From rforno at infowarrior.org Thu Mar 1 06:29:35 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Mar 2012 07:29:35 -0500 Subject: [Infowarrior] - ManTech buys HBGary Message-ID: ManTech buys HBGary to battle advanced persistent threats Combined security company will include malware detection software and forensics services By Tim Greene, Network World February 28, 2012 04:37 PM ET http://www.networkworld.com/news/2012/022812-mantech-hbgary-256748.html National security tech provider ManTech International is buying HBGary Inc., with an eye toward its software that fights advanced persistent threats and other malware. In addition to its technology, HBGary also has a customer list including financial services, energy, critical infrastructure and technology businesses. ManTech caters mainly to government agencies, and its President and COO L. William Varner says the combination of the businesses will help both groups of customers. "The combination of ManTech and HBGary will create a broader cyber security solution capability for both our commercial and government customers," Varner says in a written statement. The upside for HBGary customers will be the addition of ManTech's incident response services, says HBGary CEO Greg Hoglund, and the flip side is that ManTech customers gain HBGary's line of software, which include Active Defense threat detection software for enterprises and Responder, forensics software for analyzing individual computers. HBGary's 40-plus employees will remain with the company after the deal is finalized next month, Hoglund says. The HBGary name will be kept at least in the short term and the business will be run as a unit of ManTech by Ken Silva, who was hired specifically to run the group. Hoglund says he will relinquish day-to-day running of the business in favor of helping the business expand into new areas of cybersecurity. The price of the deal was undisclosed. HBGary is a separate entity from the now defunct HBGary Federal, which became notorious last year at this time when its emails were hacked and made public, revealing some controversial business practices. The company has since shut down as a result. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 1 06:56:09 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Mar 2012 07:56:09 -0500 Subject: [Infowarrior] - GOP Senators To Unveil Rival Cybersecurity Proposals Message-ID: Thursday, March 1, 2012 GOP Senators To Unveil Rival Cybersecurity Proposals http://techdailydose.nationaljournal.com/2012/02/gop-senators-to-unveil-rival-c.php By Josh Smith February 29, 2012 | 12:09 PM Six Republican senators plan to unveil a cybersecurity bill on Thursday to compete with legislation backed by Senate Democratic leaders and the White House. The Strengthening and Enhancing Cybersecurity by Using Research, Education, Information, and Technology (SECURE IT) Act would use more incentives, rather than regulation, to spur companies to adopt cybersecurity measures. Two weeks ago at a hearing on the Cybersecurity Act of 2012, which is being championed by Senate Homeland Security Chairman Joe Lieberman, ID-Conn., Sen. John McCain, R-Ariz., aired a laundry list of concerns about that bill. "If the legislation before us today were enacted into law, unelected bureaucrats at the DHS (Department of Homeland Security) could promulgate prescriptive regulations on American businesses - which own roughly 90 percent of critical cyber infrastructure," McCain said of Lieberman's bill. "The fundamental difference in our alternative approach is that we aim to enter into a cooperative relationship with the entire private sector through information sharing, rather than an adversarial one with prescriptive regulations." Lieberman said on Tuesday that he is "open to negotiating" with McCain and other Republicans on the issue. While Republicans have also complained about the process for debating the Cybersecurity Act, "hopefully we can come together and agree on a way to go forward because nobody disagrees with the argument that our country is vulnerable to cyberattacks today," Lieberman said. Senate Majority Leader Harry Reid, D-Nev., plans to bring the Cybersecurity Act to the Senate floor without an official markup by committee, and Lieberman said he hopes the bill will come up after the debate on postal reform. McCain, who is the ranking member of the Armed Services Committee, will be joined by Commerce Ranking Member Kay Bailey Hutchison, R-Texas; Judiciary Ranking Member Chuck Grassley, R-Iowa; Intelligence Vice Chairman Saxby Chambliss, R-Ga.; Energy and Natural Resources Ranking Member Lisa Murkowski, R-Alaska; and Sen. Dan Coats, R-Indiana. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 1 07:03:41 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Mar 2012 08:03:41 -0500 Subject: [Infowarrior] - Ken MacLeod's Intrusion: a surveillance and bioscience dystopia with the best of intentions Message-ID: <6592F797-A749-423B-8DC1-3909CDC570E9@infowarrior.org> Ken MacLeod's Intrusion: a surveillance and bioscience dystopia with the best of intentions By Cory Doctorow at 1:27 am Thursday, Mar 1 http://boingboing.net/2012/03/01/ken-macleods-intrusion.html Ken MacLeod's new novel Intrusion is a new kind of dystopian novel: a vision of a near future "benevolent dictatorship" run by Tony Blair-style technocrats who believe freedom isn't the right to choose, it's the right to have the government decide what you would choose, if only you knew what they knew. Set in North London, Intrusion begins with the story of Hope, a mother who has become a pariah because she won't take "the fix," a pill that repairs known defects in a gestating fetus's genome. Hope has a "natural" toddler and is pregnant with her second, and England is in the midst of a transition from the fix being optional to being mandatory for anyone who doesn't have a "faith-based" objection. Hope's objection isn't based on religion, and she refuses to profess a belief she doesn't have, and so the net of social services and laws begins to close around her. MacLeod widens the story from Hope, and her husband Hugh (a carpenter working with carbon-sequestering, self-forming "New Wood") who has moved to London from an independent Scotland, and whose childhood hides a series of vivid hallucinations of ancient people from the Ice Age-locked past. Soon we're learning about the bioscientists who toil to improve the world's genomes, the academics who study their work, the refuseniks who defy the system in small and large ways, and the Naxals, city-burning wreckers who would obliterate all of society. The Naxals, along with a newly belligerent India and Russia, are a ready-made excuse for a war-on-terror style crackdown on every corner of human activity that includes ubiquitous CCTV, algorithmic behavior monitors, and drones in every corner of the sky. With Intrusion, MacLeod pays homage to Orwell, showing us how a society besotted with paternalistic, Cass Sunstein-style "nudging" of behavior can come to the same torturing, authoritarian totalitarianism of brutal Stalinism. MacLeod himself is a Marxist who is lauded by libertarians, and his unique perspective, combined with a flair for storytelling, yields up a haunting, gripping story of resistance, terror, and an all-consuming state that commits its atrocities with the best of intentions. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 1 12:28:26 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Mar 2012 13:28:26 -0500 Subject: [Infowarrior] - Fwd: WikiLeaks: Stratfor emails reveal problems with Web security References: <7EB33041E473EC4B8C08A7CA087AC8720281BB2A@0015-its-exmb12.us.saic.com> Message-ID: (c/o MM) > Posted on Wed, Feb. 29, 2012 > WikiLeaks: Stratfor emails reveal problems with Web security > > Mark Seibel | McClatchy Newspapers > > last updated: March 01, 2012 07:44:38 AM > > http://www.mcclatchydc.com/2012/02/29/140422/wikileaks-stratfor-emails-reveal.html > > WASHINGTON ? On April 24, 2010, George Friedman, the CEO and founder of Stratfor, an Austin, Texas, company that specializes in writing analyses of international political developments, sent an email from his BlackBerry to one of his employees. It was a response to a suggestion that the company buy email encryption software. He no doubt rues his short missive today. > > "40k is a lot of money to spend on that obviously," he wrote. "It probably prices the solution out of our means right now." > > Nearly two years later, Stratfor's internal emails, more than 5 million pieces, are being published ? drip, drip, drip, 100 or so per day ? by the website WikiLeaks, which has provided access to all of the documents to 25 organizations around the world, including McClatchy. > > The emails, whose publication began Monday, contain some startling assertions, almost none of which have been confirmed. > > In one, from Jan. 26, 2011, the firm's vice president for intelligence, a former State Department counter-terrorism officer named Fred Burton, claimed to know the disposition of a grand jury investigation into WikiLeaks founder Julian Assange. "We have a sealed grand jury indictment," he wrote. > > But Burton offered no explanation for how he knew, and apparently none of the other participants in the exchange thought to ask him. More than a year later, no other report of an indictment has surfaced, though the existence of a grand jury is well documented. The Justice Department refused to say Tuesday whether an indictment exists, citing an ongoing investigation. > > In another email, 11 days after the special forces raid last May 2 in Pakistan that killed al Qaida founder Osama bin Laden, Burton reported that he'd been told that several members of the Pakistani military, "less than 12," knew of bin Laden's presence in the country. The email chain implied that Burton had acquired that information through access to records and other materials recovered from the bin Laden house. > > But no further details are offered in subsequent emails, and while the information seems plausible ? bin Laden had been living just a few hundred yards from Pakistan's premier military academy for five years ? Burton doesn't repeat it in a 3,892-word commentary on the bin Laden raid that was distributed to Stratfor subscribers on May 26. > > In announcing that WikiLeaks was making Stratfor's emails public, Assange referred to the company as a "shadow CIA." WikiLeaks said the emails would reveal "Stratfor's web of informers, payoff structure, payment-laundering techniques and psychological methods." > > But while Stratfor may have aspired to become a private equivalent to the CIA, analysts who are familiar with the burgeoning market for international political analysis say it's not among the world's premier players. Friedman's rejection of encryption software over a mere $40,000 is evidence of that. > > "Gathering global intelligence requires lots of resources," said Jo Jakobsen, an associate professor at the Norwegian University of Science and Technology and one of the few scholars who've devoted their academic careers to studying the risk analysis industry. > > Before Monday, Jakobsen said, he'd never heard of Stratfor. > > "I was a little bit surprised about hacking a medium or even small company like that," Jakobsen said. > > "WikiLeaks, as such, is brilliant," Jakobsen said, in an unsolicited paean to the website that gained its fame by publishing hundreds of thousands of U.S. government documents. "But," he added, "the way they have portrayed how these risk analysis firms operate shows they don't really understand. My guess is that most of (Stratfor's) time is spent on the Internet." > > WikiLeaks' publication of the Stratfor emails, naturally, has been controversial. WikiLeaks says it doesn't know the source of the emails, though it's been known since December that Stratfor's computers had been violated. That's when Anonymous, a group of Internet hackers who target corporations they deem guilty of wrongdoing, published the names of Stratfor's customers and their credit card numbers. The controversy has touched the news organizations that have been given access to the emails. > > "McClatchy?s relationship with WikiLeaks is the same as we have with hundreds of people and organizations that provide information to our newspapers," said Anders Gyllenhaal, McClatchy's vice president for news and its Washington editor. "This is not a partnership. We have no role in how WikiLeaks operates. We simply have an arrangement that enables us to review documents ahead of others. We then determine the information?s validity and value and publish based on our independent news judgment." > > Friedman founded Stratfor in 1996 after he left Louisiana State University, where he was a political science professor, and it's made its reputation by distributing analyses of breaking international news developments on its website. > > American journalists found Stratfor analysts particularly accessible and often used their postings and comments when official law enforcement sources were unavailable. McClatchy, for example, cited a Stratfor analysis of burn patterns in a mosque to discuss the likely cause of an explosion last June that wounded former Yemeni President Ali Abdullah Saleh as he was praying. > > Without doubt, Stratfor is much smaller than the world's most prominent risk-analysis firms. The granddaddies of the trade include New York-based Control Risk Group, with offices in 34 countries, and London-based Merchant International Group, which boasts operations in 100 countries. There are hundreds, if not thousands, of others. > > By comparison, Stratfor's employee complement is fewer than 100 people, according to one former insider, who spoke only on the condition that he not be identified, to preserve his status in the industry. Stratfor itself isn't commenting. > > One of Stratfor's emails lists 24 people by name who are authorized to receive missives as part of the company's "secure" email list. > > The company's financial statements ? they, too, can be found in the WikiLeaks emails, unencrypted ? indicate that Stratfor is profitable, though not wildly so. > > According to its eight-month income statement for 2011, revenues through August were $7.6 million, of which $6.7 million came from subscriptions to the company's publications. Costs, including $4.9 million in salaries and benefits, totaled $6.48 million. That left a net income, through August, of $516,401. > > That same profit and loss statement indicated that Stratfor had just one U.S. government client last year, the Marine Corps, which was billed $34,000 in October, apparently for consulting services. > > In 2010, according to a list of receivables found among the email, the Department of the Air Force owed Stratfor $119,950. That same year, the "commandant of the Marines" is listed as owing Stratfor $48,000. > > As for Stratfor's other clients, there were nine that made payments in the first eight months of 2011, according to the financial statement. The largest was Chevron Latin America, which paid Stratfor $81,700. A 10th client was added in September ? according to an email from Friedman to his staff that month ? the Turkish Industry and Business Association. It was billed $75,000 in October, according to a note that accompanied the financial statement. > > Another client, Dallas-based Hunt Oil, renewed its subscription to Stratfor's research for $42,394. According to the emails, Stratfor monitors events in Iraq, Peru and Yemen for Hunt, which has oil interests in those countries, and along the U.S.-Mexican border, where Hunt controls the electrical transmission lines between Mexico and Texas. > > Despite the existence of emails that indicate Dow Chemical had asked Stratfor to gather information on advocates for victims of the 1984 chemical spill in Bhopal, India, there's no indication in the financial statement that Dow made any payments to Stratfor in 2010 or 2011. The monitoring appears to have been done by Allis Information Management, a political analysis firm based in Midland, Mich., where Dow's headquarters are also. Allis didn't respond to requests for comment. > > Without doubt, according to the emails, Stratfor's most colorful personality is Burton, the VP for intelligence, who announced the news of a sealed indictment of Assange to his incurious colleagues last year. Even without the emails, Burton is a bigger-than-life figure. > > A former deputy director of the Counter Terrorism Division of the State Department's Diplomatic Security Service, Burton has written two books. The first, "Ghost: Confessions of a Counterterrorism Agent," made The New York Times best-seller list when it was published in 2008. > > He casts a long shadow in the Stratfor emails. He slams the CIA, suggests that Assange should be waterboarded and takes an unpopular position, at least among some analysts he's exchanging emails with, that sometimes one source is all you need ? if the information is good enough and the source trusted. > > "If a source has a strong record for accuracy and the info being sent adds up, I don't see why we need to wait for it to be corroborated," Burton wrote in an email Nov. 14. > > He was a proponent of improving the company's Internet security, calling for encrypting nearly everything, including the company's financials, its reports to its clients and other potentially sensitive communications. > > The admonition fell largely on deaf ears. > > Last summer, Stratfor began a rush program to gather all of its analysts' sources into a central database, urging in repeated emails that they send the lists, with names, numerical code designations and contact information, all color-coded according to Stratfor's standards: red for people who should be contacted only sparingly, orange for those who are more accessible and yellow for sources who seem willing to be contacted at any time. > > Only once in the flurry of emails did an analyst suggest that perhaps this information should be encrypted. All the others apparently sent their lists as they kept them, in Excel spreadsheets that soon will be available for all the world to peruse ? scores of names and phone numbers in Asia, Africa and Latin America. > > "That's the big scandal here," said Jakobsen, the Norwegian risk analysis industry expert. "An intelligence company being hacked." > > ON THE WEB > > WikiLeaks' Global Intelligence Files > > MORE FROM MCCLATCHY > > Wounded, Yemen's Saleh finds his support undamaged > > WikiLeaks: Doctors of Venezuela's Hugo Chavez disagree over his health > > Without credit card donations, WikiLeaks facing funding crisis > > Follow Mark Seibel on Twitter. > > McClatchy Newspapers 2012 > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. -------------- next part -------------- An HTML attachment was scrubbed... URL: From rforno at infowarrior.org Thu Mar 1 14:58:39 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Mar 2012 15:58:39 -0500 Subject: [Infowarrior] - Court: Warrantless cell phone searches legal Message-ID: <25E08644-124E-4214-A040-D8D066DDC161@infowarrior.org> Court: Warrantless cell phone searches legal by Charles Cooper March 1, 2012 10:54 AM PST The decision by a federal appeals court means that police can search cell phones for evidence without first needing a warrant. http://news.cnet.com/8301-1023_3-57388786-93/court-warrantless-cell-phone-searches-legal The decision (PDF), issued by the U.S. Court of Appeal for the 7th Circuit, stems from an Indiana case where prosecutors used evidence that police found on cell phones at the arrest scene to convict a suspect on drug charges. Police had subpoenaed three months of each cell phone's call history to gather evidence on one of the defendants in the case, Abel Flores-Lopez. Defense attorneys appealed their client's 10-year prison sentence, arguing that the police should have requested a search warrant before searching Flores-Lopez's phone. They maintained that any evidence obtained from the phone company thus was the fruit of an illegal search and therefore should be ruled inadmissible. The three-judge panel was unpersuaded. "It's not even clear that we need a rule of law specific to cell phones or other computers. If police are entitled to open a pocket diary to copy the owner's address, they should be entitled to turn on a cell phone to learn its number," they wrote in the opinion. The justices likened the cell phone to a diary, saying that since police were entitled to open a pocket diary to find an owner's address, they similarly should be allowed to turn on a cell phone to obtain its number. "So opening the diary found on the suspect whom the police have arrested, to verify his name and address and discover whether the diary contains information relevant to the crime for which he has been arrested, clearly is permissible; and what happened in this case was similar but even less intrusive, since a cell phone's phone number can be found without searching the phone's contents, unless the phone is password-protected-and on some cell phones even if it is." The court offered up a scenario in which they said that the defendant's associates conceivably could have learned about the arrests and remotely wiped the cell phones clean before the government was able to get a warrant permitting investigators to conduct a search. They described the authorities' ability to obtain the cell phone's phone number quickly as a "modest cost" in privacy invasion. "Armed with that number the officers could obtain the call history at their leisure, and the defendant does not deny that if the number was lawfully obtained the subpoenaing of the call history from the phone company was also lawful and the history thus obtained could therefore properly be used in evidence against him," the justices wrote. A similar issue surfaced around a 2004 arrest by San Francisco police as part of a marijuana investigation. The police searched the mobile phones of three of the five men they arrest but without first requesting a warrant. U.S. District Judge Susan Illston, later ruled that the SFPD's warrantless search was not permissible. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 1 16:31:28 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Mar 2012 17:31:28 -0500 Subject: [Infowarrior] - =?windows-1252?q?=91Trespass_Bill=92_will_make_pr?= =?windows-1252?q?otest_illegal?= Message-ID: (c/o AJR) Goodbye, First Amendment: ?Trespass Bill? will make protest illegal Get short URL email story to a friend print version Published: 29 February, 2012, 02:13 http://rt.com/usa/news/348-act-tresspass-buildings-437/ Just when you thought the government couldn?t ruin the First Amendment any further: The House of Representatives approved a bill on Monday that outlaws protests in instances where some government officials are nearby, whether or not you even know it. The US House of Representatives voted 388-to-3 in favor of H.R. 347 late Monday, a bill which is being dubbed the Federal Restricted Buildings and Grounds Improvement Act of 2011. In the bill, Congress officially makes it illegal to trespass on the grounds of the White House, which, on the surface, seems not just harmless and necessary, but somewhat shocking that such a rule isn?t already on the books. The wording in the bill, however, extends to allow the government to go after much more than tourists that transverse the wrought iron White House fence. Under the act, the government is also given the power to bring charges against Americans engaged in political protest anywhere in the country. Under current law, White House trespassers are prosecuted under a local ordinance, a Washington, DC legislation that can bring misdemeanor charges for anyone trying to get close to the president without authorization. Under H.R. 347, a federal law will formally be applied to such instances, but will also allow the government to bring charges to protesters, demonstrators and activists at political events and other outings across America. The new legislation allows prosecutors to charge anyone who enters a building without permission or with the intent to disrupt a government function with a federal offense if Secret Service is on the scene, but the law stretches to include not just the president?s palatial Pennsylvania Avenue home. Under the law, any building or grounds where the president is visiting ? even temporarily ? is covered, as is any building or grounds ?restricted in conjunction with an event designated as a special event of national significance." It?s not just the president who would be spared from protesters, either. Covered under the bill is any person protected by the Secret Service. Although such protection isn?t extended to just everybody, making it a federal offense to even accidently disrupt an event attended by a person with such status essentially crushes whatever currently remains of the right to assemble and peacefully protest. Hours after the act passed, presidential candidate Rick Santorum was granted Secret Service protection. For the American protester, this indeed means that glitter-bombing the former Pennsylvania senator is officially a very big no-no, but it doesn?t stop with just him. Santorum?s coverage under the Secret Service began on Tuesday, but fellow GOP hopeful Mitt Romney has already been receiving such security. A campaign aide who asked not to be identified confirmed last week to CBS News that former House Speaker Newt Gingrich has sought Secret Service protection as well. Even former contender Herman Cain received the armed protection treatment when he was still in the running for the Republican Party nod. In the text of the act, the law is allowed to be used against anyone who knowingly enters or remains in a restricted building or grounds without lawful authority to do so, but those grounds are considered any area where someone ? rather it?s President Obama, Senator Santorum or Governor Romney ? will be temporarily visiting, whether or not the public is even made aware. Entering such a facility is thus outlawed, as is disrupting the orderly conduct of ?official functions,? engaging in disorderly conduct ?within such proximity to? the event or acting violent to anyone, anywhere near the premises. Under that verbiage, that means a peaceful protest outside a candidate?s concession speech would be a federal offense, but those occurrences covered as special event of national significance don?t just stop there, either. And neither does the list of covered persons that receive protection. Outside of the current presidential race, the Secret Service is responsible for guarding an array of politicians, even those from outside America. George W Bush is granted protection until ten years after his administration ended, or 2019, and every living president before him is eligible for life-time, federally funded coverage. Visiting heads of state are extended an offer too, and the events sanctioned as those of national significance ? a decision that is left up to the US Department of Homeland Security ? extends to more than the obvious. While presidential inaugurations and meeting of foreign dignitaries are awarded the title, nearly three dozen events in all have been considered a National Special Security Event (NSSE) since the term was created under President Clinton. Among past events on the DHS-sanctioned NSSE list are Super Bowl XXXVI, the funerals of Ronald Reagan and Gerald Ford, most State of the Union addresses and the 2008 Democratic and Republican National Conventions. With Secret Service protection awarded to visiting dignitaries, this also means, for instance, that the federal government could consider a demonstration against any foreign president on American soil as a violation of federal law, as long as it could be considered disruptive to whatever function is occurring. When thousands of protesters are expected to descend on Chicago this spring for the 2012 G8 and NATO summits, they will also be approaching the grounds of a National Special Security Event. That means disruptive activity, to whichever court has to consider it, will be a federal offense under the act. And don?t forget if you intend on fighting such charges, you might not be able to rely on evidence of your own. In the state of Illinois, videotaping the police, under current law, brings criminals charges. Don?t fret. It?s not like the country will really try to enforce it ? right? On the bright side, does this mean that the law could apply to law enforcement officers reprimanded for using excessive force on protesters at political events? Probably. Of course, some fear that the act is being created just to keep those demonstrations from ever occuring, and given the vague language on par with the loose definition of a ?terrorist? under the NDAA, if passed this act is expected to do a lot more harm to the First Amendment than good. United States Representative Justin Amash (MI-03) was one of only three lawmakers to vote against the act when it appeared in the House late Monday. Explaining his take on the act through his official Facebook account on Tuesday, Rep. Amash writes, ?The bill expands current law to make it a crime to enter or remain in an area where an official is visiting even if the person does not know it's illegal to be in that area and has no reason to suspect it's illegal.? ?Some government officials may need extraordinary protection to ensure their safety. But criminalizing legitimate First Amendment activity ? even if that activity is annoying to those government officials ? violates our rights,? adds the representative. Now that the act has overwhelmingly made it through the House, the next set of hands to sift through its pages could very well be President Barack Obama; the US Senate had already passed the bill back on February 6. Less than two months ago, the president approved the National Defense Authorization Act for Fiscal Year 2012, essentially suspending habeas corpus from American citizens. Could the next order out of the Executive Branch be revoking some of the Bill of Rights? Only if you consider the part about being able to assemble a staple of the First Amendment, really. Don?t worry, though. Obama was, after all, a constitutional law professor. When he signed the NDAA on December 31, he accompanied his signature with a signing statement that let Americans know that, just because he authorized the indefinite detention of Americans didn?t mean he thought it was right. Should President Obama suspend the right to assemble, Americans might expect another apology to accompany it in which the commander-in-chief condemns the very act he authorizes. If you disagree with such a decision, however, don?t take it to the White House. Sixteen-hundred Pennsylvania Avenue and the vicinity is, of course, covered under this act. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 1 16:33:55 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Mar 2012 17:33:55 -0500 Subject: [Infowarrior] - B-b-b-but it's still 'classified', that's why Message-ID: WikiLeaks Diplomatic Cables FOIA Documents In June 2011, the ACLU filed suit against the State Department to enforce a FOIA request seeking 23 embassy cables previously disclosed by WikiLeaks. The agency released redacted versions of 11 and withheld the other 12 in full. The five excerpts below show the government?s selective and self-serving decisions to withhold information. Because the leaked versions of these cables have already been widely distributed, the redacted releases provide unique insight into the government?s selective decisions to hide information from the American public. Place your mouse over the redacted sections to see what the government is hiding. Scroll to the bottom of the page to access redacted versions of all 11 cables released by the government and links to the full cables published by WikiLeaks. < -- > http://www.aclu.org/wikileaks-diplomatic-cables-foia-documents --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 1 20:01:38 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Mar 2012 21:01:38 -0500 Subject: [Infowarrior] - NSA builds Android phone for top secret calls Message-ID: NSA builds Android phone for top secret calls By Darren Pauli on Mar 1, 2012 9:15 AM http://www.scmagazine.com.au/News/292189,nsa-builds-android-phone-for-top-secret-calls.aspx The National Security Agency (NSA) has developed an ultra-secure Android phone built using off-the-shelf kit that allows US Government staff to discuss top secret materials. About 100 of the Fishbowl phones were developed and released to government staff. They were designed to comply with the NSA?s tough information security rules yet be as cheap as possible and easy to use. The phones were designed and built by the NSA?s 40 year-old Information Assurance Directorate, which is responsible for providing secure communications to the US Government, including the Department of Defence. The division?s head, Margaret Salter, said anyone can reproduce the phone using specifications published online today because it uses off-the-shelf components. ?The plan was to buy commercial components, layer them together and get a secure solution,? Salter said. ?It uses solely commercial infrastructure to protect classified data.? Salter said she would previously need to ?speak in code? if using a commercial mobile device to discuss classified information. Users will be able to install defence applications on the device from an enterprise app store run by the US Defence Information Systems Agency. This would ensure only secure applications were installed, and remove the need for NSA staff to otherwise vet the integrity of third party applications. The phone is part of a wider NSA Mobility Program to design all communications technologies used for classified discussions from commercial off-the-shelf components. The aim, Salter said, was to produce secure devices that had the ease-of-use at a low cost. Tech troubles The Information Assurance Directorate ran into a string of problems during the build due to a lack of interoperability between vendor products. Salter said a lack of interoperability between SSL VPN options forced designers to use IPSEC. Several other compromises were made but none that reduced the security of the phone, Salter said. ?We needed a voice app that did DTLS (Datagram Transport Layer Security), Suite B and SRTP (Secure Real-time Transport Protocol) and we couldn?t buy it,? Salter said. ?But the industry was thinking more about session description ? so we went with that.? Fishbowl encryption Designers were also challenged by the functionality in commercial products. Vendors were chosen not by reputation or preference, but by their support of required functionality. Each was plotted on a grid and chosen by ?drawing a line through the list?. Salter said the security specifications, such as those sought for the voice application, would be useful to everyone. She urged colleagues to demand vendors improve unified communications interoperability. ?We need to send a message [about] standards, interoperability and plug and play," she said. All traffic from the phone is routed through the enterprise as a primary security design goal. ?If we let it go to all kinds of places, we lost control of figuring out what the phone was doing. If I want pizza, I have to go through the enterprise which has to route me to Pizza Hut.? Voice calls are encrypted twice in accordance with NSA policy, using IPSEC and SRTP, meaning a failure requires ?two independent bad things to happen,? Salter said. She said the Android operating system and key store were customised to be made secure enough for top secret conversations, and a ?kind of police app? was designed to monitor operations on the device. Copyright ? SC Magazine, Australia --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 1 20:19:21 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 1 Mar 2012 21:19:21 -0500 Subject: [Infowarrior] - =?windows-1252?q?OT=3A_Olympia_Snowe=3A_Why_I=92m?= =?windows-1252?q?_leaving_the_Senate?= Message-ID: <84328723-FA06-4AD6-AD88-12A0A805EFDC@infowarrior.org> Olympia Snowe: Why I?m leaving the Senate By Olympia J. Snowe, Thursday, March 1, 8:47 PM http://www.washingtonpost.com/opinions/olympia-snowe-why-im-leaving-the-senate/2012/03/01/gIQApGYZlR_print.html Two truths are all too often overshadowed in today?s political discourse: Public service is a most honorable pursuit, and so is bipartisanship. I have been immeasurably honored to serve the people of Maine for nearly 40 years in public office and for the past 17 years in the United States Senate. It was incredibly difficult to decide that I would not seek a fourth term in the Senate. Some people were surprised by my conclusion, yet I have spoken on the floor of the Senate for years about the dysfunction and political polarization in the institution. Simply put, the Senate is not living up to what the Founding Fathers envisioned. During the Federal Convention of 1787, James Madison wrote in his Notes of Debates that ?the use of the Senate is to consist in its proceedings with more coolness, with more system, and with more wisdom, than the popular branch.? Indeed, the Founding Fathers intended the Senate to serve as an institutional check that ensures all voices are heard and considered, because while our constitutional democracy is premised on majority rule, it is also grounded in a commitment to minority rights. Yet more than 200 years later, the greatest deliberative body in human history is not living up to its billing. The Senate of today routinely jettisons regular order, as evidenced by the body?s failure to pass a budget for more than 1,000 days; serially legislates by political brinkmanship, as demonstrated by the debt-ceiling debacle of August that should have been addressed the previous January; and habitually eschews full debate and an open amendment process in favor of competing, up-or-down, take-it-or-leave-it proposals. We witnessed this again in December with votes on two separate proposals for a balanced-budget amendment to the Constitution. As Ronald Brownstein recently observed in National Journal, Congress is becoming more like a parliamentary system ? where everyone simply votes with their party and those in charge employ every possible tactic to block the other side. But that is not what America is all about, and it?s not what the Founders intended. In fact, the Senate?s requirement of a supermajority to pass significant legislation encourages its members to work in a bipartisan fashion. One difficulty in making the Senate work the way it was intended is that America?s electorate is increasingly divided into red and blue states, with lawmakers representing just one color or the other. Before the 1994 election, 34 senators came from states that voted for a presidential nominee of the opposing party. That number has dropped to just 25 senators in 2012. The result is that there is no practical incentive for 75 percent of the senators to work across party lines. The great challenge is to create a system that gives our elected officials reasons to look past their differences and find common ground if their initial party positions fail to garner sufficient support. In a politically diverse nation, only by finding that common ground can we achieve results for the common good. That is not happening today and, frankly, I do not see it happening in the near future. For change to occur, our leaders must understand that there is not only strength in compromise, courage in conciliation and honor in consensus-building ? but also a political reward for following these tenets. That reward will be real only if the people demonstrate their desire for politicians to come together after the planks in their respective party platforms do not prevail. I certainly don?t have all the answers, and reversing the corrosive trend of winner-take-all politics will take time. But as I enter a new chapter in my life, I see a critical need to engender public support for the political center, for our democracy to flourish and to find solutions that unite rather than divide us. I do not believe that, in the near term, the Senate can correct itself from within. It is by nature a political entity and, therefore, there must be a benefit to working across the aisle. But whenever Americans have set our minds to tackling enormous problems, we have met with tremendous success. And I am convinced that, if the people of our nation raise their collective voices, we can effect a renewal of the art of legislating ? and restore the luster of a Senate that still has the potential of achieving monumental solutions to our nation?s most urgent challenges. I look forward to helping the country raise those voices to support the Senate returning to its deserved status and stature ? but from outside the institution. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 2 07:28:17 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Mar 2012 08:28:17 -0500 Subject: [Infowarrior] - Internet Outage at Pentagon Message-ID: <9462A445-A8E2-4FE6-B096-D089EA1A6642@infowarrior.org> (c/o MM) Internet Outage at Pentagon by Justin Fishel | March 01, 2012 http://politics.blogs.foxnews.com/2012/03/01/pentagon-internet-shut-down Fox News has learned that on Thursday at around 10:00 a.m. the military's Defense Information Systems Agency (DISA) shut down access to the internet and blackberry service while they work to fix an unspecified problem. This means no one in the Pentagon has internet and many military downrange, to include combatant commands, don't have internet either. DISA, according to its website, is a Defense Department agency that provides command and control support to national-level leaders and joint-war fighters "across the full spectrum of operations." The agency sent out a network wide notification this morning via email explaining that "users are experiencing problems browsing the internet due to a DISA-wide outage." As a result, the memo said, "ALL Blackberry, email web-browsing, and VPN services are affected." People we spoke with in the Pentagon are still able to use e-mail on their computers, but were unable to access the internet. According to a Pentagon official familiar with network security, this outage is not in response to any time of cyber-attack. This official says if it were an attack, "we'd all know it and DISA would have done what is called a blanket protocol, shutting down all sorts of access until they isolated the source of the attack." A spokesman at DISA told Fox so far "there is no indication of an attack" and it's expected the internet will slowly come back online. Technicians in the military are working to resolve the problem, which could be affecting as many as 20,000 military and civilian personnel in the Pentagon alone. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 2 07:29:55 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Mar 2012 08:29:55 -0500 Subject: [Infowarrior] - Silence Gun: Strange weapon of the future immediately quiets you, whether you like it or not Message-ID: (c/o JH) Silence Gun: Strange weapon of the future immediately quiets you, whether you like it or not By Tecca | Today in Tech ? 12 hrs ago http://news.yahoo.com/blogs/technology-blog/weird-gun-future-attacks-words-not-people-193050045.html This delayed auditory feedback device makes it all but impossible for a human to speak Ever since humans first invented guns, they've been inventing new uses for them. Some shoot bullets; others shoot lasers. But a strange and unsettling new gun being developed by Japanese researchers shoots sound waves in an effort to disrupt and silence anyone who dares speak out of turn. The gun operates based on the concept of delayed auditory feedback. An attached microphone picks up the sound being made by the target and plays it back 0.2 seconds later. The effect is incredibly confusing to the human brain, making it all but impossible to talk or hold a conversation. The device doesn't cause the person it's being used on any physical harm ? it simply messes with their head. When the human brain hears its own speech perfectly in sync during normal speech, it easily processes the input and allows you to largely ignore the sound of your own voice. However, by offsetting the response just a bit, the brain hears your mouth speaking as well as the strange echo effect produced by the gun. This unusual combination is confusing enough to effectively shut down the part of your brain responsible for managing speech, and you fall immediately silent. The first versions of the weapon ? if we can even call it that ? were dependent on a separate PC to process the input and relay it back to the speaker. However, the second prototype (pictured above) does away with the need for additional hardware and includes all the necessary processing bits within its casing, making it easily portable. The developers say the gun could be used for seemingly innocuous purposes, such as enforcing rules requiring library patrons to keep quiet. It could also see action during large meetings when it is important that onlookers not disrupt the speaker; anyone who fancies a noisy outburst would immediatley be silenced by the high-tech handheld. The free speech implications of the speech jammer are somewhat disconcerting: A protestor or speaker at a political rally could be easily silenced just for having unpopular views. Political rallies and other protest gatherings could easily be quieted by the strange gun, should law enforcement or other agencies decide to equip themselves with the technology. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 2 07:39:30 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Mar 2012 08:39:30 -0500 Subject: [Infowarrior] - More Navy pron: 'Top Gun 2' in the works? Message-ID: <9EA01A6E-BF3B-4F52-8FAD-96DFF4A3481F@infowarrior.org> March 1st, 2012 11:30 AM ET http://marquee.blogs.cnn.com/2012/03/01/top-gun-2-goes-with-town-scribe/ 'Top Gun 2' goes with 'Town' scribe The reported "Top Gun 2" movie looks to be a little closer to becoming a reality: Variety reports that "The Town" writer Peter Craig has been hired to work out the script. As fans of "The Town," if not fans of sequels to classic '80s films, this feels like good news. Variety adds that Jerry Bruckheimer will serve as producer along with David Ellison's Skydance Productions, and that director Tony Scott and star Tom Cruise are expected to take part in the sequel as well. Reports surfaced in 2010 that Paramount was looking to continue the blockbuster 1986 picture, and Cruise told MTV last December that they were indeed "working on it," although he noted at the time that he didn't think screenwriter Christopher McQuarrie was going to pen the sequel. Nonetheless, Cruise was hopeful that they'd be able to find a way to get the project off the ground. "I hope we can figure this out to go do it again," he said at the time. "If we can find a story that we all want to do, we all want to make a film that is in the same kind of tone as the other one and shoot it in the same way we shot 'Top Gun.'" --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 2 08:07:48 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Mar 2012 09:07:48 -0500 Subject: [Infowarrior] - Comcast and other providers rush to impose data caps Message-ID: <546FD78C-D768-4997-BCA4-D6766D46689D@infowarrior.org> Jeff Gelles: Comcast and other providers rush to impose data caps March 01, 2012|By Jeff Gelles, Inquirer Columnist http://articles.philly.com/2012-03-01/business/31114045_1_data-caps-unlimited-data-data-hogs/2 Netflix's video-streaming service may have lost access Wednesday to its collection of popular Starz movies, but it has been busy reinventing itself as an alternative source of TV shows - a slew of series reruns for now, though with original productions in its pipeline. Who knows? With high-quality shows, it could someday become an Internet version of HBO. But if you get Internet access from Comcast or one of several other large broadband providers, you might not want to get hooked on Netflix's offerings. If you watch too much via Comcast broadband - or do anything else online that involves moving more than 250 gigabytes of data per month - you're at risk of an ugly surprise. Violate that cap, and Comcast can suspend your broadband service for a year. In recent weeks, the nation's leading wireless carriers, AT&T and Verizon, have drawn loud hoots for putting digital brakes on high-end customers who make the mistake of believing that an "unlimited data" plan means what it says. Both say they're targeting the top 5 percent of their users to limit network congestion, despite scant evidence that "unlimited data" customers are particular data hogs. AT&T users have reported that data speeds are being throttled by as much as 99 percent - enough to take the smart out of smartphone. It's clear enough what AT&T and Verizon are doing, even if they don't want to say so: Both have decided to cash in on customers who use the most data and are pushing them to switch to tiered plans. Something very different is happening in the wired-broadband world, though likely with similar motives. According to Telogical Systems, five of the nation's seven largest broadband providers now impose monthly data caps. Four of them - Comcast, CenturyLink, Charter Communications, and Cox - say they will suspend customers who violate the caps. The fifth, AT&T, charges $10 for each extra 50 gigabytes. Why does Comcast consider 250 gigabytes per month "excessive use"? Comcast never really says, according to critics such as Andre Vrignaud, a Seattle gaming consultant who was cut off last year by Comcast and has since become a vocal critic of the caps. Vrignaud says he ran into the cap by accident when he starting moving files to cloud services such as Carbonite for data backup and Amazon for music storage. "I doubt that most users realize that both uploads and downloads are counted," Vrignaud says. Comcast's Charlie Douglas says the company has set "a reasonable, transparent, and fair threshold" for a network on which customers share bandwidth. "We feel that that is an extraordinarily large amount of data. That limit is there to make sure we provide a great online experience for every single paying customer." Douglas says that fewer than 1 percent of Comcast's broadband customers have ever been warned and that the number subsequently cut off is "extraordinarily small." Vrignaud says broadband providers that impose hard monthly caps have an ulterior motive: They want to steer customers away from services such as Netflix that pose a competitive threat to their core pay-television businesses, and tilt the playing field for future data-heavy services to their own advantage. "They're trying to put land mines on the train tracks," Vrignaud says. Netflix has been a sharp critic of hard caps as well as of overage charges - policies that its general counsel, David Hyman, says rely on a false analogy between data and products such as electricity that are costly to produce. "Adding more capacity is easy," Hyman wrote in a Wall Street Journal op-ed. "The marginal cost of providing an extra gigabyte of data - enough to deliver one episode of 30 Rock from Netflix - is less than one cent, and falling." Thankfully, there are exceptions in the rush toward data caps, including California's Sonic.net Inc., whose CEO, Dane Jasper, backs Hyman's argument. In a future column, I'll tell you why he thinks the Federal Communications Commission needs to take a more assertive role to protect the promise of the broadband revolution. Another notable exception is Verizon, for both its DSL and its FiOS fiber-optic service. John Schommer, director of broadband security and cloud services, calls hard caps such as Comcast's "a little harsh" but says he understands the impulse to use prices or other policies to manage network demand - especially at companies that lack Verizon's state-of-the-art fiber technology. But he says imposing caps "is not in Verizon's immediate plans." Contact Jeff Gelles at 215-854-2776 or jgelles at phillynews.com. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 2 13:39:26 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 2 Mar 2012 14:39:26 -0500 Subject: [Infowarrior] - OT: Some Friday fun Message-ID: Since there are many Marvel geeks reading this list, I thought I'd offer something snarky for their Friday funnies. Enjoy! The Muppet Avengers Trailer http://www.youtube.com/watch?v=di23W7b7FIw --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 3 12:54:31 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 3 Mar 2012 13:54:31 -0500 Subject: [Infowarrior] - =?windows-1252?q?Court_Says_Agency_Classification?= =?windows-1252?q?_Decision_is_Not_=93Logical=94?= Message-ID: Court Says Agency Classification Decision is Not ?Logical? http://www.fas.org/blog/secrecy/?p=6900 In an opinion published this week, DC District Judge Richard W. Roberts did an astonishing thing that federal courts almost never do: He probed into the decision to classify a government document and concluded that it was not well-founded. He ordered the agency to release the document under the Freedom of Information Act. The Center for International Environmental Law had sued the Office of the U.S. Trade Representative (USTR) to obtain a one-page position paper concerning the U.S. negotiating position in free trade negotiations. The USTR denied the document, which it said was classified, on grounds that the parties to the negotiation had agreed that their records would not be disclosed prior to the end of 2013. The USTR contended that release of the document would engender a loss of confidence among U.S. negotiating partners and weaken the position of the U.S. in future negotiations. It was classified ?Confidential? because its disclosure could reasonably be expected to cause harm to U.S. foreign relations, USTR said. But Judge Roberts rejected this line of argument, particularly since the document in question was a U.S. Government record, not foreign government information that had been provided in confidence. ?There is? a meaningful difference between the United States? disclosure of information that it receives in confidence from a foreign government, with the foreign government?s understanding that the information will be kept secret, and the United States? disclosure of a document that it itself created and provided to others,? he wrote. ?USTR? fails to provide a plausible or logical explanation of why disclosure of Document 1 reasonably could be expected to damage United States? foreign relations,? Judge Roberts concluded. Therefore, he ruled that it could not be withheld. In the context of FOIA litigation, this is an extraordinary opinion. Ordinarily, courts defer to executive branch agencies on questions of national security classification. It?s true that FOIA requires that information must be ?properly? classified in order to be exempt from disclosure. But the term ?properly? has usually been interpreted to mean procedurally proper, not substantively proper. In other words, courts ask if the classifier was authorized to classify and if other classification rules were correctly followed. But unlike Judge Roberts, they do not normally ask whether the classification decision makes any sense. Once the question of the merit of the document?s classification was permitted, the USTR postion could not be sustained. Interestingly, the court did not specifically say that the document must be declassified. Classification policy is not the court?s concern, particularly since it is not based in statute. Rather, Judge Roberts simply ordered that the government must provide a copy of the document to the requester ? whether it is classified or not. The ruling is a rebuke not only to the USTR, which classified the document, but also to the Department of Justice, which chose to defend the case in court. According to 2009 FOIA Guidelines issued by Attorney General Holder, the Department of Justice is only supposed to defend agency FOIA denials when disclosure would cause reasonably foreseeable harm or is prohibited by law. In practice, however, there is no known case in which those Guidelines have led the Department to decline to defend a FOIA denial. The new decision was first reported by Josh Gerstein of Politico in ?Judge issues rare order to disclose classified document,? February 29. Federal courts could do far more to curb unwarranted secrecy than they usually do, argued Meredith Fuchs, then-general counsel of the National Security Archive, in a 2006 law review article. See ?Judging Secrets: The Role Courts Should Play in Preventing Unnecessary Secrecy,? Administrative Law Review, Winter 2006. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 3 13:34:07 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 3 Mar 2012 14:34:07 -0500 Subject: [Infowarrior] - How many times must TSA apologise before they get fixed Message-ID: <5039D3FD-BB17-4A74-B896-1CD119E79077@infowarrior.org> TSA asks woman to prove her breast pump is real at Lihue Airport 8:53 AM, Mar 2, 2012 | comments Katie Maassen http://www.ksdk.com/news/article/307441/28/TSA-asks-woman-to-prove-her-breast-pump-is-real Lihue, HI (KITV) -- A Hawaiian mom says she was humiliated when asked to prove her breast pump was real at an airport. The woman says she was flagged for additional screening at the Lihue Airport Wednesday because of her electric breast feeding pump. She claims agents told her she couldn't take the pump on the plane because the bottles in her carry-on were empty. "I asked him if there was a private place I could pump and he said no, you can go in the women's bathroom. I had to stand in front of the mirrors and the sinks and pump my breast in front of every tourist that walked into that bathroom. I was embarrassed and humiliated and then angry that I was treated this way. When the bottles were full, she was allowed back on the plane. The TSA is apologizing, saying the agent made a mistake. The agency released a statement, saying in part: "We accept responsibility for the apparent misunderstanding and any inconvenience or embarrassment this incident may have caused her." The TSA recently changed screening procedures to allow women to carry breast milk onto planes without testing it. However, breast pumps may require additional screening. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 3 21:37:33 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 3 Mar 2012 22:37:33 -0500 Subject: [Infowarrior] - Why the security industry never actually makes us secure Message-ID: Why the security industry never actually makes us secure by Elinor Mills March 3, 2012 1:00 PM PST http://news.cnet.com/8301-27080_3-57389046-245/why-the-security-industry-never-actually-makes-us-secure/ SAN FRANCISCO--Every year, security vendors gather at the RSA conference here to reaffirm their commitment to fencing out hackers and keeping data safe. And every year, corporate and government Web sites continue to fall victim to basic attacks. Heck, ubersecurity firm RSA itself was compromised not that long ago, as was digital certificate heavyweight VeriSign, even if it didn't admit it for two years. In other words, very little changes from year to year beyond the buzzwords du jour bruited about by security vendors. "It's Groundhog Day," says Josh Corman, director of security intelligence at Akamai. Art Coviello, executive chairman of RSA, at least had the presence of mind to be humble, acknowledging in his keynote that current "security models" are inadequate. Yet he couldn't help but lapse into rah-rah boosterism by the end of his speech. "Never have so many companies been under attack, including RSA," he said. "Together we can learn from these experiences and emerge from this hell, smarter and stronger than we were before." Really? History would suggest otherwise. Instead of finally locking down our data and fencing out the shadowy forces who want to steal our identities, the security industry is almost certain to present us with more warnings of newer and scarier threats and bigger, more dangerous break-ins and data compromises and new products that are quickly outdated. Lather, rinse, repeat. "The cybersecurity cycle will go on for the rest of our lives," predicts Rod Beckstrom, president and CEO of ICANN and former director of the U.S. National Cybersecurity Center. "The industry takes a long time to evolve." Of course, while it's evolving, the rest of us are still coming to grips with existing vulnerabilities--to say nothing of trying to figure out which future problems are going to pose us the biggest headaches. This is a world, after all, with keyloggers that record bank account information. With "advanced persistent threats," or APTs, that conduct long-term industrial espionage. With government secrets left on unencrypted laptops and malware like Stuxnet apparently designed to sabotage national nuclear-arms programs. The industry's sluggishness is enough to breed pervasive cynicism in some quarters. Critics like Corman are quick to note that if security vendors really could do what they promise, they'd simply put themselves out of business. "The security industry is not about securing you; it's about making money," Corman says. "Minimum investment to get maximum revenue." Even if you're not quite as jaded as Corman, there are still two big--maybe insuperable--obstacles lying between us and security Nirvana. First, there's the seemingly endless arms race between hackers and defenders, one that shows no sign of slowing anytime soon. Second, there's the fact that attackers are--at least for now--much more motivated to get in than companies are to keep them out. Put together, it's enough to make almost anyone despair. One executive at a top security firm who asked not to be identified admitted that technology innovation is lagging behind the criminal hackers, whose motivation is greater than the level of risk corporations feel they face. "Never before have so many spent so much and accomplished so little," he said. Part of the problem is the increasing pervasiveness of networked computers, software, and social networks. There are more targets for attackers to hit. Twenty years ago we didn't have mobile phones and Facebook and Internet-connected power-grid controllers. Digital thieves are sneaking in new side doors before companies even realize they're unlocked. And the attackers are fast learners, able to devise new methods for getting into computer systems even when strong defenses are in place. When antivirus software blocked malware, lurking villains came up with cunning social engineering tricks to lure you to the malware. Making matters worse is the fact that the white hats are riding lame stallions and firing rusty revolvers. Models like antivirus signature updating--which protects only against known threats--are fundamentally broken, yet many companies still rely on them. The promises of Public Key Infrastructure have not materialized. Some hope that analysis of Big Data--the tons of log and network information housed within corporate systems--can identify points of weakness and block hackers. We'll see. "We're fighting the problems, but they're not solvable," said David Perry, president of G Data Software North America. "Everyone has expected the magic bullet forever, but there is none." Companies and consumers still want an easy fix, though--and that often plays right into the hands of hackers. When you see headlines about identity fraud and data breaches, it's much easier to buy a new antimalware package than to really analyze the problem and switch gears. "There's a mentality that we can solve the problem with another product," said Mary Landesman, senior security researcher at Cisco. If only it were true. Getting companies to devote time and money to adequately address their security issues is particularly difficult because they often don't think there's a problem until they've been compromised. And for some, too much knowledge can be a bad thing. "Part of the problem might be plausible deniability, that if the company finds something, there will be an SEC filing requirement," Landesman said. Of course, it would help if software in general was less buggy. Some security experts are pushing for a more proactive approach to security much like preventative medicine can help keep you healthy. The more secure the software code, the fewer bugs and the less chance of attackers getting in. "Most of RSA, especially on the trade show floor, is reactive security and the idea behind that is protect broken stuff from the bad people," said Gary McGraw, chief technology officer at Cigital. "But that hasn't been working very well. It's like a hamster wheel." This concept helped Microsoft improve its battered image 10 years ago after being hammered by viruses that infected tons of computers by exploiting holes in Windows. Microsoft launched its Software Development Lifecycle program to focus on building software with security in mind and it has been a success, making its products some of the most secure in the industry. That sort of solution, though, isn't particularly scalable, especially not with coders churning out apps and applications to meet the demand for new apps on new devices. "We know how to build software with fewer bugs per square inch and we are getting much better at that," McGraw said. "The problem is we're building more square miles of code than ever before." There is no easy answer, because there are so many aspects to security, said Bruce Schneier, chief security technology officer at BT. "The fundamental problems are about using technology, implementation, user interface, installations, updates, all of those ancillary things," he said. "And there are economic barriers that people who deploy the technology don't have financial motivations to do so.... The person in charge of the problem doesn't have the ability to fix it and the person with the ability to fix it isn't in charge." And no one wants to pay money to provide security for anyone else. Like pollution, security incidents are something everyone potentially contributes to and suffers as a result of. "This might be a fundamental mismatch that the market cannot resolve," without government intervention, Schneier said. