiting business and other experts in the Bay Area to help defend the nation against the threat. Before visiting the Mercury News, Napolitano spent the morning at San Jose State appealing for assistance from businesses, students and others in the private sector. Participants discussed "vulnerabilities" in the nation's computer infrastructure, said Napolitano, who described the sessions as "very productive." One idea proposed by the university's president, Mohammad Qayoumi, was to create a Center of Academic Excellence at the school focused on cybersecurity. It would work in conjunction with federal agencies, which have set up such centers around the country to conduct research on national security subjects. "The idea would be to take a multidisciplinary approach to the issue, drawing from all of our colleges and many departments," including engineering, science, business, justice studies, political science and education, said San Jose State spokeswoman Pat Lopes Harris. On a separate matter, Napolitano took issue with an article this weekend in The Wall Street Journal by Kip Hawley, former head of the Transportation Security Administration, a branch of Napolitano's agency that Hawley disparaged for having "bred contempt" among the public. "More than a decade after 9/11, it is a national embarrassment that our airport security system remains so hopelessly bureaucratic and disconnected from the people whom it is meant to protect," Hawley wrote. In response, Napolitano said her agency has made a number of improvements in the way the TSA operates and plans more. But she added that minimizing passenger problems while bolstering security wasn't easy because "we're dealing with the largest, most complex aviation system in the world." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 17 16:10:08 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Apr 2012 17:10:08 -0400 Subject: [Infowarrior] - CISPA Sponsor Mike Rogers Says Protests Are Mere 'Turbulence' On Landing Message-ID: CISPA Sponsor Mike Rogers Says Protests Are Mere 'Turbulence' On Landing from the tmi dept http://www.techdirt.com/articles/20120417/11210618530/cispa-sponsor-mike-rogers-says-protests-are-mere-turbulence-landing.shtml It appears that Congress still doesn't get it. Rep. Mike Rogers, the sponsor of the bad CISPA bill that puts your privacy at risk, really doesn't seem particularly concerned about the protests that have been happening online this week. He referred to them as being "like turbulence on the way down to landing" for the bill. He also said that he fully expects the bill to easily pass next week when its brought to the floor. What really comes through in the article -- which mostly talks about how Rogers has been supposedly working with Google to change some of the language in the bill to make it more acceptable -- is how little concern Rogers has for the public. Instead, most of the article just talks about how he's been working with tech companies to make sure they're okay with the bill. And while that's a start, it's no surprise that lots of tech companies would be okay with CISPA, because it grants them broad immunity if they happen to hand over all sorts of private info to the government. But to then call the protests mere "turbulence" is pretty damned insulting to the actual people this will impact the most: the public, whose privacy may be violated. While we appreciate Rogers' willingness to amend the bill, it seems clear that there are still major problems with it, and Rogers does not seem to be actually listening to the privacy concerns of the public -- just the various tech companies. In the meantime, the protests continue, and if Rogers thinks they're mere "turbulence" then it appears that not enough people are speaking out. The folks at Fight for the Future have put together an excellent page to make it easier to speak out, over at CongressTMI.org. At the very least, is it that difficult for Congress to present a real reason why this bill is needed? Bogus stories of planes falling from the sky or evil Chinese hackers really aren't cutting it. Perhaps Congress should talk to some of the experts who note that Congress doesn't understand the tech enough to regulate it properly. As privacy expert Jim Harper notes: "Congress has no particular capacity or knowledge of how to do cybersecurity," Harper says. "It's not a choice between two different versions in the House and two different versions in the Senate. The question is still open: is Congress capable of doing any good here?" Unfortunately, in the mad dash to pass these bills (which appear to be much more about who gets to control multi-billion dollar "cybersecurity budgets" than anything else), no one in Congress seems willing to address the basic question of what problem this really solves. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 17 16:11:31 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Apr 2012 17:11:31 -0400 Subject: [Infowarrior] - Iran publishes "Request for Information" for "halal" Internet Message-ID: <18B797A9-ED15-441A-9C32-11B226588391@infowarrior.org> Iran publishes "Request for Information" for "halal" Internet By Cyrus Farivar | Published about 2 hours ago http://arstechnica.com/tech-policy/news/2012/04/iran-publishes-request-for-information-for-halal-internet-project.ars Iran appears to have recently published a Persian-language "Request for Information" (RFI) for an even-more filtered and monitored version of the Internet than what presently exists in the Islamic Republic. The RFI calls for "proper conditions for domestic experts in order to build a healthy Web and organize the current filtering situation," and lists a deadline of April 19, 2012. The document, which was discovered on Monday by a Washington, DC-based Internet surveillance researcher, was posted to the website of the Research Institute for ICT in Tehran. The institute describes itself in English as the "mother consultant to the Ministry of ICT." The document appears to be the latest step in what Iranian government officials have previously called the "halal Internet." The government has not yet explained precisely what they mean, nor what its technical capabilities are, nor when it would launch. "Currently the matter of Internet cleanup is being done via filtering at the Internet gateways of our country, which has had its own set of problems," the RFI states, according to an English translation of the document. Iran not likely cutting off Internet entirely Collin Anderson, the researcher who found the document, said this RFI shows an unexpected shortcoming of the Iranian government to capitalize on its own domestic ability and recent deals with Chinese telecom companies such as Huawei and ZTE. Huawai said late last year it was pulling out of Iran. ZTE, meanwhile, has previously sold millions of dollars of telecom and surveillance equipment to the Islamic Republic. "I believe this clearly demonstrates that the Iranian government does not intend on cutting off access to the external Internet time soon," Anderson told Ars on Tuesday, explaining that the acquisition of a censorship system would not be necessary if Iran was trying to create a highly restricted whitelist or completely cut itself off from the Internet. "This might suggest that the government has not been able to acquire the services of foreign companies for planning and optimizing an infrastructure," he added. "This is surprising for those, including me, who believe that much of the censorship software and hardware was being developed internally. The RFI seems to imply the desire to move beyond blacklisting sites and keywords, to a more intelligent system of detecting and blocking ?immoral? content, such as pornographic or culturally offensive material." The document requests bids between April 11 and April 19 to be sent directly to a "Mr. Farzin" at the Research Institute. "The creation of a comprehensive Internet purifying system that works based on analysis of Web content is considered among the most important activities in this area and efforts must be made to cultivate domestic technologies," the RFI continues. "In addition to creating a domestic industry, among other goals of the institute are the purchase and acquisition of foreign technical knowledge and leveraging of the latest technology alongside domestic ones." Revolution Guard network Recently, the Islamic Republic has stepped up its rhetoric concerning the "clean" or "halal" Internet, while also recently launching a separate, closed, communications network for the Islamic Revolutionary Guard Corps, Iran?s premier paramilitary force that deals with internal security. "We are not in an imaginary state of threats or sanctions," said Revolutionary Guard Deputy Cmdr. Hossein Salami, in late March, according to a Monday article by the Associated Press. The news agency also reported that the new closed communications system is called "Basir," or Perspective. "Threats and sanctions are practically being enforced against us. Communications have changed the picture of the world including threats and wars," Salami said. Defeating the "Electronic Curtain" Other Iranian experts have suggested that this apparent ramping up of the halal Internet has come as a direct result of American efforts to pierce what President Barack Obama recently called an "electronic curtain" over Iran. Since 2010, the State Department has been heavily involved in funding "Internet freedom" efforts to bring unrestricted access to various parts of the world, including Iran. "If you read some of the explanations that are given in various websites that are close to intelligence agencies, [and the Revolutionary Guard], the thing that comes up is that they emphasize the fact that the US has become a lot more active in Internet in communicating with various sectors of the Iranian society, and there is a need to respond to that now," Nader Entessar, the chair of the political science department at the University of South Alabama, told Ars on Tuesday. Others, like Ehsan Norouzi, an Iranian tech journalist based in Germany, note that previous efforts to control the Iranian Internet have "never been successful," citing other pending projects that are unlikely to take off, like a national operating system, e-mail system, and search engine. "They don't have enough logistics, talents, or experts to implement these ideas," he told Ars on Tuesday. "It?s not the only plan they?ve had," he added. "These kinds of ideas, after mentioning soft war and cyberwar, particularly in the Supreme Leader's speeches, have grown explosively [in recent years.] There were dozens of plans for cleansing or purifying, and increasing their control on cyberspace significantly. But the government has been successful in reducing the possibility of access in Iran, as few people have broadband access and that bandwidth is often restricted." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 17 16:13:20 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Apr 2012 17:13:20 -0400 Subject: [Infowarrior] - Military Intelligence Gadfly Will Lead All Military Intelligence Message-ID: <7C1D456C-4340-46BF-90ED-8CB8C241FB76@infowarrior.org> Military Intelligence Gadfly Will Lead All Military Intelligence ? By Spencer Ackerman ? Email Author ? April 17, 2012 | ? 3:16 pm | http://www.wired.com/dangerroom/2012/04/michael-flynn-dia/ Lt. Gen. Michael Flynn, shown here (right) as a two-star general in Afghanistan in 2010, has been nominated to head the Defense Intelligence Agency. Photo: DVIDSHUB One of the most disruptive men in the sprawling U.S. spy community, someone who turned the military?s elite killers into top spies, will likely soon be in charge of all military intelligence. The Pentagon on Tuesday nominated Army Lt. Gen. Michael Flynn to be the head of the Defense Intelligence Agency, the U.S.? central military-intel hive. That might not go over so well with many responsible for battlefield intelligence. The first time most people outside of the shadows heard of Flynn, he was loudly complaining that military intelligence in Afghanistan sucked. ?Eight years into the war in Afghanistan, the U.S. intelligence community is only marginally relevant to the overall strategy,? Flynn wrote in January 2010 for the Center for a New American Security, an influential D.C. think tank. At the time, Flynn was head of intelligence for the war command in Afghanistan. His remedy: Stop looking so much at the Taliban, since its presence and activities were lagging indicators of the war?s fates; understand instead the ?pivotal Afghan districts? that would determine the war?s outcome ? which, he also reported internally, did not look promising. To put it mildly, Army generals used to working behind the scenes do not usually issue such critiques at all, let alone in public. That is, however, the kind of general Flynn seems to be. Long before he was moonlighting think-tank white papers, he helped transform the culture of the Joint Special Operations Command (JSOC), getting its elite commandos to believe that collecting crucial clues from raids on terrorists was central to their missions. Although Flynn and his patron, Gen. Stanley McChrystal, left JSOC years before the attack on Osama bin Laden, the fact that the Navy SEALs left bin Laden?s Abbottabad compound with hundreds of thumb drives, cellphones and hard drives is part of their legacy. All this disruption ended up professionally beneficial ? a likely consequence of how highly the Defense Department esteems JSOC?s intelligence prowess. McChrystal?s successor in Afghanistan, Gen. David Petraeus, now the CIA director, kept Flynn on his team even as the rest of the McChrystal staff flamed out after a Rolling Stone expose. Flynn?s next job, which he retains, was to be a top deputy to the Director of National Intelligence, nominally the head of the 16-agency spy community. The Defense Intelligence Agency is a powerful if obscure organization responsible for providing intelligence to military commands, the Pentagon and the Joint Chiefs of Staff. Its secret weapon: It?s chiefly responsible for all of the Defense Department?s human informants. Yet it can seem overly bureaucratic and in eclipse compared to the military tactical-intelligence shops it helps man. ?Flynn?s nomination is interesting because he does not seem like someone who would choose to be a placeholder at an agency in decline,? says spywatcher Steve Aftergood of the Federation of American Scientists. ?The appointment may signal a revival of DIA, or at least some upheaval.? It?s also yet another reminder that JSOC has had an overwhelming influence over the secretive intelligence world that fights the United States? undeclared Shadow Wars. McChrystal, the man who revolutionized JSOC, may be gone. But his successor, Adm. William McRaven, is now the head of all U.S. special operations. His close friend Petraeus is now at the CIA. Another key ally, Michael Vickers, is the top civilian Pentagon official for intelligence. Flynn is the latest to ascend, pending Senate approval. And he?s probably not done breaking the spy community?s furniture. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 17 17:46:33 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Apr 2012 18:46:33 -0400 Subject: [Infowarrior] - Tim Berners-Lee urges government to stop the snooping bill Message-ID: <4503B11C-3B11-49C6-97CB-C605996757DE@infowarrior.org> Tim Berners-Lee urges government to stop the snooping bill Exclusive: Extension of surveillance powers 'a destruction of human rights' ? Ian Katz ? guardian.co.uk, Tuesday 17 April 2012 16.34 EDT ? Article history http://www.guardian.co.uk/technology/2012/apr/17/tim-berners-lee-monitoring-internet The government's controversial plans to allow intelligence agencies to monitor the internet use and digital communications of every person in the UK suffered a fresh blow on Tuesday when the inventor of the world wide web warned that the measures were dangerous and should be dropped. Sir Tim Berners-Lee, who serves as an adviser to the government on how to make public data more accessible, says the extension of the state's surveillance powers would be a "destruction of human rights" and would make a huge amount of highly intimate information vulnerable to theft or release by corrupt officials. In an interview with the Guardian, Berners-Lee said: "The amount of control you have over somebody if you can monitor internet activity is amazing. "You get to know every detail, you get to know, in a way, more intimate details about their life than any person that they talk to because often people will confide in the internet as they find their way through medical websites ? or as an adolescent finds their way through a website about homosexuality, wondering what they are and whether they should talk to people about it." The British computer engineer, who devised the system that allows the creation of websites and links, said that of all the recent developments on the internet, it was moves by governments to control or spy on the internet that "keep me up most at night". The government ran into a storm of criticism earlier this month when it emerged that it was planning to allow GCHQ to monitor all communication on social media, Skype calls and email communication as well as logging every site visited by internet users in Britain. Berners-Lee said: "The idea that we should routinely record information about people is obviously very dangerous. It means that there will be information around which could be stolen, which can be acquired through corrupt officials or corrupt operators, and [could be] used, for example, to blackmail people in the government or people in the military. We open ourselves out, if we store this information, to it being abused." He said that if the government believed it was essential to collect this kind of sensitive data about individuals, it would have to establish a "very strong independent body" which would be able to investigate every use of the surveillance powers to establish whether the target did pose a threat, and whether the intrusion had produced valuable evidence. But he said that since the coalition had not spelled out an oversight regime, or how the data could be safely stored, "the most important thing to do is to stop the bill as it is at the moment". The intervention of the highly respected internet pioneer creates a headache for Theresa May, the home secretary, who has said she plans to press on with introducing the new measures after the Queen's speech next month, despite concerns raised by senior Liberal Democrats. It will add to the woes of ministers mired in damaging battles over unpopular policy proposals on several fronts. Berners-Lee was speaking to the Guardian as part of a week-long series on the battle for control of the internet, examining how states, companies and technological developments are challenging the principles of openness and universal access on which the net was built. Berners-Lee has been an outspoken defender of the "open internet", warning in 2010 that web freedom was under threat from the rise of social network "silos" such as Facebook, "closed world" apps such as those released by Apple, and governments' attempts to monitor people's online behaviour. He said he remained concerned about the creation of "strong monopolies" but believed it was unlikely that internet giants such as Facebook and Google would enjoy their dominance indefinitely. "The battle lines are being drawn and things are in a huge state of flux, so it's very difficult to tell, when you look at the world now, what it's going to look like in a few months' time." He said that throughout the history of the internet, people had been concerned about the emergence of apparently dominant giants, but they were vulnerable to smaller companies that could innovate more effectively. In a coded reference to predictions that Facebook could in soon become, in effect, for most people, the internet, he recalled a "wise" colleague who pointed out more than 20 years ago: "It's amazing how quickly people on the internet can pick something up, but it's also amazing how quickly they can drop it." Acknowledging growing concerns about online privacy, he said computer users received significant benefits from the vast amount of data that big web companies accumulate about them, but that increasingly they would seek to apply limits to how the data could be used, as well as demanding access to the data themselves. Although Google now allows users to obtain all the data it holds about them and Facebook provides a similar, slower service, individual users were not yet being allowed to exploit all the information relating to them to make their lives easier. Armed with the information that social networks and other web giants hold about us, he said, computers will be able to "help me run my life, to guess what I need next, to guess what I should read in the morning, because it will know not only what's happening out there but also what I've read already, and also what my mood is, and who I'm meeting later on". Berners-Lee said big web companies would come under more pressure to make personal data more available, and that users might insist that the information was not held by the companies themselves. "Perhaps what you'd want in the future is to have this piece of cloud storage and to say to somebody like ... Google: 'Look, don't store it on your site, store it here. I will control who gets access to it.' That would turn the tables and leave me in control of the data." He was worried by the rise of so-called "native apps" such as those produced for the iPhone and iPad, because they were not searchable. "Every time somebody puts a magazine on a phone now and doesn't put it on to a web app [a form of open software], we lose a whole lot of information to the general public discourse ? I can't link to it, so I can't tweet it, I can't discuss it, I can't like it, I can't hate it." But he said the rapid improvement of web apps, and their ability to offer functionality and slickness previously only available from Apple or Android apps, would return more information to the open internet. In a clear dig at Apple's highly restrictive ecosystem, he said: "I should be able to pick which applications I use for managing my life, I should be able to pick which content I look at, and I should be able to pick which device I use, which company I use for supplying my internet, and I'd like those to be independent choices." Berners-Lee, who is speaking at the World Wide Web Conference in Lyon on Wednesday, also warned people against assuming that major websites and social networks would be around for ever. "I think we need to be more conscious that places that seem very secure may in the future disappear. The long-time persistence of all this data ? is an issue for all of us if we think that maybe our grandchildren, depending on which website we use, may or may not be able to see our photos." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 17 20:21:52 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 17 Apr 2012 21:21:52 -0400 Subject: [Infowarrior] - WH pushes against House cybersecurity bill Message-ID: <90A1C0D2-B885-4641-BADA-25E371629D7E@infowarrior.org> Yes, but will he veto it? (I bet not) -- rick Administration pushes against House cybersecurity bill By Brendan Sasso - 04/17/12 07:35 PM ET thehill.com/blogs/hillicon-valley/technology/222143-white-house-criticizes-cybersecurity-bill-cispa The White House issued a statement late Tuesday criticizing a House cybersecurity bill after top administration officials briefed lawmakers on the threat of cyber attacks. In a statement, National Security Council spokeswoman Caitlin Hayden said any cybersecurity legislation should include strong privacy protections and should set mandatory security standards for critical infrastructure systems, such as electrical grids and water supplies. The House is set to vote on the Cyber Intelligence Sharing and Protection Act (CISPA) next week. CISPA would encourage companies to share information about cyber threats, but the bill lacks any regulations for critical infrastructure companies and has drawn fire from privacy advocates. The American Civil Liberties Union, the Center for Democracy and Technology, the Electronic Frontier Foundation and other groups are leading a week of protests against CISPA, which they warn could lead companies to hand over private user information to spy agencies. "The nation?s critical infrastructure cyber vulnerabilities will not be addressed by information sharing alone," Hayden said. "Also, while information sharing legislation is an essential component of comprehensive legislation to address critical infrastructure risks, information sharing provisions must include robust safeguards to preserve the privacy and civil liberties of our citizens. Legislation without new authorities to address our nation?s critical infrastructure vulnerabilities, or legislation that would sacrifice the privacy of our citizens in the name of security, will not meet our nation's urgent needs," she said, without explicitly mentioning CISPA. The statement followed a classified briefing for all members of the House led by Homeland Security Secretary Janet Napolitano, FBI Director Robert Mueller, National Security Agency Director Keith Alexander and Principal Deputy Director of National Intelligence Stephanie O'Sullivan. The officials warned lawmakers that new regulatory powers are needed to protect the nation from devastating cyber attacks. "The classified briefing was intended to provide all House Members with an appreciation for the cyber threat facing the nation as they consider new legislative authorities that could help the U.S. Government prevent and more quickly respond to cyber intrusions and attacks," Hayden said. The White House has endorsed a cybersecurity bill from Sens. Joe Lieberman (I-Conn.) and Susan Collins (R-Maine) that would give the Homeland Security Department the power to enforce cybersecurity standards for critical systems. The bill also includes more privacy protections than CISPA, such as requiring that companies strip out personally identifiable information from the data they turn over to the government. Critics of the Lieberman-Collins bill say it would impose unnecessary and burdensome regulations on businesses. Rep. Mike Rogers (R-Mich.), the sponsor of CISPA, expressed skepticism in a speech Tuesday morning that House Republicans would approve any bill that creates a new regulatory regime. He predicted supporters of the Lieberman-Collins bill are "going to have some difficulty" getting the legislation through the House. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 18 07:15:42 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2012 08:15:42 -0400 Subject: [Infowarrior] - Why did an MPAA executive join the Internet Society? Message-ID: <2571E5A9-B727-4493-80A2-3F027CEBD986@infowarrior.org> Why did an MPAA executive join the Internet Society? Paul Brigner campaigned for SOPA, but now he says he's 'adjusted' his thinking. Is he a mole? No, he's just woken up to reality ? Cory Doctorow ? guardian.co.uk, Tuesday 17 April 2012 05.21 EDT ? Article history http://www.guardian.co.uk/technology/2012/apr/17/why-mpaa-executive-joined-internet-society Late in March, I started to get a steady stream of emails from concerned readers: did you see that the Internet Society has appointed the former chief technology officer of the MPAA to be their North American regional director? I was as alarmed as they were. The Internet Society ? ISOC ? is an international nonprofit organisation whose mission is "to assure the open development, evolution and use of the internet for the benefit of all people throughout the world". More concretely, ISOC is also in charge of the .ORG registry, through its subsidiary, the Public Interest Registry. .ORG holds a special place in the heart of internet activists. In the early days of the internet, there were only three generic top-level domains (gTLDs): .ORG, .NET, and .COM, and even though other gTLDs have been created since (like .INFO), these three are the most recognisably legitimate, credible domains in the world. But .NET and .COM aren't what they once were. The past year has seen a series of sloppy, high-profile domain seizures from .NET and .COM. There were extrajudicial, cloak-and-dagger operations run by the Obama administration's customs enforcers, acting on flimsy tips from junior employees at the big entertainment lobbies. Domains like dajaz1.com disappeared into Kafkaesque legal grey zones of secret evidence and hidden processes. Worse still was the seizure of the mooo.com domain, which was replaced with a stern warning saying the website that had once lived at that name had been a haven of child pornography (it wasn't ? it had been home to 84,000 perfectly normal, harmless websites, all of whose owners were tarred by the accusation). And who can forget JotForm's seizure, another baseless, erroneous confiscation that made headlines in the middle of the fight over the proposed US Stop Online Piracy Act, as a precusor to what life might be like under that regime. Tellingly, none of the seizures came from .ORG-space. .NET and .COM are managed by Verisign, a US firm with a history of playing nice with US law enforcement and administrative agencies, even when those agencies and officers are acting outside the law. But ISOC has an admirable history of standing its ground and demanding warrants, judicial orders and all the other formalities attending a society governed by the rule of law. SOPA's advocates viewed extrajudicial domain seizure without due process or the presumption of innocence as key to an effective copyright enforcement strategy. The now discredited law was filled with ways that you could lose your domain, from the "market based" approach of directly allowing rightsholder groups to order their seizure to a simplified process for sympathetic government agencies to effect seizures. There was even a provision for allowing domain registrars to pre-emptively seize domains from themselves without first receiving a complaint, and without having to worry about being sued for damages if it turned out they'd been wrong. Paul Brigner was chief technical officer of the Motion Picture Association of America during the SOPA debacle. During his one-year tenure with the MPAA, he made a handful of blog posts to the organisation's website, defending SOPA generally, and specifically pooh-poohing the idea that SOPA would have a negative impact on the overall security of the internet. This was the hottest hot potato during the SOPA fight, as eminent computer scientists and security experts argued that the law's provision against tools that made it possible to defeat domain name blocks would kill work on projects like DNSSEC, a technology that counters the domain hijacking techniques employed by identity thieves and other fraudsters, as well as totalitarian governments who want to block access to foreign news sites. And before Brigner had been at the MPAA, he had been an official at US the telecom giant Verizon, , where he was on the record opposing net neutrality (the idea that ISPs should connect users to the sites they request, and not slow down some sites to the benefit of competitors who've paid for the privilege). Net neutrality is another long-running battle for ISOC, and they are staunchly for it. So how could ISOC appoint someone who had supported domain seizure, been prepared to sacrifice DNSSEC and the integrity of the internet's domain name system, and who was on the record as an opponent of net neutrality? How could such a person fill such a key role? Was he a mole put in place to weaken ISOC from within, paving the way for .ORG to join .NET and .COM as political footballs for copyright enforcers? Not according to him, and not according to ISOC. I've been peppering their press contact with a lot of questions about Brigner's appointment, and they made a good case that he is the right man for the job. I asked Brigner whether his statements about DNS blocking and seizure and net neutrality had been sincere. "There are certainly a number of statements attributed to me that demonstrate my past thoughts on DNS and other issues," he answered. "I would not have stated them if I didn't believe them. But the true nature of my work was focused on trying to build bridges with the technology community and the content community and find solutions to our common problems. As I became more ingrained in the debate, I became more educated on the realities of these issues, and the reality is that a mandated technical solution just isn't a viable option for the future of the internet. When presented with the facts over time, it was clear I had to adjust my thinking. "My views have evolved over the last year as I engaged with leading technologists on DNSSEC. Through those discussions, I came to believe that legislating technological approaches to fight copyright violations threatens the architecture of the internet. However, I do think that voluntary measures could be developed and implemented to help address the issue. "I will most definitely advocate on Internet Society's behalf in favor of all issues listed, and I share the organization's views on all of those topics. I would not have joined the organisation otherwise, and I look forward to advocating on its behalf." I asked similar questions of Walda Roseman, chief operating officer of ISOC, who concurred. "The Internet Society has known Paul for many, many years, and you may not know that he was also a founding member of our DC chapter," she says. "So he's no stranger to us. We've always found him to act with the utmost integrity and principled character. Even when on the other side of the debate, he was always considered one of the good guys, constantly reaching across the aisle to find common ground. Now, as you would expect in a case like this, we certainly took a close examination at his past views, talked with many associates and vetted every angle. And I am thoroughly convinced, as are my Internet Society colleagues, that Paul is steadfast in his belief in its position on SOPA, net neutrality and the importance of keeping the internet open and free." Intellectual honesty can be defined as the willingness to revise your beliefs in the face of contradictory evidence. Paul Brigner says that he has gradually evolved his beliefs and now repudiates the statements he made on behalf of his former employers, and his new colleagues say they believe his sincerity. They even supplied a list of personal endorsements from the likes of internet pioneer Steve Crocker. I'm left with the picture of an idealistic technologist who felt that he could do more good inside the MPAA than fighting it from outside, but gave it up as a bad job. That's not a bad sort of person to have in a position of importance at an organisation as vital to the internet's integrity as ISOC. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 18 09:52:47 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2012 10:52:47 -0400 Subject: [Infowarrior] - TSA expanding to bus pre-crime Message-ID: <8A8188B5-C8ED-4D5E-A610-BEA5A9868343@infowarrior.org> Big Sis Launches Undercover TSA Spies To Ride Houston Buses Feds to watch for suspicious activity, pre-crime behavior Paul Joseph Watson Infowars.com Tuesday, April 17, 2012 http://www.infowars.com/tsa-to-search-bags-question-passengers-on-houston-buses/ A new program in Houston will place undercover TSA agents and police officers on buses whose job it will be to perform bag searches, watch for ?suspicious activity? and interrogate passengers in order to ?curb crime and terrorism?. Democratic Congresswoman Sheila Jackson Lee unveiled the program, labeled Bus Safe, during a press conference on Friday. According to a Metropolitan Transit Authority of Houston (METRO) press release, agencies involved in the scheme will, ?ride buses, perform random bag checks, and conduct K-9 sweeps, as well as place uniformed and plainclothes officers at Transit Centers and rail platforms to detect, prevent and address latent criminal activity or behavior.? ?While local law enforcement agencies focus on overall safety measures noted above, representatives with the Transportation Security Administration (TSA) will also be on hand, lending their counter-terrorism expertise and support during the exercise,? states the press release. ?If you think you?re going to be a bad actor on buses, get ready. You are going to have a short-lived time frame,? Jackson Lee said during the press conference. The Congresswoman is a staunch advocate of the TSA, having recently chastised the passage of a new law that allows airports to evict TSA agents and replace them with private screeners by claiming it would lead to a new 9/11-style attack. According to KPRC 2 News, METRO refused to disclose on what dates or bus routes the program would be operational. As well as TSA agents, police officers from the Harris County Constable?s Office Precinct 7 will be involved. According to Phillip Levine of the Houston Free Thinkers blog, shortly after Lee gave her press conference the operation went straight into effect, with DHS and Metro Police officers questioning passengers who were exiting buses about their destinations and their reasons for riding the bus. ?When I arrived at Wheeler I got off the stage and instantly noticed the massive police presence. The police presence consisted of DHS, metro police, HPD, TSA, and Harris county police officers. They were going on to buses searching and stopping people for questions. Apparently Sheila Jackson Lee was there pushing for more security like what I was viewing. I asked the TSA agent if there was gonna be a bigger presence of metro or TSA. He said both,? Levine said in an email. This is a wake-up call for Americans who had hoped to avoid being harassed by TSA agents by not using airports. TSA agents are now being used to literally occupy America with an expansion of the 9,000 plus checkpoints that were already operational last year. 12 more TSA VIPR teams (Visible Intermodal Prevention and Response) will be added to the 25 who are already present at transportation hubs throughout the country. Back in October we reported on how Tennessee?s Homeland Security Commissioner announced that a raft of new ?security checkpoints? would be in place over the Halloween period to ?keep roadways safe for trick-or-treaters?. Earlier that same month it was announced that Transportation Security Administration officials would be manning highway checkpoints in Tennessee targeting truck drivers. TSA agents have been deployed to shake down Americans at everywhere from bus depots, to ferry terminals, to train stations, in one instance conducting pat downs of passengers, including children, who had already completed their journey when arriving in Savannah. If the mass rollout of the TSA?s occupying army of minimum wage morons is not abated, Americans will have to get used to being interrogated, frisked and treated like criminals by TSA goons on a regular basis, meaning the United States? transformation into a Soviet-style police state festooned with internal checkpoints will be complete. ********************* Paul Joseph Watson is the editor and writer for Prison Planet.com. He is the author of Order Out Of Chaos. Watson is also a regular fill-in host for The Alex Jones Show and Infowars Nightly News. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 18 10:06:49 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2012 11:06:49 -0400 Subject: [Infowarrior] - Hacker Ring Took $1M from Online Brokerage Accounts Message-ID: Hacker Ring Took $1M from Online Brokerage Accounts By Tommy Fernandez, Securities Technology Monitor April 17, 2012 http://www.financial-planning.com/news/hacker-ring-online-brokerage-accounts-2678401-1.html?zkPrintable=true Like what you see? Click here to sign up for Financial Planning's daily newsletter to get the latest on advisor market trends, investment management, retirement planning, practice management, technology, compliance and new product development. The U.S. Justice Department has charged a Russian national living in New York City for his alleged role in a ring that allegedly stole roughly $1 million by hacking into retail brokerage accounts and executing sham trades. Petr Murmylyuk, also known as ?Dmitry Tokar,? 31, of Brooklyn, N.Y., is charged with one count of conspiracy to commit wire fraud, as well as unauthorized access to computers, and securities fraud. The U.S. Securities and Exchange Commission is also filing a parallel civil action. Beginning in late 2010, Murmylyuk worked with others to steal from online trading accounts at Scottrade, E*Trade, Fidelity, Schwab and other brokerage firms. Members of the ring first gained unauthorized access to the online accounts and changed the phone numbers and email addresses on file to prevent notice of unauthorized trading from going to the victims. Once the hackers controlled the accounts, they used stolen identities to open additional accounts at other brokerage houses. They then caused the victims? accounts to make unprofitable and illogical securities trades with the new accounts that benefitted the hackers. One version of the fraud involved causing the victims? accounts to sell options contracts to the accounts, then to purchase the same contracts back minutes later for up to nine times the price. In another version of the fraud, they used the accounts to offer short sales of securities at prices well over market price and to force the victim accounts to make irrational purchases. (A short sale is a sale of stock that an investor does not own, but rather borrows from a stock lender and must eventually return.) Murmylyuk and a conspirator recruited foreign nationals visiting, studying, and living in the United States ? including Russian nationals and Houston residents Anton Mezentsev, Galina Korelina, Mikhail Shatov and others ? to open bank accounts into which illegal proceeds could be deposited. Murmylyuk and the conspirator then caused the proceeds of the sham trades to be transferred from the brokerage accounts into the bank accounts, where the stolen money could be withdrawn. Fidelity, Scottrade, E*Trade, and Schwab have reported combined losses to date of approximately $1 million as a result of the fraudulent schemes. Murmylyuk is also accused of placing a telephone call to Trade Station Securities in which he claimed to be ?Dmitry Tokar,? through whose brokerage account the ring placed approximately $200,000 in fraudulent securities trades. Murmylyuk was arrested in Brooklyn on November 3, 2011, in possession of a laptop that evidenced the fraud. Mezentsev, Korelina and Shatov were previously charged in the District of New Jersey and convicted of conspiracy to commit wire fraud based on their agreement to receive stolen money in the accounts in their names. United States District Judge Esther Salas sentenced Mezentsev, Korelina, and Shatov to 27 months, 14 months, and 14 months in prison, respectively, earlier this year. If convicted, Murmylyuk faces a maximum potential penalty of five years in prison and a $250,000 fine. Meanwhile, Murmylyuk, who has been incarcerated at Otis Bantum Correctional Center in East Elmhurst since his November 3 arrest, also faces an indictment by the Manhattan District Attorney for submitting phony tax returns in the names of hundreds of victims to the Internal Revenue Service (?IRS?) to steal their tax refunds. The defendant is accused of stealing the personal identifying information of more than 300 people by creating a fake job placement website, and falsifying wage information on the false tax returns to generate the refunds. In that case, he faces nearly 80 felony charges, including 25 counts of criminal trespass and 25 counts of identity theft. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 18 10:14:37 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 18 Apr 2012 11:14:37 -0400 Subject: [Infowarrior] - WaPo Discussion: Are you tired of technology? Message-ID: <8E690557-AF15-4996-B05F-9F24F774C055@infowarrior.org> (Posted because I agree with his sentiment. --rick) Are you tired of technology? http://www.washingtonpost.com/conversations/are-you-tired-of-technology/2012/04/10/gIQAPDDT8S_discussion.html?hpid=z11 Does anyone besides me get tired of these constant news stories about e-book readers, the latest apps for iPhone, Google?s relentless infringement of privacy, the battles between Amazon and Barnes and Noble, and anything to do with Craigslist, eBay, and, Lord help us, Facebook? I?m beginning to break out in hives whenever I hear the term ?social networking.? I?m hardly a Luddite, and once, long ago, even worked as a technical writer for a computer company, but this relentless cult of gadgetry and its attendant schlock sometimes gets to me. One would think that American cultural life has been reduced to watching Reality TV on one of the zillion useless channels now available through cable or to tapping out tweets ? ?Here I am. ... Here I am, again? ? when not following the Twitter feeds of inane celebrities. Is there a term ? perhaps ?Downward Facing Dog? could be borrowed from Yoga ? for the cocked head of people as they walk along the sidewalk peering into their cellphones or thumb their text messages? Whatever happened to sauntering, to use Thoreau?s term? You know, just walking along and daydreaming, or mulling over a problem during a stroll until you work out an answer ? solvitur ambulando, as the ancients called it ? or just admiring your azaleas and chatting with your neighbors on a leisurely amble around the block. People now walk their dogs while checking their Blackberries or hooked up to earphones or talking to the ether with their Blue-Tooths (Blue-Teeth?). I thought walking your dog was supposed to be a Zen-like period of calm and reflection, good for lowering the blood pressure and restoring tranquility to the soul. No more: People are never solitary any longer. Pascal used to say that all the trouble in the world arose because men and women couldn?t sit quietly alone in a room. These days, nobody is ever alone in a room, ever quiet. Everywhere you go the screens are illuminated, the smartphones are being smart, and people are adding to the environment?s relentless, never-ending digital clamor. Our world is a cacophony of bleatings, a carnival of expensive noise and gimcrackery. The psychiatrist Anthony Storr once wrote a book called ?Solitude: A Return to the Soul.? He stressed the benefits of quietness and solitude for ordinary people, and the creative energy it gave to artists and thinkers. Instead, we are now on the verge of that science fiction clich? ? the gigantic hive mind, constantly buzzing. And what is being said in those hits and tweets? Strip away the surface chatter and it?s usually just some variant or other of ?You like me, you really like me? or ?Please like me more? It?s like elementary school. Sigh. I?m being unfair, I know just now I?m weary of hearing about new technology. I know we?ve gained a lot, and there are benefits galore ? among them conversational sites like this one ? but right now I?m sorry that the rising generation may never have any idea of what it is to be completely out of touch with the world, or quietly alone with oneself, or possibly reading an old book, found in a real used bookshop, in that out-of-the-way corner of town. ? Michael Dirda --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 19 16:03:59 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Apr 2012 17:03:59 -0400 Subject: [Infowarrior] - Pitcairn Island doubles bandwidth to 512kbps Message-ID: <9F207E04-AA39-439B-8BB6-42E2FD107E8E@infowarrior.org> Pitcairn Island to double bandwidth to 512kbps among 48 people By Cyrus Farivar | Published about an hour ago http://arstechnica.com/business/news/2012/04/pitcairn-island-to-double-bandwidth-to-512-kbps-amongst-48-people.ars Pitcairn Island, one of the world?s most isolated, storied, and fascinating communities has doubled its Internet access to 512kbps, to be shared among its 48 residents. The island, of course, is home to the modern descendants of the infamous 1789 "mutiny on the Bounty" story, which involved the British ship the HMS Bounty. Many books and films have been created to capture the story of a band of mutineers as they eluded the British Navy and set up shop on this remote island in the south Pacific. According to a report last month from Radio New Zealand International, the United States Geological Survey has a seismic station on the island, and pays for a satellite Internet connection for the station. Locals pay NZ$100 ($81) per month for up to 2GB of data. A team from the United States is set to travel to Pitcairn in June to upgrade the satellite link. Many Pitcairn Islanders are direct descendants of Fletcher Christian, the leader of the the 18th-century group of mutineers. Despite their historic ties and home in one of the most remote corners of the globe, these islanders are no luddites. In October 2010, the first iPad arrived on the island. It went to Andrew Christian?naturally, a seventh-generation descendant of Christian. "They?re able to sell their products online such as honey, carvings, collectible items that people around the world are interested in buying," said Bill Haigh, manager of the .pn domain name, in an interview with Radio NZ. "Just the ability to reach out and find new markets has been an enormous boost to them." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 19 18:21:05 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Apr 2012 19:21:05 -0400 Subject: [Infowarrior] - MEPs back deal to give air passenger data to US Message-ID: 19 April 2012 Last updated at 11:52 ET http://www.bbc.co.uk/news/world-europe-17764365?print=true MEPs back deal to give air passenger data to US The European Parliament has adopted a controversial bill clarifying US access to personal data about airline passengers in the EU. MEPs agreed by 409 votes to 226 to let the US Department of Homeland Security see data on the Passenger Name Record (PNR), under strict controls. Supporters say this is a vital step in the fight against terrorism. But some fear information could be used for other unspecified purposes which could affect civil rights. The agreement applies to airlines operating flights between any of the 27 EU countries and the US. It covers not only European airlines but also any carriers that are "incorporated or storing data" in the EU and operating flights to or from the US. The new agreement replaces a provisional 2007 EU-US deal, under which PNR data is already transferred to the US authorities. But that deal was renegotiated, under pressure from the European Parliament, which insisted on firmer privacy safeguards. The European Commission, which drafts EU law, says the new accord does provide more legal certainty and privacy safeguards. Anti-terror monitoring The PNR information includes names, addresses, credit card and phone numbers, but in some circumstances may also include sensitive data on an individual's ethnic origin, meal choices, health, political views or sex life. The US authorities say they will "employ automated systems to filter and mask out sensitive data from PNR". Sensitive data "could be used in exceptional circumstances when a person's life is at risk", a European Parliament statement said. Such data would be accessed only case-by-case and would be permanently deleted 30 days after receipt unless needed for a specific investigation. The deal says PNR data will be used exclusively to combat terrorism or fund-raising for terrorism, as well as trans-national crimes that incur a jail sentence of three years or more. Although airlines already collect many details on passengers, from phone and credit card numbers to meal preferences and medical conditions, now they will transfer that data to the US Department of Homeland Security. Privacy concerns The BBC's Imogen Foulkes in Strasbourg says many questions remain about how the information will be used, how long the US will keep it, and who else might have access to it. Some MEPs fear the deal sets a precedent and ask how the EU would respond if China or Russia asked for the same information, our correspondent says. The European Parliament has approved a PNR deal with Australia and is negotiating one with Canada. The deal approved on Thursday, which took several years to negotiate, says any passengers who believe their data has been misused will have access to US justice to seek redress. PNR data will be stored in an active US database for up to five years. After the first six months all information which could be used to identify a passenger will be masked out. Some MEPs say the proposals leave too many unanswered questions, such as how will the US use this information, how long will it keep the data and who will have access to it? Dutch Liberal-Democrat MEP Sophie in 't Veld was involved in drafting the proposals but voted against the bill. "The results of the vote show clearly that there are very strong reservations against this agreement. However, the US made it very clear that a 'no' vote would be answered by suspending visa-free travel to the US," she said. "Many colleagues - understandably - did not want to make this sacrifice. But it is highly regrettable that the fundamental rights of EU citizens have been bargained away under pressure." The US ambassador to the EU, William E Kennard, said the vote showed a joint EU-US "commitment to the security of the travelling public". He said it would "provide legal certainty for airlines and assure travellers that their privacy will be respected". According to British Conservative MEP Timothy Kirkhope, PNR data was "instrumental" in capturing collaborators of the 7 July 2005 London bombers and the 2008 Mumbai terror attackers. He said PNR data had also "led to the capture of dozens of murderers, paedophiles and rapists" and "95% of all drug captures in Belgium and 85% in Sweden are caught using PNR data". --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 19 21:00:38 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Apr 2012 22:00:38 -0400 Subject: [Infowarrior] - Alan Turing papers on code breaking released by GCHQ Message-ID: <7D1DCD59-393C-4525-BE5A-F9FB61851D75@infowarrior.org> 19 April 2012 Last updated at 13:48 Alan Turing papers on code breaking released by GCHQ By Chris Vallance BBC News http://www.bbc.co.uk/news/technology-17771962?print=true Two 70-year-old papers by Alan Turing on the theory of code breaking have been released by the government's communications headquarters, GCHQ. It is believed Turing wrote the papers while at Bletchley Park working on breaking German Enigma codes. A GCHQ mathematician said the fact that the contents had been restricted "shows what a tremendous importance it has in the foundations of our subject". It comes amid celebrations to mark the centenary of Turing's birth. The two papers are now available to view at the National Archives at Kew, west London. GCHQ was able to approximately date the papers because in one example Turing had made reference to Hitler's age. Maths problems The papers, one entitled The Applications of Probability to Crypt, and the other entitled Paper on the Statistics of Repetitions, discuss mathematical approaches to code breaking. The principal challenge facing Turing, and those who worked at Bletchley Park, was cracking a secret code used by the Nazi government and military to scramble messages. Establishing the settings the Germans' Enigma machines had used proved vital to the codebreaking effort, ultimately providing the Allies with a significant advantage, particularly against German submarine forces. According to the GCHQ mathematician, who identified himself only as Richard, the papers detailed using "mathematical analysis to try and determine which are the more likely settings so that they can be tried as quickly as possible." Bletchley Park went on to use bombes - large electro-mechanical machines worked on by Turing - to help identify the correct settings. Richard said that GCHQ had now "squeezed the juice" out of the two papers and was "happy for them to be released into the public domain". He added that the work of Bletchley Park was held in high regard by GCHQ. "I think we are very proud of the history of our organisation and like to think that we are their successors," he said. Celebrations Bletchley Park, which now celebrates the work of the war-time code-breakers, is planning a number of activities to mark the centenary. One is to build a secure speech system, developed by Turing, called Delilah. The system which encoded and decoded voice communications, was intended to be used in a similar way to a telephone scrambler. A recreation of the system is being built by a team led by volunteer John Harper. "Alan Turing just had brilliant ideas way ahead of their time which were terribly important to the future of the world if you like," Mr Harper said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 19 21:05:24 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Apr 2012 22:05:24 -0400 Subject: [Infowarrior] - Chinese Espionage Campaign Targets U.S. Space Technology Message-ID: (c/o PF) Chinese Espionage Campaign Targets U.S. Space Technology By John Walcott - Apr 18, 2012 http://www.bloomberg.com/news/print/2012-04-18/chinese-espionage-campaign-targets-u-s-space-technology.html China is stealing U.S. military and civilian space technology in an effort to disrupt U.S. access to intelligence, navigation and communications satellites, according to a report from the State and Defense Departments. ?China?s continuing efforts to acquire U.S. military and dual-use technologies are enabling China?s science and technology base to diminish the U.S. technological edge in areas critical to the development of weapons and communications systems,? the report released yesterday found. ?Additionally, the technologies China has acquired could be used to develop more advanced technologies by shortening Chinese R&D cycles.? Two U.S. intelligence officials said that while the Chinese military isn?t preparing to fight a major land war, its goal is to deny the U.S. military access to the other four arenas in which a war might be fought -- the seas around China, the airspace surrounding the country, space, and cyberspace. The officials spoke on condition of anonymity because intelligence matters are classified. Because China?s closed political system discourages the independent thinking that spawns innovation, the Chinese rely heavily on stealing and reverse-engineering new technologies from Europe and America, both officials said. ?Economic espionage, supported by extensive open-source research, computer network exploitation and targeted intelligence operations also enables China to obtain technologies to supplement indigenous military modernization efforts,? the State and Defense departments said in an appendix to yesterday?s report. The agencies said China should be excluded from recommendations they made to ease restrictions on exports of communications and remote-sensing satellites and equipment. Chinese Denial Chinese officials have denied their government is behind cyber espionage or hacker attacks on computer systems, calling such assertions a ?Cold War ghost.? Citing the Pentagon?s Defense Security Service, the U.S. departments said yesterday that ?countries from the East Asia and Pacific region? are focusing their efforts on information systems technology used in military command, control, communications, and computers, as well as in intelligence, surveillance and reconnaissance applications. In one episode cited, Chi Tong Kuok from Macau, China, was convicted in September 2010 of conspiring to export U.S. encryption technology used by U.S. and North Atlantic Treaty Organization forces to China through Hong Kong. ?Blind and Deafen? The U.S. Departments of Commerce and Justice also have identified at least 26 major cases since 2006 in which China has tried to acquire power amplifiers with military applications, space-launch technical data and services, Delta IV rockets, information on cruise-missile design and military grade accelerometers, which are used in designing and testing aircraft, missiles, and other military equipment, according to the report. The Chinese People?s Liberation Army?s goals are clear, according to the report, which cited PLA writings about the necessity of ?destroying, damaging, and interfering? with reconnaissance and communications satellites in order to ?blind and deafen the enemy.? The same PLA analysis of U.S. and allied military operations says that ?destroying or capturing satellites and other sensors ... will deprive an opponent of initiative on the battlefield and (make it difficult) for them to bring their precision-guided weapons into full play,? according to the U.S. report. Navigation Satellites In designing its constellation of navigation satellites, the PLA is using the same downlink frequencies as Europe?s Galileo Global Navigation System, according to the report, which said that doing so will enable China to jam the common satellite communications channels and global-positioning system (GPS) receivers. Thanks in part to its successful espionage efforts, which included obtaining the plans to America?s now-retired space shuttle, China has made a great leap forward in space, the report found. China had a national record of 15 space launches in 2010, compared with 14 by the U.S., including nine new remote-sensing satellites that can be used for both military and civilian purposes. This year, China is expected to complete work on the Wenchang Satellite Launch Center on the southern Hainan Island, the U.S. departments said. Beyond space technology, China has been cited by the U.S. as a center for computer hacking to steal information or compromise corporate and government systems. Two Chinese nationals were charged by the U.S. for illegally exporting technology to their home country and pirating software from U.S. companies including Agilent Technologies Inc. (A), federal officials said yesterday. Xiang Li, 35, and Chun Yan Li, 33, a married couple from Chengdu, China, were indicted by a federal grand jury in Wilmington, Delaware, according to a statement by the U.S. Immigration and Customs Enforcement agency. To contact the reporter on this story: John Walcott in Washington at jwalcott9 at bloomberg.net To contact the editor responsible for this story: John Walcott at jwalcott9 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 19 21:15:29 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Apr 2012 22:15:29 -0400 Subject: [Infowarrior] - America's $229 trillion in derivatives visualized Message-ID: America's $229 trillion in derivatives visualized http://www.zerohedge.com/news/mother-all-infographics-visualizing-americas-derivatives-universe --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 19 21:34:02 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 19 Apr 2012 22:34:02 -0400 Subject: [Infowarrior] - Farewell, the New Frontier Message-ID: <6BF3C4D2-8552-416C-A9FA-B14C3921F89B@infowarrior.org> Farewell, the New Frontier By Charles Krauthammer, Thursday, April 19, 7:27 PM http://www.washingtonpost.com/opinions/farewell-the-new-frontier/2012/04/19/gIQA49o8TT_print.html As the space shuttle Discovery flew three times around Washington, a final salute before landing at Dulles airport for retirement in a museum, thousands on the ground gazed upward with marvel and pride. Yet what they were witnessing, for all its elegance, was a funeral march. The shuttle was being carried ? its pallbearer, a 747 ? because it cannot fly, nor will it ever again. It was being sent for interment. Above ground, to be sure. But just as surely embalmed as Lenin in Red Square. Is there a better symbol of willed American decline? The pity is not Discovery?s