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 3 22:29:56 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 3 Mar 2012 23:29:56 -0500 Subject: [Infowarrior] - RIP Ralph McQuarrie Message-ID: <8852BFAB-7616-4F43-B218-F6F8E59BDD57@infowarrior.org> http://www.theverge.com/2012/3/3/2843126/star-wars-conceptual-artist-ralph-mcquarrie-passes-away-at-82 'Star Wars' conceptual artist Ralph McQuarrie passes away at age 82 Artist Ralph McQuarrie has passed away at the age of 82. One of the primary visual forces behind the original Star Wars trilogy, Raiders of the Lost Ark, and Close Encounters of the Third Kind, McQuarrie created the original designs for such iconic characters as Darth Vader, Chewbacca, R2-D2, and C-3PO. Before partnering with George Lucas, McQuarrie had worked illustrating movie posters and creating artwork for CBS News. He collaborated with Steven Spielberg several times, including on E.T. the Extra-Terrestrial, and eventually won an Academy Award for his work on Cocoon. Contributing illustrations and conceptual drawings to video games, books, advertising campaigns, and numerous other projects over the years, it's no stretch to say that McQuarrie influenced science-fiction sensibilities for an entire generation. For a further look at his prolific body of work, you can visit McQuarrie's site or Facebook page. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 4 09:08:15 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Mar 2012 10:08:15 -0500 Subject: [Infowarrior] - Editorial: Surveillance, Security and Civil Liberties Message-ID: <15634463-3BCF-4BCB-B31C-E15A0FB4263A@infowarrior.org> Surveillance, Security and Civil Liberties Published: March 3, 2012 http://www.nytimes.com/2012/03/04/opinion/sunday/surveillance-security-and-civil-liberties.html Taking office not long after the Sept. 11, 2001, attacks, Mayor Michael Bloomberg and Police Commissioner Raymond Kelly wisely decided to beef up the Police Department?s counterterrorism program significantly, to help federal law enforcement agencies avert another disaster. Unfortunately, they did not provide for sufficiently strong supervision of this formidable and far-flung intelligence operation ? to check the well-known tendency of all such agencies, operating in secrecy and under murky rules, to abuse their powers. It appears that many thousands of law-abiding Muslim-Americans have paid a real price for that omission. A series of articles by The Associated Press has exposed constitutionally suspect surveillance of Muslims in New York, New Jersey, Long Island and beyond. Unearthed police records noticeably lack any apparent link to suspected criminal activity, or any obvious payoff for public safety. In particular, the A.P. reports revealed widespread police spying and the creation of police records containing information on Muslim people, mosques and campus groups, as well as luncheonettes, dollar stores and other legitimate businesses owned and frequented by Muslims, with no apparent reason to think anything wrong was going on. In mid-February, The A.P. disclosed that police officers systematically monitored the Web sites and blogs of Muslim student groups at N.Y.U., Columbia, Yale, Rutgers and a dozen other colleges. Documents show that an undercover agent accompanied 18 Muslim students from City College on a whitewater rafting trip in 2008. Dossier entries noted vital national security information ? like the number of times they prayed. Last week, The A.P. reported that plainclothes officers from the department?s euphemistically named Demographic Unit fanned out across Newark in 2007, snapping pictures of mosques and Muslim-owned businesses, listening to conversations, and gathering information about the makeup of mosque worshipers for an eerie 60-page internal police report stamped ?NYPD Secret.? Similar reports were prepared on other Muslim neighborhoods. Newark?s mayor, Cory Booker, and the president of Rutgers University, Richard McCormick, have spoken out movingly about the wounds inflicted by these activities. Muslims in Newark and at Rutgers, they said, have become reluctant to pray openly at mosques, join in faith-based groups, or frequent Muslim hangouts for fear of being watched and possibly tarred by ?guilt by association.? It is a distressing fact of life that mistreatment of Muslims does not draw nearly the protest that it should. But not just Muslims are threatened by this seemingly excessive warrantless surveillance and record-keeping. Today Muslims are the target. In the past it was protesters against the Vietnam War, civil rights activists, socialists. Tomorrow it will be another vulnerable group whose lawful behavior is blended into criminal activity. Mr. Bloomberg has reacted in the worst possible way ? with disdain ? to those raising legitimate questions about the surveillance program. Asking about its legality, and about whether alienating innocent Muslims is a smart or decent strategy, does not translate into being soft on terrorism, or failing to appreciate that it is a dangerous world. The mayor insists that the actions reported by The A.P. were ?legal,? ?appropriate? and ?constitutional.? He also says the police were only ?following leads.? But he has yet to explain what sort of leads, why they justify police surveillance of so many Muslims, or whether the type of surveillance depicted in the news reports continues. Under a federal court decree, it is permissible to collect information from public sources. But going to public places apparently selected on the basis of religion and recording information having nothing to do with terrorism ? including religious and political views expressed in mosques and campus gatherings ? is another matter. Officials like Gov. Andrew Cuomo, Senator Charles Schumer and the City Council speaker, Christine Quinn, should be urging the Police Department to be less grudging about supplying information that would aid public understanding, instead of racing to give the police a pass. We welcome last week?s statement by Attorney General Eric Holder that the Justice Department is beginning to review complaints about the N.Y.P.D.?s surveillance of Muslim and Arab communities to determine whether a full civil rights investigation is warranted. The review?s prompt completion should be a priority. Meantime, we are wondering what happened to the Michael Bloomberg who stood up for fairness and religious freedom by backing a proposed Muslim community center near ground zero. We hope that mayor re-emerges soon to restore trust. A version of this editorial appeared in print on March 4, 2012, on page SR10 of the New York edition with the headline: Surveillance, Security and Civil Liberties. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 4 09:15:08 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Mar 2012 10:15:08 -0500 Subject: [Infowarrior] - On Restricted Data on Influenza H5N1 Virus Transmission Message-ID: <2F576E0C-BF28-4241-B827-D363F3D420A5@infowarrior.org> On Restricted Data on Influenza H5N1 Virus Transmission Ron A. M. Fouchier,* Sander Herfst, Albert D. M. E. Osterhaus http://cryptome.org/2012/03/fouchier-021012.pdf Authors of a debated flu transmission study discuss why such work is important and should be published. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 4 09:52:23 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Mar 2012 10:52:23 -0500 Subject: [Infowarrior] - DMCA: Horrors of a Broad and Automated Censorship Tool Message-ID: DMCA: Horrors of a Broad and Automated Censorship Tool ? Ernesto ? March 4, 2012 http://torrentfreak.com/dmca-horrors-of-a-broad-and-automated-censorship-tool-120304/ The DMCA was once drafted to protect the interests of copyright holders, allowing them to take infringing content offline. Today, however, the system is systematically abused by rightsholders as an overbroad censorship tool. One third of the notices sent to Google are false, companies like Microsoft censor perfectly legal sites, and others use the DMCA to get back at competitors. Earlier this week one of TorrentFreak?s articles was censored by Google on behalf of a copyright holder. The article in question was mysteriously flagged as being infringing by an automated DMCA takedown tool. An honest mistake according to the people who sent the notice, but one that doesn?t stand in isolation. Google previously noted that that 37% of all DMCA notices they receive are not valid copyright claims. One of the problems is that many rightsholders use completely automated systems to inform Google and other service providers of infringements. They swear under penalty of perjury that the notices are correct, but this is often an outright lie. Microsoft, for example, has sent Google dozens of notices about the massive infringements that occur on the site Youhavedownloaded.com, a site that is completely non-infringing. As a result, many pages of the website have been de-listed from Google?s search results, directly damaging the site?s owners. Other rightsholders make even stranger mistakes by massively taking down content that they don?t own. The adult content outfit AFS Media for example asked Google to remove links to the movies Braveheart, Monsters Inc, Green Lantern and many more titles that have nothing to do with the content they produce. Similar mistakes are made at NBC Universal who got Google to censor the independent and free-to-share movie A Lonely Place for Dying. Or again by Microsoft, who successfully requested Google to remove a link to a copy of the open source operating system Kubuntu. And then there?s YouTube?s content-ID system. We previously outlined many mistakes that were made by the DMCA-style anti-piracy filter, resulting in tens of thousands of ridiculously inaccurate claims. This week yet another example came up when YouTube labeled birds tweeting in the background of a video as copyrighted music. Again a mistake, but one that probably would have never been corrected if Reddit and Hacker News hadn?t picked it up. Aside from the mistakes outlined above, there?s also a darker side to DMCA abuse. Google previously revealed that 57% of all the DMCA notices they receive come from companies targeting competitors. The ?competition? angle also ties into the row between Megaupload and Universal Music Group. The latter removed a promo video from the cyberlocker from YouTube on copyright grounds, without owning the rights to any of the material. It?s safe to say that the DMCA is broadly abused. Thousands of automated notices with hundreds of links each are sent out on a daily basis, turning it into a broad censorship tool. Only the tip of the iceberg is visible to the public thanks to companies like Google who publish some of the notices online. We can only wonder what?s happening behind the scenes at other sites, but it?s not going to be any better. Just a few months ago the cyberlocker service Hotfile sued Warner Bros. for DMCA abuse. In the suit Hotfile accuses the movie studio of systematically abusing its anti-piracy tool by taking down hundreds of titles they don?t hold the copyrights to, including open source software. Not good. While we?re the first to admit that copyright holders need tools to protect their work from being infringed, mistakes and abuse as outlined above shouldn?t go unpunished. The DMCA was never intended to be an overbroad and automated piracy filter in the first place. The above also illustrates why it?s dangerous to allow rightsholders to take entire websites offline, as the SOPA and PIPA bills would allow. The MPAA and RIAA have said many times that legitimate sites would never be affected, but didn?t they say exactly the same about the DMCA? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 4 11:34:22 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Mar 2012 12:34:22 -0500 Subject: [Infowarrior] - Spin this: DOD considering moving JSOC under CIA Message-ID: Not surprising at all..... which reiterates the idea that with a sign of the pen, official 'reality' and 'truth' are redefined. -- rick Pentagon May Put JSOC Under Secretive CIA Control in 2014 Special Ops under CIA control would be considered spies, allowing the White House to claim US troops have been withdrawn by John Glaser, March 03, 2012 http://news.antiwar.com/2012/03/03/pentagon-may-put-jsoc-under-secretive-cia-control-in-2014/ Top Pentagon officials are floating an idea to put elite special operations forces under CIA control in Afghanistan after 2014, sources told The Associated Press. The plan is one of several possible scenarios being considered and has not yet been presented to Secretary of Defense Leon Panetta, the White House, or the relevant congressional oversight committees. If the plan were adopted, the U.S. government would be able to officially say that there are no more troops in Afghanistan, because once the special operations teams are assigned to CIA control they become spies. This would obviously hinder any potential for accountability and transparency, since activities and funding would become classified and journalists or other forms of oversight would not be welcomed. There plan of expanding the role of U.S. special operations forces in Afghanistan in 2014 and beyond has been around for a while. The idea is to keep the occupation going at a smaller scale with elite forces so that the Obama administration can pretend they kept their promises about a withdrawal in 2014. Pentagon spokesman George Little denied the idea is being discussed. ?Any suggestion that such a plan exists is simply wrong,? Little said Saturday. ?United States special operations forces continue to work closely with the intelligence community to confront a range of national security challenges across the world.? But the AP?s sources maintained the idea was being considered. And truthfully, it wouldn?t be a drastic change from current policy. The Obama administration has increased the use of Joint Special Operations Command (JSOC) forces around the world, most notably in Africa where U.S. military interventions occur mostly in the shadows. According to a recent Congressional Research Service report, JSOC forces ?reportedly conduct highly sensitive combat and supporting operations against terrorists on a world-wide basis.? ?Without the knowledge of the American public,? writes historian Nick Turse, ?a secret force within the U.S. military is undertaking operations in a majority of the world?s countries. This new Pentagon power elite is waging a global war whose size and scope has never been revealed.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 4 21:06:51 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 4 Mar 2012 22:06:51 -0500 Subject: [Infowarrior] - Holder expected to explain rationale for targeting U.S. citizens abroad Message-ID: Holder expected to explain rationale for targeting U.S. citizens abroad By Sari Horwitz and Peter Finn, Sunday, March 4, 2:46 PM http://www.washingtonpost.com/world/national-security/holder-expected-to-explain-rationale-for-targeting-us-citizens-abroad/2012/03/04/gIQACz41qR_print.html Attorney General Eric H. Holder Jr. is expected Monday to provide the most detailed explanation yet of the Obama administration?s secret decision-making leading up to the targeted killing of a U.S. citizen last year in Yemen. Holder?s speech Monday afternoon at Northwestern University School of Law in Chicago is the result of months of internal Obama administration deliberations over how much can be made public about the decisions leading up to the strike. He is expected to say that the killing of a terrorist such as American-born Anwar al-Awlaki was legal under the 2001 congressional authorization of the use of military force and that the United States, acting in self-defense, is not limited to traditional battlefields in pursuit of terrorists who present an imminent threat, including U.S. citizens, according to an official briefed on the speech. The official would discuss the address only on the condition of anonymity because it will not be released until shortly before Holder speaks. Awlaki, a U.S. citizen born in New Mexico, was the chief of external operations for al-Qaeda?s affiliate in Yemen, which has attempted a number of terrorist attacks on the United States, according to administration officials. He had been placed on ?kill lists? compiled by the CIA and and the military?s Joint Special Operations Command. Awlaki was killed in September in Yemen in a joint CIA-JSOC drone operation. The Awlaki operation was carried out after the administration requested and received an opinion from the Justice Department?s Office of Legal Counsel saying that targeting and killing U.S. citizens overseas was legal under domestic and international law. The still-classified memo also included intelligence material about his operational role within al-Qaeda?s affiliates in Yemen. Senior Obama administration officials, including John O. Brennan, the president?s counterterrorism adviser, and Harold Koh, the State Department legal adviser, have given speeches that offered a broad rationale for U.S. drone attacks on individuals in al-Qaeda and associated forces. On Feb. 22, Pentagon General Counsel Jeh Johnson gave a speech at Yale Law School, saying that the targeted killing of those suspected of engaging in terrorist activities against the United States, including U.S. citizens, is justified and legal. He did not mention Awlaki by name or the secret CIA drone program. Monday will be the first time that the country?s chief law enforcement official discusses the legal justification for the targeted killing of a U.S. citizen. His remarks will be included in what administration officials are calling a major national security speech. The speech may not mention Awlaki by name, but it is expected to provide a more detailed explanation of the Justice Department?s reasoning. Within the administration, there was some reluctance on the part of the intelligence community to engage with the subject at all publicly. But others argued that the killing of an American citizen by the U.S. government was such an extraordinary event that there had to be some public accounting. Holder?s much-anticipated speech will also outline the Obama administration?s approach to counterterrorism and the rule of law, according to an individual familiar with the address. Holder will discuss the broad new waivers that President Obama issued last week that allow U.S. law enforcement agencies to retain custody of al-Qaeda terrorism suspects rather than turn them over to the military. Holder will also highlight the success of the civilian court system in the prosecutions and convictions of terrorism suspects. One case he will cite as an example is the ?underwear bomber,? Umar Farouk Abdulmutallab, the Nigerian who tried to bring down a U.S. commercial flight on Christmas Day 2009 by detonating a bomb hidden in his underwear. He was sentenced to life in prison last month. Abdulmutallab was arrested by federal law enforcement agents, given his Miranda rights within an hour and processed through the civilian criminal justice system. Some Republican critics argued that Abdulmutallab should never have been advised of his rights to counsel and that the administration should have considered turning him over to the military to continue his interrogation. But administration officials said that they got the intelligence they needed from him immediately and that later he provided further details on al-Qaeda in the Arabian Peninsula. Some of that, including Awlaki?s operational role, was revealed at Abdulmutallab?s sentencing. Prosecutors said Abdulmutallab was acting on the orders of Awlaki, which may have been a critical factor in the legal reasoning in the classified Justice memo justifying his killing. Holder will also discuss the debate over whether terrorism suspects should be tried in federal criminal courts or military commissions. The administration argues that military commissions are appropriate for a small and select group of cases but that they should have the ability to transfer some suspects at Guantanamo Bay, Cuba, to the United States for trial. Congress, however, has blocked such prosecutions. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 5 08:24:27 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Mar 2012 09:24:27 -0500 Subject: [Infowarrior] - Security Forces Will Outnumber Athletes Nearly 4 to 1 at the 2012 London Olympics Message-ID: Security Forces Will Outnumber Athletes Nearly 4 to 1 at the 2012 London Olympics March 5, 2012 in Featured http://publicintelligence.net/security-forces-will-outnumber-athletes-nearly-4-to-1-at-the-2012-london-olympics/ Emergency vehicles gather for Exercise Forward Defensive on March 1, 2012 in preparation for the upcoming Olympic games in London this summer. Photo via Metropolitan Police. Every movement of London?s Olympics will be monitored ? including yours (guardian.co.uk): The 10,500 athletes participating in the London Olympic and Paralympic Games, the world?s greatest celebration of human physical endeavour and progress, will be guarded by a security force of some 40,000. This beats the 3:1 ratio of guards to athletes at the 2010 Vancouver Winter Olympics, as the London Games continues the Olympian trend for record-breaking security contingencies. Indeed the home secretary, Theresa May, only last month crowed that the Games? security would constitute ?the UK?s largest ever peacetime logistical operation?. Never mind the performance of athletes: the Olympics is about government and business delivering security solutions.And it?s a great show. Armed officers from the Metropolitan police and the Royal Marines hammering along the Thames in speedboats and helicopters, ground-to-air missiles scanning the skies, hovering spy drones scanning the land, security services scanning the internet for nascent plots or cyber attacks ? it?s all being co-ordinated by a bevy of Olympic-themed security agencies. The police-led multi-agency National Olympic Coordination Centre co-ordinates the forces to deal with the threats identified in the Olympic Intelligence Centre?s ?national Olympic threat assessments, while the Olympic Clearing House is screening 380,000 people, from athletes to voluntary litter pickers, seeking accreditation for the Games. Meanwhile the UK Borders Agency boasts the UK is to be the first country to welcome arriving athletes by funnelling them up dedicated ?Olympic lanes? at airports for fast-track fingerprinting. Locals are also in the firing line, in subtle, privatised ways. Houseboaters on the River Lea have been priced out of a controlled mooring zone around the Games, while the ?60m Prevent strategy has screened the five Olympic host boroughs for what threat they pose for brewing local extremism, with ?engagement officers? dispatched to each borough. Random security screening has been carried out on cars parked at Stratford City?s Westfield shopping centre, by officers from the staggering 23,700-strong private security contingent of the London Organising Committee of the Olympic and Paralympic Games (LOCOG) and G4S. Westfield isn?t even in the Olympic park, itself a hotbed of embedded biometric scanners and CCTV with automatic facial and behaviour recognition technologies, amid which LOCOG?s forces can search anyone and use ?all available powers? to dispose of troublemakers, particularly anyone caught with anything that could be used ? in a tent. Who LOCOG?s bouncers are accountable to is not clear, but they are backed by 13,500 military reservists, apart from countless police deployments, and international contingents such as up to 1,000 US agents, possibly armed. The Games? security costs exploded from ?282m in 2010 to ?553m by end-of 2011, with another ?475m for policing. Under the host city contract, the chancellor of the exchequer signed a guarantee ?bearing the costs of providing security? ? a blank cheque signed by the taxpayer for Olympic security planning that industry lobby body the British Security Industry Association (BSIA) has proudly been involved with from the outset. Olympic security is booming business. The $1.7bn security budget for the 2004 Athens Games was over four times that of the 2000 Sydney Games, while $6.5bn went on security at the 2008 Beijing Games, mostly going on security technologies supplied by firms like General Electric and Panasonic ? two major sponsors of the London Games. Beijing also saw innovations like armed police zipping around on Segways, or tickets inserted with radio-frequency ID chips to enable the real-time tracking of ticket holders. Olympic and Paralympic Games Blog: Exercise Forward Defensive (met.police.uk): During last week I was one of the 2,500 people put through their paces as part of Exercise Forward Defensive. The exercise aimed to test, from constable through to COBR, how we all responded to a partially exploded bomb on the underground during Games time.Just as athletes prepare to be at the top of their game so must we. As the Met?s Gold Commander on the 7th July 2005 I am only too aware of the genuine value in exercising and testing our responses at every level to incidents such as these. We must all understand how we work together and be reassured that the right people are in the right places. I spent the two days of the exercise in the National Olympic Coordination Centre at New Scotland Yard, attending COBR meetings and meeting with my key people to keep an oversight of what we were all doing to keep London, the UK and Games safe and secure. It was an excellent exercise and throughout the Met, and the other organisations who played, debriefs are taking place to make sure we get what learning we can. This week I?ve been down to Eton Dorney with the Home Secretary and Thames Valley Police Gold John Turnbull to look at the venue and police security plans for the rowing, Paralympic rowing and the canoe sprint. For the last two days I?ve been with police colleagues from across the country, being updated on Gold plans from across the 12 venue forces and briefing my national colleagues on where we are with Games safety and security planning. With only 148 days until the opening ceremony of the Olympic Games we are in a good place to deliver what will be the Police Service?s biggest ever peacetime safety and security operation. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 5 08:38:49 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Mar 2012 09:38:49 -0500 Subject: [Infowarrior] - Blast it or paint it: Asteroid to threaten Earth in 2013 Message-ID: <9EDF6692-FCB0-4B77-80B1-C9FC00849081@infowarrior.org> Blast it or paint it: Asteroid to threaten Earth in 2013 Get short URL email story to a friend print version Published: 03 March, 2012, 22:32 Edited: 05 March, 2012, 03:33 http://rt.com/news/paint-asteroid-earth-nasa-767/ A dangerous asteroid heading to the Earth was spotted by stargazers three years after it had got onto its current orbit To avert a possible catastrophe ? this time set for February 2013 ? scientists suggest confronting asteroid 2012 DA14 with either paint or big guns. The stickler is that time has long run out to build a spaceship to carry out the operation. NASA's data shows the 60-meter asteroid, spotted by Spanish stargazers in February, will whistle by Earth in 11 months. Its trajectory will bring it within a hair?s breadth of our planet, raising fears of a possible collision. The asteroid, known as DA14, will pass by our planet in February 2013 at a distance of under 27,000 km (16,700 miles). This is closer than the geosynchronous orbit of some satellites. There is a possibility the asteroid will collide with Earth, but further calculation is required to estimate the potential threat and work out how to avert possible disaster, NASA expert Dr. David Dunham told students at Moscow?s University of Electronics and Mathematics (MIEM). ?The Earth?s gravitational field will alter the asteroid?s path significantly. Further scrupulous calculation is required to estimate the threat of collision,? said Dr. Dunham, as transcribed by Russia?s Izvestia. ?The asteroid may break into dozens of small pieces, or several large lumps may split from it and burn up in the atmosphere. The type of the asteroid and its mineral structure can be determined by spectral analysis. This will help predict its behavior in the atmosphere and what should be done to prevent the potential threat,? said Dr. Dunham. In the event of a collision, scientists have calculated that the energy released would equate to the destructive power of a thermo-nuclear bomb. In response to the threat, scientists have come up with some ingenious methods to avert a potential disaster. Fireworks and watercolors With the asteroid zooming that low, it will be too late to do anything with it besides trying to predict its final destination and the consequences of impact. A spaceship is needed, experts agree. It could shoot the rock down or just crash into it, either breaking the asteroid into debris or throwing it off course. ?We could paint it,? says NASA expert David Dunham. Paint would affect the asteroid?s ability to reflect sunlight, changing its temperature and altering its spin. The asteroid would stalk off its current course, but this could also make the boulder even more dangerous when it comes back in 2056, Aleksandr Devaytkin, the head of the observatory in Russia?s Pulkovo, told Izvestia. Spaceship impossible? Whatever the mission, building a spaceship to deal with 2012 DA14 will take two years ? at least. The asteroid has proven a bitter discovery. It has been circling in orbit for three years already, crossing Earth?s path several times, says space analyst Sergey Naroenkov from the Russian Academy of Sciences. It seems that spotting danger from outer space is still the area where mere chance reigns, while asteroid defense systems exist only in drafts. Still, prospects of meeting 2012 DA14 are not all doom and gloom. ?The asteroid may split into pieces entering the atmosphere. In this case, most part of it will never reach the planet?s surface,? remarks Dunham. But if the entire asteroid is to crash into the planet, the impact will be as hard as in the Tunguska blast, which in 1908 knocked down trees over a total area of 2,150 sq km (830 sq miles) in Siberia. This is almost the size of Luxembourg. In today?s case, the destination of the asteroid is yet to be determined. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 5 17:49:55 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 5 Mar 2012 18:49:55 -0500 Subject: [Infowarrior] - A perpetual state of war ... makes it so convenient Message-ID: <52EDD15F-98D5-48A8-91AF-DCFA5A520FD5@infowarrior.org> For anyone thinking otherwise, don't expect the US to terminate its post-9/11 state of war/national emergency anytime soon. It makes it so easy to do all sorts of things, from enacting controversial legislation, restrict Constitutional Privileges for citizens, get extra funding for such programs, or, as the AG said today, kill citizen-enemies of the State. -- rick Holder: U.S. can lawfully target American citizens http://www.washingtonpost.com/world/national-security/holder-us-can-lawfully-target-american-citizens/2012/03/05/gIQANknFtR_print.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 6 08:06:08 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Mar 2012 09:06:08 -0500 Subject: [Infowarrior] - LV, meet UPenn Message-ID: <70874127-A1B8-4757-85C3-C022BFF9AB1D@infowarrior.org> Louis Vuitton's International Tour Of Trademark Bullying Runs Smack Dab Into UPenn Law School Who Explains Trademark Law In Return http://www.techdirt.com/articles/20120305/02351917976/louis-vuittons-international-tour-trademark-bullying-runs-smack-dab-into-upenn-law-school-who-explains-trademark-law-return.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 6 10:19:01 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Mar 2012 11:19:01 -0500 Subject: [Infowarrior] - =?windows-1252?q?Uncle_Sam=3A_If_It_Ends_in_=2ECo?= =?windows-1252?q?m=2C_It=92s_=2ESeizable?= Message-ID: <4C977096-8DA8-4073-A668-811D91B6BB02@infowarrior.org> Uncle Sam: If It Ends in .Com, It?s .Seizable ? By David Kravets ? http://www.wired.com/threatlevel/2012/03/feds-seize-foreign-sites/ ? March 6, 2012 | ? 6:30 am | ? Categories: intellectual property, politics When U.S. authorities shuttered sports-wagering site Bodog.com last week, it raised eyebrows across the net because the domain name was registered with a Canadian company, ostensibly putting it beyond the reach of the U.S. government. Working around that, the feds went directly to VeriSign, a U.S.-based internet backbone company that has the contract to manage the coveted .com and other ?generic? top-level domains. EasyDNS, an internet infrastructure company, protested that the ?ramifications of this are no less than chilling and every single organization branded or operating under .com, .net, .org, .biz etc. needs to ask themselves about their vulnerability to the whims of U.S. federal and state lawmakers.? But despite EasyDNS and others? outrage, the U.S. government says it?s gone that route hundreds of times. Furthermore, it says it has the right to seize any .com, .net and .org domain name because the companies that have the contracts to administer them are based on United States soil, according to Nicole Navas, an Immigration and Customs Enforcement spokeswoman. The controversy highlights the unique control the U.S. continues to hold over key components of the global domain name system, and rips a Band-Aid off a historic sore point for other nations. A complicated web of bureaucracy and Commerce Department-dictated contracts signed in 1999 established that key domains would be contracted out to Network Solutions, which was acquired by VeriSign in 2000. That cemented control of all-important .com and .net domains with a U.S. company ? VeriSign ? putting every website using one of those addresses firmly within reach of American courts regardless of where the owners are located ? possibly forever. The government, Navas said, usually serves court-ordered seizures on VeriSign, which manages domains ending in .com, .net, .cc, .tv and .name, because ?foreign-based registrars are not bound to comply with U.S. court orders.? The government does the same with the non-profit counterpart to VeriSign that now manages the .org domain. That?s the Public Interest Registry, which, like VeriSign, is based in Virginia. Such seizures are becoming commonplace under the Obama administration. For example, the U.S. government program known as Operation in Our Sites acquires federal court orders to shutter sites it believes are hawking counterfeited goods, illegal sports streams and unauthorized movies and music. Navas said the U.S. government has seized 750 domain names, ?most with foreign-based registrars.? VeriSign, for its part, said it is complying with U.S. law. ?VeriSign responds to lawful court orders subject to its technical capabilities,? the company said in a statement. ?When law enforcement presents us with such lawful orders impacting domain names within our registries, we respond within our technical capabilities.? VeriSign declined to entertain questions about how many times it has done this. It often complies with U.S. court orders by redirecting the DNS (Domain Name System) of a domain to a U.S. government IP address that informs online visitors that the site has been seized (for example, ninjavideo.net.) ?Beyond that, further questions should be directed to the appropriate U.S. federal government agency responsible for the domain name seizure,? the company said. The Public Interest Registry did not immediately respond for comment. Bodog.com was targeted because federal law generally makes it illegal to offer online sports wagering and to payoff online bets in the United States, even though online gambling isn?t illegal globally. Bodog.com was registered with a Canadian registrar, a VeriSign subcontractor, but the United States shuttered the site without any intervention from Canadian authorities or companies. Instead, the feds went straight to VeriSign. It?s a powerful company deeply enmeshed in the backbone operations of the internet, including managing the .com infrastructure and operating root name servers. VeriSign has a cozy relationship with the federal government, and has long had a contract from the U.S. government to help manage the internet?s ?root file? that is key to having a unified internet name system. Still, the issue of the U.S.?s legal dominion claim over all .com domains wasn?t an issue in the January seizure of the domain of megaupload.com, which is implicated in one of the largest criminal copyright cases in U.S. history. Megaupload.com was registered in the United States with a registrar based in Washington state. The United States would have won even more control over the internet with the Stop Online Piracy Act and the Protect IP Act. But the nation?s biggest online protest ever scuttled the measures, which would have allowed the government to force internet service providers in the U.S. to prevent Americans from being able to visit or find in search engines websites that the U.S. government suspected violated U.S. copyright or trademark law. But as the Justice Department demonstrated forcefully with the takedown of Megaupload, just a day after the net?s coordinated anti-SOPA protest, it still has powerful weapons to use, despite the deaths of SOPA and PIPA. So how does International Corporation for Assigned Names and Numbers, the global body that oversees the domain-naming system, feel about the U.S. government?s actions? ICANN declined comment and forwarded a 2010 blog post from it?s chief Rod Beckstrom, who said ICANN has ?no involvement in the takedown of any website.? ICANN, a non-profit established by the U.S., has never awarded a contract to manage the .com space to a company outside the United States ? in fact VeriSign has always held it ? despite having a contentious relationship with ICANN that?s involved a protracted lawsuit. But, due to contract terms, VeriSign is unlikely to ever lose control over the immensely economically valuable .com handle. ICANN is also seeking to distance itself from the U.S. government by being more inclusive, including allowing domain names in a range of written, global languages,ending the exclusivity of the Latin alphabet in top-level domains. Still, many outside the United States, like China, India and Russia, distrust ICANN and want control of the net?s naming system to be turned over to an organization such as the International Telecommunications Union, an affiliate of the United Nations. Last year, Russian Prime Minister Vladimir Putin met with Hamadoun Toure, the ITU?s chief, and said he wanted international control over the internet ?using the monitoring capabilities of the International Telecommunication Union.? ?If we are going to talk about the democratization of international relations, I think a critical sphere is information exchange and global control over such exchange,? Putin said, according to a transcript from the Russian government. Just last week, Robert McDowell, a Federal Communications Commission commissioner, blasted such an idea. ?If successful, these efforts would merely imprison the future in the regulatory dungeon of the past,? he said. ?Even more counterproductive would be the creation of a new international body to oversee internet governance.? ICANN was established in 1998 by the Clinton administration, and has been under global attack to internationalize the control of the Domain Name System ever since. AUnited Nations working group in 2005 concluded that ?no single government should have a pre-eminent role in relation to international internet governance.? But those pressures don?t seem to have registered with President Barack Obama?s Justice Department. Hollywood was a big donor to Obama, and Obama reciprocated by naming at least five former Recording Industry Association of America attorneys to posts in the Justice Department, which has been waging a crackdown on internet piracy. The Justice Department is looking for even more money in next year?s budget to hire more intellectual-property prosecutors. Without SOPA or PIPA, the Justice Department lacks any mechanism to prevent Americans from visiting sites that are on a domain not controlled by a U.S. corporation. Knowing that, the world?s leading BitTorrent site, The Pirate Bay, recently switched its main site from a .org domain to .se, the handle for Sweden. The Pirate Bay?s lead is unlikely to be followed by the millions of non-U.S. companies that rely on .com, which remains the net?s beachfront real estate, even if it is subject to being confiscated by the U.S. But it is possible that the U.S. government?s big-footing over dot-com domains in the name of fighting copyright could add more weight to the arguments of those who want to put the U.N. in charge of the internet?s naming system. While that?s not inevitably a bad thing, it could lead to a world where any .com might be seizable by any country, including Russia, Libya and Iran. Still, don?t expect Uncle Sam to give up its iron grip on .com without a fight. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 6 10:25:13 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Mar 2012 11:25:13 -0500 Subject: [Infowarrior] - Fwd: LulzSec nailed References: <20120306162434.GF6484@reznor.com> Message-ID: <182105F8-986F-49B7-921C-DD0311000697@infowarrior.org> c/o AJR Begin forwarded message: > http://www.foxnews.com/scitech/2012/03/06/hacking-group-lulzsec-swept-up-by-law-enforcement/ > > "EXCLUSIVE: Law enforcement agents on two continents swooped in on top members of the infamous computer hacking group LulzSec > early this morning, and acting largely on evidence gathered by the organization?s brazen leader -- who sources say has been > secretly working for the government for months -- arrested three and charged two more with conspiracy. > > Charges against four of the five were based on a conspiracy case filed in New York federal court, FoxNews.com has learned. An > indictment charging the suspects, who include two men from Great Britain, two from Ireland and an American in Chicago, is > expected to be unsealed Tuesday morning in the Southern District of New York." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 6 13:21:28 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Mar 2012 14:21:28 -0500 Subject: [Infowarrior] - All Your Internets Belong to US, Continued: The Bodog.com Case Message-ID: <73E6DCFE-378C-4428-9B49-CCB4EA678FD2@infowarrior.org> All Your Internets Belong to US, Continued: The Bodog.com Case Tuesday March 06, 2012 http://www.michaelgeist.ca/content/view/6359/135/ Imagine a scenario in which a country enacts a law that bans the sale of asbestos and includes the power to seize the assets of any company selling the product anywhere in the world. The country tests the law by obtaining a court order to seize key assets of a Canadian company, whose operations with hundreds of employees takes a major hit. The Canadian government is outraged, promising to support the company in its efforts to restore its operations. That is the opening of my technology law column this week (Toronto Star version, homepage version) which continues by noting this scenario became reality last week, though the product was not asbestos and the Canadian government has yet to respond. The case involves Bodog.com, a Canadian-owned online sports gaming site and the country doing the seizing was the United States. Supporting online gaming operations will undoubtedly make governments somewhat squeamish, but the broader implications of last week?s seizure touch on millions of websites and Internet companies who now find themselves subject to U.S. jurisdiction. Bodog.com and its owner, Canadian Calvin Ayre, was one of the world?s largest sports gambling operations, employing hundreds of people in Canada and Costa Rica. Last November, its free gaming site, Bodog.net, signed a three-year sponsorship deal with the Canadian Football League. The U.S. has been particularly aggressive about trying to shut down online gambling operations (Las Vegas and Atlantic City are apparently less of a problem), though typically those operations have some U.S. connection. In the Bodog.com case, U.S. officials targeted a site with limited connections to the country as the site had licensed out the bodog.com domain name in 2006 and stopped accepting U.S. bettors late last year. The legal issues surrounding its operations will be played out in court, but the manner in which the bodog.com name was seized could have a lasting impact on Internet governance. The domain name was registered in Canada with Vancouver-based DomainClip. In past years, registering a domain name with a non-U.S. registrar and avoiding U.S. servers was viewed as sufficient to fall outside U.S. jurisdiction. This is because a court order requiring the domain name registrar to transfer ownership of the domain (or redirect the site) was only enforceable in the jurisdiction in which it was issued. No longer. In the Bodog.com case, State of Maryland prosecutors were able to obtain a warrant ordering Verisign, the company that manages the dot-com domain name registry, to redirect the website to a warning page advising that it has been seized by the U.S. Department of Homeland Security. The message from the case is clear: all dot-com, dot-net, and dot-org domain names are subject to U.S. jurisdiction regardless of where they operate or where they were registered. This grants the U.S. a form of ?super-jurisdiction? over Internet activities since most other countries are limited to jurisdiction with a real and substantial connection. For the U.S., the location of the domain name registry is good enough. The aggressive assertion of Internet jurisdiction was one of the key concerns with the Stop Online Piracy Act (SOPA), the controversial bill that died following a massive online protest in January. It simply defined any domain name with a registrar or registry in the U.S. as domestic for U.S. law purposes. The bodog.com case suggests that the provision was not changing the law as much as restating it, since U.S. prosecutors and courts follow much the same approach. In an era when governments are becoming increasingly active in regulating online activities, the Bodog.com case provides a warning that by using popular dot-com domain names, companies and registrants are effectively opting-in to U.S. law and courts as part of the package. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 6 13:22:36 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Mar 2012 14:22:36 -0500 Subject: [Infowarrior] - Michelangelo Virus Scare turns 20 today Message-ID: <6A76422B-D504-473B-B696-690451106874@infowarrior.org> Memories of the Michelangelo virus http://nakedsecurity.sophos.com/2012/03/05/michelangelo-virus/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 6 14:14:01 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Mar 2012 15:14:01 -0500 Subject: [Infowarrior] - =?windows-1252?q?Warner_Bros=2E_Embarrasses_Self?= =?windows-1252?q?=2C_Everyone=2C_With_New_=93Disc-to-Digital=94_Program?= Message-ID: <0370497B-7135-4892-B193-E6F36A312FD4@infowarrior.org> Warner Bros. Embarrasses Self, Everyone, With New ?Disc-to-Digital? Program [1] By Michael Weinberg [2] | March 05, 2012 http://www.publicknowledge.org/print/6657 In an announcement [9] that was either an inspired piece of Yes Men [10]-esque performance art or a stunning example of corporate myopia, last week Warner Home Entertainment Group President Kevin Tsujihara discussed a new DVD digitization service called ?disc-to-digital.? The program, which would have merely been ill-advised had it been announced ten years ago, today stands as a testament to the ability of movie studios to blind themselves to reality. The entire program is designed to give consumers a way to take movies they already own on DVD and turn them into more portable digital files. If this entire thing sounds familiar, that may be because it is exactly what Public Knowledge is currently petitioning the Copyright Office to let people do on their own [11]. It may also sound familiar because this is exactly what people have been doing with music on CDs since the Clinton Administration. As reported by the LA Times [9], the first phase in this process is to let DVD owners bring their DVDs to a store that will handle the digital conversion. Tsujihara described this process as allowing consumers to convert their libraries ?easily, safely and at reasonable prices.? You did read that last paragraph correctly. The head of Warner Home Entertainment Group thinks that an easy, safe way to convert movies you already own on DVD to other digital formats is to take your DVDs, find a store that will perform this service, drive to that store, find the clerk who knows how to perform the service, hope that the ?DVD conversion machine? is not broken, stand there like a chump while the clerk ?safely? converts your movie to a digital file that may only play on studio-approved devices, drive home, and hope everything worked out. Oh, and the good news is that you would only need to pay a reasonable (per-DVD?) price for this pleasure. To be fair, this plan is easy, safe (safe?), and reasonably priced compared to the movie studio?s current offer to people who want to take movies they own on DVD and turn them into a digital file to watch on, say, their iPad. That offer is a lawsuit, because personal copying of a movie on DVD requires circumventing DRM, which is a violation of the Digital Millennium Copyright Act (DMCA) [12]. Furthermore, right now all of the major studios are arguing passionately [13] (pdf) to stop the Copyright Office from granting a exemption that would make personal space shifting of movies on DVD legal. Try to picture the real alternative to this hokum ? people making their own copies of their movies at home. Luckily you won?t have to use your imagination too much because people making their own copies of media they own is exactly what people do with their CDs. They download a free program, make a copy of the CD at home, put the MP3 files on whatever device they want, and go on with their lives. Of course, the movie studios would prefer to control this process. Although they may pay some lip service to wanting to prevent piracy ? a claim that is undermined by the fact that they argue in any forum available that piracy of motion pictures is already rampant ? it really is about charging customers again. Why let customers make legitimate personal copies of movies they own at home when you could charge them to do it at a store? So we are left hoping that Kevin Tsujihara is on the wrong end of a trick played by some junior executive being let go for greenlighting a remake of Arthur. Because if the top brass at a major studio think that this is what providing a great service to consumers looks like, we are a long way from figuring this whole ?digital movie? thing out. This work is licensed under a Creative Commons Attribution-Share Alike 3.0 License. Copyright ? 2009: Public Knowledge | Privacy Policy | Contact Us Social network icons by Komodo Media and Deleket.com Source URL: http://www.publicknowledge.org/blog/warner-bros-embarrasses-self-everyone-new-%E2%80%9Cdi Links: [1] http://www.publicknowledge.org/blog/warner-bros-embarrasses-self-everyone-new-%E2%80%9Cdi [2] http://www.publicknowledge.org/user/2258 [3] http://www.publicknowledge.org/tag/copyright [4] http://www.publicknowledge.org/tag/copyright-office [5] http://www.publicknowledge.org/tag/dmca [6] http://www.publicknowledge.org/tag/fair-use [7] http://www.publicknowledge.org/tag/intellectual-property [8] http://www.publicknowledge.org/tag/piracy [9] http://latimesblogs.latimes.com/entertainmentnewsbuzz/2012/02/billions-of-dvds-headed-to-digital-cloud-says-warners-kevin-tsujihara.html [10] http://theyesmen.org/ [11] http://www.publicknowledge.org/blog/no-really-you-should-be-able-rip-your-dvds [12] http://www.publicknowledge.org/blog/help-make-it-legal-rip-your-dvds [13] http://www.copyright.gov/1201/2012/comments/Steven_J._Metalitz.pdf --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 6 18:33:12 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Mar 2012 19:33:12 -0500 Subject: [Infowarrior] - Rep Issa Posts Text Of 'Unconstitutional' ACTA For Open Feedback; Something USTR Never Did Message-ID: <5FBA3E6F-0B2B-4B44-91B7-8E09953FE090@infowarrior.org> Darrell Issa Posts Text Of 'Unconstitutional' ACTA For Open Feedback; Something USTR Never Did from the well-look-at-that dept We've been really impressed (though we can see where it needs improvements in its next version) with the "Madison" platform that Rep. Darrell Issa put up to allow for open feedback and comments concerning the OPEN Act. And it appears he's not done using that platform, either. He's now posted the text of ACTA to the same platform to ask for feedback and comments. It comes with an initial statement showing that he's very concerned about the nature of ACTA (I believe this is the first time Issa has spoken out against ACTA: < - > http://www.techdirt.com/articles/20120306/10253718001/darrell-issa-posts-text-unconstitutional-acta-open-feedback-something-ustr-never-did.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 6 20:36:11 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 6 Mar 2012 21:36:11 -0500 Subject: [Infowarrior] - Civil libertarians slam McCain cybersecurity bill Message-ID: Civil libertarians slam McCain cybersecurity bill By Joseph Menn | Reuters ? 6 hours ago http://ca.news.yahoo.com/civil-libertarians-slam-mccain-cybersecurity-bill-202619424.html SAN FRANCISCO (Reuters) - A cybersecurity bill introduced by Republican Senator John McCain could dramatically expand the domestic reach of U.S. intelligence agencies and potentially give them massive troves of emails, civil liberties advocates said. "This is a privacy nightmare that will eventually result in the military substantially monitoring the domestic, civilian Internet," said Michelle Richardson of the American Civil Liberties Union. Unlike the Democratic-led alternative supported by Majority Leader Harry Reid, the McCain bill stresses voluntary information sharing instead of regulation of critical industries by the Department of Homeland Security. McCain's bill was introduced last week. But the types of information that could be shared are broad, and the data would go to "cybersecurity centers" that specifically include the National Security Agency's Threat Operations Center and the U.S. Cyber Command Joint Operations Center. McCain spokesman Brian Rogers said such concerns were both overblown and premature. "Senator McCain's priority in crafting this bill has been to make sure it strengthens our security while continuing to safeguard the privacy of consumers," Rogers said. "He remains open to addressing legitimate concerns as this process moves forward." The bill says private companies such as Internet service providers could send the defense agencies evidence such as "network activity or protocols known to be associated with a malicious cyber actor or that may signify malicious intent." Neither "network activity" nor "malicious intent" are defined in the bill, and they could theoretically encompass ordinary emails containing legal protest speech, the ACLU's Richardson said. "It does appear it includes a hole through which the NSA may be able to drive a freight train," blogged Jerry Britto, a senior research fellow at George Mason University's Mercatus Center and an adjunct law professor at the university. A staffer working on the bill who spoke on condition he not be named said nothing in the legislation would allow sharing of emails that did not pertain to attacks on information security systems and that acts of civil disobedience would be off-limits. As troubling to civil libertarians as the scope of the data are the destination agencies and the lack of recourse. Companies that tip off federal officials would be protected from lawsuits and criminal charges over what they pass along. "It is absolutely critical that if the government wants to collect information, it go through a civilian agency," said the ACLU's Richardson. A Senate aide, speaking on condition of anonymity, said the Senate is unlikely to pass either the McCain bill or the Democratic version and that talks on a possible compromise could begin in the coming weeks. President Obama's proposed legislation, like the omnibus bill Reid wants, would leave DHS in charge of cybersecurity. DHS could ask for help from the NSA, but would be subject to closer oversight than actions led by the NSA and other parts of the Defense Department. McCain last month said he wanted the NSA to be more involved, and the agency is seen as having greater defensive and offensive capability. Under his bill, which was co-authored by seven other Republicans, the cybersecurity centers could use the information they get to investigate crime and for "a national security purpose." A national security purpose "is about as broad as you could be," said Jim Dempsey, vice president of the nonprofit Center for Democracy & Technology, who also faulted other terms in the bill. "We thought this was an issue that was close to consensus and close to a positive resolution, but seeing the direction this Senate bill went in, I'm more pessimistic now. It runs a real risk of dragging down the whole concept of information sharing." The NSA has powerful eavesdropping tools and is ordinarily barred from turning them on U.S. persons not suspected of working for foreign powers. A law that gave the major U.S. telephone carriers immunity for past cooperation with the agency permits greater surveillance with approval of a court that meets in secret. Richard Clarke, a former top counter-terrorism and cybersecurity official in previous administrations, said that putting the NSA in charge was nonsensical. "NSA or Cyber Command can't be the face of the government effort," Clarke said. "Why are we having this controversy?" Former NSA and CIA director Michael Hayden also said the NSA could use its capability under DHS leadership. Though Reid has said he wants to bring the other bill to floor for a debate and vote as soon as this month, he may not be able to muster 60 votes to force the issue. McCain's alternative is seen as a prelude to talks to see if a consensus is possible. "It is going to take some negotiation in the coming weeks, but people are working around the clock," Richardson said. A number of cybersecurity bills, generally with a narrower focus, are also pending in the House of Representatives. (Editing by Eric Walsh) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 7 07:27:58 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Mar 2012 08:27:58 -0500 Subject: [Infowarrior] - Blogger shows how to get ANYTHING through TSA body scanners Message-ID: How to get ANYTHING through TSA nude body scanners: Blogger exposes loophole in $1billion fleet By Lee Moran Last updated at 1:09 PM on 7th March 2012 Controversial nude body scanners used at U.S. airports have come under fire again - after a blogger claimed he could easily smuggle explosives through them onto a plane. Engineer Jonathan Corbett has published a video where he shows how he took a small metal case through two of the TSA's $1billion fleet in a special side pocket stitched into his shirt. This is because, he suggests, the scanners blend metallic areas into the dark background - so if an object is not directly placed on the body, it will not show up on the scan. The metallic box, he claims, would have set off an alarm had he passed through the old detecting system. His revelation comes just weeks after Europe banned the 'airport strip-searches' over fears the X-ray technology could cause cancer. MailOnline has decided not to publish the video because it details exactly how to circumvent the safety procedure - but it is freely available to watch online. Corbett, standing in his living room as he speaks to the camera in the video for his 'TSA Out of Our Pants' blog, acknowledges the technique could be used by terrorists. But he believes they would already know about the loophole, and took the steps to show 'how much danger the Transportation Security Administration (TSA) is putting all us all in'. < - > http://www.dailymail.co.uk/news/article-2111417/TSA-nude-body-scanners-Jonathan-Corbett-video-exposes-loophole.html From rforno at infowarrior.org Wed Mar 7 08:49:17 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Mar 2012 09:49:17 -0500 Subject: [Infowarrior] - Appeals Court: Cops can search cellphones w/o warrant Message-ID: Police Given Direct Line To Cell Phone Searches March 6, 2012 10:02 PM http://dfw.cbslocal.com/2012/03/06/police-given-direct-line-to-cell-phone-searches/ DALLAS (CBSDFW.COM) ? Think about all the personal information we keep in our cell phones: It?s something to consider after the U.S. Court of Appeals for the 7th Circuit ruled it is now legal for police to search cell phones without a warrant. Former Dallas FBI Agent Danny Defenbaugh said the ruling gives law enforcement a leg up. ?I think not only will it help them, but it could be life saving,? said the former Special Agent, who was based in Dallas. The decision stems from an Indiana case where police arrested a man for dealing drugs. An officer searched the suspect?s cell phone without warrant. The judge in the appeal case, Judge Richard Posner, agreed that the officer had to search the phone immediately or risk losing valuable evidence. Judge Posner ruled it was a matter of urgency, arguing it was possible for an accomplice to wipe the phone clean using a computer or other remote device. Defenbaugh says the ruling takes into account exigent or time-sensitive circumstances that could be life saving in more urgent cases, such as child abduction. ?If the child is alive and you?re only minutes behind, that could be critical to recovering that child alive,? added Defenbaugh. Paul Coggins is the former U.S. Attorney for the Northern District of Texas. Coggins says the court?s ruling pushes the envelope on privacy issues. ?Does that mean officers now have the right to search through your phone, search through your search history, your photographs, your e-mails and the rest, because it could all be wiped clean,? asked Coggins. Many critics are asking the same question. They call the ruling an invasion of privacy that far outweighs the needs of law enforcement. Both Defenbaugh and Coggins agree that the case is likely to go to the U.S. Supreme court. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 7 09:43:22 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Mar 2012 10:43:22 -0500 Subject: [Infowarrior] - more on: TSA Scanner bypass (transcript) Message-ID: <03B83608-1E07-4C7F-8911-4550AEC9E052@infowarrior.org> Seems YouTube's restricted the video, but there's a good transcript below (Link#2), and you can still see it for now @ Link#1 1) http://consumerist.com/2012/03/man-claims-you-can-beat-tsa-scanners-by-placing-contraband-along-the-side-of-your-body.html 2) http://tsaoutofourpants.wordpress.com/2012/03/06/1b-of-nude-body-scanners-made-worthless-by-blog-how-anyone-can-get-anything-past-the-tsas-nude-body-scanners/ I?m publishing this video because I want the world to know how much danger the American Transportation Security Administration is putting all us all in with their haste to deploy the expensive, invasive nude body scanner program. When the machines came out, we were told that the invasion on our privacy, doses of radiation, and trashing of our Constitution were necessary because the old metal detectors weren?t good enough. That ?non-metallic explosives? were a threat, even though no one has boarded a plane in the US with any type of explosive in nearly 40 years. But while America was testing these devices, Rafi Sela, who ran security for Ben Gurion airport in Israel, which is known for being one of the most secure airports in the world, was quoted saying he could ?overcome the body scanners with enough explosives to take down a Boeing 747,? and Ben Gurion therefore refused to buy scanners. The US ignored this warning, and Mr. Sela never publicly explained his statement. But it stuck with me. As a scientist, engineer, and frequent traveler, as well as the first person to sue the TSA when they rolled out the scanners as primary in Nov. 2010, I studied and learned about both kinds of scanners currently in use by the TSA. Here are several images produced by TSA nude body scanners. You?ll see that the search victim is drawn with light colors and placed on a black background in both images. In these samples, the individuals are concealing metallic objects that you can see as a black shape on their light figure. Again that?s light figure, black background, and BLACK threat items. Yes that?s right, if you have a metallic object on your side, it will be the same color as the background and therefore completely invisible to both visual and automated inspection. It can?t possibly be that easy to beat the TSA?s billion dollar fleet of nude body scanners, right? The TSA can?t be that stupid, can they? Unfortunately, they can, and they are. To put it to the test, I bought a sewing kit from the dollar store, broke out my 8th grade home ec skills, and sewed a pocket directly on the side of a shirt. Then I took a random metallic object, in this case a heavy metal carrying case that would easily alarm any of the ?old? metal detectors, and walked through a backscatter x-ray at Fort Lauderdale-Hollywood International Airport. On video, of course. While I?m not about to win any videography awards for my hidden camera footage, you can watch as I walk through the security line with the metal object in my new side pocket. My camera gets placed on the conveyer belt and goes through its own x-ray, and when it comes out, I?m through, and the object never left my pocket. Maybe a fluke? Ok, let?s try again at Cleveland-Hopkins International Airport through one of the TSA?s newest machines: a millimeter wave scanner with automated threat detection built-in. With the metallic object in my side pocket, I enter the security line, my device goes through its own x-ray, I pass through, and exit with the object without any complaints from the TSA. While I carried the metal case empty, by one with mal-intent, it could easily have been filled with razor blades, explosives, or one of Charlie Sheen?s infamous 7 gram rocks of cocaine. With a bigger pocket, perhaps sewn on the inside of the shirt, even a firearm could get through. It?s important to note that any metal object of any size can use this technique. ?and I don?t urge you to try to bring contraband through security, as the nude body scanners often have false positives: so while the metal on your side might get through, a button on your shirt or a sweaty armpit might ?look suspicious? and earn you a pat down anyway. Now, I?m sure the TSA will accuse me of aiding the terrorists by releasing this video, but it?s beyond belief that the terrorists haven?t already figured this out and are already plotting to use this against us. It?s also beyond belief that the TSA did not already know everything I just told you, and arrogantly decided to disregard our safety: anything to force Americans to give up our liberty to the federal government and our tax dollars to companies that are in bed with that government. The nude body scanner program is nothing but a giant fraud, which should come as no surprise after the Fast & Furious scandal that sent thousands of guns to Mexican drug cartels and cost a Customs and Border Patrol agent his life. THIS is a disgrace. So let?s fix this problem ? now ? before the terrorists take this opportunity to hurt us: the TSA must immediately end the nude body scanner program, and return to the tried-and-true metal detectors that actually work, and work without invading our privacy, as well as implement better solutions for non-metallic explosives, such as bomb-sniffing dogs and trace detection machines. The TSA is worse than ineffective: they are an epic fail placing us all in danger. Beyond the scanners, Demand of your legislators and presidential candidates that they get rid of this $8B a year waste known as the TSA and privatize airport security. Ask for their commitment to our rights in exchange for your vote. And no matter which party is in the White House or holds on to Capital Hill, the issue of ending TSA abuse is of interest to all Americans; it?s NOT a partisan issue. We must all stand together and demand an end to the organization that molests our families while placing us in danger by directly ignoring blatant security flaws. Thank you. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 7 11:18:21 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Mar 2012 12:18:21 -0500 Subject: [Infowarrior] - Judge blocks UC Davis pepper-spraying report Message-ID: <29A54A15-E6AC-404E-BFB9-4F7DF7B5E4B4@infowarrior.org> (c/o JH) Judge blocks UC Davis pepper-spraying report By Larry Gordon, Los Angeles Times March 7, 2012 http://www.latimes.com/news/local/la-me-0307-pepper-spray-20120307,0,144818.story An Alameda County Superior Court judge Tuesday temporarily blocked the release of a University of California investigative report about the controversial pepper-spraying of UC Davis student protesters by campus police in November. Judge Evelio Grillo's ruling in an Oakland courtroom came at the request of the UC police union. The Federated University Police Officers Assn. contends that state law forbids public disclosure of such information as the names of UC Davis campus police officers involved in the spraying incident and personnel information garnered from interviews with them. The matter is scheduled to return to court on March 16 for a hearing on whether the temporary restraining order should be dropped or a permanent injunction granted. Police union attorney John Bakhit said he was not seeking to squelch the entire report about the police tactics, which was written by a task force chaired by former state Supreme Court Justice Cruz Reynoso with help from a security consulting firm headed by former Los Angeles police Chief William J. Bratton. But Bakhit said he wanted UC to cut out the portions containing what he said appeared to be confidential personnel information that he likened to a patient's hospital records. Even though the names of two of the officers are widely known and have appeared in media reports, other information about them has not been disclosed and other officers have not been identified, he added. He described Tuesday's ruling as "the right thing in the interest of caution." The judge also ordered UC to turn over a copy of the report to Bakhit, who had not seen it previously, and warned him not to reveal its contents and not to show it to any of the officers involved in the case. The report was scheduled to be released Tuesday online and at an afternoon public forum at UC Davis. However, administrators canceled those plans Monday after learning of the police union's request for the restraining order. UC general counsel Charles Robinson said he was disappointed with the court order but stressed that the judge did not rule on the merits of the arguments. "We look forward to the next round, and we will fight vigorously in court to ensure that the task force report sees public light as soon as possible," Robinson said in a statement. Last month, UC Davis students and alumni who were pepper-sprayed or allegedly roughed up by campus police in the Nov. 18 incident filed a federal lawsuit against campus administrators and police, alleging that their civil rights were violated. A video showing an officer spraying the seated demonstrators at close range triggered national outrage and debate about police tactics against Occupy movement protests. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 7 11:52:36 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Mar 2012 12:52:36 -0500 Subject: [Infowarrior] - DHS SMS Trigger Watchwords Message-ID: <2D7F8564-A38C-42AF-A904-3307EF92FE8D@infowarrior.org> http://animalnewyork.com/2012/02/the-department-of-homeland-security-is-searching-your-facebook-and-twitter-for-these-words/ The Department of Homeland Security monitors your updates on social networks, including Facebook and Twitter, to uncover ?Items Of Interest? (IOI), according to an internal DHS document released by the EPIC. That document happens to include a list of the baseline terms for which the DHS?or more specifically, a DHS subcontractor hired to monitor social networks?use to generate real-time IOI reports. (Although the released PDF is generally all reader-selectable text, the list of names was curiously embedded as an image of text, preventing simple indexing. We?ve fixed that below.) To be fair, the DHS does have an internal privacy policy that attempts to strip your ?PII??Personally Identifiable Information?from the aggregated tweets and status updates, with some broad exceptions: 1) U.S. and foreign individuals in extremis situations involving potential life or death circumstances; (this is no change) 2) Senior U.S. and foreign government officials who make public statements or provide public updates; 3) U.S. and foreign government spokespersons who make public statements or provide public updates; 4) U.S. and foreign private sector officials and spokespersons who make public statements or provide public updates; 5) Names of anchors, newscasters, or on-scene reporters who are known or identified as reporters in their post or article or who use traditional and/or social media in real time to keep their audience situationally aware and informed; 6) Current and former public officials who are victims of incidents or activities related to Homeland Security; and 7) Terrorists, drug cartel leaders or other persons known to have been involved in major crimes of Homeland Security interest, (e.g., mass shooters such as those at Virginia Tech or Ft. Hood) who are killed or found dead. In addition, the Media Monitoring Capability team can transmit personal information to the DHS National Operations Center over the phone as deemed necessary. The MMC watch may provide the name, position, or other information considered to be PII to the NOC over the telephone when approved by the appropriate DHS OPS authority. But that information must not be stored in a database that could be searched by an individual?s PII. In addition to the following list of terms, the DHS can also add additional search terms circumstantially as deemed necessary. DHS Media Monitoring Terms ? 2.13 Key Words & Search Terms This is a current list of terms that will be used by the NOC when monitoring social media sites to provide situational awareness and establish a common operating picture. As natural or manmade disasters occur, new search terms may be added. The new search terms will not use PII in searching for relevant mission-related information. DHS & Other Agencies ? Department of Homeland Security (DHS) ? Federal Emergency Management Agency (FEMA) ? Coast Guard (USCG) ? Customs and Border Protection (CBP) ? Border Patrol ? Secret Service (USSS) ? National Operations Center (NOC) ? Homeland Defense ? Immigration Customs Enforcement (ICE) ? Agent ? Task Force ? Central Intelligence Agency (CIA) ? Fusion Center ? Drug Enforcement Agency (DEA) ? Secure Border Initiative (SBI) ? Federal Bureau of Investigation (FBI) ? Alcohol Tobacco and Firearms (ATF) ? U.S. Citizenship and Immigration Services (CIS) ? Federal Air Marshal Service (FAMS) ? Transportation Security Administration (TSA) ? Air Marshal ? Federal Aviation Administration (FAA) ? National Guard ? Red Cross ? United Nations (UN) Domestic Security ? Assassination ? Attack ? Domestic security ? Drill ? Exercise ? Cops ? Law enforcement ? Authorities ? Disaster assistance ? Disaster management ? DNDO (Domestic Nuclear Detection Office) ? National preparedness ? Mitigation ? Prevention ? Response ? Recovery ? Dirty Bomb ? Domestic nuclear detection ? Emergency management ? Emergency response ? First responder ? Homeland security ? Maritime domain awareness (MDA) ? National preparedness initiative ? Militia ? Shooting ? Shots fired ? Evacuation ? Deaths ? Hostage ? Explosion (explosive) ? Police ? Disaster medical assistance team (DMAT) ? Organized crime ? Gangs ? National security ? State of emergency ? Security ? Breach ? Threat ? Standoff ? SWAT ? Screening ? Lockdown ? Bomb (squad or threat) ? Crash ? Looting ? Riot ? Emergency Landing ? Pipe bomb ? Incident ? Facility HAZMAT & Nuclear ? Hazmat ? Nuclear ? Chemical Spill ? Suspicious package/device ? Toxic ? National laboratory ? Nuclear facility ? Nuclear threat ? Cloud ? Plume ? Radiation ? Radioactive ? Leak ? Biological infection (or event) ? Chemical ? Chemical burn ? Biological ? Epidemic ? Hazardous ? Hazardous material incident ? Industrial spill ? Infection ? Powder (white) ? Gas ? Spillover ? Anthrax ? Blister agent ? Exposure ? Burn ? Nerve agent ? Ricin ? Sarin ? North Korea Health Concern + H1N1 ? Outbreak ? Contamination ? Exposure ? Virus ? Evacuation ? Bacteria ? Recall ? Ebola ? Food Poisoning ? Foot and Mouth (FMD) ? H5N1 ? Avian ? Flu ? Salmonella ? Small Pox ? Plague ? Human to human ? Human to ANIMAL ? Influenza ? Center for Disease Control (CDC) ? Drug Administration (FDA) ? Public Health ? Toxic ? Agro Terror ? Tuberculosis (TB) ? Agriculture ? Listeria ? Symptoms ? Mutation ? Resistant ? Antiviral ? Wave ? Pandemic ? Infection ? Water/air borne ? Sick ? Swine ? Pork ? Strain ? Quarantine ? H1N1 ? Vaccine ? Tamiflu ? Norvo Virus ? Epidemic ? World Health Organization (WHO and components) ? Viral Hemorrhagic Fever ? E. Coli Infrastructure Security ? Infrastructure security ? Airport ? CIKR (Critical Infrastructure & Key Resources) ? AMTRAK ? Collapse ? Computer infrastructure ? Communications infrastructure ? Telecommunications ? Critical infrastructure ? National infrastructure ? Metro ? WMATA ? Airplane (and derivatives) ? Chemical fire ? Subway ? BART ? MARTA ? Port Authority ? NBIC (National Biosurveillance Integration Center) ? Transportation security ? Grid ? Power ? Smart ? Body scanner ? Electric ? Failure or outage ? Black out ? Brown out ? Port ? Dock ? Bridge ? Canceled ? Delays ? Service disruption ? Power lines Southwest Border Violence ? Drug cartel ? Violence ? Gang ? Drug ? Narcotics ? Cocaine ? Marijuana ? Heroin ? Border ? Mexico ? Cartel ? Southwest ? Juarez ? Sinaloa ? Tijuana ? Torreon ? Yuma ? Tucson ? Decapitated ? U.S. Consulate ? Consular ? El Paso ? Fort Hancock ? San Diego ? Ciudad Juarez ? Nogales ? Sonora ? Colombia ? Mara salvatrucha ? MS13 or MS-13 ? Drug war ? Mexican army ? Methamphetamine ? Cartel de Golfo ? Gulf Cartel ? La Familia ? Reynose ? Nuevo Leon ? Narcos ? Narco banners (Spanish equivalents) ? Los Zetas ? Shootout ? Execution ? Gunfight ? Trafficking ? Kidnap ? Calderon ? Reyosa ? Bust ? Tamaulipas ? Meth Lab ? Drug trade ? Illegal immigrants ? Smuggling (smugglers) ? Matamoros ? Michoacana ? Guzman ? Arellano-Felix ? Beltran-Leyva ? Barrio Azteca ? Artistics Assassins ? Mexicles ? New Federation Terrorism ? Terrorism ? Al Queda (all spellings) ? Terror ? Attack ? Iraq ? Afghanistan ? Iran ? Pakistan ? Agro ? Environmental terrorist ? Eco terrorism ? Conventional weapon ? Target ? Weapons grade ? Dirty bomb ? Enriched ? Nuclear ? Chemical weapon ? Biological weapon ? Ammonium nitrate ? Improvised explosive device ? IED (Improvised Explosive Device) ? Abu Sayyaf ? Hamas ? FARC (Armed Revolutionary Forces Colombia) ? IRA (Irish Republican Army) ? ETA (Euskadi ta Askatasuna) ? Basque Separatists ? Hezbollah ? Tamil Tiger ? PLF (Palestine Liberation Front) ? PLO (Palestine Libration Organization) ? Car bomb ? Jihad ? Taliban ? Weapons cache ? Suicide bomber ? Suicide attack ? Suspicious substance ? AQAP (Al Qaeda Arabian Peninsula) ? AQIM (Al Qaeda in the Islamic Maghreb) ? TTP (Tehrik-i-Taliban Pakistan) ? Yemen ? Pirates ? Extremism ? Somalia ? Nigeria ? Radicals ? Al-Shabaab ? Home grown ? Plot ? Nationalist ? Recruitment ? Fundamentalism ? Islamist Weather/Disaster/Emergency ? Emergency ? Hurricane ? Tornado ? Twister ? Tsunami ? Earthquake ? Tremor ? Flood ? Storm ? Crest ? Temblor ? Extreme weather ? Forest fire ? Brush fire ? Ice ? Stranded/Stuck ? Help ? Hail ? Wildfire ? Tsunami Warning Center ? Magnitude ? Avalanche ? Typhoon ? Shelter-in-place ? Disaster ? Snow ? Blizzard ? Sleet ? Mud slide or Mudslide ? Erosion ? Power outage ? Brown out ? Warning ? Watch ? Lightening ? Aid ? Relief ? Closure ? Interstate ? Burst ? Emergency Broadcast System Cyber Security ? Cyber security ? Botnet ? DDOS (dedicated denial of service) ? Denial of service ? Malware ? Virus ? Trojan ? Keylogger ? Cyber Command ? 2600 ? Spammer ? Phishing ? Rootkit ? Phreaking ? Cain and abel ? Brute forcing ? Mysql injection ? Cyber attack ? Cyber terror ? Hacker ? China ? Conficker ? Worm ? Scammers ? Social media Yes, the Department of Homeland Security is searching social media for??social media?. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 7 20:35:52 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 7 Mar 2012 21:35:52 -0500 Subject: [Infowarrior] - FBI Launches Unprecedented Attack On NYPD Over Muslim Surveillance Tactics Message-ID: FBI Launches Unprecedented Attack On NYPD Over Muslim Surveillance Tactics Feds: Move Has Alienated People, Hurt Counter Terror Info Gathering Process March 7, 2012 7:22 PM http://newyork.cbslocal.com/2012/03/07/bloomberg-wont-criticize-christies-criticism-of-nypd-surveillance-of-muslims/ NEW YORK (CBSNewYork) ? The head of the Newark FBI said Wednesday the NYPD?s monitoring of Muslims in New Jersey has had a chilling effect on the feds? ability to gather counter terrorism intelligence. In the annals of policing this is unheard of. Usually people in law enforcement hang together. If they have squabbles they keep it in the cone of silence. Not this time. ?What we?re seeing now with the uproar that is occurring in New Jersey is that we?re starting to see cooperation pulled back. People are concerned that they?re being followed. People are concerned that they can?t trust law enforcement,? said FBI Newark Special Agent in Charge Michael Ward. Ward said the NYPD?s spying on mosques and Muslim businesses in the Garden State has caused sources to dry up and made the job of gathering counter terrorism intelligence much more difficult, reports CBS 2?s Marcia Kramer. ?It?s starting to have a negative impact. When people pull back cooperation it creates additional risks. It creates blind spots. It hinders our ability to have our finger on the pulse of what?s going on around the state,? Ward said. Ward?s attack is the latest criticism of NYPD Commissioner Ray Kelly?s decision to send cops way beyond the borders of the five boroughs to seek out people who might want to attack New York City. But it?s the first attack by a brother law enforcement official, and it?s the first public display of what appears to b a long-simmering resentment among federal officials of Kelly?s success in building a 1,000-member counter terrorism unit that rivals any unit anywhere. By comparison, the Newark FBI office has 100 agents. Police experts told Kramer the attack is unprecedented. ?I?ve been in the field for 42 years and I can?t recall it happening before,? said Robert McCrie, a professor at John Jay College of Criminal Justice. Ward kept his on-camera comments brief, but then leveled other criticism of the NYPD, charging that Kelly?s force keeps a close hold on any intelligence it gathers and only shares what it wants when it wants. ?Law enforcement agencies don?t generally speak in the way this SAC did,? McCrie said. The NYPD vigorously defended its past and present surveillance tactics and pointed out that many terrorist operations, including the 1993 attack on the World Trade Center and the 9/11 attack were masterminded in New Jersey. The Department also pointed to the present terror concerns involving Israel and Iran. NYPD spokesman Paul Browne said: ??as the likelihood of military conflict between Israel and/or the United States escalates, understanding where an operative for Hezbollah, Iran?s terror ally, may try to meld in would be absolutely vital for the protection of New York City.? And in a sort of good cop-bad cop scenario, the head of the FBI in Washington praised Kelly and the NYPD on Wednesday for doing a ?remarkable job in protecting New York.? Mayor Michael Bloomberg has refused to criticize harsh comments from critics of the NYPD?s tactics, including New Jersey Gov. Chris Christie, but he did defend the city. ?Anything we?ve done in New Jersey, we have done under an agreement with the state of New Jersey that was signed by a previous governor, and still remains in effect,? said Bloomberg on Tuesday. Not backing down one inch, the mayor said the city will continue to gather the kind of information that the Constitution, and court decisions, allow it to do. ?We work with the governor of New Jersey and the state of New Jersey all the time. We?ll continue to do that,? added Bloomberg. Christie said the NYPD thinks the world is their jurisdiction and the danger, he said, is that one agency cannot be aware of everything, and a lesson of 9/11 is that all levels of law enforcement need to communicate. ?I?m not saying they don?t belong in New Jersey, but tell us! Share it with the appropriate law enforcement agency,? Christie said. ?My concern is this kind of obsession that the NYPD seems to have that they?re the masters of the universe.? Back in 2005, then New Jersey Gov. Dick Codey signed the executive orders that allowed the NYPD to cross the Hudson, and carry out surveillance operations in New Jersey. But, as Codey told WCBS 880, he did not authorize any spying. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 8 06:23:27 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Mar 2012 07:23:27 -0500 Subject: [Infowarrior] - PayPal censoring books Message-ID: <5AEB5AE0-524B-4F0F-B215-D2A662E7C13D@infowarrior.org> Tell PayPal: Don't Censor Books Add your name to this letter to PayPal by entering your information on the side panel. This will trigger an email to PayPal with the below text. https://action.eff.org/o/9042/p/dia/action/public/?action_KEY=8515&a PayPal, which plays a dominant role in processing online sales, has taken full advantage of the vast and open nature of the Internet for commercial purposes, but is now holding free speech hostage by clamping down on sales of certain types of erotica. As organizations and individuals concerned with intellectual and artistic freedom and a free Internet, we strongly object to PayPal functioning as an enforcer of public morality and inhibiting the right to buy and sell constitutionally protected material. Recently, PayPal gave online publishers and booksellers, including BookStrand.com, Smashwords, and eXcessica, an ultimatum: it would close their accounts and refuse to process all payments unless they removed erotic books containing descriptions of rape, incest, and bestiality. The result would severely restrict the public's access to a wide range of legal material, could drive some companies out of business, and deprive some authors of their livelihood. Financial services providers should be neutral when it comes to lawful online speech. PayPal?s policy underscores how vulnerable such speech can be and how important it is to stand up and protect it. The topics PayPal would ban have been depicted in world literature since Sophocles? Oedipus and Ovid?s Metamorphoses. And while the books currently affected may not appear to be in the same league, many works ultimately recognized for their literary, historical, and artistic worth were reviled when first published. Books like Ulysses and Lady Chatterley?s Lover were banned as ?obscene? in the United States because of their sexual content. The works of Marquis de Sade, which include descriptions of incest, torture, and rape, were considered scandalous when written, although his importance in the history of literature and political and social philosophy is now widely acknowledged. The Internet has become an international public commons, like an enormous town square, where ideas can be freely aired, exchanged, and criticized. That will change if private companies, which are under no legal obligation to respect free speech rights, are able to use their economic clout to dictate what people should read, write, and think. PayPal, and the myriad other payment processors that support essential links in the free speech chain between authors and audiences, should not operate as morality police. Signed by: Access ACLU of California American Booksellers Foundation for Free Expression Association of American Publishers Authors Guild Bytes for All, Pakistan Comic Book Legal Defense Fund Electronic Frontier Foundation Feminists for Free Expression Index on Censorship Internet Archive National Coalition Against Censorship Northern California Independent Booksellers Association Pacific Northwest Booksellers Association Peacefire PEN American Center Southern California Independent Booksellers Association Southern Independent Booksellers Alliance Unlimited Publishing LLC Woodhull Sexual Freedom Alliance --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 8 16:47:27 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Mar 2012 17:47:27 -0500 Subject: [Infowarrior] - TSA blog mocks Corbett video Message-ID: The user comments at the site are spot-on .... this is classic non-denial denial, and not addressing the issue itself. This is a very carefull worded response --- you can tell simply when they start by mocking Corbett as "some guy". And the "20 layers" defence they cite? Puhlease. TSA=govspeak for "fail" --rick http://blog.tsa.gov/2012/03/viral-video-about-body-scanners.html Viral Video About Body Scanners A video is making its way around the interwebs this morning from some guy claiming he figured out a way to beat our body scanners (imaging technology). I watched the video and it is a crude attempt to allegedly show how to circumvent TSA screening procedures. For obvious security reasons, we can?t discuss our technology's detection capability in detail, however TSA conducts extensive testing of all screening technologies in the laboratory and at airports prior to rolling them out to the entire field. Imaging technology has been extremely effective in the field and has found things artfully concealed on passengers as large as a gun or nonmetallic weapons, on down to a tiny pill or tiny baggies of drugs. It?s one of the best tools available to detect metallic and non-metallic items, such as? you know? things that go BOOM. With all that said, it is one layer of our 20 layers of security (Behavior Detection, Explosives Detection Canines, Federal Air Marshals, , etc.) and is not a machine that has all the tools we need in one handy device. We?ve never claimed it?s the end all be all. However, our nation's aviation system is much safer now with the deployment of 600 imaging technology units at 140 airports. It is completely safe and the vast majority use a generic image that completely addresses privacy concerns. Also, keep in mind that is optional. Anybody can opt out of the body scanner for a pat-down. Blogger Bob Burns --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 8 21:53:05 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 8 Mar 2012 22:53:05 -0500 Subject: [Infowarrior] - TSA Threatens Mainstream Media Not To Cover Story Message-ID: BREAKING: TSA Threatens Mainstream Media Not To Cover Story March 8, 2012 http://tsaoutofourpants.wordpress.com/2012/03/08/breaking-tsa-threatens-mainstream-media-not-to-cover-story/ I?ve been on the phone all day for the last 2 days with reporters and journalists of all kinds, including the big bad MSM, and one South Florida reporter told me that he had been ?strongly cautioned? by the TSA not to cover this story. Absolutely unbelievable: Update: The name of the TSA spokeswoman who attempted to intimidate this journalist is Sari Koshetz. Update 2: Second journalist comes forward in comments on this post: SmarterTravel March 8, 2012 at 3:34 pm | #11 Reply | Quote | Edit We were also ?strongly cautioned? not to cover the story. We did anyway at SmarterTravel: http://tinyurl.com/7te5wj8 The TSA is clearly no fan of the 4th Amendment, nor of 5th Amendment due process rights, and now this blatant attempt to manipulate the free press with ?strong caution? hits at Amendment the First. Why strong caution? Are there repercussions for journalists that fail to heed this ?advice?? Because, you know, if I were a member of the free press and the federal government asked me to censor myself, I?d happily comply . . . . . . . . . riiight. I have news for the federal government: Americans will not take censorship in any form. We thought we made this clear when you tried to force SOPA on us. So what should we do about this? If you?re a journalist who has received any kind of similar warning, please contact me. Everyone else, please take a moment to contact your local mainstream media outlets (Fox, ABC, NBC, CNN, etc.) to request that they cover the original story. The Internet has been absolutely amazing as have large alternative programs (Alex Jones, for example) and I do believe that we have successfully spread the word. But, if the TSA doesn?t want the MSM to cover it, there?s probably a reason, so let?s take the battle there! --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 9 09:56:11 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Mar 2012 10:56:11 -0500 Subject: [Infowarrior] - Pols fear 'SOPA backlash' Message-ID: Pols fear 'SOPA backlash' By: Kim Hart March 8, 2012 11:55 PM EST http://dyn.politico.com/printstory.cfm?uuid=A4513815-10BC-43D9-9BD7-9C8C53AEC15C In the wake of the Internet blackout that led to the dramatic death of two controversial online piracy bills, a new warning has entered the Hill vernacular: ?Don?t get SOPA?d.? Lawmakers are tiptoeing around issues that could tick off tech heavyweights such as Google or Amazon. They don?t want a legislative misstep to trigger the same kind of online revolt that killed the Stop Online Piracy Act in the House and the Protect IP Act in the Senate in January. That means the industry now has the upper hand in some legislative debates ? from cybersecurity to online sales tax. ?Nobody wants another SOPA moment,? Rep. Jason Chaffetz (R-Utah), a vocal critic of SOPA, told POLITICO. ?The nerds are more powerful than anyone thought, and the tech industry flexed its muscle like never before.? Lawmakers don?t want to give the tech industry a reason to flex that muscle again at the expense of their own bills, so they?re going to extra lengths to address the industry?s concerns and smooth out disagreements that could escalate into bigger fights. Rep. Jared Polis (D-Colo.) said the anti-SOPA movement showed a certain ?coming of political age? for the tech industry, and his colleagues in the House are treading carefully. ?They?re involving the tech community more and are more interested in listening,? said Polis, who also opposed SOPA. ?They?re paying closer attention now.? The SOPA wounds are still fresh. It was less than two months ago that Wikipedia and Reddit went dark in protest of SOPA and PIPA, and Google blacked out its logo on its homepage. Tech blogs warned of the dangers of the two Hollywood-backed bills that would have ratcheted up the legal consequences of hosting illegally copied content on the Web. The entertainment industry, which had done an excellent job lining up bipartisan support for the bills, hoped the legislation would significantly curb the online piracy that has decimated their business models. But Web companies saw it as government overreach that could lead to censorship and gigantic legal expenses for startups. They rallied their user base, spread the message on social media and prompted millions of angry phone calls and emails to Congress. Within two days of the blackout, Reid officially shelved PIPA and Rep. Lamar Smith abandoned SOPA. The Netizens claimed victory. Now, the question is whether that grass-roots force can direct its ire at any new effort in Washington that could be perceived as being negative for the Internet and the companies built upon it. ?Inside the Beltway, the hope is that the SOPA revolt was a one-time thing ? but there?s no doubt that the citizens of the Internet are riled up and plan to stay that way,? said Larry Downes, senior adjunct fellow at Tech Freedom, a policy think tank. ?Once the pitchforks are up, it?s hard to put them down.? There likely won?t be another reason to wield those pitchforks this year, partly because very little is expected to happen on Capitol Hill before the presidential election. But even on cybersecurity ? the hot tech debate this month ? movement is extra slow as lawmakers carefully try to line up tech industry support. ?There?s so much fear about a SOPA backlash that it?s almost halting progress on anything,? said one tech industry source who?s involved in the cybersecurity talks. ?With every Internet and technology issue coming forward, people worry and ask, ?Is this the next SOPA??? As a result, current drafts of cybersecurity legislation are much milder than previous versions. For example, there?s no longer any provision that could be construed as an Internet ?kill switch? that gives the president power to shut down networks in the event of a massive cyberattack. But there are still some provisions of bills that concern tech companies. The bill written by Sen. Joe Lieberman (I-Conn.) would impose new requirements on ?critical infrastructure? that could include a wide range of networks, which Republicans and corporations say would be a bureaucratic burden on businesses. A rival bill by Sen. John McCain (R-Ariz.) doesn?t include the critical infrastructure provision but would subject companies that provide network services to the government ? such as AT&T or IBM ? to broad new data reporting requirements. Privacy advocates worry both bills would expand the National Security Agency?s ability to monitor domestic Internet networks. That provision has made lawmakers especially skittish because it has the potential to spook activists. Lieberman, along with Sens. Jay Rockefeller (D-W.Va.) and Susan Collins (R-Maine), recently tried to allay fears by issuing a press release that said their bill ?in no way resembles? SOPA and PIPA. Still, the legislation is causing some uneasiness among House Republicans who back the GOP bill in the Senate. Rep. Michael McCaul (R-Texas) said he hopes Reid will try to strike the right balance on cybersecurity by considering the GOP bill. Reid ?doesn?t want a SOPA on his hands, so he?s hopefully going to open his eyes to the alternative version the Republicans have and try to get that through,? McCaul told POLITICO. Efforts to impose a sales tax on goods purchased online are also seen as a potential danger zone. Internet giants Amazon and eBay have millions of sellers and buyers that operate in just about every district, so lawmakers don?t want to cross them, Polis said. ?Many constituents and voters have a great affinity for technology,? he said. ?They really like their Internet freedom and members of Congress mess with them at their peril.? Other members are invoking the SOPA incident to stir up concerns about an international copyright treaty now under consideration by European regulators. The Anti-Counterfeiting Trade Agreement, Rep. Darrell Issa (R-Calif.) said this week, ?represents as great a threat to an open Internet as SOPA and PIPA and was drafted with even less transparency and input from digital citizens.? That kind of talk is tapping into an effort already under way by some Internet defenders to sign petitions against the treaty. Despite the fear of ?another SOPA,? even tech industry lobbyists acknowledge that it?s largely overblown. The grass-roots uprising that led to the Internet blackout was a rare confluence of factors in the long-running Silicon Valley-versus-Hollywood fight that won?t be easy to replicate. ?The rational observers realize there?s a significant overestimation of high tech?s ability to control the netroots,? said one industry lobbyist. Another lobbyist said it?s ?nearly impossible? to get the tech community to engage on policy issues, especially complicated measures that are highly technical, such as cybersecurity, or dry, such as online taxes. ?SOPA was an inflection point and people on the Hill are certainly going to take more notice next time around,? the lobbyist said. ?But one incident like that isn?t going to be the huge game changer.? Nonetheless, lawmakers learned a big lesson, Chaffetz said. ?The whole thing underscored a lack of understanding on the Hill of how the industry works,? he said. ?When faced with a crisis moment, the [industry] can do it again.? Jennifer Martinez contributed to this report. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 9 14:00:38 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 9 Mar 2012 15:00:38 -0500 Subject: [Infowarrior] - MPAA's Argument Against Hotfile Assumes Any Popular Content Online Must Be Infringing Message-ID: <6AF9CC9D-9139-44CD-8319-5E20F8B6AD26@infowarrior.org> MPAA's Argument Against Hotfile Assumes Any Popular Content Online Must Be Infringing http://www.techdirt.com/articles/20120309/03444518043/mpaas-argument-against-hotfile-assumes-any-popular-content-online-must-be-infringing.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 10 12:45:59 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 10 Mar 2012 13:45:59 -0500 Subject: [Infowarrior] - =?windows-1252?q?NTIA_says_ICANN_=93does_not_meet?= =?windows-1252?q?_the_requirements=94_for_IANA_renewal?= Message-ID: <351C2D50-DEB7-4401-A7CA-C3D7B600BD83@infowarrior.org> (c/o DG) NTIA says ICANN ?does not meet the requirements? for IANA renewal Kevin Murphy, March 10, 2012, 15:21:51 (UTC), Domain Policy The National Telecommunications and Information Administration has dealt a stunning blow to ICANN in its bid to carry on running the internet?s critical IANA functions. The NTIA said this hour that it has canceled the RFP for the new IANA contract ?because we received no proposals that met the requirements requested by the global community? NTIA thinks that ICANN?s bid was unsatisfactory, in other words. The NTIA said ... < -- > http://domainincite.com/ntia-says-icann-does-not-meet-the-requirements-for-iana-renewal/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 11 11:08:48 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Mar 2012 12:08:48 -0400 Subject: [Infowarrior] - Editorial: The Power to Kill Message-ID: <31EF9138-A8F1-4C60-939A-3F3BC0531837@infowarrior.org> The Power to Kill Published: March 10, 2012 http://www.nytimes.com/2012/03/11/opinion/sunday/the-power-to-kill.html?_r=1&hp President Obama, who came to office promising transparency and adherence to the rule of law, has become the first president to claim the legal authority to order an American citizen killed without judicial involvement, real oversight or public accountability. That, regrettably, was the most lasting impression from a major address on national security delivered last week by Attorney General Eric Holder Jr. There were parts of the speech worth celebrating ? starting with Mr. Holder?s powerful discussion of why trying most terrorists in civilian courts is best for punishing them and safeguarding America. But we are deeply concerned about his rejection of oversight and accountability when it comes to killing American citizens who are suspected of plotting terrorist acts. A president has the right to order lethal force against conventional enemies during conventional war, or against unconventional enemies in unconventional wars. But when it comes to American citizens, there must be compelling evidence that the threat the citizen poses is imminent and that capturing the citizen is not a realistic option. The case that has brought the issue to international attention is the Sept. 30, 2011, drone strike in Yemen that killed Anwar al-Awlaki, an American citizen, who United States officials say was part of Al Qaeda?s command structure. Another American was killed in the strike, and Mr. Awlaki?s 16-year-old son, also an American citizen, was killed in an attack two weeks later. The killings touched off a storm of criticism. Mr. Awlaki?s father tried to sue the government, which used the ?national secrets? defense to have the case tossed out. But the administration has refused to acknowledge that the killing took place or that there is in fact a policy about ?targeted killings? of Americans. It has even refused to acknowledge the existence of a Justice Department memo providing legal justification for killing American citizens, even though that memo has been reported by The Times and others. It is beyond credibility that Mr. Obama ordered the Awlaki killing without getting an opinion from the department?s Office of Legal Counsel. Even President George W. Bush took the trouble to have lawyers in that office cook up a memo justifying torture. The administration intended Mr. Holder?s speech to address the criticism and provide a legal argument for the policy, but it was deeply inadequate in important ways. Mr. Holder agreed that killing an American citizen requires that he ?poses an imminent threat of violent attack against the United States,? that capture ?is not feasible,? that the target has military value, that other people are not targeted intentionally, that the potential ?collateral damage? not be excessive and that the weapons used ?will not inflict unnecessary suffering.? But he gave no inkling what the evidence was in the Awlaki case, and the administration did not provide a way in which anyone other than the people who gave the order could review whether the standards were met. Mr. Awlaki made tapes for Islamist Web sites that justified armed attacks on the United States by Muslims. But was he just spouting off, or actively plotting or supporting attacks? All Mr. Holder did say was that the president could order such a killing without any judicial review and that any such operation would have ?robust? Congressional oversight because the administration would brief Congressional leaders. He also said the administration provided Congress with the legal underpinnings for such killings. In the Awlaki case, we do not know whether that notification was done in advance or after the fact, if it was done at all. We do know the administration has not given Congress the legal memo with the underlying justification for killing American citizens, because Senator Patrick Leahy, chairman of the Judiciary Committee, was asking Mr. Holder for it just the other day. Perhaps most disturbing, Mr. Holder utterly rejected any judicial supervision of a targeted killing. We have said that a decision to kill an American citizen should have judicial review, perhaps by a special court like the Foreign Intelligence Surveillance Court, which authorizes eavesdropping on Americans? communications. Mr. Holder said that could slow a strike on a terrorist. But the FISA court works with great speed and rarely rejects a warrant request, partly because the executive branch knows the rules and does not present frivolous or badly argued cases. In Mr. Awlaki?s case, the administration had long been complaining about him and tracking him. It made an earlier attempt to kill him. Mr. Holder said such operations require high levels of secrecy. That is obvious, but the FISA court operates in secret, and at least Americans are assured that some legal authority not beholden to a particular president or political party is reviewing such operations. Mr. Holder argued in his speech that judicial process and due process guaranteed by the Constitution ?are not one and the same.? This is a straw man. The judiciary has the power to say what the Constitution means and make sure the elected branches apply it properly. The executive acting in secret as the police, prosecutor, jury, judge and executioner is the antithesis of due process. The administration should seek a court?s approval before killing an American citizen, except in the sort of ?hot pursuit? that justifies the police shooting of an ordinary suspect. There should be consequences in the event of errors ? which are, tragically, made, and are the great risk. And the administration should publish the Office of Legal Counsel memo. We cannot image why Mr. Obama would want to follow the horrible example set by Mr. Bush in withholding such vital information from the public. A version of this editorial appeared in print on March 11, 2012, on page SR10 of the New York edition with the headline: The Power to Kill. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 11 11:26:36 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Mar 2012 12:26:36 -0400 Subject: [Infowarrior] - OT: Five Leadership Lessons From James T. Kirk Message-ID: Five Leadership Lessons From James T. Kirk Alex Knapp, Forbes Staff http://www.forbes.com/sites/alexknapp/2012/03/05/five-leadership-lessons-from-james-t-kirk/print/ Captain James T. Kirk is one of the most famous Captains in the history of Starfleet. There?s a good reason for that. He saved the planet Earth several times, stopped the Doomsday Machine, helped negotiate peace with the Klingon Empire, kept the balance of power between the Federation and the Romulan Empire, and even managed to fight Nazis. On his five-year mission commanding the U.S.S. Enterprise, as well as subsequent commands, James T. Kirk was a quintessential leader, who led his crew into the unknown and continued to succeed time and time again. Kirk?s success was no fluke, either. His style of command demonstrates a keen understanding of leadership and how to maintain a team that succeeds time and time again, regardless of the dangers faced. Here are five of the key leadership lessons that you can take away from Captain Kirk as you pilot your own organization into unknown futures. 1. Never Stop Learning ?You know the greatest danger facing us is ourselves, an irrational fear of the unknown. But there?s no such thing as the unknown? only things temporarily hidden, temporarily not understood.? Captain Kirk may have a reputation as a suave ladies man, but don?t let that exterior cool fool you. Kirk?s reputation at the Academy was that of a ?walking stack of books,? in the words of his former first officer, Gary Mitchell. And a passion for learning helped him through several missions. Perhaps the best demonstration of this is in the episode ?Arena,? where Kirk is forced to fight a Gorn Captain in single combat by advanced beings. Using his own knowledge and materials at hand, Kirk is able to build a rudimentary shotgun, which he uses to defeat the Gorn. If you think about it, there?s no need for a 23rd Century Starship Captain to know how to mix and prepare gunpowder if the occasion called for it. After all, Starfleet officers fight with phasers and photon torpedoes. To them, gunpowder is obsolete. But the same drive for knowledge that drove Kirk to the stars also caused him to learn that bit of information, and it paid off several years later. In the same way, no matter what your organization does, it helps to never stop learning. The more knowledge you have, the more creative you can be. The more you?re able to do, the more solutions you have for problems at your disposal. Sure, you might never have to face down a reptilian alien on a desert planet, but you never know what the future holds. Knowledge is your best key to overcoming whatever obstacles are in your way. 2. Have Advisors With Different Worldviews ?One of the advantages of being a captain, Doctor, is being able to ask for advice without necessarily having to take it.? Kirk?s closest two advisors are Commander Spock, a Vulcan committed to a philosophy of logic, and Dr. Leonard McCoy, a human driven by compassion and scientific curiosity. Both Spock and McCoy are frequently at odds with each other, recommended different courses of action and bringing very different types of arguments to bear in defense of those points of view. Kirk sometimes goes with one, or the other, or sometimes takes their advice as a springboard to developing an entirely different course of action. However, the very fact that Kirk has advisors who have a different worldview not only from each other, but also from himself, is a clear demonstration of Kirk?s confidence in himself as a leader. Weak leaders surround themselves with yes men who are afraid to argue with them. That fosters an organizational culture that stifles creativity and innovation, and leaves members of the organization afraid to speak up. That can leave the organization unable to solve problems or change course. Historically, this has led to some serious disasters, such as Star Wars Episode I: The Phantom Menace. Organizations that allow for differences of opinion are better at developing innovation, better at solving problems, and better at avoiding groupthink. We all need a McCoy and a Spock in our lives and organizations. 3. Be Part Of The Away Team ?Risk is our business. That?s what this starship is all about. That?s why we?re aboard her.? Whenever an interesting or challenging mission came up, Kirk was always willing to put himself in harm?s way by joining the Away Team. With his boots on the ground, he was always able to make quick assessments of the situation, leading to superior results. At least, superior for everyone with a name and not wearing a red shirt. Kirk was very much a hands-on leader, leading the vanguard of his crew as they explored interesting and dangerous situations. When you?re in a leadership role, it?s sometimes easy to let yourself get away from leading Away Team missions. After all, with leadership comes perks, right? You get the nice office on the higher floor. You finally get an assistant to help you with day to day activities, and your days are filled with meetings and decisions to be made, And many of these things are absolutely necessary. But it?s sometimes easy to trap yourself in the corner office and forget what life is like on the front lines. When you lose that perspective, it?s that much harder to understand what your team is doing, and the best way to get out of the problem. What?s more, when you?re not involved with your team, it?s easy to lose their trust and have them gripe about how they don?t understand what the job is like. This is a lesson that was actually imprinted on me in one of my first jobs, making pizzas for a franchise that doesn?t exist anymore. Our general manager spent a lot of time in his office, focused on the paperwork and making sure that we could stay afloat on the razor-thin margins we were running. But one thing he made sure to do, every day, was to come out during peak times and help make pizza. He didn?t have to do that, but he did. The fact that he did so made me like him a lot more. It also meant that I trusted his decisions a lot more. In much the same way, I?m sure, as Kirk?s crew trusted his decisions, because he knew the risks of command personally. 4. Play Poker, Not Chess ?Not chess, Mr. Spock. Poker. Do you know the game?? In one of my all-time favorite Star Trek episodes, Kirk and his crew face down an unknown vessel from a group calling themselves the ?First Federation.? Threats from the vessel escalate until it seems that the destruction of the Enterprise is imminent. Kirk asks Spock for options, who replies that the Enterprise has been playing a game of chess, and now there are no winning moves left. Kirk counters that they shouldn?t play chess ? they should play poker. He then bluffs the ship by telling them that the Enterprise has a substance in its hull called ?corbomite? which will reflect the energy of any weapon back against an attacker. This begins a series of actions that enables the Enterprise crew to establish peaceful relations with the First Federation. I love chess as much as the next geek, but chess is often taken too seriously as a metaphor for leadership strategy. For all of its intricacies, chess is a game of defined rules that can be mathematically determined. It?s ultimately a game of boxes and limitations. A far better analogy to strategy is poker, not chess. Life is a game of probabilities, not defined rules. And often understanding your opponents is a much greater advantage than the cards you have in your hand. It was knowledge of his opponent that allowed Kirk to defeat Khan in Star Trek II by exploiting Khan?s two-dimensional thinking. Bluffs, tells, and bets are all a big part of real-life strategy. Playing that strategy with an eye to the psychology of our competitors, not just the rules and circumstances of the game can often lead to better outcomes than following the rigid lines of chess. 5. Blow up the Enterprise ??All I ask is a tall ship and a star to steer her by.? You could feel the wind at your back in those days. The sounds of the sea beneath you, and even if you take away the wind and the water it?s still the same. The ship is yours. You can feel her. And the stars are still there, Bones.? One recurring theme in the original Star Trek series is that Kirk?s first love is the Enterprise. That love kept him from succumbing to the mind-controlling spores in ?This Side of Paradise,? and it?s hinted that his love for the ship kept him from forming any real relationships or starting a family. Despite that love, though, there came a point in Star Trek III: The Search For Spock, where Captain Kirk made a decision that must have pained him enormously ? in order to defeat the Klingons attacking him and save his crew, James Kirk destroyed the Enterprise. The occasion, in the film, was treated with the solemnity of a funeral, which no doubt matched Kirk?s mood. The film ends with the crew returning to Vulcan on a stolen Klingon vessel, rather than the Enterprise. But they returned victorious. We are often, in our roles as leaders, driven by a passion. It might be a product or service, it might be a way of doing things. But no matter how much that passion burns within us, the reality is that times change. Different products are created. Different ways of doing things are developed. And there will come times in your life when that passion isn?t viable anymore. A time when it no longer makes sense to pursue your passion. When that happens, no matter how painful it is, you need to blow up the Enterprise. That is, change what isn?t working and embark on a new path, even if that means having to live in a Klingon ship for awhile. Final Takeaway: In his many years of service to the Federation, James Kirk embodied several leadership lessons that we can use in our own lives. We need to keep exploring and learning. We need to ensure that we encourage creativity and innovation by listening to the advice of people with vastly different opinions. We need to occasionally get down in the trenches with the members of our teams so we understand their needs and earn their trust and loyalty. We need to understand the psychology of our competitors and also learn to radically change course when circumstances dictate. By following these lessons, we can lead our organizations into places where none have gone before. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 11 18:00:34 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 11 Mar 2012 19:00:34 -0400 Subject: [Infowarrior] - Amateurs hunt malware, perfect firewalls and fend off mock hacks in UK cyber-competition Message-ID: Amateurs hunt malware, perfect firewalls and fend off mock hacks in UK cyber-competition By Associated Press, Updated: Sunday, March 11, 5:59 PM http://www.washingtonpost.com/world/europe/amateurs-hunt-malware-perfect-firewalls-and-fend-off-mock-hacks-in-uk-cyber-competition/2012/03/11/gIQA3uuX5R_print.html BRISTOL, England ? Amateur cybersleuths have been hunting malware, raising firewalls and fending off mock hack attacks in a series of simulations supported in part by Britain?s eavesdropping agency. The games are intended to pull badly-needed talent into the country?s burgeoning cybersecurity sector, according to former security minister Pauline Neville-Jones, who spoke at a closing ceremony held Sunday at the Science Museum in the English port city of Bristol. ?The flow of people we have at the moment is wholly inadequate,? she said, warning of a skills gap ?which threatens the economic future of this country.? The exercises, dubbed the Cyber Security Challenge, are intended to help bridge that gap, drawing thousands of participants who spent weeks shoring up vulnerable home networks, cracking weak codes and combing through corrupted hard drives in a series of tests designed by companies such as U.K. defense contractor QinetiQ and data security firm Sophos. The challenge was supported in part by British signals intelligence agency GCHQ and Scotland Yard?s e-crimes unit ? a sign of the government?s concern with supporting a rapidly-developing field. The government is spending 650 million pounds (about $1 billion) to boost its electronic defense capabilities. Britain?s military recently opened a global cyber-operations center in the English market town of Corsham, and last month police announced the creation of three new regional cybercrime units. Event organizer Judy Baker warned there weren?t enough skilled people to work in the newly created jobs, complaining that cybersecurity was barely on the radar of high school guidance counselors and that too few universities offered degrees in the field. ?The front door into cybersecurity is not clear at all,? she said. The competition was closed to cybersecurity professionals, so many of the 4,000-odd participants ? such as the 19-year-old winner, Cambridge University student Jonathan Millican ? were aspiring computer scientists. Others were engineers or hobbyists. Senior GCHQ official Jonathan Hoyle made a brief speech Sunday, inviting Millican and other prize-winners to come visit the secretive organization?s headquarters in Chelthenham, about 95 miles (150 kilometers) northwest of London. Millican was excited by the prospect, saying: ?It?s not somewhere many people just go.? ___ Online: Cyber Security Challenge UK: http://cybersecuritychallenge.org.uk Raphael Satter can be reached at: http://twitter.com/razhael Copyright 2012 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 12 07:15:49 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Mar 2012 08:15:49 -0400 Subject: [Infowarrior] - RFI: Active Denial System mentions Message-ID: I have come across several MSM articles this morning about the DOD Active Denial System AKA "Pain Ray" --- is there some major lobbying push going on for the device or something this week? It's rare to see such coverage unless *something* is up on the procurement or deployment front. (Not that I think NLWs are a good idea anyway, mind you.) Just curious. -- rick --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 12 08:17:31 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Mar 2012 09:17:31 -0400 Subject: [Infowarrior] - Latest Stress Tests Are Expected to Show Progress at Most Banks Message-ID: Translation: "This time the news is good enough we're happy to share it publicly going into an election year to help hype up the anemic economic recovery. Last year, it was embarrassing, would have caused a public panic if disclosed and our owners/er, banks would have lost tons more money than they did already by their own actions in years past." You can get dizzy trying to peer thru the DC spin these days. ---rick Latest Stress Tests Are Expected to Show Progress at Most Banks By NELSON D. SCHWARTZ Published: March 11, 2012 In another milestone in the banking industry?s recovery from the financial crisis, the Federal Reserve this week will release the results of its latest stress tests, which are expected to show broadly improved balance sheets at most institutions. The findings would be the latest of several signs of renewed strength in the economy, including the unemployment report last Friday that showed that more than 227,000 jobs were created in February. < - > Unlike the findings of the last round of stress tests, which ended last March, the results of this round will be made public by the Federal Reserve, with an announcement expected by Thursday. Last time, the Fed informed the banks of their results, and it was up to them to announce whether they would proceed with dividend increases or buybacks. < - > http://www.nytimes.com/2012/03/12/business/new-stress-tests-expected-to-show-progress-at-most-banks.html?_r=1&hp --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 12 12:50:43 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Mar 2012 13:50:43 -0400 Subject: [Infowarrior] - Why Monsanto Thought Weeds Would Never Defeat Roundup Message-ID: Why Monsanto Thought Weeds Would Never Defeat Roundup 06:44 am March 11, 2012 by Dan Charles http://www.npr.org/blogs/thesalt/2012/03/11/148290731/why-monsanto-thought-weeds-would-never-defeat-roundup Since it seems to be Pest Resistance Week here at The Salt, with stories on weeds and insects, we might as well just pull out all the stops. So, next up: Why didn't Monsanto's scientists foresee that weeds would become resistant to glyphosate, the weed-killing chemical in their blockbuster herbicide Roundup? In 1993, when Monsanto asked the U.S. Department of Agriculture to approve Roundup-tolerant soybeans, it dispensed with the issue of potential resistant weeds in two modest paragraphs. It told the agency that "glyphosate is considered to be a herbicide with low risk for weed resistance." The company also wrote that several university scientists agreed "that it is highly unlikely that weed resistance to glyphosate will become a problem as a result of the commercialization of glyphosate-tolerant soybeans." Oops. Since then, resistance to glyphosate has emerged in 20 different weed species. I called up several people who were at Monsanto at that time. Why didn't people there think resistance would happen? They all told a similar story. First, the company had been selling Roundup for years without any problems. Second, and perhaps most important, the company's scientists had just spent more than a decade, and many millions of dollars, trying to create the Roundup-resistant plants that they desperately wanted ? soybeans and cotton and corn. It had been incredibly difficult. When I interviewed former Monsanto scientists for my book on biotech crops, one of them called it the company's "Manhattan Project." Considering how hard it had been to create those crops, "the thinking was, it would be really difficult for weeds to become tolerant" to Roundup, says Rick Cole, who is now responsible for Monsanto's efforts to deal with the problem of resistant weeds. Cole went to work at Monsanto in 1996, the same year that the first Roundup Ready crops went on the market. So how did the company's experts react when weeds began to prove them wrong? "The reaction was, 'What is really going on here?' " says Cole. Monsanto began a "massive effort" to figure out how the weeds withstand glyphosate. Some weeds, Cole says, appear to keep glyphosate from entering the plant at all; others sequester the herbicide in a spot where it can't do much damage. Monsanto's genetically engineered crops use a different technique entirely. "You sit back and you think, 'What could I have done differently?' " says Cole. Even if the company had tried to restrict the use of Roundup, Cole isn't sure it would have been successful. "Roundup Ready crops were such a revolution, and people embraced them so fast, that even if we had tried to do something different, people might not have done it," he says. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 12 16:54:40 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 12 Mar 2012 17:54:40 -0400 Subject: [Infowarrior] - =?windows-1252?q?_DARPA=92s_Regina_Dugan_Will_Joi?= =?windows-1252?q?n_Google?= Message-ID: DARPA?s Regina Dugan Will Join Google Published on March 12, 2012 by Liz Gannes http://allthingsd.com/?p=184980&ak_action=printable Regina Dugan, director of the Defense Advanced Research Projects Agency, is leaving to take a role at Google. We?d been working on this story independently and have confirmed it with Google; Wired has it up as well. Dugan reigned over all sorts of fantastical creations at DARPA, including testing hypersonic vehicles. She was a huge hit at our D9 conference last year, and recently delighted the audience at TED with a presentation of an array of projects, including a remote-controlled flying hummingbird. Dugan had an unusually entrepreneurial philosophy for someone in the government, for instance telling our own Walt Mossberg at D, ?Failure isn?t the problem, it?s the fear of failure.? A spokeswoman for Google said that Dugan would have a ?senior position? at Google but wouldn?t confirm her role. A DARPA spokesperson told Wired that Dugan felt she couldn?t turn down a chance to join such an innovative company. Google has recently ? mostly in secret ? combined some of its moonshot projects into a division called Google X, which is run by co-founder Sergey Brin. It is working on things like wearable computing devices and autonomous cars. Seems like a natural fit for Dugan, though of course Google wouldn?t confirm it. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 13 19:21:59 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Mar 2012 20:21:59 -0400 Subject: [Infowarrior] - =?windows-1252?q?Judge_Orders_Failed_Copyright_Tr?= =?windows-1252?q?oll_to_Forfeit_=91All=92_Copyrights?= Message-ID: <684A9BED-4E94-4637-9BBB-EBAE2167E978@infowarrior.org> Judge Orders Failed Copyright Troll to Forfeit ?All? Copyrights ? By David Kravets ? Email Author ? March 13, 2012 | ? 4:56 pm | ? Categories: intellectual property, The Courts http://www.wired.com/threatlevel/2012/03/troll-forfeits-copyrights/ Righthaven, a copyright-troll law firm that failed in its attempt to make money for newspapers by suing readers for sharing stories online, was dealt a death blow Tuesday by a federal judge who ordered the Las Vegas company to forfeit ?all of? its intellectual property and other ?intangible property? to settle its debts. The order is an ironic twist to a copyright trolling saga that began in 2010, when Righthaven was formed with the idea of suing blogs and websites that re-post newspaper articles or snippets of them without permission. U.S. District Judge Philip M. Pro of Nevada ordered Righthaven to surrender for auction the 278 copyrighted news articles that were the subject of its lawsuits. ?The copyright registrations to more than 275 works are in Righthaven?s name, can be transferred by this court, and can then be auctioned,? the judge ruled. (.pdf) The Righthaven.com domain was auctioned for $3,000 last year as well to help satisfy the legal bill Righthaven must pay to one of its defendants that prevailed in a copyright suit brought by Righthaven. The tab is more than $60,000 in the case before Judge Pro, and in total Righthaven owes about $200,000 to various defendants. U.S. copyright law allows for massive damages ? $150,000 per infringement ? which leads many people to settle copyright cases, rather than risk a massive payout. But if someone does defend himself, the law allows the prevailing party in an infringement case to be awarded its legal fees and costs, even if it were the defendant. Righthaven initially was winning and settling dozens of cases as defendants paid a few thousand dollars each to make the cases go away. But Righthaven, which has ceased filing new suits, has never prevailed in a case that was defended in court. Ironically, Righthaven sought ? as payment ? the domain names owned by the people it was suing, and now it has lost its own domain name and any other available assets in the process. The company has threatened to file for bankruptcy protection. The domain auction and the unscheduled auctioning of Righthaven?s copyrights is to help pay Las Vegas lawyer Marc Randazza for successfully defending Vietnam veteran Wayne Hoehn against a Righthaven copyright lawsuit seeking large damages for posting the entirety of a Las Vegas Review-Journal editorial to a small online message board. The lawsuit against Hoehn, one of hundreds of Righthaven?s lawsuits, accused him of unlawfully posting all 19 paragraphs of a November 2010 editorial from the Las Vegas Review-Journal. Hoehn posted the article, and its headline, ?Public Employee Pensions: We Can?t Afford Them? on medjacksports.com to prompt discussion about the financial affairs of the nation. Judge Pro ruled that the posting was fair use of the article, an issue that is on appeal. Whether Righthaven retains the financial wherewithal to litigate the appeal was not immediately known. Righthaven?s chief executive, Steve Gibson, did not immediately respond for comment. Righthaven?s first client, Stephens Media of Las Vegas and operator of the Review-Journal, invested $500,000 into the Righthaven operation at its outset. With Judge Pro?s ruling, the media concern is losing financial control of hundreds of articles and photos. ?The irony of this? Perhaps those who buy the copyrights could issue DMCA notices to the Review-Journal stopping them from redistributing them?? Randazza said via an e-mail, citing the Digital Millennium Copyright Act. Stephens Media will indeed likely have to take them off its own website ? or license them from the future owner ? if it doesn?t buy the rights back itself. Other judges hearing Righthaven cases have ruled that Righthaven never had legal standing to bring infringement lawsuits, even though Stephens Media assigned the copyrights to Righthaven. Contracts between Stephens Media and Righthaven disclosed in the Righthaven litigation show that Stephens Media granted Righthaven permission to sue over the newspaper chain?s content in exchange for a 50 percent cut of all the settlements and jury awards. Most important, the agreement did not grant Righthaven license to use the content in any other way. The Electronic Frontier Foundation called the arrangement a ?sham,? and judges hearing Righthaven cases agreed. U.S. District Judge Robert Hunt ruled last year in a different case that a ?copyright owner cannot assign a bare right to sue.? Judge Hunt dismissed the case and ordered Righthaven to pay the defendant Democratic Underground blog $120,000 in defense costs, which it has not done. David Kravets is a senior staff writer for Wired.com and founder of the fake news site TheYellowDailyNews.com. He's a dad of two boys and has been a reporter since the manual typewriter days. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 13 20:06:05 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 13 Mar 2012 21:06:05 -0400 Subject: [Infowarrior] - Mozilla CEO: Don't Understand The Internet? Get Out Of Government Message-ID: Mozilla CEO: Don't Understand The Internet? Get Out Of Government By Josh Smith Updated: March 12, 2012 | 10:28 a.m. March 11, 2012 | 3:10 p.m. http://www.nationaljournal.com/tech/mozilla-ceo-don-t-understand-the-internet-get-out-of-government-20120311 AUSTIN, Texas - The Internet is a way of life for billions of people but some in Washington still don't seem to get it, Mozilla CEO Gary Kovacs said on Saturday. "If you don't understand the Internet, you don't have any place in government," he told an audience at the annual South by Southwest conference in Austin. Given the impact of the Internet on daily life, Kovacs said, he is amazed when members of Congress express a desire to hire staffers who "understand" the Internet. "It's not something you learn, or hire someone for. It has to be the way you live your life," he said. Washington and the tech industry have increasingly clashed as the impact of Internet and other tech issues grows. Mozilla joined other Internet companies and organizations like Google and Wikipedia in protesting proposed anti-piracy legislation in January. But Kovacs said through internal discussions Mozilla officials have decided to avoid wading into more political fights. "That's not our place," he said. Instead, Kovacs said Mozilla will focus more on "protecting the Web." It is incorrect to say that Web companies drove the broad online protests that ultimately scuttled the anti-piracy bills, he argued. Web sites simply "lubricated" communications between citizens and their representatives, allowing the issue to be publicized beyond people involved in technology policy. "We enabled 30 million people to take action," Kovacs said. "Thirty million people are not nerds. Thirty million people are citizens." Tech activists and companies are flexing their newfound lobbying muscles at the conference, but members of several different panels on the anti-piracy debate said many issues complicate efforts to harness that power again. Major websites took unprecedented actions during piracy protests but Tumblr vice president Andrew McLaughlin said he doesn't expect to see a wave of more politically active web companies. Instead, concerned techies should become involved as basic citizens, he said. McLaughlin, a former White House adviser, said online piracy must be addressed, but lawmakers who want to crack down on piracy should understand the way the Internet works, rather than base their decisions on a "short-sighted desire to hijack" the Internet in favor of entertainment companies or manufacturers. And it's not just politicians who need to be educated, said Andrew Rasiej, president of Personal Democracy Media, a website dedicated to Internet policy issues. Many of the people who spoke out against the anti-piracy bills did so based on information from their friends, he said. "Many didn?t even read the bill," Rasiej said. "There will need to be a lot more education on all sides." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 14 07:04:01 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Mar 2012 08:04:01 -0400 Subject: [Infowarrior] - OT: Why I Am Leaving Goldman Sachs Message-ID: Why I Am Leaving Goldman Sachs By GREG SMITH Greg Smith is resigning today as a Goldman Sachs executive director and head of the firm?s United States equity derivatives business in Europe, the Middle East and Africa. http://www.nytimes.com/2012/03/14/opinion/why-i-am-leaving-goldman-sachs.html TODAY is my last day at Goldman Sachs. After almost 12 years at the firm ? first as a summer intern while at Stanford, then in New York for 10 years, and now in London ? I believe I have worked here long enough to understand the trajectory of its culture, its people and its identity. And I can honestly say that the environment now is as toxic and destructive as I have ever seen it. To put the problem in the simplest terms, the interests of the client continue to be sidelined in the way the firm operates and thinks about making money. Goldman Sachs is one of the world?s largest and most important investment banks and it is too integral to global finance to continue to act this way. The firm has veered so far from the place I joined right out of college that I can no longer in good conscience say that I identify with what it stands for. It might sound surprising to a skeptical public, but culture was always a vital part of Goldman Sachs?s success. It revolved around teamwork, integrity, a spirit of humility, and always doing right by our clients. The culture was the secret sauce that made this place great and allowed us to earn our clients? trust for 143 years. It wasn?t just about making money; this alone will not sustain a firm for so long. It had something to do with pride and belief in the organization. I am sad to say that I look around today and see virtually no trace of the culture that made me love working for this firm for many years. I no longer have the pride, or the belief. But this was not always the case. For more than a decade I recruited and mentored candidates through our grueling interview process. I was selected as one of 10 people (out of a firm of more than 30,000) to appear on our recruiting video, which is played on every college campus we visit around the world. In 2006 I managed the summer intern program in sales and trading in New York for the 80 college students who made the cut, out of the thousands who applied. I knew it was time to leave when I realized I could no longer look students in the eye and tell them what a great place this was to work. When the history books are written about Goldman Sachs, they may reflect that the current chief executive officer, Lloyd C. Blankfein, and the president, Gary D. Cohn, lost hold of the firm?s culture on their watch. I truly believe that this decline in the firm?s moral fiber represents the single most serious threat to its long-run survival. Over the course of my career I have had the privilege of advising two of the largest hedge funds on the planet, five of the largest asset managers in the United States, and three of the most prominent sovereign wealth funds in the Middle East and Asia. My clients have a total asset base of more than a trillion dollars. I have always taken a lot of pride in advising my clients to do what I believe is right for them, even if it means less money for the firm. This view is becoming increasingly unpopular at Goldman Sachs. Another sign that it was time to leave. How did we get here? The firm changed the way it thought about leadership. Leadership used to be about ideas, setting an example and doing the right thing. Today, if you make enough money for the firm (and are not currently an ax murderer) you will be promoted into a position of influence. What are three quick ways to become a leader? a) Execute on the firm?s ?axes,? which is Goldman-speak for persuading your clients to invest in the stocks or other products that we are trying to get rid of because they are not seen as having a lot of potential profit. b) ?Hunt Elephants.? In English: get your clients ? some of whom are sophisticated, and some of whom aren?t ? to trade whatever will bring the biggest profit to Goldman. Call me old-fashioned, but I don?t like selling my clients a product that is wrong for them. c) Find yourself sitting in a seat where your job is to trade any illiquid, opaque product with a three-letter acronym. Today, many of these leaders display a Goldman Sachs culture quotient of exactly zero percent. I attend derivatives sales meetings where not one single minute is spent asking questions about how we can help clients. It?s purely about how we can make the most possible money off of them. If you were an alien from Mars and sat in on one of these meetings, you would believe that a client?s success or progress was not part of the thought process at all. It makes me ill how callously people talk about ripping their clients off. Over the last 12 months I have seen five different managing directors refer to their own clients as ?muppets,? sometimes over internal e-mail. Even after the S.E.C., Fabulous Fab, Abacus, God?s work, Carl Levin, Vampire Squids? No humility? I mean, come on. Integrity? It is eroding. I don?t know of any illegal behavior, but will people push the envelope and pitch lucrative and complicated products to clients even if they are not the simplest investments or the ones most directly aligned with the client?s goals? Absolutely. Every day, in fact. It astounds me how little senior management gets a basic truth: If clients don?t trust you they will eventually stop doing business with you. It doesn?t matter how smart you are. These days, the most common question I get from junior analysts about derivatives is, ?How much money did we make off the client?? It bothers me every time I hear it, because it is a clear reflection of what they are observing from their leaders about the way they should behave. Now project 10 years into the future: You don?t have to be a rocket scientist to figure out that the junior analyst sitting quietly in the corner of the room hearing about ?muppets,? ?ripping eyeballs out? and ?getting paid? doesn?t exactly turn into a model citizen. When I was a first-year analyst I didn?t know where the bathroom was, or how to tie my shoelaces. I was taught to be concerned with learning the ropes, finding out what a derivative was, understanding finance, getting to know our clients and what motivated them, learning how they defined success and what we could do to help them get there. My proudest moments in life ? getting a full scholarship to go from South Africa to Stanford University, being selected as a Rhodes Scholar national finalist, winning a bronze medal for table tennis at the Maccabiah Games in Israel, known as the Jewish Olympics ? have all come through hard work, with no shortcuts. Goldman Sachs today has become too much about shortcuts and not enough about achievement. It just doesn?t feel right to me anymore. I hope this can be a wake-up call to the board of directors. Make the client the focal point of your business again. Without clients you will not make money. In fact, you will not exist. Weed out the morally bankrupt people, no matter how much money they make for the firm. And get the culture right again, so people want to work here for the right reasons. People who care only about making money will not sustain this firm ? or the trust of its clients ? for very much longer. Greg Smith is resigning today as a Goldman Sachs executive director and head of the firm?s United States equity derivatives business in Europe, the Middle East and Africa. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 14 09:55:16 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Mar 2012 10:55:16 -0400 Subject: [Infowarrior] - Exclusive: Mystery Court Challenge Sheds Light on Pervasive Patriot Act Power Message-ID: <24DD42CA-9106-4749-BC1E-4F0CA257F0E3@infowarrior.org> Exclusive: Mystery Court Challenge Sheds Light on Pervasive Patriot Act Power ? By Kim Zetter ? Email Author ? March 14, 2012 | ? 6:35 am | http://www.wired.com/threatlevel/2012/03/mystery-nsl/ Sometime earlier this year, a provider of communication services in the United States ? perhaps a phone company, perhaps Twitter ? got a letter from the FBI demanding it turn over information on one, or possibly even hundreds, of its customers. The letter instructed the company to never disclose the existence of the demand to anyone ? in particular, the target of the investigation. This sort of letter is not uncommon post-9/11 and with the passage of the U.S. Patriot Act, which gave the FBI increased authority to issue so-called National Security Letters (NSLs). In 2010, the FBI sent more than 24,000 NSLs to ISPs and other companies, seeking information on more than 14,000 individuals in the U.S. The public heard about none of these letters. But this time, the company that received the request pushed back. It told the agency that it wanted to tell its customer that he or she was being targeted, which would give the customer a chance to fight the request in court, as a group of Twitter users did last year when the Justice Department sought their records under a different kind of request. The minor defiance in this latest case was enough to land the NSL request in a federal court docket last Friday, where the government filed a request for a court order to force the company to adhere to the gag order. In its petition, the government asserted that disclosure of the fact or contents of its NSL ?may endanger the national security of the United States? and urged the court to issue an order binding the company to the nondisclosure provision, or be in violation of federal law and face contempt charges. Although documents in the case are redacted to hide the identity of the company and the target of the investigation, they shed a little light on how NSLs are working these days, after a few reforms. National security letters are written demands from the FBI that compel internet service providers, credit companies, financial institutions and others to hand over confidential records about their customers, such as subscriber information, phone numbers and e-mail addresses, websites visited and more. NSLs have been used since the 1980s, but the Patriot Act expanded the kinds of records that could be obtained with them. They do not require court approval, and they come with a built-in gag order. The public has become aware of only a handful of some 300,000 NSLs handed out over the last decade, and those became public only after the recipients launched legal battles opposing them. As a result of these battles, courts have chipped away at the gag order requirement as a violation of the First Amendment, and internal watchdogs have uncovered some abuses of the FBI?s NSL authority. But the letters are still one of the FBI?s most powerful tools; a tool that is rarely discussed inside or outside Congress these days. According to documents filed in the U.S. District Court in Alexandria, Virginia, last Friday, the FBI appears to have served the unknown company with an NSL (.pdf) sometime around the end of January seeking information about a customer or customers. The company, identified only as a corporation ?with employees dispersed across the world? that offers electronic communication services to customers and account holders, was told to hand over ?electronic communications transaction? records of an unidentified target or targets. The NSL specifically excluded the contents of the communications. The NSL indicated that the company had 10 days to challenge the gag order if it intended to do so. The company did so via fax, and on March 9 the government filed a request for a court order enforcing the gag order. The legal dance is a new feature of NSLs that is the result of hard-fought battles. Before a federal appeals court struck down some of the gag provisions of NSLs, ISPs and other companies that wanted to challenge the orders had to file suit in secret in court ? now companies can simply notify the FBI in writing that they oppose the gag order. The FBI asked the court to uphold the gag order on grounds that disclosure of the NSL would harm national security. According to the government, the information it wants is relevant to an investigation involving ?international terrorism or clandestine intelligence activities.? The government also asked that any documents filed in the case, other than its initial redacted request to the court, be sealed. On Tuesday, the court issued an order granting the motion to seal records (.pdf), and also issued another sealed order whose contents are unknown. The FBI did not respond to a call seeking comment. NSLs are a powerful tool because an FBI agent looking into a possible anti-terrorism case can essentially self-issue the NSL to a credit bureau, ISP or phone company with only the sign-off of the Special Agent in Charge of their office. The FBI has to merely assert that the information is ?relevant? to an investigation. Number of NSLs Issued by the FBI 2000 8,500 2001 Unknown 2002 Unknown 2003 39,346 2004 56,507 2005 47,221 2006 49,425 2007 16,804 2008 24,744 2009 14,788 2010 24,287 2011 Unavailable Total 273,122 (Source: DoJ reports) The gag orders raise the possibility for extensive abuse of NSLs, under the cover of secrecy. In fact, in 2007, a Justice Department Inspector General audit found that the FBI, which issued almost 200,000 NSLs between 2003 and 2006, had indeed abused its authority and misused NSLs. The inspector general found that the FBI evaded limits on (and sometimes illegally issued) NSLs to obtain phone, e-mail and financial information on American citizens, and that it had also underreported the use of NSLs to Congress. In 2006 alone, the FBI issued more than 49,000 NSLs, but that number dropped dramatically to 16,804 in 2007 following the inspector general?s report. After the Justice Department claimed it instituted reforms to address the legal lapses, the number of NSLs issued increased to 24,744 in 2008. In 2010, the most recent year for which statistics are available, the FBI issued 24,287 NSLs. Two cases helped shine a light on the real-world uses of NSLs. In 2007 the Internet Archive challenged an NSL it received seeking information about one of the online library?s registered users. The Electronic Frontier Foundation challenged the constitutionality of the NSL, which ultimately resulted in the FBI rescinding the NSL and agreeing to unseal the records in the court battle. It was the first extensive look the public got at the nature of the NSL process. In 2010, Nicholas Merrill won a six-year battle to lift a gag order in relation to an NSL that he received in 2004 when he was owner of a small ISP called Calyx Internet Access. The NSL was very broad and listed 16 categories of records the FBI was seeking, including e-mail and billing records. Merrill and the ACLU filed a legal challenge under the name ?John Doe,? since they weren?t allowed to identify Merrill or the name of his ISP. The ACLU asserted that customer records were constitutionally protected information. ?Internet users do not give up their privacy rights when they log on, and the FBI should not have the power to secretly demand that ISPs turn over constitutionally protected information about their users without a court order,? Merrill told Wired. In December 2008, the Second Circuit Court of Appeals ruled that some of the gag provisions in NSLs were unconstitutional ? in part because they limited judicial review of the gag orders and forced courts to defer to the government?s assertions about the necessity of a gag order, and in part because they thwarted the ability of recipients to challenge the gag order. The case was sent back to the U.S. District Court for the Southern District of New York, forcing the government to justify the constitutionality of the gag order imposed on Merrill. In June 2009, the government introduced secret evidence to the court to justify continuing the gag order, claiming that if information were revealed about the letter it would harm an ongoing investigation. Merrill and his attorneys were prevented from learning the specifics of the evidence in order to refute it. The government was then ordered by the court to produce an unclassified summary of its evidence. The ACLU worked hard to negotiate a partial gag-lift with the government that allowed Merrill to finally identify himself in 2010, while still keeping the details of the NSL he had received secret. In return, Merrill and the ACLU agreed to drop their appeal of the case. The case helped expose the secrecy around NSLs and resulted in some First Amendment progress for entities receiving such requests ? Congress amended the law to allow recipients to challenge NSLs and gag orders, and the FBI must now also prove in court that disclosure of an NSL would harm a national security case. But it?s unclear in practice if that process has led to fewer gag orders on U.S. citizens, and better protection of civil liberties, or if it has just led to more court filings. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 14 10:14:08 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Mar 2012 11:14:08 -0400 Subject: [Infowarrior] - Major US Airport To Evict TSA Screeners Message-ID: <7D7791A7-562C-40E5-9AE7-EE14A2E443F1@infowarrior.org> Major US Airport To Evict TSA Screeners Orlando Sanford International could prompt stampede of other opt-outs Paul Joseph Watson Infowars.com Wednesday, March 14, 2012 http://www.infowars.com/major-us-airport-to-evict-tsa-screeners/ One of America?s busiest airports, Orlando Sanford International, has announced it will opt out of using TSA workers to screen passengers, a move which threatens the highly unpopular federal agency?s role in other airports across the nation. ?The president of the airport said Tuesday that he would apply again to use private operators to screen passengers, using federal standards and oversight,? reports the Miami Herald. With Sanford International having originally been prevented by the TSA from opting out back in November 2010 when the federal agency froze the ability for airports to use their own private screeners, a law passed by the Senate last month forces the TSA to reconsider applications. Larry Dale hinted that the move was motivated by the innumerable horror stories passengers have told of their encounters with the TSA, noting that the change was designed to provide a more ?customer friendly? operation. The agency has been slow to reissue the guidelines on the the rule change, prompting Republican Representatives John Mica of Florida, Darrell Issa of California and Jason Chaffetz of Utah to press TSA head John Pistole to implement the mandate. Appearing at Orlando Sanford International yesterday, Mica said he had written to 200 airports advising them of the opportunity to op out of using TSA screeners. Orlando Sanford is in the top 30 busiest airports in the world, with large numbers of takeoffs and landings. The TSA has been keen to downplay the opportunity for airports to dispense with their screeners, fearing a mass exodus that could undermine the justification for the agency?s continued existence, especially given the fact that its reputation has been repeatedly savaged by a number of scandals. The most recent controversy involved a viral You Tube video created by engineer Jon Corbett which demonstrated how the TSA?s body scanners were virtually useless because they are unable to detect objects carried on the side of the body carried in a pocket. The TSA responded by threatening the media not to cover the issue while putting out a blog statement that completely failed to rebut the claims made by Corbett. A November 2010 poll found that the TSA?s ?enhanced pat downs,? some of which include touching genitalia, angered 57% of regular adult fliers. West Yellowstone Airport in Montana has already replaced its TSA screeners with private security. Bert Mooney Airport, also in Montana, is attempting to do the same. However, when Texas lawmakers attempted to pass a bill last year that would have outlawed invasive TSA pat downs, the feds threatened to implement a blockade that would have imposed a de facto ?no fly zone? over the lone star state. Kicking out the incompetent, criminally-inclined and abusive TSA across the nation will not only encourage millions of peeved Americans to start flying again, pumping much needed money into the travel industry, it will also create thousands of new private sector jobs. ********************* Paul Joseph Watson is the editor and writer for Prison Planet.com. He is the author of Order Out Of Chaos. Watson is also a regular fill-in host for The Alex Jones Show and Infowars Nightly News. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 14 14:06:10 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Mar 2012 15:06:10 -0400 Subject: [Infowarrior] - Study Confirms The Government Produces The Buggiest Software Message-ID: <4F84511E-9568-4292-84B7-58ADA3F34613@infowarrior.org> 0PM |5,818 views Study Confirms The Government Produces The Buggiest Software http://www.forbes.com/sites/andygreenberg/2012/03/13/study-confirms-governments-produce-the-buggiest-software/ Humans aren?t generally very good at writing secure code. But it seems they?re even worse at it when they?re an employee of a government bureaucracy or hired as unaccountable federal contractors. In a talk at the Black Hat Europe security conference in Amsterdam later this week, security researcher and chief technology officer of bug-hunting firm Veracode Chris Wysopal plans to give a talk breaking down the company?s analysis of 9,910 software applications over the second half of 2010 and 2011, automatically scanning them for errors that a hacker can be use to compromise a website or a user?s PC. And one result of that analysis is that government software developers are allowing significantly more hackable security flaws to find their way into their code than their private industry counterparts. According to Veracode?s analysis across industry and government, fully eight out of ten apps failed to fully live up to the company?s security criteria. But breaking down the results between U.S. government and private sector software, the government programs, 80% of which were built for federal agencies rather than state or local, came out worse. Measuring its collection of apps against the standards of the Open Web Application Security Project or OWASP, Veracode found that only 16% of government web applications were secure, compared with 24% of finance industry software and 28% of commercial software. And using criteria of the security-focused education group SANS to gauge offline applications, the study found that 18% of government apps passed, compared with 28% of finance industry apps and 34% of commercial software. ?The government acts like security is the problem of the commercial sector and they?re going to regulate everyone,? says Veracode?s Wysopal. ?But if you look at this, private industry is definitely ahead of government.? When Veracode dug into specific vulnerabilities of web applications, it found that 40% of government web apps were vulnerable to SQL injection?a trick that uses hidden commands to hijack a database and was used repeatedly by the hacker groups Anonymous and LulzSec in their rampage through government and federal contractor systems last year?compared with 29% of web applications written by the finance industry and 30% written by the commercial software industry. For cross-site scripting, which allows an attacker to inject his or her own code into a website, 75% of government-written applications were vulnerable, compared with 67% in the finance industry and 55% of commercial software. That institutional insecurity, says Alan Paller, researcher director of the SANS Institute, is the result of a private contractor system that actually rewards insecure coding. ?The consequences for private sector software writers who write insecure code in commercial software is high costs for patching along with substantial embarrassment for their companies and job insecurity for them,? he says. ?In contrast, the consequences for private sector software writers who write insecure code for the government is contract add-ons to fix the problem, and more revenue for their companies and job security for them.? ?You?d think they?d be really worried about someone asking a fix to a security problem. But those are just called change orders. And that?s how a project manager makes his bonus,? Paller adds. ?I?m not claiming that contractors aren?t trying to do the right thing. But this is how the incentives are built.? Those incentives have led to government bugs persisting even as the rest of the industry starts to clean up its act, says Veracode?s Wysopal. While SQL injection and cross-site scripting vulnerabilities have have dropped off in private industry over the last two years, they?ve remained statistically flat for governments. The problem boils down to an oversight in the regulations for government software set by the National Institute of Standards and Technology, says Wysopal. NIST?s rules outline security standards for network security?systems like firewalls and intrusion detection systems?as well as endpoint security like antivirus programs. But only the latest round of its regulations included standards for coding secure applications, and even those didn?t extend to most of the government?s web applications. ?We?re zeroing in on the application layer, but that?s something that?s been pretty much ignored in the government space,? says Wysopal. ?They don?t take a risk-based approach. They take a compliance-based approach. If it?s not in the regulations, it doesn?t get done.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 14 17:40:47 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Mar 2012 18:40:47 -0400 Subject: [Infowarrior] - RIAA chief: ISPs to start policing copyright by July 12 Message-ID: RIAA chief: ISPs to start policing copyright by July 12 Comcast, Time Warner and Verizon are among the ISPs preparing to implement a graduated response to piracy by July, says the music industry's chief lobbyist. by Greg Sandoval March 14, 2012 12:14 PM PDT http://news.cnet.com/8301-31001_3-57397452-261/riaa-chief-isps-to-start-policing-copyright-by-july-12/ NEW YORK--The country's largest Internet service providers haven't given up on the idea of becoming copyright cops. Last July, Comcast, Cablevision, Verizon, and Time Warner Cable and other bandwidth providers announced that they had agreed to adopt policies designed to discourage customers from illegally downloading music, movies and software. Since then, the ISPs have been very quiet about their antipiracy measures. But during a panel discussion before a gathering of U.S. publishers here today, Cary Sherman, CEO of the Recording Industry Association of America, said most of the participating ISPs are on track to begin implementing the program by July 12. Many copyright owners say this could become the most effective antipiracy program ever. Since ISPs are the Internet's gatekeepers, the theory is that network providers are in the best position to fight illegal file sharing. CNET broke the news last June that the RIAA and counterparts at the trade group for the big film studios, had penned the deal--with the help of the White House. Sherman told attendees of the Association of American Publishers' annual meeting, that planners had always said that setting up an antipiracy program like this could take a year. He told CNET following his panel that the process isn't as easy as turning on a switch. "Each ISP has to develop their infrastructure for automating the system," Sherman said. They need this "for establishing the database so they can keep track of repeat infringers, so they know that this is the first notice or the third notice. Every ISP has to do it differently depending on the architecture of its particular network. Some are nearing completion and others are a little further from completion." The program, commonly referred to as "graduated response," requires that ISPs send out one or two educational notices to those customers who are accused of downloading copyrighted content illegally. If the customer doesn't stop, the ISP is then asked to send out "confirmation notices" asking that they confirm they have received notice. At that time, the accused customers will also be informed of the risks they incur if they don't stop pirating material. If the customer is flagged for pirating again, the ISP can then ratchet up the pressure. Participating ISPs can choose from a list of penalties, or what the RIAA calls "mitigation measures," which include throttling down the customer's connection speed and suspending Web access until the subscriber agrees to stop pirating. The ISPs can waive the mitigation measure if they choose and not one of the service providers has agreed to terminate service. The partnership with the major bandwidth providers was years in the making and the deal pumped lots of confidence into copyright lobby. After the White House and other state and federal lawmakers showed support for the deal, leaders at the RIAA and Motion Picture Association of Americ (MPAA) believed they had the momentum to get anti-piracy legislation passed in Congress. They were wrong of course. The Stop Online Piracy Act and Protect IP Act were run off the rails mostly by the tech sector. It will be interesting to see how the tech sector reacts once accused Internet pirates begin having their Web access suspended. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 14 17:47:23 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 14 Mar 2012 18:47:23 -0400 Subject: [Infowarrior] - Think Again: Cyberwar Message-ID: <857E03AE-3AE0-4A70-8EE0-87D247D1D272@infowarrior.org> Think Again: Cyberwar Don't fear the digital bogeyman. Virtual conflict is still more hype than reality. BY THOMAS RID | MARCH/APRIL 2012 http://www.foreignpolicy.com/articles/2012/02/27/cyberwar?print=yes&hidecomments=yes&page=full "Cyberwar Is Already Upon Us." No way. "Cyberwar is coming!" John Arquilla and David Ronfeldt predicted in a celebrated Rand paper back in 1993. Since then, it seems to have arrived -- at least by the account of the U.S. military establishment, which is busy competing over who should get what share of the fight. Cyberspace is "a domain in which the Air Force flies and fights," Air Force Secretary Michael Wynne claimed in 2006. By 2012, William J. Lynn III, the deputy defense secretary at the time, was writing that cyberwar is "just as critical to military operations as land, sea, air, and space." In January, the Defense Department vowed to equip the U.S. armed forces for "conducting a combined arms campaign across all domains -- land, air, maritime, space, and cyberspace." Meanwhile, growing piles of books and articles explore the threats of cyberwarfare, cyberterrorism, and how to survive them. Time for a reality check: Cyberwar is still more hype than hazard. Consider the definition of an act of war: It has to be potentially violent, it has to be purposeful, and it has to be political. The cyberattacks we've seen so far, from Estonia to the Stuxnet virus, simply don't meet these criteria. Take the dubious story of a Soviet pipeline explosion back in 1982, much cited by cyberwar's true believers as the most destructive cyberattack ever. The account goes like this: In June 1982, a Siberian pipeline that the CIA had virtually booby-trapped with a so-called "logic bomb" exploded in a monumental fireball that could be seen from space. The U.S. Air Force estimated the explosion at 3 kilotons, equivalent to a small nuclear device. Targeting a Soviet pipeline linking gas fields in Siberia to European markets, the operation sabotaged the pipeline's control systems with software from a Canadian firm that the CIA had doctored with malicious code. No one died, according to Thomas Reed, a U.S. National Security Council aide at the time who revealed the incident in his 2004 book, At the Abyss; the only harm came to the Soviet economy. But did it really happen? After Reed's account came out, Vasily Pchelintsev, a former KGB head of the Tyumen region, where the alleged explosion supposedly took place, denied the story. There are also no media reports from 1982 that confirm such an explosion, though accidents and pipeline explosions in the Soviet Union were regularly reported in the early 1980s. Something likely did happen, but Reed's book is the only public mention of the incident and his account relied on a single document. Even after the CIA declassified a redacted version of Reed's source, a note on the so-called Farewell Dossier that describes the effort to provide the Soviet Union with defective technology, the agency did not confirm that such an explosion occurred. The available evidence on the Siberian pipeline blast is so thin that it shouldn't be counted as a proven case of a successful cyberattack. Most other commonly cited cases of cyberwar are even less remarkable. Take the attacks on Estonia in April 2007, which came in response to the controversial relocation of a Soviet war memorial, the Bronze Soldier. The well-wired country found itself at the receiving end of a massive distributed denial-of-service attack that emanated from up to 85,000 hijacked computers and lasted three weeks. The attacks reached a peak on May 9, when 58 Estonian websites were attacked at once and the online services of Estonia's largest bank were taken down. "What's the difference between a blockade of harbors or airports of sovereign states and the blockade of government institutions and newspaper websites?" asked Estonian Prime Minister Andrus Ansip. Despite his analogies, the attack was no act of war. It was certainly a nuisance and an emotional strike on the country, but the bank's actual network was not even penetrated; it went down for 90 minutes one day and two hours the next. The attack was not violent, it wasn't purposefully aimed at changing Estonia's behavior, and no political entity took credit for it. The same is true for the vast majority of cyberattacks on record. Indeed, there is no known cyberattack that has caused the loss of human life. No cyberoffense has ever injured a person or damaged a building. And if an act is not at least potentially violent, it's not an act of war. Separating war from physical violence makes it a metaphorical notion; it would mean that there is no way to distinguish between World War II, say, and the "wars" on obesity and cancer. Yet those ailments, unlike past examples of cyber "war," actually do kill people. Illustration by Francesco Bongiorni for FP "A Digital Pearl Harbor Is Only a Matter of Time." Keep waiting. U.S. Defense Secretary Leon Panetta delivered a stark warning last summer: "We could face a cyberattack that could be the equivalent of Pearl Harbor." Such alarmist predictions have been ricocheting inside the Beltway for the past two decades, and some scaremongers have even upped the ante by raising the alarm about a cyber 9/11. In his 2010 book, Cyber War, former White House counterterrorism czar Richard Clarke invokes the specter of nationwide power blackouts, planes falling out of the sky, trains derailing, refineries burning, pipelines exploding, poisonous gas clouds wafting, and satellites spinning out of orbit -- events that would make the 2001 attacks pale in comparison. But the empirical record is less hair-raising, even by the standards of the most drastic example available. Gen. Keith Alexander, head of U.S. Cyber Command (established in 2010 and now boasting a budget of more than $3 billion), shared his worst fears in an April 2011 speech at the University of Rhode Island: "What I'm concerned about are destructive attacks," Alexander said, "those that are coming." He then invoked a remarkable accident at Russia's Sayano-Shushenskaya hydroelectric plant to highlight the kind of damage a cyberattack might be able to cause. Shortly after midnight on Aug. 17, 2009, a 900-ton turbine was ripped out of its seat by a so-called "water hammer," a sudden surge in water pressure that then caused a transformer explosion. The turbine's unusually high vibrations had worn down the bolts that kept its cover in place, and an offline sensor failed to detect the malfunction. Seventy-five people died in the accident, energy prices in Russia rose, and rebuilding the plant is slated to cost $1.3 billion. Tough luck for the Russians, but here's what the head of Cyber Command didn't say: The ill-fated turbine had been malfunctioning for some time, and the plant's management was notoriously poor. On top of that, the key event that ultimately triggered the catastrophe seems to have been a fire at Bratsk power station, about 500 miles away. Because the energy supply from Bratsk dropped, authorities remotely increased the burden on the Sayano-Shushenskaya plant. The sudden spike overwhelmed the turbine, which was two months shy of reaching the end of its 30-year life cycle, sparking the catastrophe. If anything, the Sayano-Shushenskaya incident highlights how difficult a devastating attack would be to mount. The plant's washout was an accident at the end of a complicated and unique chain of events. Anticipating such vulnerabilities in advance is extraordinarily difficult even for insiders; creating comparable coincidences from cyberspace would be a daunting challenge at best for outsiders. If this is the most drastic incident Cyber Command can conjure up, perhaps it's time for everyone to take a deep breath. JUNG YEON-JE/AFP/Getty Images "Cyberattacks Are Becoming Easier." Just the opposite. U.S. Director of National Intelligence James R. Clapper warned last year that the volume of malicious software on American networks had more than tripled since 2009 and that more than 60,000 pieces of malware are now discovered every day. The United States, he said, is undergoing "a phenomenon known as 'convergence,' which amplifies the opportunity for disruptive cyberattacks, including against physical infrastructures." ("Digital convergence" is a snazzy term for a simple thing: more and more devices able to talk to each other, and formerly separate industries and activities able to work together.) Just because there's more malware, however, doesn't mean that attacks are becoming easier. In fact, potentially damaging or life-threatening cyberattacks should be more difficult to pull off. Why? Sensitive systems generally have built-in redundancy and safety systems, meaning an attacker's likely objective will not be to shut down a system, since merely forcing the shutdown of one control system, say a power plant, could trigger a backup and cause operators to start looking for the bug. To work as an effective weapon, malware would have to influence an active process -- but not bring it to a screeching halt. If the malicious activity extends over a lengthy period, it has to remain stealthy. That's a more difficult trick than hitting the virtual off-button. Take Stuxnet, the worm that sabotaged Iran's nuclear program in 2010. It didn't just crudely shut down the centrifuges at the Natanz nuclear facility; rather, the worm subtly manipulated the system. Stuxnet stealthily infiltrated the plant's networks, then hopped onto the protected control systems, intercepted input values from sensors, recorded these data, and then provided the legitimate controller code with pre-recorded fake input signals, according to researchers who have studied the worm. Its objective was not just to fool operators in a control room, but also to circumvent digital safety and monitoring systems so it could secretly manipulate the actual processes. Building and deploying Stuxnet required extremely detailed intelligence about the systems it was supposed to compromise, and the same will be true for other dangerous cyberweapons. Yes, "convergence," standardization, and sloppy defense of control-systems software could increase the risk of generic attacks, but the same trend has also caused defenses against the most coveted targets to improve steadily and has made reprogramming highly specific installations on legacy systems more complex, not less. EBRAHIM NOROOZI/AFP/Getty Images "Cyberweapons Can Create Massive Collateral Damage." Very unlikely. When news of Stuxnet broke, the New York Times reported that the most striking aspect of the new weapon was the "collateral damage" it created. The malicious program was "splattered on thousands of computer systems around the world, and much of its impact has been on those systems, rather than on what appears to have been its intended target, Iranian equipment," the Times reported. Such descriptions encouraged the view that computer viruses are akin to highly contagious biological viruses that, once unleashed from the lab, will turn against all vulnerable systems, not just their intended targets. But this metaphor is deeply flawed. As the destructive potential of a cyberweapon grows, the likelihood that it could do far-reaching damage across many systems shrinks. Stuxnet did infect more than 100,000 computers -- mainly in Iran, Indonesia, and India, though also in Europe and the United States. But it was so specifically programmed that it didn't actually damage those machines, afflicting only Iran's centrifuges at Natanz. The worm's aggressive infection strategy was designed to maximize the likelihood that it would reach its intended target. Because that final target was not networked, "all the functionality required to sabotage a system was embedded directly in the Stuxnet executable," the security software company Symantec observed in its analysis of the worm's code. So yes, Stuxnet was "splattered" far and wide, but it only executed its damaging payload where it was supposed to. Collateral infection, in short, is not necessarily collateral damage. A sophisticated piece of malware may aggressively infect many systems, but if there is an intended target, the infection will likely have a distinct payload that will be harmless to most computers. Especially in the context of more sophisticated cyberweapons, the image of inadvertent collateral damage doesn't hold up. They're more like a flu virus that only makes one family sick. RAIGO PAJULA/AFP/Getty Images "In Cyberspace, Offense Dominates Defense." Wrong again. The information age has "offense-dominant attributes," Arquilla and Ronfeldt wrote in their influential 1996 book, The Advent of Netwar. This view has spread through the American defense establishment like, well, a virus. A 2011 Pentagon report on cyberspace stressed "the advantage currently enjoyed by the offense in cyberwarfare." The intelligence community stressed the same point in its annual threat report to Congress last year, arguing that offensive tactics -- known as vulnerability discovery and exploitation -- are evolving more rapidly than the federal government and industry can adapt their defensive best practices. The conclusion seemed obvious: Cyberattackers have the advantage over cyberdefenders, "with the trend likely getting worse over the next five years." A closer examination of the record, however, reveals three factors that put the offense at a disadvantage. First is the high cost of developing a cyberweapon, in terms of time, talent, and target intelligence needed. Stuxnet, experts speculate, took a superb team and a lot of time. Second, the potential for generic offensive weapons may be far smaller than assumed for the same reasons, and significant investments in highly specific attack programs may be deployable only against a very limited target set. Third, once developed, an offensive tool is likely to have a far shorter half-life than the defensive measures put in place against it. Even worse, a weapon may only be able to strike a single time; once the exploits of a specialized piece of malware are discovered, the most critical systems will likely be patched and fixed quickly. And a weapon, even a potent one, is not much of a weapon if an attack cannot be repeated. Any political threat relies on the credible threat to attack or to replicate a successful attack. If that were in doubt, the coercive power of a cyberattack would be drastically reduced. ALEXEY DRUZHININ/AFP/Getty Images "We Need a Cyberarms Control Agreement." We don't. Cyberwar alarmists want the United States to see cybersecurity as a new challenge on a geopolitical scale. They see cyberspace becoming a new area for military competition with rivals such as Russia and China, and they believe new cyberarms limitation agreements are needed to prevent this. There are some rumblings to establish international norms on this topic: The British government convened a conference in London in late 2011, originally intended to make the Internet more secure by agreeing on new rules of the road, and Russia and China proposed at the U.N. General Assembly last September the establishment of an "international code of conduct for information security." Now, diplomats are debating whether the United Nations should try to forge the equivalent of nuclear arms control in cyberspace. So, should it? The answer is no. Attempts to limit cyberweapons through international agreements have three principal problems. The first difficulty is drawing the line between cybercrime and potentially political activity in cyberspace. In January, for instance, a Saudi hacker stole about 20,000 Israeli credit card numbers from a shopping website and leaked the information to the public. In retaliation, a group of Israeli hackers broke into Saudi shopping sites and threatened to release private credit card information. Where is the dividing line? Even if it were possible to distinguish criminal from state-sponsored political activity, they often use the same means. A second hitch is practical: Verification would be impossible. Accurately counting the size of nuclear arsenals and monitoring enrichment activities is already a huge challenge; installing cameras to film programmers and "verify" they don't design malicious software is a pipe dream. The third problem is political, and even more fundamental: Cyberaggressors may act politically, but in sharp contrast with warfare, they are likely to have a strong interest in avoiding attribution. Subversion has always thrived in cyberspace because preserving one's anonymity is easier to achieve than ironclad attribution. That's the root of the political problem: Having a few states agree on cyberarms limitation is about as realistic as a treaty to outlaw espionage and about as practical as outlawing the general subversion of established order. Aude GENET/AFP/Getty Images "The West Is Falling Behind Russia and China." Yes, but not how you think. Russia and China are busy sharpening their cyberweapons and are already well steeped in using them. The Russian military clandestinely crippled Estonia's economy in 2007 and Georgia's government and banks in 2008. The People's Liberation Army's numerous Chinese cyberwarriors have long inserted "logic bombs" and "trapdoors" into America's critical infrastructure, lying dormant and ready to wreak havoc on the country's grid and bourse in case of a crisis. Both countries have access to technology, cash, and talent -- and have more room for malicious maneuvers than law-abiding Western democracies poised to fight cyberwar with one hand tied behind their backs. Or so the alarmists tell us. Reality looks quite different. Stuxnet, by far the most sophisticated cyberattack on record, was most likely a U.S.-Israeli operation. Yes, Russia and China have demonstrated significant skills in cyberespionage, but the fierceness of Eastern cyberwarriors and their coded weaponry is almost certainly overrated. When it comes to military-grade offensive attacks, America and Israel seem to be well ahead of the curve. Ironically, it's a different kind of cybersecurity that Russia and China may be more worried about. Why is it that those countries, along with such beacons of liberal democracy as Uzbekistan, have suggested that the United Nations establish an "international code of conduct" for cybersecurity? Cyberespionage was elegantly ignored in the suggested wording for the convention, as virtual break-ins at the Pentagon and Google remain a favorite official and corporate pastime of both countries. But what Western democracies see as constitutionally protected free speech in cyberspace, Moscow and Beijing regard as a new threat to their ability to control their citizens. Cybersecurity has a broader meaning in non-democracies: For them, the worst-case scenario is not collapsing power plants, but collapsing political power. The social media-fueled Arab Spring has provided dictators with a case study in the need to patrol cyberspace not only for subversive code, but also for subversive ideas. The fall of Egypt's Hosni Mubarak and Libya's Muammar al-Qaddafi surely sent shivers down the spines of officials in Russia and China. No wonder the two countries asked for a code of conduct that helps combat activities that use communications technologies -- "including networks" (read: social networks) -- to undermine "political, economic and social stability." So Russia and China are ahead of the United States, but mostly in defining cybersecurity as the fight against subversive behavior. This is the true cyberwar they are fighting. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 15 06:53:23 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2012 07:53:23 -0400 Subject: [Infowarrior] - View: Drones Overhead in U.S. Need to Fly Within Privacy Rules Message-ID: <2EC55CAF-FD51-4B2F-9223-551298505E84@infowarrior.org> Drones Overhead in U.S. Need to Fly Within Privacy Rules: View Illustration by Bloomberg View By the Editors Mar 14, 2012 7:01 PM ET http://www.bloomberg.com/news/2012-03-14/drones-in-u-s-need-to-fly-within-privacy-rules-view.html Consider the Qube. It?s 3 feet long, weighs about 5 pounds and can be assembled in a jiffy. It?s equipped with thermal and high-resolution cameras. It can fly all by itself, for 40 minutes at a time, hovering noiselessly at up to 500 feet. And it films all it sees. The Qube, made by AeroVironment Inc. (AVAV), is one model in a growing fleet of drones -- or, technically, unmanned aerial vehicles -- now plying the skies above the U.S., piloted remotely by National Guard units and Customs and Border Protection agents, for just two examples. These machines have proved invaluable in war zones, and their expanding use domestically holds great promise. But surveillance drones also create daunting privacy concerns. The Federal Aviation Administration now requires government and research organizations to apply for authorization before they can operate such aircraft. A bill signed Feb. 14, however, charges the FAA with speeding up the approval process for new operators and with fully integrating drones into American airspace by Sept. 30, 2015. As it does so, the FAA, working with other agencies, should take steps to help ensure that drones fly within the parameters of the Constitution. Advantages, Concerns The advantages of unmanned aircraft are plain. Governments or aid groups could use them to coordinate disaster relief. Police could track fleeing suspects or search for missing people. Urban planners and first responders could monitor traffic jams, fires or floods in real time. But it?s easy to imagine how drone surveillance could begin to violate civil liberties. Drones will enable far stealthier and more sophisticated surveillance over a far greater range than police helicopters ever could. Did we mention that some drones can intercept communications? Or peer through windows? Or that, someday soon, they could be equipped with facial- recognition technology? Recreational drones are largely unregulated, save for the FAA?s modest guidance for model airplanes. A jilted lover stalking an ex might find one useful. So might a drug dealer, an unscrupulous tabloid reporter or a helicopter parent (quite literally now). So might a terrorist. They?re all free to construct one in their garage. The market for unmanned aircraft seems likely to grow. Congress recently increased research and development financing for drones by about 16 percent, to $2.02 billion in fiscal 2012, according to Bloomberg Government data. The Defense Department said it may continue to increase drone funding even as it scales back other programs. Only 1 percent of the 18,000 or so local law-enforcement agencies in the U.S. have access to a manned aircraft; many more will find uses for the far-cheaper unmanned variety. So, how can we safeguard privacy in this new era? Start by requiring police to obtain warrants for drone use that would violate reasonable privacy, except in clearly defined emergencies or to stop a crime in progress. Government agencies should notify the public of any continuous monitoring they plan -- say, of traffic trouble spots -- and post a list of such programs online. Personally identifiable data collected by drones, unless part of a criminal investigation, should be subject to fair information practice principles. These require notice that data is being collected about you, choice about how it is used, access to your own collected data and protection of its security. Retaining or sharing such information should be strictly regulated. Licenses Needed Private owners of drones should also be required to obtain FAA approval for their aircraft and a license to operate it. In doing so, they should be alerted to potential violations of private-property rights and state privacy laws. Finally, the FAA should clarify what constitutes appropriate use of unmanned aircraft. It should release the names and organizations of all the public drone operators receiving authorization. And it should study the impact that expanded drone use will have on civil liberties. The agency is accustomed to regulating safety, not privacy. As more and more drones come under its authority, its role should evolve. Privacy, of course, is only one problem facing the widespread adoption of unmanned aircraft. Pilots? groups have raised safety concerns because the technology required for drones to ?sense and avoid? other aircraft isn?t up to snuff. Emergency shutdown procedures and other precautions also need to be clarified. Properly regulated, drones have the potential to vastly improve our lives. But you don?t have to be a technophobe to fear the consequences of a self-imposed panopticon. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 15 07:04:35 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2012 08:04:35 -0400 Subject: [Infowarrior] - Anonymous Releases Its Own Linux-based Operating System Message-ID: <8980846D-B80A-443A-88D1-5A3D8D8AA6D9@infowarrior.org> (Do your own due diligence, obviously! --rick) Anonymous Releases Its Own Linux-based Operating System 5:00 AM - March 15, 2012 by Kevin Parrish - source: The Hacker News http://www.tomshardware.com/news/Anonymous-Ubuntu-Hactivist-operating-system-Tor-browser,15024.html Anonymous has released an operating system based on Ubuntu 11.10 called Anonymous-OS. We "expect" Anonymous to launch coordinated DDoS attacks on sites that fall within their wrath. We "expect" Anonymous to be vocal about beliefs on political corruption and the rights of everyday people. But what we didn't expect to see was an actual operating system from the hactivist group, yet it seemingly makes perfect sense given their view of governments and corporations worldwide. Called Anonymous-OS Live, the 32-bit platform is built on top of the open-source Linux-based Ubuntu 11.10 operating system. It uses the Mate desktop and comes packed with pre-installed software including the Tor browser, Hash Identifier, XChat IRC, SQL Poison, Find Host IP, ParolaPass Password Generator, Anonymous HOIC and more. According to the Anonymous-OS website, the platform was created for "educational purposes" while also designed for checking the security of web pages. Users can boot with the new OS by creating a LiveUSB using Unetbootin which is located here. But given that the OS wasn't developed by any Genuine Source, curious downloaders should use the software with extreme caution, as it could be back-doored by any law enforcement company or hacker. "Please don?t use any tool to destroy any web page," Anonymous states. "If you attack to any web page, [you] might end up in jail because it's a crime in most countries. The user has total responsibility for any illegal act." Anonymous-OS Live v0.1 is free and available immediately for download by heading here (1.4 GB). Downloads have already surpassed 4,600 and the group says it is currently trying to respond to all feedback emails as quickly as possible. They also claim that the OS is 100-percent safe to use... just like any other Linux distribution. From rforno at infowarrior.org Thu Mar 15 07:48:34 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2012 08:48:34 -0400 Subject: [Infowarrior] - PayPal Revises Policies to Allow Legal Fiction Message-ID: PayPal Revises Policies to Allow Legal Fiction http://blog.smashwords.com/2012/03/paypal-revises-policies-to-allow-legal.html In a victory for free speech, PayPal today announced plans to revise their content policies to allow Smashwords writers full freedom to publish and sell legal ebooks. I met with PayPal at their offices yesterday in San Jose. They outlined their proposed policy changes for me. I was impressed. This is a victory for all writers and readers. It removes credit card companies, banks and payment processors from the business of censoring legal fiction. It creates a new precedent that should allow other payment processors who have previously discriminated against legal fiction to relax their policies. It will make more fiction more available to more readers. It gives writers greater freedom to express themselves. It gives readers more freedom to decide what they want to experience in the privacy of their own imagination. If you haven't followed the Paypal censorship saga, you can see how the campaign developed by reading my email dispatches to Smashwords authors, publishers and customers. They're archived in the Smashwords Press Room (see PayPal #1, #2, #3, #4, #5). When I received the first email from PayPal February 18 with the ultimatum to remove certain erotica content or face loss of PayPal services at Smashwords, my first inclination was to try to limit the damage so we could protect mainstream erotica from further censorship incursion. Thanks to the outpouring of opposition to these policies, I saw an opportunity to make PayPal our partner in a greater campaign to protect all legal fiction from censorship. Credit for this breakthrough goes to the indie author community who made phone calls, wrote letters and emails, blogged and tweeted; bloggers who raised visibility of the issue; advocacy groups such as the Electronic Frontier Foundation (EFF), The American Booksellers Foundation for Free Expression (ABFFE) and the National Coalition Against Censorship (NCAC) who were the first to stand up for our authors; mainstream media who raised visibility of the story to greater levels; and last but not least, PayPal. PayPal worked with us in the spirit of partnership to understand the issues, understand Smashwords and how we represent a new model for publishing outside the traditional gatekeeping system, and to understand that fiction is fiction and literary merit should be determined by readers. I'm sending out an email today to all Smashwords authors and publishers with more details and thanks. An archived version is in the Smashwords press room here. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 15 07:51:04 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2012 08:51:04 -0400 Subject: [Infowarrior] - =?windows-1252?q?Company_Threatens_to_Sue_Public_?= =?windows-1252?q?Intelligence_Over_Trademark_It_Doesn=92t_Even_Own?= Message-ID: <150B0D03-8392-4B7A-8CA7-58511560A08E@infowarrior.org> Company Threatens to Sue Public Intelligence Over Trademark It Doesn?t Even Own A well-known company specializing in forensic accounting and fraud investigations has threatened to sue Public Intelligence for infringing on a trademark that the company does not even own. Kessler International, a company founded by former Deputy Inspector General of the New York Metropolitan Transit Authority Michael G. Kessler, issued the threat on March 7, 2012 demanding that this website remove a Sprint/Nextel law enforcement guide for subpoenaing subscriber information because it happens to mention the word ?Fraudbuster? on approximately three pages. The threat states that the publication of the document constitutes trademark infringement because ?FRAUDBUSTERS? is the registered trademark of Kessler International. The threat also demands that we sign an agreement to never again infringe on their trademark and pay them any profits that we have earned from our unauthorized use of their trademark. Though we are used to receiving unfounded and abusive takedown notices, this is the most egregious threat we have ever received for a number of reasons: < - > http://publicintelligence.net/fraudbuster/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 15 07:58:58 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2012 08:58:58 -0400 Subject: [Infowarrior] - How the business press forgot the rest of us Message-ID: <5FC4C5AC-C316-4C53-828B-1D7C20874CF6@infowarrior.org> Cover Story, The Audit ? January / February 2012 A Narrowed Gaze How the business press forgot the rest of us By Dean Starkman http://www.cjr.org/cover_story/a_narrowed_gaze.php?page=all (Dean Starkman runs The Audit, the business section of the Columbia Journalism Review, and is CJR?s Kingsford Capital Fellow. This article was presented with the assistance of The Nation Institute, for which we are grateful. It will inform Starkman?s book, The Watchdog That Didn?t Bark: the Financial Crisis and the Financial Press, to be published in the fall of 2012 by Columbia University Press, as part of the new Columbia Journalism Review Book Series.*) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 15 10:50:20 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2012 11:50:20 -0400 Subject: [Infowarrior] - Anonymous claiming "its" OS is fake Message-ID: The fun continues..... (c/o EB) fwiw, Anonymous claims the purported Anonymous OS is fake: http://thenextweb.com/insider/2012/03/15/anonymous-claims-that-the-operating-system-anonymous-os-is-fake/ http://anonops.blogspot.com/p/newsroom.html https://twitter.com/#!/anonops --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 15 11:08:23 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2012 12:08:23 -0400 Subject: [Infowarrior] - U.S., Britain releasing oil from SPR Message-ID: <065ECB52-9B05-4A8B-8333-3D7734EF69C2@infowarrior.org> (On a side note, the #1 bidder for this oil by volume, according to the DOE? JP Morgan. Not an energy company, but a TBTF *bank*. --rick) Bidders List: http://www.scribd.com/doc/59478483/SPR-Bidders Exclusive: U.S., Britain to agree emergency oil stocks release 11:33am EDT By Richard Mably http://www.reuters.com/article/2012/03/15/us-oil-reserves-idUSBRE82E0UM20120315 LONDON (Reuters) - Britain has decided to cooperate with the United States in a bilateral agreement to release strategic oil stocks, two British sources said, in an effort to prevent high fuel prices derailing economic growth in an election year. A formal request from the United States to the UK to join forces in a release of oil from government-controlled reserves is expected "shortly" following a meeting on Wednesday in Washington between President Barack Obama and Prime Minister David Cameron, who discussed the issue, one source said. Britain would respond positively, the two sources said. "We regularly consult with the British on energy issues and any discussion that we had was in that context. We will continue to monitor the situation and consult with them and others," an Obama administration official said. Rising world oil prices, up to $125 a barrel for Brent crude, have pushed gasoline prices up sharply this year and threaten to choke economic recovery ahead of Obama's bid for re-election in November. Details of the timing, volume and duration of the emergency drawdown have yet to be settled but a detailed agreement is expected by the summer, one of the sources said. Other countries may also be approached by Washington to contribute, a further source said, Japan among them. Previous emergency oil drawdowns, the latest last year, have been coordinated by the 28-member Paris-based International Energy Agency (IEA) to meet its mandate to cover substantial supply disruptions on the world oil market. Libyan oil production was closed for much of last year during civil war. The IEA so far has resisted pressure to coordinate a broader release, saying that countries may legitimately decide to release oil unilaterally. "The Obama administration can only take so much political pain from rising gasoline prices, which pose a serious threat to the economy and the president's re-election," said Bob McNally, a former White House energy adviser and head of U.S. energy consultancy Rapidan. "SPR (Strategic Petroleum Reserve) use is more a matter of when than if. The administration strongly desires international support and coordination from other strategic stock holders, but is encountering stiff resistance from some IEA members who think strategic stocks should only be used for severe supply disruptions," McNally said. Top officials including Energy Secretary Steven Chu and Treasury Secretary Timothy Geithner have said publicly in recent weeks that a oil release is among the options the government is considering. While there is no significant disruption of world oil supplies at the moment, sanctions on Iran are expected to cut its output when a European Union embargo takes effect from July. Minor stoppages from South Sudan, Yemen and Syria also have contributed to the rise in oil prices. "At the moment there is no need to use it (strategic reserves)," IEA executive director Maria van der Hoeven said at an industry conference in Kuwait on Wednesday. "There is more supply coming to the market from OPEC countries. There is no price trigger for the stocks release, the trigger is a disruption in physical supplies." OPEC's biggest producer Saudi Arabia, the only oil producer with any spare capacity, has said it is prepared to fill a supply gap but will only do so to meet additional demand, rather than as a preventative measure. While the release would be of crude oil from the national 700-million-barrel SPR, the UK contribution is likely to come from a reduction of the minimum reserves of crude and refined products that UK commercial oil companies are required to hold. (Additional reporting Matt Falloon in Washington, Joshua Schneyer in New York, Humeyra Pamuk in Kuwait; Editing by Anthony Barker) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 15 18:00:40 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2012 19:00:40 -0400 Subject: [Infowarrior] - Terrorism, Money, the Internet, and ICANN Message-ID: ---------- Forwarded message ---------- From: Lauren Weinstein Date: Thu, Mar 15, 2012 at 4:24 PM Subject: [ NNSquad ] Terrorism, Money, the Internet, and ICANN Terrorism, Money, the Internet, and ICANN http://lauren.vortex.com/archive/000940.html Sometimes it's possible to be so closely involved with the details of a problem that one misses the larger picture, the broad arc of events that would help to better understand the processes in play. At first glance, it would seem unlikely to draw connections between the terrorist attacks of 9/11 and current Internet governance controversies -- including the behavior of ICANN, which the NTIA has (for the moment) chosen not to recertify for key Internet functions. And yet the connecting lines are clear enough. Not conspiracies mind you, but rather a confluence of events that have led to rampant opportunism and the suppression of fundamental rights. The direct effects of the 9/11 attacks on our culture are among the most obvious. After the attacks, quickly enacted laws led to broad use of secret "national security letter" demands for personal data, often aimed at Internet services. Millions of U.S. airline passengers are now subjected to x-ray body scans that have been banned in Europe as possible health risks. And our various leaders have touted the utility of torture and assassinations of U.S. citizens and others without trial or other due process. This is but the short list. And it's apolitical, too. There's scarce evidence that there's any significant light between the operational stances of either political party in many of these regards in the long run. Yes, the Obama administration has apparently stopped the worst torture abuses championed by the previous president. On the other hand, Obama administration officials now claim the right to target individuals for killing (especially by remote drones) without due process of any kind, based solely on assertions by the executive branch. Sometimes innocent parties are also killed by these attacks, and viewed as unfortunate but necessary "collateral damage." To be sure, governments of all stripes have conducted assassinations throughout history, nearly always under the banner of "what's good for the country." The failed attempts to kill Fidel Castro are an open secret. We can be reasonably sure that there have been various other targets over the years, some "successfully dispatched" -- and some not. While so much of all this is publicly framed (when mentioned at all) in terms of national security, the pervasive distorting effects of money on the process cannot be overestimated. Almost exactly half a century ago, President and former General Dwight D. Eisenhower coined the term "military-industrial complex" to describe the influence of money over the military and associated national security decision making. All these decades later, those influences are stronger than ever, and have now extended themselves directly into Internet affairs. For example, the purchase and deployment of airport body scanners has taken place on a massive scale with virtually no evidence of their effectiveness nor safety, but clear indications that the enormous amounts of money involved served to enrich not only manufacturers of such devices, but some individuals associated with DHS as well. An ongoing drumbeat for a government power grab over the Internet in the name of "cybersecurity" is another case in point. We see government security interests (e.g. agencies whose portfolios are basically to spy on communications to the greatest extent possible) and the "Internet security industry," together seeming to be creating an unholy alliance aimed at turning the Internet into a combination totally surveilled environment plus money printing machine for the giant entertainment behemoths. The extent to which these forces are willing to go is exemplified by a classified (but safe to say, rigged) "power system cyberattack demonstration" reportedly used recently to try scare members of Congress into supporting aggressive cybersecurity legislation. I say "rigged" because virtually all such demonstrations are by definition designed with a single outcome in mind, practical probabilities be damned. Anyone who has set up demos to try convince anyone about pretty much anything knows how this works. I've been there. You may have been there as well. And while we can all agree that SCADA control systems need major security improvements, it's also true that the current government cybersecurity push is replete with far more expansive motives. But the connections don't stop there. Once we've accepted the post-9/11 concepts that "due process" and protection of innocents are no longer a priority, it becomes enormously easier to understand much else going on with the Internet today. When trials and the Fourth Amendment -- including search warrants -- are seen by authorities not as protections, but as hindrances, the race to the bottom seems assured. The criminalization of copyright violations (which in the past have generally been considered to be a civil matter) is a dramatic example. The scope of enforcement efforts in this regard have become breathtaking. Domain names are seized and shut down by the U.S. around the world -- without trial -- by leveraging the obsolete DNS (Domain Name System) and ICANN complicity -- often obliterating innocent sites in the process. Unfortunate collateral damage. Major international file-sharing sites are shut down based on copyright accusations, not trial determinations, cutting off vast numbers of innocent users from their data without recourse, with governments attempting to ridiculously invoke those sites' terms of service as an excuse. Unfortunate collateral damage. Fears of child porn are disingenuously exploited to mandate vast personal activity data retention systems for governmental retrospective analysis, often without even a formal search warrant being required. Unfortunate collateral damage. Vast efforts are engaged to pass website and search engine censorship and micromanagement legislation such as SOPA/PIPA -- suppressed for now but certain to reemerge in some form, designed to enrich traditional content owners at the cost of trampling free speech across the Net. Unfortunate collateral damage. Merely linking to sites that may contain copyrighted materials without permission becomes criminalized, resulting in international criminal extraditions that in the past would have been solely in the civil court realm. Accused copyright violators treated like mass murders. Unfortunate collateral damage. ICANN plows forward with their extortionist scheme to enrich the anointed "gold rush domainer" domain-industrial complex with a plethora of new top-level domains (gTLDs) -- regardless of the massive confusion and expenses this causes to the vast majority of the Internet community -- and appears poised to endorse further global expansion of using the DNS as a "no trial necessary" copyright enforcement and free speech suppression mechanism. Unfortunate collateral damage. This is all our fault. It is our responsibility. We have permitted the purveyors of fear and greed to corrupt our legal system and now the Internet as well. We are smiling and nodding blankly as they forge the shackles binding us to their wills. Responsible measures against terrorism are warranted. Reasonable enforcement actions to protect legitimate copyright concerns and help prevent the exploitation of children are appropriate. But we can no longer permit our entire world to be warped by those parties who are themselves exploiting fears of terrorism, fears of "cyberwar," and outright copyright greed. In the realm of the Internet at least, there are some obvious actions we should be taking to stop the ongoing decay and set a course toward a better future. Government attempts to monitor and control the Internet in the name of security must be heavily scrutinized and minimized, particularly ongoing operational involvement (as opposed to research, development, and specific incident responses) by DHS or NSA in these areas. Government recommendations would be welcome -- government dictates are not. Attempts to use copyright and child exploitation concerns as excuses for broad Internet control, monitoring, and censorship regimes should be soundly rejected. Not only will these be ineffective at actually stopping the targeted behaviors, they will do vast damage to free speech generally around the world. The existing DNS system should be replaced over time by secure and distributed addressing systems not subject to preemptive and unilateral government attempts to treat them as blunderbuss weapons and often internationally extralegal copyright enforcement mechanisms. Criminalization of mere Internet linking should cease. Search engines must be assured autonomy of their search results. ICANN's current gTLD expansion plan should be halted. A new, purpose-built international organization (not an existing organization with political baggage like the UN or ITU) should be created to supplant and replace ICANN functionalities and responsibilities, with an eye toward what's best for the entire Internet community and the broader global community at large. That's enough to get us started. Not only in the wake of 9/11, but particularly since then, we have allowed our legal and technical systems to be usurped and perverted by forces allied against free speech and due process, in the name of power, control, and greed. And through our acquiescence in these travesties, we are increasingly all becoming "unfortunate collateral damage" ourselves. It's time to say that enough is enough. The rape of what made us great ends now. --Lauren-- Lauren Weinstein --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 15 20:15:25 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2012 21:15:25 -0400 Subject: [Infowarrior] - OT: GOP candidate renews his war on Net pr0n Message-ID: <8AEF4F39-175F-4214-9A5F-02A8C75BBB88@infowarrior.org> OT but just too pathetic to pass up. (Though I know many folks who might relish taking on the job of a DOJ Porn Prosecutor in such a situation) -- rick ?Vigorous? Santorum crackdown may catch Internet porn viewers with pants down By Steven Nelson - The Daily Caller 11:37 PM 03/14/2012 http://dailycaller.com/2012/03/14/vigorous-santorum-crackdown-may-catch-internet-porn-viewers-with-pants-down/?print=1 Internet pornography could conceivably become a thing of the past if Rick Santorum is elected president. The unapologetic social conservative, currently in second place behind Mitt Romney for the GOP nomination, has promised to crack down on the distribution of pornography if elected. Santorum says in a statement posted to his website, ?The Obama Administration has turned a blind eye to those who wish to preserve our culture from the scourge of pornography and has refused to enforce obscenity laws.? If elected, he promises to ?vigorously? enforce laws that ?prohibit distribution of hardcore (obscene) pornography on the Internet, on cable/satellite TV, on hotel/motel TV, in retail shops and through the mail or by common carrier.? Although the idea of Santorum vanquishing Internet pornography may seem far-fetched, a serious effort to combat online smut might actually be successful, UCLA law professor Eugene Volokh told The Daily Caller. ?If the government wanted to aggressively move against Internet pornography, it could do so,? explained Volokh. ?Here?s the deal: In most parts of the country, a lot of pornography on the Internet would plausibly be seen as obscene.? (RELATED: Full coverage of the Santorum campaign) There are a few approaches that Santorum could pursue in an attempt to eradicate Internet pornography. ?It wouldn?t be that difficult to close down a lot of the relatively visible websites that are used for the distribution of pornography, if they?re in the United States,? said Volokh. Santorum?s administration could take American-based porn distributors to court for violating obscenity laws, said Volokh, and have them shuttered. But that would leave foreign-based sites untouched. To black out foreign sites, Santorum would likely need legislative action requiring Internet service providers to use ?a mandatory filter set up by the government or by the service providers,? said Volokh. But the government could also prosecute individual citizens who view porn, and already has the legal authority to do it. ?Although the Supreme Court says private possession is constitutionally protected, it has said that private receipt of [pornography] is not protected,? noted Volokh. ?You can?t prosecute them all ? but you can find certain types of pornography that are sufficiently unpopular? for easy convictions, he explained. Most contemporary prosecutions for the receipt of pornography are because the government cannot prove its suspicion that the accused has committed more serious crimes, said Volokh. He speculated that there aren?t more prosecutions because ?that prosecutor isn?t going to win a lot of votes in the next election.? The government would probably need to ?find some extra money in the budget for additional porn prosecutors,? joked Volokh. He also cautioned that there would be significant outcry because ?sometimes it?s viewed by husbands and wives who watch it to spice up their sex lives.? Jonathan Turley, a law professor at George Washington University, noted that ?What constitutes obscenity remains maddeningly vague,? but added that he?s not entirely convinced Santorum would be successful in an attempt to snuf Internet porn. ?What Santorum would consider obscene is obviously far greater than many Americans,? he said. ?Sexual films of consenting adults that are watched by consenting adults are generally presumed to be pornographic but not obscene.? Turley is less sure than Volokh that judges and juries would go along with a crackdown. ?Federal courts,? he explained, ?are reluctant to define movies or pictures as obscene based on such different opinions in society. For that reason, Santorum?s view of the standard falls well outside of the accepted view of the case law,? he said. ?Santorum?s suggestion of a crackdown also ignores the fact that this material is widely available on the Internet with thousands of foreign sites,? Turley added. ?An attempt to prosecute standard pornography would result in bizarrely uneven enforcement.? In a primary season laser-focused on talk of ?job creation,? said Turley, Santorum?s anti-porn proposal would ?attempt to criminalize an industry that is supported by millions of Americans.? ?Practically speaking, nobody is enforcing this,? said Volokh, explaining that in the 1990s, Internet porn wasn?t a priority for the Clinton administration, and that by the time the Bush administration took the helm in the early 2000s, ?it seemed unlikely that anyone could win the war on porn online.? But that won?t deter Santorum. He promised in his anti-porn statement to appoint an attorney general who would carry out his wishes. A spokeswoman for the Santorum campaign didn?t respond to a request for comment about the mechanics of his promised crackdown. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 15 20:25:14 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2012 21:25:14 -0400 Subject: [Infowarrior] - MPAA Exec: Only We Can Make Content That People Want Message-ID: <57D4A71D-401C-42E3-83B0-1778C2FC39F2@infowarrior.org> MPAA Exec: Only We Can Make Content That People Want from the 'scuse-me? dept Sometimes I wonder if the execs who run the major copyright-related trade groups ever talk to actual people outside of their little bubbles. Because they say things that are so out of touch with reality that it's stunning. We already discussed the panel where the RIAA's Cary Sherman said that various ISPs will start acting as copyright cops by July, but some of the other statements on that panel are worth discussing as well. It was basically a panel of all the big copyright industry trade group associations -- the MPAA, the RIAA, the BSA (software) and the AAP (book publishers). What was most stunning is the pure hubris of the MPAA's Fritz Attaway, who flat out claimed that only they can make content that people want: "Our industries do something that no one else can do," the Motion Picture Association of America's Fritz Attaway said at the Association of American Publishers annual meeting this morning. "We create content that people want to have." .... Actually, no, tons of others create content that people want to have, and it's the real reason you're struggling so much today. You're not used to competing with those outside your little club. < - big snip - > http://www.techdirt.com/articles/20120314/14022218109/mpaa-exec-only-we-can-make-content-that-people-want.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 15 20:33:11 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2012 21:33:11 -0400 Subject: [Infowarrior] - Rob Reid: Copyright Math Message-ID: <99DEA1AA-4E4A-4394-8DF7-C422C93BD5D5@infowarrior.org> Comic author Rob Reid unveils Copyright Math (TM), a remarkable new field of study based on actual numbers from entertainment industry lawyers and lobbyists. 5:11 http://www.ted.com/talks/rob_reid_the_8_billion_ipod.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 15 20:35:28 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 15 Mar 2012 21:35:28 -0400 Subject: [Infowarrior] - Fwd: Big Brother Goes Big Data In Big Love Land References: Message-ID: (c/o DOD) Begin forwarded message: > http://www.wired.com/threatlevel/2012/03/ff_nsadatacenter/all/1 > > The NSA Is Building the Country?s Biggest Spy Center (Watch What You Say) > By James Bamford March 15, 2012, 7:24 pm > > > The spring air in the small, sand-dusted town has a soft haze to it, and clumps of green-gray sagebrush rustle in the breeze. Bluffdale sits in a bowl-shaped valley in the shadow of Utah?s Wasatch Range to the east and the Oquirrh Mountains to the west. It?s the heart of Mormon country, where religious pioneers first arrived more than 160 years ago. They came to escape the rest of the world, to understand the mysterious words sent down from their god as revealed on buried golden plates, and to practice what has become known as ?the principle,? marriage to multiple wives. > > > Today Bluffdale is home to one of the nation?s largest sects of polygamists, the Apostolic United Brethren, with upwards of 9,000 members. The brethren?s complex includes a chapel, a school, a sports field, and an archive. Membership has doubled since 1978?and the number of plural marriages has tripled?so the sect has recently been looking for ways to purchase more land and expand throughout the town. > > But new pioneers have quietly begun moving into the area, secretive outsiders who say little and keep to themselves. Like the pious polygamists, they are focused on deciphering cryptic messages that only they have the power to understand. Just off Beef Hollow Road, less than a mile from brethren headquarters, thousands of hard-hatted construction workers in sweat-soaked T-shirts are laying the groundwork for the newcomers? own temple and archive, a massive complex so large that it necessitated expanding the town?s boundaries. Once built, it will be more than five times the size of the US Capitol. > > Rather than Bibles, prophets, and worshippers, this temple will be filled with servers, computer intelligence experts, and armed guards. And instead of listening for words flowing down from heaven, these newcomers will be secretly capturing, storing, and analyzing vast quantities of words and images hurtling through the world?s telecommunications networks. In the little town of Bluffdale, Big Love and Big Brother have become uneasy neighbors. > > The NSA has become the largest, most covert, and potentially most intrusive intelligence agency ever. > Under construction by contractors with top-secret clearances, the blandly named Utah Data Center is being built for the National Security Agency. A project of immense secrecy, it is the final piece in a complex puzzle assembled over the past decade. Its purpose: to intercept, decipher, analyze, and store vast swaths of the world?s communications as they zap down from satellites and zip through the underground and undersea cables of international, foreign, and domestic networks. The heavily fortified $2 billion center should be up and running in September 2013. Flowing through its servers and routers and stored in near-bottomless databases will be all forms of communication, including the complete contents of private emails, cell phone calls, and Google searches, as well as all sorts of personal data trails?parking receipts, travel itineraries, bookstore purchases, and other digital ?pocket litter.? It is, in some measure, the realization of the ?total information awareness? program created during the first term of the Bush administration?an effort that was killed by Congress in 2003 after it caused an outcry over its potential for invading Americans? privacy. > > But ?this is more than just a data center,? says one senior intelligence official who until recently was involved with the program. The mammoth Bluffdale center will have another important and far more secret role that until now has gone unrevealed. It is also critical, he says, for breaking codes. And code-breaking is crucial, because much of the data that the center will handle?financial information, stock transactions, business deals, foreign military and diplomatic secrets, legal documents, confidential personal communications?will be heavily encrypted. According to another top official also involved with the program, the NSA made an enormous breakthrough several years ago in its ability to cryptanalyze, or break, unfathomably complex encryption systems employed by not only governments around the world but also many average computer users in the US. The upshot, according to this official: ?Everybody?s a target; everybody with communication is a target.? > > For the NSA, overflowing with tens of billions of dollars in post-9/11 budget awards, the cryptanalysis breakthrough came at a time of explosive growth, in size as well as in power. Established as an arm of the Department of Defense following Pearl Harbor, with the primary purpose of preventing another surprise assault, the NSA suffered a series of humiliations in the post-Cold War years. Caught offguard by an escalating series of terrorist attacks?the first World Trade Center bombing, the blowing up of US embassies in East Africa, the attack on the USS Cole in Yemen, and finally the devastation of 9/11?some began questioning the agency?s very reason for being. In response, the NSA has quietly been reborn. And while there is little indication that its actual effectiveness has improved?after all, despite numerous pieces of evidence and intelligence-gathering opportunities, it missed the near-disastrous attempted attacks by the underwear bomber on a flight to Detroit in 2009 and by the car bomber in Times Square in 2010?there is no doubt that it has transformed itself into the largest, most covert, and potentially most intrusive intelligence agency ever created. > > In the process?and for the first time since Watergate and the other scandals of the Nixon administration?the NSA has turned its surveillance apparatus on the US and its citizens. It has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. It has created a supercomputer of almost unimaginable speed to look for patterns and unscramble codes. Finally, the agency has begun building a place to store all the trillions of words and thoughts and whispers captured in its electronic net. And, of course, it?s all being done in secret. To those on the inside, the old adage that NSA stands for Never Say Anything applies more than ever. > > UTAH DATA CENTER > When construction is completed in 2013, the heavily fortified $2 billion facility in Bluale will encompass 1 million square feet. > > 1 Visitor control center > A $9.7 million facility for ensuring that only cleared personnel gain access. > 2 Administration > Designated space for technical support and administrative personnel. > 3 Data halls > Four 25,000-square-foot facilities house rows and rows of servers. > 4 Backup generators and fuel tanks > Can power the center for at least three days. > 5 Water storage and pumping > Able to pump 1.7 million gallons of liquid per day. > 6 Chiller plant > About 60,000 tons of cooling equipment to keep servers from overheating. > 7 Power substation > An electrical substation to meet the center?s estimated 65-megawatt demand. > 8 Security > Video surveillance, intrusion detection, and other protection will cost more than $10 million. > Source: U.S. Army Corps of Engineers Conceptual Site plan > A swath of freezing fog blanketed Salt Lake City on the morning of January 6, 2011, mixing with a weeklong coating of heavy gray smog. Red air alerts, warning people to stay indoors unless absolutely necessary, had become almost daily occurrences, and the temperature was in the bone-chilling twenties. ?What I smell and taste is like coal smoke,? complained one local blogger that day. At the city?s international airport, many inbound flights were delayed or diverted while outbound regional jets were grounded. But among those making it through the icy mist was a figure whose gray suit and tie made him almost disappear into the background. He was tall and thin, with the physique of an aging basketball player and dark caterpillar eyebrows beneath a shock of matching hair. Accompanied by a retinue of bodyguards, the man was NSA deputy director Chris Inglis, the agency?s highest-ranking civilian and the person who ran its worldwide day-to-day operations. > > A short time later, Inglis arrived in Bluffdale at the site of the future data center, a flat, unpaved runway on a little-used part of Camp Williams, a National Guard training site. There, in a white tent set up for the occasion, Inglis joined Harvey Davis, the agency?s associate director for installations and logistics, and Utah senator Orrin Hatch, along with a few generals and politicians in a surreal ceremony. Standing in an odd wooden sandbox and holding gold-painted shovels, they made awkward jabs at the sand and thus officially broke ground on what the local media had simply dubbed ?the spy center.? Hoping for some details on what was about to be built, reporters turned to one of the invited guests, Lane Beattie of the Salt Lake Chamber of Commerce. Did he have any idea of the purpose behind the new facility in his backyard? ?Absolutely not,? he said with a self-conscious half laugh. ?Nor do I want them spying on me.? > > For his part, Inglis simply engaged in a bit of double-talk, emphasizing the least threatening aspect of the center: ?It?s a state-of-the-art facility designed to support the intelligence community in its mission to, in turn, enable and protect the nation?s cybersecurity.? While cybersecurity will certainly be among the areas focused on in Bluffdale, what is collected, how it?s collected, and what is done with the material are far more important issues. Battling hackers makes for a nice cover?it?s easy to explain, and who could be against it? Then the reporters turned to Hatch, who proudly described the center as ?a great tribute to Utah,? then added, ?I can?t tell you a lot about what they?re going to be doing, because it?s highly classified.? > > And then there was this anomaly: Although this was supposedly the official ground-breaking for the nation?s largest and most expensive cybersecurity project, no one from the Department of Homeland Security, the agency responsible for protecting civilian networks from cyberattack, spoke from the lectern. In fact, the official who?d originally introduced the data center, at a press conference in Salt Lake City in October 2009, had nothing to do with cybersecurity. It was Glenn A. Gaffney, deputy director of national intelligence for collection, a man who had spent almost his entire career at the CIA. As head of collection for the intelligence community, he managed the country?s human and electronic spies. > > Within days, the tent and sandbox and gold shovels would be gone and Inglis and the generals would be replaced by some 10,000 construction workers. ?We?ve been asked not to talk about the project,? Rob Moore, president of Big-D Construction, one of the three major contractors working on the project, told a local reporter. The plans for the center show an extensive security system: an elaborate $10 million antiterrorism protection program, including a fence designed to stop a 15,000-pound vehicle traveling 50 miles per hour, closed-circuit cameras, a biometric identification system, a vehicle inspection facility, and a visitor-control center. > > Inside, the facility will consist of four 25,000-square-foot halls filled with servers, complete with raised floor space for cables and storage. In addition, there will be more than 900,000 square feet for technical support and administration. The entire site will be self-sustaining, with fuel tanks large enough to power the backup generators for three days in an emergency, water storage with the capability of pumping 1.7 million gallons of liquid per day, as well as a sewage system and massive air-conditioning system to keep all those servers cool. Electricity will come from the center?s own substation built by Rocky Mountain Power to satisfy the 65-megawatt power demand. Such a mammoth amount of energy comes with a mammoth price tag?about $40 million a year, according to one estimate. > > Given the facility?s scale and the fact that a terabyte of data can now be stored on a flash drive the size of a man?s pinky, the potential amount of information that could be housed in Bluffdale is truly staggering. But so is the exponential growth in the amount of intelligence data being produced every day by the eavesdropping sensors of the NSA and other intelligence agencies. As a result of this ?expanding array of theater airborne and other sensor networks,? as a 2007 Department of Defense report puts it, the Pentagon is attempting to expand its worldwide communications network, known as the Global Information Grid, to handle yottabytes (1024 bytes) of data. (A yottabyte is a septillion bytes?so large that no one has yet coined a term for the next higher magnitude.) > > It needs that capacity because, according to a recent report by Cisco, global Internet traffic will quadruple from 2010 to 2015, reaching 966 exabytes per year. (A million exabytes equal a yottabyte.) In terms of scale, Eric Schmidt, Google?s former CEO, once estimated that the total of all human knowledge created from the dawn of man to 2003 totaled 5 exabytes. And the data flow shows no sign of slowing. In 2011 more than 2 billion of the world?s 6.9 billion people were connected to the Internet. By 2015, market research firm IDC estimates, there will be 2.7 billion users. Thus, the NSA?s need for a 1-million-square-foot data storehouse. Should the agency ever fill the Utah center with a yottabyte of information, it would be equal to about 500 quintillion (500,000,000,000,000,000,000) pages of text. > > The data stored in Bluffdale will naturally go far beyond the world?s billions of public web pages. The NSA is more interested in the so-called invisible web, also known as the deep web or deepnet?data beyond the reach of the public. This includes password-protected data, US and foreign government communications, and noncommercial file-sharing between trusted peers. ?The deep web contains government reports, databases, and other sources of information of high value to DOD and the intelligence community,? according to a 2010 Defense Science Board report. ?Alternative tools are needed to find and index data in the deep web ? Stealing the classified secrets of a potential adversary is where the [intelligence] community is most comfortable.? With its new Utah Data Center, the NSA will at last have the technical capability to store, and rummage through, all those stolen secrets. The question, of course, is how the agency defines who is, and who is not, ?a potential adversary.? > > The NSA?S SPY NETWORK > Once it?s operational, the Utah Data Center will become, in effect, the NSA?s cloud. The center will be fed data collected by the agency?s eavesdropping satellites, overseas listening posts, and secret monitoring rooms in telecom facilities throughout the US. All that data will then be accessible to the NSA?s code breakers, data-miners, China analysts, counterterrorism specialists, and others working at its Fort Meade headquarters and around the world. Here?s how the data center appears to fit into the NSA?s global puzzle.?J.B. > > 1 Geostationary satellites > Four satellites positioned around the globe monitor frequencies carrying everything from walkie-talkies and cell phones in Libya to radar systems in North Korea. Onboard software acts as the first filter in the collection process, targeting only key regions, countries, cities, and phone numbers or email. > 2 Aerospace Data Facility, Buckley Air Force Base, Colorado > Intelligence collected from the geostationary satellites, as well as signals from other spacecraft and overseas listening posts, is relayed to this facility outside Denver. About 850 NSA employees track the satellites, transmit target information, and download the intelligence haul. > 3 NSA Georgia, Fort Gordon, Augusta, Georgia > Focuses on intercepts from Europe, the Middle East, and North Africa. Codenamed Sweet Tea, the facility has been massively expanded and now consists of a 604,000-square-foot operations building for up to 4,000 intercept operators, analysts, and other specialists. > 4 NSA Texas, Lackland Air Force Base, San Antonio > Focuses on intercepts from Latin America and, since 9/11, the Middle East and Europe. Some 2,000 workers staff the operation. The NSA recently completed a $100 million renovation on a mega-data center here?a backup storage facility for the Utah Data Center. > 5 NSA Hawaii, Oahu > Focuses on intercepts from Asia. Built to house an aircraft assembly plant during World War II, the 250,000-square-foot bunker is nicknamed the Hole. Like the other NSA operations centers, it has since been expanded: Its 2,700 employees now do their work aboveground from a new 234,000-square-foot facility. > 6 Domestic listening posts > The NSA has long been free to eavesdrop on international satellite communications. But after 9/11, it installed taps in US telecom ?switches,? gaining access to domestic traffic. An ex-NSA official says there are 10 to 20 such installations. > 7 Overseas listening posts > According to a knowledgeable intelligence source, the NSA has installed taps on at least a dozen of the major overseas communications links, each capable of eavesdropping on information passing by at a high data rate. > 8 Utah Data Center, Bluffdale, Utah > At a million square feet, this $2 billion digital storage facility outside Salt Lake City will be the centerpiece of the NSA?s cloud-based data strategy and essential in its plans for decrypting previously uncrackable documents. > 9 Multiprogram Research Facility, Oak Ridge, Tennessee > Some 300 scientists and computer engineers with top security clearance toil away here, building the world?s fastest supercomputers and working on cryptanalytic applications and other secret projects. > 10 NSA headquarters, Fort Meade, Maryland > Analysts here will access material stored at Bluffdale to prepare reports and recommendations that are sent to policymakers. To handle the increased data load, the NSA is also building an $896 million supercomputer here. > Before yottabytes of data from the deep web and elsewhere can begin piling up inside the servers of the NSA?s new center, they must be collected. To better accomplish that, the agency has undergone the largest building boom in its history, including installing secret electronic monitoring rooms in major US telecom facilities. Controlled by the NSA, these highly secured spaces are where the agency taps into the US communications networks, a practice that came to light during the Bush years but was never acknowledged by the agency. The broad outlines of the so-called warrantless-wiretapping program have long been exposed?how the NSA secretly and illegally bypassed the Foreign Intelligence Surveillance Court, which was supposed to oversee and authorize highly targeted domestic eavesdropping; how the program allowed wholesale monitoring of millions of American phone calls and email. In the wake of the program?s exposure, Congress passed the FISA Amendments Act of 2008, which largely made the practices legal. Telecoms that had agreed to participate in the illegal activity were granted immunity from prosecution and lawsuits. What wasn?t revealed until now, however, was the enormity of this ongoing domestic spying program. > > For the first time, a former NSA official has gone on the record to describe the program, codenamed Stellar Wind, in detail. William Binney was a senior NSA crypto-mathematician largely responsible for automating the agency?s worldwide eavesdropping network. A tall man with strands of black hair across the front of his scalp and dark, determined eyes behind thick-rimmed glasses, the 68-year-old spent nearly four decades breaking codes and finding new ways to channel billions of private phone calls and email messages from around the world into the NSA?s bulging databases. As chief and one of the two cofounders of the agency?s Signals Intelligence Automation Research Center, Binney and his team designed much of the infrastructure that?s still likely used to intercept international and foreign communications. > > He explains that the agency could have installed its tapping gear at the nation?s cable landing stations?the more than two dozen sites on the periphery of the US where fiber-optic cables come ashore. If it had taken that route, the NSA would have been able to limit its eavesdropping to just international communications, which at the time was all that was allowed under US law. Instead it chose to put the wiretapping rooms at key junction points throughout the country?large, windowless buildings known as switches?thus gaining access to not just international communications but also to most of the domestic traffic flowing through the US. The network of intercept stations goes far beyond the single room in an AT&T building in San Francisco exposed by a whistle-blower in 2006. ?I think there?s 10 to 20 of them,? Binney says. ?That?s not just San Francisco; they have them in the middle of the country and also on the East Coast.? > > The eavesdropping on Americans doesn?t stop at the telecom switches. To capture satellite communications in and out of the US, the agency also monitors AT&T?s powerful earth stations, satellite receivers in locations that include Roaring Creek and Salt Creek. Tucked away on a back road in rural Catawissa, Pennsylvania, Roaring Creek?s three 105-foot dishes handle much of the country?s communications to and from Europe and the Middle East. And on an isolated stretch of land in remote Arbuckle, California, three similar dishes at the company?s Salt Creek station service the Pacific Rim and Asia. > > The former NSA official held his thumb and forefinger close together: ?We are that far from a turnkey totalitarian state.? > Binney left the NSA in late 2001, shortly after the agency launched its warrantless-wiretapping program. ?They violated the Constitution setting it up,? he says bluntly. ?But they didn?t care. They were going to do it anyway, and they were going to crucify anyone who stood in the way. When they started violating the Constitution, I couldn?t stay.? Binney says Stellar Wind was far larger than has been publicly disclosed and included not just eavesdropping on domestic phone calls but the inspection of domestic email. At the outset the program recorded 320 million calls a day, he says, which represented about 73 to 80 percent of the total volume of the agency?s worldwide intercepts. The haul only grew from there. According to Binney?who has maintained close contact with agency employees until a few years ago?the taps in the secret rooms dotting the country are actually powered by highly sophisticated software programs that conduct ?deep packet inspection,? examining Internet traffic as it passes through the 10-gigabit-per-second cables at the speed of light. > > The software, created by a company called Narus that?s now part of Boeing, is controlled remotely from NSA headquarters at Fort Meade in Maryland and searches US sources for target addresses, locations, countries, and phone numbers, as well as watch-listed names, keywords, and phrases in email. Any communication that arouses suspicion, especially those to or from the million or so people on agency watch lists, are automatically copied or recorded and then transmitted to the NSA. > > The scope of surveillance expands from there, Binney says. Once a name is entered into the Narus database, all phone calls and other communications to and from that person are automatically routed to the NSA?s recorders. ?Anybody you want, route to a recorder,? Binney says. ?If your number?s in there? Routed and gets recorded.? He adds, ?The Narus device allows you to take it all.? And when Bluffdale is completed, whatever is collected will be routed there for storage and analysis. > > According to Binney, one of the deepest secrets of the Stellar Wind program?again, never confirmed until now?was that the NSA gained warrantless access to AT&T?s vast trove of domestic and international billing records, detailed information about who called whom in the US and around the world. As of 2007, AT&T had more than 2.8 trillion records housed in a database at its Florham Park, New Jersey, complex. > > Verizon was also part of the program, Binney says, and that greatly expanded the volume of calls subject to the agency?s domestic eavesdropping. ?That multiplies the call rate by at least a factor of five,? he says. ?So you?re over a billion and a half calls a day.? (Spokespeople for Verizon and AT&T said their companies would not comment on matters of national security.) > > After he left the NSA, Binney suggested a system for monitoring people?s communications according to how closely they are connected to an initial target. The further away from the target?say you?re just an acquaintance of a friend of the target?the less the surveillance. But the agency rejected the idea, and, given the massive new storage facility in Utah, Binney suspects that it now simply collects everything. ?The whole idea was, how do you manage 20 terabytes of intercept a minute?? he says. ?The way we proposed was to distinguish between things you want and things you don?t want.? Instead, he adds, ?they?re storing everything they gather.? And the agency is gathering as much as it can. > > Once the communications are intercepted and stored, the data-mining begins. ?You can watch everybody all the time with data- mining,? Binney says. Everything a person does becomes charted on a graph, ?financial transactions or travel or anything,? he says. Thus, as data like bookstore receipts, bank statements, and commuter toll records flow in, the NSA is able to paint a more and more detailed picture of someone?s life. > > The NSA also has the ability to eavesdrop on phone calls directly and in real time. According to Adrienne J. Kinne, who worked both before and after 9/11 as a voice interceptor at the NSA facility in Georgia, in the wake of the World Trade Center attacks ?basically all rules were thrown out the window, and they would use any excuse to justify a waiver to spy on Americans.? Even journalists calling home from overseas were included. ?A lot of time you could tell they were calling their families,? she says, ?incredibly intimate, personal conversations.? Kinne found the act of eavesdropping on innocent fellow citizens personally distressing. ?It?s almost like going through and finding somebody?s diary,? she says. > > In secret listening rooms nationwide, NSA software examines every email, phone call, and tweet as they zip by. > But there is, of course, reason for anyone to be distressed about the practice. Once the door is open for the government to spy on US citizens, there are often great temptations to abuse that power for political purposes, as when Richard Nixon eavesdropped on his political enemies during Watergate and ordered the NSA to spy on antiwar protesters. Those and other abuses prompted Congress to enact prohibitions in the mid-1970s against domestic spying. > > Before he gave up and left the NSA, Binney tried to persuade officials to create a more targeted system that could be authorized by a court. At the time, the agency had 72 hours to obtain a legal warrant, and Binney devised a method to computerize the system. ?I had proposed that we automate the process of requesting a warrant and automate approval so we could manage a couple of million intercepts a day, rather than subvert the whole process.? But such a system would have required close coordination with the courts, and NSA officials weren?t interested in that, Binney says. Instead they continued to haul in data on a grand scale. Asked how many communications??transactions,? in NSA?s lingo?the agency has intercepted since 9/11, Binney estimates the number at ?between 15 and 20 trillion, the aggregate over 11 years.? > > When Barack Obama took office, Binney hoped the new administration might be open to reforming the program to address his constitutional concerns. He and another former senior NSA analyst, J. Kirk Wiebe, tried to bring the idea of an automated warrant-approval system to the attention of the Department of Justice?s inspector general. They were given the brush-off. ?They said, oh, OK, we can?t comment,? Binney says. > > Sitting in a restaurant not far from NSA headquarters, the place where he spent nearly 40 years of his life, Binney held his thumb and forefinger close together. ?We are, like, that far from a turnkey totalitarian state,? he says. > > There is still one technology preventing untrammeled government access to private digital data: strong encryption. Anyone?from terrorists and weapons dealers to corporations, financial institutions, and ordinary email senders?can use it to seal their messages, plans, photos, and documents in hardened data shells. For years, one of the hardest shells has been the Advanced Encryption Standard, one of several algorithms used by much of the world to encrypt data. Available in three different strengths?128 bits, 192 bits, and 256 bits?it?s incorporated in most commercial email programs and web browsers and is considered so strong that the NSA has even approved its use for top-secret US government communications. Most experts say that a so-called brute-force computer attack on the algorithm?trying one combination after another to unlock the encryption?would likely take longer than the age of the universe. For a 128-bit cipher, the number of trial-and-error attempts would be 340 undecillion (1036). > > Breaking into those complex mathematical shells like the AES is one of the key reasons for the construction going on in Bluffdale. That kind of cryptanalysis requires two major ingredients: super-fast computers to conduct brute-force attacks on encrypted messages and a massive number of those messages for the computers to analyze. The more messages from a given target, the more likely it is for the computers to detect telltale patterns, and Bluffdale will be able to hold a great many messages. ?We questioned it one time,? says another source, a senior intelligence manager who was also involved with the planning. ?Why were we building this NSA facility? And, boy, they rolled out all the old guys?the crypto guys.? According to the official, these experts told then-director of national intelligence Dennis Blair, ?You?ve got to build this thing because we just don?t have the capability of doing the code-breaking.? It was a candid admission. In the long war between the code breakers and the code makers?the tens of thousands of cryptographers in the worldwide computer security industry?the code breakers were admitting defeat. > > So the agency had one major ingredient?a massive data storage facility?under way. Meanwhile, across the country in Tennessee, the government was working in utmost secrecy on the other vital element: the most powerful computer the world has ever known. > > The plan was launched in 2004 as a modern-day Manhattan Project. Dubbed the High Productivity Computing Systems program, its goal was to advance computer speed a thousandfold, creating a machine that could execute a quadrillion (1015) operations a second, known as a petaflop?the computer equivalent of breaking the land speed record. And as with the Manhattan Project, the venue chosen for the supercomputing program was the town of Oak Ridge in eastern Tennessee, a rural area where sharp ridges give way to low, scattered hills, and the southwestward-flowing Clinch River bends sharply to the southeast. About 25 miles from Knoxville, it is the ?secret city? where uranium- 235 was extracted for the first atomic bomb. A sign near the exit read: what you see here, what you do here, what you hear here, when you leave here, let it stay here. Today, not far from where that sign stood, Oak Ridge is home to the Department of Energy?s Oak Ridge National Laboratory, and it?s engaged in a new secret war. But this time, instead of a bomb of almost unimaginable power, the weapon is a computer of almost unimaginable speed. > > In 2004, as part of the supercomputing program, the Department of Energy established its Oak Ridge Leadership Computing Facility for multiple agencies to join forces on the project. But in reality there would be two tracks, one unclassified, in which all of the scientific work would be public, and another top-secret, in which the NSA could pursue its own computer covertly. ?For our purposes, they had to create a separate facility,? says a former senior NSA computer expert who worked on the project and is still associated with the agency. (He is one of three sources who described the program.) It was an expensive undertaking, but one the NSA was desperate to launch. > > Known as the Multiprogram Research Facility, or Building 5300, the $41 million, five-story, 214,000-square-foot structure was built on a plot of land on the lab?s East Campus and completed in 2006. Behind the brick walls and green-tinted windows, 318 scientists, computer engineers, and other staff work in secret on the cryptanalytic applications of high-speed computing and other classified projects. The supercomputer center was named in honor of George R. Cotter, the NSA?s now-retired chief scientist and head of its information technology program. Not that you?d know it. ?There?s no sign on the door,? says the ex-NSA computer expert. > > At the DOE?s unclassified center at Oak Ridge, work progressed at a furious pace, although it was a one-way street when it came to cooperation with the closemouthed people in Building 5300. Nevertheless, the unclassified team had its Cray XT4 supercomputer upgraded to a warehouse-sized XT5. Named Jaguar for its speed, it clocked in at 1.75 petaflops, officially becoming the world?s fastest computer in 2009. > > Meanwhile, over in Building 5300, the NSA succeeded in building an even faster supercomputer. ?They made a big breakthrough,? says another former senior intelligence official, who helped oversee the program. The NSA?s machine was likely similar to the unclassified Jaguar, but it was much faster out of the gate, modified specifically for cryptanalysis and targeted against one or more specific algorithms, like the AES. In other words, they were moving from the research and development phase to actually attacking extremely difficult encryption systems. The code-breaking effort was up and running. > > The breakthrough was enormous, says the former official, and soon afterward the agency pulled the shade down tight on the project, even within the intelligence community and Congress. ?Only the chairman and vice chairman and the two staff directors of each intelligence committee were told about it,? he says. The reason? ?They were thinking that this computing breakthrough was going to give them the ability to crack current public encryption.? > > In addition to giving the NSA access to a tremendous amount of Americans? personal data, such an advance would also open a window on a trove of foreign secrets. While today most sensitive communications use the strongest encryption, much of the older data stored by the NSA, including a great deal of what will be transferred to Bluffdale once the center is complete, is encrypted with more vulnerable ciphers. ?Remember,? says the former intelligence official, ?a lot of foreign government stuff we?ve never been able to break is 128 or less. Break all that and you?ll find out a lot more of what you didn?t know?stuff we?ve already stored?so there?s an enormous amount of information still in there.? > > The NSA believes it?s on the verge of breaking a key encryption algorithm?opening up hoards of data. > That, he notes, is where the value of Bluffdale, and its mountains of long-stored data, will come in. What can?t be broken today may be broken tomorrow. ?Then you can see what they were saying in the past,? he says. ?By extrapolating the way they did business, it gives us an indication of how they may do things now.? The danger, the former official says, is that it?s not only foreign government information that is locked in weaker