retirement ? beautiful as it was, the shuttle proved too expensive and risky to operate ? but that it died without a successor. The planned follow-on ? the Constellation rocket-capsule program to take humans back into orbit and from there to the moon ? was suddenly canceled in 2010. And with that, control of manned spaceflight was gratuitously ceded to Russia and China. Russia went for the cash, doubling its price for carrying an astronaut into orbit to $55.8 million. (Return included. Thank you, Boris.) China goes for the glory. Having already mastered launch and rendezvous, the Chinese plan to land on the moon by 2025. They understand well the value of symbols. And nothing could better symbolize China overtaking America than its taking our place on the moon, walking over footprints first laid down, then casually abandoned, by us. Who cares, you say? What is national greatness, scientific prestige or inspiring the young ? legacies of NASA ? when we are in economic distress? Okay. But if we?re talking jobs and growth, science and technology, R&D and innovation ? what President Obama insists are the keys to ?an economy built to last? ? why on earth cancel an incomparably sophisticated, uniquely American technological enterprise? We lament the decline of American manufacturing, yet we stop production of the most complex machine ever made by man ? and cancel the successor meant to return us to orbit. The result? Abolition of thousands of the most highly advanced aerospace jobs anywhere ? its workforce abruptly unemployed and drifting away from space flight, never to be reconstituted. Well, you say, we can?t afford all that in a time of massive deficits. There are always excuses for putting off strenuous national endeavors: deficits, joblessness, poverty, whatever. But they shall always be with us. We?ve had exactly five balanced budgets since Alan Shepard rode Freedom 7 in 1961. If we had put off space exploration until these earthbound social and economic conundrums were solved, our rocketry would be about where North Korea?s is today. Moreover, today?s deficits are not inevitable, nor even structural. They are partly the result of the 2008 financial panic and recession. Those are over now. The rest is the result of a massive three-year expansion of federal spending. But there is no reason the federal government has to keep spending 24 percent of GDP. The historical postwar average is just over 20 percent ? and those budgets sustained a robust manned space program. NASA will tell you that it?s got a new program to go way beyond low-Earth orbit and, as per Obama?s instructions, land on an asteroid by the mid-2020s. Considering that Constellation did not last even five years between birth and cancellation, don?t hold your breath for the asteroid landing. Nor for the private sector to get us back into orbit, as Obama assumes it will. True, hauling MREs up and trash back down could be done by private vehicles. But manned flight is infinitely more complex and risky, requiring massive redundancy and inevitably larger expenditures. Can private entities really handle that? And within the next lost decade or two? Neil Armstrong, James Lovell and Gene Cernan are deeply skeptical. ?Commercial transport to orbit,? they wrote in a 2010 open letter, ?is likely to take substantially longer and be more expensive than we would hope.? They called Obama?s cancellation of Constellation a ?devastating? decision that ?destines our nation to become one of second or even third rate stature.? ?Without the skill and experience that actual spacecraft operation provides,? they warned, ?the USA is far too likely to be on a long downhill slide to mediocrity.? This, from ?the leading space faring nation for nearly half a century.? Which is why museum visits to the embalmed Discovery will be sad indeed. America rarely retreats from a new frontier. Yet today we can?t even do what John Glenn did in 1962, let alone fly a circa-1980 shuttle. At least Discovery won?t suffer the fate of the Temeraire, the British warship tenderly rendered in Turner?s famous painting ?The Fighting Temeraire tugged to her last Berth to be broken up, 1838.? Too beautiful for the scrapheap, Discovery will lie intact, a magnificent and melancholy rebuke to constricted horizons. letters at charleskrauthammer.com ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 20 06:44:02 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Apr 2012 07:44:02 -0400 Subject: [Infowarrior] - Spin --- CISPA cybersecurity bill 'not being rushed through, ' aide says Message-ID: CISPA cybersecurity bill 'not being rushed through,' aide says http://news.cnet.com/8301-1023_3-57417493-93/cispa-cybersecurity-bill-not-being-rushed-through-aide-says/?part=rss&subj=news&tag=title Expecting a vote in the House next week, House Intelligence Committee attorney says at event hosted by CNET that the controversial cybersecurity bill wasn't rushed through and there is no secret agenda. by Dara Kerr April 19, 2012 10:45 PM PDT SAN FRANCISCO--A senior U.S. House of Representatives aide said at an event held this evening at CNET's headquarters that he was astonished by the recent groundswell of opposition to a cybersecurity bill expected to be voted on next week. "I'm really astounded to keep hearing this drumbeat that it's vague," Jamil Jaffer, senior counsel to the House Intelligence Committee, said during a roundtable on the Cyber Intelligence Sharing and Protection Act, or CISPA (PDF), moderated by CNET chief political correspondent Declan McCullagh and organized by Hackers and Founders. Jaffer said that CISPA's critics -- who have gathered nearly 700,000 signatures on a petition opposing it -- are ignoring its broad bipartisan support, including a 17 to 1 committee vote last December in favor of the bill along with 112 co-sponsors. CISPA opponents, which include the Electronic Frontier Foundation and the ACLU, say the measure is being "rushed through," said Jaffer, who appeared from Washington through a Google Hangout. "I can't disagree with that more." What sparked the recent privacy concerns is the section of CISPA that says "notwithstanding any other provision of law," companies may share information "with any other entity, including the federal government." While it doesn't require them to do so, that language is so broad it trumps all other federal and state privacy laws, including ones dealing with wiretaps, medical privacy, educational records, census records, and so on. Dan Auerbach, a staff technologist at the Electronic Frontier Foundation, which has criticized CISPA, said, "I don't really know what's in this bill and no one really knows because the language is incredibly unclear. It talks about cybersecurity systems, those are so vaguely defined." Other panelists included Jim Dempsey, vice president for public policy at the Center for Democracy and Technology; Dean Garfield, president of the Information Technology Industry Council; and Josh Mendelsohn from Engine Advocacy, which withdrew its opposition to CISPA last weekend. The House Rules Committee has set a deadline of next Tuesday at 1:30 p.m. PT for amendments to be proposed to CISPA before a floor vote expected later next week. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 20 07:01:28 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Apr 2012 08:01:28 -0400 Subject: [Infowarrior] - Hollywood Studios Lose Australia Lawsuit Over Downloads Message-ID: <29420F36-18C3-4684-A93E-7301331ED68A@infowarrior.org> Hollywood Studios Lose Australia Lawsuit Over Downloads By Joe Schneider - Apr 20, 2012 2:30 AM ET http://www.bloomberg.com/news/2012-04-20/hollywood-studios-lose-australia-lawsuit-over-downloads.html Walt Disney Co. (DIS) and Viacom Inc. (VIAB)?s Paramount Pictures are among Hollywood?s biggest movie studios that lost a piracy lawsuit in Australia as the country?s top court upheld rulings that a local Internet provider wasn?t responsible for customers illegally downloading films. Iinet Ltd., based in Perth, didn?t authorize the infringement when customers illegally downloaded pirated copies of movies, the High Court of Australia ruled, according to a summary of the decision released on the court?s website. Village Roadshow Ltd. (VRL)?s Roadshow Films led the companies trying to stop iiNet customers from using BitTorrent software to illegally download copyrighted films, in a precedent-setting case for Internet providers in Australia. The studios were appealing earlier court decisions vindicating iiNet (IIN), and seeking damages that they said could include royalties on illegally downloaded movies. ?It was a case where the motion picture studios wanted to expand the scope of what it means to authorize an infringement,? John Swinson, an intellectual property lawyer at King & Wood Mallesons in Brisbane, said following today?s ruling. ?This leaves the movie studios with one less option? to pursue infringement. King & Wood Mallesons wasn?t involved in the iiNet case, Swinson said. Shares Rise IiNet shares, which resumed trading after a halt ahead of today?s judgment, gained 3 percent, the most since Jan. 10, to A$3.12 at the close on the Australian Stock Exchange. The benchmark S&P/ASX200 index declined 0.1 percent. The Australian government agreed to review the Copyright Act after Singtel Optus Ltd. was cleared by a judge of wrongdoing in letting its customers watch downloads of Australian Football League and National Rugby League games on mobile devices, sometimes within minutes of the live action on free-to-air television. Jill McKeough, dean of law at the University of Technology Sydney, heads the Australian Law Reform Commission undertaking the review to determine if the legislation needs changing. Issues of copyright should be dealt with through legislation, rather than the courts, Swinson said. Tony Bannon, a lawyer representing the film studios, cited a case of an iiNet customer downloading a copy of ?Pineapple Express? in 2008, which could be identified from the BitTorrent application information. Iinet failed to warn its customers that downloading unauthorized content was illegal, Bannon told the five-member High Court panel at a Dec. 1 hearing. No Warning ?Without providing a warning of some form, they are authorizing,? Bannon said, referring to the Internet provider. IiNet takes a lot of steps to encourage people to use legitimate content, Richard Cobden, the company?s lawyer, told the court at the same hearing. ?People conceivably do not mind spending a little bit of money,? Cobden said. ?If the thing is available as an authentic item, they will download it.? The Internet provider has an agreement with Apple Inc.?s iTunes, for example, that lets customers download films without affecting their monthly download allowance, Cobden said. An appeal court last year upheld Justice Dennis Cowdroy?s 2010 verdict that iiNet wasn?t liable. ?Never Supported? The High Court judgment supported the company?s position and proved the studios? claims were unfounded, iiNet Chief Executive Officer Michael Malone said today. ?Iinet has never supported or encouraged unauthorized sharing or file downloading,? Malone said in an e-mailed statement. Also appealing were Time Warner Inc. (TWX)?s Warner Bros. Entertainment Inc., Twentieth Century Fox Film Corp., a unit of News Corp. (NWSA), and 30 other entities who owned or had exclusive licenses to commercially released films. A proposal by the film studios to force Internet providers to monitor customers? usage and cut them off for illegally downloading copyrighted material was both too narrow and too broad, Swinson said. It was too narrow because users could switch providers and continue to download and too broad because it could penalize customers whose children may inadvertently download material, he said. ?It?s overkill and ineffective,? Swinson said. The case is Roadshow Films Pty. Ltd. v iiNet Ltd.2011/HCATrans 323, High Court of Australia (Canberra.) To contact the reporter on this story: Joe Schneider in Sydney at jschneider5 at bloomberg.net To contact the editor responsible for this story: Douglas Wong at dwong19 at bloomberg.net --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 20 14:52:15 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Apr 2012 15:52:15 -0400 Subject: [Infowarrior] - Olympics 2012: branding 'police' creating info-dictatorship Message-ID: (But of course, this is ALL about the athletes, sporting competition, spirit of the games, world community, blah blah blah. Yeah, right...the only folks who believe that are clueless, members of the IOC or the games organising committee --rick) Olympics 2012: branding 'police' to protect sponsors' exclusive rights Fears stringent restrictions on use of terms such as London 2012 will limit economic benefits of Games to capital's economy ? Esther Addley ? guardian.co.uk, Friday 13 April 2012 15.11 EDT http://www.guardian.co.uk/sport/2012/apr/13/olympics-2012-branding-police-sponsors Victoria Pendleton will not be able to tweet about tucking into her Weetabix on the morning of race day, or post a video message to fans from her room in the athletes' village. Pub landlords will be banned from posting signs reading: "Come and watch the London Games from our big screen!" Fans in the crowd won't be allowed to upload snippets of the day's action to YouTube ? or even, potentially, to post their snaps from inside the Olympic Village on Facebook. And a crack team of branding "police", the Games organisers Locog have acknowledged, will be checking every bathroom in every Olympic venue ? with the power to remove or tape over manufacturers' logos even on soap dispensers, wash basins and toilets. With just a little more than three months to go until the opening of the London 2012 Games, attention is increasingly turning to what many legal experts consider to be the most stringent restrictions ever put in place to protect sponsors' brands and broadcasting rights, affecting every athlete, Olympics ticket holder and business in the UK. Locog insists the protections were essential to secure the contracts that have paid for the Olympics, but some fear the effect could be to limit the economic benefits to the capital's economy ? and set a precedent for major national celebrations in future. Britain already has a range of legal protections for brands and copyright holders, but the Olympic Games demand their own rules. Since the Sydney Games in 2000, the International Olympic Committee (IOC) has required bidding governments to commit to introducing bespoke legislation to offer a further layer of legal sanction. In 2006, accordingly, parliament passed the London Olympic Games and Paralympic Games Act, which, together with the Olympic Symbol (Protection) Act of 1995, offers a special level of protection to the Games and their sponsors over and above that already promised by existing copyright or contract law. A breach of these acts will not only give rise to a civil grievance, but is a criminal offence. "It is certainly very tough legislation," says Paul Jordan, a partner and marketing specialist at law firm Bristows, which is advising both official sponsors and non-sponsoring businesses on the new laws. "Every major brand in the world would give their eye teeth to have [a piece of legislation] like this. One can imagine something like a Google or a Microsoft would be delighted to have some very special recognition of their brand in the way that clearly the IOC has." As well as introducing an additional layer of protection around the word "Olympics", the five-rings symbol and the Games' mottoes, the major change of the legislation is to outlaw unauthorised "association". This bars non-sponsors from employing images or wording that might suggest too close a link with the Games. Expressions likely to be considered a breach of the rules would include any two of the following list: "Games, Two Thousand and Twelve, 2012, Twenty-Twelve". Using one of those words with London, medals, sponsors, summer, gold, silver or bronze is another likely breach. The two-word rule is not fixed, however: an event called the "Great Exhibition 2012" was threatened with legal action last year under the Act over its use of "2012" (Locog later withdrew its objection). A photoshoot promoting easyJet's new routes from London Southend airport was also interrupted by a Locog monitor after local athlete Sally Gunnell was handed a union flag to drape over her shoulders. According to reports, Locog felt this would create too direct an association with her famous pose after winning Olympic gold in Barcelona in 1992 (British Airways, rather than easyJet, is the airline sponsor of London 2012). Locog chose not to comment on the incident, but aspokeswoman said: "If we did not take steps to protect the brand from unauthorised use and ambush marketing, the exclusive rights which our partners have acquired would be undermined. Without the investment of our partners, we simply couldn't stage the Games." In this climate, according to Chris Moriarty of the Chartered Institute of Marketing, non-sponsoring brands are being forced to seek expensive legal advice on how to stay just the right side of the line. He cites a campaign by Marks and Spencer, with the slogan On your marks for a summer to remember, which features union flags, an egg and spoon race and an oversized gold medal, neatly dancing around the guidelines. A campaign by Nike called Make it Count, featuring Olympic athletes Mo Farah and Paula Radcliffe has proved an even greater success: a survey of Tweeters found that Nike (a non-sponsor) is the brand they most associated with the Games, instead of Adidas, which paid ?100m for official rights. "Small businesses don't have the resources to have a creative campaign like that, but also, I detect, they are too scared to do anything, because the landscape is so complicated, and there are so many dos and don'ts," says Moriarty. "It would be an awful shame if small businesses were too afraid to gain from the biggest show on earth coming to London." The CIM has called the restrictions around the London Games too draconian and raised concerns "that a precedent will have been set which unduly prohibits businesses tapping into current national and societal events". One of the IOC's principal fears in seeking bespoke legislation was around so-called "ambush" marketing, according to Locog, where businesses try to leapfrog or otherwise wriggle around branding rules. At the 2010 World Cup, 36 female Dutch fans were thrown out of a match for wearing orange dresses without logos, in what organisers deemed an ambush campaign by the beer company Bavaria. (Fifa also requires bespoke branding legislation). Industry experts believe the ambush battleground at the London Games is likely to lie in social media - still relatively new to the Games. "The big opportunity really is going to be in the online space, because there [the law] becomes a little bit more of a grey area, particularly in social media," says Alex Brownsell, news editor of Marketing magazine, "and that's where Locog are anticipating more guerilla marketing. It's harder to police and the legal influence over this kind of area is more hazy." At the Beijing Games ? where internet restrictions were also in place locally ? there were around 100 million users of social media worldwide, but the organisers had no social media presence. For London 2012 there will be more than 2 billion, and the IOC, to its credit, is making heroic efforts at engagement. "We are at a dawn of a new age of sharing and connecting," says Alex Huot, the IOC's Swiss-based head of social media, "and London 2012 will ignite the first conversational Olympic Games." Can Games organisers police social media chatter? Twitter has already agreed to work with Locog in barring non-sponsors from buying promoted ads with hashtags like #London2012. The organising committee has also put together a detailed social media and blogging policy for athletes, so that they don't accidentally fall foul of regulations - by Tweeting about a brand that isn't an Olympic sponsor, for example. (During "Games Period" - 18 July to 15 August - advertising rules become much stricter for athletes, banning all non-sponsor endorsements.) Like all attendees at any Olympic venue, there is an absolute bar on athletes uploading snatches of video or audio, which would contravene lucrative broadcasters' rights. But will Locog really disqualify Usain Bolt if he Tweets about drinking Pepsi? (Coca Cola is the main softdrink sponsor.) It's inconceivable, says Jordan. "As with many rules and regulations, some of the sanctions are very draconian, and rarely used. I do not believe there would be any great appetite for evoking any of these incredibly tough sanctions, and high-profile disqualifications of athletes ? that's the last thing they would want." "We don't police," says Huot, "but we are working closely with all the platforms to make sure that trademark and IP rights are respected and that we have a mechanism in place in case of infringements." He acknowledges, however, that moderating is a technical challenge. Organisers have asked athletes to report any ambush activities on a dedicated website, OlympicGamesMonitoring.com. It is not accessible to unauthorised persons. Locog stresses its approach will be "pragmatic" and "amicable" where possible, but even for ordinary ticket holders, the regulations are draconian if it chooses to assert them. "On a very literal reading of the terms and conditions, there's certainly an argument that the IOC could run that you wouldn't be able to post pictures to Facebook," says Jordan. "I think what they are trying to avoid is any formal commercial exploitation of those images, but that's not what it says. And for that reason, it would appear that if you or I attended an event, we could only share our photos with our aunties around the kitchen table. Which seems a bizarre consequence." Pressed for clarification on this point, Locog would only repeat its policy that images "can only be used for private purposes". In such a controlled environment, says Brownsell, there will always be a danger for marketers that association with an event that is seen as overly commercialised or legalistic may be perceived as a drawback. He cites the example of Visa, which experienced some negative press when it was the only payment option offered when tickets were offered for sale. Ultimately, however, there is a good reason for the restrictions, Brownsell stresses ? as a shortfall in sponsorship would have to be made up from the public purse. "Maybe Locog hasn't put across strongly enough the argument that these companies are paying for the Olympics, and if they weren't paying for it, we would be paying for it." From rforno at infowarrior.org Fri Apr 20 14:52:24 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Apr 2012 15:52:24 -0400 Subject: [Infowarrior] - Banned during the Games: What the rules say Message-ID: <62A6ED12-5F54-4DEE-B44A-A1296C1B5DB0@infowarrior.org> http://www.guardian.co.uk/sport/2012/apr/13/olympics-2012-branding-police-sponsors Banned during the Games: What the rules say Athletes don't ? ? Blog about your breakfast cereal or energy bar if it's not an official sponsor ? in Games Period all endorsement is banned. ? Post video clips from inside the athletes' village to your blog or Youtube. No audio or video content from inside any Olympic venue can be uploaded to any site. ? Tweet "in the role of a journalist". Athletes "must not report on competition or comment on the activities of other participants". Non-sponsor companies and businesses don't ? ? Say: "Supporting our athletes at the 2012 Games!" or "Help us make it a Gold 2012!" ? Use images that suggest an assocation with the London Olympics. ?Offer tickets as part of a promotion. Crowd members don't ? ? Upload a clip of William and Kate tripping up the steps of the Olympic stadium to Youtube: "A Ticket Holder may not license, broadcast or publish video and/or sound recordings, including on social networking websites and the internet." ? Post your pictures to Facebook ? this may fall under the same restriction. ? Take part in an ambush marketing stunt, "including, for the avoidance of doubt individual or group ambush marketing". --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 20 17:33:49 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Apr 2012 18:33:49 -0400 Subject: [Infowarrior] - A Military And Intelligence Clash Over Spy Satellites References: <7EB33041E473EC4B8C08A7CA087AC8720281C004@0015-its-exmb12.us.saic.com> Message-ID: <1625EFB8-6D1B-4BDA-9BF8-40056DF12FCF@infowarrior.org> http://www.nytimes.com/2012/04/20/us/politics/spy-satellite-clash-for-military-and-intelligence-officials.html New York Times April 20, 2012 Pg. 13 A Military And Intelligence Clash Over Spy Satellites By James Risen WASHINGTON ? The nation's spies and its military commanders are at odds over the future of America's spy satellites, a divide that could determine whether the United States government will increasingly rely on its own eyes in the sky or on less costly commercial technology. The fight is shaping up into the intelligence world?s version of the United States Postal Service versus FedEx ? a traditional government institution that must provide comprehensive services versus a more nimble private sector that is cherry-picking the most lucrative business opportunities. In recent years, advances in commercially available technology have allowed private companies to develop satellites carrying high-resolution sensors and perform many of the surveillance tasks that were once the sole preserve of classified satellites owned and operated by the intelligence community. Two private companies already provide some of America?s spy satellite imagery, at far lower costs than government-owned satellites, according to current and former government and industry officials and outside analysts. But at the urging of senior intelligence officials, the Obama administration has proposed cutting the contracts for commercial satellite imagery in half next year ? to about $250 million from $540 million ? to help meet deficit reduction requirements, while bringing back more of the work inside the government, according to administration and Congressional officials and industry experts. Both Republican and Democratic leaders on the Congressional intelligence committees are resisting the budget cuts and siding with the private companies and the military, which argues that it could not get as much imagery as it needs for combat operations without turning to the less expensive commercial technology. ?The debate is really between the military, which needs a lot of imagery but doesn?t need the highly classified imagery, and the intelligence community, which wants to keep the capability to produce its own imagery,? said Bill Wilt, a senior official with GeoEye, one of the private satellite companies. In the midst of what observers in and out of government describe as an increasingly bitter turf war, the director of the National Reconnaissance Office, the secret agency that manages the nation?s spy satellites, resigned Wednesday. Bruce Carlson, the director, issued a statement saying that he is leaving the reconnaissance office, which is part of the Department of Defense and the intelligence community, a spokeswoman for the office said. Administration officials said his resignation was not related to the satellite fight. But Mr. Carlson was said to be an advocate for cutting the budget for the commercial satellite companies, and his departure occurred as the satellite industry and its supporters on the Congressional intelligence committees were gearing up to oppose the budget cuts. Spy satellites are among the most expensive tools used by the intelligence community, dwarfing most other elements of the classified intelligence budget. When the commercial satellite industry developed in the 1990s, it could not compete with the highly sophisticated sensing equipment flown by the government?s spy satellites. But gradually, the gap between commercial satellites and the intelligence community?s has narrowed. American commercial satellite companies now produce images of higher resolution than they are permitted to sell publicly, and their only customers are United States government agencies or foreign governments, with American approval. Commercial satellites can show, for example, an image of a specific vehicle type or spare tire on a truck, while the more sensitive government-owned satellites can detect gun mounts or vehicle identification numbers. The intelligence community uses even higher resolution imagery for tasks like monitoring the North Korean and Iranian nuclear programs, but the commercial satellites are adequate for almost all of the needs of the military. Military commanders, who need access to large volumes of satellite imagery for mapping and other daily uses in combat zones, have become big advocates of the expanded use of commercial satellite imagery. ?The technology of the current satellite architecture is pretty much at its limit, and the commercial satellites are producing just about the same thing at a much lower cost,? said retired Gen. James E. Cartwright of the Marines, former vice chairman of the Joint Chiefs of Staff. ?The government?s satellites are better, but the question is, What do you need? Most studies show that about 90 percent of what the military needs can be solved with commercial.? The military also favors commercial satellites because imagery from the intelligence community cannot be easily shared with allies. ?The beauty of commercial imagery is that it is unclassified,? said Walter Scott, chief technical officer of DigitalGlobe, a satellite company based in Longmont, Colo. GeoEye and DigitalGlobe, the two satellite companies with the largest contracts to provide imagery to the government, now have a combined total of five satellites orbiting Earth, and plans to launch more with financial support from Washington. The number of government-owned spy satellites now in orbit is classified, although the N.R.O. has announced that it is launching four satellites this year. Industry officials say that General Cartwright, who retired as vice chairman last year after losing out on a bid to become chairman of the joint chiefs, was one of the biggest advocates inside the government of the increased use of commercial satellites. His departure gave more room to maneuver for his chief opponent on the issue, James R. Clapper Jr., the director of national intelligence. The intelligence community has proposed to increase spending on research and development for new government-owned satellites to meet the growing demands for imagery. But the N.R.O.?s efforts over the past decade to develop a new generation of satellites have been plagued with problems. In the late 1990s and early 2000s, it focused on a program called the Future Imagery Architecture, which was criticized by the Congressional intelligence oversight committees for bloated budgets, and which eventually collapsed. That was followed by efforts to build midsize spy satellites that would compete more directly with commercial satellites than the reconnaissance office?s current fleet of large satellites do. But that program withered away after a panel created in 2009 by Dennis C. Blair, then the national intelligence director, recommended a greater focus on the use of commercial satellites. Now, industry officials claim the decision to reverse course and slash the commercial satellite budget could leave military commanders in the lurch. Intelligence officials said the cuts would not have any impact on their ability to meet the demands for imagery from the military and the rest of the government. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Fri Apr 20 19:00:19 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Apr 2012 20:00:19 -0400 Subject: [Infowarrior] - NSA Whistleblower Speaks Live: "The Government Is Lying To You" Message-ID: <3FF60B27-AE2C-4FDF-BD82-09059F6A9AFE@infowarrior.org> NSA Whistleblower Speaks Live: "The Government Is Lying To You" Submitted by Tyler Durden on 04/20/2012 17:02 -0400 Just a month ago we raised more than a proverbial eyebrow when we noted the creation of the NSA's Utah Data Center (codename Stellar Wind) and William Binney's formidable statement that "we are this far from a turnkey totalitarian state". Democracy Now has the former National Security Agency technical director whistleblower's first TV interview in which he discusses the NSA's massive power to spy on Americans and why the FBI raided his home. Since retiring from the NSA in 2001, he has warned that the NSA?s data-mining program has become so vast that it could "create an Orwellian state." Today marks the first time Binney has spoken on national TV about NSA surveillance. Starting with his pre-9-11 identification of the world-wide-web as a voluminous problem since the NSA was 'falling behind the rate-of-change', his success in creating a system (codenamed Thin-Thread) for 'grabbing' all the data and the critical 'lawful' anonymization of that data (according to mandate at the time) which as soon as 9-11 occurred went out of the window as all domestic and foreign communications was now stored (starting with AT&T's forking over their data). This direct violation of the constitutional rights of everybody in the country was why Binney decided he could not stay (leaving one month after 9-11) along with the violation of almost every privacy and intelligence act as near-bottomless databases store all forms of communication collected by the agency, including private emails, cell phone calls, Google searches and other personal data. There was a time when Americans still cared about matters such as personal privacy. Luckily, they now have iGadgets to keep them distracted as they hand over their last pieces of individuality to the Tzar of conformity. < - > http://www.zerohedge.com/news/nsa-whistleblower-speaks-live-government-lying-you --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 20 19:30:25 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 20 Apr 2012 20:30:25 -0400 Subject: [Infowarrior] - Megaupload Trial May Never Happen, Judge Says Message-ID: Megaupload Trial May Never Happen, Judge Says ? Ernesto ? April 20, 2012 http://torrentfreak.com/megaupload-trial-may-never-happen-judge-says-120420/ A US judge has put a bomb under the Megaupload case by informing the FBI that a trial in the United States may never happen. The cyberlocker was never formally served with the appropriate paperwork by the US authorities, as it is impossible to serve a foreign company with criminal charges. The US Government accuses Kim Dotcom and the rest of the ?Mega Conspiracy? of running a criminal operation. Charges in the indictment include engaging in a racketeering conspiracy, conspiring to commit copyright infringement, conspiring to commit money laundering and two substantive counts of criminal copyright infringement. While the prosecution is hoping to have Megaupload tried in the US, breaking news suggests that this may never happen. It turns out that the US judge handling the case has serious doubts whether it will ever go to trial due to a procedural error. ?I frankly don?t know that we are ever going to have a trial in this matter,? Judge O?Grady said as reported by the NZ Herald. Judge O?Grady informed the FBI that Megaupload was never served with criminal charges, which is a requirement to start the trial. The origin of this problem is not merely a matter of oversight. Megaupload?s lawyer Ira Rothken says that unlike people, companies can?t be served outside US jurisdiction. ?My understanding as to why they haven?t done that is because they can?t. We don?t believe Megaupload can be served in a criminal matter because it is not located within the jurisdiction of the United States,? Rothken says. Megaupload?s lawyer adds that he doesn?t understand why the US authorities weren?t aware of this problem before. As a result Judge O?Grady noted that Megaupload is ?kind of hanging out there.? If this issue indeed prevents Megaupload from being tried in the US, it would be a blunder of epic proportions. And it is not the first ?procedural? mistake either. Last month the New Zealand High Court declared the order used to seize Dotcom?s property ?null and void? after it was discovered that the police had acted under a court order that should have never been granted. The error dates back to January when the police applied for the order granting them permission to seize Dotcom?s property. Rather than applying for an interim restraining order, the Police Commissioner applied for a foreign restraining order instead. The exact ramifications of the failure to serve will become apparent in the near future. Update: Megaupload founder Kim Dotcom responds, and he?s not happy. From rforno at infowarrior.org Sat Apr 21 08:45:07 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Apr 2012 09:45:07 -0400 Subject: [Infowarrior] - =?windows-1252?q?TSA=92s_PreCheck_express_airport?= =?windows-1252?q?_screening_hinges_on_fragile_trust?= Message-ID: The Navigator: TSA?s PreCheck express airport screening hinges on fragile trust By Christopher Elliott, Published: April 19 | Updated: Friday, April 20, 11:37 AM http://www.washingtonpost.com/lifestyle/travel/the-navigator-tsas-precheck-express-airport-screening-hinges-on-fragile-trust/2012/04/19/gIQAx6mJTT_print.html A new Transportation Security Administration initiative that lets trusted travelers bypass the airport screening line is on the verge of an ambitious expansion. By the end of the year, PreCheck, a government program that offers expedited screening to those who submit to an initial background check, is expected to be available in 35 airports, including Reagan National, Washington Dulles and BWI Marshall. But although many air travelers are fixated on how to score a coveted clearance, which would give them access to an express lane where they don?t have to remove their shoes or liquids or unpack their laptops, some are already starting to worry about retaining their PreCheck status. It might be harder than you think, and the implications for the future of travel are troubling. Ximena Gonzalez knows. Last month, she contacted me about the mysterious loss of her Sentri status. Sentri is similar to PreCheck; it allows preapproved, low-risk travelers to use special express lanes at the U.S.-Mexican border. In fact, it?s so similar to PreCheck that U.S. citizens who participate in this 17-year-old program operated by U.S. Customs and Border Protection are automatically eligible for PreCheck. Gonzalez, a Mexican citizen who lives in Tijuana, used Sentri regularly whenever she traveled to the United States. Then in February, a customs agent informed her that she and her entire family would have to surrender their cards, but he wouldn?t explain why. A subsequent revocation letter from the government listed general reasons for stripping users of their Sentri benefits: for being convicted of a criminal offense or having pending criminal charges; for lying on the Sentri application; for violating customs or immigration laws. But none seemed to apply to her. ?I don?t have any kind of criminal record and never have broken any law,? she told me. ?I don?t even have any traffic fines.? I suggested that she appeal her revocation to the agency?s ombudsman; the CBP denied her appeal, again without citing a specific reason. I contacted the CBP on her behalf, and it gave her a phone number to call. That proved to be yet another dead end, so I contacted the agency again. Finally, we were able to arrange a meeting between Gonzalez and an agency representative. The agent explained that her record is clean but that ?someone I know has gotten into trouble or is under investigation and that it affects me,? she said. Gonzalez can?t figure out who is in trouble, and the CBP won?t offer more details. She is, for lack of a better term, guilty by association. ?I feel like I?m exactly where it all started,? she added. ?I don?t know what?s happening and can?t defend myself, because I don?t know who it is.? The CBP representative also suggested that her revocation is permanent, meaning that from now on she will have to wait in a two-hour line with other tourists when she wants to cross the border. What do Gonzalez?s troubles have to do with PreCheck, which launched as a pilot program in October and is in use at 12 airports today? A TSA spokesman confirmed that loss of any other E-ZPass-like government program for travelers, such as Sentri, Global Entry or Nexus, will have similar repercussions for their PreCheck membership. ?If your card is revoked by CBP, you?re no longer eligible for PreCheck,? says Greg Soule, a TSA spokesman. He declined to specify the reasons a traveler could be removed from the PreCheck list but said that the TSA offers a grievance process similar to the one used by people who have been placed on a terrorist watch list. The Travel Redress Inquiry Program, or TRIP, allows airline passengers to correct erroneous information in the Department of Homeland Security?s systems. The appeals process is outlined in a revocation letter, as it was for Gonzalez. But these systems can be bureaucratic mazes. Consider what happened when Mary Ann Hoey inadvertently applied for the wrong program online; she?d meant to sign up for Global Entry but ended up clicking the Nexus button instead. (Global Entry lets you use a fast lane for U.S. Customs; Nexus allows you to expedite crossing the U.S.-Canadian border.) Hoey, an education management professional in Chicago, phoned Global Entry, where a representative acknowledged that it?s a common problem for users to click on the wrong program on the agency?s Web site. But try as she might, she could not get a refund of her $50 application fee. One agency representative told her to write a letter. Another agreed to cancel her application but said that she couldn?t get her money back. ?I felt like I had fallen into the government black hole, never to return,? she says. I contacted the CBP on her behalf, and it refunded her $50. I worry that thousands of air travelers who belong to PreCheck could suddenly find themselves cardless, with no idea how it happened. Sentri revokes about 2,000 cards a year, a number that has held relatively steady over the past five years. Revocations such as Gonzalez?s raise other questions. If she?s off the Sentri list, can her family members still fly within the United States, or will they be flagged at the airport and given an extra screening, or maybe even turned away? The message is a little confusing ? and troubling. Some travelers are more trusted than others. But why? The government doesn?t have to say. Try to get an answer, and you might find yourself in a bureaucratic labyrinth from which there?s no escape. As the TSA moves toward what it calls an ?intelligence-driven, risk-based approach to security,? maybe it?s worth asking how intelligent some of its new systems really are. Elliott is National Geographic Traveler magazine?s reader advocate. E-mail him at chris at elliott.org. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Apr 21 16:05:43 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 21 Apr 2012 17:05:43 -0400 Subject: [Infowarrior] - =?windows-1252?q?How_=93Breaking_News=94_Broke_th?= =?windows-1252?q?e_News?= Message-ID: <95F7B407-C01B-4E70-B89E-41A0C39BDAEB@infowarrior.org> How ?Breaking News? Broke the News Breaking news used to be ?news of transcendent importance.? Now it?s a joke. By David Weigel| Posted Friday, April 20, 2012, at 3:59 PM ET http://www.slate.com/articles/news_and_politics/politics/2012/04/cable_tv_and_the_internet_have_destroyed_the_meaning_of_breaking_news_.single.html TMZ got the news up first, 3:30 p.m. ET. Dick Clark was dead at 82, felled by a ?massive heart attack.? Because I follow TMZ on Twitter, I got the newsbreak at 3:31. Because a lot of the people I follow also follow TMZ, Clark?s death was announced, analyzed, and (sorry, this is Twitter) joked about for 20 minutes. At 3:52 pm, the CNN app on my iPhone blurped and announced a message: Television personality Dick Clark, the longtime host of ?American Bandstand,? has died, a publicist says. Two minutes later my phone shook again, startled by an alert from USA Today. BREAKING NEWS: Dick Clark legendary TV entertainer, dies at 82. Twenty-four minutes after the TMZ scoop, and this was breaking? How?s that supposed to work? Does ?breaking news? have any meaning anymore? Nope, almost none. I realize that the universe hardly needs another article about how social networks have Changed Everything. Sorry, universe: Facebook, Twitter, chats, and microblogs have Changed Everything. Anyone who?s online can learn news before national news channels report it. The proprietors of Facebook, Twitter, and microblog accounts know this, and they abuse their power like children suddenly placed into the cockpits of battle droids. Do not judge these children, because they had terrible teachers. ?Breaking news? is an old concept, codified by the Associated Press in 1906 when the wire wanted to designate ?news of transcendent importance.? The AP used the term ?FLASH.? Other news-breakers used ?bulletin,? ?alert,? whatever gave off the right ?stop editing the crossword and print this? vibe. Something important had just happened. This news service had confirmed it. Now you knew. This system was abused, obviously, and the misuse of ?breaking? ramped up with the birth of cable news. We should cleave TV from the rest of the media?the Internet doesn?t need to be blamed for all the sins of harried 24-hour news merchants. But TV and the Internet got drunk on ?breaking? on the same day. It was Sept. 11, 2001. Three cable networks and an evolving blogosphere had a story that changed minute-to-minute, with confusing details and rumors out of nowhere and, eventually, a hot war in central Asia. Constant ?breaking? news alerts made sense in those weeks. And then the news cycle slowed down. The TV channels shrugged and kept using ?breaking? and ?alerts? at a greater pace than ever. ?It got trivialized and people couldn?t unring the bell,? says Craig Allen, a professor at Arizona State and a historian of TV news. ?It?s just horrible now. We?ve got TVs on the wall I walk past in the morning. My eye is trained to notice a ?BREAKING? alert and pay more attention. So is yours. But half the time I see an alert, and it turns out it?s somebody announcing an announcement of an announcement of a news conference.? On Thursday morning, from 9 a.m. to 1 p.m., I engaged in a random test of the modern cable news ?breaking? regime. You?ve probably already forgotten about Thursday morning. There were no surprises or celebrity deaths or arrests of bathroom-prowling senators. And yet between Fox News, CNN, and MSNBC, I watched 19 news ALERTS explode across my Vizio. At 9 a.m., the Fox show America?s Newsroom began with an ALERT about ?new details in the Secret Service scandal.? The details had been broken by other media hours earlier. At 9:07 a.m., Fox ALERTED me that something had ?just crossed the wires??a lousy jobless report, 386,000 new claims, coming out of the Bureau of Labor Statistics. At 9:59 a.m., Fox ALERTED me to the static scene outside the Air and Space Museum, where the space shuttle Discovery would eventually be escorted to its resting place by some astronauts. One minute later, I got an ALERT that ?the White House has issued an ultimatum to Paul Ryan.? Absolutely none of these things were breaking news. Hours later, MSNBC?s Alex Wagner interrupted her show twice with ?breaking news here of a plane that went down off the coast of Florida.? This was breaking, sort of, in the sense that NBC?s reporters were getting the details themselves. But it was local Florida news masquerading as national news. And this was all before Fox News gave itself over to a high-speed car chase in Texas. (Disclosure: I?m a paid contributor to MSNBC, but this has no bearing on whether car chases are national news. They are not.) Why does it matter if cable news alert standards have been watered down into pointlessness? Does the rest of media abide by their rules? No, they don?t, but they copy these rhythms anyway. If you?ve got a Twitter account or a blog, you can add ?BREAKING? to news that 1) isn?t new or 2) didn?t actually come from you or 3) both. Yes, some news is uncovered by hard-nosed 24-year old reporters in the Pittsburgh metro area. But you can claim that anything is ?breaking,? even if you had nothing to do with ?breaking? it. On April 9, ThinkProgress assigned the ?BREAKING? tag to a story about George Zimmerman launching a website about his case, even though NBC News noticed it first. ?I try to use BREAKING when something is genuinely new,? explains Judd Legum, who runs ThinkProgress?s Twitter account. ?This can sometimes mean that ThinkProgress is first with the story, but can also just indicate that story was recently broken by another outlet. Determining what?s recent I think is more of an art than a science. I do think it has become overused and clich?d and I?ll cop to being part of the problem sometimes.? Clich?s get to be that way because people adore them. ?Breaking? is a clich? because it?s fun to sprint up the watchtower and take credit for the news. The new, abused style of ?breaking? has been perfected by BreakingNews.com, a startup (part of MSNBC.com, now) that aggregates the news that just broke somewhere else. Nearly 4 million people follow it on Twitter, getting that little hiccup-thrill that comes with BREAKING news based on the decisions of 12 people working in New York, Seattle, and London. On Friday, they got alerts like ?Mystery disease kills 19, sickens 171 others in central Vietnam; country asks WHO for help in investigation? and ?Mali's ex-president Amadou Toumani Toure arrives in Senegal nearly 1 month after coup, Senegalese state radio reports,? and ?Bahrain's Crown Prince says canceling Sunday's Formula 1 Grand Prix ?would just empower extremists,? ? all alerts credited to other sources. ?We can't independently verify everything run by a news organization,? explains BreakingNews general manager Cory Bergman, ?but we can cross-reference what?s running on different ones.? Let?s go back to the Dick Clark example. BreakingNews beat the AP to the news. How? ?We saw TMZ tweet their news immediately, but we waited for a second source, and we got it when KABC in Los Angeles reported it.? It?s like the old Mr. Show sketch about the station with reporters who find out where other reporters are breaking news, and hold up their microphones to ?bring it exclusively to you.? It probably reads like I?m sitting in judgment, with a portrait of Joseph Pulitzer on my left and a Poynter questionnaire on my right. I?m not. I do the exact same thing as the phony Breakers when I retweet or excerpt some news. Everybody on Twitter does. The only difference?and again, we?re leaving aside honest-to-God scoops?is between the people using ?BREAKING? sarcastically and the sources that use it seriously, special sauce to get more clicks and eyeballs. ?I do use ?exclusive? if I want to stress the point we had something first,? offers Ben Smith, the editor of BuzzFeed. ?But ?breaking? has always felt redundant to me. Why write something old?? Well, one reason to do it is to stimulate the lizard brain and get people to think you?ve got some original news. A few weeks ago, in some midpriced hotel in some primary state that Mitt Romney was about to lose, I flipped on the TV and saw a screaming blue chryon: BREAKING NEWS. I braced myself. My reward: Absolutely nothing. Regular programming was over for the night and I was watching an infomercial about some snake oil that would improve my sudoku scores. The full chyron was ?BREAKING NEWS: Boost Brain Power and Memory Naturally.? The show was a parody of a real TV show, with an unthreateningly attractive host interviewing an unthreateningly attractive doctor. The ?breaking? tag was a joke. As it should be. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 22 07:33:09 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Apr 2012 08:33:09 -0400 Subject: [Infowarrior] - FBI: Hundreds Of Thousands May Lose Internet In July Message-ID: <7E2B9421-16E1-41A0-8DDF-7BF2573DED99@infowarrior.org> (c/o JC) FBI: Hundreds Of Thousands May Lose Internet In July http://www.huffingtonpost.com/2012/04/20/hundreds-of-thousands-may-lose-internet-in-july_n_1441260.html?ref=topbar WASHINGTON (AP) For computer users, a few mouse clicks could mean the difference between staying online and losing Internet connections this summer. Unknown to most of them, their problem began when international hackers ran an online advertising scam to take control of infected computers around the world. In a highly unusual response, the FBI set up a safety net months ago using government computers to prevent Internet disruptions for those infected users. But that system is to be shut down. The FBI is encouraging users to visit a website run by its security partner, http://www.dcwg.org , that will inform them whether they're infected and explain how to fix the problem. After July 9, infected users won't be able to connect to the Internet. Most victims don't even know their computers have been infected, although the malicious software probably has slowed their web surfing and disabled their antivirus software, making their machines more vulnerable to other problems. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 22 07:33:13 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 22 Apr 2012 08:33:13 -0400 Subject: [Infowarrior] - EU may reject ACTA Message-ID: <2BF2BF0C-C913-48D5-940C-C0C9F4EBCE3A@infowarrior.org> EU may reject Anti-Counterfeiting Trade Agreement (ACTA) By Anne Sewell Apr 18, 2012 in World http://www.digitaljournal.com/article/323199 After many protests in the streets of Europe, it looks like ACTA will not come into being. The Member of the EU Parliament responsible for monitoring its process says it should be rejected. Digital Journal reported in February on the Europe-wide protests against ACTA. The protests appear to have had some success. Euro MP David Martin, who is the latest rapporteur responsible for monitoring the progress of ACTA through the European Union, says it should be rejected. Martin's comments come less than 3 months after the resignation of the previous rapporteur, Kader Arif in protest at the plans. At that time, Kader Arif had said: "I want to denounce in the strongest possible manner the entire process that led to the signature of this agreement. As rapporteur of this text, I have faced never-before-seen manoeuvres from the right wing of this Parliament to impose a rushed calendar before public opinion could be alerted, thus depriving the Parliament of its right to expression and of the tools at its disposal to convey citizens' legitimate demands." ACTA has caused anger amongst many Europeans with thousands protesting against it. ACTA would have the power of giving companies the power to ban people from using the internet for illegally swapping files. It would also prevent third world countries from receiving much needed generic medicines. So far, 22 countries in the EU have signed up to the agreement and the final vote on its ratification is due to happen in Brussels this summer. In an interview in the video above, Luke Samuel, a political commentator told RT that "the treaty exposed how undemocratic the decision-making process is in the EU." ?The real problem with ACTA, specifically, is how it shows that the European Union is effectively allowed to do politics without any reference to [its people]. This is not a piece of EU law, it?s a trade agreement that will bestow certain obligations on European countries to make law in certain ways.? Samuel continued that the fact that EU governments had signed up to ACTA does not mean that the people of Europe have had any say in the agreement's provisions. He stated that this makes the whole process ?fundamentally anti-democratic.? A representative of the Pirate Group of German Parliament stated that public outrage will bring down this legislation. Fabio Reinhardt stated to RT: ?I think it?s great that hundreds of thousands of people were on the streets in Europe to [stop ACTA], and ACTA may [be shelved internationally]. I think it?s great for civil rights. I think it?s a phenomenon we haven?t seen before, that people were so eager to defend their rights, to communicate ? something that really surprised politicians on various high levels.? The draconian ACTA was created as an international agreement aimed at protecting intellectual property rights. The treaty is similar in many ways to the U.S.'s Stop Online Piracy Act (SOPA), which was shelved recently after a huge protest on the internet and worldwide. Whilst ACTA has been signed by the U.S., Australia, Canada, Japan, most of Europe and several other countries, none of these signatories have yet ratified it. This last step will happen in Brussels later this year and if ACTA is ratified by any 6 countries, it will come into power. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 23 07:02:27 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Apr 2012 08:02:27 -0400 Subject: [Infowarrior] - Good job -- Iran unplugs oil terminal from Internet Message-ID: <3FEBBA37-3362-4E79-B09E-5BEAE77DB644@infowarrior.org> While not 100% foolproof, this action sure raises the bar for "nuisance attacks" and other easy-to-launch Internet-based scenarios that are scripted for cyber war exercises such as the one the WH did back in March when a phishing attack shut down the NY power grid. Phishing? Really? REALLY? And we in the US wonder why we have ongoing and *preventable* cyber problems? Why are such critical infrastructure systems on the public network, anyway? At least one country understands how to better protect critical infrastructures at a *fundamental* level even if it means a little more work for them on a day-to-day basis to actually enhance its cybersecurity. It's sad that Iran understands how to secure critical infrastructures better than we do. -- rick Report: Iran unplugs oil terminal from Internet BY NASSER KARIMI Associated Press http://hosted.ap.org/dynamic/stories/M/ML_IRAN_INTERNET?SITE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2012-04-23-06-30-32 TEHRAN, Iran (AP) -- Iran has disconnected its oil ministry and its main crude export terminal from the Internet to avoid being attacked by computer malware, a semiofficial news agency reported on Monday. Mehr said an export terminal in Kharg Island and other oil facilities came under attack from malware and hackers but continued their work as usual. Some 80 percent of Iran's daily 2.2 million barrels of crude export goes through the Kharg facility, located off its southern coast. Iran says that it is involved in a long-running technological war with the United States and Israel. In recent years, Tehran has repeatedly announced it has defused malware in its industrial sector including the highly specialized Stuxnet in 2010, which it said had targeted the country's nuclear facilities. This round of cyberattack began Sunday, Mehr quoted Hamdollah Mohammadnejad, deputy oil minister in charge of civil defense, as saying. He said the ministry and some provincial officers were taken offline, and a special headquarters was set up to confront the attacks. Earlier this year, head of Iran's civil defense agency Gholam Reza Jalali said the energy sector of the country has been a main target of cyberattacks over the past two years. Iran has recently announced a series of cyberdefense measures spearheaded by the Revolutionary Guards - a unit which already runs every key military program in Iran and many industries. In March, the Guard set up what it claims is a hack-proof communications network for its high-level commanders. Ultimately, Iran says it wants to set up a completely indigenous Internet that is also aimed at checking a "cultural invasion" by enemies aimed at promoting dissent and undermining the ruling system. The Stuxnet virus was reported to have disrupted controls of some nuclear centrifuges. Tehran says its scientists neutralized the malware and it only damaged the laptops of some personnel at a nuclear power plant. Iran is at odds with Israel and the West over its controversial nuclear program. The U.S. and its allies accuse Tehran of wanting to develop weapons technology. Iran denies the claims, saying its program is for peaceful purposes. Iran has reported other cyberattacks since, including an infection in April 2011 dubbed "Stars" and a spy virus about which little is known but its name, "Doku." ? 2012 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. Learn more about our Privacy Policy and Terms of Use. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 23 07:11:15 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Apr 2012 08:11:15 -0400 Subject: [Infowarrior] - US 'Blackmails' EU Into Agreeing To Hand Over Passenger Data Message-ID: <3043F6E4-9316-4EC8-B628-A1AC65BA5060@infowarrior.org> US 'Blackmails' EU Into Agreeing To Hand Over Passenger Data from the you-have-no-more-fundamental-rights dept http://www.techdirt.com/articles/20120419/10543518565/us-blackmails-eu-into-agreeing-to-hand-over-passenger-data.shtml A couple months ago, we wrote about a debate in the EU Parliament, concerning an agreement over how much data should be shared with the US on passengers flying from the EU into the US. The person in charge of analyzing the agreement, Sophie in't Veld, urged the Parliament to reject the agreement, saying that it violated EU citizens' fundamental rights. Specifically, the US wanted access to more data with fewer restrictions than the EU felt was fair. However, it appears that after the US pulled out its big gun over this -- threatening to stop allowing EU citizens to visit the US without first obtaining a visa -- the Parliament caved and agreed to the deal. The one big concession from the US, however, was that EU passengers will be able to see their records and correct errors. Sophie in't Veld is still not happy -- and for good reason: "This Agreement is contrary to European Treaties and privacy laws and does not meet the minimum criteria set by Parliament itself. Diplomatic relations with the United States appear to be more important than the fundamental rights of our own EU citizens." In a statement sent to Techdirt, she also noted that, in caving, the EU Parliament "loses its credibility and EU citizens draw the short straw." Part of the problem is just how unequal the setup is, with the US getting tons of power over EU citizens. And, of course, the fact that the EU caved to the US sets a bad precedent. "The Trans-Atlantic relations need to become more balanced. EU should take a less timid stance towards the US." In the end, she notes that what happened was "almost to the extent of blackmail." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 23 07:48:31 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Apr 2012 08:48:31 -0400 Subject: [Infowarrior] - What Is The Nature of the Cyber Threat? Message-ID: <59B86E41-3B6E-4E45-B4E7-7F631D3B13D5@infowarrior.org> April 23, 2012 What Is The Nature of the Cyber Threat? Filed under: Cybersecurity ? by Arnold Bogis on April 23, 2012 http://www.hlswatch.com/2012/04/23/what-is-the-nature-of-the-cyber-threat/ As Ms. Herrera-Flanigan introduced in her last post, it is ?Cybersecurity Week? for the U.S. House of Representatives. I am going to go out on a limb and guess that it will neither be as popular as the Cherry Blossom Festival or as successful as the Washington Nationals? pitching staff so far this baseball season. The problem is not that cyber issues are not important or do not deserve attention. Legislative action, though almost never the panacea perceived in Washington, would likely be helpful. The larger issue is that cyber _____ (insert your favorite descriptor here: war, crime, espionage, terrorism, etc.) is terribly difficult to define. Exactly what is the problem and who should be worried about it? What is the threat and the potential consequences of a successful?something? Starting with the ?hair on fire? group, you have national security mavens such as former Special Advisor to the President for Cyber Security (among other things) Richard Clarke, who is concerned about cybercrime: FOR the last two months, senior government officials and private-sector experts have paraded before Congress and described in alarming terms a silent threat: cyberattacks carried out by foreign governments. Robert S. Mueller III, the director of the F.B.I., said cyberattacks would soon replace terrorism as the agency?s No. 1 concern as foreign hackers, particularly from China, penetrate American firms? computers and steal huge amounts of valuable data and intellectual property. But by failing to act, Washington is effectively fulfilling China?s research requirements while helping to put Americans out of work. Mr. Obama must confront the cyberthreat, and he does not even need any new authority from Congress to do so. And cyberwar: Congress should demand answers to questions like: What is the role of cyber war in US military strategy? Is it acceptable to do ?preparation of the battlefield? by lacing other countries? networks with ?Trojan horses? or ?back doors? in peacetime? Would the United States consider a preemptive cyber attack on another nation? If so, under what circumstances? Does US Cyber Command have a plan to seize control and defend private sector networks in a crisis? Do the rules of engagement for cyber war allow for military commanders to engage in ?active defense? under some circumstances? Are there types of targets we will not attack, such as banks or hospitals? If so, how can we assure that they are not the victims of collateral damage from US cyber attacks? More recently John Brennan, the President?s Counterterrorism and Homeland Security Adviser, took to the Opinion page of the Washington Post to make a similar argument about the threat of cyberattacks: Before the end of the next business day, companies in every sector of our economy will be subjected to another relentless barrage of cyberintrusions. Intellectual property and designs for new products will be stolen. Personal information on U.S. citizens will be accessed. Defense contractors? sensitive research and weapons data could be compromised. Our critical infrastructure ? power plants, refineries, transportation systems and water treatment centers ? depend on the integrity and security of their computer networks. Approximately 85 percent of this infrastructure is owned and operated by the private sector. Last year alone, there were nearly 200 known attempted or successful cyberintrusions of the control systems that run these facilities, a nearly fivefold increase from 2010. And while most companies take proper precautions, some have unfortunately opted to accept risks that, if exploited, would endanger public safety and national security. However, noted cyber scholar Evgeny Morozov would like to push down on the brake: Both Messrs. McConnell and Clarke?as well as countless others who have made a successful transition from trying to fix the government?s cyber security problems from within to offering their services to do the same from without?are highly respected professionals and their opinions should not be taken lightly, if only because they have seen more classified reports. Their stature, however, does not relieve them of the responsibility to provide some hard evidence to support their claims. We do not want to sleepwalk into a cyber-Katrina, but neither do we want to hold our policy-making hostage to the rhetorical ploys of better-informed government contractors. Steven Walt, a professor of international politics at Harvard, believes that the nascent debate about cyberwar presents ?a classical opportunity for threat inflation.? Mr Walt points to the resemblance between our current deliberations about online security and the debate about nuclear arms during the Cold War. Back then, those working in weapons labs and the military tended to hold more alarmist views than many academic experts, arguably because the livelihoods of university professors did not depend on having to hype up the need for arms racing. Markus Ranum, a veteran of the network security industry and a noted critic of the cyber war hype, points to another similarity with the Cold War. Today?s hype, he says, leads us to believe that ?we need to develop an offensive capability in order to defend against an attack that isn?t coming?it?s the old ?bomber gap? all over again: a flimsy excuse to militarize.? The main reason why this concept conjures strong negative connotations is because it is often lumped with all the other evil activities that take place online?cybercrime, cyberterrorism, cyber-espionage. Such lumping, however, obscures important differences. Cybercriminals are usually driven by profit, while cyberterrorists are driven by ideology. Cyber-spies want the networks to stay functional so that they can gather intelligence, while cyberwarriors?the pure type, those working on military operations?want to destroy them. All of these distinct threats require quite distinct policy responses that can balance the risks with the levels of devastation. We probably want very strong protection against cyberterror, moderate protection against cybercrime, and little to no protection against juvenile cyber-hooliganism. Perfect security?in cyberspace or in the real world?has huge political and social costs, and most democratic societies would find it undesirable As you continue to dig deeper, one will find a vigorous continued disagreement about various aspects of the cybertopic. For example, Foreign Policy published he said/he said articles on cyberwar. On the ?eh? side,Thomas Rid: Time for a reality check: Cyberwar is still more hype than hazard. Consider the definition of an act of war: It has to be potentially violent, it has to be purposeful, and it has to be political. The cyberattacks we?ve seen so far, from Estonia to the Stuxnet virus, simply don?t meet these criteria. Indeed, there is no known cyberattack that has caused the loss of human life. No cyberoffense has ever injured a person or damaged a building. And if an act is not at least potentially violent, it?s not an act of war. Separating war from physical violence makes it a metaphorical notion; it would mean that there is no way to distinguish between World War II, say, and the ?wars? on obesity and cancer. Yet those ailments, unlike past examples of cyber ?war,? actually do kill people. Pushing back, noted RAND scholar and co-author of the influential book, ?The Advent of Netwar,? John Arquilla: Cyberwar is here, and it is here to stay, despite what Thomas Rid and other skeptics think. But another notion arose alongside ours ? that cyberwar is less a way to achieve a winning advantage in battle than a means of covertly attacking the enemy?s homeland infrastructure without first having to defeat its land, sea, and air forces in conventional military engagements. I have been bemused by the high level of attention given to this second mode of ?strategic cyberwar.? Engaging in disruptive cyberattacks alone is hardly a way to win wars. Think about aerial bombing again: Societies have been standing up to it for the better part of a century, and almost all such campaigns have failed. Civilian populations are just as likely, perhaps even more so, to withstand assaults by bits and bytes. If highly destructive bombing hasn?t been able to break the human will, disruptive computer pinging surely won?t. Rid seems especially dubious about the potential for this form of strategic cyberwar. And rightly so. But there is ample evidence that this mode of virtual attack is being employed, and with genuinely damaging effects. Returning to cybercrime, Melissa Hathaway, former acting senior director for cyberspace on the National Security Council,wants to take a ?Byte Out of Cybercrime:? This paper provides a brief overview of the cybercrime problem and examines five case studies to demonstrate that, while national and international law enforcement authorities are working together to address cybercrime, with additional tools they could make even more progress going forward. Today?s efforts are under-resourced and hampered by outdated laws. Nonetheless, by sharing actionable information and applying novel interpretations of the law, authorities around the globe are finding ways to address the cybersecurity problem. The recommendations that follow the case studies seek to build on the successes and lessons learned. While two Microsoft researchers want us all to take a deep breath and point out some potential problems in trying to estimate the consequences: We have examined cybercrime from an economics standpoint and found a story at odds with the conventional wisdom. A few criminals do well, but cybercrime is a relentless, low-profit struggle for the majority. Spamming, stealing passwords or pillaging bank accounts might appear a perfect business. Cybercriminals can be thousands of miles from the scene of the crime, they can download everything they need online, and there?s little training or capital outlay required. Almost anyone can do it. Well, not really. The harm experienced by users rather than the (much smaller) gain achieved by hackers is the true measure of the cybercrime problem. Surveys that perpetuate the myth that cybercrime makes for easy money are harmful because they encourage hopeful, if misinformed, new entrants, who generate more harm for users than profit for themselves. Are you confused yet? I am. And noted political scientist Joseph Nye does not want to make it any easier by asking simple questions: The United States may be ahead of other countries in its offensive capabilities in cyber, but because it depends so much on cyber, it is also more vulnerable. What, then, should our policy be? When it comes to thinking about cyber, we are at about the same place people were in 1950 when thinking about the nuclear revolution. We know it is something new and big and that it is transformative, but we haven?t thought out what offense means, what defense means. What is deterrence in such a world? What is strategy? How do we fit the pieces together? Can we establish rules of the road? Can we find an analogue in arms control, or is that an unlikely model for something that is apparently unverifiable? The first efforts at arms control didn?t bear fruit until twenty years after the first nuclear explosion and came about largely to deal with third parties (the Nuclear Non-Proliferation Treaty) or because of concerns with environmental fallout (the Limited Test Ban Treaty). Not until the 1970s, some thirty years after the technology emerged, were the first bilateral arms control agreements signed, and not until the 1980s did leaders of the two superpower nations proclaim that nuclear war cannot be won and must never be fought. Forty years were needed to develop a powerful basic normative agreement. In cyber, we are still around 1950. What this means is that we can no longer treat cyber and the other aspects of power diffusion as something to be left to the technocrats or the intelligence specialists. We have to develop a broader awareness in the public and in the policy community to be able to think clearly about how we trade off different values and develop sensible strategies for cyber. So where does this all leave us? With a whole bunch of questions: What are the cyber threats we should worry about the most? What cyber threats should be considered ?homeland security,? ?national security,? ?economic security,? or something else entirely? How can we delineate what are personal, business/NGO, or local/state/federal responsibilities for cybersecurity? How can we divide up the responsibility pie between all the various actors at the federal level?DHS, DOD, State, etc.? Will Hollywood do the right thing and resist any temptation to remake ?War Games?? So many questions and, at this point, so few answers. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 23 07:49:23 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Apr 2012 08:49:23 -0400 Subject: [Infowarrior] - Cybersecurity Week in the House Message-ID: <0DCB77C3-9B4E-46EB-83C9-35F002AAA92B@infowarrior.org> Cybersecurity Week in the House Filed under: Cybersecurity,General Homeland Security ? by Jessica Herrera-Flanigan on April 22, 2012 http://www.hlswatch.com/2012/04/22/cybersecurity-week-in-the-house/ Today marks the start of the self-declared ?Cybersecurity Week? in the House. Last Friday, the House Republican Leadership announced that four bills would be considered this week to ?address the cybersecurity threat facing our country.? In announcing the schedule, Speaker Boehner, Majority Leader Cantor, and the House GOP?s Cybersecurity Task Force Leader Thornberry, stated: The focus of these bills is consistent with the recommendations released by the task force last October that address the central issue the federal government and industry have stated must be addressed now: updating existing cybersecurity laws to provide the legal authorities to allow for information-sharing and public-private partnerships. Information-sharing is crucial to stopping the persistent and aggressive threat facing all aspects of our economy, our critical infrastructure, our communications, and our nation?s security. The focus of these bills is consistent with the recommendations released by the task force last October that address the central issue the federal government and industry have stated must be addressed now: updating existing cybersecurity laws to provide the legal authorities to allow for information-sharing and public-private partnerships. Information-sharing is crucial to stopping the persistent and aggressive threat facing all aspects of our economy, our critical infrastructure, our communications, and our nation?s security. Overall, the bills enjoyed somewhat bipartisan support, though as discussed in a bit, much of the criticism has been focused on what was not included as what was. Among the bills to be considered: ? Cyber Intelligence Sharing and Protection Act (H.R. 3523) ? A Mike Rogers (R-MI)/Dutch Ruppersberger (D-MD) bill coming out of the Intelligence Committee. The bill would allow the government to provide classified information to companies to allow them to to protect their networks. The bill also authorizes private-sector entities to defend their own networks and to those of their customers, and to share cyber threat information with others in the private sector, as well as with the federal government on a purely voluntary basis. This bill, which many consider the lynchpin of the House efforts, has garnered significant criticism from the privacy and civil liberties groups. These interests have equated the bill to the doomed SOPA/PIPA bills, stating that it violates Constitutional rights. The sponsors made significant changes last week to try to address the privacy concerns but still have met criticism. Just last Friday, House Homeland Security Committee Ranking Member Bennie Thompson (D-MS) sent around a Dear Colleague stating that the bill ?would create a ?Wild West? of cyber information sharing, where any certified private entity can share information with any government agency.? Despite these criticisms, the bill has garnered the support of numerous companies and technology groups. ? Federal Information Security Amendments (H.R. 4257)? Introduced by Oversight and Government Reform Chairman Darrell Issa, this bill tackles the mess that is the Federal Information Security Management Act (FISMA). It improves the framework for securing information technology systems, focusing on ?automated and continuous? monitoring and dictates that OMB should play a significant role in FISMA compliance. The bill is relatively uncontroversial, as most agree that FISMA needs fixing. ? Cybersecurity Enhancement Act (H.R. 2096) ? Another uncontroversial bill is Rep. Mike McCaul?s (R-TX) legislation tackles cyber R&D. It strengthens NSF and NIST technical standards and cybersecurity awareness, education and talent development capabilities. ? Advancing America?s Networking and Information Technology Research and Development (NITRD) Act (H.R. 3834) - Introduced by Science, Space & Technology Chairman Ralph Hall (R-TX), this bill reauthorizes the NITRD program, including its efforts relating to cyber R&D. This is another bill that is uncontroversial. Missing from the list above? Rep. Dan Lungren?s (R-CA) PRECISE Act, which the Congressman essentially gutted during the House Homeland Security Committee Full Committee mark-up last week so as to win the support of House Republican leadership for inclusion in cybersecurity week. The bill, which provided for the creation of voluntary cybersecurity standards that would be created by DHS and the private sector, apparently was still too regulatory in nature for the House?s Leadership, which preferred to leave unaddressed how critical infrastructures are secured. There is still a chance that Rep. Lungren?s bill will be offered during the week, though that is seen as unlikely given Democratic opposition to the scaled back version of the bill that passed out of Committee along partisan lines. Other issues that are not being addressed this week but we might see legislation on in the coming months: ? cybercrime penalties and authorities. The House Judiciary Committee was expected to mark up legislation this past month but is reassessing its efforts in light of the 9th Circuit?s decision inU.S. vs Nosal a few weeks ago limiting the Computer Fraud and Abuse Act?s application in certain cases; ? electric grid security: House Energy & Commerce may look more closely at cyber efforts to secure smart grids and the like ? data breach/notification: Perhaps the issue that affects consumers the most in their day-to-day lives, it is unclear whether the House will move any legislation on this front, though Rep. Mary Bono Mack (R-CA) of the House Energy & Commerce Committee has mentioned that she is taking a close look at the issue and legislation. Whatever happens in the House this week, the future of cybersecurity legislation remains unclear. The Senate has the Lieberman-Collins bill that has been awaiting action for months. Whether the House?s decision to move forward on legislation will motivate the Senate to act is not known though it is clear that the issue of cybersecurity is not going away anytime soon. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 23 07:56:56 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Apr 2012 08:56:56 -0400 Subject: [Infowarrior] - =?windows-1252?q?Obama_to_target_foreign_national?= =?windows-1252?q?s=92_use_of_new_technologies_in_human_rights_abuses?= Message-ID: Interestingly, isn't this what DHS is doing domestically in the name of "fighting terrorism" or "protecting the homeland" or "investigating whistleblowers" or catering to the Hollywood cartels? It may not be done for the same reason, but it sure uses the same methods. -- rick Obama to target foreign nationals? use of new technologies in human rights abuses By Scott Wilson, Published: April 22 http://www.washingtonpost.com/politics/obama-to-target-foreign-nationals-use-of-new-technologies-in-human-rights-abuses/2012/04/22/gIQA4ngxaT_print.html President Obama will issue an executive order Monday that will allow U.S. officials for the first time to impose sanctions against foreign nationals found to have used new technologies, from cellphone tracking to Internet monitoring, to help carry out grave human rights abuses. Social media and cellphone technology have been widely credited with helping democracy advocates organize against autocratic governments and better expose rights violations, most notably over the past year and a half in the Middle East and North Africa. But authoritarian governments, particularly in Syria and Iran, have shown that their security services can also harness technology to help crack down on dissent ? by conducting surveillance, blocking access to the Internet or tracking the movements of opposition figures. Obama?s executive order, which he will announce during a Monday speech at the U.S. Holocaust Memorial Museum, is an acknowledgment of those dangers and of the need to adapt American national security policy to a world being remade rapidly by technology, according to senior administration officials familiar with the plans. Although the order is designed to target companies and individuals assisting the governments of Iran and Syria, they said, future executive orders could name others aiding other countries through technology in crackdowns on dissent. Obama?s speech at the most visible U.S. symbol of Holocaust remembrance comes at a time when his policy toward Syria, where a government crackdown has killed thousands of civilians, is under sharp criticism from his Republican rivals for the presidency. To demonstrate the priority he places on genocide prevention, Obama will use the roughly 20-minute address to reveal that he has asked for the first-ever National Intelligence Estimate ? the consensus view of all U.S. intelligence agencies ? appraising the potential for mass killings in countries around the world and their implication for U.S. interests. The president will also announce a set of U.S. development ?challenge? grants designed to encourage technology companies to develop new ways to help residents in countries vulnerable to mass killings better detect and quickly alert others to impending dangers. And he will unveil a high-level government panel to serve as a clearinghouse for real-time intelligence, policymaking and other issues related to mass killing. ?This unprecedented direction from the president, and the development of a comprehensive strategy, sends a clear message that we are committed to combating atrocities, an old threat that regularly takes grim and modern new forms,? said Samantha Power, the National Security Council?s senior director for multilateral affairs and human rights, who will serve as chairman of the Atrocities Prevention Board. The panel?s creation was announced in August. Last year, Obama cited an imminent threat to Libya?s civilians to explain his decision to intervene militarily against longtime leader Moammar Gaddafi. ?To brush aside America?s responsibility as a leader and ?? more profoundly ? our responsibilities to our fellow human beings under such circumstances would have been a betrayal of who we are,? he said at the time. In October, Obama dispatched 100 U.S. troops to Uganda and its neighbors to help the region?s governments hunt down Joseph Kony, the fanatical head of the Lord?s Resistance Army, notorious for its campaign of civilian slaughter and child kidnapping. But Republicans and some human rights advocates have derided Obama?s policy in Syria as weak and pressed him to do more to stop the killings there. Last week, echoing Obama?s own remarks on Libya delivered a year earlier, Sen. John McCain (R-Ariz.) said that ?for the United States to sit by and watch this wanton massacre is a betrayal of everything that we stand for and believe in.? Obama has called for the removal of Syrian President Bashar al-Assad and imposed a set of economic sanctions against his government. But Assad has ignored international pressure and kept up a brutal crackdown that human rights groups estimate has killed more than 11,000 people. In some cases, Syrian security forces are using technology to track down the opposition movement?s leaders. Syrian officials may also have tracked satellite phones and computer addresses to locate a group of foreign journalists in February who were covering the siege of the city of Homs. Two journalists were killed in an attack on a building where they were seeking shelter from government bombardment, among them Marie Colvin, an American working for the Sunday Times of London. In his new executive order, which was summarized in advance for The Washington Post, Obama states that ?the same GPS, satellite communications, mobile phone, and Internet technology employed by democracy activists across the Middle East and North Africa is being used against them by the regimes in Syria and Iran.? Under the order, the administration will announce Monday new sanctions, including a U.S. visa ban and financial restrictions, on two Syrian ?entities,? one Syrian individual and four Iranian ?entities.? Administration officials, who did not identify the targets of the sanctions by name, said ?entities? in this case describes both government agencies and private companies in Iran and Syria. The new steps are designed primarily to target companies explicitly aiding authoritarian governments with new technology that assists in civilian repression. But senior administration officials say the measures should prompt all companies to think harder about how the technology they are providing to other countries might be employed and to take steps to ensure that it is not used in harmful ways. Obama?s visit to the memorial will follow by a few days the official Holocaust Remembrance Day, and senior administration officials said he will use the first part of his speech to discuss the mass killing of Jews in Europe. He visited Buchenwald in June 2009, touring the former Nazi concentration camp on a still afternoon with Nobel Peace laureate and Holocaust survivor Elie Wiesel. Wiesel will also accompany him Monday at the museum. Administration officials say Obama will use the second part of his remarks to discuss the legacy of Rwanda and his efforts in Libya, Sudan and central Africa, Ivory Coast and other places where mass killings or the threat of them have drawn U.S. attention. The new Atrocities Prevention Board is intended to elevate the issue further in his administration, officials say. It will comprise senior representatives from across the administration with the goal of helping ?the U.S. government identify and address atrocity threats and oversee institutional changes that will make us more nimble and effective.? Power said the board will hold its first session Monday afternoon and plans to meet with as many as 200 representatives of the nongovernmental organizations, university chapters of anti-genocide groups and others involved in the issue. ?This doesn?t make atrocities go away,? said Power, who has written extensively on the U.S. response to genocide through history. ?But it does give us a new set of tools and should prevent presidents from ever saying again that they didn?t have options to confront mass killings.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 23 08:04:03 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Apr 2012 09:04:03 -0400 Subject: [Infowarrior] - For digital video to live, the 30-second pre-roll ad must die Message-ID: <67C538CF-ADF1-48B6-9C8A-9A47486F0CB8@infowarrior.org> For digital video to live, the 30-second pre-roll ad must die by Molly Wood April 23, 2012 3:29 AM PDT The 30-second pre-roll is the blink tag of our era. It's the ad format that drives users crazy, and it's just not right for Web or mobile. Here's how to fix video advertising and make online video profitable for everyone. < - > http://news.cnet.com/8301-31322_3-57417972-256/for-digital-video-to-live-the-30-second-pre-roll-ad-must-die/?google_editors_picks=true --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 23 10:21:23 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Apr 2012 11:21:23 -0400 Subject: [Infowarrior] - Hurt Locker Makers Return to Sue 2, 514 BitTorrent Users Message-ID: Hurt Locker Makers Return to Sue 2,514 BitTorrent Users ? Ernesto ? April 23, 2012 http://torrentfreak.com/hurt-locker-makers-return-to-sue-2514-bittorrent-users-120423/ Voltage Pictures, the makers of the Oscar-winning movie The Hurt Locker, have filed a new lawsuit at a federal court in Florida. By targeting at least 2,514 alleged BitTorrent users, Voltage Pictures hopes to recoup several million dollars in settlements to compensate the studio for piracy-related losses. In total, more than a quarter million people have now been sued in the US for alleged copyright infringements via BitTorrent. After being honored with an Oscar for Best Motion Picture in 2010, the makers of The Hurt Locker went on to sue thousands of people who allegedly shared the film online. Movie studio Voltage Pictures was not only one of the first studios to sue BitTorrent downloaders in the US, it also secured the award for the biggest mass-BitTorrent lawsuit by listing 24,583 alleged infringers at once. This case dragged on for nearly two years and after collecting an undisclosed number of settlements it was eventually closed last December. It remains unknown how profitable the lawsuit was for the movie studio, but since they haven?t given up on the scheme yet we assume that it wasn?t a financial debacle. Last week the studio filed a brand new lawsuit in Florida against 2,514 John Doe defendants, who are all accused of downloading The Hurt Locker. Through this lawsuit the studio wants to obtain a subpoena so they can order ISPs to reveal the identities of the alleged downloaders. These account holders will then receive a settlement offer that generally lies around $3,000, which means that the Hurt Locker makes can receive over 6 million dollars in damages. While the complaint filed at a federal court in Florida is pretty standard, there are a few details that stand out when we look at the list of sued IP-addresses. Firstly, all the defendants downloaded the film in 2010. This means that the movie studio has waited two years before filing a lawsuit against the alleged copyright infringers. On top of that, we see that all the 2,514 defendants are subscribers of the same Internet provider, Charter Communications. It could be that the points above are related. For example, Voltage Pictures may know that Charter keeps IP-address records for more than two years while other ISPs don?t. Another reason for targeting Charter subscribers could be that the movie studio knows that the ISP is not going to object to handing over bulk subscriber details. Whatever the case, this new lawsuit is worth keeping an eye on. While The Hurt Locker is a prominent name, this mass-lawsuit is just one of many being filed every week. In total more than 250,000 alleged BitTorrent users have been targeted in the United States and this number continues to increase. While most of the plaintiffs are adult film studios, more reputable brands such as the major book publisher Wiley & Sons have joined in as well. And last week the first game publisher filed a lawsuit as ?Airbus X? makers Aerosoft GmbH targeted 50 downloaders. Depending on the success of the current cases, the BitTorrent lawsuits may continue for years. Thus far there is no indication that the end is in sight. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 23 13:44:30 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Apr 2012 14:44:30 -0400 Subject: [Infowarrior] - PGP Creator Phil Zimmerman Has a New Venture Message-ID: <7B8D6CD4-4731-4810-AD30-A9907D185B13@infowarrior.org> PGP Creator Phil Zimmerman Has a New Venture Called Silent Circle April 23, 2012 at 8:36 am PT http://allthingsd.com/20120423/pgp-creator-phil-zimmerman-has-a-new-venture-called-silent-circle/ It has been a long time since anyone thought seriously about the encryption debate that hung over the discussion around privacy rights in the 1990s. It has also been a long time since Phil Zimmerman ? creator of the Pretty Good Privacy software that so many people adopted to encrypt their email ? was the target of a federal criminal investigation that derived from his making it widely available for download. The government dropped its case in 1996. Today, PGP is the most widely used encryption program in the world. PGP, the company, is part of Symantec, and encrypting your email is now super easy, though most people don?t go to the trouble of doing it. PGP is the reason Zimmerman is going to be inducted into the Internet Hall of Fame today, at a dinner in Geneva. Which, of course, raises the question: What is he doing these days? The answer: Launching a new venture. It?s called Silent Circle, for which Zimmerman has teamed up with two former Navy SEALs and one of his PGP Corp. co-founders. The plan is to offer encrypted email, encrypted mobile calls, encrypted VOIP teleconferencing and encrypted instant messaging, all in one place. Joining Zimmerman in Silent Circle are Mike Janke, a former Navy SEAL sniper, special operations communications expert and privacy advocate; Vic Hyder, another former Navy SEAL and founder of Maritime Security; and Jon Callas, a cryptographer and Zimmerman?s co-founder of PGP Corp., whose current day job is CTO at Entrust. Silent Circle will offer services both to consumers and corporations, but also to human-rights groups, dissidents and nongovernmental organizations working in dangerous or sketchy places where governments tend to monitor communications. There?s also a promise of no backdoors offered for any individual, organization or government. Though Silent Circle is now running a private beta, the plan, as I understand it, is to launch publicly on July 15. We?ll hear more about it then. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 23 13:50:26 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 23 Apr 2012 14:50:26 -0400 Subject: [Infowarrior] - Pentagon creates new espionage unit Message-ID: <012ED159-A3C2-4953-860F-A6AAB0DD027E@infowarrior.org> Pentagon creates new espionage unit By Greg Miller, Monday, April 23, 12:19 PM http://www.washingtonpost.com/world/national-security/pentagon-creates-new-espionage-unit/2012/04/23/gIQA9R7DcT_print.html The Pentagon is planning to ramp up its spying operations against high-priority targets such as Iran under an intelligence reorganization approved last week by Defense Secretary Leon E. Panetta, a senior defense official said Monday. The newly created Defense Clandestine Service would work closely with the CIA to expand espionage operations overseas at a time when the missions of the agency and the military increasingly converge. The defense official said the plan was developed in response to a classified study completed last year by the director of national intelligence that concluded that the military?s espionage efforts needed to be more focused on major targets outside war zones. The new service will seek to ?make sure officers are in the right locations to pursue those requirements,? said the official, who spoke on condition of anonymity to discuss what he described as a ?realignment? of the military?s human espionage efforts. The official declined to provide details on where such shifts might occur, but the nation?s most pressing intelligence priorities in recent years have included counterterrorism, nonproliferation and ascendant powers such as China. The realignment is expected to affect several hundred military operatives who already work in spying assignments abroad, mostly as case officers for the Defense Intelligence Agency, which serves as the Pentagon?s main source of human intelligence and analysis. The official said that the size of the new service is expected to grow ?from several hundred to several more hundred? in the coming years. Despite the potentially provocative name for the new service, the official played down concerns that the Pentagon was seeking to usurp the role of the CIA or its National Clandestine Service. This ?does not involve new manpower ... does not involve new authorities,? the official said. Instead, the official said that the DIA is shifting its emphasis ?as we look to come out of war zones and anticipate the requirements over the next several years.? Congressional officials said they were seeking more details about the plan. ?My question is why? What?s missing and what?s going on?? said a senior Senate aide who had been given a preliminary briefing on the new service. The plan was unveiled about a week after a senior U.S. Army officer with extensive experience in special operations and counter-insurgency fighting in Iraq and Afghanistan was nominated to serve as the next chief of the DIA. While serving in Afghanistan, Lt. Gen. Michael T. Flynn published a harsh critique of intelligence operations in that country, faulting collectors for being too focused on tactical threats and failing to understand the broader demographic and political context of the battlefield. About 15 percent of the DIA?s case officers will be part of the Defense Clandestine Service, the defense official said. New, more clearly delineated career paths will give DIA case officers better opportunities to continue their espionage assignments abroad. The new service fits into a broader convergence trend. U.S. Special Operations forces are increasingly engaged in intelligence collection overseas, and have collaborated with the CIA on missions ranging from the raid on Osama bin Laden?s compound in Pakistan to ongoing drone strikes in Yemen. The blurring is also evident in the organizations? upper ranks. Panetta previously served as CIA director, and that post is currently held by former four-star U.S. Army Gen. David H. Petraeus. A key architect of the Defense Clandestine Service is Undersecretary of Defense for Intelligence Michael Vickers, who formerly served in the CIA. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 24 07:50:48 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Apr 2012 08:50:48 -0400 Subject: [Infowarrior] - Harvard Library to faculty: we're going broke unless you go open access Message-ID: Harvard Library to faculty: we're going broke unless you go open access By Cory Doctorow at 1:45 pm Monday, Apr 23 Henry sez, "Harvard Library's Faculty Advisory Council is telling faculty that it's financially 'untenable' for the university to keep on paying extortionate access fees for academic journals. It's suggesting that faculty make their research publicly available, switch to publishing in open access journals and consider resigning from the boards of journals that don't allow open access." < - > http://boingboing.net/2012/04/23/harvard-library-to-faculty-we.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 24 10:51:26 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Apr 2012 11:51:26 -0400 Subject: [Infowarrior] - As CISPA Hits Congress, Cybersecurity Company Hypes The Fear Of Anonymous Message-ID: As CISPA Hits Congress, Cybersecurity Company Hypes The Fear Of Anonymous from the fearing-fear-itself dept http://www.techdirt.com/articles/20120423/13040318615/as-cispa-hits-congress-cybersecurity-company-hypes-fear-anonymous.shtml Through TNW, we learn of a survey published by threat protection company Bit9 that states an attack by Anonymous is the number one thing IT security professionals fear. Doubtless the release of this survey was timed to coincide with CISPA, the dangerous cybersecurity bill that is being debated in the House this week. It's no surprise that a security provider would want to play up the fear of cyber attack, but I'm reminded of a quote from comedian Dara O'Briain: "Zombies are at an all time low level, but the fear of zombies could be incredibly high. It doesn't mean we have to have government policies to deal with the fear of zombies." Apart from the fact that the fear of something is pretty meaningless (except to those who sell security, and those who want to pass bad laws), the details of the survey make it clear that this is entirely a matter of the hype around Anonymous: < - > 61% believe that their organizations could suffer an attack by Anonymous, or other hacktivist groups. Despite the utter sense of fear that Anonymous has created over the years, 62% were more worried about the actual method of attack, with malware accounting for the most cause for concern at 48%. Only 11% of the respondents were concerned about one of Anonymous? actual methods of attack ? DDoS, while fears over SQL injections dipped to a measly 4%. Phishing was a concern for 17% of the respondents. < - > So, despite the fact that Anonymous apparently has them shaking in their boots, they know that their real vulnerability is malware?and that's not really Anonymous' game. The fear is manufactured. What this survey calls attention to, though, is a fact that deserves more attention: under CISPA or a similar law, Anonymous would make a juicy target. Security companies and the government could collude and share data not only to strengthen their networks against attack, which would itself be perfectly reasonable, but also to identify and investigate Anonymous members, notwithstanding any other privacy laws. Regardless of how you feel about Anonymous' tactics, this should concern you: privacy rights and the 4th Amendment exist for a reason, and CISPA would wash them away online. The authors of the bill insist that it targets foreign entities, but it is arguably an even stronger weapon against domestic hacktivism that will inevitably be used and abused. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 24 10:53:36 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Apr 2012 11:53:36 -0400 Subject: [Infowarrior] - CISPA faces bi-partisan backlash ahead of House vote Message-ID: <65B4A2CB-E260-44F8-8839-4086FC2D5D13@infowarrior.org> CISPA faces bi-partisan backlash ahead of House vote April 24, 2012By Andrew Couts http://www.digitaltrends.com/web/cispa-faces-bi-partisan-backlash-ahead-of-house-vote/ The Cyber Intelligence Sharing and Protection Act, better known as CISPA, has come under fire from parties on both side of the political spectrum, as the House vote nears. With just days left before the Cyber Intelligence Sharing and Protection Act (CISPA) goes before the House of Representatives for a full vote, voices on both sides of the aisle have slammed the cybersecurity legislation as a gross example of government intrusion. Monday afternoon, a group of 18 congressional Democrats sent a letter (pdf) to CISPA?s chief co-sponsors, Reps. Mike Rogers (R-MI) and Dutch Ruppersberger (D-MD), warning that the ?the broadness and ambiguous language of CISPA raise serious concerns.? The Members say their primary worries about the bill revolve around: ? Determining what information relating to Internet activity will be shared; ? Deciding who in the federal government ? including the Intelligence Community ? will access this information; and ? The purpose and manner in which that information will be used. Moreover, say the Democrats, ?CISPA would, for the first time, grant non-civilian Federal agencies, such as the National Security Agency, unfettered access to information about Americans? Internet activities and allow those agencies to use that information for virtually any purpose.? From the right, a coalition of conservative groups, which includes Competitive Enterprise Institute, TechFreedom, FreedomWorks, Americans for Limited Government, the Liberty Coalition, and American Conservative Union Chairman Al Cardenas, expressed similar concerns about the bill, asserting in their own letter (pdf) to Rogers and Ruppersberger that, despite changes to the legislation, CISPA ?risks unduly expanding federal power, undermining freedom of contract, and harming U.S. competitiveness in the technology sector.? The letter goes on to say that the broad definition of ?cyber threat information? and the vast immunity given to companies that share such information with the federal government pose unacceptable problems. The groups warn that information shared under CISPA could be used for purposes other than to protect the government and private companies from cyber threats, or threats to national security, which is the stated goal of the bill. They also insist that CISPA would make it impossible for companies to assure customers that their private data would be protected. In addition to these two groups, Republican presidential candidate Ron Paul, and an official from the Obama administration, also said on Monday that CISPA does not provide adequate protections to individual privacy, among other problems. Both the Democratic Members and the conservative groups urge Rogers and Ruppersberger to amend CISPA to resolve these issues. As the Democrats note in their letter, Rogers and Ruppersberger are expected to offer a ?Manager?s Amendment? to CISPA prior to its consideration by the full House. It is not yet known, however, whether the updated text will solve the problems these parties believe are currently inherent in the bill. All of the dangers of CISPA expressed in these two letters are precisely what a wide range of civil liberties groups, including the Electronic Frontier Foundation, the Center for Democracy & Technology, and the American Civil Liberties Union, have been saying since the CISPA debate began. While the opposition to CISPA is clearly growing, so is CISPA?s list of supporters. The bill has gained backing from an increasing number of technology industry trade groups, and the number of co-sponsors has jumped from 106 at the end of March to its current total of 112. House consideration of CISPA is scheduled to begin on Thursday, with a vote on the bill due no later than Friday afternoon. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 24 13:28:18 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Apr 2012 14:28:18 -0400 Subject: [Infowarrior] - Here we go again... Message-ID: The latest Congressional Cybersecurity Circus (i.e., hearing on cybersecurity) just began ..... Subcommittee Hearing: America is Under Cyber Attack: Why Urgent Action is Needed http://mfile.akamai.com/65736/live/reflector:38577.asx?bkup=38651&prop=n During opening statements, I've already heard early mention of a "Cyber Pearl Harbor" and the reiteration of the *same* set of talking points that go back to the mid-90s. And the same suite of go-to cybersecurity witnesses are there as well. I'm reminded of that old Army cadence: "Here we go again.....same old stuff again...." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Apr 24 17:03:28 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 24 Apr 2012 18:03:28 -0400 Subject: [Infowarrior] - EFF Open Letter on Bad Cybersecurity Bills Message-ID: (Yes, I am a signatory. --rick) An Open Letter From Security Experts, Academics and Engineers to the U.S. Congress: Stop Bad Cybersecurity Bills Today, a group of prominent academics, experienced engineers, and professionals published an open letter to members of the United States Congress, stating their opposition to CISPA and other overly broad cybersecurity bills. < - > https://www.eff.org/deeplinks/2012/04/open-letter-academics-and-engineers-us-congress --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 25 08:06:00 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Apr 2012 09:06:00 -0400 Subject: [Infowarrior] - CISPA revision allows DHS Internet 'countermeasures' Message-ID: <02BB37DF-6E5B-4932-A3C3-3D6DDF8ACED4@infowarrior.org> (c/o Ferg) CISPA revision allows DHS Internet 'countermeasures' by Declan McCullagh April 24, 2012 9:51 PM PDT Homeland Security Secretary Janet Napolitano would be authorized to "intercept" and "use" data from federal government-affiliated networks, according to new CISPA amendment. < - > http://news.cnet.com/8301-31921_3-57420580-281/cispa-revision-allows-dhs-internet-countermeasures/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 25 08:35:16 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Apr 2012 09:35:16 -0400 Subject: [Infowarrior] - Beware: Google Drive ToS is dangerous Message-ID: <37ABD092-A6BB-46FE-8F5C-C452024BDE30@infowarrior.org> How far do Google Drive's terms go in 'owning' your files? By Zack Whittaker | April 24, 2012, 5:52pm PDT Summary: Google Drive?s terms of service allows you to still own your own files, but grants the company a license to do ?as it wants? with your uploaded content. http://www.zdnet.com/blog/btl/how-far-do-google-drives-terms-go-in-owning-your-files/75228 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 25 08:58:00 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Apr 2012 09:58:00 -0400 Subject: [Infowarrior] - =?windows-1252?q?No_invention=3A_Al_Gore=92s_Inte?= =?windows-1252?q?rnet_honor?= Message-ID: No invention: Al Gore?s Internet honor By PATRICK GAVIN | 4/24/12 8:46 AM EDT Updated: 4/24/12 2:57 PM EDT http://www.politico.com/news/stories/0412/75526.html If you invent the Internet, you should probably get some sort of recognition, right? Former Veep Al Gore is now getting a bit of credit for his infamous 1999 claim that ?I took the initiative in creating the Internet?: He?ll be one of the first inductees into the Internet Hall of Fame. The names were announced Monday at the Internet Society?s Global INET 2012 conference in Geneva, Switzerland, and Gore was placed in the ?Global Connectors? category for having ?made significant contributions to the global growth and use of the Internet.? The group?s description of Gore states: ?Al Gore, the 45th Vice President of the United States, was a key proponent of sponsoring legislation that funded the expansion of and greater public access to the Internet. Instrumental in helping to create the ?Information Superhighway,? Gore was one of the first government officials to recognize that the Internet?s impact could reach beyond academia to fuel educational and economic growth as well.? Other inductees: Paul Baran, Vint Cerf, Danny Cohen, Steve Crocker, Donald Davies, Elizabeth Feinler, Charles Herzfeld, Robert Kahn, Peter Kirstein, Leonard Kleinrock, John Klensin, Jon Postel, Louis Pouzin, Lawrence Roberts, Mitchell Baker, Tim Berners-Lee, Robert Cailliau, Van Jacobson, Lawrence Landweber, Paul Mockapetris, Craig Newmark, Raymond Tomlinson, Linus Torvalds, Philip Zimmermann, Randy Bush, Kilnam Chon,Nancy Hafkin, Geoff Huston, Brewster Kahle, Daniel Karrenberg, Toru Takahashi, and Tan Tin Wee. ?This historic assembly of Internet visionaries, innovators, and leaders represents an extraordinary breadth of vision and work,? said Internet Society President and CEO Lynn St.Amour. ?While the inductees have extremely diverse backgrounds and represent many different countries, each individual has an incredible passion for their work. We all benefit from their outstanding contributions to a global Internet, making it one of the greatest catalysts of economic and societal development of all time.? Gizmodo reviewed the list and offered its own suggestions of who else should be included in the list. One nomination that might catch the eye of politicos: Matt Drudge. ?How did Americans even discuss politics before the internet ? or the Drudge Report?? writes the website. ?Matt Drudge, the unabashedly opinionated web links magnate, reinvented the way the media covers modern politics. He helped make blogging a significant source of news, and his incendiary style gave new life to the art of the headline itself. Plus, he has a cool siren." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 25 14:52:15 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Apr 2012 15:52:15 -0400 Subject: [Infowarrior] - WH opposes CISPA (so they say) Message-ID: But will Obama actually veto it if it passes Congress? I bet he won't......you just wait .... place your bets and watch. I suspect it will either pass as-is or have some modest concession so the WH can say that it managed to 'change' part of it. but that we need it enacted for the good of the country, cyber-terror, blah blah digital pearl harbor, blah, blah. -- rick Cispa cybersecurity bill opposed by Obama administration ? James Ball ? guardian.co.uk, Tuesday 24 April 2012 10.31 EDT http://www.guardian.co.uk/technology/2012/apr/24/cispa-cybersecurity-bill-opposed-obama A senior State Department official has stressed the Obama administration's opposition to a controversial cybersecurity bill ahead of a vote in the House of Representatives later this week. The Cyber Intelligence Sharing and Protection Act (Cispa) is intended to facilitate sharing of information on online threats across different federal agencies and private companies. It has been criticised by both activists and politicians of both Democrats and Republicans for vague wording and insufficient safeguards. Ahead of the bill coming in front of the House of Representatives alongside three other cybersecurity bills, Alec Ross, a senior adviser for innovation to Hillary Clinton, reiterated the administration's opposition to the proposals in more explicit language than previous statements from officials. "The Obama administration opposes Cispa," he told the Guardian. "The president has called for comprehensive cybersecurity legislation. There is absolutely a need for comprehensive cybersecurity legislation. "[But] part of what has been communicated to congressional committees is that we want legislation to come with necessary protections for individuals." Ross refused to be drawn, however, on whether the White House would consider vetoing the bill were it to pass through Congress Ross's comments came as Republican presidential candidate Ron Paul set out his own strident opposition to Cispa. "Cispa permits both the federal government and private companies to view your private online communications without judicial oversight provided that they do so of course in the name of cybersecurity," he said on Monday. "Simply put, Cispa encourages some of our most successful internet companies to act as government spies, sowing distrust of social media and chilling communications in one segment of the world economy where Americans still lead." The open internet group EFF has warned that Cispa's broad wording could class many routine internet activities, such as using encryption on emails or enabling anonymity using a service called TOR, as potential threats. The act could also indemnify companies acting for security purposes from civil and criminal liability, including violating a user's privacy, provided these were not intentional, the group warned. Despite the opposition, Mike Rogers, the chairman of the house intelligence committee and primary sponsor of the bill, remains confident it will be passed by the House of Representatives this week. "I feel pretty confident that we'll close out the bill," he told the Talking Points Memo blog on Monday. Rogers also reportedly told the site he was not aware of a final stance from the Obama administration regarding his bill, and said he had met with some advocacy groups and modified Cispa as a result. "There's some people who aren't interested in having any bill happen," Rogers told TPM. "But we've had an open and transparent dialogue with everyone who has chosen to engage with us, and there's been major progress made. This has always been a collaborative effort." Three other cybersecurity-related bills are passing through the house this week ? the Data act, which creates more oversight on security of federal computer systems and data; the Cybersecurity Enhancement Act, aimed at targeting federal cybersecurity research, and a third computer research and design bill. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Apr 25 14:55:57 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 25 Apr 2012 15:55:57 -0400 Subject: [Infowarrior] - Spoke too soon, WH just issued veto threat on CISPA Message-ID: White House takes aim at CISPA with formal veto threat Obama administration breaks with some House Democrats by saying controversial bill could "undermine" privacy and civil liberties. by Declan McCullagh April 25, 2012 12:31 PM PDT http://news.cnet.com/8301-31921_3-57421267-281/white-house-takes-aim-at-cispa-with-formal-veto-threat The White House today escalated its opposition to a cybersecurity-related surveillance bill with a formal veto threat. In a new statement, the White House's Office of Management and Budget said that the CISPA bill endangered Americans' privacy and inappropriately shielded private companies from liability. The statement suggests that CISPA -- also known as the Cyber Intelligence Sharing and Protection Act -- goes too far by giving the National Security Agency too much power: < - > H.R. 3523 effectively treats domestic cybersecurity as an intelligence activity and thus, significantly departs from longstanding efforts to treat the Internet and cyberspace as civilian spheres. The Administration believes that a civilian agency -- the Department of Homeland Security -- must have a central role in domestic cybersecurity, including for conducting and overseeing the exchange of cybersecurity information with the private sector and with sector-specific Federal agencies. The American people expect their Government to enhance security without undermining their privacy and civil liberties. Without clear legal protections and independent oversight, information sharing legislation will undermine the public's trust in the Government as well as in the Internet by undermining fundamental privacy, confidentiality, civil liberties, and consumer protections. The Administration's draft legislation, submitted last May, provided for information sharing with clear privacy protections and strong oversight by the independent Privacy and Civil Liberties Oversight Board. <-> The House Rules committee is meeting this afternoon to discuss which amendments will be permitted during a floor discussion scheduled to begin tomorrow, with a floor vote to follow on Friday. (See CNET's article on one of the amendments, proposed by Rep. Sheila Jackson Lee (D-Tex.), what would hand Homeland Security more power to "intercept" some Internet traffic.) What sparked the recent privacy outcry over CISPA -- including a petition signed by nearly 800,000 Internet users -- are portions of the law that would allow Internet companies to open their networks and customer databases to the Feds for cybersecurity purposes. Probably the most controversial section of CISPA says that "notwithstanding any other provision of law," companies may share information with Homeland Security, the IRS, or the National Security Agency. By including the word "notwithstanding," CISPA's drafters intended to make their legislation trump all existing federal and state laws, including ones dealing with wiretaps, educational records, medical privacy, and more. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 26 12:46:28 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Apr 2012 13:46:28 -0400 Subject: [Infowarrior] - TSA defends pat-down of 4-year-old at Kan. airport Message-ID: Another win for TSA -- this girl probably is traumatised for life in the name of TSA "protecting" us. This bloated agency and its idiotic 'measures' need to be eliminated. Now. -- rick TSA defends pat-down of 4-year-old at Kan. airport By ROXANA HEGEMAN | Associated Press ? 3 hrs ago http://news.yahoo.com/tsa-defends-pat-down-4-old-kan-airport-231522461.html;_ylt=A2KJ3CVkiJhP2S4AInDQtDMD WICHITA, Kan. (AP) ? The grandmother of a 4-year-old girl who became hysterical during a security screening at a Kansas airport said Wednesday that the child was forced to undergo a pat-down after hugging her, with security agents yelling and calling the crying girl an uncooperative suspect. The incident has been garnering increasing media and online attention since the child's mother, Michelle Brademeyer of Montana, detailed the ordeal in a public Facebook post last week. The Transportation Security Administration is defending its agents, despite new procedures aimed at reducing pat-downs of children. The child's grandmother, Lori Croft, told The Associated Press that Brademeyer and her daughter, Isabella, initially passed through security at the Wichita airport without incident. The girl then ran over to briefly hug Croft, who was awaiting a pat-down after tripping the alarm, and that's when TSA agents insisted the girl undergo a physical pat-down. Isabella had just learned about "stranger danger" at school, her grandmother said, adding that the girl was afraid and unsure about what was going on. "She started to cry, saying 'No I don't want to,' and when we tried talking to her she ran," Croft said. "They yelled, 'We are going to shut down the airport if you don't grab her.'" But she said the family's main concern was the lack of understanding from TSA agents that they were dealing with a 4-year-old child, not a terror suspect. "There was no common sense and there was no compassion," Croft said. "That was our biggest fault with the whole thing ? not that they are following security procedures, because I understand that they have to do that." Brademeyer, of Missoula, Mont., wrote a public Facebook post last week about the April 15 incident, claiming TSA treated her daughter "no better than if she had been a terrorist." The posting was taken down Wednesday. Another post said the family had filed formal complaints with the TSA and the airport. The TSA released a statement Tuesday saying it explained to the family why additional security procedures were necessary and that agents didn't suspect or suggest the child was carrying a firearm. "TSA has reviewed the incident and determined that our officers followed proper screening procedures in conducting a modified pat-down on the child," the agency said. The statement noted that the agency recently implemented modified screening procedures for children age 12 and younger to further reduce the need for pat-downs of children, such as multiple passes through a metal detector and advanced imaging technology. "These changes in protocol will ultimately reduce ? though not eliminate ? pat-downs of children," the statement said. "In this case, however, the child had completed screening but had contact with another member of her family who had not completed the screening process." U.S. Sen. Jon Tester, a Montana Democrat, pressed the TSA for more information Wednesday. Tester, a member of the Senate Homeland Security Committee, said he was concerned the TSA went too far. "I am a staunch advocate for effective transportation security, but I'm also a strong advocate for common sense and the freedoms we enjoy as Americans," Tester wrote to TSA Administrator John Pistole. "Any report of abuse of the power entrusted to officers of the TSA is especially concerning ? especially if it involves children." In a phone interview from her home in Fountain Valley, Calif., Croft said Brademeyer tried to no avail to get TSA agents to use a wand on the frightened girl or allow her to walk through the metal detector again. She also said TSA agents wanted to screen her granddaughter alone in a separate room. "She was kicking and screaming and fighting and in hysterics," Croft said. "At that point my daughter ran up to her against TSA's orders because she said, 'My daughter is terrified, I can't leave her.'" The incident went on for maybe 10 minutes, until a manager came in and allowed agents to pat the girl down while she was screaming but being held by her mother. The family was then allowed to go to their next gate with a TSA agent following them. Croft said that for the first few nights after coming home, Isabelle had nightmares and talked about kidnappers. She said TSA agents had shouted at the girl, telling her to calm down and saying the suspect wasn't cooperating. "To a 4-year-old's perspective that's what it was to her because they didn't explain anything and she did not know what was going on," Croft said. "She saw people grabbing at her and raising their voices. To her, someone was trying to kidnap her or harm her in some way." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 26 13:02:58 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Apr 2012 14:02:58 -0400 Subject: [Infowarrior] - Blaming Speculators Message-ID: <9C312F4C-7AB1-4FA8-B9BC-49246FFB7E96@infowarrior.org> Funny how "they" (DC, politicos, etc) never blame short sellers or speculators when the price of oil goes down, do they? I mean, nobody in DC has said anything about the reasons why nat gas prices are extraordinarily low these days....aren't speculators responsible for downward price action, too? (Sure, there's probably some speculation - after all it is a free market - but I doubt it's on the order that they make it out to be.) But joking aside, "they" also seem to forget how markets work: Namely, that the way you profit if you are "driving prices up" is to sell that item, which then drives prices down. 'tis how the markets work. Ah, politics. *grumble* -- rick Don't blame speculators for high gas prices By Lutz Kilian, Special to CNN updated 12:30 PM EDT, Thu April 19, 2012 High oil and gas prices cannot be blamed on market manipulation, says Lutz Kilian. http://www.cnn.com/2012/04/19/opinion/kilian-oil-speculation/index.html Editor's note: Lutz Kilian is a professor of economics at University of Michigan. He is a research fellow at the Center for Economic Policy Analysis and the Center for Financial Studies. (CNN) -- This week, President Obama announced policy measures to enhance the surveillance of oil futures markets. The president stressed that the new measures would not bring down gasoline prices overnight, but implied that they would lower gas prices in the long run because more oversight would deter market manipulation. There is universal agreement on the need to prevent the manipulation of oil prices, but the premise of this proposal could not be more mistaken. There is no evidence that rising crude oil prices were caused by market manipulation, and there is no reason to expect increased oversight to lower gas prices across America. This policy initiative confuses the increased financialization of oil futures markets in recent years with illegal activities such as market manipulation. Market manipulation occurs when traders herd the market into positions from which they can profit, resulting in excessively high oil prices. There is no evidence that the bulk of the financial investors taking positions in oil futures markets since 2003 have engaged in such activities. More generally, the Obama administration is mistaken in attributing high oil and gas prices to the presence of financial investors in oil futures markets. A popular view among pundits and policymakers has been that the sustained oil price increase between 2003 and mid-2008 could not possibly be explained by economic fundamentals, but must have been brought about by financial investors taking speculative positions in oil futures markets. Recent research has not been kind to this hypothesis. A large number of scientific studies have failed to produce any credible evidence that high oil and gas prices were caused by the presence of financial investors in oil futures markets. For example, seemingly compelling and widely cited data regarding the relative size of the financial market for oil and the physical volume of oil being consumed has been shown to be misleading. All indications are that the financial market is smaller than oil consumption when measured correctly. Equally importantly, studies based on financial data provided by the Commodity Futures Trading Commission shows that financial investors did not take the positions in oil futures markets commonly ascribed to them. For example, changes in index funds' positions do not precede changes in the price of oil futures, but prices predict positions. Nor is there a systematic relationship between commonly discussed measures of speculation and movements of oil prices. Finally, price increases in commodity markets for which there are no futures exchanges are as large as price increases in the oil market. In fact, there are strong indications that recent oil price fluctuations were mainly associated with changes in the global business cycle. Notably, between 2003 and mid-2008, global demand for oil increased faster than global oil production, resulting in a sustained increase in the price of oil. Much of the additional demand for oil came from emerging Asia. No nefarious speculators are required to explain this surge in the price of oil. Indeed, oil futures prices responded to much the same economic forces as prices in the physical market Notwithstanding widespread agreement on this explanation among oil market experts, policy makers have remained intrigued with the speculation hypothesis. The apparent reason is that this hypothesis seems to provide an easy alternative to less popular policies of energy conservation. In fact, the Obama administration's approach to lowering gasoline prices is as impractical as the Republican proposal of bringing gasoline prices down by increasing U.S. oil production. Neither proposal recognizes that oil prices today are determined by the highest bidder in global oil markets. The unpleasant truth is that high prices at the pump are not likely to go away, short of another global recession --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 26 19:00:56 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Apr 2012 20:00:56 -0400 Subject: [Infowarrior] - House passes CISPA Message-ID: <4B6CDF1A-E8BC-4E15-A65D-84989D5A24FE@infowarrior.org> House OKs cybersecurity bill despite veto threat By DONNA CASSATA | Associated Press ? 1 hr 3 mins ago http://news.yahoo.com/house-oks-cybersecurity-bill-despite-veto-threat-223445304--finance.html WASHINGTON (AP) ? The House ignored Obama administration objections Thursday and approved legislation aimed at helping stop electronic attacks on critical U.S. infrastructure and private companies. On a bipartisan vote of 248-168, the GOP-controlled House backed the Cyber Intelligence Sharing and Protection Act, which would encourage companies and the federal government to share information collected on the Internet to prevent electronic attacks from cybercriminals, foreign governments and terrorists. "This is the last bastion of things we need to do to protect this country," Rep. Mike Rogers, R-Mich., chairman of the House Intelligence Committee, said after more than five hours of debate. More than 10 years after the Sept. 11 terrorist attacks, proponents cast the bill as an initial step to deal with an evolving threat of the Internet age. The information sharing would be voluntary to avoid imposing new regulations on businesses, an imperative for Republicans. The legislation would allow the government to relay cyber threat information to a company to prevent attacks from Russia or China. In the private sector, corporations could alert the government and provide data that could stop an attack intended to disrupt the country's water supply or take down the banking system. The Obama administration has threatened a veto of the House bill, preferring a Senate measure that would give the Homeland Security Department the primary role in overseeing domestic cybersecurity and the authority to set security standards. That Senate bill remains stalled. House Speaker John Boehner, R-Ohio, said the administration's approach was misguided. "The White House believes the government ought to control the Internet, government ought to set standards and government ought to take care of everything that's needed for cybersecurity," Boehner told reporters at his weekly news conference. "They're in a camp all by themselves." Faced with widespread privacy concerns, Rogers and Rep. C.A. "Dutch" Ruppersberger of Maryland, the Intelligence panel's top Democrat, pulled together an amendment that limits the government's use of threat information to five specific purposes: cybersecurity; investigation and prosecution of cybersecurity crimes; protection of individuals from death or serious bodily harm; protection of minors from child pornography; and the protection of national security. The House passed the amendment, 410-3. The White House, along with a coalition of liberal and conservative groups and some lawmakers, strongly opposed the measure, complaining that Americans' privacy could be violated. They argued that companies could share an employee's personal information with the government, data that could end up in the hands of officials from the National Security Agency or the Defense Department. They also challenged the bill's liability waiver for private companies that disclose information, complaining that it was too broad. "Once in government hands, this information can be used for undefined 'national security' purposes unrelated to cybersecurity," a coalition that included the American Civil Liberties Union and former conservative Rep. Bob Barr, R-Ga., wrote lawmakers Thursday. Echoing those concerns were several Republicans and Democrats who warned of potential government spying on its citizens with the help of employers. "In an effort to foster information sharing, this bill would erode the privacy protections of every single American using the Internet. It would create a 'Wild West' of information sharing," said Rep. Bennie Thompson of Mississippi, the top Democrat on the House Homeland Security Committee. Said Rep. Joe Barton, R-Texas: "Until we protect the privacy rights of our citizens, the solution is worse than the problem." Countering criticism of Big Brother run amok, proponents argued that the bill does not allow the government to monitor private networks, read private emails or close a website. It urges companies that share data to remove personal information. "There is no government surveillance, none, not any in this bill," Rogers said. Among the amendments the House approved was one by Rep. Justin Amash, R-Mich., that put certain personal information off limits: library, medical and gun sale records, tax returns and education documents. "I don't know why the government would want to snoop through library records or tax returns to counter the cybersecurity threat," Amash said. The House approved his amendment, 415-0. Trumping any privacy concerns were the national security argument, always powerful in an election year, and Republicans' political desire to complete a bill that would then force the Democratic-led Senate to act. The administration backs a Senate bill sponsored by Sens. Joe Lieberman, I-Conn., and Susan Collins, R-Maine, that gives Homeland Security the authority to establish security standards. However, that legislation faces opposition from senior Senate Republicans. Arizona Sen. John McCain, the top Republican on the Senate Armed Services Committee, said during a hearing last month that the Homeland Security Department is "probably the most inefficient bureaucracy that I have ever encountered" and is ill-equipped to determine how best to secure the nation's essential infrastructure. McCain has introduced a competing bill. ___ Associated Press writer Alan Fram contributed to this report. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 26 19:01:57 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Apr 2012 20:01:57 -0400 Subject: [Infowarrior] - CISPA Just Got Way Worse, And Then Passed On Rushed Vote Message-ID: <9B03108C-E312-4F07-91FD-B5135E68E3D8@infowarrior.org> Insanity: CISPA Just Got Way Worse, And Then Passed On Rushed Vote from the this-is-crazy dept http://www.techdirt.com/articles/20120426/14505718671/insanity-cispa-just-got-way-worse-then-passed-rushed-vote.shtml Up until this afternoon, the final vote on CISPA was supposed to be tomorrow. Then, abruptly, it was moved up today?and the House voted in favor of its passage with a vote of 248-168. But that's not even the worst part. The vote followed the debate on amendments, several of which were passed. Among them was an absolutely terrible change (pdf and embedded below?scroll to amendment #6) to the definition of what the government can do with shared information, put forth by Rep. Quayle. Astonishingly, it was described as limiting the government's power, even though it in fact expands it by adding more items to the list of acceptable purposes for which shared information can be used. Even more astonishingly, it passed with a near-unanimous vote. The CISPA that was just approved by the House is much worse than the CISPA being discussed as recently as this morning. Previously, CISPA allowed the government to use information for "cybersecurity" or "national security" purposes. Those purposes have not been limited or removed. Instead, three more valid uses have been added: investigation and prosecution of cybersecurity crime, protection of individuals, and protection of children. Cybersecurity crime is defined as any crime involving network disruption or hacking, plus any violation of the CFAA. Basically this means CISPA can no longer be called a cybersecurity bill at all. The government would be able to search information it collects under CISPA for the purposes of investigating American citizens with complete immunity from all privacy protections as long as they can claim someone committed a "cybersecurity crime". Basically it says the 4th Amendment does not apply online, at all. Moreover, the government could do whatever it wants with the data as long as it can claim that someone was in danger of bodily harm, or that children were somehow threatened?again, notwithstanding absolutely any other law that would normally limit the government's power. Somehow, incredibly, this was described as limiting CISPA, but it accomplishes the exact opposite. This is very, very bad. There were some good amendments adopted too?clarifying some definitions, including the fact that merely violating a TOS does not constitute unauthorized network access?but frankly none of them matter in the light of this change. CISPA is now a completely unsupportable bill that rewrites (and effectively eliminates) all privacy laws for any situation that involves a computer. Far from the defense against malevolent foreign entities that the bill was described as by its authors, it is now an explicit attack on the freedoms of every American. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Apr 26 19:03:51 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 26 Apr 2012 20:03:51 -0400 Subject: [Infowarrior] - =?windows-1252?q?London_Olympics_To_Visitors=3A_D?= =?windows-1252?q?on=92t_Share_What_You_See?= Message-ID: London Olympics To Visitors: Don?t Share What You See John Biggs http://techcrunch.com/2012/04/26/london-olympics-to-visitors-dont-share-what-you-see/ Don?t copy that pole vault! According to the London 2012 Olympic ?conditions for ticket holders,? you are not allowed to take pictures or video of the events nor are you allowed to ?exploit? any video on social networks. "Images, video and sound recordings of the Games taken by a Ticket Holder cannot be used for any purpose other than for private and domestic purposes and a Ticket Holder may not license, broadcast or publish video and/or sound recordings, including on social networking websites and the internet more generally, and may not exploit images, video and/or sound recordings for commercial purposes under any circumstances, whether on the internet or otherwise, or make them available to third parties for commercial purposes." This means no Instagrams, no Tweetpics, no Facebooking (?OMG OLYMPICS!!?), and no nothing. In short, you shouldn?t tell anyone you went to the Olympics. According to Petapixel, UK photographers are already being hassled for taking photos of the Olympic ?city? from public places, which suggests perhaps that London should spring for a geodesic dome to cover the proceedings in mystery and smash cameras of errant Tweeters. Perhaps there?s a reason Orwell set 1984 in London. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 27 06:48:48 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Apr 2012 07:48:48 -0400 Subject: [Infowarrior] - DHS buys 7 years of .40 ammo Message-ID: <5671950D-7456-4A1E-B541-D0CF37B93E28@infowarrior.org> (c/o AJR - I've seen reference to this item elsewhere in recent weeks in the MSM, so it's not exactly a 'new' story --rick.) Department of Homeland Security buying up enough ammo to wage seven-year war against the American people April 27, 2012 | Filed under: News,Politics,War | Posted by: True Activist (NaturalNews) As we recently reported, the Department of Homeland Security (DHS), an agency that says its main purpose now is to thwart ?homegrown terrorism,? has awarded a contract to ammunition manufacturer ATK for acquiring 450 million rounds of .40 caliber hollow point ammo. You can view the announcement of the ammunition purchase at this press release: http://www.marketwatch.com/story/atk-secures-40-caliber-ammunition-co? Our initial coverage of the story is at: http://www.naturalnews.com/035607_government_checkpoints_Martial_Law?. Many readers may not know this, but ?hollow point? ammunition is never purchased for practice or training. This ammunition is purchased for the sole purpose of being used in active fighting. At the same time, it is a violation of the Geneva Convention to use hollow point ammunition on the battle field. This is crucial to understand. It means the occupying federal government is acquiring this ammunition to be used against the American people. Furthermore, DHS does not fight wars overseas. It is a domestic agency with domestic responsibilities. Its purchase of .40 ammunition is a clear and obvious indication that DHS plans to wage war on the American people. How big of a war? Here?s where this investigation gets really interesting. A seven-year war with America How much ammunition is 450 million rounds, exactly? To answer that question, I searched the internet for testimony from U.S. military brass who might give us a glimpse into the number of rounds fired in an active war. This information was remarkably difficult to find, but I eventually located testimony by Maj. Gen. Buford C. Blount III, given in 2004 before the Tactical Air and Land Forces Subcommittee of the Committee on Armed Services of the House of Representatives. You can read this testimony yourself at this government website: http://commdocs.house.gov/committees/security/has176250.000/has176250? This testimony reveals that: In active battle operations in Iraq, ammunition is expended at the rate of 5.5 million rounds per month. That?s 66 million rounds in a year. The General?s testimony states that the ?past year? in Iraq ?resulted in the expenditure of 72 million rounds,? which isn?t too far off from 66 million. I?ll use 70 million as a rough figure for annual ammo usage in an active war zone. This is 70 million rounds of all types, including rifle rounds such as 5.56, .308, .50, etc. Pistol rounds most likely include 9mm (the common NATO round) and .45. There isn?t much .40 pistol ammo used by soldiers serving overseas, by the way. That round is only popular in the United States. For example, several cops I know prefer to carry the .40 instead of a 9mm. They feel it ?stops bad guys? more quickly, meaning it causes more skeletal and tissue damage upon impact. 7+ years of war with the American people? So if an active shooting WAR between two nations uses roughly 70 million rounds of ammunition a year, if you look at the DHS acquisition of 450 million rounds of .40 ammo, you quickly come to realize this is enough for 6.4 years of active war with the American people. But wait! There?s more? An active war uses a variety of rounds, not just one type. As war is usually fought with rifles, not pistols, rifle rounds (like 5.56) are actually expended at a much higher rate than pistol rounds (.40), meaning that these 450 million rounds of pistol ammo are more than sufficient to provide the pistol ammo needed for a ten-year war against the American people when combined with a supply of rifle rounds, too. Because, you see, there are other contracts out there where the government is purchasing large quantities of rifle ammo such as 5.56, 7.62 and .308. In all, the non-military branches of the federal occupying government are acquiring enough ammo to wage what can only be called a long-term domestic war. (I use the term ?occupying? because our current federal government has been infiltrated and overrun by Goldman Sachs operatives, non-U.S. citizens with falsified citizenship documents, and agents who openly serve foreign interests such as the United Nations.) Remember, again, that this is all ammo to be used domestically, against the American people. None of this ammo goes into the hands of the military fighting wars overseas. Arming TSA agents I have no doubt that the ultimate plan here is to arm TSA agents and unleash them across the USA as a new storm trooper force to put in place total tyranny across the country. The military will be kept out of it precisely because most soldiers would refuse to participate in tyranny, as they actually have morals and ethics. TSA agents, on the other hand, are child porn distributors, pimps, drug runners, child molesters, thieves, felons and perverts. They are the security force that has no moral bounds ? they will do ANYTHING to another person as long as they get a paycheck. These are the pot-bellied government thugs who will happily torture, rape and murder innocent Americans if they are ordered to do so. They are the ?Brownshirts? of Amerika. They are the most pathetic human beings working in government today, and in their hearts and minds they are demonic criminals just waiting to be given yet more power so they can sexually molest little children, supermodels and elderly grandmothers. The next logical step in the downward spiral of oppression is to arm these agents and use them to slap down total police state tyranny across America. At the first opportunity ? probably after a government-staged false flag attack involving a dirty bomb or a bioweapons release ? these TSA goons will be set up on every major road and highway, using their new bulletproof roadway checkpoints and their .40 caliber hollow point ammo to put America into a complete Martial Law clamp down where everybody is considered a possible terrorist, and secret arrests (torture, interrogations, beatings, etc.) are commonplace. What happens from there is anyone?s guess, but I can?t help but think such a plan might be deliberately designed to start a shooting war with the American people, because at that point armed TSA agents can be unleashed to just kill and rape anyone they want under the banner of ?protecting the homeland.? (Hence the name ?Homeland Security? which is, of course, intentionally borrowed straight out of Nazi Germany and its term ?Heimatland.?) The ten steps to establishing a dictatorship Remember, Naomi Wolf talks about all this in her documentary The End of America, where she outlines the 10 steps through which all nations establish a dictatorship. Those steps are: 1. Create an internal/external threat that terrorizes the populace. This has already been accomplished with Oklahoma City (false flag) and 9/11 (another false flag). Get the film ?A Noble Lie? from www.InfoWars.com to learn the truth about Oklahoma City. 2. Create secret prisons, with torture. Obama did this nicely with the NDAA (as well as keeping GITMO open even after promising he would close it). 3. Create a paramilitary force. This is the TSA. 4. Single out ordinary citizens as ?troublesome persons.? This has been accomplished by Janet Napolitano?s ?if you see something, say something? propaganda campaign. 5. Establish surveillance of citizens? groups and ordinary citizens deemed ?troublesome.? This is already well under way through surveillance of emails, phone calls, vehicle movements and more. 6. Detain and release citizens without formally charging them with any crime. This has been ?legalized? under Obama?s NDAA. (http://www.naturalnews.com/034537_NDAA_Bill_of_Rights_Obama.html) 7. Target key individuals who are well known, popular figures. This has already begun and will likely accelerate. Who do you think killed Andrew Breitbart? Congressman Bono? 8. Restrict the press. Already done. The U.S. government, in fact, essentially runs the mainstream media today. White House announcements are simply printed as ?fact? with zero journalism and zero fact checking taking place. 9. Redefine dissent as treason. This is already happening with figures like Ted Nugent who was recently ?visited? by the Secret Service after his anti-Obama rant. All throughout government speeches today, the criminals at the very top proclaim that anyone who questions government is ?anti-American? and might be involved in domestic terrorism. The FBI even warns that people who ?stockpile food? might be terrorists! (Even though the government itself stockpiles massive quantities of food, guns, ammunition, communications gear, medical supplies and more?) 10. Subvert the rule of law. Already done. Law has been complete abandoned by the ATF, DEA, FDA, USDA and every other federal agency you can think of. The Attorney General Eric Holder actively plots ways to destroy the Bill of Rights, and the government stages false flag terror attacks to undermine constitutional protections. See this important speech from Wolf at: http://www.youtube.com/watch?v=RjALf12PAWc What does it all mean? In all, this massive purchasing and stockpiling of ammunition by DHS can only be a red alert warning that Janet Napolitano is planning on waging a massive shooting war with the American people. Why else would DHS purchase to much ammo? As someone who consistently urges a de-escalation of violence, this concerns me greatly. It almost appears as if the government is getting an itchy trigger finger and can?t wait to start firing away at crowds of innocent American protesters, like the corrupt government in ?Running Man.? That?s the obvious target here: Protesters. Because once the financial debt system implodes, protests will be unleashed nationwide whether we like it or not. As Gerald Celente says, ?When people lose everything, and they have nothing left to lose, they lose it!? DHS almost certainly sees this coming. So they are getting locked and cocked for the coming mass slaughter of anyone who tries to exercise their First Amendment right to engage in public protest. After all, we already saw widespread police brutality against the Occupy Wall Street protesters. In many cities, the police are highly militarized and completely out of control. Add 450 million rounds of hollow point ammo to the equation via DHS, and you have nothing less than a recipe for massive bloodshed across America. I can only hope and pray that those who believe in liberty, the Constitution, the Bill of Rights and the rule of law in a free republic may yet achieve the restoration of liberty in this nation before it devolved into regrettable bloodshed at the hands of the government? a government which is increasingly trying to actually pick a fight with the people. It is the government, of course, that actually sets up and stages all the false flag terror attacks. The FBI has been caught red-handed doing so, as has been widely reported even in the mainstream media! Read this story to learn more: http://www.naturalnews.com/034325_FBI_entrapment_terror_plots.html and http://www.naturalnews.com/033751_FBI_terrorism.html Get prepared NOW with the Health Ranger I?m hosting a LIVE two-hour preparedness event coming up in just a couple of weeks. It covers serious, hard-core preparedness and self-defense information that I?ve never before made public. It includes a ton of bonus supplemental video information including details from Joe Nobody on how to make your own LEGAL perimeter defense and early alert items, exactly which night vision gear to purchase that?s reliable and rugged, which gear carry item to get now before the collapse, and a whole lot more. All the information presented in this course is designed to be used to restore law and order, protect property and defend lives in a collapse scenario. None of this information is about offense, it?s entirely about defense against looters, invaders, armed gangs, angry rioters, enemy combatants, etc. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 27 07:00:13 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Apr 2012 08:00:13 -0400 Subject: [Infowarrior] - At 92, Bandit to Hollywood but Hero to Soldiers Message-ID: I really commend this guy's actions. And I wonder if it sets a precedent for the MPAA: if they don't go after him for admitting gross piracy (regardless of motive or his advanced age), does it undermine their efforts elsewhere? -- rick April 26, 2012 At 92, Bandit to Hollywood but Hero to Soldiers By ALAN SCHWARZ http://www.nytimes.com/2012/04/27/nyregion/at-92-movie-bootlegger-is-soldiers-hero.html MASSAPEQUA, N.Y. ? One of the world?s most prolific bootleggers of Hollywood DVDs loves his morning farina. He has spent eight years churning out hundreds of thousands of copies of ?The Hangover,? ?Gran Torino? and other first-run movies from his small Long Island apartment to ship overseas. ?Big Hy? ? his handle among many loyal customers ? would almost certainly be cast as Hollywood Enemy No. 1 but for a few details. He is actually Hyman Strachman, a 92-year-old, 5-foot-5 World War II veteran trying to stay busy after the death of his wife. And he has sent every one of his copied DVDs, almost 4,000 boxes of them to date, free to American soldiers in Iraq and Afghanistan. With the United States military presence in those regions dwindling, Big Hy Strachman will live on in many soldiers? hearts as one of the war?s more shadowy heroes. ?It?s not the right thing to do, but I did it,? Mr. Strachman said, acknowledging that his actions violated copyright law. ?If I were younger,? he added, ?maybe I?d be spending time in the hoosegow.? Capt. Bryan Curran, who recently returned from Afghanistan, estimated that from 2008 to 2010, Mr. Strachman sent more than 2,000 DVDs to his outfits there. ?You?re shocked because your initial image is of some back-alley Eastern European bootlegger ? not an old Jewish guy on Long Island,? Captain Curran said. ?He would time them with the movie?s release ? whenever a new movie was just in theaters, we knew Big Hy would be sending us some. I saw ?The Transformers? before it hit the States.? Jenna Gordon, a specialist in the Army Reserve, said she had handed out even more of Mr. Strachman?s DVDs last year as a medic with the 883rd Medical Company east of Kandahar City, where soldiers would gather for movie nights around personal computers, with mortar blasting in the background. Some knew only that the discs came from some dude named Big Hy; others knew not even that. ?It was pretty big stuff ? it?s reconnecting you to everything you miss,? she said. ?We?d tell people to take a bunch and pass them on.? White-haired, slightly hunched and speaking in his Depression-era Brooklyn brogue (think Casey Stengel after six years of Hebrew school), Mr. Strachman explained in a recent interview that his 60-hour-a-week venture was winding down. ?It?s all over anyways ? they?re all coming home in the near future,? he said of the troops. As he spoke, he was busy preparing some packages, filled with 84 discs of ?The Artist,? ?Moneyball? and other popular films, many of them barely out of theaters, to a platoon in Afghanistan. As for his brazen violation of domestic copyright laws, Mr. Strachman nodded guiltily but pointed to his walls, which are strewed with seven huge American flags, dozens of appreciative letters, and snapshots of soldiers holding up their beloved DVDs. ?Every time I got back an emotional e-mail or letter, I sent them another box,? he said, adding that he had never accepted any money for the movies or been told by any authorities to stop. ?I thought maybe because I?m an old-timer,? he said. In February, Mr. Strachman duplicated and shipped 1,100 movies. (?A slow month,? he said.) He has not kept an official count but estimates that he topped 80,000 discs a year during his heyday in 2007 and 2008, making his total more than 300,000 since he began in 2004. Postage of about $11 a box, and the blank discs themselves, would suggest a personal outlay of over $30,000. Born in Brooklyn in 1920 to immigrants from Poland, Mr. Strachman left high school during the Depression to work for his family?s window and shade store in Manhattan. He became a stockbroker on Wall Street ? ?When there were no computers, you had to use your noodle? ? before retiring in the early 1990s. After Mr. Strachman?s wife of more than half a century, Harriet, died in 2003, he discovered a Web site that collected soldiers? requests for care packages. He noted a consistent plea for movie DVDs and wound up passing his sleepless nights replicating not only the films, but also a feeling of military comradeship that he had not experienced since his own service in the Pacific during World War II. ?I wouldn?t say it kept him alive, but it definitely brought back his joie de vivre,? said Mr. Strachman?s son, Arthur, a tax accountant in New York. Mr. Strachman has never ripped a movie from a store-bought DVD and does not even know how; rather, he bought bootlegged discs for $5 in Penn Station before finding a dealer closer to home, at his local barbershop. Those discs were either recordings made illegally in theaters or studio cuts that had been leaked. Originally, Mr. Strachman would use his desktop computer to copy the movies one tedious disc at a time. (?It was moyda,? he groaned.) So he got his hands on a $400 professional duplicator that made seven copies at once, grew his fingernails long to better separate the blank discs, and began copying hundreds a day. Last month, in black grandpa shoes and blue suspenders that hoisted his trousers up to his sternum, Mr. Strachman and his spindly hands steered a master copy of ?The Artist? into the machine, fed the seven other bays with blanks, and pressed ?Record.? Six minutes later, in went ?The King?s Speech.? Then ?Moneyball.? He eventually stuffed the maximum of 84 discs (12 titles, 7 each) into a United States Postal Service fixed-rate box, secured it with several yards of packing tape and scrawled out a packing slip for the Massapequa Park post office. The contraband, which he said could take up to three months to arrive, was addressed to an Army chaplain. ?Chaplains don?t sell them, and they fan out,? Mr. Strachman said. ?The distribution is great.? The movie studios are less enthusiastic. Although the most costly piracy now takes place online through file-sharing Web sites, the illegal duplication of copyright DVDs ? usually by organized crime in Eastern Europe and China, not by retirees in their 90s in the American suburbs ? still siphons billions of dollars out of the industry every year. And while Mr. Strachman?s movies were given to soldiers as a form of charity, studios do send military bases reel-to-reel films, which are much harder to copy, and projectors for the troops overseas. Howard Gantman, a spokesman for the Motion Picture Association of America, said he did not believe its member studios were aware of Mr. Strachman?s operation. His sole comment dripped with the difficulty of going after a 92-year-old widower supporting the troops. ?We are grateful that the entertainment we produce can bring some enjoyment to them while they are away from home,? Mr. Gantman said. Careful to minimize his malfeasance, Mr. Strachman said he had kept no copies for himself and had destroyed every master disc soon after the new releases came in. Before long, the sole evidence of his operation will be on his walls and on a little bookshelf, next to his cholesterol-control pills and a few envelopes of farina, where seven three-ring binders overflow with letters and pictures, most addressed to ?Big Hy,? from appreciative soldiers. ?Our downtime is spent watching movies as we clean our weapons,? one handwritten note said. Another accompanied a flag from a combat mission over Afghanistan: ?I can think of no one more deserving than you, and no one who understands what this flag stands for and means to our veterans.? The fun will stop soon, Mr. Strachman said. ?I?m not sure who?s going to be left over there anymore,? he said, happier for the soldiers? return than for his need to find another hobby. And with that the duplicator beeped, spitting out seven more copies of ?The Artist.? Mr. Strachman scooped them out of their trays, put a rubber band around them and inserted the stack into a box, perhaps his very last. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 27 08:07:02 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Apr 2012 09:07:02 -0400 Subject: [Infowarrior] - Cybersecurity "hotline" to link Washington and Moscow Message-ID: (I wonder if it's a VOIP line? That would be an amusing twist of irony. -- rick) Cybersecurity "hotline" to link Washington and Moscow By Cyrus Farivar | Published about 14 hours ago http://arstechnica.com/tech-policy/news/2012/04/cybersecurity-hotline-to-link-washington-and-moscow.ars Since 1988, the Nuclear Risk Reduction Center (NRRC) has been tasked with the mission of reducing the risk of nuclear conflict between the United States and Russia through a direct channel of communication?most notably via the famous "red phone." Today, Russia (and China) often has become the great bogeyman of the Internet, where many Western experts view its government as being unable or unwilling to go after online criminals and hackers. The Kremlin is widely viewed as being explicitly or implicitly involved in advocating, planning and possibly executing a DDOS attack against Estonian media, financial, and government websites in 2007. (Heck, one pro-Kremlin activist admitted as much in 2009.) But now, notes The Washington Post, the NRRC is involved in helping set up a similar system for conflicts in cyberspace. "The agreement would be the first between the United States and another country seeking to lessen the danger of conflict in cyberspace, and it would include other measures to improve communication and transparency," the paper reported on Thursday. "It would be, officials and experts note, an initial step toward making cyberspace more stable." While specific details on who would have access to the "cyber hotline" are scant, and under what conditions messages would be transmitted, many experts have said that it?s a step in the right direction. "I think this is very crucial between the US and Russia, and between the US and China," Jose Nazario, a security researcher at Arbor Networks, told Ars on Thursday. "As a proof of concept, this will be very very valuable in helping to ease some tensions." Discussions of such a hotline have been in the works between all three countries for some time now, but this appears to be the closest to establishing such a formal agreement structure. But Nazario also added that using the model of avoiding nuclear war doesn?t fully apply online. After all, it?s a lot easier to detect a missile launch, and gain meaningful information about it, than it is if a particular server suddenly gets flooding with overwhelming traffic. "Cyber is fascinating because we don?t have those telltale signs, we think we do, but we recognize that they?re incredibly weak," he said. Other experts noted that one of the most basic problems with sorting out cyberattacks is the question of attribution. Any hacker or hacktivist with even the most basic networking knowledge is usually able to obfuscate his or her online trail. "The discovery and attribution process generally starts with lists of the IP addresses from which the attack appears to be emanating," Jim Cowie, the CTO of Renesys, a network analysis firm, in a Thursday e-mail sent to Ars. "Using services like those we offer, it's straightforward to map those attacker IPs back to the originating provider, identify the geographic location, name all of the the upstream transit providers who are carrying that traffic to the Internet, and identify the paths that traffic took from its source to the target. If both sides can get that far, they can at least establish some common awareness as they work toward attribution." Photograph by Ant & Carrie Coleman --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 27 18:35:05 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Apr 2012 19:35:05 -0400 Subject: [Infowarrior] - Stopping Congress' Cybersecurity CISPA Nightmare Message-ID: <9AAB5124-3FB6-48F1-9145-459D59BF7CF9@infowarrior.org> (I couldn't have said it better. --rick) Stopping Congress' Cybersecurity CISPA Nightmare http://lauren.vortex.com/archive/000951.html In the wake of the 9/11 tragedies, the U.S. Congress rushed to quickly pass the ostensibly anti-terrorism PATRIOT Act. While we can reasonably view their motives as mostly virtuous at the time, over the years many observers have come to view PATRIOT as a classic example of bad, knee-jerk legislation, that had far more of an impact in terms of damaging the civil liberties of honest citizens than it did genuinely fighting true terrorism. In their scramble yesterday to pass CISPA -- H.R. 3523: The Cyber Intelligence Sharing and Protection Act of 2011 -- Congress' House of Representatives has created a framework for attacks on civil rights and privacy that not only far exceed the abusive potential of the much despised (and currently sidelined) SOPA and PIPA legislation, but also that of PATRIOT itself. It didn't have to be this way. We can all acknowledge that cybersecurity is a serious issue, and that real cybersecurity threats do exist. But as I've noted in CISPA, Cybersecurity, and the Devil in the Dark and elsewhere, cybersecurity has become a new target for exploitation by intelligence agencies and commercial profiteers alike, and CISPA legislation in particular has seemed increasingly problematic from the word go. The rumor was that various amendments would be added to CISPA before yesterday's House vote, to correct some of the more egregious privacy problems contained in the main legislation. Instead, in an absolutely stunning display of disrespect for legitimate privacy concerns and other civil rights, the House not only failed to make the legislation better before passing it by a 248 to 168 margin, but by voice vote they actually made it incredibly more dangerous and outrageous. The result is one of the most toxic witch's brews against civil rights and privacy as can be imagined. Overriding decades of privacy protections in current law, CISPA would now permit firms and other organizations to hand over to authorities vast quantities of your personal Internet communications -- essentially any and all of it -- whenever it is felt that essentially undefined "cybersecurity" events are at hand. No judges, no warrants, no probable cause required. High school student trying to crack a system to download a game for free? Cyberattack declared! Misconfigured hardware or software causing a denial of service problem? Cyberattack declared! Anything that seems at all out of the ordinary and you want to pass the buck as quickly as possible? Cyberattack declared! It's obvious that with only a modicum of imagination it will be trivial to declare a cyberattack or other "cybersecurity event" to trigger CISPA virtually on demand. But wait, it gets better (as Darth Vader might say). All of this personal Internet data turned over to the government isn't restricted to fighting cybersecurity attacks per se. Not only can it be shared with intelligence agencies, where it will tickle and enhance vast databases the names of which we couldn't even imagine without an SCIF clearance, but this data could also now be used for a vast range of other purposes, even including (somehow you knew Congress was going to work this in there somehow) fighting child porn. And any entities sharing your private data with the government under CISPA are covered by broad liability immunities in the legislation, that will encourage them to divulge private data first and ask questions ... maybe never. We all want to protect against real cyberattacks, child porn, and terrorism. But CISPA has evolved -- especially after the House's actions yesterday before passage -- into one of the most potent spying and civil liberties adverse pieces of legislation ever proposed, much less passed by a branch of Congress. In light of this, firms who expressed support for CISPA in the past would be wise to reevaluate their positions, and those who have taken a neutral stance might now wish to at least consider a formal statement against the legislation in the form passed by the House. The U.S. Senate has yet to take action on CISPA, and President Obama was threatening to possibly veto it even before the House's travesties of yesterday. But if you objected to SOPA and PIPA, if you care about the privacy of your Internet communications, this is no time to be on the sidelines. Tell your Senators and the President in no uncertain terms that you want appropriate cybersecurity legislation, but that you are unwilling to flush your civil rights down the toilet in the process. And do keep in mind who voted for CISPA in the House. You may want to express your displeasure to them as well. CISPA has become a dramatic demonstration of good intentions on the part of some being warped by the bad and greedy intentions of others, and of Congress -- at least the House of Representatives -- seeming to show a disdain of liberty that is awesome in its recklessness. Like I said, it didn't have to be this way. We do definitely need responsible legislation dealing with serious cybersecurity issues -- no doubt about it. Yet without major changes to protect our rights, CISPA is a trap, a pit in the darkness, a nightmare in waiting for us all. CISPA and its kin must be definitively, absolutely, and unambiguously stopped in their tracks. --Lauren-- --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Apr 27 18:35:37 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 27 Apr 2012 19:35:37 -0400 Subject: [Infowarrior] - CISPA and "notwithstanding" Message-ID: <328CD779-4261-4484-AF8C-532E7F519CDD@infowarrior.org> http://www.infoworld.com/print/191952 < - > For Cnet's Declan McCullagh [10], the controversy over CISPA boils down to one word: "notwithstanding." Because the text of CISPA declares that its authority applies "notwithstanding any other provision of law," CISPA then trumps any other law that might protect your medical records, school transcripts, video rental histories, and the like. ....... However, the House did amend CISPA to keep private companies from sharing records detailing your library habits, tax returns, and any guns you've bought. Apparently reading, shooting, and paying taxes are not threats to cyber security. < - > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Apr 28 13:11:08 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 28 Apr 2012 14:11:08 -0400 Subject: [Infowarrior] - How SOPA protests were used to push CISPA Message-ID: <6D286476-9CCD-4C58-915B-5C973A09BAE3@infowarrior.org> How SOPA protests were used to push CISPA By Violet Blue | April 26, 2012, 7:56pm PDT http://www.zdnet.com/blog/violetblue/how-sopa-protests-were-used-to-push-cispa/1257 Summary: CISPA authors and supporters have tried everything they can to avoid another SOPA protest - except tell the truth about their bill. The last thing authors and supporters of dangerous cybersecurity bill CISPA wanted was another SOPA on their hands. CISPA?s authors and supporters set up a defensive strategy to head off the whiff of another SOPA by taking notes from the protest. And they may have succeeded. Here?s how. SOPA protest lesson #1: influence Silicon Valley tech media In the beginning, CISPA?s authors unconvincingly tried to spin CISPA as being nothing like SOPA in press briefings. Not for clarification - merely to distance the bill from SOPA?s reputation. After all, if SOPA was black and white to tech press, then making CISPA grey would certainly be an advantage. The bill?s sponsor, Rep. Mike Rogers (R-MI) and CISPA?s co-author Dutch Ruppersberger (D-MD) staged a conference call to influence tech reporters whom they actually called ?Cyber Media and Cyber Bloggers.? Most of what they told tech press about CISPA, as we have now learned, was patently untrue. Techdirt reported that during the 7 am call, (?) the representatives were intent on hammering certain points home: that the bill respects privacy and civil liberties, is not about surveillance, is targeted at actions by foreign states, and is nothing like SOPA. Evidently some ?Cyber Media? fell for it, because it took until April 13 for CISPA to start hitting mainstream media via tech media channels, and only then did it make any loud noise when comparisons to SOPA were made. SOPA protest lesson #2: pretend to care Pro-CISPA factions? intent to head off another SOPA-style protest crystallized when I attended and livetweeted the small CISPA Town Hall Meeting with House Intelligence last week here in San Francisco (arranged by Hackers and Founders). CISPA?s people seem to have learned from SOPA that trying to ram an internet bill down our throats didn?t work out so well last time. So this time they were open to hearing our concerns. Okay, not really. But here?s how they pretended to listen to our serious concerns when we got two pro-CISPA reps from Washington face-to-face last week. A pro-CISPA senior U.S. House of Representatives aide and pro-CISPA senior counsel to the House Intelligence Committee Jamil Jaffer appeared via Google Hangout at the last-minute Town Hall. After hearing what they had to say in response to our concerns, they could barely pretend they were there for little more than lip service. Near the end, many of us in the room were laughing in nervous disbelief at their cavalier and dismissive responses. We were told there was robust discussion about the bill and that the idea internet communities hate it is false. The room was told that CISPA has been a transparent and accountable process. Questions about the NSA and potential abuse of private data and information sharing for individuals were ignored. Instead the room was told that privacy and civil liberties are a ?new element? for them to consider in the future. When asked about what they meant by concrete threats, the pro-CISPA rep conflated cybersecurity with infringement, and that China is a big major cybersecurity threat to intellectual property that needs protection under the bill. Above all, they insisted that ?no one? wants to stop this bill - at a time when there were 3/4 million signatures on the Stop CISPA petition. The pro-CISPA reps demonstrated repeatedly that not only were they there for lip service and misdirection, they actually had no technical knowledge of what they were talking about. The EFF?s Dan Auerbaugh concluded afterward that ?Congress just doesn?t know enough to meddle intelligently with technology. The audience questions demonstrated this point quite sharply (?)? SOPA protest lesson #3: make SOPA critics look like allies Attempting to influence tech media into un-SOPA-ing CISPA is one way to get critics in your pocket. Tech press and bloggers are one major arena that the wider public looked to during SOPA for calls to action and guidance. Another arena that got SOPA launched into consciousness and gave the protest firm footing was when major technology companies and website ?utilities? like Wikipedia joined the anti-SOPA choir. As we know, CISPA came out strong from the start with 28 large tech companies backing it: complete with letters of support from anti-SOPA corporations such as Facebook. When it looked like CISPA was faltering, its author Rep. Mike Rogers made sure to alert the press that previously anti-SOPA Google (a company whose lack of support letter was getting anti-CISPA traction) not only completely supports CISPA, but that Google helped with the authoring of the bill. I?ll bet that right now, even though CISPA has passed the House with changes making it even more dangerous than before, Rogers and Co. would love nothing more than to get a leg up from Wikipedia. China, indeed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 29 08:34:53 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Apr 2012 09:34:53 -0400 Subject: [Infowarrior] - The AP on Student Loan Hell Message-ID: Economic Crisis, The Audit ? April 27, 2012 02:06 PM The AP on Student Loan Hell A 2005 law traps borrowers in private debt By Ryan Chittum http://www.cjr.org/the_audit/the_ap_on_student_loan_hell.php --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Apr 29 20:31:42 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 29 Apr 2012 21:31:42 -0400 Subject: [Infowarrior] - Terrorist Plots, Hatched by the F.B.I. Message-ID: April 28, 2012 Terrorist Plots, Hatched by the F.B.I. By DAVID K. SHIPLER http://www.nytimes.com/2012/04/29/opinion/sunday/terrorist-plots-helped-along-by-the-fbi.html THE United States has been narrowly saved from lethal terrorist plots in recent years ? or so it has seemed. A would-be suicide bomber was intercepted on his way to the Capitol; a scheme to bomb synagogues and shoot Stinger missiles at military aircraft was developed by men in Newburgh, N.Y.; and a fanciful idea to fly explosive-laden model planes into the Pentagon and the Capitol was hatched in Massachusetts. But all these dramas were facilitated by the F.B.I., whose undercover agents and informers posed as terrorists offering a dummy missile, fake C-4 explosives, a disarmed suicide vest and rudimentary training. Suspects na?vely played their parts until they were arrested. When an Oregon college student, Mohamed Osman Mohamud, thought of using a car bomb to attack a festive Christmas-tree lighting ceremony in Portland, the F.B.I. provided a van loaded with six 55-gallon drums of ?inert material,? harmless blasting caps, a detonator cord and a gallon of diesel fuel to make the van smell flammable. An undercover F.B.I. agent even did the driving, with Mr. Mohamud in the passenger seat. To trigger the bomb the student punched a number into a cellphone and got no boom, only a bust. This is legal, but is it legitimate? Without the F.B.I., would the culprits commit violence on their own? Is cultivating potential terrorists the best use of the manpower designed to find the real ones? Judging by their official answers, the F.B.I. and the Justice Department are sure of themselves ? too sure, perhaps. Carefully orchestrated sting operations usually hold up in court. Defendants invariably claim entrapment and almost always lose, because the law requires that they show no predisposition to commit the crime, even when induced by government agents. To underscore their predisposition, many suspects are ?warned about the seriousness of their plots and given opportunities to back out,? said Dean Boyd, a Justice Department spokesman. But not always, recorded conversations show. Sometimes they are coaxed to continue. Undercover operations, long practiced by the F.B.I., have become a mainstay of counterterrorism, and they have changed in response to the post-9/11 focus on prevention. ?Prior to 9/11 it would be very unusual for the F.B.I. to present a crime opportunity that wasn?t in the scope of the activities that a person was already involved in,? said Mike German of the American Civil Liberties Union, a lawyer and former F.B.I. agent who infiltrated white supremacist groups. An alleged drug dealer would be set up to sell drugs to an undercover agent, an arms trafficker to sell weapons. That still happens routinely, but less so in counterterrorism, and for good reason. ?There isn?t a business of terrorism in the United States, thank God,? a former federal prosecutor, David Raskin, explained. ?You?re not going to be able to go to a street corner and find somebody who?s already blown something up,? he said. Therefore, the usual goal is not ?to find somebody who?s already engaged in terrorism but find somebody who would jump at the opportunity if a real terrorist showed up in town.? And that?s the gray area. Who is susceptible? Anyone who plays along with the agents, apparently. Once the snare is set, law enforcement sees no choice. ?Ignoring such threats is not an option,? Mr. Boyd argued, ?given the possibility that the suspect could act alone at any time or find someone else willing to help him.? Typically, the stings initially target suspects for pure speech ? comments to an informer outside a mosque, angry postings on Web sites, e-mails with radicals overseas ? then woo them into relationships with informers, who are often convicted felons working in exchange for leniency, or with F.B.I. agents posing as members of Al Qaeda or other groups. Some targets have previous involvement in more than idle talk: for example, Waad Ramadan Alwan, an Iraqi in Kentucky, whose fingerprints were found on an unexploded roadside bomb near Bayji, Iraq, and Raja Khan of Chicago, who had sent funds to an Al Qaeda leader in Pakistan. But others seem ambivalent, incompetent and adrift, like hapless wannabes looking for a cause that the informer or undercover agent skillfully helps them find. Take the Stinger missile defendant James Cromitie, a low-level drug dealer with a criminal record that included no violence or hate crime, despite his rants against Jews. ?He was searching for answers within his Islamic faith,? said his lawyer, Clinton W. Calhoun III, who has appealed his conviction. ?And this informant, I think, twisted that search in a really pretty awful way, sort of misdirected Cromitie in his search and turned him towards violence.? THE informer, Shahed Hussain, had been charged with fraud, but avoided prison and deportation by working undercover in another investigation. He was being paid by the F.B.I. to pose as a wealthy Pakistani with ties to Jaish-e-Mohammed, a terrorist group that Mr. Cromitie apparently had never heard of before they met by chance in the parking lot of a mosque. ?Brother, did you ever try to do anything for the cause of Islam?? Mr. Hussain asked at one point. ?O.K., brother,? Mr. Cromitie replied warily, ?where you going with this, brother?? Two days later, the informer told him, ?Allah has more work for you to do,? and added, ?Revelation is going to come in your dreams that you have to do this thing, O.K.?? About 15 minutes later, Mr. Hussain proposed the idea of using missiles, saying he could get them in a container from China. Mr. Cromitie laughed. Reading hundreds of pages of transcripts of the recorded conversations is like looking at the inkblots of a Rorschach test. Patterns of willingness and hesitation overlap and merge. ?I don?t want anyone to get hurt,? Mr. Cromitie said, and then explained that he meant women and children. ?I don?t care if it?s a whole synagogue of men.? It took 11 months of meandering discussion and a promise of $250,000 to lead him, with three co-conspirators he recruited, to plant fake bombs at two Riverdale synagogues. ?Only the government could have made a ?terrorist? out of Mr. Cromitie, whose buffoonery is positively Shakespearean in its scope,? said Judge Colleen McMahon, sentencing him to 25 years. She branded it a ?fantasy terror operation? but called his attempt ?beyond despicable? and rejected his claim of entrapment. The judge?s statement was unusual, but Mr. Cromitie?s characteristics were not. His incompetence and ambivalence could be found among other aspiring terrorists whose grandiose plans were nurtured by law enforcement. They included men who wanted to attack fuel lines at Kennedy International Airport; destroy the Sears Tower (now Willis Tower) in Chicago; carry out a suicide bombing near Tampa Bay, Fla., and bomb subways in New York and Washington. Of the 22 most frightening plans for attacks since 9/11 on American soil, 14 were developed in sting operations. Another New York City subway plot, which recently went to trial, needed no help from government. Nor did a bombing attempt in Times Square, the abortive underwear bombing in a jetliner over Detroit, a planned attack on Fort Dix, N.J., and several smaller efforts. Some threats are real, others less so. In terrorism, it?s not easy to tell the difference. David K. Shipler is the author of ?Rights at Risk: The Limits of Liberty in Modern America.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 30 07:31:04 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Apr 2012 08:31:04 -0400 Subject: [Infowarrior] - UKBA accused of covering up airport delays Message-ID: <3540FDD2-BCF4-4386-9061-BAC788785140@infowarrior.org> (c/o IP) UKBA accused of covering up airport delays ? Ben Quinn ? The Guardian, Monday 30 April 2012 ? Article history http://www.guardian.co.uk/travel/2012/apr/30/ukba-heathrow-airport-delays Heathrow Airport has been ordered by the UK Border Agency (UKBA) to stop handing out to passengers leaflets acknowledging the "very long delays" at immigration, which have become a serious government concern in the runup to the Olympics. Passengers flying into the airport at the weekend reported having to wait for up to three hours before clearing passport control. But after leaflets apologising for the problem were handed out by BAA, which owns Heathrow, the UKBA warned that they were "inappropriate" and that ministers would take "a very dim view". The airport operator was also told to prevent passengers taking pictures in the arrivals hall, according to the Daily Telegraph, which obtained correspondence from Marc Owen, director of UKBA operations at Heathrow. Pictures of lengthy queues have been posted on Twitter by frustrated travellers. Owen said: "The leaflet ? is both inflammatory and likely to increase tensions in arrivals halls especially in the current atmosphere. It is inappropriate in that it is not for you to display how to complain on our behalf. Please refrain from handing out [the leaflets] or I will escalate [the matter] with ministers who are likely to take a very dim view. I know there are copies in the hall and your troops are ready with them." Jim Fitzpatrick, Labour's aviation spokesman, said: "This is a pure coverup. I can understand people wanting to take pictures of the queues. This is further evidence of Border Force trying to hide the severity of the problem. "Passengers need to know how to register complaints and for Border Force to try to prevent them doing so is outrageous." The Border Force and BAA said in a joint statement: "The majority of passengers pass through immigration control quickly but there are sometimes delays at airports for a range of reasons. We think it's important passengers are given the full picture. "We will not compromise border security, but we will work together to keep delays to a minimum." Damian Green, the immigration minister, has been called before the home affairs select committee about the problem. Its chairman, Keith Vaz, said there was "a real problem". "I'm not saying we should abandon checks, but it's a choice for the government ? you either look at the way you deal with people when they arrive at Heathrow, or you recruit more staff." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Apr 30 08:20:00 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 30 Apr 2012 09:20:00 -0400 Subject: [Infowarrior] - =?windows-1252?q?Clive_Palmer=92s_Titanic_Venture?= Message-ID: The last sentence of this article snarks itself. 2012 meets 1912. ---rick April 30, 2012, 1:36 PM HKT Clive Palmer?s Titanic Venture Clive Palmer By Andrew Critchlow and Enda Curran The Titanic could finally reach New York, but this time escorted by a Chinese warship. Billionaire Clive Palmer, a 58-year-old native of Australia?s Queensland state who made his fortune in mining, said on Monday that he has invited China?s navy to shepherd the replica ?Titanic II?, the flagship of a new fleet of cruise liners that he plans to build, on its maiden voyage across the Atlantic scheduled for 2016. The ship, to be built by the Chinese state-owned CSC Jinling Shipyard, will have similar dimensions to the original ill-fated Titanic which struck an iceberg and sank on April 15, 1912. ?It is going to be designed so it won?t sink,? Mr. Palmer told reporters. ?It will be designed as a modern ship with all the technology to ensure that doesn?t happen.? http://blogs.wsj.com/chinarealtime/2012/04/30/clive-palmer%E2%80%99s-titanic-venture/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.