algorithms, it?s also a great deal of personal domestic communications, such as Americans? email intercepted by the NSA in the past decade. > > But first the supercomputer must break the encryption, and to do that, speed is everything. The faster the computer, the faster it can break codes. The Data Encryption Standard, the 56-bit predecessor to the AES, debuted in 1976 and lasted about 25 years. The AES made its first appearance in 2001 and is expected to remain strong and durable for at least a decade. But if the NSA has secretly built a computer that is considerably faster than machines in the unclassified arena, then the agency has a chance of breaking the AES in a much shorter time. And with Bluffdale in operation, the NSA will have the luxury of storing an ever-expanding archive of intercepts until that breakthrough comes along. > > But despite its progress, the agency has not finished building at Oak Ridge, nor is it satisfied with breaking the petaflop barrier. Its next goal is to reach exaflop speed, one quintillion (1018) operations a second, and eventually zettaflop (1021) and yottaflop. > > These goals have considerable support in Congress. Last November a bipartisan group of 24 senators sent a letter to President Obama urging him to approve continued funding through 2013 for the Department of Energy?s exascale computing initiative (the NSA?s budget requests are classified). They cited the necessity to keep up with and surpass China and Japan. ?The race is on to develop exascale computing capabilities,? the senators noted. The reason was clear: By late 2011 the Jaguar (now with a peak speed of 2.33 petaflops) ranked third behind Japan?s ?K Computer,? with an impressive 10.51 petaflops, and the Chinese Tianhe-1A system, with 2.57 petaflops. > > But the real competition will take place in the classified realm. To secretly develop the new exaflop (or higher) machine by 2018, the NSA has proposed constructing two connecting buildings, totaling 260,000 square feet, near its current facility on the East Campus of Oak Ridge. Called the Multiprogram Computational Data Center, the buildings will be low and wide like giant warehouses, a design necessary for the dozens of computer cabinets that will compose an exaflop-scale machine, possibly arranged in a cluster to minimize the distance between circuits. According to a presentation delivered to DOE employees in 2009, it will be an ?unassuming facility with limited view from roads,? in keeping with the NSA?s desire for secrecy. And it will have an extraordinary appetite for electricity, eventually using about 200 megawatts, enough to power 200,000 homes. The computer will also produce a gargantuan amount of heat, requiring 60,000 tons of cooling equipment, the same amount that was needed to serve both of the World Trade Center towers. > > In the meantime Cray is working on the next step for the NSA, funded in part by a $250 million contract with the Defense Advanced Research Projects Agency. It?s a massively parallel supercomputer called Cascade, a prototype of which is due at the end of 2012. Its development will run largely in parallel with the unclassified effort for the DOE and other partner agencies. That project, due in 2013, will upgrade the Jaguar XT5 into an XK6, codenamed Titan, upping its speed to 10 to 20 petaflops. > > Yottabytes and exaflops, septillions and undecillions?the race for computing speed and data storage goes on. In his 1941 story ?The Library of Babel,? Jorge Luis Borges imagined a collection of information where the entire world?s knowledge is stored but barely a single word is understood. In Bluffdale the NSA is constructing a library on a scale that even Borges might not have contemplated. And to hear the masters of the agency tell it, it?s only a matter of time until every word is illuminated. > > James Bamford (washwriter at gmail.com) is the author of The Shadow Factory: The Ultra-Secret NSA from 9/11 to the Eavesdropping on America. > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 16 07:12:35 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 16 Mar 2012 08:12:35 -0400 Subject: [Infowarrior] - China Corporate Espionage Boom Knocks Wind Out of U.S. Companies Message-ID: <502CE23B-DAFE-4D11-8C10-7247885CEE65@infowarrior.org> China Corporate Espionage Boom Knocks Wind Out of U.S. Companies By Michael A. Riley and Ashlee Vance - Mar 15, 2012 http://www.bloomberg.com/news/print/2012-03-15/china-corporate-espionage-boom-knocks-wind-out-of-u-s-companies.html Last June, three men squeezed inside a wind turbine in China?s Gobi Desert. They were employees of American Superconductor Corp., a maker of computer systems that serve as the electronic brains of the device. From time to time, AMSC workers are required to head out to a wind farm in some desolate location -- that?s where the wind usually is -- to check on the equipment, do maintenance, make repairs, and keep the customers happy. On this occasion, the AMSC technicians were investigating a malfunction. They entered the cylindrical main shaft of the turbine, harnessed themselves to a ladder, and climbed 230 feet in darkness up to the nacelle, an overpacked compartment that holds the machinery used to convert the rotation of the blades into electricity. Devens, Massachusetts-based AMSC had been using the turbine, manufactured by the company?s largest customer, China?s Sinovel Wind Group Co. (601558), to test a new version of its control system software. The software was designed to disable the turbine several weeks earlier, at the end of the testing period. But for some reason, this turbine ignored the system?s shutdown command and the blades kept right on spinning. The AMSC technicians tapped into the turbine?s computer to get to the bottom of the glitch. The problem wasn?t immediately clear, so the technicians made a copy of the control system?s software and sent it to the company?s research center in Klagenfurt, Austria, which produced some startling findings, Bloomberg Businessweek reports in its March 19 issue. The Sinovel turbine appeared to be running a stolen version of AMSC?s software. Worse, the software revealed Beijing-based Sinovel had complete access to AMSC?s proprietary source code. In short, Sinovel didn?t really need AMSC anymore. Bad News Three days after that expedition in the Gobi, Daniel McGahn, AMSC?s chief executive officer, got the news on his mobile phone while he was traveling in Russia. Hired in 2006, McGahn helped revamp the then-floundering company by focusing it on two things: China and wind power. Those bets paid off for a while, as Sinovel bought more and more turbine controllers from AMSC. Then in March 2011, Sinovel abruptly and inexplicably began turning away AMSC?s shipments at its enormous turbine assembly factory in Liaoning province. On April 5, AMSC had no choice but to announce that Sinovel -- now its biggest customer, accounting for more than two-thirds of the company?s $315 million in revenue in 2010 -- had stopped making purchases. Investors fled, erasing 40 percent of AMSC?s value in a single day and 84 percent of it by September. The company?s stock chart looks like the electrocardiogram of a person rushing toward white light. Sinovel Relationship On June 15, standing in a St. Petersburg office tower, McGahn listened to the report from the Austrian team for 30 minutes and felt the blood drain from his face. He had been trying for months to save the relationship with Sinovel and was making almost no progress. By the time he ended the call from his Austrian team, he knew why. What McGahn says happened to AMSC may be incredibly brazen, but it?s hardly exceptional. There have been a large number of corporate spying cases involving China recently, and they are coming to light as President Barack Obama and the U.S., along with Japan and the European Union, have filed a formal complaint to the World Trade Organization over China?s unfair trading practices. The complaint includes the hoarding of rare earths, the metals required for the manufacture of other green energy technologies such as batteries for hybrid vehicles. Far-Reaching Campaign In November, 14 U.S. intelligence agencies issued a report describing a far-reaching industrial espionage campaign by Chinese spy agencies. This campaign has been in the works for years and targets a swath of industries: biotechnology, telecommunications, and nanotechnology, as well as clean energy. One U.S. metallurgical company lost technology to China?s hackers that cost $1 billion and 20 years to develop, U.S. officials said last year. An Apple Inc. (AAPL) global supply manager pled guilty in 2011 to funneling designs and pricing information to China and other countries; a Ford Motor Co. (F) engineer was sentenced to six years in prison in 2010 for trying to smuggle 4,000 documents, including design specs, to China. Earlier this month, the National Aeronautics and Space Administration told Congress that China-based hackers had gained access to sensitive files stored on computers at the Jet Propulsion Laboratory. As the toll adds up, political leaders and intelligence officials in the U.S. and Europe are coming to a disturbing conclusion. ?It?s the greatest transfer of wealth in history,? General Keith Alexander, director of the National Security Agency, said at a security conference at New York?s Fordham University in January. Covering Digital Tracks In other espionage cases, such as those involving Google Inc. (GOOG), Lockheed Martin Corp. (LMT) and DuPont Co., thieves did a far better job of covering their digital tracks. Sinovel, however, was caught red-handed. AMSC has presented to law enforcement officials in Austria and China computer logs and messages that show Sinovel courting one of the U.S. company?s employees and paying him to aid in the code heist. ?It?s a red-hot smoking gun example,? said John Kerry, chairman of the Senate Foreign Relations Committee and the Democratic U.S. senator from AMSC?s home state. ?If this is the way the Chinese choose to do business, it?s going to be very contentious and tough sledding ahead for this relationship.? Intellectual Property Abuses U.S. politicians and corporate executives have groused about China?s intellectual property abuses for years, to little effect. China often promises to take a harder stance against such thefts but rarely backs up the words with actions. For example, Chinese officials have promised to crack down on the theft of Microsoft Corp.?s (MSFT) Windows operating system; the company said it?s still seeing mass downloads of its software that were never paid for. McGahn, though, has taken a highly unusual step. He decided to fight back -- in China. AMSC has filed four complaints against Sinovel in Chinese courts -- where Sinovel has a steep home-field advantage -- seeking $1.2 billion in damages. Sinovel has filed its own countersuits claiming AMSC owes it $207 million for problems including defective equipment. Sinovel declined to make its chairman available for an interview or to comment for this story. And because Chinese courts don?t make legal documents available to the public, it wasn?t possible to read Sinovel?s counterclaims. ?How China responds to this is going to be central to how they respond to other issues of concern between us,? Kerry said. Superconductive Material AMSC was founded in 1987 by four professors at the Massachusetts Institute of Technology. The idea was to develop power transmission lines made from cooled superconductive material, which dramatically reduces energy loss. At the time, superconductivity looked like science?s latest gift to big business. But the technology has never quite lived up to those early hopes, and AMSC?s business wallowed in the red for decades. In 2006 the company hired McGahn, a gregarious executive with a master?s degree in marine engineering from MIT, as a vice president charged with exploring new businesses. As McGahn surveyed AMSC?s technology, he focused on the company?s research into wind-turbine control systems. A modern 1.5-megawatt turbine is the equivalent of a 160-ton, high- performance pinwheel. Each gets stuffed with as much as $200,000 worth of electronics, including a power converter and what?s called a programmable logic controller, an industrial computer the size of a couple of cigarette cartons. These devices are used to do everything from filling up the bottles in a Budweiser brewery to controlling valves in oil pipelines. In the case of turbines, they can rapidly adjust the yaw and pitch of blades, among other functions. McGahn sensed an opportunity to take this technology and capitalize on China?s efforts to harvest energy from the wind. Clean Energy Law The same year AMSC hired McGahn, China passed a clean energy law calling for the creation of seven 10,000-megawatt wind farms in strategic zones throughout the country, including Gansu, Zhejiang, Inner Mongolia, and Jiangsu provinces. The law made China the hottest wind market in the world. In 2009, according to a U.S. wind industry report, a new turbine was going up in China every hour. By 2020 just one of those wind farms may produce as much power as 10 nuclear power reactors. AMSC began packaging the electronic components and selling them to China?s small but growing domestic manufacturers, which had plenty of capital and cheap labor to make the turbines? steel skeletons but lacked the sophisticated gadgetry to run them. The arrangement was working the way it was supposed to: China would turn out the commodity hardware -- the turbines -- and a U.S. company would retain control of the high-margin intellectual capital-end of the business. ?Symbiotic Relationship? ?We always saw it as a symbiotic relationship of having China?s low-manufacturing cost coupled with Western technology,? McGahn said. ?We would grow as they grew.? McGahn was well aware of the dangers of working with Chinese companies, which have become notorious for cutting out their partners after squeezing them for technology through transfer agreements and other means. Now 40, McGahn built a career out of taking technology startups and building them into revenue generators, often by finding customers among Asian manufacturers. He used this approach with nanotube plastics for auto parts at a Cambridge, Massachusetts-based company called Hyperion Catalysis International and with photovoltaic film at Lowell-based Konarka Technologies. Before arriving at AMSC, he had worked in Japan and South Korea and said he succeeded by carefully sizing up both partners and rivals. McGahn likes to tell people that almost all of history?s wars started because political leaders misunderstood their adversaries. ?I spend an inordinate amount of time studying my counterparts,? he said. Secure Barriers If McGahn was going to bet AMSC?s future on partnerships with Chinese companies, he wanted secure barriers around its intellectual property. He designed AMSC?s China operations -- in fact, reorganized much of the company -- with that in mind. To hire AMSC?s first 30 employees in China, McGahn interviewed 400 people, handpicking the ones he thought he could trust. When AMSC opened a factory in China?s Jiangsu province to assemble power converters, McGahn made sure firmware and other technology-rich components were built in factories in the U.S. and then shipped to Asia. Software was sequestered at the company?s research facility in Austria, which has a booming clean energy sector much like Germany?s. The source code to AMSC?s control system software sits on a secure server in Klagenfurt. To protect the code from hackers, the server isn?t accessible from the Internet. Strategy From Beginning ?The idea of dividing up the intellectual property part of the content and not having them in China was part of the strategy from the beginning,? he said. McGahn thought he?d planned for every contingency to keep AMSC safe. He also believed the company could find a way to have both partners benefit. He was wrong on both counts. Chinese businesses have proven very good at copying Western goods and methods. This even appears to be true of espionage itself. China didn?t invent intellectual property theft; it?s just doing it on an unprecedented scale. Willy Shih, a professor at Harvard Business School who has testified before Congress about business dealings between the U.S. and China, takes a historical view of intellectual property theft. In the 1870s, American textile companies would send employees to work in British factories. They would take notes on textile equipment and bring back the information. The Russians and East Germans stole U.S. computer and chip designs during the Cold War. ?And similar things have been true of Korean companies and Japanese companies,? said Shih. ?I would argue that it?s a normal development pattern.? Good Timing China?s been helped by good timing. It?s emerging as a global economic power at a time when nearly every secret worth stealing sits on a computer server. U.S. intelligence agencies fear that Chinese spies have already siphoned terabytes of data from thousands of Western companies. Stealing information, however, isn?t the same as being able to use it. The Soviets ended up generations behind their U.S. rivals in computing technology because they couldn?t advance the cloned equipment fast enough. Shih said that for the Chinese to succeed at the current game, they will need to build a research and development culture that can supersede their skills at mimicry. ?Many countries go through an imitation phase, but the real challenge is moving to an innovation phase,? he said. Found a Shortcut Sinovel, arguably, found a shortcut to get there. Han Junliang, Sinovel?s president, is 47 and wears thin-rimmed glasses below thick hair parted in the middle. His rather drab profile doesn?t match his status as one of China?s most famous entrepreneurs. He rose over 17 years through the ranks of a state-owned manufacturer, Dalian Heavy Industry Group Co., which builds steel-rolling equipment and other massive machinery. He eventually became chairman of an electrical equipment division. When Han left in 2006 to start Sinovel, Dalian Heavy was among the company?s major shareholders and its biggest benefactor. Han himself has a 13.3 percent stake in Sinovel through an investment that included personal loans and other means, according to company documents and wind energy experts. Unlike some of its Chinese rivals, there are no tennis courts or Ping-Pong tables at Sinovel. The company isn?t focused on amenities, just rapid and relentless growth. Workers assembling the massive turbine bodies in the hangar-size factory in the northern province of Liaoning wear coats and hats on the plant floor because the facility isn?t heated. In less than four years, Han has made the company into the second-largest turbine maker in the world, after the Danish manufacturer Vestas Wind Systems A/S. (VWS) Not Alone He didn?t do it alone. Sinovel is one of the best-connected clean energy companies in China. Among its major investors is the private equity group New Horizon Capital (NEHICZ), co-founded by Wen Yunsong, also known as Winston Wen, son of China?s premier, Wen Jiabao. Han was also close to Zhang Guobao, until recently head of China?s powerful National Energy Administration. According to a former U.S. diplomat, who didn?t want to be named because he still works in China, Han?s relation to Zhang may have given him an early look at yet-to-be-published government regulations and provided Sinovel preference in the kinds of turbines chosen to power the state-planned wind farms. When China finalized bids for a mega-wind project in 2008, Sinovel won 47 percent of the deal, by far the biggest share of any manufacturer. ?Han seems to have ridden the wave just perfectly,? said Louis Schwartz, president of China Strategies, a firm that advises Western companies on China?s wind sector. Visible Flaws By late 2010 there were visible flaws in China?s wind power industry. The first was the production quality of the turbines. Since the government planners demanded quantity, and not performance, wind farm developers tended to cut corners. Thousands of China?s turbines lack the more expensive technology that keeps them operating when there is a disturbance on the power grid. In April 2011, wind farms totaling 1,346 turbines shut down suddenly, a major technical failure that caused disruptions on the electricity grid of two provinces. The second problem was oversupply, which persists to this day. China has ended up with more than 80 wind turbine manufacturers in a market that analysts believe can support about 10. The price of a 1.5-megawatt turbine in the country has dropped about 40 percent and continues to fall, placing enormous pressure on Han and his company. Sinovel had signed multiyear contracts with AMSC, keeping what his company paid for a turbine?s electronics suite steady even as Sinovel?s prices plummeted. AMSC?s products accounted for about 12 percent of a Sinovel turbine?s cost in 2008, according to public filings. By 2011 they made up 18 percent, said Schwartz, the U.S. consultant. ?See The Motivation? ?You can see the motivation to acquire that technology,? he said. ?Everybody was getting squeezed except AMSC.? The semi-trailer load of ASMC electronic components that Sinovel turned away March 31 was worth $70 million, and the U.S. company claims it?s owed another $70 million for components already shipped. Sinovel and AMSC had several supply contracts extending to 2013 that together were worth more than $700 million. That all adds up to a very large chunk of AMSC?s current and future revenue stream. The one piece of leverage that AMSC thought it had until last June was proposed regulations in China that will require existing wind turbines to be retrofitted with an updated technology called ?low voltage ride through,? or LVRT. LVRT capability keeps turbines from shutting down when there is a large voltage dip on the grid, which can occur from little more than a tree falling on a transmission line. The technology would have prevented the April wind farm shutdowns. Even if Sinovel wanted to renege on its contracts, all its existing 1.5-megawatt turbines were powered by AMSC electronics. If the company wanted the upgraded LVRT software, Sinovel would have to come to the table. Different Plan Han apparently had a different plan in mind. According to court documents, in 2010, Sinovel began recruiting Dejan Karabasevic, a Serbian software engineer who worked at AMSC?s research facility in Klagenfurt. In December, Karabasevic sent his existing contract with AMSC to Sinovel employees for review; by January 2011, Sinovel was hunting for an apartment for him in Beijing. Once in China, the engineer was pressed to create software that could go on existing turbines as quickly as possible, using source code taken from AMSC?s server in Austria. For five days beginning May 10, Karabasevic said in a confession to Austrian police, he worked steadily in his Beijing apartment and then traveled to a wind farm with three Sinovel employees to test the code in working turbines. By June it was done. Pleaded Guilty Karabasevic, who pleaded guilty, was sentenced in September to 1 year in jail and two years probation for distribution of trade secrets. His attorney, Gunter Huainigg, declined further comment. In court filings in a Beijing copyright infringement case, one of the four theft-related cases filed by AMSC in China, the company said it has evidence that the stolen code was already in more than 1,000 Sinovel turbines by July. McGahn said he assumes it?s been installed in many more since. Beginning in October, Sinovel filed two countersuits totaling $207 million, claiming it stopped accepting the company?s electronics because of quality problems. In hindsight, it now appears that Han never planned to fulfill the kind of long-term partnership McGahn had envisioned. In 2010, Han helped create a company called Dalian Guotong Electric, making himself chairman and giving Sinovel a 20 percent stake. Swapped Out When AMSC investigators opened up a Sinovel turbine in a second location in July, they found that an AMSC power converter had been swapped out and replaced with a nearly identical one made by Guotong. It was running on a version of AMSC?s control system software obtained the year before by Sinovel and decrypted by its engineers. It looks like Han wanted to make Guotong Electric the Chinese version of AMSC. Last June, after AMSC promoted McGahn from vice president to CEO, the executive began to learn the full extent of how wrong he was about Sinovel. As investigators scrambled to determine who had stolen the control system source code, they narrowed the possibilities down to three people, all of whom worked at the Klagenfurt research facility. According to interviews with people involved in the investigation and a review of court documents, log files showed that the altered code had been uploaded onto the Sinovel turbine on two different days, June 2 and June 10. Two of the employees weren?t in China at that time. Vacation Days The third, Karabasevic, had given notice at the end of March and started using vacation days the company still owed him. One of AMSC?s most valuable software engineers, Karabasevic and his bosses had agreed he would stay in touch as they looked for a replacement, so he retained a company e-mail account. The investigators discovered he was accessing the e-mail from computers in China. Next, they overlaid the computer addresses with offices, production facilities, and wind sites linked to Sinovel. The data sets matched. In addition to its internal checks, AMSC brought in a consulting firm that specializes in white-collar crime. The company hired a private investigator to tail Karabasevic in Beijing. Forensics experts examined his company laptop and recovered data he had attempted to wipe from the machine. This led to the discovery of hundreds of messages about the code exchanged between Karabasevic and three Sinovel employees, including one e-mail in which the engineer sent AMSC?s source code to his Sinovel counterpart. Austrian Authorities AMSC eventually turned this evidence over to Austrian authorities who took Karabasevic into custody. He admitted to being courted over several months by Sinovel, and to reprogramming the turbine-control system code from a Beijing apartment Sinovel provided him. In a locked closet inside the apartment, investigators found a six-year, $1.7 million consulting contract with Sinovel and a related company. The signature on the contract belonged to Han Junliang. In terms of outright theft of intellectual property, there is growing evidence that China?s intelligence agencies are involved, as attacks spread from hits on large technology companies to the hacking of startups and even law firms. ?The government can basically put their hands in and take whatever they want,? said Michael Wessel, who sits on the U.S.- China Economic and Security Review Commission that reports to Congress. ?We need to take more actions and protect our intellectual property.? Deflated Bubble Those actions may create unexpected difficulties for Sinovel in using AMSC?s stolen code. At the end of 2010, as China?s wind-power bubble deflated, Sinovel had $1.7 billion in unsold inventory and was owed $2 billion by its customers. The obvious solution is to increase sales by looking overseas, part of Sinovel?s long-term strategy in any case. The Chinese company?s first major international deal, a contract in Ireland with Dublin-based Mainstream Renewable Power Ltd., was shelved last year after AMSC made its software theft public. If Sinovel does export turbines with the stolen code, AMSC said it can file lawsuits in those markets as well. So far neither Sinovel nor China?s government is giving any ground. Police in Beijing, after reviewing a case file provided by AMSC, declined to open a criminal investigation against three Sinovel employees named by Karabasevic. In the weeks leading up to the Feb. 24 arbitration hearing in Beijing, the pressure on McGahn and his company has grown. A fire in a turbine belonging to another AMSC customer in China killed two people, and a Chinese media report, citing an anonymous source, blamed AMSC?s components. Jason Fredette, an AMSC spokesman, said that based on information the company has obtained, its electronics weren?t at fault. Cyberattack The day after the press report, AMSC computer networks in Devens were hit by a cyberattack. Forged e-mails were sent to a handful of company executives; they contained spyware designed to copy confidential data, including documents and internal communications. Fredette said e-mails were expertly crafted and had a fake link to a story about Sinovel?s troubles, a bit of irony inserted by the attackers. The U.S. Federal Bureau of Investigation is investigating the incident. McGahn said he still wants to do business in China. But even if the company never sells another component there, he contends AMSC will survive. He has since moved to secure deals in Russia and is eyeing India as the next big wind market. In the meantime, McGahn has been schooled about doing business in China in a way he never imagined. ?I used to be a Sinophile,? McGahn said, then pauses for a long exhale. ?I don?t know what I am now.? To contact the reporters on this story: Michael A. Riley in Washington at michaelriley at bloomberg.net; Ashlee Vance in Palo Alto, California, at avance3 at bloomberg.net. To contact the editor responsible for this story: Michael Hytha at mhytha at bloomberg.net; Josh Tyrangiel at jtyrangiel at bloomberg.net. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 17 10:35:12 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 17 Mar 2012 11:35:12 -0400 Subject: [Infowarrior] - Netflix Terms of Service Invalidates Your Right To Sue Message-ID: <2A6798B0-813F-4C9F-B6EC-9DA23AA6335E@infowarrior.org> Netflix Terms of Service Invalidates Your Right To Sue Posted by timothy on Saturday March 17, @08:43AM from the but-you-agreed-didn't-you dept. http://yro.slashdot.org/story/12/03/17/0115200/netflix-terms-of-service-invalidates-your-right-to-sue New submitter ebombme writes "Netflix has decided to go the route of AT&T and others by trying to take away the rights of their users to form class action lawsuits against them. A copy of the new terms of use states 'These Terms of Use provide that all disputes between you and Netflix will be resolved by BINDING ARBITRATION. YOU AGREE TO GIVE UP YOUR RIGHT TO GO TO COURT to assert or defend your rights under this contract (except for matters that may be taken to small claims court). Your rights will be determined by a NEUTRAL ARBITRATOR and NOT a judge or jury and your claims cannot be brought as a class action. Please review the Arbitration Agreement below for the details regarding your agreement to arbitrate any disputes with Netflix.'" --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 18 09:20:21 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sun, 18 Mar 2012 10:20:21 -0400 Subject: [Infowarrior] - WH issues (& tried to bury?) interesting EO Message-ID: The EO for National Defense Resources Preparedness was released going into a weekend, and there's been no coverage of it in the MSM. -- rick (WH link: http://www.whitehouse.gov/the-press-office/2012/03/16/executive-order-national-defense-resources-preparedness) President Obama signs Executive Order allowing for control over all US resources By Kenneth Schortgen Jr, Finance Examiner http://www.examiner.com/finance-examiner-in-national/president-obama-signs-executive-order-allowing-for-control-over-all-us-resources On March 16th, President Obama signed a new Executive Order which expands upon a prior order issued in 1950 for Disaster Preparedness, and gives the office of the President complete control over all the resources in the United States in times of war or emergency. The National Defense Resources Preparedness order gives the Executive Branch the power to control and allocate energy, production, transportation, food, and even water resources by decree under the auspices of national defense and national security. The order is not limited to wartime implementation, as one of the order's functions includes the command and control of resources in peacetime determinations. < - > Executive Orders created for national defense and national preparedness are not new in American history, but in each instance they brought about a Constitutional crisis that nearly led standing Presidents to hold dictatorial power over the citizenry. During the Civil War, President Lincoln halted freedom of speech and freedom of the press, while at the same time revoking Habeas Corpus and the right to a fair trial under the sixth amendment. During World War I, when Congress refused to grant Woodrow Wilson extended power over resources to help the war effort, he invoked an Executive Order which allowed him complete control over businesses, industry, transportation, food, and other economic policies. < - > The Obama administration appears to be preparing for a long drawn out war in the Middle East, or at the very least, an expected crisis that will require the need to override Constitutional authority and claim dominion over all resources in the United States under the guise of national defense. With the rise in Disaster Preparedness growing for both individuals and states leading up to yesterday's Executive Order, the mood of the nation points strongly towards some event or disaster that will require massive preparations on a national as well as local scale. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 19 09:30:42 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Mar 2012 10:30:42 -0400 Subject: [Infowarrior] - When will TSA quit apologising? Message-ID: Another episode of TSA Screening Stupidity(tm) .... at what point will the agency be forced to change its processes instead of making its retroactive apologies (or Blogger Bob explanations) their default practice? -- rick Father's outrage as TSA subjects his wheelchair-bound three-year-old son to humiliating search... on his way to Disney By Daily Mail Reporter PUBLISHED: 00:54 EST, 19 March 2012 | UPDATED: 09:09 EST, 19 March 2012 http://www.dailymail.co.uk/news/article-2116881/TSA-subject-child-wheelchair-invasive-airport-security-tests-Chicago.html Passengers at airports can now avoid TSA pat downs, long lines and can carry liquids on board by paying $100. However, the TSA's new fast track 'Precheck' screening is likely to rile the family of a wheel-chair bound toddler who was recently subjected to invasive security checks. Unlike the background check passengers in the scheme, who will be able to skip screening, the three-year-old was stopped at O'Hare Airport in Chicago. The wheel-chair bound three-year-old boy was stopped at O'Hare Airport in Chicago and subjected to invasive checks Despite constant assurances from his father that 'everything is ok', he physically trembles with fear and asks his parents to hold his hand On his way to a family vacation in Disney, the terrified boy, who was in a cast for a broken leg, underwent an invasive pat down and was swabbed for explosive residue. Despite constant assurances from his father that 'everything is ok', he physically trembles with fear and asks his parents to hold his hand. His outraged father filmed the whole process and it has been posted on YouTube. < - > http://www.dailymail.co.uk/news/article-2116881/TSA-subject-child-wheelchair-invasive-airport-security-tests-Chicago.html From rforno at infowarrior.org Mon Mar 19 09:36:49 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Mar 2012 10:36:49 -0400 Subject: [Infowarrior] - TSA criminal incidents continue Message-ID: <8A454399-8300-41D2-9A24-316CA70D9678@infowarrior.org> Just from this morning's news (c/o Drudge) -- First we have the screen-the-toddler-in-a-wheelechair story. Add to that, Uniformed TSA screener busted in drug raid March 19, 2012 http://www.nypost.com/p/news/local/uniformed_tsa_screener_busted_in_RuJhwOv5tdqOWIgao5GMkI Former TSA agent from Baltimore County indicted on federal porn charges 03/18/2012 http://www.abc2news.com/dpp/news/crime_checker/baltimore_county_crime/former-tsa-agent-from-baltimore-county-indicted-on-federal-porn-charges With these clowns working to 'protect' us, I feel much safer about flying, don't you? ... but then TSA wants to offer you $100 to Fly Through the Airport via "PreCheck" to bypass screening (http://online.wsj.com/article/SB10001424052702303863404577281483630937016.html). So let me see if I get this right: TSA is asking us to pay them to "protect" our dignity when travelling, or else we get 'victimised' by their goon when we don't fork over some money. Wait a second -- isn't there a legal term for that ... what's it called......oh, yeah -- extortion. -- rick --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 19 14:35:21 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Mar 2012 15:35:21 -0400 Subject: [Infowarrior] - JPM closes Vatican bank account Message-ID: <4A40E433-BC45-4E57-851D-F17C3E7F0035@infowarrior.org> Vatican bank image hurt as JP Morgan closes account 12:02pm EDT * Latest in series of image problems for Vatican bank http://www.reuters.com/assets/print?aid=USL6E8EJ1F920120319 By Philip Pullella and Lisa Jucca VATICAN CITY/MILAN, March 19 (Reuters) - JP Morgan Chase is closing the Vatican bank's account with an Italian branch of the U.S. banking giant because of concerns about a lack of transparency at the Holy See's financial institution, Italian newspapers reported. The move is a blow to the Vatican's drive to have its bank included in Europe's "white list" of states that comply with international standards against tax fraud and money-laundering. The bank, formally known as the Institute for Works of Religion (IOR), enacted major reforms last year in an attempt to get Europe's seal of approval and put behind it scandals that have included accusations of money laundering and fraud. Italy's leading financial daily Il Sole 24 Ore reported at the weekend that JP Morgan Chase in Milan had told the IOR of the closing of its account in a letter on Feb. 15. The letter said the IOR's account in Italy's business capital would gradually be phased out starting on March 16 and closed on March 30. In Milan, JP Morgan Chase declined to comment and the Vatican also had no comment. It was not possible to contact IOR officials because Monday was a holiday in the Vatican. Il Sole said JP Morgan Chase informed the IOR that the account was being closed because the bank's Milan branch felt the IOR had failed to provide sufficient information on money transfers. The financial newspaper, which gave the number of the IOR account, said some 1.5 billion euros passed through it in about 18 months. It said the account was a "sweeping facility," meaning that it was emptied out at the end of each day with funds transferred to another IOR account in Germany. The closure move by JP Morgan Chase, which was also reported by two leading general newspapers on Monday - Corriere della Sera and La Stampa - was a further blow to the IOR, whose image has been tarnished by a string of scandals. In September, 2010, Italian investigators froze 23 million euros ($33 million) in funds in two Italian banks after opening an investigation into possible money-laundering. The bank said it did nothing wrong and was just transferring funds between its own accounts. The money was released in June 2011 but Rome magistrates are continuing their probe. "VATILEAKS" SCANDAL The public image of the bank has also been harmed by the so-called "Vatileaks" scandal, in which highly sensitive documents, including letters to Pope Benedict, were published in Italian media. Some of the leaked documents appear to show a conflict among top Vatican officials about just how transparent the bank should be about dealings that took place before it enacted its new laws. The IOR, founded in 1942 by Pope Pius XII, handles financial activities for the Vatican, for orders of priests and nuns, and for other Roman Catholic religious institutions. Last year, the Vatican adapted internal laws to comply with international standards on financial crime. The 108-acre sovereign state surrounded by Rome now complies with the rules of the Paris-based Financial Action Task Force (FATF). It also established an internal Financial Information Authority (FIA) along the lines of other countries and has committed to comply with international anti-money laundering standards and liaise with the group and law enforcement agencies. The IOR was entangled in the collapse 30 years ago of Banco Ambrosiano, with its lurid allegations about money-laundering, freemasons, mafiosi and the mysterious death of Ambrosiano chairman Roberto Calvi - "God's banker". The IOR then held a small stake in the Ambrosiano, at the time Italy's largest private bank and investigators alleged that it was partly responsible for the Ambrosiano's fraudulent bankruptcy. Several investigations have failed to determine whether Calvi, who was found hanging under Blackfriars Bridge near London's financial district, killed himself or was murdered. The IOR denied any role in the Ambrosiano collapse but paid $250 million to creditors in what it called a "goodwill gesture". --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 19 18:56:36 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Mar 2012 19:56:36 -0400 Subject: [Infowarrior] - Imminent "six strikes" Copyright Alert System needs antitrust scrutiny Message-ID: <7B3DD2CE-4B19-430D-837F-2C771689DE33@infowarrior.org> Op-ed: Imminent "six strikes" Copyright Alert System needs antitrust scrutiny By Sean M. Flaim | Published about 23 hours ago http://arstechnica.com/tech-policy/news/2012/03/op-ed-imminent-six-strikes-copyright-alert-system-needs-antitrust-scrutiny.ars With the "Copyright Alert System" going into operation over the next few months, major American ISPs will start sending out "strikes" to users accused of infringing copyrights online. Sean Flaim, who has just completed extensive research on the topic, argues that the system has real benefits?but it needs close supervision. The opinions expressed here do not necessarily represent those of Ars Technica. Eight months ago, content owners and Internet service providers (ISPs) agreed to the Copyright Alert System, a "six-strike" plan to reduce copyright infringement by Internet users. Under the system, ISPs will soon send educational alerts, hijack browsers, and perhaps even slow/temporarily block the Internet service of users accused of online infringement (as identified by content owners). At the time it was announced, some speculated that the proposed system might not be legal under the antitrust laws. Were they right? Recently, I completed a draft research paper where I explored the potential antitrust aspects of "six strikes" even further. There, I concluded that while the system has some promise for reducing online infringement, its private nature, combined with a lack of government oversight, raises significant antitrust concerns. It will require careful monitoring by regulators. Power plays Just what is antitrust law? If I had to explain antitrust in a single word, it would not be "competition"?it would be "power." The power to raise prices above a competitive level; the power to punish people who break your rules. Such power is something society usually vests in government. Antitrust law is in part concerned with private industry attempting to assert government-like power. In a democratic society, people can exert some control over government power at the ballot box. Private power cannot be controlled with the same sort of vote. Rather, private power only responds to consumer choice in the marketplace. When the marketplace fails to function correctly and lacks competitive pressure, nothing keeps companies from exerting private power in ways that benefit them. This hurts consumers overall. The Copyright Alert System represents a raw exercise of concerted private power. Content owners as a group have control over their product. They have leveraged this control to forge this agreement with ISPs, who need to work with content owners in order to offer content to their own users. ISPs, in turn, have power over us as users. When was the last time you looked into alternatives to your home Internet service? If you are like people in 75 percent of this country, only one truly high-speed broadband alternative will soon be available?your local cable television company. In most locations, that company has agreed to participate in the Copyright Alert System. Given that Internet companies have the power to determine how?and whether?consumers can access the Internet, this makes the Copyright Alert System even more problematic. The proposed system flips copyright on its head. In a normal copyright infringement claim, the copyright owner must first identify the alleged infringer and then sue them in court. Once there, the owner must prove that the alleged infringer downloaded, shared, or publicly performed a work without authorization. Not so in the Copyright Alert System. If a consumer gets to the point where an ISP is going to take an action, the consumer is given the option of participating in a private "due process" proceeding, provided they have $35 to spare. In the proceeding, the content owner is presumed to have both identified the copyrighted work correctly and correctly identified the alleged infringer. The burden of proof is on the consumer to prove them wrong. And the alleged infringer is even limited in the ways they can attempt to do that. In essence, the Copyright Alert System is an effort to privately rewrite copyright law to make an accused liable for infringement until proven innocent. What justifications do companies offer for taking these actions? For one, the companies assert the overall economic costs of piracy are too high. Yet when making these claims, they continue to assert fuzzy numbers which have not held up to any serious scrutiny. Further, implementing the Copyright Alert System is not "free" by any means. Investigators need to detect infringement, rightsholder need to oversee their investigators, and the ISPs need to implement a tracking and punishment system for users. Estimates range from $4 to $32 per notification sent, and those costs are not borne by the person receiving the notice. They are paid for by all of us, in the form of higher prices for both content and Internet service. In essence, the system places a tax on Internet service designed to benefit content owners without any corresponding benefit for the vast majority of consumers. Another justification the parties have given: the educational nature of the Copyright Alert System is preferable to the coercive nature of copyright infringement litigation. This is a valid point. The merits of such an arrangement, however, are directly related to whether a person has been accurately identified as an infringer. So far, content owners have not always acted in a fashion that instills confidence they can correctly identify infringing users or works at scale. That's extremely problematic when creating a system which presumes that identifications are correct, and that forces consumers to prove that they are not. Is "less government" a good thing? This isn't to say that the Copyright Alert System is necessarily a bad idea, in general. It is possible?even probable?that educational alerts will both reduce piracy and keep consumers out of federal court for minor charges. But the issue is the complete exclusion of the government from involvement; though the White House helped broker the deal, government power?and therefore democratic accountability and judicial oversight? are absent. Everyone agrees something needs to be done to lower the cost of copyright enforcement, but copyright is still a right that originates from the government. Ultimately that is where any relief for content owners should begin. In her recent book, Consent of the Networked (read our review), author Rebecca MacKinnon discusses how many consumers are now residents of "Facebookistan" and "Googledom," reminding us of the power these two companies hold over consumers. But this power pales in comparison to the power exercised over consumers by their local ISPs, which control the very pipes that connect people to Google and Facebook. Congress is the body that writes laws affecting interstate commerce. Antitrust, at least in part, offers protection against private companies doing the same. Recent reports indicate that the alert system, until now off to a slow start, will soon start affecting Internet users. Once it does, regulators must look closely to make sure the system lives up to its main promise as an educational tool rather than a system of vigilante justice. Sean Flaim is a recent graduate from the Catholic University of America, Columbus School of Law, where he specialized in antitrust, intellectual property, and communications law and policy. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 19 20:11:25 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 19 Mar 2012 21:11:25 -0400 Subject: [Infowarrior] - =?windows-1252?q?Rogers=92_=93Cybersecurity=94_Bi?= =?windows-1252?q?ll_Is_Broad_Enough_to_Use_Against_WikiLeaks_and_The_Pira?= =?windows-1252?q?te_Bay?= Message-ID: <17A88C62-7047-4994-8AF3-537FCC7FFE18@infowarrior.org> March 8, 2012 | By Rainey Reitman and Lee Tien Rogers? ?Cybersecurity? Bill Is Broad Enough to Use Against WikiLeaks and The Pirate Bay https://www.eff.org/deeplinks/2012/03/rogers-cybersecurity-bill-broad-enough-use-against-wikileaks-and-pirate-bay Congress is doing it again: they?re proposing overbroad regulations that could have dire consequences for our Internet ecology. The Cyber Intelligence Sharing and Protection Act of 2011 (H.R. 3523), introduced by Rep. Mike Rogers and Rep. Dutch Ruppersberger, allows companies or the government1 free rein to bypass existing laws in order to monitor communications, filter content, or potentially even shut down access to online services for ?cybersecurity purposes.? Companies are encouraged to share data with the government and with one another, and the government can share data in return. The idea is to facilitate detection of and defense against a serious cyber threat, but the definitions in the bill go well beyond that. The language is so broad it could be used as a blunt instrument to attack websites like The Pirate Bay or WikiLeaks. Join EFF in calling on Congress to stop the Rogers? cybersecurity bill. Under the proposed legislation, a company that protects itself or other companies against ?cybersecurity threats? can ?use cybersecurity systems to identify and obtain cyber threat information to protect the rights and property? of the company under threat. But because ?us[ing] cybersecurity systems? is incredibly vague, it could be interpreted to mean monitoring email, filtering content, or even blocking access to sites. A company acting on a ?cybersecurity threat? would be able to bypass all existing laws, including laws prohibiting telcos from routinely monitoring communications, so long as it acted in ?good faith.? The broad language around what constitutes a cybersecurity threat leaves the door wide open for abuse. For example, the bill defines ?cyber threat intelligence? and ?cybersecurity purpose? to include ?theft or misappropriation of private or government information, intellectual property, or personally identifiable information.? Yes, intellectual property. It?s a little piece of SOPA wrapped up in a bill that?s supposedly designed to facilitate detection of and defense against cybersecurity threats. The language is so vague that an ISP could use it to monitor communications of subscribers for potential infringement of intellectual property. An ISP could even interpret this bill as allowing them to block accounts believed to be infringing, block access to websites like The Pirate Bay believed to carry infringing content, or take other measures provided they claimed it was motivated by cybersecurity concerns. The language of ?theft or misappropriation of private or government information? is equally concerning. Regardless of the intent of this language, the end result is that the government and Internet companies could use this language to block sites like WikiLeaks and NewYorkTimes.com, both of which have published classified information. Online publishers like WikiLeaks are currently afforded protection under the First Amendment; receiving and publishing classified documents from a whistleblower is a common journalistic practice. While there?s uncertainty about whether the Espionage Act could be brought to bear against WikiLeaks, it is difficult to imagine a situation where the Espionage Act would apply to WikiLeaks without equally applying to the New York Times, the Washington Post, and in fact everyone who reads about the cablegate releases. But under Rogers' cybersecurity proposal, the government would have new, powerful tools to go after WikiLeaks. By claiming that WikiLeaks constituted ?cyber threat intelligence? (aka ?theft or misappropriation of private or government information?), the government may be empowering itself and other companies to monitor and block the site. This means that the previous tactics used to silence WikiLeaks?including a financial blockade and shutting down their accounts with online service providers?could be supplemented by very direct means. The government could proclaim that WikiLeaks constitutes a cybersecurity threat and have new, broad powers to filter and block communication with the journalistic website. Congress is intent on passing cybersecurity legislation this year, and there are multiple proposals in the House and the Senate under debate. But none is as poorly drafted and dangerously vague as the Rogers bill. We need to stop this bill in its tracks, before it can advance in the House and before the authors can negotiate to place this overbroad language into other cybersecurity proposals. Internet security is a serious problem that needs to be addressed. But we don?t need to sacrifice our civil liberties to do so. Help us safeguard the web by contacting Congress today. ? 1. Even though ?self-protected entities? are discussed in a section of the bill regarding the private sector, the bill actually defines a ?self-protected entity? as ?an entity, other than an individual, that provides goods or services for cybersecurity purposes to itself.? This language could well be interpreted to encompass the government. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 20 08:35:37 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Mar 2012 09:35:37 -0400 Subject: [Infowarrior] - TPB to Fly 'Server Drones' to Avoid Law Enforcement Message-ID: <62F25B65-C007-4E43-89A1-D04C2F498737@infowarrior.org> The Pirate Bay to Fly 'Server Drones' to Avoid Law Enforcement One of the world's largest BitTorrent sites is going to put servers on GPS-controlled aircraft drones in order to evade authorities who are looking to shut the site down http://www.usnews.com/news/articles/2012/03/19/the-pirate-bay-to-fly-server-drones-to-avoid-law-enforcement By Jason Koebler March 19, 2012 RSS Feed Print Unmanned Aerial Vehicle (UAV), also known as Unmanned Aircraft System (UAS). The world?s largest and most resilient BitTorrent site plans to redefine ?cloud computing? with a plan to move at least some of its servers onto unmanned drones miles above Sweden. In a Sunday blog post, The Pirate Bay announced new "Low Orbit Server Stations" that will house the site's servers and files on unmanned, GPS-controlled, aircraft drones. [Porn Companies File Mass Piracy Lawsuits] One of the sites administrators, MrSpock, said with the advent of miniature computers such as the Raspberry Pi, a $35 micro computer the size of a thumb drive that includes a WiFi and SD card slot for storage, the site can take its servers far from any law enforcement. ?We?re going to experiment with sending out some small drones that will float some kilometers up in the air,? MrSpock wrote. ?This way our machines will have to be shut down with aeroplanes in order to shut down the system. A real act of war.? The Swedish site has operated since 2003 by an ?anti-copyright organization? and despite numerous raids, remains one of the most popular music and movie pirating sites on the web. The site hosts thousands of ?torrent? files?tiny files that allow users to connect to and download files from other users. The system is one of the most popular ways to anonymously share large files and often comes under fire from copyright holders, who argue that the service allows people to easily share copyrighted movies, music, games and software. The site has repeatedly mocked American copyright laws and has said that American laws ?[do] not apply [in Sweden].? Earlier this year, four of its staffers were sentenced to Swedish prison. Last year, the site apparently moved some of its servers to a mountain cave complex in Sweden. ?Experiencing raids, espionage and death threats, we?re still here,? the site wrote in a blog post last month. ?We?ve been through hell and back and it has made us tougher than ever.? The move to hovering servers could make it nearly impossible for authorities to shut the site down, a fact not lost on the site?s administrators. ?We can?t limit ourselves to hosting things just on land anymore,? MrSpock wrote. ?When time comes we will host in all parts of the galaxy, being true to our slogan of being the galaxy?s most resilient system.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 20 08:37:10 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Mar 2012 09:37:10 -0400 Subject: [Infowarrior] - Hey NSA: Intercept THIS! Message-ID: Hey NSA: Intercept THIS! http://www.veteranstoday.com/2012/03/18/hey-nsa-intercept-this/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 20 09:20:16 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Mar 2012 10:20:16 -0400 Subject: [Infowarrior] - MPAA is *so* predictable it's pathetic Message-ID: <19416603-678E-4F20-A1FB-AC6F29BAD49B@infowarrior.org> What the MPAA really says here can be summed up thusly: "[By supporting Hotfile] Google is taking a different view on the law than ours, so we ask you to dismiss their brief." Wah Wah Wah. Google Files Amicus Brief in Hotfile Case; MPAA Requests It Be Rejected http://yro.slashdot.org/story/12/03/20/0053244/google-files-amicus-brief-in-hotfile-case-mpaa-requests-it-be-rejected --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 20 18:50:58 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 20 Mar 2012 19:50:58 -0400 Subject: [Infowarrior] - Video Speed Trap Lurks in New iPad Message-ID: <87724554-95BA-4392-9D82-BEFCE58DC7AB@infowarrior.org> ? TECHNOLOGY ? Updated March 20, 2012, 7:44 p.m. ET http://online.wsj.com/article/SB10001424052702303812904577293882009811556.html Video Speed Trap Lurks in New iPad Users Find the Superfast 4G Link Carries a Big Cost: Churning Through Data Limits in Mere Hours By ANTON TROIANOVSKI Brandon Wells got the new iPad last Friday, started wirelessly streaming March Madness games the next day and by Saturday night was out of gas. Two hours of college basketball?which he viewed mounted to his car dashboard and live at tournament games?had burned through his monthly wireless data allotment of two gigabytes. Excited users of the new iPad are finding there's a drawback to the blazing fast 4G connection offered by their new device: They burn through their data limits in as little as a day, Anton Troianovski reports on the News Hub. Photo: AP. Now, to keep surfing the Web or watch more NCAA hoops over Verizon Wireless's 4G network, Mr. Wells will have to pay an extra $10 for every gigabyte above his current $30 subscription. It has been only five days since users of Apple Inc.'s AAPL +0.81% newest iPad first took the device out of the box. Some are now finding just how quickly the promise of superfast wireless connections collides with the reality of what those services cost. "It's kind of a Catch-22," says Mr. Wells, a 31-year-old Web developer who decided to pony up for another gigabyte. "It streams really fast video, but by streaming really fast video you tend to watch more video, and that's not always best." Steven St. John for The Wall Street Journal Brandon Wells of Albuquerque, N.M., holding a portrait of himself on his iPad, is reconsidering how much mobile video to watch on the device. The iPad's new high-resolution screen and fast connection are specifically designed to spur greater use of online video?a long-stated goal for phone companies as well as technology purveyors such as Apple and Google Inc. GOOG -0.08% Telecom companies in particular are banking on mobile video to drum up demand for their new, fourth-generation networks and create new revenue streams as they adjust to the smartphone age. That means something has to give: Either consumers will have to get used to paying more or wireless carriers will come under pressure to change their pricing models. Verizon declined to comment on its pricing strategy, but said customers can pick higher-use plans or they can go easier on their data allotments by shifting to Wi-Fi networks when they are available. Those alternatives don't always line up well with what consumers want. Albert Park, a 24-year-old working at a start-up in Austin, Texas, tapped into the Wi-Fi network at a local caf? on Sunday to watch some YouTube videos on his iPad. The network turned out to be too slow for an uninterrupted stream, so Mr. Park switched to the high-speed mobile network operated by his service provider, AT&T Inc. T +0.44% For the next hour, Mr. Park watched concert videos and other clips and browsed social-media sites. On Tuesday, five days after getting the new iPad, he found he was already two-thirds of the way through his monthly allotment of 3 gigabytes of wireless data. "I'll probably avoid watching videos outside my home," Mr. Park concluded. AT&T declined to comment. Such decisions set up a quandary for wireless carriers, which are rolling out multibillion-dollar high-speed networks that use a technology called LTE. The technology promises to boost mobile download speeds by 10 times compared with third-generation networks, making it almost purpose-built for mobile video. Verizon Wireless, a joint venture of Verizon Communications Inc. VZ -0.05% and Vodafone Group VOD +2.66% PLC, has the nation's biggest LTE network, covering an area with more than 200 million people. AT&T's LTE network covers 74 million people. Both carriers' LTE networks are still growing, and Sprint Nextel Corp. S -0.36% and T-Mobile USA?which don't currently carry the iPad?also have plans to build LTE networks. The carriers, suffering from a decline in voice-calling revenues, hope that LTE boosts monthly bills for wireless service, and they charge by the amount of data consumed. Thirty dollars a month buys 2 gigabytes of data at Verizon and 3 gigabytes at AT&T. Mr. Park and Mr. Wells both say they're thinking about upgrading to $50-a-month plans, which buy 5 gigabytes of data at both AT&T and Verizon. But both say they're also reconsidering how much mobile video they watch on their device. "With LTE, the quality and the streaming is fantastic," Mr. Wells said. "But man, you're really limited in terms of the amount of content you can consume." Mr. Wells's father, Steve Wells, also hit his data limit on Saturday. While he was at the basketball game with his son, his wife was using his iPad as a video baby monitor for his granddaughter while she napped in another room. By the time the two were back from the game, the app had burned through his two gigabyte plan. "All the advantages of the iPad device are completely neutralized by the two gigabyte data limit," said Steve Wells, 56. What many consumers may not realize is the new iPad's faster LTE connection means they will use more data even if they don't change their 3G surfing habits. Take regular video: Verizon estimates that streaming it over an LTE connection runs through 650 megabytes an hour. That's double the amount of data used streaming the same video over a 3G link, because the fatter pipe lets more data through. On top of that, the new iPad's sharper screen will encourage some users to view videos in high-definition, which uses 2 gigabytes an hour on a 4G connection, according to Verizon. With users skittish about paying more, wireless carriers are likely to experiment with new pricing schemes as they try to squeeze more profits out of their new networks. AT&T, for example, is studying a plan to give app developers and content providers the option to pay for the mobile data their products use, thereby keeping those apps and videos from counting against a user's allotment of data, kind of like an 800-number for apps. That could help win more business from people like Cindy Bryant, a new iPad owner in Clyde, N.C. Ms. Bryant, a 45-year-old appliance saleswoman, got an email from Verizon Wireless on Monday alerting her that she had used up 90% of her mobile data allowance. Ms. Bryant, who doesn't have landline Internet access at home, figures she's approaching her limit because she downloaded lots of apps. She'd like to experiment with watching videos on her iPad, but says she won't before the next billing cycle comes around. "I'm going to put myself on a diet," Ms. Bryant says. Write to Anton Troianovski at anton.troianovski at wsj.com --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 21 06:41:57 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Mar 2012 07:41:57 -0400 Subject: [Infowarrior] - Video of TSA agent patting down child in wheelchair goes viral Message-ID: <5B992FF0-B0C5-423B-819E-5636C17D332C@infowarrior.org> Video of TSA agent patting down child in wheelchair goes viral http://blog.sfgate.com/sfmoms/2012/03/19/video-of-tsa-agent-patting-down-child-in-wheelchair-goes-viral/ A YouTube video of a 3-year-old boy who was wheelchair-bound with a broken leg while undergoing a TSA pat-down has gone viral, and sparked controversy. The footage of a crippled child is unsettling to watch, no doubt. This kid should have never gone through this. But as the video gains more attention in the national media, some are questioning whether the situation was exaggerated by the boy?s father, Chicago radio personality Matt DuBiel. DuBiel took the video and added commentary and a sensationalized title ?TSA nabs suspected Al Queda terrorist. ?Does this video take an unfair stab at the TSA? The incident happened in 2010, but the footage just popped up on YouTube over the weekend. DuBiel told the media that he decided to post the 3-minute clip when he was looking through old family videos. ?I [recently] watched the video with my 10-year-old and my heart start beating real fast,? DuBiel told Fox News. ?I started getting angry, a rash of emotions and then I had to explain to my 10-year-old what was happening and why I allowed it to happen.? The video quickly spread across the Internet and has been viewed more than 90,000 times. The video shows a TSA agent conducting a search by jostling the boy around in his chair. The agent takes swabs for explosive residue on the boy?s hands and under his shirt. It?s ridiculous that this helpless child is undergoing a pat-down, but the agent is friendly, the father cooperates, and the boy seems only a little shaken up. A reporter at the Chicago Tribune writes: ?All in all, the toddler, identified as a 3-year-old in the text, seemed to handle the pat-down well.? Commentary added to the video tells a more dramatic story about this boy who was on his way to Disney World in Orlando, Fl. with his family: For example, one caption reads: ?My little boy wanted me to come over to hold his hand and give him a hug. He was trembling with fear. I was told I could NOT touch him or come near him during this process. Instead we had to pretend this was ?ok? so he didn?t panic.? Was the boy truly terrified? SFGate checked in with DuBiel who says, ?The truth is, he was trembling. He was trembling significantly. It wasn?t something that was conveyed on camera but he was scared.? DuBiel thinks he could have done more to the video to make it dramatic such as music but he only added the captions. Over the past few years, several videos and photos of the TSA searching children have sparked public outrage. In 2010 a video of a 3-year-old screaming as an official searched her went viral. Last year, a photo of two agents patting down a baby?s diaper brought in thousands of page views. The TSA responded to the criticism in September 2011 by announcing that the agency would perform fewer and less-invasive pat-downs on children. If DuBiel?s child were to pass through security today in a wheelchair would he face a search? The TSA told the Chicago Tribune that they couldn?t answer that question. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 21 06:43:26 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Mar 2012 07:43:26 -0400 Subject: [Infowarrior] - City Water for All Message-ID: <8F1F3783-4E8A-402A-A921-D9B88D4F54A3@infowarrior.org> City Water for All http://www.project-syndicate.org/commentary/city-water-for-all VEVEY, SWITZERLAND ? How many people in the world?s towns and cities can drink the water in their tap without risking their health? The answer is probably impossible to determine. Indeed, the United Nations uses the term ?improved? sources of water to describe what is supplied in many urban areas around the world. Unfortunately, ?improved? does not always mean ?clean? or ?safe.? The 2012 update of the World Health Organization?s report Progress on Drinking Water and Sanitation estimates that at least 96% of urban dwellers in emerging economies like China, India, Thailand, and Mexico have access to ?improved? sources of water. And yet a study carried out by the Asian Institute of Technology found that less than 3% of Bangkok?s residents drink water directly from the tap, because they do not trust its quality. Visit any major city in an emerging economy, from Mexico City to Mumbai, and you will be hard pressed to find anyone who believes that the water piped into their homes is fit to drink. Estimates by the Third World Center for Water Management indicate that more than two billion people do not trust the quality of the water to which they have access. It doesn?t have to be like this. In the Cambodian capital of Phnom Penh, one official has shown that good management of this precious resource can make a difference. When Ek Sonn Chan became Director-General of the Phnom Penh Water Supply Authority nearly 20 years ago, the city had a dismal water supply, with nearly 83% lost to leakages and unauthorized connections. With a low-key but firm management style, Chan began to turn things around. He built up the Authority?s capacity by training and rewarding his most effective staff and refusing to tolerate corruption. After just a year on the job, the Authority?s technical and performance indicators started to improve. Fifteen years after he took over, annual water production had increased by more than 400%, the water distribution network had grown by more than 450%, and the customer base had increased by more than 650%. Today, the Authority says that there are no unauthorized connections in Phnom Penh. Losses from the water system are just over 5%, similar to what one would find in Singapore or Tokyo, two of the best water-supply systems in the world. Thames Water, a utility in Britain, reported losses in 2010 that were five times that rate. By most performance indicators, Phnom Penh now has a better water-supply system than London or Washington, DC. Perhaps more remarkable is that Phnom Penh?s water-supply business model works. All consumers are metered, and both rich and poor pay for the water that they consume, which costs 60-80% less than it did when people bought untreated water from private street vendors, an unreliable source in more ways than one. Today, the city?s poorest households receive drinkable piped water around the clock. The Authority recovers all of its operating costs from tariffs, and must depreciate its assets with time. More than 94% of supplied water is billed, and the collection rate has been close to 100% for more than ten years. The Authority shows that good management of urban water resources is not only financially viable in emerging economies, but also benefits the whole population. All people have a right to the water that they need for drinking, cooking, and cleaning. And yet, around the world, political and business leaders still make excuses for the lack of clean and safe drinking water in our towns and cities. The arguments are well rehearsed: water scarcity, lack of investment funds, the inability of the poor to pay for water, and inadequate access to technology. But, in our view, these claims are merely attempts to hide real problems. Poor governance is no excuse. Neither is the absence of political will to charge people for the water that they consume, even if doing so would ensure a more reliable supply. Cambodia has shown that you can achieve a great deal within a decade. If Phnom Penh ? with all of its financial, technical, and institutional challenges ? can do it, why not other urban centers in emerging markets elsewhere? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 21 06:51:42 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Mar 2012 07:51:42 -0400 Subject: [Infowarrior] - Some employers ask job seekers to share their Facebook logins Message-ID: From the article: "Sears Holdings Inc. spokeswoman Kim Freely said using a Facebook profile to apply allows Sears to be updated on the applicant?s work history.....The company assumes ?that people keep their social profiles updated to the minute, which allows us to consider them for other jobs in the future or for ones that they may not realize are available currently,? she said." So if one replies "I don't have a Facebook account" does that instantly imply they're lying or hiding from something in their social circle? What if people don't update their accounts "to the minute"? Again, the hiring firm is assuming FAR more than they should. -- rick Resume, references, password: Some employers ask job seekers to share their Facebook logins By Associated Press, Published: March 20 http://www.washingtonpost.com/national/resume-references-password-job-seekers-get-asked-in-interviews-to-provide-facebook-logins/2012/03/20/gIQAVlNhOS_print.html SEATTLE ? When Justin Bassett interviewed for a new job, he expected the usual questions about experience and references. So he was astonished when the interviewer asked for something else: his Facebook username and password. Bassett, a New York City statistician, had just finished answering a few character questions when the interviewer turned to her computer to search for his Facebook page. But she couldn?t see his private profile. She turned back and asked him to hand over his login information. Bassett refused and withdrew his application, saying he didn?t want to work for a company that would seek such personal information. But as the job market steadily improves, other job candidates are confronting the same question from prospective employers, and some of them cannot afford to say no. In their efforts to vet applicants, some companies and government agencies are going beyond merely glancing at a person?s social networking profiles and instead asking to log in as the user to have a look around. ?It?s akin to requiring someone?s house keys,? said Orin Kerr, a George Washington University law professor and former federal prosecutor who calls it ?an egregious privacy violation.? Questions have been raised about the legality of the practice, which is also the focus of proposed legislation in Illinois and Maryland that would forbid public agencies from asking for access to social networks. Since the rise of social networking, it has become common for managers to review publically available Facebook profiles, Twitter accounts and other sites to learn more about job candidates. But many users, especially on Facebook, have their profiles set to private, making them available only to selected people or certain networks. Companies that don?t ask for passwords have taken other steps ? such as asking applicants to friend human resource managers or to log in to a company computer during an interview. Once employed, some workers have been required to sign non-disparagement agreements that ban them from talking negatively about an employer on social media. Asking for a candidate?s password is more prevalent among public agencies, especially those seeking to fill law enforcement positions such as police officers or 911 dispatchers. Back in 2010, Robert Collins was returning to his job as a correctional officer at the Maryland Department of Public Safety and Correctional Services after taking a leave following his mother?s death. During a reinstatement interview, he was asked for his login and password, purportedly so the agency could check for any gang affiliations. He was stunned by the request but complied. ?I needed my job to feed my family. I had to,? he recalled. After the ACLU complained about the practice, the agency amended its policy, asking instead for job applicants to log in during interviews. ?To me, that?s still invasive. I can appreciate the desire to learn more about the applicant, but it?s still a violation of people?s personal privacy,? said Collins, whose case inspired Maryland?s legislation. Until last year, the city of Bozeman, Mont., had a long-standing policy of asking job applicants for passwords to their email addresses, social-networking websites and other online accounts. And since 2006, the McLean County, Ill., sheriff?s office has been one of several Illinois sheriff?s departments that ask applicants to sign into social media sites to be screened. Chief Deputy Rusty Thomas defended the practice, saying applicants have a right to refuse. But no one has ever done so. Thomas said that ?speaks well of the people we have apply.? When asked what sort of material would jeopardize job prospects, Thomas said ?it depends on the situation? but could include ?inappropriate pictures or relationships with people who are underage, illegal behavior.? In Spotsylvania County, Va., the sheriff?s department asks applicants to friend background investigators for jobs at the 911 dispatch center and for law enforcement positions. ?In the past, we?ve talked to friends and neighbors, but a lot of times we found that applicants interact more through social media sites than they do with real friends,? said Capt. Mike Harvey. ?Their virtual friends will know more about them than a person living 30 yards away from them.? Harvey said investigators look for any ?derogatory? behavior that could damage the agency?s reputation. E. Chandlee Bryan, a career coach and co-author of the book ?The Twitter Job Search Guide,? said job seekers should always be aware of what?s on their social media sites and assume someone is going to look at it. Bryan said she is troubled by companies asking for logins, but she feels it?s not a violation if an employer asks to see a Facebook profile through a friend request. And she?s not troubled by non-disparagement agreements. ?I think that when you work for a company, they are essentially supporting you in exchange for your work. I think if you?re dissatisfied, you should go to them and not on a social media site,? she said. More companies are also using third-party applications to scour Facebook profiles, Bryan said. One app called BeKnown can sometimes access personal profiles, short of wall messages, if a job seeker allows it. Sears is one of the companies using apps. An applicant has the option of logging into the Sears job site through Facebook by allowing a third-party application to draw information from the profile, such as friend lists. Sears Holdings Inc. spokeswoman Kim Freely said using a Facebook profile to apply allows Sears to be updated on the applicant?s work history. The company assumes ?that people keep their social profiles updated to the minute, which allows us to consider them for other jobs in the future or for ones that they may not realize are available currently,? she said. Facebook declined to comment except for issuing a brief statement declaring that the site forbids ?anyone from soliciting the login information or accessing an account belonging to someone else.? Giving out Facebook login information also violates the social network?s terms of service. But those terms have questionable legal weight, and experts say the legality of asking for such information remains murky. The Department of Justice regards it as a federal crime to enter a social networking site in violation of the terms of service, but during recent congressional testimony, the agency said such violations would not be prosecuted. Lori Andrews, a law professor at IIT Chicago-Kent College of Law specializing in Internet privacy, is concerned about the pressure placed on applicants, even if they voluntarily provide access to social sites. ?Volunteering is coercion if you need a job,? Andrews said. Twitter did not respond to repeated requests for comment. In New York, Bassett considered himself lucky that he was able to turn down the consulting gig at a lobbying firm. ?I think asking for account login credentials is regressive,? he said. ?If you need to put food on the table for your three kids, you can?t afford to stand up for your belief.? ___ McFarland reported from Springfield, Ill. ___ Manuel Valdes can be reached at https://twitter.com/ByManuelValdes . Shannon McFarland can be reached at https://twitter.com/shanmcf . Copyright 2012 The Associated Press. All rights reserved. This material may not be published, broadcast, rewritten or redistributed. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 21 06:59:33 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Mar 2012 07:59:33 -0400 Subject: [Infowarrior] - Copyright Treaty Requires Congressional Support, Senator Says Message-ID: <2CA29B5A-7774-45AD-9E3A-0D9DBF804B1F@infowarrior.org> Copyright Treaty Requires Congressional Support, Senator Says ? By David Kravets ? http://www.wired.com/threatlevel/2012/03/acta-congressional-approval/ ? March 20, 2012 | ? 5:12 pm | ? Categories: intellectual property, politics Sen. Ron Wyden (D-Oregon) says the Obama administration must secure congressional approval for the United States to participate in an international anti-piracy treaty, a position at odds with the president. The accord, known as the Anti-Counterfeiting Trade Agreement, exports on participating nations an intellectual-property enforcement regime resembling the one in the United States. Neither the United States nor any other country has ratified the deal, which was brokered by both the President George W. Bush and the President Barack Obama administrations and finalized in October. ?I believe Congress should approve binding international agreements before the U.S. is obligated to comply with those agreements. This a point where the administration and I disagree and is particularly true on matters that impact our nation?s ability to implement policies that encourage innovation,? Wyden said in a statement. Whether you?re on the copy-right or copy-left, Wyden?s legislative proposal (.pdf) Monday smacks at the heart of a constitutional debate about the United States? three branches of government. Some legal scholars suggest that Congressional approval is necessary because the accord binds the United States to stay in line with its current intellectual-property legal framework. (Financial penalties of up to $150,000 an infringement are authorized in U.S. civil lawsuits.) ?It?s a huge deal whether Congress signs it or not,? said Sean Flynn, an American University, Washington College of Law intellectual-property scholar. The reason it is a big deal, because this is what this agreement does, it tells domestic legislatures what its law must be or not be. These type of agreements are the most important to go through legislative approval and go through a public process and commenting on what the norms are of that agreement. The reason, it locally restricts what the democratic process can do. For instance, the treaty demands that participating nations set statutory damages at a level to deter infringement. Any proposal to alter the Copyright Act?s $150,000 penalty per infringement in the United States, for example, ?could rise to an international dispute,? Flynn said. ACTA is not yet in force. Six nations must approve of the deal before it becomes law among those signatories. Those at the negotiating table included Australia, Canada, the European Union, Japan, Mexico, Morocco, New Zealand, Singapore, South Korea, Switzerland and the United States. United States Trade Representative Ron Kirk said the Obama administration does not need congressional approval. ?U.S. negotiators were careful to ensure that the ACTA is fully consistent with U.S. law,? Kirk wrote (.pdf) Wyden in December. ?For that reason, Congress will not need to enact legislation in order for the United States to implement the agreement.? The accord demands that participating governments make it unlawful to market devices that circumvent copyright, such as devices that copy encrypted DVDs without authorization. That is akin to a feature in the the Digital Millennium Copyright Act in the United States, where the law has been used by Hollywood studios to block RealNetworks from marketing DVD-copying technology. The deal also calls on participating nations to maintain extensive seizure and forfeiture laws when it comes to counterfeit goods that are trademarked or copyrighted. Most important, countries must carry out a legal system where victims of intellectual property theft may be awarded monetary damages. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 21 06:59:47 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Mar 2012 07:59:47 -0400 Subject: [Infowarrior] - =?windows-1252?q?NSA_Chief_Denies=2C_Denies=2C_De?= =?windows-1252?q?nies_Wired=92s_Domestic_Spying_Story?= Message-ID: <9CDA15CB-B258-4A14-8FD5-03EDDA86178B@infowarrior.org> NSA Chief Denies, Denies, Denies Wired?s Domestic Spying Story ? By Ryan Singel ? http://www.wired.com/threatlevel/2012/03/nsa-denies-wired/ ? March 20, 2012 | ? 11:50 pm | ? Categories: Cybersecurity NSA chief General Keith Alexander faced tough ? and funny ? questions from Congress Tuesday stemming from Wired?s story on the NSA?s capabalities and warrantless wiretapping program. Congressman Hank Johnson, a Georgia Democrat, asked Alexander whether the NSA could, at the direction of Dick Cheney, identify people who sent e-mails making fun of his inability to hunt in order to waterboard them. Alexander said ?No,? adding that the ?NSA does not have the ability to do that in the United States.? Elaborating, Alexander added: ?We don?t have the technical insights in the United States. In other words, you have to have [...] some way of doing that either by going to a service provider with a warrant or you have to be collecting in that area. We?re not authorized to do that, nor do we have the equipment in the United States to collect that kind of information.? That statement seemingly contradicts James Bamford?s story, The NSA Is Building the Country?s Biggest Spy Center (Watch What You Say), as well as stories from The New York Times, the Los Angeles Times, USA Today and Wired, which collectively drew a picture of the NSA?s post-9/11 foray into wiretapping the nation?s telecommunication?s infrastructure to spy on Americans without getting warrants. Bamford writes: In the process ? and for the first time since Watergate and the other scandals of the Nixon administration ? the NSA has turned its surveillance apparatus on the US and its citizens. It has established listening posts throughout the nation to collect and sift through billions of email messages and phone calls, whether they originate within the country or overseas. It has created a supercomputer of almost unimaginable speed to look for patterns and unscramble codes. Finally, the agency has begun building a place to store all the trillions of words and thoughts and whispers captured in its electronic net. And, of course, it?s all being done in secret. To those on the inside, the old adage that NSA stands for Never Say Anything applies more than ever. But in testimony Tuesday in front of the House Armed Services subcommittee on Emerging Threats and Capabilities, Alexander responded to questions about the program, saying the NSA did not have the capability to monitor, inside the United States, Americans? text messages, phone calls and e-mails. He added that if the NSA were to target an American, the FBI would take the lead and fill out the paperwork. (That?s an odd statement, since the process for targeting an American by the intelligence services is for the NSA to fill out the paperwork, submit it to the Justice Department and then send it to a secret court, according to statements by former Director of National Intelligence Michael McConnell.) Alexander and Johnson both mispronounced Bamford?s name as Bashford (a Freudian slip). But it?s an odder mistake by Alexander, given that Bamford is the premier chronicler of the NSA. It?s hard to tell here whether Alexander is parsing the questions closely, misspeaking or telling the truth. The heads of the intelligence service have a long tradition of misspeaking or telling untruths that advance their agenda. President George Bush himself on the re-election campaign trail said that no American had been wiretapped without a warrant, which was plainly false, according to numerous news stories and the government?s own admissions of the program. In the aftermath of those half-truths, the Congress passed, and Bush signed into law, the FISA Amendments Act, which re-wrote the nation?s surveillance laws to give the NSA a much freer hand to wiretap American infrastructure wholesale. Court challenges to the program, brought by the EFF and the ACLU, attempted to argue that even allowing the NSA to harvest Americans? communications alongside foreigners into giant databases violated American law and the US Constitution. However, those challenges have never survived the Bush and Obama administration?s invocation of the ?state secrets? privilege to have them thrown out of court. Which is another way of saying that Americans have no idea what?s going on. Given the choice between an administration official saying nothing is going on and a respected reporter with inside sources saying something wicked this way comes, I know where my trust would lie. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 21 14:27:03 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Mar 2012 15:27:03 -0400 Subject: [Infowarrior] - Fwd: IW: Meet The Hackers Who Sell Spies The Tools To Crack Your PC (And Get Paid Six-Figure Fees) References: <20120321185727.GR6484@reznor.com> Message-ID: c/o AJR Begin forwarded message: > http://www.forbes.com/sites/andygreenberg/2012/03/21/meet-the-hackers-who-sell-spies-the-tools-to-crack-your-pc-and-get-paid-six-figure-fees/ > > "A team of hackers from French security firm Vupen were playing by different rules. They declined to enter Google?s contest > and instead dismantled Chrome?s security to win an HP-sponsored hackathon at the same conference. And while Google paid a > $60,000 award to each of the two hackers who won its event on the condition that they tell Google every detail of their > attacks and help the company fix the vulnerabilities they had used, Vupen?s chief executive and lead hacker, Chaouki Bekrar, > says his company never had any intention of telling Google its secret techniques?certainly not for $60,000 in chump change." > --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 21 15:50:17 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Mar 2012 16:50:17 -0400 Subject: [Infowarrior] - =?windows-1252?q?MPAA_Wants_Megaupload_User_Data_?= =?windows-1252?q?Retained_for_Lawsuits_=96_Updated?= Message-ID: <32201F44-0D6B-4774-BC62-58213BB271F1@infowarrior.org> MPAA Wants Megaupload User Data Retained for Lawsuits ? Updated ? By David Kravets ? Email Author ? March 21, 2012 | ? 1:40 pm | http://www.wired.com/threatlevel/2012/03/mpaa-megaupload-user-litigatio/ Hollywood studios are mulling a massive copyright litigation campaign that entails suing individual users of Megaupload ? the file-sharing service that shuttered in January ? in the wake of federal indictments targeting its operators on allegations of facilitating wanton infringement, according to a court filing in the Megaupload prosecution. This story was updated at 11:20 PDT with MPAA disputing the claim that they are keeping the option open to sue Megaupload users. The Motion Picture Association of America staked out that position ? which could amount to millions of defendants facing civil lawsuits ? in a court filing in the Megaupload case made public Tuesday. The studios are requesting Carpathia, Megaupload?s Virginia-based server host, to retain the 25 petabytes of Megaupload data on its servers, which includes account information for Megaupload?s 66.6 million users. ?In light of the potential civil claims by the studios, we demand that Carpathia preserve all material in its possession, custody, or control, including electronic data and database, related to Megaupload or its operations. This would include, but is not limited to, all information identifying or otherwise related to the content files uploaded to, stored on and/or downloaded from Megaupload; all data associated with those content files, the uploading or downloading of those files, and the Megaupload users who uploaded or downloaded those files,? MPAA attorney attorney Steven Fabrizio wrote (.pdf) Carpathia Jan. 31, the letter of which Carpathia lodged in a legal filing Tuesday. UPDATE: Howard Gantman, a MPAA vice president, said in a telephone interview the studios are not intending on suing individual users, but are considering suing Megaupload ?or entities involved in the massive copyright infringement.? ?The reason we did that filing so that there is a possibility that litigation might be pursued against Megaupload or various intermediaries involved in Megaupload?s operation. We?re not talking about individual users,? Gantman said. The potential number of MPAA defendants would have been staggering. Consider that the recording industry went on a massive copyright infringement campaign ending in 2009, but that included just roughly 20,000 defendants. Most of the defendants settled out of court for a few thousand dollars. Cindy Cohn, the legal director for the Electronic Frontier Foundation, said the MPAA?s letter ?certainly shouldn?t make anybody feel relieved about being sued. This letter indicates the MPAA is keeping that option open.? A hearing on the matter is set for next month. Federal authorities have said they have copied some, but not all of the data, and said Carpathia could delete the 25 million gigabytes of Megaupload data it is hosting. Carpathia said it is spending $9,000 daily retaining the data, and is demanding a federal judge relieve it of that burden. Megaupload, meanwhile, wants the government to free up some of the millions in dollars of seized Megaupload assets to be released to pay Carpathia to retain the data. The criminal Megaupload prosecution concerns seven individuals connected to the Hong Kong-based file-sharing site, including founder Kim Dotcom. They were indicted in January on a variety of charges, including criminal copyright infringement and conspiracy to commit money laundering. Five of the members of what the authorities called a 5-year-old ?racketeering conspiracy? have been arrested in New Zealand, pending extradition to the United States. The government said the site, which generated millions in user fees and advertising, facilitated copyright infringement of movies, often before their theatrical release, in addition to music, television programs, electronic books, and business and entertainment software. The government said Megaupload?s ?estimated harm? to copyright holders was ?well in excess of $500 million.? Megaupload was on the recording and movie industries? most-hated lists, often being accused of facilitating wanton infringement of their members? copyrights. The indictment claims Megaupload induced users to upload copyrighted works for others to download, and that it often failed to comply with removal notices from rights holders under the Digital Millennium Copyright Act. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 21 15:54:01 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Mar 2012 16:54:01 -0400 Subject: [Infowarrior] - RIAA wants to 'accredit' musicians to get into dot-music TLD Message-ID: <6C5D2A1D-B2BB-4B11-B8F6-3A4E2B5BA3A3@infowarrior.org> (Not sure how I missed this one! --rick) RIAA Backs .music Proposal... If It's Only Limited To 'Accredited' Musicians http://www.techdirt.com/articles/20120208/03161317696/always-gatekeeper-riaa-backs-music-proposal-if-its-only-limited-to-accredited-musicians.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 21 18:00:05 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Mar 2012 19:00:05 -0400 Subject: [Infowarrior] - ICANN Ethical Conflicts Are Worse Than They Seem Message-ID: <33DB3275-24D5-4F4D-8587-7729DDD057F8@infowarrior.org> ICANN Ethical Conflicts Are Worse Than They Seem Written by Beau Brendler 3/21/2012 9 comments http://www.internetevolution.com/author.asp?section_id=1072&doc_id=240923& Whatever might be said about outgoing ICANN CEO Rod Beckstrom, Internet users worldwide should be thanking him. Last week in Costa Rica, at the organization's 43rd meeting, Beckstrom blew a harsh blast of cold Arctic reality into the room about the board's conflicts of interest. You can read about the details here, here, and even in the New York Times. I was there listening to Beckstrom's speech, and I wasn't surprised. I had watched in Singapore when almost half the ICANN board recused itself from the final vote on approving hundreds of new domain names, citing personal conflicts of interest. But I am surprised it took an outgoing CEO to point to the hundreds of conflicts of interest, both real and potential, mingled into ICANN's DNA. The California nonprofit has two bureaucratic apparatuses in it that are supposed to represent the general Internet user. Both of them have been largely silent. One is preoccupied with fighting trademark interests, and the other, of which I have been a member for five years, is mired in its own processes and often seems capable of little more than self-analysis. The members who have bucked the bureaucracy and spoken out are in the minority. Unfortunately, the apparent conflicts of interest go deeper than the recent headlines. ? The chairman of the ICANN board's governance committee, Bruce Tonkin, is a senior executive at Melbourne IT, a domain registrar. The governance committee's conflict-of-interest guidelines mention a fiduciary relationship to ICANN as a conflict, but less directly a financial interest in a company that stands to make or lose money depending on ICANN's contracts. ? Steve Crocker, a member of the ICANN board's executive committee (along with Tonkin, Beckstrom, and Cherine Chalaby, an investment banker), recently disclosed that Afilias, a registry, has invested in his company, Shinkuro Inc. -- a startup focused on information sharing across the Internet. That means half the executive committee has declared conflicts of interest when it comes to new top-level domains. ? The board's structural improvements committee has five members, two of which have declared conflicts of interest with new domains. ? The chairman-elect of the ICANN nominating committee, one of the most powerful and least accountable of ICANN's inner bureaucracies (and whose structure Beckstrom referred to as a significant threat to the organization), is the CEO and founder of Momentous, a Canadian registrar with $30 million in annual revenue. In Costa Rica, when questioned about the conflict, he said none existed. In reality, that's true, since the loosely written guidelines only address fiduciary relationships with ICANN itself. Among other duties, the nominating committee selects members of the ICANN board. ? The chairman-elect of the nominating committee also happens to be a member of the Registrar Accreditation Agreement's negotiating team. Yes, the registrars more or less get to negotiate their own contracts, for the most part behind closed doors. Most of these people are on limited terms, so the makeup might be quite different in a year or two. But there should be tighter rules governing who gets to occupy the seats, regardless of term length. One compliment I will pay to the few rebellious voices: Five years ago, it would have been impossible to talk about topics such as fraud, phishing, criminal abuse of the domain name system, and dozens of other issues now common to panel discussions at ICANN meetings. Back then, you would have been told such issues were "outside ICANN's narrow technical mandate." But you know what? They aren't. The truth of the matter, buried for years, is that the Registrar Accreditation Agreement, a document ICANN uses to bind registrars to certain behaviors, contains provisions that relate directly to many of the problems users experience on the Internet today. It's in the best interest of the conflicted parties within ICANN that it remains "irrelevant," or limited in scope, because a cursory look under the rhetoric reveals that some tough negotiations on the content of this document, and how it's enforced, would go a long way toward improving the state of the Internet in the public interest. But that public interest is not well served by a structure and executive leadership that's conflicted by the same industry it's supposed to oversee. ? Beau Brendler is chairman of the North American Internet user advisory committee to ICANN (NARALO) and was a voting member of its executive committee (ALAC) for three years. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 21 20:37:16 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 21 Mar 2012 21:37:16 -0400 Subject: [Infowarrior] - Graduated Response Deal Steamrollers On Towards July 1 Launch Message-ID: March 21, 2012 | By Parker Higgins Graduated Response Deal Steamrollers On Towards July 1 Launch https://www.eff.org/deeplinks/2012/03/graduated-response-deal-steamrollers-towards-july-1-launch Last week, RIAA CEO Cary Sherman confirmed that the country's largest ISPs will voluntarily roll out by July 1 a "graduated response" program aimed at discouraging unauthorized downloading. A Memorandum of Understanding published last summer outlines the program, which was developed without user feedback. Under the new system, a rightsholder accusing an ISP subscriber of infringment will trigger a series of ever-increasing consequences. The responses are graduated in the sense that they escalate after each accusation, beginning with steps aimed at educating users about copyright and culminating in the Orwellian-sounding "mitigation measures" -- bandwidth throttling or account suspension. As we said last year, this deal is tilted against subscribers. That's not surprising, given that no one solicited subscriber input in advance. In fact, some online commenters have expressed concern that the agreement runs afoul of antitrust law. One key problem is the arrangement shifts the burden of proof: rather than accusers proving infringement before the graduated response process starts against a subscriber, the subscriber must disprove the accusation in order to call a halt to it. Worse, accused subscribers have to defend themselves on an uneven playing field. For example, they have only ten days to prepare a defense, and with only six pre-set options available. Of course, there's no assurance that those who review the cases are neutral, and the plan sorely lacks consequences for an accuser who makes mistaken or fraudulent claims. There are still more problems. The plan calls for "education" after the first accusations, but based on the information now available on the website launched last year by the Center for Copyright Information (the entity charged with administering the system), it's likely to be both deceptive and scare-mongering. And the whole system lacks in transparency: while it includes some minimal reporting requirements, those reports need not be made public. The final rub: subscribers will doubtless be paying for their own "re-education," as ISPs pass on their portions of the administration costs in the form of higher fees. What can users do at this point? In some cases, they can vote with their feet. This agreement is voluntary for now, and the while participating ISPs include many major companies -- AT&T, Verizon, Comcast, Cablevision, and Time Warner Cable -- there are other options. Users lucky enough to have a choice of providers for their Internet service should consider switching to a service that opted not to "cooperate." For example, companies like Sonic and Cox Communications have a history of fighting for their users where they can, and are notably absent from this arrangement. Otherwise, users have little choice for now but to watch their ISP roll out this new system against their interests, and maybe familiarize themselves with the six pre-approved responses available to them after an accusation. EFF will continue to follow developments in this agreement closely, and will be offering users a way to speak out against it soon. Stay tuned to updates about these actions on our EFFector mailing list, or by following EFF on Identi.ca or Twitter. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 22 01:13:08 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2012 06:13:08 +0000 Subject: [Infowarrior] - In U.S., a growing unease at mixing politics with prayer Message-ID: <8765613-1332396790-cardhu_decombobulator_blackberry.rim.net-794433272-@b11.c17.bise6.blackberry> In U.S., a growing unease at mixing politics with prayer Wed, Mar 21 20:19 PM EDT By Stephanie Simon http://mobile.reuters.com/article/idUSBRE82K1GN20120322?irpc=932 (Reuters) - Americans are increasingly uneasy with the mingling of religion and politics, according to a poll released Wednesday by the Pew Research Center, in the midst of a campaign season punctuated by tussles over the role of faith in the public square. Back in 2001, when Pew first asked the question, just 12 percent of Americans complained that their politicians talked too much about religion. That number has risen steadily ever since and hit a record high in the new poll: 38 percent of Americans, including 24 percent of Republicans, now say their political leaders are overdoing it with their expressions of faith and prayer. And more Americans than ever, 54 percent, believe churches should keep out of politics. That's up from 43 percent in 1996, according to the Pew Research Center. The national poll of 1,503 adults, which has a margin of error of 3 percentage points, was conducted in early March, as the U.S. Conference of Catholic Bishops was ramping up its vigorous campaign against a new federal mandate requiring all insurance companies to provide free birth control. The bishops continue to press that fight. Just last week, they issued a statement declaring they were "strongly unified and intensely focused" on battling the contraception mandate. A leading voice in that campaign, Bishop William E. Lori of Bridgeport, Connecticut, this week was promoted to Archbishop of Baltimore by Pope Benedict XVI. Peter Steinfels, co-director of the Center on Religion and Culture at Fordham University, said Americans have generally tolerated and even encouraged religious leaders to speak out on broad political issues, including capital punishment, immigration and poverty. MORE SKEPTICAL But Americans have long been uncomfortable with religious leaders directly involved in partisan campaigns, he said. In recent years, most notably in the birth control battle, that line has been blurred, Steinfels said - which may account for the growing unease on display in the Pew poll. "Religious leaders ought to be worried," Steinfels said. "We're seeing Americans becoming more skeptical" about the propriety of religious involvement in politics. The bishops have sought to portray the contraceptive mandate as one prong of a broad attack on religion by state and federal authorities. The leading Republican presidential candidates have echoed that rhetoric on the campaign trail, accusing the Obama Administration of declaring war on religious freedom. The Pew poll found evidence that argument is resonating with Catholics. Roughly one in four U.S. voters is Catholic and they are a crucial swing vote in several states pivotal to the 2012 presidential election, like Ohio, Michigan and Pennsylvania. The poll found 25 percent of Catholics perceive the Obama administration as unfriendly to religion, up from 15 percent in a Pew poll taken in August of 2009. The increase is even sharper among white Catholics, jumping to 31 percent from 17 percent, Pew found. Among the public overall, 23 percent describe the Obama administration as unfriendly to religion, up from 17 percent in 2009. But another recent poll suggests the "war on religion" argument isn't gaining traction with most adults. A national survey conducted this month by the Public Religion Research Institute found a majority of Americans, 56 percent, do not believe religious liberty is under siege. Republicans, senior citizens and white evangelicals were most likely to see a looming threat to religious freedom. (Reporting By Stephanie Simon; editing by Marilyn W. Thompson and Todd Eastham Sent from my mobile. Please pardon typos and brevity. From rforno at infowarrior.org Thu Mar 22 07:03:45 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2012 08:03:45 -0400 Subject: [Infowarrior] - U.S. Intelligence Says Water Shortages Threaten Stability Message-ID: <8AD2F180-1B2D-4556-B6C6-A2B4D0AAD634@infowarrior.org> (c/o MAM) U.S. Intelligence Says Water Shortages Threaten Stability By Alan Bjerga, Bloomberg News http://www.bloomberg.com/news/2012-03-21/u-s-intelligence-says-water-shortages-threaten-stability.html Competition for increasingly scarce water in the next decade will fuel instability in regions such as South Asia and the Middle East that are important to U.S. national security, according to a U.S. intelligence report. An all-out water war is unlikely in the next 10 years, as nations will be more likely to use water as a bargaining chip with each other, according to the report from the Director of National Intelligence that is to be released today. As shortages become more acute, ?water in shared basins will increasingly be used as leverage; the use of water as a weapon or to further terrorist objectives also will become more likely beyond 10 years,? according to a copy obtained by Bloomberg News. The report was requested by the State Department and drawn from a classified national intelligence estimate. The report, drafted principally by the Defense Intelligence Agency, reflects a growing emphasis in the U.S. intelligence community on how environmental issues such as water shortages, natural disasters and climate change may affect U.S. security interests. For example, said a U.S. official familiar with the study, as water and hydroelectric power become more valuable, dams, irrigation projects and reservoirs could become more attractive targets for terrorists or military strikes. The official spoke on condition of anonymity because the national intelligence estimate on which the report is based is classified. Depleted groundwater for agriculture, which is responsible for 70 percent of water use, could destabilize food markets and contribute to price swings such as those last year that sent nutrition costs to a record and created unrest in the Middle East and North Africa. ?Many countries important to the United States will experience water problems -- shortages, poor water quality, or floods -- that will risk instability,? the study said. ?North Africa, the Middle East, and South Asia will face major challenges coping with water problems.? Population growth, economic development and climate change are combining to make water less plentiful worldwide, according to the study. Meanwhile, annual global water requirements will be 40 percent above current sustainable water supplies by 2030, according to a 2009 report by the 2030 Water Resources Group, a World Bank-sponsored collaboration that included Coca-Coca Co. and Nestle SA among its members. ?Water shortages, poor water quality, and floods by themselves are unlikely to result in state failure,? said the U.S. intelligence report. ?However, water problems -- when combined with poverty, social tensions, environmental degradation, ineffectual leadership, and weak political institutions -- contribute to social disruptions that can result in state failure.? In addition, the report said, ?some states are further stressed by a heavy dependency on river water controlled by upstream nations with unresolved water-sharing issues.? Better water use will be necessary to reduce the strains on supplies and international tensions, according to the report, with the biggest potential gains through improved farming practices. The report also examines seven river basins that may present risks to U.S. security interests, grading the management capacity of the Amu Darya in Central Asia and Afghanistan, and the Brahmaputra, which flows from Tibet through India to Bangladesh, as ?inadequate.? The study defines management capacity as the ability of nations, treaties and organizations in an area to manage political grievances over water. The intelligence report found the political stability of the Mekong River watershed in Southeast Asia; the Tigris and Euphrates in Turkey, Syria, Iraq and Iran; and the Nile Basin in northern Africa as ?limited.? The report rates the Indus in south Asia and the Jordan in the Middle East as ?moderate.? The United Nations designates each March 22 as World Water Day, and the State Department yesterday announced that today Secretary of State Hillary Clinton will unveil a new public- private U.S. Water Partnership. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 22 07:49:13 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2012 08:49:13 -0400 Subject: [Infowarrior] - Australian Gov't: Not In The Public Interest For The Public To Be Interested In Secret Anti-Piracy Negotiations Message-ID: <3A3EAFF5-34C3-4E98-B0E1-984C45DD0F8E@infowarrior.org> Australian Gov't: Not In The Public Interest For The Public To Be Interested In Secret Anti-Piracy Negotiations http://www.techdirt.com/articles/20120321/10303918185/austrailian-govt-not-public-interest-public-to-be-interested-secret-anti-piracy-negotiations.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 22 11:27:13 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2012 12:27:13 -0400 Subject: [Infowarrior] - CYBERCOM Arming U.S. Combatant Commands Message-ID: DefenseNews.com March 21,2012 CYBERCOM Arming U.S. Combatant Commands By ZACHARY FRYER-BIGGS Once entirely controlled by the U.S. National Security Agency (NSA), offensive cyber weapons are making their way into the hands of the U.S. military?s geographic combatant commanders. The effort was alluded to by the NSA and the U.S. Cyber Command (CYBERCOM) chief, Army Gen. Keith Alexander, as part of congressional testimony March 20, and confirmed by sources. It means that combatant commanders will be able to employ the weapons as part of overall mission planning, pairing traditional kinetic attacks with newly developed cyber capabilities. CYBERCOM will establish Cyber Support Elements (CSEs) at all six geographic combatant commands, Alexander said in a written statement delivered to the House Armed Services emerging threats and capabilities subcommittee as part of a routine budget hearing. Thus far, U.S. Central Command is the only command with a fully operational deployment, while U.S. Pacific Command (PACOM) has a partial deployment, a CYBERCOM spokesman confirmed. These support elements will provide both technical capability and expertise, part of an effort to improve the integration of cyber attack capabilities, a source with knowledge of the efforts said. ?We are currently working closely with two of the geographic combatant commanders,? Alexander wrote. ?Our goal is to ensure that a commander with a mission to execute has a full suite of cyber-assisted options from which to choose, and that he can understand what effects they will produce for him.? A CYBERCOM spokesman confirmed that these options include offensive capabilities as well as defensive capabilities designed to protect systems, but said the details of the offensive capabilities are classified. A source with knowledge of the effort at PACOM said the process is in its infancy there, as the infrastructure is still being developed and the integration of CYBERCOM personnel into mission planning is still being determined. Providing capability to combatant commanders will notably differ from the current operational structure, in which most commands must coordinate with CYBERCOM, which in turn deploys cyber capabilities. Before CYBERCOM was stood up in 2010, offensive capabilities resided with the NSA. But the transition away from reliance on the intelligence agency and toward localized capability is a logical progression, said Chris Coleman, director of cybersecurity for the public sector at Cisco, as the NSA was never intended to engage in combat. ?The NSA is an intelligence agency, so the fact that they?re transitioning combat tools over to CYBERCOM and eventually the combatant commanders makes perfect sense,? he said. ?It?s what they should be doing.? Alexander did not refer to the effort during his oral testimony, nor was he asked about it by subcommittee members. Instead, Alexander described the continuing growth of cybersecurity threats, and the members focused on responsibility for protecting public companies, as the Department of Homeland Security is looking to shoulder more of this burden. But in his written testimony, Alexander focused on the concept of deterrence through improved attack capability, while avoiding the terms offense or offensive. DoD officials have been reticent to use the terms, given some of the legal ambiguity surrounding the use of cyber weapons. ?Cyber Command exists to ensure that the President can rely on the information systems of the Department of Defense and has military options available for consideration when and if he needs to defend the nation in cyberspace,? he wrote. ?Our capabilities represent key components of deterrence.? Alexander testified with Teresa Takai, the Pentagon?s chief information officer, and Madelyn Creedon, the assistant secretary of defense for global strategic affairs. All three said DoD is in the process of developing rules of engagement for cyber and should conclude the process soon. Alexander?s testimony also mentioned that CSEs are expected to be deployed at U.S. Africa Command and U.S. Southern Command within the next six months. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 22 14:55:07 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2012 15:55:07 -0400 Subject: [Infowarrior] - =?windows-1252?q?Secret_=28Nuke=29_Drone_Technolo?= =?windows-1252?q?gy_Barred_by_=93Political_Conditions=94?= Message-ID: <813BC36B-4C93-43A3-9EA5-1DED3DDF55BA@infowarrior.org> Secret Drone Technology Barred by ?Political Conditions? March 22nd, 2012 by Steven Aftergood http://www.fas.org/blog/secrecy/2012/03/sandia_drone.html A certain technology that could extend the mission duration and capabilities of unmanned aerial vehicles (UAVs) was favorably assessed last year by scientists at Sandia National Laboratories and Northrop Grumman Systems Corporation. But they concluded regretfully that ?current political conditions will not allow use of the results.? The assessment was carried out to explore the feasibility of next generation UAVs. The objective was ?to increase UAV sortie duration from days to months while increasing available electrical power at least two-fold,? according to a June 2011 Sandia project summary. And that objective could have been achieved by means of the unidentified technology, which ?would have provided system performance unparalleled by other existing technologies,? the project summary said. ?As a result of this effort, UAVs were to be able to provide far more surveillance time and intelligence information while reducing the high cost of support activities. This technology was intended to create unmatched global capabilities to observe and preempt terrorist and weapon of mass destruction (WMD) activities.? But it was all for nought. ?Unfortunately, none of the results will be used in the near-term or mid-term future,? the project summary stated. ?It was disappointing to all that the political realities would not allow use of the results.? Not only that, but ?none of the results can be shared openly with the public due to national security constraints.? On close reading, it seems clear that the Sandia-Northrop project contemplated the use of nuclear technology for onboard power and propulsion. The project summary, which refers to ?propulsion and power technologies that [go] well beyond existing hydrocarbon technologies,? does not actually use the word ?nuclear.? But with unmistakable references to ?safeguards,? ?decommissioning and disposal,? and those unfavorable ?political conditions,? there is little doubt about the topic under discussion. Furthermore, the project?s lead investigator at Sandia, the aptly named Dr. Steven B. Dron, is a specialist in nuclear propulsion, among other things. He co-chaired a session at the 2008 Symposium on Space Nuclear Power and Propulsion at the University of New Mexico. Interestingly, opposition to flying nuclear power sources in this case was internalized without needing to be expressed, and the authors were self-deterred from pursuing their own proposals. ?The results will not be applied/implemented,? they stated flatly. Meanwhile, integration of (conventional) unmanned aircraft systems into the National Airspace System will proceed, as mandated by Congress. On March 6, the Federal Aviation Administration issued a request for public comments on the pending designation of six UAS test sites around the country. Last month, the Electronic Privacy Information Center and other public interest organizations petitioned the FAA ?to conduct a rulemaking to address the threat to privacy and civil liberties that will result from the deployment of aerial drones within the United States.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 22 17:09:57 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2012 18:09:57 -0400 Subject: [Infowarrior] - New counterterrorism guidelines permit data on U.S. citizens to be held longer Message-ID: <665BF6D0-798B-4210-8E9D-A006943059AB@infowarrior.org> New counterterrorism guidelines permit data on U.S. citizens to be held longer By Sari Horwitz and Ellen Nakashima, Updated: Thursday, March 22, 5:04 PM http://www.washingtonpost.com/world/national-security/new-counterterrorism-guidelines-would-permit-data-on-us-citizens-to-be-held-longer/2012/03/21/gIQAFLm7TS_print.html The Justice Department has approved guidelines that allow the intelligence community to lengthen the period of time it retains information about U.S. residents, even if they have no known connection to terrorism. Senior U.S. officials familiar with the guidelines said the changes allow the National Counterterrorism Center, the intelligence community?s clearinghouse for counterterrorism data, to keep such information for up to five years. Currently, the center must promptly destroy any information about U.S. citizens or residents unless a connection to terrorism is evident. The new guidelines, which were approved Thursday, have been in the works for more than a year, said officials, who spoke on condition of anonymity because of the sensitivity of the discussions. The guidelines are likely to prompt concern from privacy advocates. Senior Justice Department officials said that Attorney General Eric H. Holder Jr. worked to ensure that privacy protections were adequate. Among other provisions, agencies that share data with the NCTC may now negotiate with the agency that the data be held for shorter periods. ?We have been pushing for this because NCTC?s success depends on having full access to all of the data that the U.S. has lawfully collected,? said Mike Rogers (R-Mich.), chairman of the House Intelligence Committee. ?I don?t want to leave any possibility of another catastrophic attack that was not prevented because an important piece of information was hidden in some filing cabinet.? Although the guidelines cover a variety of issues, the retention of data was the primary focus of negotiations with federal agencies. Those agencies provide NCTC with information ranging from visa and travel records to data from the FBI. That information can pertain to non-citizens as well as to ?U.S. persons? ? American citizens and legal permanent residents. Under current guidelines, NCTC generally must discard data unrelated to terrorism after 180 days. Those guidelines are ?very limiting,? one official said. ?On Day 1, you may look at something and think that it has nothing to do with terrorism. Then six months later all of a sudden it becomes relevant.? A spokesman for the Justice Department declined to comment. Since the Sept. 11, 2001, terrorist attacks on the U.S., the government has taken steps to break down barriers in information-sharing between law enforcement and the intelligence community, but policy hurdles remain. The NCTC, created by the 2004 Intelligence Reform and Terrorism Prevention Act, collects information from numerous agencies and maintains access to about 30 different data sets across the government. But privacy safeguards differ from agency to agency, hindering effective analysis, senior intelligence officials said. Officials said the new guidelines are aimed at making sure relevant terrorism information is readily accessible to analysts, while guarding against privacy intrusions. ?A number of different agencies looked at these to try to make sure that everyone was comfortable that we had the correct balance here between the information sharing that was needed to protect the country and protections for people?s privacy and civil liberties,? an official said. The shootings at Fort Hood in Texas and the attempted downing of a Detroit-bound airliner on Christmas Day 2009 gave new impetus to efforts to aggregate and analyze terrorism-related data more effectively. In the case of Fort Hood, Maj. Nidal Hasan had had contact with radical Yemeni cleric Anwar al-Awlaki but that information had not been shared across the government. The name of Umar Farouk Abdulmutallab, who tried to detonate a bomb on a transatlantic flight, had been placed in a master list housed at the NCTC but not on a terrorist watch list that would have prevented him from boarding the plane. But the new retention period concerns privacy advocates. The purpose of the safeguards is to ensure that the ?robust tools that we give the military and intelligence community to protect Americans from foreign threats aren?t directed back against Americans,? said ACLU national security policy counsel Michael German. ?Watering down those rules raises significant concerns that U.S. persons are being targeted or swept up in these collection programs and can be harmed by continuing investigations for as long as these agencies hold the data.? ? The Washington Post Company --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 22 18:57:53 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2012 19:57:53 -0400 Subject: [Infowarrior] - Russia Considering Cyber-Security Command Message-ID: <7C740D72-5705-4C55-9D12-5B9D1BB6F8B4@infowarrior.org> Russia Considering Cyber-Security Command Dmitry Rogozin ? RIA Novosti. Alexei Druzhinin 17:00 21/03/2012 MOSCOW, March 21 (RIA Novosti) http://en.rian.ru/russia/20120321/172301330.html The Russian government is considering setting up a dedicated cyber-security command, responsible for protecting the armed forces' information systems, Deputy Prime Minister Dmitry Rogozin said on Wednesday. "We are currently discussing the question of setting up a cyber-security command," said Rogozin, who has responsibility for Russia's military-industrial complex. "This is in connection with guaranteeing information for the armed forces, and also the state infrastructure as a whole," he said. Rogozin said that Russia would follow the steps of the United States and NATO as a whole aimed at staving off the growing threat of cyber attacks on vital military communications networks. NATO was one of the first to announce a cyber defense policy package in response to cyber attacks against Estonia in 2007. In May 2008, seven NATO nations and the Allied Command Transformation signed the documents for the formal establishment of a Cooperative Cyber Defense (CCD) Centre of Excellence (CoE) in Tallinn, Estonia. On June 8, 2011, NATO Defense Ministers adopted a new cyber defense policy. The new policy focuses on prevention of cyber attacks and building resilience. The policy clarifies political and operational mechanisms of NATO?s response to cyber attack and integrates cyber defense into NATO?s Defense Planning Process. Rogozin also confirmed on Wednesday that the government had prepared a draft bill on the establishment of an advanced military research agency, similar to the Defense Advanced Research Projects Agency (DARPA) in the United States, and would submit it to the parliament in the near future. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 22 20:22:42 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 22 Mar 2012 21:22:42 -0400 Subject: [Infowarrior] - Sarkozy criminalises 'habitual' surfing of terror-ish sites Message-ID: <35B620A5-B273-4147-BA51-E16B1BB2C65F@infowarrior.org> Sarkozy announces crackdown on Internet hate sites PARIS | Thu Mar 22, 2012 8:50am EDT http://www.reuters.com/article/2012/03/22/us-france-shooting-sarkozy-idUSBRE82L0MH20120322 (Reuters) - President Nicolas Sarkozy said on Thursday that France would make it a crime to consult Web sites that advocate terrorism or hate crimes and would toughen a crackdown on people who went abroad for ideological indoctrination. "From now on, any person who habitually consults Web sites that advocate terrorism or that call for hatred and violence will be criminally punished," Sarkozy said in a televised address after police shot dead an al Qaeda-inspired gunman who had killed seven people. "France will not tolerate forced recruitment or ideological indoctrination on its soil," Sarkozy said, adding that an enquiry would be launched into whether prisons were being used to propagate extremism in France. He said authorities were investigating whether Mohamed Merah, a 23-year-old Frenchman of Algerian origin, acted alone in the shootings of three Jewish children and four adults in southwest France. Merah died on Wednesday in a hail of bullets when he jumped from a window after elite police commandos entered the apartment where he was holed up following a siege of more than 30 hours. (Reporting By Daniel Flynn and Alexandria Sage; editing by Paul Taylor) --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 23 08:11:13 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Mar 2012 09:11:13 -0400 Subject: [Infowarrior] - Feds Were Gathering Intelligence On OWS Before The First Tent Went Up Message-ID: <410C378D-BB9E-4611-87FE-D12159D6884F@infowarrior.org> March 23, 2012 06:00 AM FOIA Request Shows Feds Were Gathering Intelligence On Occupy Wall Street Before The First Tent Went Up http://crooksandliars.com/susie-madrak/foia-request-shows-feds-were-gatherin --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 23 10:49:44 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Mar 2012 11:49:44 -0400 Subject: [Infowarrior] - Irony: Facebook says it may sue employers who demand job applicants' passwords Message-ID: Facebook says it may sue employers who demand job applicants' passwords By Jon Brodkin | Published 44 minutes ago http://arstechnica.com/business/news/2012/03/facebook-says-it-may-sue-employers-who-demand-job-applicants-passwords.ars Facebook has taken a stand against what it calls a "distressing increase" in reports of employers demanding the Facebook passwords of employees and job applicants. One such report came from the Associated Press this week, which detailed cases of interviewers asking applicants for Facebook usernames and passwords, a clear invasion of privacy if we've ever heard of one. Employers examining applicants' and employees' activity on social media networks isn't new?but typically it is restricted to what information users have made publicly available to everyone. Facebook said it could seek policy changes or file lawsuits to prevent employers from demanding passwords. While Facebook is often criticized for privacy violations of its own, this time it's fighting on behalf of its users. "Facebook takes your privacy seriously," Facebook Chief Privacy Officer Erin Egan said in a statement issued today. "We?ll take action to protect the privacy and security of our users, whether by engaging policymakers or, where appropriate, by initiating legal action, including by shutting down applications that abuse their privileges." Separately, Sen. Richard Blumenthal, D-CT, is drafting legislation that would outlaw the practice of employers asking for login credentials to social networking sites and e-mail accounts, Politico reported Wednesday. Blumenthal called it an "unreasonable invasion of privacy." Sharing or soliciting a password is already a violation of Facebook's user agreement. "As a user, you shouldn?t be forced to share your private information and communications just to get a job," Facebook said. "And as the friend of a user, you shouldn?t have to worry that your private information or communications will be revealed to someone you don?t know and didn?t intend to share with just because that user is looking for a job. That?s why we?ve made it a violation of Facebook?s Statement of Rights and Responsibilities to share or solicit a Facebook password." In addition to these password requests being a threat to both user privacy and security, Facebook said it could expose employers to legal liability. "We don?t think employers should be asking prospective employees to provide their passwords because we don?t think it?s right the thing to do," Facebook said. "But it also may cause problems for the employers that they are not anticipating. For example, if an employer sees on Facebook that someone is a member of a protected group (e.g. over a certain age, etc.) that employer may open themselves up to claims of discrimination if they don?t hire that person." --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 23 18:17:18 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Mar 2012 19:17:18 -0400 Subject: [Infowarrior] - =?windows-1252?q?MF=92s_Corzine_Ordered_Funds_Mov?= =?windows-1252?q?ed_to_JP_Morgan=2C_Memo_Says?= Message-ID: <1C9BED50-0255-4A05-AB89-1B5B9CF1BD60@infowarrior.org> MF?s Corzine Ordered Funds Moved to JP Morgan, Memo Says By Phil Mattingly and Silla Brush - Mar 23, 2012 http://www.bloomberg.com/news/print/2012-03-23/mf-global-s-corzine-ordered-funds-moved-to-jpmorgan-memo-says.html Jon S. Corzine, MF Global Holding Ltd. (MFGLQ)?s chief executive officer, gave ?direct instructions? to transfer $200 million from a customer fund account to meet an overdraft in a brokerage account with JPMorgan Chase & Co. (JPM), according to a memo written by congressional investigators. Edith O?Brien, a treasurer for the firm, said in an e-mail quoted in the memo that the transfer was ?Per JC?s direct instructions,? according to a copy of the memo obtained by Bloomberg News. The e-mail, dated Oct. 28, was sent three days before the company collapsed, the memo says. The memo does not indicate whether that phrase was the full text of the e-mail or an excerpt. O?Brien?s internal e-mail was sent as the New York-based broker found intraday credit lines limited by JPMorgan, the firm?s clearing bank as well as one of its custodian banks for segregated customer funds, according to the memo, which was prepared for a March 28 House Financial Services subcommittee hearing on the firm?s collapse. O?Brien is scheduled to testify at the hearing after being subpoenaed this week. ?Over the course of that week, MF Global (MFGLQ)?s financial position deteriorated, but the firm represented to its regulators and self-regulatory organizations that its customers? segregated funds were safe,? said the memo, written by Financial Services Committee staff and sent to lawmakers. Steven Goldberg, a spokesman for Corzine, said in a statement that Corzine ?never gave any instruction to misuse customer funds and never intended anyone at MF Global to misuse customer funds.? JPMorgan Overdraft Vinay Mahajan, global treasurer of MF Global Holdings, wrote an e-mail on Oct. 28 that said JPMorgan was ?holding up vital business in the U.S. as a result? of the overdrawn account, which had to be ?fully funded ASAP,? according to the memo. Barry Zubrow, JPMorgan?s chief risk officer, called Corzine to seek assurances that the funds belonged to MF Global and not customers. JPMorgan drafted a letter to be signed by O?Brien to ensure that MF Global was complying with rules requiring customers? collateral to be segregated. The letter was not returned to JPMorgan, the memo said. The money transferred came from a segregated customer account, according to congressional investigators. Segregated accounts can include customer money and excess company funds. Corzine Testimony Corzine, 65, in testimony in front of the House panel in December, said he did not order any improper transfer of customer funds. Corzine also testified that he never intended a misuse of customer funds at MF Global, and that he doesn?t know where client funds went. ?I never gave any instruction to misuse customer funds, I never intended anyone at MF Global to misuse customer funds and I don?t believe that anything I said could reasonably have been interpreted as an instruction to misuse customer funds,? Corzine told lawmakers in December. In his statement, Goldberg said Corzine did not specify which funds should be used to replenish the JPMorgan account. ?He never directed Ms. O?Brien or anyone else regarding which account should be used to cure the overdrafts, and he never directed that customer funds should be used for that purpose,? Goldberg said. ?Nor was he informed that customer funds had been used for that purpose.? $1.6-Billion Shortfall The bankruptcy trustee overseeing the liquidation of the company?s brokerage subsidiary has estimated a $1.6-billion shortfall between customer claims and assets available. Lawmakers and investigators from the Commodity Futures Trading Commission, Securities and Exchange Commission and Department of Justice have been reviewing events leading up to MF Global?s bankruptcy filing. Executives including Corzine, a Democrat who served in the Senate before he was elected governor of New Jersey, gave testimony on the collapse at three congressional hearings last year. ?If client funds were transferred at his direction, it raises new questions,? Seth Berenzweig, managing partner at Berenzweig Leonard LLP, a law firm in McLean, Virginia, said in an interview with Bloomberg Television. ?This is a new storm cloud that is now headed for Jon Corzine and it raises a lot of issues.? Representative Randy Neugebauer, a Texas Republican and chairman of the Financial Services oversight and investigations subcommittee, is preparing a final report on his investigation into the firm?s failure. ?What Went Wrong? ?One of the goals of our investigation is not only to find out where the money went but to identify what went wrong in order to prevent this from happening again,? Neugebauer said in a statement. O?Brien is scheduled to appear before lawmakers with Christine Serwinski and Laurie Ferber, two other MF Global executives named by Corzine as being involved in the transaction, according to the memo. Henri Steenkamp , the firm?s chief financial officer, is also scheduled to testify, as is a representative from JPMorgan who has not yet been identified. MF Global and its brokerage sought Chapter 11 bankruptcy after a $6.3 billion bet on the bonds of some of Europe?s most indebted nations prompted regulator concerns and a credit rating downgrade. Corzine quit MF Global Nov. 4. During his testimony, O?Brien was identified by Corzine as someone with knowledge of a transfer of funds from customer accounts before the firm sought bankruptcy protection Oct. 31. Reid H. Weingarten, O?Brien?s lawyer, did not immediately respond to a phone call and e-mail seeking comment. The memo?s account of the e-mail exchanges aligns with what Terrence Duffy, the executive chairman at CME Group Inc. (CME), told lawmakers during a December congressional hearing. Auditors at CME, which had authority to oversee MF Global, learned from an employee of the brokerage that Corzine knew about the loans involving a European affiliate, Duffy told committee members. To contact the reporters on this story: Phil Mattingly in Washington at pmattingly at bloomberg.net; Silla Brush in Washington at sbrush at bloomberg.net To contact the editor responsible for this story: Maura Reynolds at mreynolds34 at bloomberg.net ?2012 BLOOMBERG L.P. ALL RIGHTS RESERVED. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 23 18:26:26 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 23 Mar 2012 19:26:26 -0400 Subject: [Infowarrior] - FBI Turns Back On 2, 750 Of The 3, 000 GPS Devices It Turned Off For Lack Of A Warrant Message-ID: FBI Turns Back On 2,750 Of The 3,000 GPS Devices It Turned Off For Lack Of A Warrant http://www.techdirt.com/articles/20120323/03114118220/fbi-turns-back-2750-3000-gps-devices-it-turned-off-lack-warrant.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sun Mar 25 22:48:49 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2012 03:48:49 +0000 Subject: [Infowarrior] - =?windows-1252?q?Facebook_Asserts_Trademark_on_Wo?= =?windows-1252?q?rd_=91Book=92_in_New_User_Agreement?= Message-ID: <204780876-1332733730-cardhu_decombobulator_blackberry.rim.net-1917365940-@b18.c17.bise6.blackberry> Just on principle alone, this is yet another reason why I don't play in Zuckerworld. -rick Facebook Asserts Trademark on Word ?Book? in New User Agreement By Jon Brodkin, Ars Technica March 23, 2012?|? 4:09 pm?|? http://m.wired.com/threatlevel/2012/03/facebook-book-trademark/ Facebook is trying to expand its trademark rights over the word ?book? by adding the claim to a newly revised version of its ?Statement of Rights and Responsibilities,? the agreement all users implicitly consent to by using or accessing Facebook. ( Big snip ) http://m.wired.com/threatlevel/2012/03/facebook-book-trademark/ Sent from my mobile. Please pardon typos and brevity. From rforno at infowarrior.org Sun Mar 25 22:56:56 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2012 03:56:56 +0000 Subject: [Infowarrior] - James Cameron visits Earth's deepest point Message-ID: <819399951-1332734217-cardhu_decombobulator_blackberry.rim.net-217669165-@b18.c17.bise6.blackberry> atimes.com/news/nationworld/nation/la-na-james-cameron-dive-20120326,0,5646449.story latimes.com Film director James Cameron visits Earth's deepest point The journey takes him nearly seven miles to the bottom of the Mariana Trench, where he spends several hours filming before returning to the surface. Associated Press March 26, 2012 Honolulu advertisement ? Hollywood director James Cameron completed his journey to Earth's deepest point ? exploring his surroundings and, of course, filming them before returning to the ocean's surface. The director of "Titanic," "Avatar" and other films used a specially designed submarine to dive nearly seven miles to the bottom of the Mariana Trench, about 200 miles southwest of the Pacific island of Guam. Cameron returned to the surface of the Pacific Ocean on Monday morning, according to Stephanie Montgomery of the National Geographic Society. His descent took more than two hours; his return was a "faster-than-expected 70-minute ascent," the society said. Upon reaching the bottom, Cameron's first words were, "All systems OK," according to a statement. The scale of the trench is hard to grasp ? it's 120 times larger than the Grand Canyon and more than a mile deeper than Mt. Everest is tall. Cameron made the dive aboard his 12-ton, lime-green sub called "Deepsea Challenger." "It's really the first time that human eyes have had an opportunity to gaze upon what is a very alien landscape," said Terry Garcia, the National Geographic Society's executive vice president for mission programs, via phone from Pitlochry, Scotland. Humans have dived to such depths only once before, in 1960. Swiss engineer Jacques Piccard and U.S. Navy Capt. Don Walsh took nearly five hours to reach the bottom and stayed just 20 minutes. They had little to report on what they saw, however, because their submarine kicked up so much sand from the ocean floor. "He is going to be seeing something that none of us have ever seen before. He is going to be opening new worlds to scientists," Garcia said in the pre-dive interview. One of the risks of a dive so deep is extreme water pressure. At 6.8 miles below the surface, the pressure is the equivalent of three SUVs sitting on your toe. The pressure "is in the back of your mind," Cameron told the Associated Press this month, after a 5.1-mile-deep practice run near Papua New Guinea. The submarine would implode in an instant if it leaked, he said. Although he acknowledged he was a little apprehensive beforehand, Cameron said he wasn't scared or nervous while underwater. "When you are actually on the dive, you have to trust the engineering was done right," he said. The film director has been an oceanography enthusiast since childhood and has made 72 deep-sea submersible dives. Thirty-three of those dives have been to the wreckage of the Titanic, the subject of his 1997 hit film. Sent from my mobile. Please pardon typos and brevity. From rforno at infowarrior.org Mon Mar 26 11:10:34 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2012 12:10:34 -0400 Subject: [Infowarrior] - RFI: Ooma v PhonePower Message-ID: Presently have Vonage world but despite generally positive quality of service, after several years of customer complaints they still don't offer a way to block specific phone numbers / telemarketers. Ergo I am exploring alternative VOIP providers. Comments invited on either Ooma or PhonePower as a replacement VOIP service. I will aggregate & repost comments so that others can benefit from the wisdom of the crowd, if any. :) Thanks! --rick --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 26 12:20:45 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2012 13:20:45 -0400 Subject: [Infowarrior] - Tumblr offers 'plain English' ToS Message-ID: Tumblr offers new, annotated, reader-friendly, "plain English" terms of service. Bravo! http://www.tumblr.com/policy/en/terms_of_service --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 26 14:41:07 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2012 15:41:07 -0400 Subject: [Infowarrior] - SCOTUS throws out human gene patents Message-ID: <6CE2613D-FD3D-4071-96AC-BBBD5AD34964@infowarrior.org> High court throws out human gene patents The Supreme Court on Monday threw out a lower court ruling allowing human genes to be patented, a topic of enormous interest to cancer researchers, patients and drug makers. The Associated Press http://seattletimes.nwsource.com/html/politics/2017843142_apussupremecourtcancerpatentfight.html The Supreme Court on Monday threw out a lower court ruling allowing human genes to be patented, a topic of enormous interest to cancer researchers, patients and drug makers. The court overturned patents belonging to Myriad Genetics Inc. of Salt Lake City on two genes linked to increased risk of breast and ovarian cancer. Myriad's BRACAnalysis test looks for mutations on the breast cancer predisposition gene, or BRCA. Those mutations are associated with much greater risks of breast and ovarian cancer. The American Civil Liberties Union has been arguing that genes couldn't be patented, a position taken by a district court judge but overturned on appeal. The justices' decision sends the case back down for a continuation of the battle between the scientists who believe that genes carrying the secrets of life should not be exploited for commercial gain and companies that argue that a patent is a reward for years of expensive research that moves science forward. In 2010, a federal judge ruled that genes cannot be patented. U.S. District Judge Robert Sweet said he invalidated the patents because DNA's existence in an isolated form does not alter the fundamental quality of DNA as it exists in the body nor the information it encodes. But last year, a divided panel of the federal appeals court in Washington that handles patent cases reversed Sweet's ruling. The appeals court said genes can be patented because the isolated DNA has a "markedly different chemical structure" from DNA within the body. The Supreme Court threw out that decision, and sent the case back to the lower courts for rehearing. The high court said it sent the case back for rehearing because of its decision in another case last week saying that the laws of nature are unpatentable. In that case, the court unanimously threw out patents on a Prometheus Laboratories, Inc., test that could help doctors set drug doses for autoimmune diseases like Crohn's disease. "The question before us is whether the claims do significantly more than simply describe these natural relations," said Justice Stephen Breyer, who wrote the opinion in the Prometheus Laboratories case. "To put the matter more precisely, do the patent claims add enough to their statements of the correlations to allow the processes they describe to qualify as patent-eligible processes that apply natural law? We believe the answer to this question is no." The U.S. Patent and Trademark Office has been awarding patents on human genes for almost 30 years. Testing for mutations in the so-called BRCA genes has been around for just over a decade. Women with a faulty gene have a three to seven times greater risk of developing breast cancer and a higher risk of ovarian cancer. Men can also carry a BRCA mutation, raising their risk of prostate, pancreatic and other types of cancer. The mutations are most common in people of eastern European Jewish descent. Myriad Genetics Inc. sells the only BRCA gene test. The case is Association for Molecular Pathology v. Myriad Genetics, 11-725. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 26 14:41:33 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2012 15:41:33 -0400 Subject: [Infowarrior] - National Security Secrecy and Surveillance: Defending the Public's Right to Know Message-ID: <383AE3A8-3879-4CBA-B9D1-05694DB88E4D@infowarrior.org> (A Soros Foundation event, but interesting speaker lineup. --rick) National Security Secrecy and Surveillance: Defending the Public's Right to Know Location: OSI-New York Event Date: April 4, 2012 Event Time: 6:00 p.m. - 8:00 p.m. Speakers: Steven Aftergood, Nancy Chang, Thomas Drake, Jameel Jaffer, Jesselyn Radack, Tim Shorrock http://www.soros.org/initiatives/usprograms/focus/security/events/national-security-secrecy-and-surveillance-20120404 The scale of government secrecy and surveillance has surpassed all previous boundaries?especially in the national security arena, where the budgets, size and scope of intelligence agencies have ballooned since 9/11. Unprecedented secrecy is largely evading traditional oversight mechanisms, leaving policy makers, the media, and the public in the dark. What impact are secret governmental operations having on our democratic processes, and are the decisions that are being made behind closed doors helping or harming our national security? What tools are available to penetrate this secrecy, foster a new culture of government accountability, and impose enforceable constraints on intrusive surveillance of innocent Americans? These questions will be explored by a distinguished panel consisting of high-profile government whistleblowers, key plaintiffs and litigators from headline Freedom of Information Act cases, and expert journalists who have followed the evolution of the national security state for years. Each will offer insights informed by their own direct encounters with national security secrecy and surveillance. Speakers ? Steven Aftergood, Senior Research Analyst at the Federation of American Scientists, will moderate ? Nancy Chang, OSF National Security & Human Rights Campaign Manager, will introduce the panel ? Thomas Drake, National Security Agency (NSA) whistleblower ? Jameel Jaffer, ACLU Deputy Legal Director & Center for Democracy Director ? Jesselyn Radack, National Security & Human Rights Director at the Government Accountability Project, and Department of Justice whistleblower ? Tim Shorrock, Investigative journalist and the author of Spies For Hire: The Secret World of Intelligence Outsourcing --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Mon Mar 26 19:26:06 2012 From: rforno at infowarrior.org (Richard Forno) Date: Mon, 26 Mar 2012 20:26:06 -0400 Subject: [Infowarrior] - Gun-shy TSA gets critic booted from Congressional panel Message-ID: <0C425EC4-0486-4978-B36A-00DB042CE50E@infowarrior.org> Gun-shy TSA gets critic booted from Congressional panel By Timothy B. Lee | Published about 2 hours ago http://arstechnica.com/tech-policy/news/2012/03/gunshy-tsa-gets-critic-booted-from-congressional-panel.ars Bruce Schneier, the security expert who coined the term "security theater" to describe the Transportation Security Agency's airport screening procedures, was uninvited from speaking on a Monday Congressional panel at the insistence of the TSA. In a blog post, Schneier reports that he had been officially scheduled to appear at a hearing sponsored by the House Committee on Oversight and Government Reform, but received word on Friday that he had been removed from the witness list. "The excuse was that I am involved in a lawsuit against the TSA, trying to get them to suspend their full-body scanner program," Schneier wrote. "But it's pretty clear that the TSA is afraid of public testimony on the topic, and especially of being challenged in front of Congress." This is not the first time the TSA has engaged in brinksmanship to avoid having to appear on a panel alongside its critics. The TSA abruptly canceled a planned appearance before the same committee last year. The agency objected to sitting alongside a representative of EPIC, a privacy group that also had a pending lawsuit against the TSA. The TSA's refusal to participate at last year's hearing prompted a public rebuke from subcommittee chairman Jason Chaffetz. The TSA eventually backed down and agreed to appear on a separate panel following the other scheduled testimony. This year, the TSA's threats apparently worked. Schneier's name still appears on the official page for the hearing, but it is crossed out. The TSA "wants to control the story, and it's easier for them to do that if I'm not sitting next to them pointing out all the holes in their position," Schneier wrote on Monday. With Schneier booted from the panel, the remaining witnesses were all representatives of the Obama administration: two TSA officials, an admiral from the Coast Guard, and a member of the Government Accountability Office. The TSA's efforts to "control the story" were not completely successful. Darrell Issa, chairman of the Oversight Committee, read a selection of 350 comments about the TSA submitted via Facebook. A marine complained that when he traveled in uniform he was "forced to remove his trousers in full view of passengers because the shirt stays beneath them were scaring a TSA employee." Others with disabilities and medical devices complain of being groped by TSA officials. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 27 06:32:25 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Mar 2012 07:32:25 -0400 Subject: [Infowarrior] - Why you can't sue your wireless carrier in a class action Message-ID: Why you can't sue your wireless carrier in a class action Millions of wireless subscribers probably don't realize that since a U.S. Supreme Court decision last year, consumers can no longer file class action suits against their carriers. http://news.cnet.com/8301-30686_3-57403475-266/why-you-cant-sue-your-wireless-carrier-in-a-class-action/?part=rss&subj=news&tag=title --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 27 06:35:16 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Mar 2012 07:35:16 -0400 Subject: [Infowarrior] - Sweary tweet gets student expelled from school Message-ID: <555D8A79-1521-4ECF-9C5B-29FA4F628023@infowarrior.org> Sweary tweet gets student expelled from school, but should his account have been monitored in the first place? By Andy Boxall | Digital Trends ? 1 hr 9 mins ago http://news.yahoo.com/sweary-tweet-gets-student-expelled-school-account-monitored-102407235.html An expletive-laden tweet has seen a student expelled from his high school in Indiana. Austin Carroll made the mistake of posting a fairly well-known phrase to his personal Twitter account as a joke, but it included liberal use of the third in George Carlin?s ?Filthy Words? list. You know, the one beginning with F. So how did his school find out? Did his teachers follow him, or was it thanks to a complaint made by a fellow student who was offended by the tweet? Neither actually, as the school revealed it monitors all tweets made by students, and claims Austin posted the message in question during school hours via a school computer. He denies this however, saying it was made during his own time and on his own computer. An article published in an online local newspaper suggests this wasn?t the first time Carroll had been in trouble for posting messages on Twitter that the school deemed ?obscene,? or for other disruptions; proving there?s always more to this type of story than initially meets the eye. Social network monitoring However, his expulsion isn?t what?s interesting here ? it?s the fact that the school actively tracks its student?s Twitter accounts, then acts on messages it deems inappropriate. Plus, if it tracks Twitter activity, does it also monitor Facebook and other sites too? A wide range of tools for monitoring social networking activity are available, some of which primarily track a company?s brand and reactions to media campaigns, while others ensure athletes aren?t about to bring down the team or fix a future game. Most of these work without password access to the accounts, and certainly in the case of Mr. Carroll, his Twitter account was publicly viewable. While the thought of anyone ?spying? on our online activities is unpleasant, is a school checking its students social networking activities always a breach of privacy or worse, our freedom of speech? Schools will no doubt argue that it?s not, and could potentially allow them to do some good, such as identify cases of online bullying or genuine illegal activity. Schools ? and employers too ? are aware they can gain considerable insight into our personalities by seeing how we communicate online. It was recently revealed that the University of North Carolina has a section in its handbook recommending there be a designated person for checking sports team members? online activities, and warns that other teachers may also be watching too. Online etiquette training Of course, watching publicly available activity is very different from requesting passwords to accounts, an activity of which Facebook takes a particularly dim view, but the two are linked in a one way ? how we conduct ourselves online. As our online lives become more complex and further entwined with our ?real life,? especially for anyone at school or college, perhaps instead of spying on activities and waiting to pounce on a problem or alleged indiscretion, a preferable alternative should be for schools to educate about how to behave online. Social media expert Dr. William J. Ward, A.K.A. DR4WARD, has long pushed for some form of social media etiquette training, primarily in the workplace, but his theories apply just as well to schools too. If it was explained to young people ? by someone who knows what they?re talking about and is independent from the school system ? that posting everything that pops into their heads, no matter whether it?s a ?joke? or not, isn?t always a good thing; then situations such as Carroll?s may not arise quite so frequently. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Tue Mar 27 09:55:47 2012 From: rforno at infowarrior.org (Richard Forno) Date: Tue, 27 Mar 2012 10:55:47 -0400 Subject: [Infowarrior] - Is this greed or sensible protection? Message-ID: Mother Seeks Trayvon Martin Trademarks http://www.thesmokinggun.com/documents/trayvon-martin-trademarks-769123 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 28 14:46:11 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Mar 2012 15:46:11 -0400 Subject: [Infowarrior] - more on... RFI: Ooma v PhonePower Message-ID: <47B976C4-A891-4152-95D0-6ED61893E242@infowarrior.org> Only 1 response thus far, but I'm passing it along as promised. -- rick I tired of Vonage's increasing cost, so researched Ooma as my annual renewal date approached. I purchased the Ooma Telo at Costco for around $180. I wasn't sure if I'd need to also buy their handsets to make everything work, but it turned out the transition from Vonage couldn't have been much easier. I have all of my house phone jacks plugged into a little box from Radio Shack that terminates in a single RJ-11 plug. I removed that from the Vonage box and plugged it into the Ooma box along with a network connection and power (i.e., I swapped the Vonage box for the Ooma box). After I rebooted my network, I got dial tone (or maybe it was after I activated the box at their portal; I can't remember for sure, so it must not have been too traumatic). You can opt-out of their deluxe service via the portal now. Quality is the same or better than Vonage. I got Ooma in January and still have not seen a charge for taxes or anything else. I only have a few months of use in, but at this point I'd highly recommend Ooma. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 28 19:10:56 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Mar 2012 20:10:56 -0400 Subject: [Infowarrior] - Garbage Collectors Around the U.S. Trained to Report Suspicious Activity Message-ID: <4E8437CE-7050-4040-BC37-2D3EC0B2FDE5@infowarrior.org> Garbage Collectors Around the U.S. Trained to Report Suspicious Activity March 28, 2012 in Featured http://publicintelligence.net/garbage-collectors-around-the-u-s-trained-to-report-suspicious-activity/ A 2008 report from KOMO news in Seattle provides an overview of the Waste Watch program. Public Intelligence Several newspapers in southern Florida are reporting that trash collectors are receiving training from their employer Waste Management to work with local law enforcement to report crimes and other suspicious activities. The training is part of a program called Waste Watch that is designed to leverage the fact that ?drivers are familiar with their routes and are in the same neighborhoods every day? which ?puts them in the unique position to spot unusual activity and anything out of the ordinary.? Press releases from Waste Management describe the program as a way of opening ?channels of communication with the authorities to help keep them informed and alert of what?s happening in their city?s streets and alleys.? Waste Watch training sessions are conducted by former FBI agents in association with security representatives from Waste Management. The program has been operating since 2004 when it was first introduced by Waste Management?s Corporate Security Services and Community Relations offices. Waste Watch operates in more than 100 communities around the country including Utah, New York, Nevada, South Carolina, California, Oregon, Michigan, Washington and Florida. There is little public information available on the program or the content of training material presented to Waste Watch participants. Given the recent proliferation of programs dedicated to promoting suspicious activity reporting, more information is needed on the program?s guidelines for detecting and reporting suspicious activity. FBI flyers designed to promote suspicious activity reporting have listed actions like insisting on paying cash or trying to cover one?s computer screen as evidence of potential terrorist activity. A similar guide produced by the New Jersey Office of Homeland Security and Preparedness listed yawning and repeatedly touching one?s face as suspicious activities. The Waste Watch program does seem to have produced some positive results, including helping to catch vandals or petty thieves. In 2008 the program was awarded the ?Award of Excellence in the Neighborhood Watch? by the National Sheriff?s Association. While encouraging citizens and businesses to look out for criminal activity is a worthwhile cause, the recent proliferation of programs for reporting suspicious activity has raised concerns from civil liberties groups about the potential for turning citizens and business owners into effective spies on their neighbors and customers. The Department of Homeland Security?s ?If You See Something, Say Something? program has greatly expanded in the last few years by partnering with the NBA, MLB, NFL, MLS, NCAA, religious organizations, hotel television providers and even Walmart to promote suspicious activity reporting. Fusion centers and cities around the country are creating websites and phone applications to help citizens report suspicious activity, complete with photographs and geolocation information. However, the ?Waste Watch? program extends citizen surveillance one step further by leveraging the manpower of the country?s largest waste collection company to look not just for suspicious activity, but for ?anything out of the ordinary.? --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Wed Mar 28 19:16:07 2012 From: rforno at infowarrior.org (Richard Forno) Date: Wed, 28 Mar 2012 20:16:07 -0400 Subject: [Infowarrior] - OT: Muppets vs. Goldman Sachs Message-ID: <368BE42E-1FFE-4B43-8856-3ADCAF24DAD8@infowarrior.org> Audio NSFW. Muppets vs. Goldman Sachs http://www.thereformedbroker.com/2012/03/28/muppets-vs-goldman-sachs/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 29 07:44:32 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Mar 2012 08:44:32 -0400 Subject: [Infowarrior] - More TSA humiliation Message-ID: <11BAA42B-E4E5-4FC5-BED1-3A7CDA7211B0@infowarrior.org> Yes, Thugs with Statutory Authority are really hiring some winners to keep us safe. #fail TSA officers charged with trashing South Beach hotel room, shooting gun http://www.miamiherald.com/2012/03/28/2718902/tsa-employees-charged-with-trashing.html#storylink=cpy TSA Manager Arrested for Running Prostitution Ring http://www.myfoxdc.com/dpp/news/local/tsa-manager-arrested-for-running-prostitution-ring-032812#ixzz1qRISaevM --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 29 13:13:38 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Mar 2012 14:13:38 -0400 Subject: [Infowarrior] - Harms of Post-9/11 Airline Security Message-ID: (c/o fergdawg) Harms of Post-9/11 Airline Security As I posted previously, I have been debating former TSA Administrator Kip Hawley on the Economist website. I didn't bother reposting my opening statement and rebuttal, because -- even though I thought I did a really good job with them -- they were largely things I've said before. In my closing statement, I talked about specific harms post-9/11 airport security has caused. This is mostly new, so here it is, British spelling and punctuation and all. < - > http://www.schneier.com/blog/archives/2012/03/harms_of_post-9.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Thu Mar 29 21:49:26 2012 From: rforno at infowarrior.org (Richard Forno) Date: Thu, 29 Mar 2012 22:49:26 -0400 Subject: [Infowarrior] - The History Of Sealand, HavenCo And Why Protecting Your Data Needs More Than Being In International Waters Message-ID: <1BF3DB0C-AB65-429B-A604-F96678057E83@infowarrior.org> The History Of Sealand, HavenCo And Why Protecting Your Data Needs More Than Being In International Waters from the fascinating-read dept If you were around tech/cypherpunk circles a dozen years ago, you surely remember Sealand and HavenCo (some people incorrectly assume that the two were one and the same, rather than just connected). There was, of course, the famous Wired cover story by Simson Garfinkel, which is still a fun read. The whole thing collapsed pretty spectacularly (or, depending on your perspective, with a whimper) a few years later. There were many reasons why, and law professor James Grimmelmann has put together an amazing, detailed and fun-to-read history of Sealand and HavenCo (pdf) in the form of an 80-page paper for the Illinois Law Review. However, if reading 80-pages seems like a bit much, he's also put together a shorter version for Ars Technica that is worth the read (though it may lead you to just reading the full version anyway). < - > http://www.techdirt.com/articles/20120328/03262618271/history-sealand-havenco-why-protecting-your-data-needs-more-than-being-international-waters.shtml --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 30 06:55:32 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2012 07:55:32 -0400 Subject: [Infowarrior] - Schneier-v-Hawley on TSA (Economist debate) Message-ID: <47A799B1-B9A3-4AE4-8EBC-FB8D8E62859B@infowarrior.org> https://www.economist.com/debate/days/view/822 < - > As this debate begins its final descent, victory for the proposer, Bruce Schneier, looks certain. The vast majority of voters have agreed with him that the harm done by modern-day airport security outweighs its good. Commenters have written about the humiliation, stress and anger that accompany their experiences at the airport. "I'd much rather have less hassle and higher risk," said one. Many accede to that view. Mr Schneier expands on the harms attributable to modern airport security in his closing statement. It has led, he says, to a loss of trust, physical harm, economic losses, a loss of liberty and an increase in fear. The last of these is particularly notable in the context of a system designed to contain terrorism, because governments that make passengers scared "effectively do the terrorists' job for them". Kip Hawley's closing statement does not entirely refute such allegations. He knows that "[A]irport security now drives everybody crazy with frustration," and he has noted previously that change is needed in a system that has ended up stacking different security processes on top of one another. But he insists that airport security does still catch the bad guys. In his closing statement he gives an example of how the threat from a potential bomber was resolved with the application of intelligence information together with modern security procedures. < - > https://www.economist.com/debate/days/view/822 --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 30 07:08:41 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2012 08:08:41 -0400 Subject: [Infowarrior] - Another Financial WMD Message-ID: Very interesting reading; as opposed to "vanilla" stock or index options, such complicated derivatives -- in this case, ETNs -- indeed are "weapons of mass destruction" that average investors have no business being involved with, unless you truly know what you're doing & getting involved with. (And most don't) -- rick Credit Suisse Opened Volatility Bets to Small Investors By Christopher Condon and Matt Robinson - Mar 30, 2012 12:00 AM ET http://www.bloomberg.com/news/2012-03-30/credit-suisse-opened-volatility-bets-to-small-investors.html March 30 (Bloomberg) -- Michael Gamble, a 67-year-old retiree, doubled down on a volatility exchange-traded note backed by Credit Suisse Group AG last week as it declined to a record low price. ?When it started to fall, I bought more because I couldn?t believe how low it was going,? he said in a telephone interview. ?I didn?t realize I was playing with a hand grenade.? Gamble, who lives in Frisco, Texas, didn?t know the product was trading at a premium to its targeted value, a rare event for ETNs, or that institutional investors were selling the notes short on a bet they would fall. The note tumbled by more than 50 percent on March 22 and March 23, costing Gamble about $20,000. The crash calls attention to the way many ETNs, which are more complex and risky than exchange-traded funds, open the door to markets where individual investors normally can?t venture without brokerage approval. It also may sour small investors on exchange-traded products, an industry that has grown to almost $1.2 trillion in U.S. assets because of the popularity of low- cost ETFs. ?ETPs are one of the great success stories of marketing by creating a new name and new brand,? said Mercer Bullard, an associate professor of law at the University of Mississippi and founder of the advocacy group Fund Democracy Inc. ?Now the non- fund ETPs are undermining the ETF brand.? < - snip - > http://www.bloomberg.com/news/2012-03-30/credit-suisse-opened-volatility-bets-to-small-investors.html --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 30 07:26:09 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2012 08:26:09 -0400 Subject: [Infowarrior] - Rumours: Microsoft, Sony looking to kill used games market Message-ID: Rumours: Microsoft, Sony looking to kill used games market posted by Thom Holwerda on Wed 28th Mar 2012 22:29 UTC http://www.osnews.com/story/25752/Rumours_Microsoft_Sony_looking_to_kill_used_games_market The rumour mill for the next generation of video game consoles has been churning out some juicy stuff these past few months. While Nintendo has laid most of its cards out on the table, Microsoft and Sony have remained tight-lipped, probably because their consoles are still seeing increased sales. So, we have to rely on rumours, and those rumours have one thing in common: Microsoft and Sony want to eliminate the used games market. Many games studios have been hard at work trying to find ways to screw over people who buy used games. We've seen countless cases of launch-day downloadable content, for instance; parts of finished games are locked away behind codes you can only use once. Buy the game used, and you have to pay for new codes to unlock the missing parts. Another new staple of console gaming: codes that unlock multiplayer. I had to enter four Windows serial key-sized codes when starting up Kingdoms Of Amalur: Reckoning. Using a controller. All this is being done to address the "problem" of used games sales. Companies that sell used games, like GameStop in the US or GameMania here in The Netherlands (thank god for GameMania), are doing very well, and it's easy to see why: I'm an avid gamer, but at ?60 a pop, I'm only willing to buy 3-4 games new each year. Most games are simply not worth that hefty price tag, so I'd much rather wait until they hit the used market, usually only a few weeks after release. The "problem" is that games studios and distributors do not benefit from these used games sales. Adopting RIAA-Logic?, the games industry equates every used games sale as a lost new game sale, and as such, we're actually pirates, just without the ability to legally or morally declare us so. This "problem" is something they want to address. And thus, the rumours around the next PlayStation and the next Xbox all talk of measures to disallow used games sales. The latest round of rumours about the next PlayStation state that Sony wants to tie every game you buy to your PSN account, making it impossible to sell them on, effectively killing the used games market. It could be that buying a used game will have it locked in a trial mode, unlockable to the full version for a fee. On top of that, it would also kill the ability to loan games to friends - something I regularly do. If a friend buys a game I'm not willing to spend money on but still want to play, I just borrow it instead. These new rumoured measures would make that impossible. Of course, the future of console gaming is digital distribution only, much like current mobile games, which would also kill all these abilities. We're pretty much at a crossroads in console gaming, and if Microsoft and Sony really do feel comfortable enough to obliterate game borrowing and the used games market with the next generation of consoles, I will most likely just start PC gaming instead. Aside from this bit of information about the next PlayStation, Kotaku also has some preliminary specifications: it's got an AMD x86 processor (yup, no backwards compatibility), and an AMD Southern Islands GPU, capable of hitting 4096x2160 pixels. Developer kits have already been sent out, including updated kits. It's supposed to be released during the holiday season in 2013. Both these rumours and the rumours about the next Xbox give, in my opinion, credence to the rumours that Valve is working on a hardware project of its own - probably a set of minimum regular PC specifications developers can target. Valve has been trying to get Steam onto consoles, and while it has seen some success with this on the PS3, the Xbox remains completely elusive due to Microsoft's reticence. While Valve is denying these rumours - very, very vaguely with lots of wiggle room and weasel words - it wouldn't surprise me at all that Valve is thinking about and working on some sort of project to compete directly with Sony and Microsoft. Even heavier locked-down consoles limit Steams growth potential, something Valve could address with relatively cheap, pre-configured Steam PCs, ready to be hooked up to TVs and with nice controllers. Valve, please do it. But first, release Cold Stream for us Xbox peasants already, damnit. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 30 07:57:55 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2012 08:57:55 -0400 Subject: [Infowarrior] - Engineers rebuild HTTP as a faster Web foundation Message-ID: <63887840-546C-4268-9284-D8348E0B0CCE@infowarrior.org> Engineers rebuild HTTP as a faster Web foundation The formal process of speeding up Hypertext Transfer Protocol is under way with proposals from Google, Microsoft, and others. There are differences -- but common ground, too. < - > http://news.cnet.com/8301-30685_3-57406904-264/engineers-rebuild-http-as-a-faster-web-foundation/ --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 30 08:53:10 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2012 09:53:10 -0400 Subject: [Infowarrior] - OT: 'Yes, Prime Minister' to be rebooted after 24 years Message-ID: At least the original writers are onboard, so I am holding out quiet optimism for this series, but still love the original. --- rick Yes, Prime Minister resumes office in coalition with Gold after 24 year hiatus http://uktv.co.uk/network/item/aid/651673 UKTV?s flagship comedy channel, Gold, has commissioned the return of Yes, Prime Minister (6 x 40 mins) in a brand new series which will see the Rt. Hon Jim Hacker back in office as PM, leading a coalition government confronting the greatest economic crisis in a generation, European economies going down the toilet, a tempting energy deal from an unusual source, a leadership crisis with his coalition partners, a Scottish independence referendum and the greatest moral dilemma he has ever faced. The lauded satire, with new episodes produced by BBC Productions exclusively for Gold, will return in a contemporary setting, scripted by the original writing team, Jonathan Lynn and Antony Jay, and based on their hit play. This is the first commission to follow Gold?s announcement that it will inject ?double-digit millions? into original content as it seeks to add to its ?crown jewels of comedy? schedule in 2012, its 20th year on air. The ultimately powerful but beleaguered Prime Minister Jim Hacker - assisted by his impenetrably loquacious advisor Sir Humphrey Appleby and Principal Private Secretary, Bernard Woolley - were last seen on screen in 1988 in the BAFTA winning series that was, famously, the favourite comedy of then incumbent Prime Minister, Margaret Thatcher. The series garnered high critical acclaim and influenced latter satirical writers and performers such as Stephen Fry and Armando Iannucci. UKTV?s Director of Commissioning, Jane Rogerson commented, ?The political landscape in Britain today is the perfect setting for Yes, Prime Minister to return. I?m thrilled that Gold has enticed Jonathan Lynn and Antony Jay to pen a brand new series, and can?t wait to see this constitutional treasure back on screens across the country.? Steve North, General Manager, Gold, added, ?Gold is making a great investment into iconic and original British programming and what better place to start than with the timely return of the nation?s greatest satire: Yes, Prime Minister. I?m a huge fan of the original and it?s a real treat to be able to bring this utterly brilliant series to a whole new generation?. Mark Freeland, Head of BBC In-House Comedy said: ?The much extended tour of Yes, Prime Minister in theatres up and down the country proved that this iconic comedy has lost none of its satirical bite. The one-liners hit home like the crack of the Whip. BBC In House Comedy is delighted to team up with Gold to bring this classic back to our screens with all new episodes?. Yes, Prime Minister has been commissioned by UKTV?s Director of Commissioning, Jane Rogerson, and ordered by Gold?s General Manager, Steve North. Executive Producer for Gold will be Sarah Fraser. For more information, please contact: Zoe Clapp, Head of Communications ? 020 7299 6259 / zoe.clapp at uktv.co.uk Laura McTurk, Publicity Manager, Entertainment, 020 7299 6261 / laura.mcturk at uktv.co.uk @uktv_press --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 30 21:37:24 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2012 22:37:24 -0400 Subject: [Infowarrior] - video: The Rise of the HFT Machines Message-ID: <34F4066E-7F25-43A6-AA51-3B1178754276@infowarrior.org> Nanex ~ The Rise of the HFT Machines The following animated GIF chronicles the rise of the HFT Algo Machines from January 2007 through January 2012....It gets *really* scary by the end of 2011. http://www.nanex.net/aqck/2804.HTML --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Fri Mar 30 21:43:37 2012 From: rforno at infowarrior.org (Richard Forno) Date: Fri, 30 Mar 2012 22:43:37 -0400 Subject: [Infowarrior] - =?windows-1252?q?=93Zero-day=94_exploit_sales_sho?= =?windows-1252?q?uld_be_key_point_in_cybersecurity_debate?= Message-ID: <5DE0940C-9720-4078-9AB6-E2335D305228@infowarrior.org> March 29, 2012 | By Marcia Hofmann and Trevor Timm https://www.eff.org/deeplinks/2012/03/zero-day-exploit-sales-should-be-key-point-cybersecurity-debate ?Zero-day? exploit sales should be key point in cybersecurity debate Last week, Forbes? Andy Greenberg investigated a dangerous but largely underreported problem in Internet security: the sale of zero-day exploits to customers not intending to fix the flaws. Zero-day exploits are hacking techniques that take advantage of software vulnerabilities that haven?t been disclosed to the developer or the public. Some companies have built successful businesses by discovering security flaws in software such as operating systems and popular browsers like Google Chrome and Microsoft Internet Explorer, and then selling zero-day exploits to high-paying customers?which are often governments. France-based VUPEN is one of the highest-profile firms trafficking in zero-day exploits. Earlier this month at the CanSecWest information security conference, VUPEN declined to participate in the Google-sponsored Pwnium hacking competition, where security researchers were awarded up to $60,000 if they could defeat the Chrome browser?s security and then explain to Google how they did it. Instead, VUPEN?sitting feet away from Google engineers running the competition?successfully compromised Chrome, but then refused to disclose their method to Google to help fix the flaw and make the browser safer for users. ?We wouldn?t share this with Google for even $1 million,? said VUPEN founder Chaouki Bekrar. ?We don?t want to give them any knowledge that can help them in fixing this exploit or other similar exploits. We want to keep this for our customers.? VUPEN, which also ?pwned? Microsoft?s Internet Explorer, bragged it had an exploit for ?every major browser,? as well as Microsoft Word, Adobe Reader, and the Google Android and Apple iOS operating systems. While VUPEN might be the most vocal, it is certainly not the only company selling high-tech weaponry on the zero-day exploit market. Established U.S. companies Netragard, Endgame, Northrop Grumman, and Raytheon are also in the business, according to Greenberg. He has also detailed a price list for various zero-day exploits, with attacks for popular browsers selling for well over $100,000 each and an exploit for Apple?s iOS going for a quarter million. But who exactly are these companies selling to? No one seems to really know, at least among people not directly involved in these clandestine exploit dealings. VUPEN claims it only sells to NATO governments and ?NATO partners.? The NATO partners list includes such Internet Freedom-loving countries as Belarus, Azerbaijan, Ukraine, and Russia. But it?s a safe bet, as even VUPEN?s founder noted, that the firm?s exploits ?could still fall into the wrong hands? of any regime through re-selling or slip-ups, even if VUPEN is careful. Another hacker who goes by the handle ?the Grugq? says he acts as a middleman for freelance security researchers and sells their exploits to many agencies in the U.S. government. He implies the only reason he doesn?t sell to Middle Eastern countries is they don?t pay enough. Regardless of who the buyers are, any security researcher selling zero-day exploits to those who take advantage of vulnerabilities rather than fixing the software is responsible for making the Internet less secure for users. The existence of a marketplace for such transactions does not legitimize the practice, and security researchers should never turn a blind eye to their ethical responsibility to help improve technology. We should help ensure the Internet promotes freedom and safety, and is not a system to control and oppress. The governments who buy zero-day exploits also bear responsibility here. The administration has repeatedly warned of a crippling cyber-attack to our infrastructure and Congress is in the midst of debating an expansive new "cybersecurity" bill that, as EFF previously explained, will likely invade users? privacy in the name of promoting Internet security. Yet the sale and use of exploits that leave ordinary users of popular software vulnerable?a real cybersecurity threat?remains unmentioned in this cybersecurity debate. The U.S. government has the ability to make us more secure right now with no new legislation. Anyone?including the U.S. government?who has knowledge of security vulnerabilities should notify the affected companies and help fix the problems. Keeping flaws under wraps makes millions of Internet users less safe. If exploits are used to conduct attacks on network infrastructure, either in other countries or the U.S., those who sell exploits could be complicit in such acts. A good cybersecurity discussion would address this issue head-on. If the U.S. government is serious about securing the Internet, any bill, directive, or policy related to cybersecurity should work toward ensuring that vulnerabilities are fixed, and explicitly disallow any clandestine operations within the government that do not further this goal. Unfortunately, if these exploits are being bought by governments for offensive purposes, then there is pressure to selectively harden sensitive targets while keeping the attack secret from everyone else, leaving technology?and its users?vulnerable to attack. As EFF has stated previously, this is "security for the 1%," and it makes the rest of us less safe. --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 31 18:47:27 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 Mar 2012 19:47:27 -0400 Subject: [Infowarrior] - With GPS Data Out, Feds Eye Warrantless Cell Phone Surveillance Message-ID: <8E612C6B-7A37-4593-9B9D-A24AEA7E3576@infowarrior.org> With GPS Data Out, Feds Eye Warrantless Cell Phone Surveillance ? By David Kravets ? Email Author ? March 31, 2012 | ? 5:13 pm | Prosectors are shifting their focus to warrantless cell-tower locational tracking of suspects in the wake of a Supreme Court ruling that law enforcement should acquire probable-cause warrants from judges to affix GPS devices to vehicles and monitor their every move, according to court records. The change of strategy comes in the case the justices decided in January, when it reversed the life sentence of a District of Columbia area drug dealer, Antoine Jones, who was the subject of 28 days of warrantless GPS surveillance via a device the FBI secretly attached to his vehicle without a warrant. In the wake of Jones? decision, the FBI has pulled the plug on 3,000 GPS tracking devices. In a Friday filing in pre-trial proceedings of Jones retrial, Jones attorney? said the government has five months worth of a different kind of locational tracking information on his client: So-called cell-site information, obtained without a warrant, chronicling where Jones was when he made and received mobile phone calls in 2005. ?In this case, the government seeks to do with cell site data what it cannot do with the suppressed GPS data,? attorney Eduardo Balarezo wrote (.pdf) U.S. District Judge Ellen Huvelle. < - > http://www.wired.com/threatlevel/2012/03/feds-move-to-cell-site-data --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it. From rforno at infowarrior.org Sat Mar 31 21:17:18 2012 From: rforno at infowarrior.org (Richard Forno) Date: Sat, 31 Mar 2012 22:17:18 -0400 Subject: [Infowarrior] - DHS Will Now Vet UK Air Passengers To Mexico, Canada, Cuba Message-ID: <27900672-BD85-4F12-A909-6D055200353C@infowarrior.org> Planning a trip to Canada or the Caribbean? US Immigration may have other ideas... New security checks are already in place ? even for flights hundreds of miles from American airspace Simon Calder Monday 26 March 2012 http://www.independent.co.uk/travel/news-and-advice/planning-a-trip-to-canada-or-the-caribbean-us-immigration-may-have-other-ideas-7584912.html One million British travellers planning to fly to Canada, the Caribbean and Mexico this year face the risk of being turned away at the airport ? at the insistence of the US Department of Homeland Security. New rules require British Airways and other airlines flying to certain airports outside America to submit passengers' personal data to US authorities. The information is checked against a "No Fly" list containing tens of thousands of names. Even if the flight plan steers well clear of US territory, travellers whom the Americans regard as suspicious will be denied boarding. Simon Hughes, the deputy leader of the Liberal Democrats, told The Independent: "The concern by the US for its own security is entirely understandable, but it seems to me it's a whole different issue that American wishes should determine the rights and choices of people travelling between two countries neither of which is the US." For several years, every US-bound passenger has had to provide Advance Passenger Information (API) before departure. Washington has extended the obligation to air routes that over-fly US airspace, such as Heathrow to Mexico City or Gatwick to Havana. Now the US is demanding passengers' full names, dates of birth and gender from airlines, at least 72 hour before departure from the UK to Canada. The initial requirement is for flights to Toronto, Ottawa, Montreal and the Nova Scotia capital, Halifax ? 150 miles from the nearest US territory. A similar stipulation is expected soon for the main airports in western Canada, Vancouver and Calgary. Any passenger who refuses to comply will be denied boarding. Those who do supply details may find their trip could be abruptly cancelled by the Department of Homeland Security, which says it will "ake boarding pass determinations up until the time a flight leaves the gate ... If a passenger successfully obtains a boarding pass, his/her name is not on the No Fly list." In other words, travellers cannot find out whether they will be accepted on board until they reach the airport. Canadian Affair, the leading charter operator between Britain and Canada, began supplying the data a week ago and 13,500 of its clients have complied with the demands. None has so far refused to provide the information and no one has been refused boarding. Air Canada and British said they would comply with any new rules and The Independent understands that they will join the scheme in April. Flights to Mexico and Cuba - the Caribbean island closest to the US ? are also included. The US will have full details of all British visitors to Cuba, including business travellers, which could potentially be used to identify people suspected of breaking America's draconian sanctions against the Castro regime. Neil Taylor, a tour operator who pioneered tourism to Cuba, said: "Imagine if the Chinese were to ask for such data on all passengers to Taiwan, and similarly if the Saudis were to ask about flights to Israel ? would the US government understand? "One also has to wonder how an American traveller in Europe would react if he were denied boarding on a flight from London to Rome because the German government had not received sufficient data from him." Tony Wheeler, founder of Lonely Planet travel guides, said "This extension of the rule to include flights that never enter US airspace is scarcely credible. What on earth right does the US have to ask for passenger information if you're flying London-Havana?" NOW BOARDING: WHO IS AFFECTED? 725,000: Number of British visitors to Canada each year. Airports affected: Ottawa, Toronto, Montreal and Halifax 300,000: Number of British visitors to Mexico each year. Airports affected: Mexico City and Cancun 160,000: Number of British visitors to Cuba each year. Airports affected: Havana, Varadero and Holguin --- Just because i'm near the punchbowl doesn't mean I'm also drinking from it.